From af256c1a87aa2978551c92a3859d8d50c4a5faea Mon Sep 17 00:00:00 2001 From: Conor Hunt Date: Tue, 23 Jul 2013 15:27:25 -0500 Subject: [PATCH 1/2] move messages out of unecessary messages package and in to ntlm package --- README.md | 5 +- ntlm/{messages => }/av_pairs.go | 4 +- ntlm/{messages => }/challenge_responses.go | 2 +- ntlm/helpers.go | 24 ++++ ntlm/keys.go | 20 ++-- ...uthenticate.go => message_authenticate.go} | 6 +- ...e_test.go => message_authenticate_test.go} | 2 +- .../challenge.go => message_challenge.go} | 2 +- ...enge_test.go => message_challenge_test.go} | 2 +- .../negotiate.go => message_negotiate.go} | 2 +- ntlm/messages/helpers.go | 39 ------ ntlm/{messages => }/negotiate_flags.go | 4 +- ntlm/{messages => }/negotiate_flags_test.go | 2 +- ntlm/ntlm.go | 19 ++- ntlm/ntlmv1.go | 67 +++++------ ntlm/ntlmv1_test.go | 67 +++++------ ntlm/ntlmv2.go | 113 +++++++++--------- ntlm/ntlmv2_test.go | 33 +++-- ntlm/{messages => }/payload.go | 6 +- ntlm/signature.go | 5 +- ntlm/signature_test.go | 7 +- ntlm/{messages => }/version.go | 2 +- utils/decode_auth.go | 3 +- utils/test_auth.go | 7 +- 24 files changed, 207 insertions(+), 236 deletions(-) rename ntlm/{messages => }/av_pairs.go (99%) rename ntlm/{messages => }/challenge_responses.go (99%) rename ntlm/{messages/authenticate.go => message_authenticate.go} (99%) rename ntlm/{messages/authenticate_test.go => message_authenticate_test.go} (99%) rename ntlm/{messages/challenge.go => message_challenge.go} (99%) rename ntlm/{messages/challenge_test.go => message_challenge_test.go} (99%) rename ntlm/{messages/negotiate.go => message_negotiate.go} (98%) delete mode 100644 ntlm/messages/helpers.go rename ntlm/{messages => }/negotiate_flags.go (99%) rename ntlm/{messages => }/negotiate_flags_test.go (98%) rename ntlm/{messages => }/payload.go (96%) rename ntlm/{messages => }/version.go (98%) diff --git a/README.md b/README.md index 908556c..f7f6f4a 100644 --- a/README.md +++ b/README.md @@ -14,7 +14,6 @@ the client and the server, for our use we hardcoded a supported set of negotiati ```go import "github.com/ThomsonReutersEikon/go-ntlm/ntlm" -import "github.com/ThomsonReutersEikon/go-ntlm/ntlm/messages" session, err = ntlm.CreateClientSession(ntlm.Version2, ntlm.ConnectionlessMode) session.SetUserInfo("someuser","somepassword","somedomain") @@ -23,7 +22,7 @@ negotiate := session.GenerateNegotiateMessage() -challenge, err := messages.ParseChallengeMessage(challengeBytes) +challenge, err := ntlm.ParseChallengeMessage(challengeBytes) session.ProcessChallengeMessage(challenge) authenticate := session.GenerateAuthenticateMessage() @@ -43,7 +42,7 @@ challenge := session.GenerateChallengeMessage() -auth, err := messages.ParseAuthentiateMessage(authenticateBytes) +auth, err := ntlm.ParseAuthentiateMessage(authenticateBytes) session.ProcessAuthenticateMessage(auth) ``` diff --git a/ntlm/messages/av_pairs.go b/ntlm/av_pairs.go similarity index 99% rename from ntlm/messages/av_pairs.go rename to ntlm/av_pairs.go index b5928ef..6565840 100644 --- a/ntlm/messages/av_pairs.go +++ b/ntlm/av_pairs.go @@ -1,6 +1,6 @@ //Copyright 2013 Thomson Reuters Global Resources. All Rights Reserved. Proprietary and confidential information of TRGR. Disclosure, use, or reproduction without written authorization of TRGR is prohibited. -package messages +package ntlm import ( "bytes" @@ -140,7 +140,7 @@ func ReadAvPair(data []byte, offset int) *AvPair { } func (a *AvPair) UnicodeStringValue() string { - return Utf16ToString(a.Value) + return utf16ToString(a.Value) } func (a *AvPair) Bytes() (result []byte) { diff --git a/ntlm/messages/challenge_responses.go b/ntlm/challenge_responses.go similarity index 99% rename from ntlm/messages/challenge_responses.go rename to ntlm/challenge_responses.go index 93de05d..42fd890 100644 --- a/ntlm/messages/challenge_responses.go +++ b/ntlm/challenge_responses.go @@ -1,6 +1,6 @@ //Copyright 2013 Thomson Reuters Global Resources. All Rights Reserved. Proprietary and confidential information of TRGR. Disclosure, use, or reproduction without written authorization of TRGR is prohibited. -package messages +package ntlm import ( "bytes" diff --git a/ntlm/helpers.go b/ntlm/helpers.go index 72bb1b4..1185c43 100644 --- a/ntlm/helpers.go +++ b/ntlm/helpers.go @@ -6,6 +6,7 @@ import ( "bytes" "crypto/rand" "unicode/utf16" + "encoding/binary" ) // Concatenate two byte slices into a new slice @@ -63,3 +64,26 @@ func utf16FromString(s string) []byte { } return result } + +// Convert a UTF16 string to UTF8 string for Go usage +func utf16ToString(bytes []byte) string { + var data []uint16 + + // NOTE: This is definitely not the best way to do this, but when I tried using a buffer.Read I could not get it to work + for offset := 0; offset < len(bytes); offset = offset + 2 { + i := binary.LittleEndian.Uint16(bytes[offset : offset+2]) + data = append(data, i) + } + + return string(utf16.Decode(data)) +} + +func uint32ToBytes(v uint32) []byte { + bytes := make([]byte, 4) + bytes[0] = byte(v & 0xff) + bytes[1] = byte((v >> 8) & 0xff) + bytes[2] = byte((v >> 16) & 0xff) + bytes[3] = byte((v >> 24) & 0xff) + return bytes +} + diff --git a/ntlm/keys.go b/ntlm/keys.go index 3af87fe..3a849d8 100644 --- a/ntlm/keys.go +++ b/ntlm/keys.go @@ -2,13 +2,9 @@ package ntlm -import ( - "github.com/ThomsonReutersEikon/go-ntlm/ntlm/messages" -) - // Define KXKEY(SessionBaseKey, LmChallengeResponse, ServerChallenge) as func kxKey(flags uint32, sessionBaseKey []byte, lmChallengeResponse []byte, serverChallenge []byte, lmnowf []byte) (keyExchangeKey []byte, err error) { - if messages.NTLMSSP_NEGOTIATE_LM_KEY.IsSet(flags) { + if NTLMSSP_NEGOTIATE_LM_KEY.IsSet(flags) { var part1, part2 []byte part1, err = des(lmnowf[0:7], lmChallengeResponse[0:8]) if err != nil { @@ -22,7 +18,7 @@ func kxKey(flags uint32, sessionBaseKey []byte, lmChallengeResponse []byte, serv } keyExchangeKey = concat(part1, part2) - } else if messages.NTLMSSP_REQUEST_NON_NT_SESSION_KEY.IsSet(flags) { + } else if NTLMSSP_REQUEST_NON_NT_SESSION_KEY.IsSet(flags) { keyExchangeKey = concat(lmnowf[0:8], zeroBytes(8)) } else { keyExchangeKey = sessionBaseKey @@ -33,7 +29,7 @@ func kxKey(flags uint32, sessionBaseKey []byte, lmChallengeResponse []byte, serv // Define SIGNKEY(NegFlg, RandomSessionKey, Mode) as func signKey(flags uint32, randomSessionKey []byte, mode string) (signKey []byte) { - if messages.NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY.IsSet(flags) { + if NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY.IsSet(flags) { if mode == "Client" { signKey = md5(concat(randomSessionKey, []byte("session key to client-to-server signing key magic constant\x00"))) } else { @@ -47,10 +43,10 @@ func signKey(flags uint32, randomSessionKey []byte, mode string) (signKey []byte // Define SEALKEY(NegotiateFlags, RandomSessionKey, Mode) as func sealKey(flags uint32, randomSessionKey []byte, mode string) (sealKey []byte) { - if messages.NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY.IsSet(flags) { - if messages.NTLMSSP_NEGOTIATE_128.IsSet(flags) { + if NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY.IsSet(flags) { + if NTLMSSP_NEGOTIATE_128.IsSet(flags) { sealKey = randomSessionKey - } else if messages.NTLMSSP_NEGOTIATE_56.IsSet(flags) { + } else if NTLMSSP_NEGOTIATE_56.IsSet(flags) { sealKey = randomSessionKey[0:7] } else { sealKey = randomSessionKey[0:5] @@ -60,8 +56,8 @@ func sealKey(flags uint32, randomSessionKey []byte, mode string) (sealKey []byte } else { sealKey = md5(concat(sealKey, []byte("session key to server-to-client sealing key magic constant\x00"))) } - } else if messages.NTLMSSP_NEGOTIATE_LM_KEY.IsSet(flags) { - if messages.NTLMSSP_NEGOTIATE_56.IsSet(flags) { + } else if NTLMSSP_NEGOTIATE_LM_KEY.IsSet(flags) { + if NTLMSSP_NEGOTIATE_56.IsSet(flags) { sealKey = concat(randomSessionKey[0:7], []byte{0xA0}) } else { sealKey = concat(randomSessionKey[0:5], []byte{0xE5, 0x38, 0xB0}) diff --git a/ntlm/messages/authenticate.go b/ntlm/message_authenticate.go similarity index 99% rename from ntlm/messages/authenticate.go rename to ntlm/message_authenticate.go index 03f0b02..b882774 100644 --- a/ntlm/messages/authenticate.go +++ b/ntlm/message_authenticate.go @@ -1,6 +1,6 @@ //Copyright 2013 Thomson Reuters Global Resources. All Rights Reserved. Proprietary and confidential information of TRGR. Disclosure, use, or reproduction without written authorization of TRGR is prohibited. -package messages +package ntlm import ( "bytes" @@ -38,7 +38,7 @@ type Authenticate struct { /// MS-NLMP 2.2.1.3 - In connectionless mode, a NEGOTIATE structure that contains a set of bit flags (section 2.2.2.5) and represents the // conclusion of negotiation—the choices the client has made from the options the server offered in the CHALLENGE_MESSAGE. // In connection-oriented mode, a NEGOTIATE structure that contains the set of bit flags (section 2.2.2.5) negotiated in - // the previous messages. + // the previous NegotiateFlags uint32 // 4 bytes // Version (8 bytes): A VERSION structure (section 2.2.2.10) that is present only when the NTLMSSP_NEGOTIATE_VERSION @@ -216,7 +216,7 @@ func (a *Authenticate) Bytes() []byte { payloadOffset += uint32(a.EncryptedRandomSessionKey.Len) buffer.Write(a.EncryptedRandomSessionKey.Bytes()) - buffer.Write(Uint32ToBytes(a.NegotiateFlags)) + buffer.Write(uint32ToBytes(a.NegotiateFlags)) if a.Version != nil { buffer.Write(a.Version.Bytes()) diff --git a/ntlm/messages/authenticate_test.go b/ntlm/message_authenticate_test.go similarity index 99% rename from ntlm/messages/authenticate_test.go rename to ntlm/message_authenticate_test.go index 7b94be4..ff9ab93 100644 --- a/ntlm/messages/authenticate_test.go +++ b/ntlm/message_authenticate_test.go @@ -1,6 +1,6 @@ //Copyright 2013 Thomson Reuters Global Resources. All Rights Reserved. Proprietary and confidential information of TRGR. Disclosure, use, or reproduction without written authorization of TRGR is prohibited. -package messages +package ntlm import ( "bytes" diff --git a/ntlm/messages/challenge.go b/ntlm/message_challenge.go similarity index 99% rename from ntlm/messages/challenge.go rename to ntlm/message_challenge.go index 8cb85c4..608062d 100644 --- a/ntlm/messages/challenge.go +++ b/ntlm/message_challenge.go @@ -1,6 +1,6 @@ //Copyright 2013 Thomson Reuters Global Resources. All Rights Reserved. Proprietary and confidential information of TRGR. Disclosure, use, or reproduction without written authorization of TRGR is prohibited. -package messages +package ntlm import ( "bytes" diff --git a/ntlm/messages/challenge_test.go b/ntlm/message_challenge_test.go similarity index 99% rename from ntlm/messages/challenge_test.go rename to ntlm/message_challenge_test.go index d495bb3..36e7042 100644 --- a/ntlm/messages/challenge_test.go +++ b/ntlm/message_challenge_test.go @@ -1,6 +1,6 @@ //Copyright 2013 Thomson Reuters Global Resources. All Rights Reserved. Proprietary and confidential information of TRGR. Disclosure, use, or reproduction without written authorization of TRGR is prohibited. -package messages +package ntlm import ( "bytes" diff --git a/ntlm/messages/negotiate.go b/ntlm/message_negotiate.go similarity index 98% rename from ntlm/messages/negotiate.go rename to ntlm/message_negotiate.go index 1e0bcda..27bb612 100644 --- a/ntlm/messages/negotiate.go +++ b/ntlm/message_negotiate.go @@ -1,6 +1,6 @@ //Copyright 2013 Thomson Reuters Global Resources. All Rights Reserved. Proprietary and confidential information of TRGR. Disclosure, use, or reproduction without written authorization of TRGR is prohibited. -package messages +package ntlm type Negotiate struct { // All bytes of the message diff --git a/ntlm/messages/helpers.go b/ntlm/messages/helpers.go deleted file mode 100644 index bfd6c5a..0000000 --- a/ntlm/messages/helpers.go +++ /dev/null @@ -1,39 +0,0 @@ -//Copyright 2013 Thomson Reuters Global Resources. All Rights Reserved. Proprietary and confidential information of TRGR. Disclosure, use, or reproduction without written authorization of TRGR is prohibited. - -package messages - -import ( - "encoding/binary" - "unicode/utf16" -) - -// Convert a UTF16 string to UTF8 string for Go usage -func Utf16ToString(bytes []byte) string { - var data []uint16 - - // NOTE: This is definitely not the best way to do this, but when I tried using a buffer.Read I could not get it to work - for offset := 0; offset < len(bytes); offset = offset + 2 { - i := binary.LittleEndian.Uint16(bytes[offset : offset+2]) - data = append(data, i) - } - - return string(utf16.Decode(data)) -} - -func StringToUtf16(value string) []byte { - result := make([]byte, len(value)*2) - stringBytes := []byte(value) - for i := 0; i < len(value); i++ { - result[i*2] = stringBytes[i] - } - return result -} - -func Uint32ToBytes(v uint32) []byte { - bytes := make([]byte, 4) - bytes[0] = byte(v & 0xff) - bytes[1] = byte((v >> 8) & 0xff) - bytes[2] = byte((v >> 16) & 0xff) - bytes[3] = byte((v >> 24) & 0xff) - return bytes -} diff --git a/ntlm/messages/negotiate_flags.go b/ntlm/negotiate_flags.go similarity index 99% rename from ntlm/messages/negotiate_flags.go rename to ntlm/negotiate_flags.go index e6eab49..b442159 100644 --- a/ntlm/messages/negotiate_flags.go +++ b/ntlm/negotiate_flags.go @@ -1,6 +1,6 @@ //Copyright 2013 Thomson Reuters Global Resources. All Rights Reserved. Proprietary and confidential information of TRGR. Disclosure, use, or reproduction without written authorization of TRGR is prohibited. -package messages +package ntlm // During NTLM authentication, each of the following flags is a possible value of the NegotiateFlags field of the NEGOTIATE_MESSAGE, // CHALLENGE_MESSAGE, and AUTHENTICATE_MESSAGE, unless otherwise noted. These flags define client or server NTLM capabilities @@ -63,7 +63,7 @@ const ( NTLMSSP_NEGOTIATE_OEM_WORKSTATION_SUPPLIED // r7 (1 bit): This bit is unused and MUST be zero. NTLMSSP_R7 - // M (1 bit): If set, requests the presence of a signature block on all messages. NTLMSSP_NEGOTIATE_ALWAYS_SIGN MUST be + // M (1 bit): If set, requests the presence of a signature block on all NTLMSSP_NEGOTIATE_ALWAYS_SIGN MUST be // set in the NEGOTIATE_MESSAGE to the server and the CHALLENGE_MESSAGE to the client. NTLMSSP_NEGOTIATE_ALWAYS_SIGN is // overridden by NTLMSSP_NEGOTIATE_SIGN and NTLMSSP_NEGOTIATE_SEAL, if they are supported. An alternate name for this field // is NTLMSSP_NEGOTIATE_ALWAYS_SIGN. diff --git a/ntlm/messages/negotiate_flags_test.go b/ntlm/negotiate_flags_test.go similarity index 98% rename from ntlm/messages/negotiate_flags_test.go rename to ntlm/negotiate_flags_test.go index 300473c..951b718 100644 --- a/ntlm/messages/negotiate_flags_test.go +++ b/ntlm/negotiate_flags_test.go @@ -1,6 +1,6 @@ //Copyright 2013 Thomson Reuters Global Resources. All Rights Reserved. Proprietary and confidential information of TRGR. Disclosure, use, or reproduction without written authorization of TRGR is prohibited. -package messages +package ntlm import ( "encoding/binary" diff --git a/ntlm/ntlm.go b/ntlm/ntlm.go index e508245..de9d56d 100644 --- a/ntlm/ntlm.go +++ b/ntlm/ntlm.go @@ -7,7 +7,6 @@ package ntlm import ( rc4P "crypto/rc4" "errors" - "github.com/ThomsonReutersEikon/go-ntlm/ntlm/messages" ) type Version int @@ -44,9 +43,9 @@ type ClientSession interface { SetUserInfo(username string, password string, domain string) SetMode(mode Mode) - GenerateNegotiateMessage() (*messages.Negotiate, error) - ProcessChallengeMessage(*messages.Challenge) error - GenerateAuthenticateMessage() (*messages.Authenticate, error) + GenerateNegotiateMessage() (*Negotiate, error) + ProcessChallengeMessage(*Challenge) error + GenerateAuthenticateMessage() (*Authenticate, error) Seal(message []byte) ([]byte, error) Sign(message []byte) ([]byte, error) @@ -78,9 +77,9 @@ type ServerSession interface { SetMode(mode Mode) SetServerChallenge(challege []byte) - ProcessNegotiateMessage(*messages.Negotiate) error - GenerateChallengeMessage() (*messages.Challenge, error) - ProcessAuthenticateMessage(*messages.Authenticate) error + ProcessNegotiateMessage(*Negotiate) error + GenerateChallengeMessage() (*Challenge, error) + ProcessAuthenticateMessage(*Authenticate) error GetSessionData() *SessionData @@ -101,9 +100,9 @@ type SessionData struct { NegotiateFlags uint32 - negotiateMessage *messages.Negotiate - challengeMessage *messages.Challenge - authenticateMessage *messages.Authenticate + negotiateMessage *Negotiate + challengeMessage *Challenge + authenticateMessage *Authenticate serverChallenge []byte clientChallenge []byte diff --git a/ntlm/ntlmv1.go b/ntlm/ntlmv1.go index a01b1b3..d7b63a7 100644 --- a/ntlm/ntlmv1.go +++ b/ntlm/ntlmv1.go @@ -7,7 +7,6 @@ import ( l4g "code.google.com/p/log4go" rc4P "crypto/rc4" "errors" - "github.com/ThomsonReutersEikon/go-ntlm/ntlm/messages" "strings" ) @@ -47,7 +46,7 @@ func (n *V1Session) fetchResponseKeys() (err error) { } func (n *V1Session) computeExpectedResponses() (err error) { - if messages.NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY.IsSet(n.NegotiateFlags) { + if NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY.IsSet(n.NegotiateFlags) { n.ntChallengeResponse, err = desL(n.responseKeyNT, md5(concat(n.serverChallenge, n.clientChallenge))[0:8]) if err != nil { return err @@ -82,7 +81,7 @@ func (n *V1Session) computeSessionBaseKey() (err error) { } func (n *V1Session) computeKeyExchangeKey() (err error) { - if messages.NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY.IsSet(n.NegotiateFlags) { + if NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY.IsSet(n.NegotiateFlags) { n.keyExchangeKey = hmacMd5(n.sessionBaseKey, concat(n.serverChallenge, n.lmChallengeResponse[0:8])) } else { n.keyExchangeKey, err = kxKey(n.NegotiateFlags, n.sessionBaseKey, n.lmChallengeResponse, n.serverChallenge, n.responseKeyLM) @@ -96,7 +95,7 @@ func (n *V1Session) calculateKeys(ntlmRevisionCurrent uint8) (err error) { // We must treat the flags as if NTLMSSP_NEGOTIATE_LM_KEY is set. // This information is not contained (at least currently, until they correct it) in the MS-NLMP document if ntlmRevisionCurrent == 15 { - n.NegotiateFlags = messages.NTLMSSP_NEGOTIATE_LM_KEY.Set(n.NegotiateFlags) + n.NegotiateFlags = NTLMSSP_NEGOTIATE_LM_KEY.Set(n.NegotiateFlags) } n.ClientSigningKey = signKey(n.NegotiateFlags, n.exportedSessionKey, "Client") @@ -116,9 +115,9 @@ func (n *V1Session) Sign(message []byte) ([]byte, error) { func ntlmV1Mac(message []byte, sequenceNumber int, handle *rc4P.Cipher, sealingKey, signingKey []byte, NegotiateFlags uint32) []byte { // TODO: Need to keep track of the sequence number for connection oriented NTLM - if messages.NTLMSSP_NEGOTIATE_DATAGRAM.IsSet(NegotiateFlags) && messages.NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY.IsSet(NegotiateFlags) { + if NTLMSSP_NEGOTIATE_DATAGRAM.IsSet(NegotiateFlags) && NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY.IsSet(NegotiateFlags) { handle, _ = reinitSealingKey(sealingKey, sequenceNumber) - } else if messages.NTLMSSP_NEGOTIATE_DATAGRAM.IsSet(NegotiateFlags) { + } else if NTLMSSP_NEGOTIATE_DATAGRAM.IsSet(NegotiateFlags) { // CONOR: Reinitializing the rc4 cipher on every requst, but not using the // algorithm as described in the MS-NTLM document. Just reinitialize it directly. handle, _ = rc4Init(sealingKey) @@ -155,12 +154,12 @@ type V1ServerSession struct { V1Session } -func (n *V1ServerSession) ProcessNegotiateMessage(nm *messages.Negotiate) (err error) { +func (n *V1ServerSession) ProcessNegotiateMessage(nm *Negotiate) (err error) { n.negotiateMessage = nm return } -func (n *V1ServerSession) GenerateChallengeMessage() (cm *messages.Challenge, err error) { +func (n *V1ServerSession) GenerateChallengeMessage() (cm *Challenge, err error) { // TODO: Generate this challenge message return } @@ -173,7 +172,7 @@ func (n *V1ServerSession) GetSessionData() *SessionData { return &n.SessionData } -func (n *V1ServerSession) ProcessAuthenticateMessage(am *messages.Authenticate) (err error) { +func (n *V1ServerSession) ProcessAuthenticateMessage(am *Authenticate) (err error) { n.authenticateMessage = am n.NegotiateFlags = am.NegotiateFlags n.clientChallenge = am.ClientChallenge() @@ -209,7 +208,7 @@ func (n *V1ServerSession) ProcessAuthenticateMessage(am *messages.Authenticate) // to compare the lmChallengeResponse if the ntChallengeRepsonse fails, but with extended session security // this would *always* pass because the lmChallengeResponse and expectedLmChallengeRepsonse will always // be the same - if !bytes.Equal(am.LmChallengeResponse.Payload, n.lmChallengeResponse) || messages.NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY.IsSet(n.NegotiateFlags) { + if !bytes.Equal(am.LmChallengeResponse.Payload, n.lmChallengeResponse) || NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY.IsSet(n.NegotiateFlags) { return errors.New("Could not authenticate") } } @@ -240,7 +239,7 @@ func (n *V1ServerSession) ProcessAuthenticateMessage(am *messages.Authenticate) } func (n *V1ServerSession) computeExportedSessionKey() (err error) { - if messages.NTLMSSP_NEGOTIATE_KEY_EXCH.IsSet(n.NegotiateFlags) { + if NTLMSSP_NEGOTIATE_KEY_EXCH.IsSet(n.NegotiateFlags) { n.exportedSessionKey, err = rc4K(n.keyExchangeKey, n.encryptedRandomSessionKey) if err != nil { return err @@ -263,11 +262,11 @@ type V1ClientSession struct { V1Session } -func (n *V1ClientSession) GenerateNegotiateMessage() (nm *messages.Negotiate, err error) { +func (n *V1ClientSession) GenerateNegotiateMessage() (nm *Negotiate, err error) { return nil, nil } -func (n *V1ClientSession) ProcessChallengeMessage(cm *messages.Challenge) (err error) { +func (n *V1ClientSession) ProcessChallengeMessage(cm *Challenge) (err error) { n.challengeMessage = cm n.serverChallenge = cm.ServerChallenge n.clientChallenge = randomBytes(8) @@ -275,18 +274,18 @@ func (n *V1ClientSession) ProcessChallengeMessage(cm *messages.Challenge) (err e // Set up the default flags for processing the response. These are the flags that we will return // in the authenticate message flags := uint32(0) - flags = messages.NTLMSSP_NEGOTIATE_KEY_EXCH.Set(flags) + flags = NTLMSSP_NEGOTIATE_KEY_EXCH.Set(flags) // NOTE: Unsetting this flag in order to get the server to generate the signatures we can recognize - flags = messages.NTLMSSP_NEGOTIATE_VERSION.Set(flags) - flags = messages.NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY.Set(flags) - flags = messages.NTLMSSP_NEGOTIATE_TARGET_INFO.Set(flags) - flags = messages.NTLMSSP_NEGOTIATE_IDENTIFY.Set(flags) - flags = messages.NTLMSSP_NEGOTIATE_ALWAYS_SIGN.Set(flags) - flags = messages.NTLMSSP_NEGOTIATE_NTLM.Set(flags) - flags = messages.NTLMSSP_NEGOTIATE_DATAGRAM.Set(flags) - flags = messages.NTLMSSP_NEGOTIATE_SIGN.Set(flags) - flags = messages.NTLMSSP_REQUEST_TARGET.Set(flags) - flags = messages.NTLMSSP_NEGOTIATE_UNICODE.Set(flags) + flags = NTLMSSP_NEGOTIATE_VERSION.Set(flags) + flags = NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY.Set(flags) + flags = NTLMSSP_NEGOTIATE_TARGET_INFO.Set(flags) + flags = NTLMSSP_NEGOTIATE_IDENTIFY.Set(flags) + flags = NTLMSSP_NEGOTIATE_ALWAYS_SIGN.Set(flags) + flags = NTLMSSP_NEGOTIATE_NTLM.Set(flags) + flags = NTLMSSP_NEGOTIATE_DATAGRAM.Set(flags) + flags = NTLMSSP_NEGOTIATE_SIGN.Set(flags) + flags = NTLMSSP_REQUEST_TARGET.Set(flags) + flags = NTLMSSP_NEGOTIATE_UNICODE.Set(flags) n.NegotiateFlags = flags @@ -332,23 +331,23 @@ func (n *V1ClientSession) ProcessChallengeMessage(cm *messages.Challenge) (err e return nil } -func (n *V1ClientSession) GenerateAuthenticateMessage() (am *messages.Authenticate, err error) { - am = new(messages.Authenticate) +func (n *V1ClientSession) GenerateAuthenticateMessage() (am *Authenticate, err error) { + am = new(Authenticate) am.Signature = []byte("NTLMSSP\x00") am.MessageType = uint32(3) - am.LmChallengeResponse, _ = messages.CreateBytePayload(n.lmChallengeResponse) - am.NtChallengeResponseFields, _ = messages.CreateBytePayload(n.ntChallengeResponse) - am.DomainName, _ = messages.CreateStringPayload(n.userDomain) - am.UserName, _ = messages.CreateStringPayload(n.user) - am.Workstation, _ = messages.CreateStringPayload("SQUAREMILL") - am.EncryptedRandomSessionKey, _ = messages.CreateBytePayload(n.encryptedRandomSessionKey) + am.LmChallengeResponse, _ = CreateBytePayload(n.lmChallengeResponse) + am.NtChallengeResponseFields, _ = CreateBytePayload(n.ntChallengeResponse) + am.DomainName, _ = CreateStringPayload(n.userDomain) + am.UserName, _ = CreateStringPayload(n.user) + am.Workstation, _ = CreateStringPayload("SQUAREMILL") + am.EncryptedRandomSessionKey, _ = CreateBytePayload(n.encryptedRandomSessionKey) am.NegotiateFlags = n.NegotiateFlags - am.Version = &messages.VersionStruct{ProductMajorVersion: uint8(5), ProductMinorVersion: uint8(1), ProductBuild: uint16(2600), NTLMRevisionCurrent: uint8(15)} + am.Version = &VersionStruct{ProductMajorVersion: uint8(5), ProductMinorVersion: uint8(1), ProductBuild: uint16(2600), NTLMRevisionCurrent: uint8(15)} return am, nil } func (n *V1ClientSession) computeEncryptedSessionKey() (err error) { - if messages.NTLMSSP_NEGOTIATE_KEY_EXCH.IsSet(n.NegotiateFlags) { + if NTLMSSP_NEGOTIATE_KEY_EXCH.IsSet(n.NegotiateFlags) { n.exportedSessionKey = randomBytes(16) n.encryptedRandomSessionKey, err = rc4K(n.keyExchangeKey, n.exportedSessionKey) if err != nil { diff --git a/ntlm/ntlmv1_test.go b/ntlm/ntlmv1_test.go index aec9348..c4901d0 100644 --- a/ntlm/ntlmv1_test.go +++ b/ntlm/ntlmv1_test.go @@ -6,7 +6,6 @@ import ( "bytes" "encoding/base64" "encoding/hex" - "github.com/ThomsonReutersEikon/go-ntlm/ntlm/messages" "testing" ) @@ -47,10 +46,10 @@ func TestNtlmV1ExtendedSessionSecurity(t *testing.T) { authenticateMessage := "TlRMTVNTUAADAAAAGAAYAJgAAAAYABgAsAAAAAAAAABIAAAAOgA6AEgAAAAWABYAggAAABAAEADIAAAAVYKYYgUCzg4AAAAPMQAwADAAMAAwADEALgB3AGMAcABAAHQAaABvAG0AcwBvAG4AcgBlAHUAdABlAHIAcwAuAGMAbwBtAE4AWQBDAFMATQBTAEcAOQA5ADAAOQBRWAK3h/TIywAAAAAAAAAAAAAAAAAAAAA3tp89kZU1hs1XZp7KTyGm3XsFAT9stEDW9YXDaeYVBmBcBb//2FOu" challengeData, _ := base64.StdEncoding.DecodeString(challengeMessage) - c, _ := messages.ParseChallengeMessage(challengeData) + c, _ := ParseChallengeMessage(challengeData) authenticateData, _ := base64.StdEncoding.DecodeString(authenticateMessage) - msg, err := messages.ParseAuthenticateMessage(authenticateData, 1) + msg, err := ParseAuthenticateMessage(authenticateData, 1) if err != nil { t.Errorf("Could not process authenticate message: %s", err) } @@ -69,17 +68,17 @@ func TestNtlmV1ExtendedSessionSecurity(t *testing.T) { func TestNtlmV1(t *testing.T) { flags := uint32(0) - flags = messages.NTLMSSP_NEGOTIATE_KEY_EXCH.Set(flags) - flags = messages.NTLMSSP_NEGOTIATE_56.Set(flags) - flags = messages.NTLMSSP_NEGOTIATE_128.Set(flags) - flags = messages.NTLMSSP_NEGOTIATE_VERSION.Set(flags) - flags = messages.NTLMSSP_TARGET_TYPE_SERVER.Set(flags) - flags = messages.NTLMSSP_NEGOTIATE_ALWAYS_SIGN.Set(flags) - flags = messages.NTLMSSP_NEGOTIATE_NTLM.Set(flags) - flags = messages.NTLMSSP_NEGOTIATE_SEAL.Set(flags) - flags = messages.NTLMSSP_NEGOTIATE_SIGN.Set(flags) - flags = messages.NTLM_NEGOTIATE_OEM.Set(flags) - flags = messages.NTLMSSP_NEGOTIATE_UNICODE.Set(flags) + flags = NTLMSSP_NEGOTIATE_KEY_EXCH.Set(flags) + flags = NTLMSSP_NEGOTIATE_56.Set(flags) + flags = NTLMSSP_NEGOTIATE_128.Set(flags) + flags = NTLMSSP_NEGOTIATE_VERSION.Set(flags) + flags = NTLMSSP_TARGET_TYPE_SERVER.Set(flags) + flags = NTLMSSP_NEGOTIATE_ALWAYS_SIGN.Set(flags) + flags = NTLMSSP_NEGOTIATE_NTLM.Set(flags) + flags = NTLMSSP_NEGOTIATE_SEAL.Set(flags) + flags = NTLMSSP_NEGOTIATE_SIGN.Set(flags) + flags = NTLM_NEGOTIATE_OEM.Set(flags) + flags = NTLMSSP_NEGOTIATE_UNICODE.Set(flags) n := new(V1ClientSession) n.SetUserInfo("User", "Password", "Domain") @@ -106,10 +105,10 @@ func TestNtlmV1(t *testing.T) { checkV1Value(t, "LMChallengeResponse", n.lmChallengeResponse, "98def7b87f88aa5dafe2df779688a172def11c7d5ccdef13", err) // If the NTLMSSP_NEGOTIATE_LM_KEY flag is set then the KeyExchangeKey is: - n.NegotiateFlags = messages.NTLMSSP_NEGOTIATE_LM_KEY.Set(n.NegotiateFlags) + n.NegotiateFlags = NTLMSSP_NEGOTIATE_LM_KEY.Set(n.NegotiateFlags) err = n.computeKeyExchangeKey() checkV1Value(t, "keyExchangeKey with NTLMSSP_NEGOTIATE_LM_KEY", n.keyExchangeKey, "b09e379f7fbecb1eaf0afdcb0383c8a0", err) - n.NegotiateFlags = messages.NTLMSSP_NEGOTIATE_LM_KEY.Unset(n.NegotiateFlags) + n.NegotiateFlags = NTLMSSP_NEGOTIATE_LM_KEY.Unset(n.NegotiateFlags) // 4.2.2.2.3 Encrypted Session Key //n.randomSessionKey, _ = hex.DecodeString("55555555555555555555555555555555") @@ -121,24 +120,24 @@ func TestNtlmV1(t *testing.T) { //checkV1Value(t, "ExportedSessionKey", n.exportedSessionKey, "55555555555555555555555555555555", err) // NTLMSSP_REQUEST_NON_NT_SESSION_KEY is set: - n.NegotiateFlags = messages.NTLMSSP_REQUEST_NON_NT_SESSION_KEY.Set(n.NegotiateFlags) + n.NegotiateFlags = NTLMSSP_REQUEST_NON_NT_SESSION_KEY.Set(n.NegotiateFlags) err = n.computeKeyExchangeKey() // n.encryptedRandomSessionKey, err = hex.DecodeString("7452ca55c225a1ca04b48fae32cf56fc") // err = n.computeExportedSessionKey() // checkV1Value(t, "ExportedSessionKey - NTLMSSP_REQUEST_NON_NT_SESSION_KEY", n.exportedSessionKey, "55555555555555555555555555555555", err) - n.NegotiateFlags = messages.NTLMSSP_REQUEST_NON_NT_SESSION_KEY.Unset(n.NegotiateFlags) + n.NegotiateFlags = NTLMSSP_REQUEST_NON_NT_SESSION_KEY.Unset(n.NegotiateFlags) // NTLMSSP_NEGOTIATE_LM_KEY is set: - n.NegotiateFlags = messages.NTLMSSP_NEGOTIATE_LM_KEY.Set(n.NegotiateFlags) + n.NegotiateFlags = NTLMSSP_NEGOTIATE_LM_KEY.Set(n.NegotiateFlags) err = n.computeKeyExchangeKey() // n.encryptedRandomSessionKey, err = hex.DecodeString("4cd7bb57d697ef9b549f02b8f9b37864") // err = n.computeExportedSessionKey() // checkV1Value(t, "ExportedSessionKey - NTLMSSP_NEGOTIATE_LM_KEY", n.exportedSessionKey, "55555555555555555555555555555555", err) - n.NegotiateFlags = messages.NTLMSSP_NEGOTIATE_LM_KEY.Unset(n.NegotiateFlags) + n.NegotiateFlags = NTLMSSP_NEGOTIATE_LM_KEY.Unset(n.NegotiateFlags) // 4.2.2.3 Messages challengeMessageBytes, _ := hex.DecodeString("4e544c4d53535000020000000c000c003800000033820a820123456789abcdef00000000000000000000000000000000060070170000000f530065007200760065007200") - challengeMessage, err := messages.ParseChallengeMessage(challengeMessageBytes) + challengeMessage, err := ParseChallengeMessage(challengeMessageBytes) if err == nil { challengeMessage.String() } else { @@ -155,7 +154,7 @@ func TestNtlmV1(t *testing.T) { server := new(V1ServerSession) server.SetUserInfo("User", "Password", "Domain") authenticateMessageBytes, err := hex.DecodeString("4e544c4d5353500003000000180018006c00000018001800840000000c000c00480000000800080054000000100010005c000000100010009c000000358280e20501280a0000000f44006f006d00610069006e00550073006500720043004f004d005000550054004500520098def7b87f88aa5dafe2df779688a172def11c7d5ccdef1367c43011f30298a2ad35ece64f16331c44bdbed927841f94518822b1b3f350c8958682ecbb3e3cb7") - authenticateMessage, err := messages.ParseAuthenticateMessage(authenticateMessageBytes, 1) + authenticateMessage, err := ParseAuthenticateMessage(authenticateMessageBytes, 1) if err == nil { authenticateMessage.String() } else { @@ -174,16 +173,16 @@ func TestNtlmV1(t *testing.T) { func TestNTLMv1WithClientChallenge(t *testing.T) { flags := uint32(0) - flags = messages.NTLMSSP_NEGOTIATE_56.Set(flags) - flags = messages.NTLMSSP_NEGOTIATE_VERSION.Set(flags) - flags = messages.NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY.Set(flags) - flags = messages.NTLMSSP_TARGET_TYPE_SERVER.Set(flags) - flags = messages.NTLMSSP_NEGOTIATE_ALWAYS_SIGN.Set(flags) - flags = messages.NTLMSSP_NEGOTIATE_NTLM.Set(flags) - flags = messages.NTLMSSP_NEGOTIATE_SEAL.Set(flags) - flags = messages.NTLMSSP_NEGOTIATE_SIGN.Set(flags) - flags = messages.NTLM_NEGOTIATE_OEM.Set(flags) - flags = messages.NTLMSSP_NEGOTIATE_UNICODE.Set(flags) + flags = NTLMSSP_NEGOTIATE_56.Set(flags) + flags = NTLMSSP_NEGOTIATE_VERSION.Set(flags) + flags = NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY.Set(flags) + flags = NTLMSSP_TARGET_TYPE_SERVER.Set(flags) + flags = NTLMSSP_NEGOTIATE_ALWAYS_SIGN.Set(flags) + flags = NTLMSSP_NEGOTIATE_NTLM.Set(flags) + flags = NTLMSSP_NEGOTIATE_SEAL.Set(flags) + flags = NTLMSSP_NEGOTIATE_SIGN.Set(flags) + flags = NTLM_NEGOTIATE_OEM.Set(flags) + flags = NTLMSSP_NEGOTIATE_UNICODE.Set(flags) n := new(V1Session) n.NegotiateFlags = flags @@ -203,7 +202,7 @@ func TestNTLMv1WithClientChallenge(t *testing.T) { checkV1Value(t, "keyExchangeKey", n.keyExchangeKey, "eb93429a8bd952f8b89c55b87f475edc", err) challengeMessageBytes, _ := hex.DecodeString("4e544c4d53535000020000000c000c003800000033820a820123456789abcdef00000000000000000000000000000000060070170000000f530065007200760065007200") - challengeMessage, err := messages.ParseChallengeMessage(challengeMessageBytes) + challengeMessage, err := ParseChallengeMessage(challengeMessageBytes) if err == nil { challengeMessage.String() } else { @@ -222,7 +221,7 @@ func TestNTLMv1WithClientChallenge(t *testing.T) { server.serverChallenge = challengeMessage.ServerChallenge authenticateMessageBytes, _ := hex.DecodeString("4e544c4d5353500003000000180018006c00000018001800840000000c000c00480000000800080054000000100010005c000000000000009c000000358208820501280a0000000f44006f006d00610069006e00550073006500720043004f004d0050005500540045005200aaaaaaaaaaaaaaaa000000000000000000000000000000007537f803ae367128ca458204bde7caf81e97ed2683267232") - authenticateMessage, err := messages.ParseAuthenticateMessage(authenticateMessageBytes, 1) + authenticateMessage, err := ParseAuthenticateMessage(authenticateMessageBytes, 1) if err == nil { authenticateMessage.String() } else { diff --git a/ntlm/ntlmv2.go b/ntlm/ntlmv2.go index 3619eb3..ccb61aa 100644 --- a/ntlm/ntlmv2.go +++ b/ntlm/ntlmv2.go @@ -8,7 +8,6 @@ import ( rc4P "crypto/rc4" "encoding/binary" "errors" - "github.com/ThomsonReutersEikon/go-ntlm/ntlm/messages" "strings" "time" ) @@ -73,7 +72,7 @@ func (n *V2Session) calculateKeys(ntlmRevisionCurrent uint8) (err error) { // We must treat the flags as if NTLMSSP_NEGOTIATE_LM_KEY is set. // This information is not contained (at least currently, until they correct it) in the MS-NLMP document if ntlmRevisionCurrent == 15 { - n.NegotiateFlags = messages.NTLMSSP_NEGOTIATE_LM_KEY.Set(n.NegotiateFlags) + n.NegotiateFlags = NTLMSSP_NEGOTIATE_LM_KEY.Set(n.NegotiateFlags) } n.ClientSigningKey = signKey(n.NegotiateFlags, n.exportedSessionKey, "Client") @@ -94,9 +93,9 @@ func (n *V2Session) Sign(message []byte) ([]byte, error) { func NtlmVCommonMac(message []byte, sequenceNumber int, sealingKey, signingKey []byte, NegotiateFlags uint32) []byte { var handle *rc4P.Cipher // TODO: Need to keep track of the sequence number for connection oriented NTLM - if messages.NTLMSSP_NEGOTIATE_DATAGRAM.IsSet(NegotiateFlags) && messages.NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY.IsSet(NegotiateFlags) { + if NTLMSSP_NEGOTIATE_DATAGRAM.IsSet(NegotiateFlags) && NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY.IsSet(NegotiateFlags) { handle, _ = reinitSealingKey(sealingKey, sequenceNumber) - } else if messages.NTLMSSP_NEGOTIATE_DATAGRAM.IsSet(NegotiateFlags) { + } else if NTLMSSP_NEGOTIATE_DATAGRAM.IsSet(NegotiateFlags) { // CONOR: Reinitializing the rc4 cipher on every requst, but not using the // algorithm as described in the MS-NTLM document. Just reinitialize it directly. handle, _ = rc4Init(sealingKey) @@ -107,9 +106,9 @@ func NtlmVCommonMac(message []byte, sequenceNumber int, sealingKey, signingKey [ func NtlmV2Mac(message []byte, sequenceNumber int, handle *rc4P.Cipher, sealingKey, signingKey []byte, NegotiateFlags uint32) []byte { // TODO: Need to keep track of the sequence number for connection oriented NTLM - if messages.NTLMSSP_NEGOTIATE_DATAGRAM.IsSet(NegotiateFlags) && messages.NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY.IsSet(NegotiateFlags) { + if NTLMSSP_NEGOTIATE_DATAGRAM.IsSet(NegotiateFlags) && NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY.IsSet(NegotiateFlags) { handle, _ = reinitSealingKey(sealingKey, sequenceNumber) - } else if messages.NTLMSSP_NEGOTIATE_DATAGRAM.IsSet(NegotiateFlags) { + } else if NTLMSSP_NEGOTIATE_DATAGRAM.IsSet(NegotiateFlags) { // CONOR: Reinitializing the rc4 cipher on every requst, but not using the // algorithm as described in the MS-NTLM document. Just reinitialize it directly. handle, _ = rc4Init(sealingKey) @@ -150,30 +149,30 @@ func (n *V2ServerSession) SetServerChallenge(challenge []byte) { n.serverChallenge = challenge } -func (n *V2ServerSession) ProcessNegotiateMessage(nm *messages.Negotiate) (err error) { +func (n *V2ServerSession) ProcessNegotiateMessage(nm *Negotiate) (err error) { n.negotiateMessage = nm return } -func (n *V2ServerSession) GenerateChallengeMessage() (cm *messages.Challenge, err error) { - cm = new(messages.Challenge) +func (n *V2ServerSession) GenerateChallengeMessage() (cm *Challenge, err error) { + cm = new(Challenge) cm.Signature = []byte("NTLMSSP\x00") cm.MessageType = uint32(2) - cm.TargetName, _ = messages.CreateBytePayload(make([]byte, 0)) + cm.TargetName, _ = CreateBytePayload(make([]byte, 0)) flags := uint32(0) - flags = messages.NTLMSSP_NEGOTIATE_KEY_EXCH.Set(flags) - flags = messages.NTLMSSP_NEGOTIATE_VERSION.Set(flags) - flags = messages.NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY.Set(flags) - flags = messages.NTLMSSP_NEGOTIATE_TARGET_INFO.Set(flags) - flags = messages.NTLMSSP_NEGOTIATE_IDENTIFY.Set(flags) - flags = messages.NTLMSSP_NEGOTIATE_ALWAYS_SIGN.Set(flags) - flags = messages.NTLMSSP_NEGOTIATE_NTLM.Set(flags) - flags = messages.NTLMSSP_NEGOTIATE_DATAGRAM.Set(flags) - flags = messages.NTLMSSP_NEGOTIATE_SIGN.Set(flags) - flags = messages.NTLMSSP_REQUEST_TARGET.Set(flags) - flags = messages.NTLMSSP_NEGOTIATE_UNICODE.Set(flags) - flags = messages.NTLMSSP_NEGOTIATE_128.Set(flags) + flags = NTLMSSP_NEGOTIATE_KEY_EXCH.Set(flags) + flags = NTLMSSP_NEGOTIATE_VERSION.Set(flags) + flags = NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY.Set(flags) + flags = NTLMSSP_NEGOTIATE_TARGET_INFO.Set(flags) + flags = NTLMSSP_NEGOTIATE_IDENTIFY.Set(flags) + flags = NTLMSSP_NEGOTIATE_ALWAYS_SIGN.Set(flags) + flags = NTLMSSP_NEGOTIATE_NTLM.Set(flags) + flags = NTLMSSP_NEGOTIATE_DATAGRAM.Set(flags) + flags = NTLMSSP_NEGOTIATE_SIGN.Set(flags) + flags = NTLMSSP_REQUEST_TARGET.Set(flags) + flags = NTLMSSP_NEGOTIATE_UNICODE.Set(flags) + flags = NTLMSSP_NEGOTIATE_128.Set(flags) cm.NegotiateFlags = flags @@ -182,21 +181,21 @@ func (n *V2ServerSession) GenerateChallengeMessage() (cm *messages.Challenge, er cm.Reserved = make([]byte, 8) // Create the AvPairs we need - pairs := new(messages.AvPairs) - pairs.AddAvPair(messages.MsvAvNbDomainName, messages.StringToUtf16("REUTERS")) - pairs.AddAvPair(messages.MsvAvNbComputerName, messages.StringToUtf16("UKBP-CBTRMFE06")) - pairs.AddAvPair(messages.MsvAvDnsDomainName, messages.StringToUtf16("Reuters.net")) - pairs.AddAvPair(messages.MsvAvDnsComputerName, messages.StringToUtf16("ukbp-cbtrmfe06.Reuters.net")) - pairs.AddAvPair(messages.MsvAvDnsTreeName, messages.StringToUtf16("Reuters.net")) - pairs.AddAvPair(messages.MsvAvEOL, make([]byte, 0)) + pairs := new(AvPairs) + pairs.AddAvPair(MsvAvNbDomainName, utf16FromString("REUTERS")) + pairs.AddAvPair(MsvAvNbComputerName, utf16FromString("UKBP-CBTRMFE06")) + pairs.AddAvPair(MsvAvDnsDomainName, utf16FromString("Reuters.net")) + pairs.AddAvPair(MsvAvDnsComputerName, utf16FromString("ukbp-cbtrmfe06.Reuters.net")) + pairs.AddAvPair(MsvAvDnsTreeName, utf16FromString("Reuters.net")) + pairs.AddAvPair(MsvAvEOL, make([]byte, 0)) cm.TargetInfo = pairs - cm.TargetInfoPayloadStruct, _ = messages.CreateBytePayload(pairs.Bytes()) + cm.TargetInfoPayloadStruct, _ = CreateBytePayload(pairs.Bytes()) - cm.Version = &messages.VersionStruct{ProductMajorVersion: uint8(5), ProductMinorVersion: uint8(1), ProductBuild: uint16(2600), NTLMRevisionCurrent: uint8(15)} + cm.Version = &VersionStruct{ProductMajorVersion: uint8(5), ProductMinorVersion: uint8(1), ProductBuild: uint16(2600), NTLMRevisionCurrent: uint8(15)} return cm, nil } -func (n *V2ServerSession) ProcessAuthenticateMessage(am *messages.Authenticate) (err error) { +func (n *V2ServerSession) ProcessAuthenticateMessage(am *Authenticate) (err error) { n.authenticateMessage = am n.NegotiateFlags = am.NegotiateFlags n.clientChallenge = am.ClientChallenge() @@ -257,7 +256,7 @@ func (n *V2ServerSession) ProcessAuthenticateMessage(am *messages.Authenticate) } func (n *V2ServerSession) computeExportedSessionKey() (err error) { - if messages.NTLMSSP_NEGOTIATE_KEY_EXCH.IsSet(n.NegotiateFlags) { + if NTLMSSP_NEGOTIATE_KEY_EXCH.IsSet(n.NegotiateFlags) { n.exportedSessionKey, err = rc4K(n.keyExchangeKey, n.encryptedRandomSessionKey) if err != nil { return err @@ -280,11 +279,11 @@ type V2ClientSession struct { V2Session } -func (n *V2ClientSession) GenerateNegotiateMessage() (nm *messages.Negotiate, err error) { +func (n *V2ClientSession) GenerateNegotiateMessage() (nm *Negotiate, err error) { return nil, nil } -func (n *V2ClientSession) ProcessChallengeMessage(cm *messages.Challenge) (err error) { +func (n *V2ClientSession) ProcessChallengeMessage(cm *Challenge) (err error) { n.challengeMessage = cm n.serverChallenge = cm.ServerChallenge n.clientChallenge = randomBytes(8) @@ -292,18 +291,18 @@ func (n *V2ClientSession) ProcessChallengeMessage(cm *messages.Challenge) (err e // Set up the default flags for processing the response. These are the flags that we will return // in the authenticate message flags := uint32(0) - flags = messages.NTLMSSP_NEGOTIATE_KEY_EXCH.Set(flags) - flags = messages.NTLMSSP_NEGOTIATE_VERSION.Set(flags) - flags = messages.NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY.Set(flags) - flags = messages.NTLMSSP_NEGOTIATE_TARGET_INFO.Set(flags) - flags = messages.NTLMSSP_NEGOTIATE_IDENTIFY.Set(flags) - flags = messages.NTLMSSP_NEGOTIATE_ALWAYS_SIGN.Set(flags) - flags = messages.NTLMSSP_NEGOTIATE_NTLM.Set(flags) - flags = messages.NTLMSSP_NEGOTIATE_DATAGRAM.Set(flags) - flags = messages.NTLMSSP_NEGOTIATE_SIGN.Set(flags) - flags = messages.NTLMSSP_REQUEST_TARGET.Set(flags) - flags = messages.NTLMSSP_NEGOTIATE_UNICODE.Set(flags) - flags = messages.NTLMSSP_NEGOTIATE_128.Set(flags) + flags = NTLMSSP_NEGOTIATE_KEY_EXCH.Set(flags) + flags = NTLMSSP_NEGOTIATE_VERSION.Set(flags) + flags = NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY.Set(flags) + flags = NTLMSSP_NEGOTIATE_TARGET_INFO.Set(flags) + flags = NTLMSSP_NEGOTIATE_IDENTIFY.Set(flags) + flags = NTLMSSP_NEGOTIATE_ALWAYS_SIGN.Set(flags) + flags = NTLMSSP_NEGOTIATE_NTLM.Set(flags) + flags = NTLMSSP_NEGOTIATE_DATAGRAM.Set(flags) + flags = NTLMSSP_NEGOTIATE_SIGN.Set(flags) + flags = NTLMSSP_REQUEST_TARGET.Set(flags) + flags = NTLMSSP_NEGOTIATE_UNICODE.Set(flags) + flags = NTLMSSP_NEGOTIATE_128.Set(flags) n.NegotiateFlags = flags @@ -344,24 +343,24 @@ func (n *V2ClientSession) ProcessChallengeMessage(cm *messages.Challenge) (err e return nil } -func (n *V2ClientSession) GenerateAuthenticateMessage() (am *messages.Authenticate, err error) { - am = new(messages.Authenticate) +func (n *V2ClientSession) GenerateAuthenticateMessage() (am *Authenticate, err error) { + am = new(Authenticate) am.Signature = []byte("NTLMSSP\x00") am.MessageType = uint32(3) - am.LmChallengeResponse, _ = messages.CreateBytePayload(n.lmChallengeResponse) - am.NtChallengeResponseFields, _ = messages.CreateBytePayload(n.ntChallengeResponse) - am.DomainName, _ = messages.CreateStringPayload(n.userDomain) - am.UserName, _ = messages.CreateStringPayload(n.user) - am.Workstation, _ = messages.CreateStringPayload("SQUAREMILL") - am.EncryptedRandomSessionKey, _ = messages.CreateBytePayload(n.encryptedRandomSessionKey) + am.LmChallengeResponse, _ = CreateBytePayload(n.lmChallengeResponse) + am.NtChallengeResponseFields, _ = CreateBytePayload(n.ntChallengeResponse) + am.DomainName, _ = CreateStringPayload(n.userDomain) + am.UserName, _ = CreateStringPayload(n.user) + am.Workstation, _ = CreateStringPayload("SQUAREMILL") + am.EncryptedRandomSessionKey, _ = CreateBytePayload(n.encryptedRandomSessionKey) am.NegotiateFlags = n.NegotiateFlags am.Mic = make([]byte, 16) - am.Version = &messages.VersionStruct{ProductMajorVersion: uint8(5), ProductMinorVersion: uint8(1), ProductBuild: uint16(2600), NTLMRevisionCurrent: 0x0F} + am.Version = &VersionStruct{ProductMajorVersion: uint8(5), ProductMinorVersion: uint8(1), ProductBuild: uint16(2600), NTLMRevisionCurrent: 0x0F} return am, nil } func (n *V2ClientSession) computeEncryptedSessionKey() (err error) { - if messages.NTLMSSP_NEGOTIATE_KEY_EXCH.IsSet(n.NegotiateFlags) { + if NTLMSSP_NEGOTIATE_KEY_EXCH.IsSet(n.NegotiateFlags) { n.exportedSessionKey = randomBytes(16) n.encryptedRandomSessionKey, err = rc4K(n.keyExchangeKey, n.exportedSessionKey) if err != nil { diff --git a/ntlm/ntlmv2_test.go b/ntlm/ntlmv2_test.go index f16b4bb..b826159 100644 --- a/ntlm/ntlmv2_test.go +++ b/ntlm/ntlmv2_test.go @@ -6,7 +6,6 @@ import ( "bytes" "encoding/base64" "encoding/hex" - "github.com/ThomsonReutersEikon/go-ntlm/ntlm/messages" "strings" "testing" "time" @@ -34,19 +33,19 @@ func TestNTOWFv2(t *testing.T) { func TestNTLMv2(t *testing.T) { flags := uint32(0) - flags = messages.NTLMSSP_NEGOTIATE_KEY_EXCH.Set(flags) - flags = messages.NTLMSSP_NEGOTIATE_56.Set(flags) - flags = messages.NTLMSSP_NEGOTIATE_128.Set(flags) - flags = messages.NTLMSSP_NEGOTIATE_VERSION.Set(flags) - flags = messages.NTLMSSP_NEGOTIATE_TARGET_INFO.Set(flags) - flags = messages.NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY.Set(flags) - flags = messages.NTLMSSP_TARGET_TYPE_SERVER.Set(flags) - flags = messages.NTLMSSP_NEGOTIATE_ALWAYS_SIGN.Set(flags) - flags = messages.NTLMSSP_NEGOTIATE_NTLM.Set(flags) - flags = messages.NTLMSSP_NEGOTIATE_SEAL.Set(flags) - flags = messages.NTLMSSP_NEGOTIATE_SIGN.Set(flags) - flags = messages.NTLM_NEGOTIATE_OEM.Set(flags) - flags = messages.NTLMSSP_NEGOTIATE_UNICODE.Set(flags) + flags = NTLMSSP_NEGOTIATE_KEY_EXCH.Set(flags) + flags = NTLMSSP_NEGOTIATE_56.Set(flags) + flags = NTLMSSP_NEGOTIATE_128.Set(flags) + flags = NTLMSSP_NEGOTIATE_VERSION.Set(flags) + flags = NTLMSSP_NEGOTIATE_TARGET_INFO.Set(flags) + flags = NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY.Set(flags) + flags = NTLMSSP_TARGET_TYPE_SERVER.Set(flags) + flags = NTLMSSP_NEGOTIATE_ALWAYS_SIGN.Set(flags) + flags = NTLMSSP_NEGOTIATE_NTLM.Set(flags) + flags = NTLMSSP_NEGOTIATE_SEAL.Set(flags) + flags = NTLMSSP_NEGOTIATE_SIGN.Set(flags) + flags = NTLM_NEGOTIATE_OEM.Set(flags) + flags = NTLMSSP_NEGOTIATE_UNICODE.Set(flags) // n := new(V2Session) // n.SetUserInfo("User","Password","Domain") @@ -64,7 +63,7 @@ func TestNTLMv2(t *testing.T) { client.SetUserInfo("User", "Password", "Domain") challengeMessageBytes, _ := hex.DecodeString("4e544c4d53535000020000000c000c003800000033828ae20123456789abcdef00000000000000002400240044000000060070170000000f53006500720076006500720002000c0044006f006d00610069006e0001000c0053006500720076006500720000000000") - challengeMessage, err := messages.ParseChallengeMessage(challengeMessageBytes) + challengeMessage, err := ParseChallengeMessage(challengeMessageBytes) if err == nil { challengeMessage.String() } else { @@ -99,7 +98,7 @@ func TestNTLMv2(t *testing.T) { 0000000000000000c5dad2544fc97990 94ce1ce90bc9d03e`)) - authenticateMessage, err := messages.ParseAuthenticateMessage(authenticateMessageBytes, 2) + authenticateMessage, err := ParseAuthenticateMessage(authenticateMessageBytes, 2) if err == nil { authenticateMessage.String() } else { @@ -166,7 +165,7 @@ func TestNTLMv2WithDomain(t *testing.T) { server.SetUserInfo("blahblah", "Welcome1", "blahblah") authenticateData, _ := base64.StdEncoding.DecodeString(authenticateMessage) - a, _ := messages.ParseAuthenticateMessage(authenticateData, 2) + a, _ := ParseAuthenticateMessage(authenticateData, 2) serverChallenge, _ := hex.DecodeString("3d74b2d04ebe1eb3") server.SetServerChallenge(serverChallenge) diff --git a/ntlm/messages/payload.go b/ntlm/payload.go similarity index 96% rename from ntlm/messages/payload.go rename to ntlm/payload.go index d6c9c72..31d68d1 100644 --- a/ntlm/messages/payload.go +++ b/ntlm/payload.go @@ -1,6 +1,6 @@ //Copyright 2013 Thomson Reuters Global Resources. All Rights Reserved. Proprietary and confidential information of TRGR. Disclosure, use, or reproduction without written authorization of TRGR is prohibited. -package messages +package ntlm import ( "bytes" @@ -38,7 +38,7 @@ func (p *PayloadStruct) String() string { switch p.Type { case UnicodeStringPayload: - returnString = Utf16ToString(p.Payload) + returnString = utf16ToString(p.Payload) case OemStringPayload: returnString = string(p.Payload) case BytesPayload: @@ -60,7 +60,7 @@ func CreateBytePayload(bytes []byte) (*PayloadStruct, error) { func CreateStringPayload(value string) (*PayloadStruct, error) { // Create UTF16 unicode bytes from string - bytes := StringToUtf16(value) + bytes := utf16FromString(value) p := new(PayloadStruct) p.Type = UnicodeStringPayload p.Len = uint16(len(bytes)) diff --git a/ntlm/signature.go b/ntlm/signature.go index 8596939..2bc8f29 100644 --- a/ntlm/signature.go +++ b/ntlm/signature.go @@ -7,7 +7,6 @@ import ( "encoding/binary" "encoding/hex" "fmt" - "github.com/ThomsonReutersEikon/go-ntlm/ntlm/messages" ) type NtlmsspMessageSignature struct { @@ -48,7 +47,7 @@ func sign(negFlags uint32, handle *rc4P.Cipher, signingKey []byte, seqNum uint32 } func mac(negFlags uint32, handle *rc4P.Cipher, signingKey []byte, seqNum uint32, message []byte) (result *NtlmsspMessageSignature) { - if messages.NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY.IsSet(negFlags) { + if NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY.IsSet(negFlags) { result = macWithExtendedSessionSecurity(negFlags, handle, signingKey, seqNum, message) } else { result = macWithoutExtendedSessionSecurity(handle, seqNum, message) @@ -105,7 +104,7 @@ func macWithExtendedSessionSecurity(negFlags uint32, handle *rc4P.Cipher, signin seqNumBytes := make([]byte, 4) binary.LittleEndian.PutUint32(seqNumBytes, seqNum) sig.CheckSum = hmacMd5(signingKey, concat(seqNumBytes, message))[0:8] - if messages.NTLMSSP_NEGOTIATE_KEY_EXCH.IsSet(negFlags) { + if NTLMSSP_NEGOTIATE_KEY_EXCH.IsSet(negFlags) { sig.CheckSum = rc4(handle, sig.CheckSum) } sig.SeqNum = seqNumBytes diff --git a/ntlm/signature_test.go b/ntlm/signature_test.go index 553289f..07fcee5 100644 --- a/ntlm/signature_test.go +++ b/ntlm/signature_test.go @@ -5,7 +5,6 @@ package ntlm import ( "bytes" "encoding/hex" - "github.com/ThomsonReutersEikon/go-ntlm/ntlm/messages" "testing" ) @@ -42,7 +41,7 @@ func TestSealSignWithExtendedSessionSecurity(t *testing.T) { plaintext, _ := hex.DecodeString("50006c00610069006e007400650078007400") seqNum := uint32(0) flags := uint32(0) - flags = messages.NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY.Set(flags) + flags = NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY.Set(flags) sealed, sig := seal(flags, handle, signKey, seqNum, plaintext) checkSigValue(t, "Sealed Data", sealed, "a02372f6530273f3aa1eb90190ce5200c99d", nil) @@ -57,8 +56,8 @@ func TestSealSignWithExtendedSessionSecurityKeyEx(t *testing.T) { plaintext, _ := hex.DecodeString("50006c00610069006e007400650078007400") seqNum := uint32(0) flags := uint32(0) - flags = messages.NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY.Set(flags) - flags = messages.NTLMSSP_NEGOTIATE_KEY_EXCH.Set(flags) + flags = NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY.Set(flags) + flags = NTLMSSP_NEGOTIATE_KEY_EXCH.Set(flags) sealed, sig := seal(flags, handle, signKey, seqNum, plaintext) checkSigValue(t, "Sealed Data", sealed, "54e50165bf1936dc996020c1811b0f06fb5f", nil) diff --git a/ntlm/messages/version.go b/ntlm/version.go similarity index 98% rename from ntlm/messages/version.go rename to ntlm/version.go index 54d796c..2c1ce64 100644 --- a/ntlm/messages/version.go +++ b/ntlm/version.go @@ -1,6 +1,6 @@ //Copyright 2013 Thomson Reuters Global Resources. All Rights Reserved. Proprietary and confidential information of TRGR. Disclosure, use, or reproduction without written authorization of TRGR is prohibited. -package messages +package ntlm import ( "bytes" diff --git a/utils/decode_auth.go b/utils/decode_auth.go index b897c1f..d2d1d1f 100644 --- a/utils/decode_auth.go +++ b/utils/decode_auth.go @@ -4,7 +4,6 @@ import ( "encoding/base64" "flag" "fmt" - "github.com/ThomsonReutersEikon/go-ntlm/ntlm/messages" ) func main() { @@ -14,6 +13,6 @@ func main() { fmt.Println("Paste the base64 encoded Authenticate message (with no line breaks):") fmt.Scanf("%s", &data) authenticateData, _ := base64.StdEncoding.DecodeString(data) - a, _ := messages.ParseAuthenticateMessage(authenticateData, *ntlmVersion) + a, _ := ntlm.ParseAuthenticateMessage(authenticateData, *ntlmVersion) fmt.Printf(a.String()) } diff --git a/utils/test_auth.go b/utils/test_auth.go index 7383b80..2338ba1 100644 --- a/utils/test_auth.go +++ b/utils/test_auth.go @@ -4,7 +4,6 @@ import ( "encoding/base64" "fmt" "github.com/ThomsonReutersEikon/go-ntlm/ntlm" - "github.com/ThomsonReutersEikon/go-ntlm/ntlm/messages" ) func main() { @@ -28,7 +27,7 @@ func main() { server.SetUserInfo("050045.rmwatest@reuters.com", "Welcome1", "") challengeData, _ := base64.StdEncoding.DecodeString(challengeMessage) - c, _ := messages.ParseChallengeMessage(challengeData) + c, _ := ntlm.ParseChallengeMessage(challengeData) fmt.Println("----- Challenge Message ----- ") fmt.Println(c.String()) @@ -37,9 +36,9 @@ func main() { authenticateData, _ := base64.StdEncoding.DecodeString(authenticateMessage) var context ntlm.ServerSession - msg, err := messages.ParseAuthenticateMessage(authenticateData, 2) + msg, err := ntlm.ParseAuthenticateMessage(authenticateData, 2) if err != nil { - msg2, newErr := messages.ParseAuthenticateMessage(authenticateData, 1) + msg2, newErr := ntlm.ParseAuthenticateMessage(authenticateData, 1) if newErr != nil { fmt.Printf("Error ParseAuthenticateMessage , %s", err) return From 6783d408baf0857175349aea256070ecea22ceea Mon Sep 17 00:00:00 2001 From: Conor Hunt Date: Tue, 23 Jul 2013 15:35:16 -0500 Subject: [PATCH 2/2] rename Authenticate/Challenge/Negotiate to *Message --- ntlm/message_authenticate.go | 14 +++++++------- ntlm/message_challenge.go | 12 ++++++------ ntlm/message_negotiate.go | 2 +- ntlm/ntlm.go | 18 +++++++++--------- ntlm/ntlmv1.go | 14 +++++++------- ntlm/ntlmv2.go | 16 ++++++++-------- 6 files changed, 38 insertions(+), 38 deletions(-) diff --git a/ntlm/message_authenticate.go b/ntlm/message_authenticate.go index b882774..cb2d2e1 100644 --- a/ntlm/message_authenticate.go +++ b/ntlm/message_authenticate.go @@ -10,7 +10,7 @@ import ( "fmt" ) -type Authenticate struct { +type AuthenticateMessage struct { // sig - 8 bytes Signature []byte // message type - 4 bytes @@ -53,8 +53,8 @@ type Authenticate struct { Payload []byte } -func ParseAuthenticateMessage(body []byte, ntlmVersion int) (*Authenticate, error) { - am := new(Authenticate) +func ParseAuthenticateMessage(body []byte, ntlmVersion int) (*AuthenticateMessage, error) { + am := new(AuthenticateMessage) am.Signature = body[0:8] if !bytes.Equal(am.Signature, []byte("NTLMSSP\x00")) { @@ -155,7 +155,7 @@ func ParseAuthenticateMessage(body []byte, ntlmVersion int) (*Authenticate, erro return am, nil } -func (a *Authenticate) ClientChallenge() (response []byte) { +func (a *AuthenticateMessage) ClientChallenge() (response []byte) { if a.NtlmV2Response != nil { response = a.NtlmV2Response.NtlmV2ClientChallenge.ChallengeFromClient } else if a.NtlmV1Response != nil && NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY.IsSet(a.NegotiateFlags) { @@ -165,7 +165,7 @@ func (a *Authenticate) ClientChallenge() (response []byte) { return response } -func (a *Authenticate) getLowestPayloadOffset() int { +func (a *AuthenticateMessage) getLowestPayloadOffset() int { payloadStructs := [...]*PayloadStruct{a.LmChallengeResponse, a.NtChallengeResponseFields, a.DomainName, a.UserName, a.Workstation, a.EncryptedRandomSessionKey} // Find the lowest offset value @@ -180,7 +180,7 @@ func (a *Authenticate) getLowestPayloadOffset() int { return lowest } -func (a *Authenticate) Bytes() []byte { +func (a *AuthenticateMessage) Bytes() []byte { payloadLen := int(a.LmChallengeResponse.Len + a.NtChallengeResponseFields.Len + a.DomainName.Len + a.UserName.Len + a.Workstation.Len + a.EncryptedRandomSessionKey.Len) messageLen := 8 + 4 + 6*8 + 4 + 8 + 16 payloadOffset := uint32(messageLen) @@ -241,7 +241,7 @@ func (a *Authenticate) Bytes() []byte { return buffer.Bytes() } -func (a *Authenticate) String() string { +func (a *AuthenticateMessage) String() string { var buffer bytes.Buffer buffer.WriteString("Authenticate NTLM Message\n") diff --git a/ntlm/message_challenge.go b/ntlm/message_challenge.go index 608062d..a57b09b 100644 --- a/ntlm/message_challenge.go +++ b/ntlm/message_challenge.go @@ -10,7 +10,7 @@ import ( "fmt" ) -type Challenge struct { +type ChallengeMessage struct { // sig - 8 bytes Signature []byte // message type - 4 bytes @@ -53,8 +53,8 @@ type Challenge struct { Payload []byte } -func ParseChallengeMessage(body []byte) (*Challenge, error) { - challenge := new(Challenge) +func ParseChallengeMessage(body []byte) (*ChallengeMessage, error) { + challenge := new(ChallengeMessage) challenge.Signature = body[0:8] if !bytes.Equal(challenge.Signature, []byte("NTLMSSP\x00")) { @@ -101,7 +101,7 @@ func ParseChallengeMessage(body []byte) (*Challenge, error) { return challenge, nil } -func (c *Challenge) Bytes() []byte { +func (c *ChallengeMessage) Bytes() []byte { payloadLen := int(c.TargetName.Len + c.TargetInfoPayloadStruct.Len) messageLen := 8 + 4 + 8 + 4 + 8 + 8 + 8 + 8 payloadOffset := uint32(messageLen) @@ -137,7 +137,7 @@ func (c *Challenge) Bytes() []byte { return buffer.Bytes() } -func (c *Challenge) getLowestPayloadOffset() int { +func (c *ChallengeMessage) getLowestPayloadOffset() int { payloadStructs := [...]*PayloadStruct{c.TargetName, c.TargetInfoPayloadStruct} // Find the lowest offset value @@ -152,7 +152,7 @@ func (c *Challenge) getLowestPayloadOffset() int { return lowest } -func (c *Challenge) String() string { +func (c *ChallengeMessage) String() string { var buffer bytes.Buffer buffer.WriteString("Challenge NTLM Message") diff --git a/ntlm/message_negotiate.go b/ntlm/message_negotiate.go index 27bb612..53c0b05 100644 --- a/ntlm/message_negotiate.go +++ b/ntlm/message_negotiate.go @@ -2,7 +2,7 @@ package ntlm -type Negotiate struct { +type NegotiateMessage struct { // All bytes of the message Bytes []byte diff --git a/ntlm/ntlm.go b/ntlm/ntlm.go index de9d56d..a009fc5 100644 --- a/ntlm/ntlm.go +++ b/ntlm/ntlm.go @@ -43,9 +43,9 @@ type ClientSession interface { SetUserInfo(username string, password string, domain string) SetMode(mode Mode) - GenerateNegotiateMessage() (*Negotiate, error) - ProcessChallengeMessage(*Challenge) error - GenerateAuthenticateMessage() (*Authenticate, error) + GenerateNegotiateMessage() (*NegotiateMessage, error) + ProcessChallengeMessage(*ChallengeMessage) error + GenerateAuthenticateMessage() (*AuthenticateMessage, error) Seal(message []byte) ([]byte, error) Sign(message []byte) ([]byte, error) @@ -77,9 +77,9 @@ type ServerSession interface { SetMode(mode Mode) SetServerChallenge(challege []byte) - ProcessNegotiateMessage(*Negotiate) error - GenerateChallengeMessage() (*Challenge, error) - ProcessAuthenticateMessage(*Authenticate) error + ProcessNegotiateMessage(*NegotiateMessage) error + GenerateChallengeMessage() (*ChallengeMessage, error) + ProcessAuthenticateMessage(*AuthenticateMessage) error GetSessionData() *SessionData @@ -100,9 +100,9 @@ type SessionData struct { NegotiateFlags uint32 - negotiateMessage *Negotiate - challengeMessage *Challenge - authenticateMessage *Authenticate + negotiateMessage *NegotiateMessage + challengeMessage *ChallengeMessage + authenticateMessage *AuthenticateMessage serverChallenge []byte clientChallenge []byte diff --git a/ntlm/ntlmv1.go b/ntlm/ntlmv1.go index d7b63a7..b115280 100644 --- a/ntlm/ntlmv1.go +++ b/ntlm/ntlmv1.go @@ -154,12 +154,12 @@ type V1ServerSession struct { V1Session } -func (n *V1ServerSession) ProcessNegotiateMessage(nm *Negotiate) (err error) { +func (n *V1ServerSession) ProcessNegotiateMessage(nm *NegotiateMessage) (err error) { n.negotiateMessage = nm return } -func (n *V1ServerSession) GenerateChallengeMessage() (cm *Challenge, err error) { +func (n *V1ServerSession) GenerateChallengeMessage() (cm *ChallengeMessage, err error) { // TODO: Generate this challenge message return } @@ -172,7 +172,7 @@ func (n *V1ServerSession) GetSessionData() *SessionData { return &n.SessionData } -func (n *V1ServerSession) ProcessAuthenticateMessage(am *Authenticate) (err error) { +func (n *V1ServerSession) ProcessAuthenticateMessage(am *AuthenticateMessage) (err error) { n.authenticateMessage = am n.NegotiateFlags = am.NegotiateFlags n.clientChallenge = am.ClientChallenge() @@ -262,11 +262,11 @@ type V1ClientSession struct { V1Session } -func (n *V1ClientSession) GenerateNegotiateMessage() (nm *Negotiate, err error) { +func (n *V1ClientSession) GenerateNegotiateMessage() (nm *NegotiateMessage, err error) { return nil, nil } -func (n *V1ClientSession) ProcessChallengeMessage(cm *Challenge) (err error) { +func (n *V1ClientSession) ProcessChallengeMessage(cm *ChallengeMessage) (err error) { n.challengeMessage = cm n.serverChallenge = cm.ServerChallenge n.clientChallenge = randomBytes(8) @@ -331,8 +331,8 @@ func (n *V1ClientSession) ProcessChallengeMessage(cm *Challenge) (err error) { return nil } -func (n *V1ClientSession) GenerateAuthenticateMessage() (am *Authenticate, err error) { - am = new(Authenticate) +func (n *V1ClientSession) GenerateAuthenticateMessage() (am *AuthenticateMessage, err error) { + am = new(AuthenticateMessage) am.Signature = []byte("NTLMSSP\x00") am.MessageType = uint32(3) am.LmChallengeResponse, _ = CreateBytePayload(n.lmChallengeResponse) diff --git a/ntlm/ntlmv2.go b/ntlm/ntlmv2.go index ccb61aa..60b5744 100644 --- a/ntlm/ntlmv2.go +++ b/ntlm/ntlmv2.go @@ -149,13 +149,13 @@ func (n *V2ServerSession) SetServerChallenge(challenge []byte) { n.serverChallenge = challenge } -func (n *V2ServerSession) ProcessNegotiateMessage(nm *Negotiate) (err error) { +func (n *V2ServerSession) ProcessNegotiateMessage(nm *NegotiateMessage) (err error) { n.negotiateMessage = nm return } -func (n *V2ServerSession) GenerateChallengeMessage() (cm *Challenge, err error) { - cm = new(Challenge) +func (n *V2ServerSession) GenerateChallengeMessage() (cm *ChallengeMessage, err error) { + cm = new(ChallengeMessage) cm.Signature = []byte("NTLMSSP\x00") cm.MessageType = uint32(2) cm.TargetName, _ = CreateBytePayload(make([]byte, 0)) @@ -195,7 +195,7 @@ func (n *V2ServerSession) GenerateChallengeMessage() (cm *Challenge, err error) return cm, nil } -func (n *V2ServerSession) ProcessAuthenticateMessage(am *Authenticate) (err error) { +func (n *V2ServerSession) ProcessAuthenticateMessage(am *AuthenticateMessage) (err error) { n.authenticateMessage = am n.NegotiateFlags = am.NegotiateFlags n.clientChallenge = am.ClientChallenge() @@ -279,11 +279,11 @@ type V2ClientSession struct { V2Session } -func (n *V2ClientSession) GenerateNegotiateMessage() (nm *Negotiate, err error) { +func (n *V2ClientSession) GenerateNegotiateMessage() (nm *NegotiateMessage, err error) { return nil, nil } -func (n *V2ClientSession) ProcessChallengeMessage(cm *Challenge) (err error) { +func (n *V2ClientSession) ProcessChallengeMessage(cm *ChallengeMessage) (err error) { n.challengeMessage = cm n.serverChallenge = cm.ServerChallenge n.clientChallenge = randomBytes(8) @@ -343,8 +343,8 @@ func (n *V2ClientSession) ProcessChallengeMessage(cm *Challenge) (err error) { return nil } -func (n *V2ClientSession) GenerateAuthenticateMessage() (am *Authenticate, err error) { - am = new(Authenticate) +func (n *V2ClientSession) GenerateAuthenticateMessage() (am *AuthenticateMessage, err error) { + am = new(AuthenticateMessage) am.Signature = []byte("NTLMSSP\x00") am.MessageType = uint32(3) am.LmChallengeResponse, _ = CreateBytePayload(n.lmChallengeResponse)