lgcosta/go-ntlm
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix signature generation on ntlmv1

Browse Source
This commit is contained in:
Matthew Kanwisher 2013-04-15 18:19:19 -04:00
parent c71d542d90
commit 9713171bf6
3 changed files with 23 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
src/ntlm/ntlm.go
View File

@ -80,6 +80,7 @@ type ServerSession interface {
GenerateChallengeMessage() (*messages.Challenge, error) GenerateChallengeMessage() (*messages.Challenge, error)
ProcessAuthenticateMessage(*messages.Authenticate) error ProcessAuthenticateMessage(*messages.Authenticate) error
Version() int
Seal(message []byte) ([]byte, error) Seal(message []byte) ([]byte, error)
Sign(message []byte) ([]byte, error) Sign(message []byte) ([]byte, error)
Mac(message []byte, sequenceNumber int) ([]byte, error) Mac(message []byte, sequenceNumber int) ([]byte, error)

19
src/ntlm/ntlmv1.go
View File

@ -32,6 +32,10 @@ func (n *V1Session) SetMode(mode Mode) {
n.mode = mode n.mode = mode
} }
func (n *V1Session) Version() int {
return 1
}
func (n *V1Session) fetchResponseKeys() (err error) { func (n *V1Session) fetchResponseKeys() (err error) {
n.responseKeyLM, err = lmowfv1(n.password) n.responseKeyLM, err = lmowfv1(n.password)
if err != nil { if err != nil {
@ -109,7 +113,7 @@ func (n *V1Session) Sign(message []byte) ([]byte, error) {
return nil, nil return nil, nil
} }
func ntlmV1Mac(message []byte, sequenceNumber int, handle *rc4P.Cipher, sealingKey, signingKey []byte, negotiateFlags uint32) []byte { func ntlmV1MacOld(message []byte, sequenceNumber int, handle *rc4P.Cipher, sealingKey, signingKey []byte, negotiateFlags uint32) []byte {
// TODO: Need to keep track of the sequence number for connection oriented NTLM // TODO: Need to keep track of the sequence number for connection oriented NTLM
if messages.NTLMSSP_NEGOTIATE_DATAGRAM.IsSet(negotiateFlags) { if messages.NTLMSSP_NEGOTIATE_DATAGRAM.IsSet(negotiateFlags) {
handle, _ = reinitSealingKey(sealingKey, sequenceNumber) handle, _ = reinitSealingKey(sealingKey, sequenceNumber)
@ -118,6 +122,19 @@ func ntlmV1Mac(message []byte, sequenceNumber int, handle *rc4P.Cipher, sealingK
return sig.Bytes() return sig.Bytes()
} }
func ntlmV1Mac(message []byte, sequenceNumber int, handle *rc4P.Cipher, sealingKey, signingKey []byte, negotiateFlags uint32) []byte {
// TODO: Need to keep track of the sequence number for connection oriented NTLM
if messages.NTLMSSP_NEGOTIATE_DATAGRAM.IsSet(negotiateFlags) && messages.NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY.IsSet(negotiateFlags) {
handle, _ = reinitSealingKey(sealingKey, sequenceNumber)
} else if messages.NTLMSSP_NEGOTIATE_DATAGRAM.IsSet(negotiateFlags) {
// CONOR: Reinitializing the rc4 cipher on every requst, but not using the
// algorithm as described in the MS-NTLM document. Just reinitialize it directly.
handle, _ = rc4Init(sealingKey)
}
sig := mac(negotiateFlags, handle, signingKey, uint32(sequenceNumber), message)
return sig.Bytes()
}
func (n *V1ServerSession) Mac(message []byte, sequenceNumber int) ([]byte, error) { func (n *V1ServerSession) Mac(message []byte, sequenceNumber int) ([]byte, error) {
mac := ntlmV1Mac(message, sequenceNumber, n.serverHandle, n.serverSealingKey, n.serverSigningKey, n.negotiateFlags) mac := ntlmV1Mac(message, sequenceNumber, n.serverHandle, n.serverSealingKey, n.serverSigningKey, n.negotiateFlags)
return mac, nil return mac, nil

4
src/ntlm/ntlmv2.go
View File

@ -34,6 +34,10 @@ func (n *V2Session) SetMode(mode Mode) {
n.mode = mode n.mode = mode
} }
func (n *V2Session) Version() int {
return 2
}
func (n *V2Session) fetchResponseKeys() (err error) { func (n *V2Session) fetchResponseKeys() (err error) {
// Usually at this point we'd go out to Active Directory and get these keys // Usually at this point we'd go out to Active Directory and get these keys
// Here we are assuming we have the information locally // Here we are assuming we have the information locally