diff options
| author | Tobias Brunner <tobias@strongswan.org> | 2016-11-16 17:12:33 +0100 |
|---|---|---|
| committer | Tobias Brunner <tobias@strongswan.org> | 2017-02-16 19:23:51 +0100 |
| commit | ed105f45afca41b4e445c18f24f219352a4c6ef0 (patch) | |
| tree | ad00aa9fbf1f38fff645ea2a281ac1d5263c089c | |
| parent | 3bedf10b25fe8d5241709a446b3e1faffdc79b01 (diff) | |
| download | strongswan-ed105f45afca41b4e445c18f24f219352a4c6ef0.tar.bz2 strongswan-ed105f45afca41b4e445c18f24f219352a4c6ef0.tar.xz | |
vici: Add support for NT Hash secrets
Fixes #1002.
| -rw-r--r-- | src/libcharon/plugins/vici/vici_cred.c | 4 | ||||
| -rw-r--r-- | src/swanctl/commands/load_creds.c | 4 | ||||
| -rw-r--r-- | src/swanctl/swanctl.opt | 22 |
3 files changed, 29 insertions, 1 deletions
diff --git a/src/libcharon/plugins/vici/vici_cred.c b/src/libcharon/plugins/vici/vici_cred.c index 04a13b4fa..c8d71138c 100644 --- a/src/libcharon/plugins/vici/vici_cred.c +++ b/src/libcharon/plugins/vici/vici_cred.c @@ -339,6 +339,10 @@ CALLBACK(load_shared, vici_message_t*, { type = SHARED_EAP; } + else if (strcaseeq(str, "ntlm")) + { + type = SHARED_NT_HASH; + } else { return create_reply("invalid shared key type: %s", str); diff --git a/src/swanctl/commands/load_creds.c b/src/swanctl/commands/load_creds.c index 126b61e64..836017893 100644 --- a/src/swanctl/commands/load_creds.c +++ b/src/swanctl/commands/load_creds.c @@ -583,6 +583,7 @@ static bool load_secret(load_ctx_t *ctx, char *section) char *types[] = { "eap", "xauth", + "ntlm", "ike", "private", "rsa", @@ -605,7 +606,8 @@ static bool load_secret(load_ctx_t *ctx, char *section) fprintf(stderr, "ignoring unsupported secret '%s'\n", section); return FALSE; } - if (!streq(type, "eap") && !streq(type, "xauth") && !streq(type, "ike")) + if (!streq(type, "eap") && !streq(type, "xauth") && !streq(type, "ntlm") && + !streq(type, "ike")) { /* skip non-shared secrets */ return TRUE; } diff --git a/src/swanctl/swanctl.opt b/src/swanctl/swanctl.opt index 327b8971d..8ddc9f750 100644 --- a/src/swanctl/swanctl.opt +++ b/src/swanctl/swanctl.opt @@ -831,6 +831,28 @@ secrets.eap<suffix>.id<suffix> = be specified, each having an _id_ prefix, if a secret is shared between multiple users. +secrets.ntlm<suffix> { # } + NTLM secret section for a specific secret. + + NTLM secret section for a specific secret. Each NTLM secret is defined in + a unique section having the _ntlm_ prefix. NTLM secrets may only be used for + EAP-MSCHAPv2 authentication. + +secrets.ntlm<suffix>.secret = + Value of the NTLM secret. + + Value of the NTLM secret, which is the NT Hash of the actual secret, that + is, MD4(UTF-16LE(secret)). The resulting 16-byte value may either be given + as a hex encoded string with a _0x_ prefix or as a Base64 encoded string + with a _0s_ prefix. + +secrets.ntlm<suffix>.id<suffix> = + Identity the NTLM secret belongs to. + + Identity the NTLM secret belongs to. Multiple unique identities may + be specified, each having an _id_ prefix, if a secret is shared between + multiple users. + secrets.ike<suffix> { # } IKE preshared secret section for a specific secret. |