Add channel binding support to SSPI context updates

[Chrizpy]

Microsoft seems to have turned on the setting that requires channel binding when clients connect to Active Directory in latest updates:
https://support.microsoft.com/en-us/topic/2020-2023-and-2024-ldap-channel-binding-and-ldap-signing-requirements-for-windows-kb4520412-ef185fb8-00f7-167d-744c-f299a66fc00a

This resulted in my go application failing to authenticate.

I have one more change that I am gonna publish on https://github.com/go-ldap as soon as I can get this in, since I use the go-ldap library in my application.

I had trouble unit testing this code, but I did manual testing for samba and active directory and saw no issues. Any pointers to how I could write unit tests if needed would be appreciated.

[alexbrainman]

This resulted in my go application failing to authenticate.

I do not use this code anymore. I do not even have Windows computer anymore. So I would have to trust you. But your PR looks reasonable.

I have one more change that I am gonna publish on https://github.com/go-ldap as soon as I can get this in, since I use the go-ldap library in my application.

SGTM.

I had trouble unit testing this code, but I did manual testing for samba and active directory and saw no issues. Any pointers to how I could write unit tests if needed would be appreciated.

I agree that it would be nice to have some tests for new code, but I do not have any suggestions.

Let me know if you want me to merge your PR, and I will do it.

Thank you.

Alex

[Chrizpy]

Hey @alexbrainman,

I would much appreciate it if you could merge this in then. Cheers,

Chris

[alexbrainman]

I would much appreciate it if you could merge this in then. Cheers,

Done.

Alex

[Neustradamus]

@Chrizpy: Good job, thanks for your work!

Can you look to add "tls-server-end-point" in golang/go directly?

Thanks in advance.

Linked to:

• Channel Binding: State of Play scram-sasl/info#1