alexbrainman / sspi Goto Github PK

Hi all,

I'm trying to call an NTLM-authenticated HTTP service in Go. I'm running on a Windows host and the default user credentials accessible via SSPI have access to this service.

I've tried using the following related modules:

• Azure/go-ntlmssp: Provides a RoundTripper for NTLM auth, but appears to expect explicit credentials
• dpotapov/go-spnego: Provides an SPNEGO RoundTripper (and depends on this package!), but appears to only support Kerberos itself (not NTLM)

I tried reading through the tests as described in #6 (comment), but I'm not well-versed in Go and didn't understand how to chain this into existing HTTP client calls. I have to provide an NTLMSSP_NEGOTIATE message to the server before getting an NTLMSSP_CHALLENGE, and I'm not sure how to build one of these using the methods provided in sspi or sspi/negotiate.

Is there some documentation available for using this package to do NTLM negotiation?

Hello,

I have been looking for a way to be able to use x509 certificates from the cert store and found a windows documentation that it can be done with schannel.

Windows Documentaiton

Is there any chance this library can help with that ?

thnx

@alexbrainman Could you point me to some documentation and/or links that could help me implement Kerberos support in Go on Windows using this library (something like https://github.com/alexbrainman/sspi/blob/master/ntlm/http_test.go)?

deleteme

Can you please provide an example implementation, perhaps in the readme.

When trying to get the sspi/kerberos package, it complains about "build constraints exclude all Go files in"

| => go get github.com/alexbrainman/sspi
go: downloading github.com/alexbrainman/sspi v0.0.0-20210105120005-909beea2cc74
go get: added github.com/alexbrainman/sspi v0.0.0-20210105120005-909beea2cc74

| ~/sandbox/gohome/tcp @ Michaels-iMac (mdaloia)
| => go get github.com/alexbrainman/sspi/kerberos
package github.com/alexbrainman/sspi/kerberos: build constraints exclude all Go files in /Users/mdaloia/go/pkg/mod/github.com/alexbrainman/[email protected]/kerberos

| ~/sandbox/gohome/tcp @ Michaels-iMac (mdaloia)
| => go version
go version go1.17.6 darwin/amd64

| ~/sandbox/gohome/tcp @ Michaels-iMac (mdaloia)
| => go env
GO111MODULE=""
GOARCH="amd64"
GOBIN=""
GOCACHE="/Users/mdaloia/Library/Caches/go-build"
GOENV="/Users/mdaloia/Library/Application Support/go/env"
GOEXE=""
GOEXPERIMENT=""
GOFLAGS=""
GOHOSTARCH="amd64"
GOHOSTOS="darwin"
GOINSECURE=""
GOMODCACHE="/Users/mdaloia/go/pkg/mod"
GONOPROXY=""
GONOSUMDB=""
GOOS="darwin"
GOPATH="/Users/mdaloia/go"
GOPRIVATE=""
GOPROXY="https://proxy.golang.org,direct"
GOROOT="/usr/local/go"
GOSUMDB="sum.golang.org"
GOTMPDIR=""
GOTOOLDIR="/usr/local/go/pkg/tool/darwin_amd64"
GOVCS=""
GOVERSION="go1.17.6"
GCCGO="gccgo"
AR="ar"
CC="clang"
CXX="clang++"
CGO_ENABLED="1"
GOMOD="/Users/mdaloia/sandbox/gohome/tcp/go.mod"
CGO_CFLAGS="-g -O2"
CGO_CPPFLAGS=""
CGO_CXXFLAGS="-g -O2"
CGO_FFLAGS="-g -O2"
CGO_LDFLAGS="-g -O2"
PKG_CONFIG="pkg-config"
GOGCCFLAGS="-fPIC -arch x86_64 -m64 -pthread -fno-caret-diagnostics -Qunused-arguments -fmessage-length=0 -fdebug-prefix-map=/var/folders/t5/96f3gstn4hb46287jnpfplmc0000gn/T/go-build2082939745=/tmp/go-build -gno-record-gcc-switches -fno-common"

| ~/sandbox/gohome/tcp @ Michaels-iMac (mdaloia)

The ClientContext Update() method accepts some 'token'. I presume it should be the one that's returned from NewClientContext() method as 'outputToken'.
However, when I do pass the 'outputToken' to the Update() method it throws the 'The token supplied to the function is invalid' error.
What would be the correct input 'token' for the Update() method, how should the user prepare such a correct 'token'?

I am using this package to authenticate my application (on Windows) against a proxy server which requires Kerberos authentication.
I am using negotiate.AcquireCurrentUserCredentials() and negotiate.NewClientContext() to get the client token which gets passed to the proxy server in Proxy-Authorization header.

Can this client token be reused for subsequent calls to the proxy ?
Appreciate if you have any suggestions on any golang package to achieve this for maOS using GSSAPI.