Feature/extended session security (#1)

* some parsing fixes: - make TargetInfo optional - make Version optional - make sure extended session security is only used when negotiated - remove obsolete assumptions from the code
2020-07-20 20:58:20 -04:00
parent f36cde2feb
commit a3410e5aec
4 changed files with 64 additions and 81 deletions
--- a/ntlm/ntlmv2.go
+++ b/ntlm/ntlmv2.go
@@ -67,14 +67,6 @@ func (n *V2Session) computeKeyExchangeKey() (err error) {
 }

 func (n *V2Session) calculateKeys(ntlmRevisionCurrent uint8) (err error) {
-	// This lovely piece of code comes courtesy of an the excellent Open Document support system from MSFT
-	// In order to calculate the keys correctly when the client has set the NTLMRevisionCurrent to 0xF (15)
-	// We must treat the flags as if NTLMSSP_NEGOTIATE_LM_KEY is set.
-	// This information is not contained (at least currently, until they correct it) in the MS-NLMP document
-	if ntlmRevisionCurrent == 15 {
-		n.NegotiateFlags = NTLMSSP_NEGOTIATE_LM_KEY.Set(n.NegotiateFlags)
-	}
-
 	n.ClientSigningKey = signKey(n.NegotiateFlags, n.exportedSessionKey, "Client")
 	n.ServerSigningKey = signKey(n.NegotiateFlags, n.exportedSessionKey, "Server")
 	n.ClientSealingKey = sealKey(n.NegotiateFlags, n.exportedSessionKey, "Client")
@@ -296,31 +288,19 @@ func (n *V2ClientSession) ProcessChallengeMessage(cm *ChallengeMessage) (err err
 	n.serverChallenge = cm.ServerChallenge
 	n.clientChallenge = randomBytes(8)

-	// Set up the default flags for processing the response. These are the flags that we will return
-	// in the authenticate message
-	flags := uint32(0)
-	flags = NTLMSSP_NEGOTIATE_KEY_EXCH.Set(flags)
-	flags = NTLMSSP_NEGOTIATE_VERSION.Set(flags)
-	flags = NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY.Set(flags)
-	flags = NTLMSSP_NEGOTIATE_TARGET_INFO.Set(flags)
-	flags = NTLMSSP_NEGOTIATE_IDENTIFY.Set(flags)
-	flags = NTLMSSP_NEGOTIATE_ALWAYS_SIGN.Set(flags)
-	flags = NTLMSSP_NEGOTIATE_NTLM.Set(flags)
-	flags = NTLMSSP_NEGOTIATE_DATAGRAM.Set(flags)
-	flags = NTLMSSP_NEGOTIATE_SIGN.Set(flags)
-	flags = NTLMSSP_REQUEST_TARGET.Set(flags)
-	flags = NTLMSSP_NEGOTIATE_UNICODE.Set(flags)
-	flags = NTLMSSP_NEGOTIATE_128.Set(flags)
-
-	n.NegotiateFlags = flags
+	n.NegotiateFlags = cm.NegotiateFlags

 	err = n.fetchResponseKeys()
 	if err != nil {
 		return err
 	}

+	var payload []byte
+	if NTLMSSP_NEGOTIATE_TARGET_INFO.IsSet(cm.NegotiateFlags) {
+		payload = cm.TargetInfoPayloadStruct.Payload
+	}
 	timestamp := timeToWindowsFileTime(time.Now())
-	err = n.computeExpectedResponses(timestamp, cm.TargetInfoPayloadStruct.Payload)
+	err = n.computeExpectedResponses(timestamp, payload)
 	if err != nil {
 		return err
 	}
@@ -335,19 +315,30 @@ func (n *V2ClientSession) ProcessChallengeMessage(cm *ChallengeMessage) (err err
 		return err
 	}

-	err = n.calculateKeys(cm.Version.NTLMRevisionCurrent)
+	ntlmRevision := uint8(0)
+	if cm.Version != nil {
+		ntlmRevision = cm.Version.NTLMRevisionCurrent
+	}
+
+	err = n.calculateKeys(ntlmRevision)
 	if err != nil {
 		return err
 	}

-	n.clientHandle, err = rc4Init(n.ClientSealingKey)
-	if err != nil {
-		return err
+	if len(n.ClientSigningKey) > 0 {
+		n.clientHandle, err = rc4Init(n.ClientSealingKey)
+		if err != nil {
+			return err
+		}
 	}
-	n.serverHandle, err = rc4Init(n.ServerSealingKey)
-	if err != nil {
-		return err
+
+	if len(n.ServerSealingKey) > 0 {
+		n.serverHandle, err = rc4Init(n.ServerSealingKey)
+		if err != nil {
+			return err
+		}
 	}
+
 	return nil
 }