lgcosta/go-ntlm
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge pull request #4 from ThomsonReutersEikon/refactor_messages

Browse Source 
Refactor messages
This commit is contained in:
Matthew Kanwisher 2013-07-23 18:01:07 -07:00
commit aeba978d32
24 changed files with 221 additions and 250 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
README.md
View File

@ -14,7 +14,6 @@ the client and the server, for our use we hardcoded a supported set of negotiati
```go ```go
import "github.com/ThomsonReutersEikon/go-ntlm/ntlm" import "github.com/ThomsonReutersEikon/go-ntlm/ntlm"
import "github.com/ThomsonReutersEikon/go-ntlm/ntlm/messages"
session, err = ntlm.CreateClientSession(ntlm.Version2, ntlm.ConnectionlessMode) session, err = ntlm.CreateClientSession(ntlm.Version2, ntlm.ConnectionlessMode)
session.SetUserInfo("someuser","somepassword","somedomain") session.SetUserInfo("someuser","somepassword","somedomain")
@ -23,7 +22,7 @@ negotiate := session.GenerateNegotiateMessage()
<send negotiate to server> <send negotiate to server>
challenge, err := messages.ParseChallengeMessage(challengeBytes) challenge, err := ntlm.ParseChallengeMessage(challengeBytes)
session.ProcessChallengeMessage(challenge) session.ProcessChallengeMessage(challenge)
authenticate := session.GenerateAuthenticateMessage() authenticate := session.GenerateAuthenticateMessage()
@ -43,7 +42,7 @@ challenge := session.GenerateChallengeMessage()
<receive authentication bytes> <receive authentication bytes>
auth, err := messages.ParseAuthentiateMessage(authenticateBytes) auth, err := ntlm.ParseAuthentiateMessage(authenticateBytes)
session.ProcessAuthenticateMessage(auth) session.ProcessAuthenticateMessage(auth)
``` ```

4
ntlm/messages/av_pairs.go → ntlm/av_pairs.go
View File

@ -1,6 +1,6 @@
//Copyright 2013 Thomson Reuters Global Resources. All Rights Reserved. Proprietary and confidential information of TRGR. Disclosure, use, or reproduction without written authorization of TRGR is prohibited. //Copyright 2013 Thomson Reuters Global Resources. All Rights Reserved. Proprietary and confidential information of TRGR. Disclosure, use, or reproduction without written authorization of TRGR is prohibited.
package messages package ntlm
import ( import (
"bytes" "bytes"
@ -140,7 +140,7 @@ func ReadAvPair(data []byte, offset int) *AvPair {
} }
func (a *AvPair) UnicodeStringValue() string { func (a *AvPair) UnicodeStringValue() string {
return Utf16ToString(a.Value) return utf16ToString(a.Value)
} }
func (a *AvPair) Bytes() (result []byte) { func (a *AvPair) Bytes() (result []byte) {

2
ntlm/messages/challenge_responses.go → ntlm/challenge_responses.go
View File

@ -1,6 +1,6 @@
//Copyright 2013 Thomson Reuters Global Resources. All Rights Reserved. Proprietary and confidential information of TRGR. Disclosure, use, or reproduction without written authorization of TRGR is prohibited. //Copyright 2013 Thomson Reuters Global Resources. All Rights Reserved. Proprietary and confidential information of TRGR. Disclosure, use, or reproduction without written authorization of TRGR is prohibited.
package messages package ntlm
import ( import (
"bytes" "bytes"

24
ntlm/helpers.go
View File

@ -6,6 +6,7 @@ import (
"bytes" "bytes"
"crypto/rand" "crypto/rand"
"unicode/utf16" "unicode/utf16"
"encoding/binary"
) )
// Concatenate two byte slices into a new slice // Concatenate two byte slices into a new slice
@ -63,3 +64,26 @@ func utf16FromString(s string) []byte {
} }
return result return result
} }
// Convert a UTF16 string to UTF8 string for Go usage
func utf16ToString(bytes []byte) string {
var data []uint16
// NOTE: This is definitely not the best way to do this, but when I tried using a buffer.Read I could not get it to work
for offset := 0; offset < len(bytes); offset = offset + 2 {
i := binary.LittleEndian.Uint16(bytes[offset : offset+2])
data = append(data, i)
}
return string(utf16.Decode(data))
}
func uint32ToBytes(v uint32) []byte {
bytes := make([]byte, 4)
bytes[0] = byte(v & 0xff)
bytes[1] = byte((v >> 8) & 0xff)
bytes[2] = byte((v >> 16) & 0xff)
bytes[3] = byte((v >> 24) & 0xff)
return bytes
}

20
ntlm/keys.go
View File

@ -2,13 +2,9 @@
package ntlm package ntlm
import (
"github.com/ThomsonReutersEikon/go-ntlm/ntlm/messages"
)
// Define KXKEY(SessionBaseKey, LmChallengeResponse, ServerChallenge) as // Define KXKEY(SessionBaseKey, LmChallengeResponse, ServerChallenge) as
func kxKey(flags uint32, sessionBaseKey []byte, lmChallengeResponse []byte, serverChallenge []byte, lmnowf []byte) (keyExchangeKey []byte, err error) { func kxKey(flags uint32, sessionBaseKey []byte, lmChallengeResponse []byte, serverChallenge []byte, lmnowf []byte) (keyExchangeKey []byte, err error) {
if messages.NTLMSSP_NEGOTIATE_LM_KEY.IsSet(flags) { if NTLMSSP_NEGOTIATE_LM_KEY.IsSet(flags) {
var part1, part2 []byte var part1, part2 []byte
part1, err = des(lmnowf[0:7], lmChallengeResponse[0:8]) part1, err = des(lmnowf[0:7], lmChallengeResponse[0:8])
if err != nil { if err != nil {
@ -22,7 +18,7 @@ func kxKey(flags uint32, sessionBaseKey []byte, lmChallengeResponse []byte, serv
} }
keyExchangeKey = concat(part1, part2) keyExchangeKey = concat(part1, part2)
} else if messages.NTLMSSP_REQUEST_NON_NT_SESSION_KEY.IsSet(flags) { } else if NTLMSSP_REQUEST_NON_NT_SESSION_KEY.IsSet(flags) {
keyExchangeKey = concat(lmnowf[0:8], zeroBytes(8)) keyExchangeKey = concat(lmnowf[0:8], zeroBytes(8))
} else { } else {
keyExchangeKey = sessionBaseKey keyExchangeKey = sessionBaseKey
@ -33,7 +29,7 @@ func kxKey(flags uint32, sessionBaseKey []byte, lmChallengeResponse []byte, serv
// Define SIGNKEY(NegFlg, RandomSessionKey, Mode) as // Define SIGNKEY(NegFlg, RandomSessionKey, Mode) as
func signKey(flags uint32, randomSessionKey []byte, mode string) (signKey []byte) { func signKey(flags uint32, randomSessionKey []byte, mode string) (signKey []byte) {
if messages.NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY.IsSet(flags) { if NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY.IsSet(flags) {
if mode == "Client" { if mode == "Client" {
signKey = md5(concat(randomSessionKey, []byte("session key to client-to-server signing key magic constant\x00"))) signKey = md5(concat(randomSessionKey, []byte("session key to client-to-server signing key magic constant\x00")))
} else { } else {
@ -47,10 +43,10 @@ func signKey(flags uint32, randomSessionKey []byte, mode string) (signKey []byte
// Define SEALKEY(NegotiateFlags, RandomSessionKey, Mode) as // Define SEALKEY(NegotiateFlags, RandomSessionKey, Mode) as
func sealKey(flags uint32, randomSessionKey []byte, mode string) (sealKey []byte) { func sealKey(flags uint32, randomSessionKey []byte, mode string) (sealKey []byte) {
if messages.NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY.IsSet(flags) { if NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY.IsSet(flags) {
if messages.NTLMSSP_NEGOTIATE_128.IsSet(flags) { if NTLMSSP_NEGOTIATE_128.IsSet(flags) {
sealKey = randomSessionKey sealKey = randomSessionKey
} else if messages.NTLMSSP_NEGOTIATE_56.IsSet(flags) { } else if NTLMSSP_NEGOTIATE_56.IsSet(flags) {
sealKey = randomSessionKey[0:7] sealKey = randomSessionKey[0:7]
} else { } else {
sealKey = randomSessionKey[0:5] sealKey = randomSessionKey[0:5]
@ -60,8 +56,8 @@ func sealKey(flags uint32, randomSessionKey []byte, mode string) (sealKey []byte
} else { } else {
sealKey = md5(concat(sealKey, []byte("session key to server-to-client sealing key magic constant\x00"))) sealKey = md5(concat(sealKey, []byte("session key to server-to-client sealing key magic constant\x00")))
} }
} else if messages.NTLMSSP_NEGOTIATE_LM_KEY.IsSet(flags) { } else if NTLMSSP_NEGOTIATE_LM_KEY.IsSet(flags) {
if messages.NTLMSSP_NEGOTIATE_56.IsSet(flags) { if NTLMSSP_NEGOTIATE_56.IsSet(flags) {
sealKey = concat(randomSessionKey[0:7], []byte{0xA0}) sealKey = concat(randomSessionKey[0:7], []byte{0xA0})
} else { } else {
sealKey = concat(randomSessionKey[0:5], []byte{0xE5, 0x38, 0xB0}) sealKey = concat(randomSessionKey[0:5], []byte{0xE5, 0x38, 0xB0})

20
ntlm/messages/authenticate.go → ntlm/message_authenticate.go
View File

@ -1,6 +1,6 @@
//Copyright 2013 Thomson Reuters Global Resources. All Rights Reserved. Proprietary and confidential information of TRGR. Disclosure, use, or reproduction without written authorization of TRGR is prohibited. //Copyright 2013 Thomson Reuters Global Resources. All Rights Reserved. Proprietary and confidential information of TRGR. Disclosure, use, or reproduction without written authorization of TRGR is prohibited.
package messages package ntlm
import ( import (
"bytes" "bytes"
@ -10,7 +10,7 @@ import (
"fmt" "fmt"
) )
type Authenticate struct { type AuthenticateMessage struct {
// sig - 8 bytes // sig - 8 bytes
Signature []byte Signature []byte
// message type - 4 bytes // message type - 4 bytes
@ -38,7 +38,7 @@ type Authenticate struct {
/// MS-NLMP 2.2.1.3 - In connectionless mode, a NEGOTIATE structure that contains a set of bit flags (section 2.2.2.5) and represents the /// MS-NLMP 2.2.1.3 - In connectionless mode, a NEGOTIATE structure that contains a set of bit flags (section 2.2.2.5) and represents the
// conclusion of negotiation—the choices the client has made from the options the server offered in the CHALLENGE_MESSAGE. // conclusion of negotiation—the choices the client has made from the options the server offered in the CHALLENGE_MESSAGE.
// In connection-oriented mode, a NEGOTIATE structure that contains the set of bit flags (section 2.2.2.5) negotiated in // In connection-oriented mode, a NEGOTIATE structure that contains the set of bit flags (section 2.2.2.5) negotiated in
// the previous messages. // the previous
NegotiateFlags uint32 // 4 bytes NegotiateFlags uint32 // 4 bytes
// Version (8 bytes): A VERSION structure (section 2.2.2.10) that is present only when the NTLMSSP_NEGOTIATE_VERSION // Version (8 bytes): A VERSION structure (section 2.2.2.10) that is present only when the NTLMSSP_NEGOTIATE_VERSION
@ -53,8 +53,8 @@ type Authenticate struct {
Payload []byte Payload []byte
} }
func ParseAuthenticateMessage(body []byte, ntlmVersion int) (*Authenticate, error) { func ParseAuthenticateMessage(body []byte, ntlmVersion int) (*AuthenticateMessage, error) {
am := new(Authenticate) am := new(AuthenticateMessage)
am.Signature = body[0:8] am.Signature = body[0:8]
if !bytes.Equal(am.Signature, []byte("NTLMSSP\x00")) { if !bytes.Equal(am.Signature, []byte("NTLMSSP\x00")) {
@ -155,7 +155,7 @@ func ParseAuthenticateMessage(body []byte, ntlmVersion int) (*Authenticate, erro
return am, nil return am, nil
} }
func (a *Authenticate) ClientChallenge() (response []byte) { func (a *AuthenticateMessage) ClientChallenge() (response []byte) {
if a.NtlmV2Response != nil { if a.NtlmV2Response != nil {
response = a.NtlmV2Response.NtlmV2ClientChallenge.ChallengeFromClient response = a.NtlmV2Response.NtlmV2ClientChallenge.ChallengeFromClient
} else if a.NtlmV1Response != nil && NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY.IsSet(a.NegotiateFlags) { } else if a.NtlmV1Response != nil && NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY.IsSet(a.NegotiateFlags) {
@ -165,7 +165,7 @@ func (a *Authenticate) ClientChallenge() (response []byte) {
return response return response
} }
func (a *Authenticate) getLowestPayloadOffset() int { func (a *AuthenticateMessage) getLowestPayloadOffset() int {
payloadStructs := [...]*PayloadStruct{a.LmChallengeResponse, a.NtChallengeResponseFields, a.DomainName, a.UserName, a.Workstation, a.EncryptedRandomSessionKey} payloadStructs := [...]*PayloadStruct{a.LmChallengeResponse, a.NtChallengeResponseFields, a.DomainName, a.UserName, a.Workstation, a.EncryptedRandomSessionKey}
// Find the lowest offset value // Find the lowest offset value
@ -180,7 +180,7 @@ func (a *Authenticate) getLowestPayloadOffset() int {
return lowest return lowest
} }
func (a *Authenticate) Bytes() []byte { func (a *AuthenticateMessage) Bytes() []byte {
payloadLen := int(a.LmChallengeResponse.Len + a.NtChallengeResponseFields.Len + a.DomainName.Len + a.UserName.Len + a.Workstation.Len + a.EncryptedRandomSessionKey.Len) payloadLen := int(a.LmChallengeResponse.Len + a.NtChallengeResponseFields.Len + a.DomainName.Len + a.UserName.Len + a.Workstation.Len + a.EncryptedRandomSessionKey.Len)
messageLen := 8 + 4 + 6*8 + 4 + 8 + 16 messageLen := 8 + 4 + 6*8 + 4 + 8 + 16
payloadOffset := uint32(messageLen) payloadOffset := uint32(messageLen)
@ -216,7 +216,7 @@ func (a *Authenticate) Bytes() []byte {
payloadOffset += uint32(a.EncryptedRandomSessionKey.Len) payloadOffset += uint32(a.EncryptedRandomSessionKey.Len)
buffer.Write(a.EncryptedRandomSessionKey.Bytes()) buffer.Write(a.EncryptedRandomSessionKey.Bytes())
buffer.Write(Uint32ToBytes(a.NegotiateFlags)) buffer.Write(uint32ToBytes(a.NegotiateFlags))
if a.Version != nil { if a.Version != nil {
buffer.Write(a.Version.Bytes()) buffer.Write(a.Version.Bytes())
@ -241,7 +241,7 @@ func (a *Authenticate) Bytes() []byte {
return buffer.Bytes() return buffer.Bytes()
} }
func (a *Authenticate) String() string { func (a *AuthenticateMessage) String() string {
var buffer bytes.Buffer var buffer bytes.Buffer
buffer.WriteString("Authenticate NTLM Message\n") buffer.WriteString("Authenticate NTLM Message\n")

2
ntlm/messages/authenticate_test.go → ntlm/message_authenticate_test.go
View File

@ -1,6 +1,6 @@
//Copyright 2013 Thomson Reuters Global Resources. All Rights Reserved. Proprietary and confidential information of TRGR. Disclosure, use, or reproduction without written authorization of TRGR is prohibited. //Copyright 2013 Thomson Reuters Global Resources. All Rights Reserved. Proprietary and confidential information of TRGR. Disclosure, use, or reproduction without written authorization of TRGR is prohibited.
package messages package ntlm
import ( import (
"bytes" "bytes"

14
ntlm/messages/challenge.go → ntlm/message_challenge.go
View File

@ -1,6 +1,6 @@
//Copyright 2013 Thomson Reuters Global Resources. All Rights Reserved. Proprietary and confidential information of TRGR. Disclosure, use, or reproduction without written authorization of TRGR is prohibited. //Copyright 2013 Thomson Reuters Global Resources. All Rights Reserved. Proprietary and confidential information of TRGR. Disclosure, use, or reproduction without written authorization of TRGR is prohibited.
package messages package ntlm
import ( import (
"bytes" "bytes"
@ -10,7 +10,7 @@ import (
"fmt" "fmt"
) )
type Challenge struct { type ChallengeMessage struct {
// sig - 8 bytes // sig - 8 bytes
Signature []byte Signature []byte
// message type - 4 bytes // message type - 4 bytes
@ -53,8 +53,8 @@ type Challenge struct {
Payload []byte Payload []byte
} }
func ParseChallengeMessage(body []byte) (*Challenge, error) { func ParseChallengeMessage(body []byte) (*ChallengeMessage, error) {
challenge := new(Challenge) challenge := new(ChallengeMessage)
challenge.Signature = body[0:8] challenge.Signature = body[0:8]
if !bytes.Equal(challenge.Signature, []byte("NTLMSSP\x00")) { if !bytes.Equal(challenge.Signature, []byte("NTLMSSP\x00")) {
@ -101,7 +101,7 @@ func ParseChallengeMessage(body []byte) (*Challenge, error) {
return challenge, nil return challenge, nil
} }
func (c *Challenge) Bytes() []byte { func (c *ChallengeMessage) Bytes() []byte {
payloadLen := int(c.TargetName.Len + c.TargetInfoPayloadStruct.Len) payloadLen := int(c.TargetName.Len + c.TargetInfoPayloadStruct.Len)
messageLen := 8 + 4 + 8 + 4 + 8 + 8 + 8 + 8 messageLen := 8 + 4 + 8 + 4 + 8 + 8 + 8 + 8
payloadOffset := uint32(messageLen) payloadOffset := uint32(messageLen)
@ -137,7 +137,7 @@ func (c *Challenge) Bytes() []byte {
return buffer.Bytes() return buffer.Bytes()
} }
func (c *Challenge) getLowestPayloadOffset() int { func (c *ChallengeMessage) getLowestPayloadOffset() int {
payloadStructs := [...]*PayloadStruct{c.TargetName, c.TargetInfoPayloadStruct} payloadStructs := [...]*PayloadStruct{c.TargetName, c.TargetInfoPayloadStruct}
// Find the lowest offset value // Find the lowest offset value
@ -152,7 +152,7 @@ func (c *Challenge) getLowestPayloadOffset() int {
return lowest return lowest
} }
func (c *Challenge) String() string { func (c *ChallengeMessage) String() string {
var buffer bytes.Buffer var buffer bytes.Buffer
buffer.WriteString("Challenge NTLM Message") buffer.WriteString("Challenge NTLM Message")

2
ntlm/messages/challenge_test.go → ntlm/message_challenge_test.go
View File

@ -1,6 +1,6 @@
//Copyright 2013 Thomson Reuters Global Resources. All Rights Reserved. Proprietary and confidential information of TRGR. Disclosure, use, or reproduction without written authorization of TRGR is prohibited. //Copyright 2013 Thomson Reuters Global Resources. All Rights Reserved. Proprietary and confidential information of TRGR. Disclosure, use, or reproduction without written authorization of TRGR is prohibited.
package messages package ntlm
import ( import (
"bytes" "bytes"

4
ntlm/messages/negotiate.go → ntlm/message_negotiate.go
View File

@ -1,8 +1,8 @@
//Copyright 2013 Thomson Reuters Global Resources. All Rights Reserved. Proprietary and confidential information of TRGR. Disclosure, use, or reproduction without written authorization of TRGR is prohibited. //Copyright 2013 Thomson Reuters Global Resources. All Rights Reserved. Proprietary and confidential information of TRGR. Disclosure, use, or reproduction without written authorization of TRGR is prohibited.
package messages package ntlm
type Negotiate struct { type NegotiateMessage struct {
// All bytes of the message // All bytes of the message
Bytes []byte Bytes []byte

39
ntlm/messages/helpers.go
View File

@ -1,39 +0,0 @@
//Copyright 2013 Thomson Reuters Global Resources. All Rights Reserved. Proprietary and confidential information of TRGR. Disclosure, use, or reproduction without written authorization of TRGR is prohibited.
package messages
import (
"encoding/binary"
"unicode/utf16"
)
// Convert a UTF16 string to UTF8 string for Go usage
func Utf16ToString(bytes []byte) string {
var data []uint16
// NOTE: This is definitely not the best way to do this, but when I tried using a buffer.Read I could not get it to work
for offset := 0; offset < len(bytes); offset = offset + 2 {
i := binary.LittleEndian.Uint16(bytes[offset : offset+2])
data = append(data, i)
}
return string(utf16.Decode(data))
}
func StringToUtf16(value string) []byte {
result := make([]byte, len(value)*2)
stringBytes := []byte(value)
for i := 0; i < len(value); i++ {
result[i*2] = stringBytes[i]
}
return result
}
func Uint32ToBytes(v uint32) []byte {
bytes := make([]byte, 4)
bytes[0] = byte(v & 0xff)
bytes[1] = byte((v >> 8) & 0xff)
bytes[2] = byte((v >> 16) & 0xff)
bytes[3] = byte((v >> 24) & 0xff)
return bytes
}

4
ntlm/messages/negotiate_flags.go → ntlm/negotiate_flags.go
View File

@ -1,6 +1,6 @@
//Copyright 2013 Thomson Reuters Global Resources. All Rights Reserved. Proprietary and confidential information of TRGR. Disclosure, use, or reproduction without written authorization of TRGR is prohibited. //Copyright 2013 Thomson Reuters Global Resources. All Rights Reserved. Proprietary and confidential information of TRGR. Disclosure, use, or reproduction without written authorization of TRGR is prohibited.
package messages package ntlm
// During NTLM authentication, each of the following flags is a possible value of the NegotiateFlags field of the NEGOTIATE_MESSAGE, // During NTLM authentication, each of the following flags is a possible value of the NegotiateFlags field of the NEGOTIATE_MESSAGE,
// CHALLENGE_MESSAGE, and AUTHENTICATE_MESSAGE, unless otherwise noted. These flags define client or server NTLM capabilities // CHALLENGE_MESSAGE, and AUTHENTICATE_MESSAGE, unless otherwise noted. These flags define client or server NTLM capabilities
@ -63,7 +63,7 @@ const (
NTLMSSP_NEGOTIATE_OEM_WORKSTATION_SUPPLIED NTLMSSP_NEGOTIATE_OEM_WORKSTATION_SUPPLIED
// r7 (1 bit): This bit is unused and MUST be zero. // r7 (1 bit): This bit is unused and MUST be zero.
NTLMSSP_R7 NTLMSSP_R7
// M (1 bit): If set, requests the presence of a signature block on all messages. NTLMSSP_NEGOTIATE_ALWAYS_SIGN MUST be // M (1 bit): If set, requests the presence of a signature block on all NTLMSSP_NEGOTIATE_ALWAYS_SIGN MUST be
// set in the NEGOTIATE_MESSAGE to the server and the CHALLENGE_MESSAGE to the client. NTLMSSP_NEGOTIATE_ALWAYS_SIGN is // set in the NEGOTIATE_MESSAGE to the server and the CHALLENGE_MESSAGE to the client. NTLMSSP_NEGOTIATE_ALWAYS_SIGN is
// overridden by NTLMSSP_NEGOTIATE_SIGN and NTLMSSP_NEGOTIATE_SEAL, if they are supported. An alternate name for this field // overridden by NTLMSSP_NEGOTIATE_SIGN and NTLMSSP_NEGOTIATE_SEAL, if they are supported. An alternate name for this field
// is NTLMSSP_NEGOTIATE_ALWAYS_SIGN. // is NTLMSSP_NEGOTIATE_ALWAYS_SIGN.

2
ntlm/messages/negotiate_flags_test.go → ntlm/negotiate_flags_test.go
View File

@ -1,6 +1,6 @@
//Copyright 2013 Thomson Reuters Global Resources. All Rights Reserved. Proprietary and confidential information of TRGR. Disclosure, use, or reproduction without written authorization of TRGR is prohibited. //Copyright 2013 Thomson Reuters Global Resources. All Rights Reserved. Proprietary and confidential information of TRGR. Disclosure, use, or reproduction without written authorization of TRGR is prohibited.
package messages package ntlm
import ( import (
"encoding/binary" "encoding/binary"

19
ntlm/ntlm.go
View File

@ -7,7 +7,6 @@ package ntlm
import ( import (
rc4P "crypto/rc4" rc4P "crypto/rc4"
"errors" "errors"
"github.com/ThomsonReutersEikon/go-ntlm/ntlm/messages"
) )
type Version int type Version int
@ -44,9 +43,9 @@ type ClientSession interface {
SetUserInfo(username string, password string, domain string) SetUserInfo(username string, password string, domain string)
SetMode(mode Mode) SetMode(mode Mode)
GenerateNegotiateMessage() (*messages.Negotiate, error) GenerateNegotiateMessage() (*NegotiateMessage, error)
ProcessChallengeMessage(*messages.Challenge) error ProcessChallengeMessage(*ChallengeMessage) error
GenerateAuthenticateMessage() (*messages.Authenticate, error) GenerateAuthenticateMessage() (*AuthenticateMessage, error)
Seal(message []byte) ([]byte, error) Seal(message []byte) ([]byte, error)
Sign(message []byte) ([]byte, error) Sign(message []byte) ([]byte, error)
@ -78,9 +77,9 @@ type ServerSession interface {
SetMode(mode Mode) SetMode(mode Mode)
SetServerChallenge(challege []byte) SetServerChallenge(challege []byte)
ProcessNegotiateMessage(*messages.Negotiate) error ProcessNegotiateMessage(*NegotiateMessage) error
GenerateChallengeMessage() (*messages.Challenge, error) GenerateChallengeMessage() (*ChallengeMessage, error)
ProcessAuthenticateMessage(*messages.Authenticate) error ProcessAuthenticateMessage(*AuthenticateMessage) error
GetSessionData() *SessionData GetSessionData() *SessionData
@ -101,9 +100,9 @@ type SessionData struct {
NegotiateFlags uint32 NegotiateFlags uint32
negotiateMessage *messages.Negotiate negotiateMessage *NegotiateMessage
challengeMessage *messages.Challenge challengeMessage *ChallengeMessage
authenticateMessage *messages.Authenticate authenticateMessage *AuthenticateMessage
serverChallenge []byte serverChallenge []byte
clientChallenge []byte clientChallenge []byte

67
ntlm/ntlmv1.go
View File

@ -7,7 +7,6 @@ import (
l4g "code.google.com/p/log4go" l4g "code.google.com/p/log4go"
rc4P "crypto/rc4" rc4P "crypto/rc4"
"errors" "errors"
"github.com/ThomsonReutersEikon/go-ntlm/ntlm/messages"
"strings" "strings"
) )
@ -47,7 +46,7 @@ func (n *V1Session) fetchResponseKeys() (err error) {
} }
func (n *V1Session) computeExpectedResponses() (err error) { func (n *V1Session) computeExpectedResponses() (err error) {
if messages.NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY.IsSet(n.NegotiateFlags) { if NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY.IsSet(n.NegotiateFlags) {
n.ntChallengeResponse, err = desL(n.responseKeyNT, md5(concat(n.serverChallenge, n.clientChallenge))[0:8]) n.ntChallengeResponse, err = desL(n.responseKeyNT, md5(concat(n.serverChallenge, n.clientChallenge))[0:8])
if err != nil { if err != nil {
return err return err
@ -82,7 +81,7 @@ func (n *V1Session) computeSessionBaseKey() (err error) {
} }
func (n *V1Session) computeKeyExchangeKey() (err error) { func (n *V1Session) computeKeyExchangeKey() (err error) {
if messages.NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY.IsSet(n.NegotiateFlags) { if NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY.IsSet(n.NegotiateFlags) {
n.keyExchangeKey = hmacMd5(n.sessionBaseKey, concat(n.serverChallenge, n.lmChallengeResponse[0:8])) n.keyExchangeKey = hmacMd5(n.sessionBaseKey, concat(n.serverChallenge, n.lmChallengeResponse[0:8]))
} else { } else {
n.keyExchangeKey, err = kxKey(n.NegotiateFlags, n.sessionBaseKey, n.lmChallengeResponse, n.serverChallenge, n.responseKeyLM) n.keyExchangeKey, err = kxKey(n.NegotiateFlags, n.sessionBaseKey, n.lmChallengeResponse, n.serverChallenge, n.responseKeyLM)
@ -96,7 +95,7 @@ func (n *V1Session) calculateKeys(ntlmRevisionCurrent uint8) (err error) {
// We must treat the flags as if NTLMSSP_NEGOTIATE_LM_KEY is set. // We must treat the flags as if NTLMSSP_NEGOTIATE_LM_KEY is set.
// This information is not contained (at least currently, until they correct it) in the MS-NLMP document // This information is not contained (at least currently, until they correct it) in the MS-NLMP document
if ntlmRevisionCurrent == 15 { if ntlmRevisionCurrent == 15 {
n.NegotiateFlags = messages.NTLMSSP_NEGOTIATE_LM_KEY.Set(n.NegotiateFlags) n.NegotiateFlags = NTLMSSP_NEGOTIATE_LM_KEY.Set(n.NegotiateFlags)
} }
n.ClientSigningKey = signKey(n.NegotiateFlags, n.exportedSessionKey, "Client") n.ClientSigningKey = signKey(n.NegotiateFlags, n.exportedSessionKey, "Client")
@ -116,9 +115,9 @@ func (n *V1Session) Sign(message []byte) ([]byte, error) {
func ntlmV1Mac(message []byte, sequenceNumber int, handle *rc4P.Cipher, sealingKey, signingKey []byte, NegotiateFlags uint32) []byte { func ntlmV1Mac(message []byte, sequenceNumber int, handle *rc4P.Cipher, sealingKey, signingKey []byte, NegotiateFlags uint32) []byte {
// TODO: Need to keep track of the sequence number for connection oriented NTLM // TODO: Need to keep track of the sequence number for connection oriented NTLM
if messages.NTLMSSP_NEGOTIATE_DATAGRAM.IsSet(NegotiateFlags) && messages.NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY.IsSet(NegotiateFlags) { if NTLMSSP_NEGOTIATE_DATAGRAM.IsSet(NegotiateFlags) && NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY.IsSet(NegotiateFlags) {
handle, _ = reinitSealingKey(sealingKey, sequenceNumber) handle, _ = reinitSealingKey(sealingKey, sequenceNumber)
} else if messages.NTLMSSP_NEGOTIATE_DATAGRAM.IsSet(NegotiateFlags) { } else if NTLMSSP_NEGOTIATE_DATAGRAM.IsSet(NegotiateFlags) {
// CONOR: Reinitializing the rc4 cipher on every requst, but not using the // CONOR: Reinitializing the rc4 cipher on every requst, but not using the
// algorithm as described in the MS-NTLM document. Just reinitialize it directly. // algorithm as described in the MS-NTLM document. Just reinitialize it directly.
handle, _ = rc4Init(sealingKey) handle, _ = rc4Init(sealingKey)
@ -155,12 +154,12 @@ type V1ServerSession struct {
V1Session V1Session
} }
func (n *V1ServerSession) ProcessNegotiateMessage(nm *messages.Negotiate) (err error) { func (n *V1ServerSession) ProcessNegotiateMessage(nm *NegotiateMessage) (err error) {
n.negotiateMessage = nm n.negotiateMessage = nm
return return
} }
func (n *V1ServerSession) GenerateChallengeMessage() (cm *messages.Challenge, err error) { func (n *V1ServerSession) GenerateChallengeMessage() (cm *ChallengeMessage, err error) {
// TODO: Generate this challenge message // TODO: Generate this challenge message
return return
} }
@ -173,7 +172,7 @@ func (n *V1ServerSession) GetSessionData() *SessionData {
return &n.SessionData return &n.SessionData
} }
func (n *V1ServerSession) ProcessAuthenticateMessage(am *messages.Authenticate) (err error) { func (n *V1ServerSession) ProcessAuthenticateMessage(am *AuthenticateMessage) (err error) {
n.authenticateMessage = am n.authenticateMessage = am
n.NegotiateFlags = am.NegotiateFlags n.NegotiateFlags = am.NegotiateFlags
n.clientChallenge = am.ClientChallenge() n.clientChallenge = am.ClientChallenge()
@ -209,7 +208,7 @@ func (n *V1ServerSession) ProcessAuthenticateMessage(am *messages.Authenticate)
// to compare the lmChallengeResponse if the ntChallengeRepsonse fails, but with extended session security // to compare the lmChallengeResponse if the ntChallengeRepsonse fails, but with extended session security
// this would *always* pass because the lmChallengeResponse and expectedLmChallengeRepsonse will always // this would *always* pass because the lmChallengeResponse and expectedLmChallengeRepsonse will always
// be the same // be the same
if !bytes.Equal(am.LmChallengeResponse.Payload, n.lmChallengeResponse) || messages.NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY.IsSet(n.NegotiateFlags) { if !bytes.Equal(am.LmChallengeResponse.Payload, n.lmChallengeResponse) || NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY.IsSet(n.NegotiateFlags) {
return errors.New("Could not authenticate") return errors.New("Could not authenticate")
} }
} }
@ -240,7 +239,7 @@ func (n *V1ServerSession) ProcessAuthenticateMessage(am *messages.Authenticate)
} }
func (n *V1ServerSession) computeExportedSessionKey() (err error) { func (n *V1ServerSession) computeExportedSessionKey() (err error) {
if messages.NTLMSSP_NEGOTIATE_KEY_EXCH.IsSet(n.NegotiateFlags) { if NTLMSSP_NEGOTIATE_KEY_EXCH.IsSet(n.NegotiateFlags) {
n.exportedSessionKey, err = rc4K(n.keyExchangeKey, n.encryptedRandomSessionKey) n.exportedSessionKey, err = rc4K(n.keyExchangeKey, n.encryptedRandomSessionKey)
if err != nil { if err != nil {
return err return err
@ -263,11 +262,11 @@ type V1ClientSession struct {
V1Session V1Session
} }
func (n *V1ClientSession) GenerateNegotiateMessage() (nm *messages.Negotiate, err error) { func (n *V1ClientSession) GenerateNegotiateMessage() (nm *NegotiateMessage, err error) {
return nil, nil return nil, nil
} }
func (n *V1ClientSession) ProcessChallengeMessage(cm *messages.Challenge) (err error) { func (n *V1ClientSession) ProcessChallengeMessage(cm *ChallengeMessage) (err error) {
n.challengeMessage = cm n.challengeMessage = cm
n.serverChallenge = cm.ServerChallenge n.serverChallenge = cm.ServerChallenge
n.clientChallenge = randomBytes(8) n.clientChallenge = randomBytes(8)
@ -275,18 +274,18 @@ func (n *V1ClientSession) ProcessChallengeMessage(cm *messages.Challenge) (err e
// Set up the default flags for processing the response. These are the flags that we will return // Set up the default flags for processing the response. These are the flags that we will return
// in the authenticate message // in the authenticate message
flags := uint32(0) flags := uint32(0)
flags = messages.NTLMSSP_NEGOTIATE_KEY_EXCH.Set(flags) flags = NTLMSSP_NEGOTIATE_KEY_EXCH.Set(flags)
// NOTE: Unsetting this flag in order to get the server to generate the signatures we can recognize // NOTE: Unsetting this flag in order to get the server to generate the signatures we can recognize
flags = messages.NTLMSSP_NEGOTIATE_VERSION.Set(flags) flags = NTLMSSP_NEGOTIATE_VERSION.Set(flags)
flags = messages.NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY.Set(flags) flags = NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY.Set(flags)
flags = messages.NTLMSSP_NEGOTIATE_TARGET_INFO.Set(flags) flags = NTLMSSP_NEGOTIATE_TARGET_INFO.Set(flags)
flags = messages.NTLMSSP_NEGOTIATE_IDENTIFY.Set(flags) flags = NTLMSSP_NEGOTIATE_IDENTIFY.Set(flags)
flags = messages.NTLMSSP_NEGOTIATE_ALWAYS_SIGN.Set(flags) flags = NTLMSSP_NEGOTIATE_ALWAYS_SIGN.Set(flags)
flags = messages.NTLMSSP_NEGOTIATE_NTLM.Set(flags) flags = NTLMSSP_NEGOTIATE_NTLM.Set(flags)
flags = messages.NTLMSSP_NEGOTIATE_DATAGRAM.Set(flags) flags = NTLMSSP_NEGOTIATE_DATAGRAM.Set(flags)
flags = messages.NTLMSSP_NEGOTIATE_SIGN.Set(flags) flags = NTLMSSP_NEGOTIATE_SIGN.Set(flags)
flags = messages.NTLMSSP_REQUEST_TARGET.Set(flags) flags = NTLMSSP_REQUEST_TARGET.Set(flags)
flags = messages.NTLMSSP_NEGOTIATE_UNICODE.Set(flags) flags = NTLMSSP_NEGOTIATE_UNICODE.Set(flags)
n.NegotiateFlags = flags n.NegotiateFlags = flags
@ -332,23 +331,23 @@ func (n *V1ClientSession) ProcessChallengeMessage(cm *messages.Challenge) (err e
return nil return nil
} }
func (n *V1ClientSession) GenerateAuthenticateMessage() (am *messages.Authenticate, err error) { func (n *V1ClientSession) GenerateAuthenticateMessage() (am *AuthenticateMessage, err error) {
am = new(messages.Authenticate) am = new(AuthenticateMessage)
am.Signature = []byte("NTLMSSP\x00") am.Signature = []byte("NTLMSSP\x00")
am.MessageType = uint32(3) am.MessageType = uint32(3)
am.LmChallengeResponse, _ = messages.CreateBytePayload(n.lmChallengeResponse) am.LmChallengeResponse, _ = CreateBytePayload(n.lmChallengeResponse)
am.NtChallengeResponseFields, _ = messages.CreateBytePayload(n.ntChallengeResponse) am.NtChallengeResponseFields, _ = CreateBytePayload(n.ntChallengeResponse)
am.DomainName, _ = messages.CreateStringPayload(n.userDomain) am.DomainName, _ = CreateStringPayload(n.userDomain)
am.UserName, _ = messages.CreateStringPayload(n.user) am.UserName, _ = CreateStringPayload(n.user)
am.Workstation, _ = messages.CreateStringPayload("SQUAREMILL") am.Workstation, _ = CreateStringPayload("SQUAREMILL")
am.EncryptedRandomSessionKey, _ = messages.CreateBytePayload(n.encryptedRandomSessionKey) am.EncryptedRandomSessionKey, _ = CreateBytePayload(n.encryptedRandomSessionKey)
am.NegotiateFlags = n.NegotiateFlags am.NegotiateFlags = n.NegotiateFlags
am.Version = &messages.VersionStruct{ProductMajorVersion: uint8(5), ProductMinorVersion: uint8(1), ProductBuild: uint16(2600), NTLMRevisionCurrent: uint8(15)} am.Version = &VersionStruct{ProductMajorVersion: uint8(5), ProductMinorVersion: uint8(1), ProductBuild: uint16(2600), NTLMRevisionCurrent: uint8(15)}
return am, nil return am, nil
} }
func (n *V1ClientSession) computeEncryptedSessionKey() (err error) { func (n *V1ClientSession) computeEncryptedSessionKey() (err error) {
if messages.NTLMSSP_NEGOTIATE_KEY_EXCH.IsSet(n.NegotiateFlags) { if NTLMSSP_NEGOTIATE_KEY_EXCH.IsSet(n.NegotiateFlags) {
n.exportedSessionKey = randomBytes(16) n.exportedSessionKey = randomBytes(16)
n.encryptedRandomSessionKey, err = rc4K(n.keyExchangeKey, n.exportedSessionKey) n.encryptedRandomSessionKey, err = rc4K(n.keyExchangeKey, n.exportedSessionKey)
if err != nil { if err != nil {

67
ntlm/ntlmv1_test.go
View File

@ -6,7 +6,6 @@ import (
"bytes" "bytes"
"encoding/base64" "encoding/base64"
"encoding/hex" "encoding/hex"
"github.com/ThomsonReutersEikon/go-ntlm/ntlm/messages"
"testing" "testing"
) )
@ -47,10 +46,10 @@ func TestNtlmV1ExtendedSessionSecurity(t *testing.T) {
authenticateMessage := "TlRMTVNTUAADAAAAGAAYAJgAAAAYABgAsAAAAAAAAABIAAAAOgA6AEgAAAAWABYAggAAABAAEADIAAAAVYKYYgUCzg4AAAAPMQAwADAAMAAwADEALgB3AGMAcABAAHQAaABvAG0AcwBvAG4AcgBlAHUAdABlAHIAcwAuAGMAbwBtAE4AWQBDAFMATQBTAEcAOQA5ADAAOQBRWAK3h/TIywAAAAAAAAAAAAAAAAAAAAA3tp89kZU1hs1XZp7KTyGm3XsFAT9stEDW9YXDaeYVBmBcBb//2FOu" authenticateMessage := "TlRMTVNTUAADAAAAGAAYAJgAAAAYABgAsAAAAAAAAABIAAAAOgA6AEgAAAAWABYAggAAABAAEADIAAAAVYKYYgUCzg4AAAAPMQAwADAAMAAwADEALgB3AGMAcABAAHQAaABvAG0AcwBvAG4AcgBlAHUAdABlAHIAcwAuAGMAbwBtAE4AWQBDAFMATQBTAEcAOQA5ADAAOQBRWAK3h/TIywAAAAAAAAAAAAAAAAAAAAA3tp89kZU1hs1XZp7KTyGm3XsFAT9stEDW9YXDaeYVBmBcBb//2FOu"
challengeData, _ := base64.StdEncoding.DecodeString(challengeMessage) challengeData, _ := base64.StdEncoding.DecodeString(challengeMessage)
c, _ := messages.ParseChallengeMessage(challengeData) c, _ := ParseChallengeMessage(challengeData)
authenticateData, _ := base64.StdEncoding.DecodeString(authenticateMessage) authenticateData, _ := base64.StdEncoding.DecodeString(authenticateMessage)
msg, err := messages.ParseAuthenticateMessage(authenticateData, 1) msg, err := ParseAuthenticateMessage(authenticateData, 1)
if err != nil { if err != nil {
t.Errorf("Could not process authenticate message: %s", err) t.Errorf("Could not process authenticate message: %s", err)
} }
@ -69,17 +68,17 @@ func TestNtlmV1ExtendedSessionSecurity(t *testing.T) {
func TestNtlmV1(t *testing.T) { func TestNtlmV1(t *testing.T) {
flags := uint32(0) flags := uint32(0)
flags = messages.NTLMSSP_NEGOTIATE_KEY_EXCH.Set(flags) flags = NTLMSSP_NEGOTIATE_KEY_EXCH.Set(flags)
flags = messages.NTLMSSP_NEGOTIATE_56.Set(flags) flags = NTLMSSP_NEGOTIATE_56.Set(flags)
flags = messages.NTLMSSP_NEGOTIATE_128.Set(flags) flags = NTLMSSP_NEGOTIATE_128.Set(flags)
flags = messages.NTLMSSP_NEGOTIATE_VERSION.Set(flags) flags = NTLMSSP_NEGOTIATE_VERSION.Set(flags)
flags = messages.NTLMSSP_TARGET_TYPE_SERVER.Set(flags) flags = NTLMSSP_TARGET_TYPE_SERVER.Set(flags)
flags = messages.NTLMSSP_NEGOTIATE_ALWAYS_SIGN.Set(flags) flags = NTLMSSP_NEGOTIATE_ALWAYS_SIGN.Set(flags)
flags = messages.NTLMSSP_NEGOTIATE_NTLM.Set(flags) flags = NTLMSSP_NEGOTIATE_NTLM.Set(flags)
flags = messages.NTLMSSP_NEGOTIATE_SEAL.Set(flags) flags = NTLMSSP_NEGOTIATE_SEAL.Set(flags)
flags = messages.NTLMSSP_NEGOTIATE_SIGN.Set(flags) flags = NTLMSSP_NEGOTIATE_SIGN.Set(flags)
flags = messages.NTLM_NEGOTIATE_OEM.Set(flags) flags = NTLM_NEGOTIATE_OEM.Set(flags)
flags = messages.NTLMSSP_NEGOTIATE_UNICODE.Set(flags) flags = NTLMSSP_NEGOTIATE_UNICODE.Set(flags)
n := new(V1ClientSession) n := new(V1ClientSession)
n.SetUserInfo("User", "Password", "Domain") n.SetUserInfo("User", "Password", "Domain")
@ -106,10 +105,10 @@ func TestNtlmV1(t *testing.T) {
checkV1Value(t, "LMChallengeResponse", n.lmChallengeResponse, "98def7b87f88aa5dafe2df779688a172def11c7d5ccdef13", err) checkV1Value(t, "LMChallengeResponse", n.lmChallengeResponse, "98def7b87f88aa5dafe2df779688a172def11c7d5ccdef13", err)
// If the NTLMSSP_NEGOTIATE_LM_KEY flag is set then the KeyExchangeKey is: // If the NTLMSSP_NEGOTIATE_LM_KEY flag is set then the KeyExchangeKey is:
n.NegotiateFlags = messages.NTLMSSP_NEGOTIATE_LM_KEY.Set(n.NegotiateFlags) n.NegotiateFlags = NTLMSSP_NEGOTIATE_LM_KEY.Set(n.NegotiateFlags)
err = n.computeKeyExchangeKey() err = n.computeKeyExchangeKey()
checkV1Value(t, "keyExchangeKey with NTLMSSP_NEGOTIATE_LM_KEY", n.keyExchangeKey, "b09e379f7fbecb1eaf0afdcb0383c8a0", err) checkV1Value(t, "keyExchangeKey with NTLMSSP_NEGOTIATE_LM_KEY", n.keyExchangeKey, "b09e379f7fbecb1eaf0afdcb0383c8a0", err)
n.NegotiateFlags = messages.NTLMSSP_NEGOTIATE_LM_KEY.Unset(n.NegotiateFlags) n.NegotiateFlags = NTLMSSP_NEGOTIATE_LM_KEY.Unset(n.NegotiateFlags)
// 4.2.2.2.3 Encrypted Session Key // 4.2.2.2.3 Encrypted Session Key
//n.randomSessionKey, _ = hex.DecodeString("55555555555555555555555555555555") //n.randomSessionKey, _ = hex.DecodeString("55555555555555555555555555555555")
@ -121,24 +120,24 @@ func TestNtlmV1(t *testing.T) {
//checkV1Value(t, "ExportedSessionKey", n.exportedSessionKey, "55555555555555555555555555555555", err) //checkV1Value(t, "ExportedSessionKey", n.exportedSessionKey, "55555555555555555555555555555555", err)
// NTLMSSP_REQUEST_NON_NT_SESSION_KEY is set: // NTLMSSP_REQUEST_NON_NT_SESSION_KEY is set:
n.NegotiateFlags = messages.NTLMSSP_REQUEST_NON_NT_SESSION_KEY.Set(n.NegotiateFlags) n.NegotiateFlags = NTLMSSP_REQUEST_NON_NT_SESSION_KEY.Set(n.NegotiateFlags)
err = n.computeKeyExchangeKey() err = n.computeKeyExchangeKey()
// n.encryptedRandomSessionKey, err = hex.DecodeString("7452ca55c225a1ca04b48fae32cf56fc") // n.encryptedRandomSessionKey, err = hex.DecodeString("7452ca55c225a1ca04b48fae32cf56fc")
// err = n.computeExportedSessionKey() // err = n.computeExportedSessionKey()
// checkV1Value(t, "ExportedSessionKey - NTLMSSP_REQUEST_NON_NT_SESSION_KEY", n.exportedSessionKey, "55555555555555555555555555555555", err) // checkV1Value(t, "ExportedSessionKey - NTLMSSP_REQUEST_NON_NT_SESSION_KEY", n.exportedSessionKey, "55555555555555555555555555555555", err)
n.NegotiateFlags = messages.NTLMSSP_REQUEST_NON_NT_SESSION_KEY.Unset(n.NegotiateFlags) n.NegotiateFlags = NTLMSSP_REQUEST_NON_NT_SESSION_KEY.Unset(n.NegotiateFlags)
// NTLMSSP_NEGOTIATE_LM_KEY is set: // NTLMSSP_NEGOTIATE_LM_KEY is set:
n.NegotiateFlags = messages.NTLMSSP_NEGOTIATE_LM_KEY.Set(n.NegotiateFlags) n.NegotiateFlags = NTLMSSP_NEGOTIATE_LM_KEY.Set(n.NegotiateFlags)
err = n.computeKeyExchangeKey() err = n.computeKeyExchangeKey()
// n.encryptedRandomSessionKey, err = hex.DecodeString("4cd7bb57d697ef9b549f02b8f9b37864") // n.encryptedRandomSessionKey, err = hex.DecodeString("4cd7bb57d697ef9b549f02b8f9b37864")
// err = n.computeExportedSessionKey() // err = n.computeExportedSessionKey()
// checkV1Value(t, "ExportedSessionKey - NTLMSSP_NEGOTIATE_LM_KEY", n.exportedSessionKey, "55555555555555555555555555555555", err) // checkV1Value(t, "ExportedSessionKey - NTLMSSP_NEGOTIATE_LM_KEY", n.exportedSessionKey, "55555555555555555555555555555555", err)
n.NegotiateFlags = messages.NTLMSSP_NEGOTIATE_LM_KEY.Unset(n.NegotiateFlags) n.NegotiateFlags = NTLMSSP_NEGOTIATE_LM_KEY.Unset(n.NegotiateFlags)
// 4.2.2.3 Messages // 4.2.2.3 Messages
challengeMessageBytes, _ := hex.DecodeString("4e544c4d53535000020000000c000c003800000033820a820123456789abcdef00000000000000000000000000000000060070170000000f530065007200760065007200") challengeMessageBytes, _ := hex.DecodeString("4e544c4d53535000020000000c000c003800000033820a820123456789abcdef00000000000000000000000000000000060070170000000f530065007200760065007200")
challengeMessage, err := messages.ParseChallengeMessage(challengeMessageBytes) challengeMessage, err := ParseChallengeMessage(challengeMessageBytes)
if err == nil { if err == nil {
challengeMessage.String() challengeMessage.String()
} else { } else {
@ -155,7 +154,7 @@ func TestNtlmV1(t *testing.T) {
server := new(V1ServerSession) server := new(V1ServerSession)
server.SetUserInfo("User", "Password", "Domain") server.SetUserInfo("User", "Password", "Domain")
authenticateMessageBytes, err := hex.DecodeString("4e544c4d5353500003000000180018006c00000018001800840000000c000c00480000000800080054000000100010005c000000100010009c000000358280e20501280a0000000f44006f006d00610069006e00550073006500720043004f004d005000550054004500520098def7b87f88aa5dafe2df779688a172def11c7d5ccdef1367c43011f30298a2ad35ece64f16331c44bdbed927841f94518822b1b3f350c8958682ecbb3e3cb7") authenticateMessageBytes, err := hex.DecodeString("4e544c4d5353500003000000180018006c00000018001800840000000c000c00480000000800080054000000100010005c000000100010009c000000358280e20501280a0000000f44006f006d00610069006e00550073006500720043004f004d005000550054004500520098def7b87f88aa5dafe2df779688a172def11c7d5ccdef1367c43011f30298a2ad35ece64f16331c44bdbed927841f94518822b1b3f350c8958682ecbb3e3cb7")
authenticateMessage, err := messages.ParseAuthenticateMessage(authenticateMessageBytes, 1) authenticateMessage, err := ParseAuthenticateMessage(authenticateMessageBytes, 1)
if err == nil { if err == nil {
authenticateMessage.String() authenticateMessage.String()
} else { } else {
@ -174,16 +173,16 @@ func TestNtlmV1(t *testing.T) {
func TestNTLMv1WithClientChallenge(t *testing.T) { func TestNTLMv1WithClientChallenge(t *testing.T) {
flags := uint32(0) flags := uint32(0)
flags = messages.NTLMSSP_NEGOTIATE_56.Set(flags) flags = NTLMSSP_NEGOTIATE_56.Set(flags)
flags = messages.NTLMSSP_NEGOTIATE_VERSION.Set(flags) flags = NTLMSSP_NEGOTIATE_VERSION.Set(flags)
flags = messages.NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY.Set(flags) flags = NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY.Set(flags)
flags = messages.NTLMSSP_TARGET_TYPE_SERVER.Set(flags) flags = NTLMSSP_TARGET_TYPE_SERVER.Set(flags)
flags = messages.NTLMSSP_NEGOTIATE_ALWAYS_SIGN.Set(flags) flags = NTLMSSP_NEGOTIATE_ALWAYS_SIGN.Set(flags)
flags = messages.NTLMSSP_NEGOTIATE_NTLM.Set(flags) flags = NTLMSSP_NEGOTIATE_NTLM.Set(flags)
flags = messages.NTLMSSP_NEGOTIATE_SEAL.Set(flags) flags = NTLMSSP_NEGOTIATE_SEAL.Set(flags)
flags = messages.NTLMSSP_NEGOTIATE_SIGN.Set(flags) flags = NTLMSSP_NEGOTIATE_SIGN.Set(flags)
flags = messages.NTLM_NEGOTIATE_OEM.Set(flags) flags = NTLM_NEGOTIATE_OEM.Set(flags)
flags = messages.NTLMSSP_NEGOTIATE_UNICODE.Set(flags) flags = NTLMSSP_NEGOTIATE_UNICODE.Set(flags)
n := new(V1Session) n := new(V1Session)
n.NegotiateFlags = flags n.NegotiateFlags = flags
@ -203,7 +202,7 @@ func TestNTLMv1WithClientChallenge(t *testing.T) {
checkV1Value(t, "keyExchangeKey", n.keyExchangeKey, "eb93429a8bd952f8b89c55b87f475edc", err) checkV1Value(t, "keyExchangeKey", n.keyExchangeKey, "eb93429a8bd952f8b89c55b87f475edc", err)
challengeMessageBytes, _ := hex.DecodeString("4e544c4d53535000020000000c000c003800000033820a820123456789abcdef00000000000000000000000000000000060070170000000f530065007200760065007200") challengeMessageBytes, _ := hex.DecodeString("4e544c4d53535000020000000c000c003800000033820a820123456789abcdef00000000000000000000000000000000060070170000000f530065007200760065007200")
challengeMessage, err := messages.ParseChallengeMessage(challengeMessageBytes) challengeMessage, err := ParseChallengeMessage(challengeMessageBytes)
if err == nil { if err == nil {
challengeMessage.String() challengeMessage.String()
} else { } else {
@ -222,7 +221,7 @@ func TestNTLMv1WithClientChallenge(t *testing.T) {
server.serverChallenge = challengeMessage.ServerChallenge server.serverChallenge = challengeMessage.ServerChallenge
authenticateMessageBytes, _ := hex.DecodeString("4e544c4d5353500003000000180018006c00000018001800840000000c000c00480000000800080054000000100010005c000000000000009c000000358208820501280a0000000f44006f006d00610069006e00550073006500720043004f004d0050005500540045005200aaaaaaaaaaaaaaaa000000000000000000000000000000007537f803ae367128ca458204bde7caf81e97ed2683267232") authenticateMessageBytes, _ := hex.DecodeString("4e544c4d5353500003000000180018006c00000018001800840000000c000c00480000000800080054000000100010005c000000000000009c000000358208820501280a0000000f44006f006d00610069006e00550073006500720043004f004d0050005500540045005200aaaaaaaaaaaaaaaa000000000000000000000000000000007537f803ae367128ca458204bde7caf81e97ed2683267232")
authenticateMessage, err := messages.ParseAuthenticateMessage(authenticateMessageBytes, 1) authenticateMessage, err := ParseAuthenticateMessage(authenticateMessageBytes, 1)
if err == nil { if err == nil {
authenticateMessage.String() authenticateMessage.String()
} else { } else {

113
ntlm/ntlmv2.go
View File

@ -8,7 +8,6 @@ import (
rc4P "crypto/rc4" rc4P "crypto/rc4"
"encoding/binary" "encoding/binary"
"errors" "errors"
"github.com/ThomsonReutersEikon/go-ntlm/ntlm/messages"
"strings" "strings"
"time" "time"
) )
@ -73,7 +72,7 @@ func (n *V2Session) calculateKeys(ntlmRevisionCurrent uint8) (err error) {
// We must treat the flags as if NTLMSSP_NEGOTIATE_LM_KEY is set. // We must treat the flags as if NTLMSSP_NEGOTIATE_LM_KEY is set.
// This information is not contained (at least currently, until they correct it) in the MS-NLMP document // This information is not contained (at least currently, until they correct it) in the MS-NLMP document
if ntlmRevisionCurrent == 15 { if ntlmRevisionCurrent == 15 {
n.NegotiateFlags = messages.NTLMSSP_NEGOTIATE_LM_KEY.Set(n.NegotiateFlags) n.NegotiateFlags = NTLMSSP_NEGOTIATE_LM_KEY.Set(n.NegotiateFlags)
} }
n.ClientSigningKey = signKey(n.NegotiateFlags, n.exportedSessionKey, "Client") n.ClientSigningKey = signKey(n.NegotiateFlags, n.exportedSessionKey, "Client")
@ -94,9 +93,9 @@ func (n *V2Session) Sign(message []byte) ([]byte, error) {
func NtlmVCommonMac(message []byte, sequenceNumber int, sealingKey, signingKey []byte, NegotiateFlags uint32) []byte { func NtlmVCommonMac(message []byte, sequenceNumber int, sealingKey, signingKey []byte, NegotiateFlags uint32) []byte {
var handle *rc4P.Cipher var handle *rc4P.Cipher
// TODO: Need to keep track of the sequence number for connection oriented NTLM // TODO: Need to keep track of the sequence number for connection oriented NTLM
if messages.NTLMSSP_NEGOTIATE_DATAGRAM.IsSet(NegotiateFlags) && messages.NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY.IsSet(NegotiateFlags) { if NTLMSSP_NEGOTIATE_DATAGRAM.IsSet(NegotiateFlags) && NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY.IsSet(NegotiateFlags) {
handle, _ = reinitSealingKey(sealingKey, sequenceNumber) handle, _ = reinitSealingKey(sealingKey, sequenceNumber)
} else if messages.NTLMSSP_NEGOTIATE_DATAGRAM.IsSet(NegotiateFlags) { } else if NTLMSSP_NEGOTIATE_DATAGRAM.IsSet(NegotiateFlags) {
// CONOR: Reinitializing the rc4 cipher on every requst, but not using the // CONOR: Reinitializing the rc4 cipher on every requst, but not using the
// algorithm as described in the MS-NTLM document. Just reinitialize it directly. // algorithm as described in the MS-NTLM document. Just reinitialize it directly.
handle, _ = rc4Init(sealingKey) handle, _ = rc4Init(sealingKey)
@ -107,9 +106,9 @@ func NtlmVCommonMac(message []byte, sequenceNumber int, sealingKey, signingKey [
func NtlmV2Mac(message []byte, sequenceNumber int, handle *rc4P.Cipher, sealingKey, signingKey []byte, NegotiateFlags uint32) []byte { func NtlmV2Mac(message []byte, sequenceNumber int, handle *rc4P.Cipher, sealingKey, signingKey []byte, NegotiateFlags uint32) []byte {
// TODO: Need to keep track of the sequence number for connection oriented NTLM // TODO: Need to keep track of the sequence number for connection oriented NTLM
if messages.NTLMSSP_NEGOTIATE_DATAGRAM.IsSet(NegotiateFlags) && messages.NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY.IsSet(NegotiateFlags) { if NTLMSSP_NEGOTIATE_DATAGRAM.IsSet(NegotiateFlags) && NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY.IsSet(NegotiateFlags) {
handle, _ = reinitSealingKey(sealingKey, sequenceNumber) handle, _ = reinitSealingKey(sealingKey, sequenceNumber)
} else if messages.NTLMSSP_NEGOTIATE_DATAGRAM.IsSet(NegotiateFlags) { } else if NTLMSSP_NEGOTIATE_DATAGRAM.IsSet(NegotiateFlags) {
// CONOR: Reinitializing the rc4 cipher on every requst, but not using the // CONOR: Reinitializing the rc4 cipher on every requst, but not using the
// algorithm as described in the MS-NTLM document. Just reinitialize it directly. // algorithm as described in the MS-NTLM document. Just reinitialize it directly.
handle, _ = rc4Init(sealingKey) handle, _ = rc4Init(sealingKey)
@ -150,30 +149,30 @@ func (n *V2ServerSession) SetServerChallenge(challenge []byte) {
n.serverChallenge = challenge n.serverChallenge = challenge
} }
func (n *V2ServerSession) ProcessNegotiateMessage(nm *messages.Negotiate) (err error) { func (n *V2ServerSession) ProcessNegotiateMessage(nm *NegotiateMessage) (err error) {
n.negotiateMessage = nm n.negotiateMessage = nm
return return
} }
func (n *V2ServerSession) GenerateChallengeMessage() (cm *messages.Challenge, err error) { func (n *V2ServerSession) GenerateChallengeMessage() (cm *ChallengeMessage, err error) {
cm = new(messages.Challenge) cm = new(ChallengeMessage)
cm.Signature = []byte("NTLMSSP\x00") cm.Signature = []byte("NTLMSSP\x00")
cm.MessageType = uint32(2) cm.MessageType = uint32(2)
cm.TargetName, _ = messages.CreateBytePayload(make([]byte, 0)) cm.TargetName, _ = CreateBytePayload(make([]byte, 0))
flags := uint32(0) flags := uint32(0)
flags = messages.NTLMSSP_NEGOTIATE_KEY_EXCH.Set(flags) flags = NTLMSSP_NEGOTIATE_KEY_EXCH.Set(flags)
flags = messages.NTLMSSP_NEGOTIATE_VERSION.Set(flags) flags = NTLMSSP_NEGOTIATE_VERSION.Set(flags)
flags = messages.NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY.Set(flags) flags = NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY.Set(flags)
flags = messages.NTLMSSP_NEGOTIATE_TARGET_INFO.Set(flags) flags = NTLMSSP_NEGOTIATE_TARGET_INFO.Set(flags)
flags = messages.NTLMSSP_NEGOTIATE_IDENTIFY.Set(flags) flags = NTLMSSP_NEGOTIATE_IDENTIFY.Set(flags)
flags = messages.NTLMSSP_NEGOTIATE_ALWAYS_SIGN.Set(flags) flags = NTLMSSP_NEGOTIATE_ALWAYS_SIGN.Set(flags)
flags = messages.NTLMSSP_NEGOTIATE_NTLM.Set(flags) flags = NTLMSSP_NEGOTIATE_NTLM.Set(flags)
flags = messages.NTLMSSP_NEGOTIATE_DATAGRAM.Set(flags) flags = NTLMSSP_NEGOTIATE_DATAGRAM.Set(flags)
flags = messages.NTLMSSP_NEGOTIATE_SIGN.Set(flags) flags = NTLMSSP_NEGOTIATE_SIGN.Set(flags)
flags = messages.NTLMSSP_REQUEST_TARGET.Set(flags) flags = NTLMSSP_REQUEST_TARGET.Set(flags)
flags = messages.NTLMSSP_NEGOTIATE_UNICODE.Set(flags) flags = NTLMSSP_NEGOTIATE_UNICODE.Set(flags)
flags = messages.NTLMSSP_NEGOTIATE_128.Set(flags) flags = NTLMSSP_NEGOTIATE_128.Set(flags)
cm.NegotiateFlags = flags cm.NegotiateFlags = flags
@ -182,21 +181,21 @@ func (n *V2ServerSession) GenerateChallengeMessage() (cm *messages.Challenge, er
cm.Reserved = make([]byte, 8) cm.Reserved = make([]byte, 8)
// Create the AvPairs we need // Create the AvPairs we need
pairs := new(messages.AvPairs) pairs := new(AvPairs)
pairs.AddAvPair(messages.MsvAvNbDomainName, messages.StringToUtf16("REUTERS")) pairs.AddAvPair(MsvAvNbDomainName, utf16FromString("REUTERS"))
pairs.AddAvPair(messages.MsvAvNbComputerName, messages.StringToUtf16("UKBP-CBTRMFE06")) pairs.AddAvPair(MsvAvNbComputerName, utf16FromString("UKBP-CBTRMFE06"))
pairs.AddAvPair(messages.MsvAvDnsDomainName, messages.StringToUtf16("Reuters.net")) pairs.AddAvPair(MsvAvDnsDomainName, utf16FromString("Reuters.net"))
pairs.AddAvPair(messages.MsvAvDnsComputerName, messages.StringToUtf16("ukbp-cbtrmfe06.Reuters.net")) pairs.AddAvPair(MsvAvDnsComputerName, utf16FromString("ukbp-cbtrmfe06.Reuters.net"))
pairs.AddAvPair(messages.MsvAvDnsTreeName, messages.StringToUtf16("Reuters.net")) pairs.AddAvPair(MsvAvDnsTreeName, utf16FromString("Reuters.net"))
pairs.AddAvPair(messages.MsvAvEOL, make([]byte, 0)) pairs.AddAvPair(MsvAvEOL, make([]byte, 0))
cm.TargetInfo = pairs cm.TargetInfo = pairs
cm.TargetInfoPayloadStruct, _ = messages.CreateBytePayload(pairs.Bytes()) cm.TargetInfoPayloadStruct, _ = CreateBytePayload(pairs.Bytes())
cm.Version = &messages.VersionStruct{ProductMajorVersion: uint8(5), ProductMinorVersion: uint8(1), ProductBuild: uint16(2600), NTLMRevisionCurrent: uint8(15)} cm.Version = &VersionStruct{ProductMajorVersion: uint8(5), ProductMinorVersion: uint8(1), ProductBuild: uint16(2600), NTLMRevisionCurrent: uint8(15)}
return cm, nil return cm, nil
} }
func (n *V2ServerSession) ProcessAuthenticateMessage(am *messages.Authenticate) (err error) { func (n *V2ServerSession) ProcessAuthenticateMessage(am *AuthenticateMessage) (err error) {
n.authenticateMessage = am n.authenticateMessage = am
n.NegotiateFlags = am.NegotiateFlags n.NegotiateFlags = am.NegotiateFlags
n.clientChallenge = am.ClientChallenge() n.clientChallenge = am.ClientChallenge()
@ -257,7 +256,7 @@ func (n *V2ServerSession) ProcessAuthenticateMessage(am *messages.Authenticate)
} }
func (n *V2ServerSession) computeExportedSessionKey() (err error) { func (n *V2ServerSession) computeExportedSessionKey() (err error) {
if messages.NTLMSSP_NEGOTIATE_KEY_EXCH.IsSet(n.NegotiateFlags) { if NTLMSSP_NEGOTIATE_KEY_EXCH.IsSet(n.NegotiateFlags) {
n.exportedSessionKey, err = rc4K(n.keyExchangeKey, n.encryptedRandomSessionKey) n.exportedSessionKey, err = rc4K(n.keyExchangeKey, n.encryptedRandomSessionKey)
if err != nil { if err != nil {
return err return err
@ -280,11 +279,11 @@ type V2ClientSession struct {
V2Session V2Session
} }
func (n *V2ClientSession) GenerateNegotiateMessage() (nm *messages.Negotiate, err error) { func (n *V2ClientSession) GenerateNegotiateMessage() (nm *NegotiateMessage, err error) {
return nil, nil return nil, nil
} }
func (n *V2ClientSession) ProcessChallengeMessage(cm *messages.Challenge) (err error) { func (n *V2ClientSession) ProcessChallengeMessage(cm *ChallengeMessage) (err error) {
n.challengeMessage = cm n.challengeMessage = cm
n.serverChallenge = cm.ServerChallenge n.serverChallenge = cm.ServerChallenge
n.clientChallenge = randomBytes(8) n.clientChallenge = randomBytes(8)
@ -292,18 +291,18 @@ func (n *V2ClientSession) ProcessChallengeMessage(cm *messages.Challenge) (err e
// Set up the default flags for processing the response. These are the flags that we will return // Set up the default flags for processing the response. These are the flags that we will return
// in the authenticate message // in the authenticate message
flags := uint32(0) flags := uint32(0)
flags = messages.NTLMSSP_NEGOTIATE_KEY_EXCH.Set(flags) flags = NTLMSSP_NEGOTIATE_KEY_EXCH.Set(flags)
flags = messages.NTLMSSP_NEGOTIATE_VERSION.Set(flags) flags = NTLMSSP_NEGOTIATE_VERSION.Set(flags)
flags = messages.NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY.Set(flags) flags = NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY.Set(flags)
flags = messages.NTLMSSP_NEGOTIATE_TARGET_INFO.Set(flags) flags = NTLMSSP_NEGOTIATE_TARGET_INFO.Set(flags)
flags = messages.NTLMSSP_NEGOTIATE_IDENTIFY.Set(flags) flags = NTLMSSP_NEGOTIATE_IDENTIFY.Set(flags)
flags = messages.NTLMSSP_NEGOTIATE_ALWAYS_SIGN.Set(flags) flags = NTLMSSP_NEGOTIATE_ALWAYS_SIGN.Set(flags)
flags = messages.NTLMSSP_NEGOTIATE_NTLM.Set(flags) flags = NTLMSSP_NEGOTIATE_NTLM.Set(flags)
flags = messages.NTLMSSP_NEGOTIATE_DATAGRAM.Set(flags) flags = NTLMSSP_NEGOTIATE_DATAGRAM.Set(flags)
flags = messages.NTLMSSP_NEGOTIATE_SIGN.Set(flags) flags = NTLMSSP_NEGOTIATE_SIGN.Set(flags)
flags = messages.NTLMSSP_REQUEST_TARGET.Set(flags) flags = NTLMSSP_REQUEST_TARGET.Set(flags)
flags = messages.NTLMSSP_NEGOTIATE_UNICODE.Set(flags) flags = NTLMSSP_NEGOTIATE_UNICODE.Set(flags)
flags = messages.NTLMSSP_NEGOTIATE_128.Set(flags) flags = NTLMSSP_NEGOTIATE_128.Set(flags)
n.NegotiateFlags = flags n.NegotiateFlags = flags
@ -344,24 +343,24 @@ func (n *V2ClientSession) ProcessChallengeMessage(cm *messages.Challenge) (err e
return nil return nil
} }
func (n *V2ClientSession) GenerateAuthenticateMessage() (am *messages.Authenticate, err error) { func (n *V2ClientSession) GenerateAuthenticateMessage() (am *AuthenticateMessage, err error) {
am = new(messages.Authenticate) am = new(AuthenticateMessage)
am.Signature = []byte("NTLMSSP\x00") am.Signature = []byte("NTLMSSP\x00")
am.MessageType = uint32(3) am.MessageType = uint32(3)
am.LmChallengeResponse, _ = messages.CreateBytePayload(n.lmChallengeResponse) am.LmChallengeResponse, _ = CreateBytePayload(n.lmChallengeResponse)
am.NtChallengeResponseFields, _ = messages.CreateBytePayload(n.ntChallengeResponse) am.NtChallengeResponseFields, _ = CreateBytePayload(n.ntChallengeResponse)
am.DomainName, _ = messages.CreateStringPayload(n.userDomain) am.DomainName, _ = CreateStringPayload(n.userDomain)
am.UserName, _ = messages.CreateStringPayload(n.user) am.UserName, _ = CreateStringPayload(n.user)
am.Workstation, _ = messages.CreateStringPayload("SQUAREMILL") am.Workstation, _ = CreateStringPayload("SQUAREMILL")
am.EncryptedRandomSessionKey, _ = messages.CreateBytePayload(n.encryptedRandomSessionKey) am.EncryptedRandomSessionKey, _ = CreateBytePayload(n.encryptedRandomSessionKey)
am.NegotiateFlags = n.NegotiateFlags am.NegotiateFlags = n.NegotiateFlags
am.Mic = make([]byte, 16) am.Mic = make([]byte, 16)
am.Version = &messages.VersionStruct{ProductMajorVersion: uint8(5), ProductMinorVersion: uint8(1), ProductBuild: uint16(2600), NTLMRevisionCurrent: 0x0F} am.Version = &VersionStruct{ProductMajorVersion: uint8(5), ProductMinorVersion: uint8(1), ProductBuild: uint16(2600), NTLMRevisionCurrent: 0x0F}
return am, nil return am, nil
} }
func (n *V2ClientSession) computeEncryptedSessionKey() (err error) { func (n *V2ClientSession) computeEncryptedSessionKey() (err error) {
if messages.NTLMSSP_NEGOTIATE_KEY_EXCH.IsSet(n.NegotiateFlags) { if NTLMSSP_NEGOTIATE_KEY_EXCH.IsSet(n.NegotiateFlags) {
n.exportedSessionKey = randomBytes(16) n.exportedSessionKey = randomBytes(16)
n.encryptedRandomSessionKey, err = rc4K(n.keyExchangeKey, n.exportedSessionKey) n.encryptedRandomSessionKey, err = rc4K(n.keyExchangeKey, n.exportedSessionKey)
if err != nil { if err != nil {

33
ntlm/ntlmv2_test.go
View File

@ -6,7 +6,6 @@ import (
"bytes" "bytes"
"encoding/base64" "encoding/base64"
"encoding/hex" "encoding/hex"
"github.com/ThomsonReutersEikon/go-ntlm/ntlm/messages"
"strings" "strings"
"testing" "testing"
"time" "time"
@ -34,19 +33,19 @@ func TestNTOWFv2(t *testing.T) {
func TestNTLMv2(t *testing.T) { func TestNTLMv2(t *testing.T) {
flags := uint32(0) flags := uint32(0)
flags = messages.NTLMSSP_NEGOTIATE_KEY_EXCH.Set(flags) flags = NTLMSSP_NEGOTIATE_KEY_EXCH.Set(flags)
flags = messages.NTLMSSP_NEGOTIATE_56.Set(flags) flags = NTLMSSP_NEGOTIATE_56.Set(flags)
flags = messages.NTLMSSP_NEGOTIATE_128.Set(flags) flags = NTLMSSP_NEGOTIATE_128.Set(flags)
flags = messages.NTLMSSP_NEGOTIATE_VERSION.Set(flags) flags = NTLMSSP_NEGOTIATE_VERSION.Set(flags)
flags = messages.NTLMSSP_NEGOTIATE_TARGET_INFO.Set(flags) flags = NTLMSSP_NEGOTIATE_TARGET_INFO.Set(flags)
flags = messages.NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY.Set(flags) flags = NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY.Set(flags)
flags = messages.NTLMSSP_TARGET_TYPE_SERVER.Set(flags) flags = NTLMSSP_TARGET_TYPE_SERVER.Set(flags)
flags = messages.NTLMSSP_NEGOTIATE_ALWAYS_SIGN.Set(flags) flags = NTLMSSP_NEGOTIATE_ALWAYS_SIGN.Set(flags)
flags = messages.NTLMSSP_NEGOTIATE_NTLM.Set(flags) flags = NTLMSSP_NEGOTIATE_NTLM.Set(flags)
flags = messages.NTLMSSP_NEGOTIATE_SEAL.Set(flags) flags = NTLMSSP_NEGOTIATE_SEAL.Set(flags)
flags = messages.NTLMSSP_NEGOTIATE_SIGN.Set(flags) flags = NTLMSSP_NEGOTIATE_SIGN.Set(flags)
flags = messages.NTLM_NEGOTIATE_OEM.Set(flags) flags = NTLM_NEGOTIATE_OEM.Set(flags)
flags = messages.NTLMSSP_NEGOTIATE_UNICODE.Set(flags) flags = NTLMSSP_NEGOTIATE_UNICODE.Set(flags)
// n := new(V2Session) // n := new(V2Session)
// n.SetUserInfo("User","Password","Domain") // n.SetUserInfo("User","Password","Domain")
@ -64,7 +63,7 @@ func TestNTLMv2(t *testing.T) {
client.SetUserInfo("User", "Password", "Domain") client.SetUserInfo("User", "Password", "Domain")
challengeMessageBytes, _ := hex.DecodeString("4e544c4d53535000020000000c000c003800000033828ae20123456789abcdef00000000000000002400240044000000060070170000000f53006500720076006500720002000c0044006f006d00610069006e0001000c0053006500720076006500720000000000") challengeMessageBytes, _ := hex.DecodeString("4e544c4d53535000020000000c000c003800000033828ae20123456789abcdef00000000000000002400240044000000060070170000000f53006500720076006500720002000c0044006f006d00610069006e0001000c0053006500720076006500720000000000")
challengeMessage, err := messages.ParseChallengeMessage(challengeMessageBytes) challengeMessage, err := ParseChallengeMessage(challengeMessageBytes)
if err == nil { if err == nil {
challengeMessage.String() challengeMessage.String()
} else { } else {
@ -99,7 +98,7 @@ func TestNTLMv2(t *testing.T) {
0000000000000000c5dad2544fc97990 0000000000000000c5dad2544fc97990
94ce1ce90bc9d03e`)) 94ce1ce90bc9d03e`))
authenticateMessage, err := messages.ParseAuthenticateMessage(authenticateMessageBytes, 2) authenticateMessage, err := ParseAuthenticateMessage(authenticateMessageBytes, 2)
if err == nil { if err == nil {
authenticateMessage.String() authenticateMessage.String()
} else { } else {
@ -166,7 +165,7 @@ func TestNTLMv2WithDomain(t *testing.T) {
server.SetUserInfo("blahblah", "Welcome1", "blahblah") server.SetUserInfo("blahblah", "Welcome1", "blahblah")
authenticateData, _ := base64.StdEncoding.DecodeString(authenticateMessage) authenticateData, _ := base64.StdEncoding.DecodeString(authenticateMessage)
a, _ := messages.ParseAuthenticateMessage(authenticateData, 2) a, _ := ParseAuthenticateMessage(authenticateData, 2)
serverChallenge, _ := hex.DecodeString("3d74b2d04ebe1eb3") serverChallenge, _ := hex.DecodeString("3d74b2d04ebe1eb3")
server.SetServerChallenge(serverChallenge) server.SetServerChallenge(serverChallenge)

6
ntlm/messages/payload.go → ntlm/payload.go
View File

@ -1,6 +1,6 @@
//Copyright 2013 Thomson Reuters Global Resources. All Rights Reserved. Proprietary and confidential information of TRGR. Disclosure, use, or reproduction without written authorization of TRGR is prohibited. //Copyright 2013 Thomson Reuters Global Resources. All Rights Reserved. Proprietary and confidential information of TRGR. Disclosure, use, or reproduction without written authorization of TRGR is prohibited.
package messages package ntlm
import ( import (
"bytes" "bytes"
@ -38,7 +38,7 @@ func (p *PayloadStruct) String() string {
switch p.Type { switch p.Type {
case UnicodeStringPayload: case UnicodeStringPayload:
returnString = Utf16ToString(p.Payload) returnString = utf16ToString(p.Payload)
case OemStringPayload: case OemStringPayload:
returnString = string(p.Payload) returnString = string(p.Payload)
case BytesPayload: case BytesPayload:
@ -60,7 +60,7 @@ func CreateBytePayload(bytes []byte) (*PayloadStruct, error) {
func CreateStringPayload(value string) (*PayloadStruct, error) { func CreateStringPayload(value string) (*PayloadStruct, error) {
// Create UTF16 unicode bytes from string // Create UTF16 unicode bytes from string
bytes := StringToUtf16(value) bytes := utf16FromString(value)
p := new(PayloadStruct) p := new(PayloadStruct)
p.Type = UnicodeStringPayload p.Type = UnicodeStringPayload
p.Len = uint16(len(bytes)) p.Len = uint16(len(bytes))

5
ntlm/signature.go
View File

@ -7,7 +7,6 @@ import (
"encoding/binary" "encoding/binary"
"encoding/hex" "encoding/hex"
"fmt" "fmt"
"github.com/ThomsonReutersEikon/go-ntlm/ntlm/messages"
) )
type NtlmsspMessageSignature struct { type NtlmsspMessageSignature struct {
@ -48,7 +47,7 @@ func sign(negFlags uint32, handle *rc4P.Cipher, signingKey []byte, seqNum uint32
} }
func mac(negFlags uint32, handle *rc4P.Cipher, signingKey []byte, seqNum uint32, message []byte) (result *NtlmsspMessageSignature) { func mac(negFlags uint32, handle *rc4P.Cipher, signingKey []byte, seqNum uint32, message []byte) (result *NtlmsspMessageSignature) {
if messages.NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY.IsSet(negFlags) { if NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY.IsSet(negFlags) {
result = macWithExtendedSessionSecurity(negFlags, handle, signingKey, seqNum, message) result = macWithExtendedSessionSecurity(negFlags, handle, signingKey, seqNum, message)
} else { } else {
result = macWithoutExtendedSessionSecurity(handle, seqNum, message) result = macWithoutExtendedSessionSecurity(handle, seqNum, message)
@ -105,7 +104,7 @@ func macWithExtendedSessionSecurity(negFlags uint32, handle *rc4P.Cipher, signin
seqNumBytes := make([]byte, 4) seqNumBytes := make([]byte, 4)
binary.LittleEndian.PutUint32(seqNumBytes, seqNum) binary.LittleEndian.PutUint32(seqNumBytes, seqNum)
sig.CheckSum = hmacMd5(signingKey, concat(seqNumBytes, message))[0:8] sig.CheckSum = hmacMd5(signingKey, concat(seqNumBytes, message))[0:8]
if messages.NTLMSSP_NEGOTIATE_KEY_EXCH.IsSet(negFlags) { if NTLMSSP_NEGOTIATE_KEY_EXCH.IsSet(negFlags) {
sig.CheckSum = rc4(handle, sig.CheckSum) sig.CheckSum = rc4(handle, sig.CheckSum)
} }
sig.SeqNum = seqNumBytes sig.SeqNum = seqNumBytes

7
ntlm/signature_test.go
View File

@ -5,7 +5,6 @@ package ntlm
import ( import (
"bytes" "bytes"
"encoding/hex" "encoding/hex"
"github.com/ThomsonReutersEikon/go-ntlm/ntlm/messages"
"testing" "testing"
) )
@ -42,7 +41,7 @@ func TestSealSignWithExtendedSessionSecurity(t *testing.T) {
plaintext, _ := hex.DecodeString("50006c00610069006e007400650078007400") plaintext, _ := hex.DecodeString("50006c00610069006e007400650078007400")
seqNum := uint32(0) seqNum := uint32(0)
flags := uint32(0) flags := uint32(0)
flags = messages.NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY.Set(flags) flags = NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY.Set(flags)
sealed, sig := seal(flags, handle, signKey, seqNum, plaintext) sealed, sig := seal(flags, handle, signKey, seqNum, plaintext)
checkSigValue(t, "Sealed Data", sealed, "a02372f6530273f3aa1eb90190ce5200c99d", nil) checkSigValue(t, "Sealed Data", sealed, "a02372f6530273f3aa1eb90190ce5200c99d", nil)
@ -57,8 +56,8 @@ func TestSealSignWithExtendedSessionSecurityKeyEx(t *testing.T) {
plaintext, _ := hex.DecodeString("50006c00610069006e007400650078007400") plaintext, _ := hex.DecodeString("50006c00610069006e007400650078007400")
seqNum := uint32(0) seqNum := uint32(0)
flags := uint32(0) flags := uint32(0)
flags = messages.NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY.Set(flags) flags = NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY.Set(flags)
flags = messages.NTLMSSP_NEGOTIATE_KEY_EXCH.Set(flags) flags = NTLMSSP_NEGOTIATE_KEY_EXCH.Set(flags)
sealed, sig := seal(flags, handle, signKey, seqNum, plaintext) sealed, sig := seal(flags, handle, signKey, seqNum, plaintext)
checkSigValue(t, "Sealed Data", sealed, "54e50165bf1936dc996020c1811b0f06fb5f", nil) checkSigValue(t, "Sealed Data", sealed, "54e50165bf1936dc996020c1811b0f06fb5f", nil)

2
ntlm/messages/version.go → ntlm/version.go
View File

@ -1,6 +1,6 @@
//Copyright 2013 Thomson Reuters Global Resources. All Rights Reserved. Proprietary and confidential information of TRGR. Disclosure, use, or reproduction without written authorization of TRGR is prohibited. //Copyright 2013 Thomson Reuters Global Resources. All Rights Reserved. Proprietary and confidential information of TRGR. Disclosure, use, or reproduction without written authorization of TRGR is prohibited.
package messages package ntlm
import ( import (
"bytes" "bytes"

3
utils/decode_auth.go
View File

@ -4,7 +4,6 @@ import (
"encoding/base64" "encoding/base64"
"flag" "flag"
"fmt" "fmt"
"github.com/ThomsonReutersEikon/go-ntlm/ntlm/messages"
) )
func main() { func main() {
@ -14,6 +13,6 @@ func main() {
fmt.Println("Paste the base64 encoded Authenticate message (with no line breaks):") fmt.Println("Paste the base64 encoded Authenticate message (with no line breaks):")
fmt.Scanf("%s", &data) fmt.Scanf("%s", &data)
authenticateData, _ := base64.StdEncoding.DecodeString(data) authenticateData, _ := base64.StdEncoding.DecodeString(data)
a, _ := messages.ParseAuthenticateMessage(authenticateData, *ntlmVersion) a, _ := ntlm.ParseAuthenticateMessage(authenticateData, *ntlmVersion)
fmt.Printf(a.String()) fmt.Printf(a.String())
} }

7
utils/test_auth.go
View File

@ -4,7 +4,6 @@ import (
"encoding/base64" "encoding/base64"
"fmt" "fmt"
"github.com/ThomsonReutersEikon/go-ntlm/ntlm" "github.com/ThomsonReutersEikon/go-ntlm/ntlm"
"github.com/ThomsonReutersEikon/go-ntlm/ntlm/messages"
) )
func main() { func main() {
@ -28,7 +27,7 @@ func main() {
server.SetUserInfo("050045.rmwatest@reuters.com", "Welcome1", "") server.SetUserInfo("050045.rmwatest@reuters.com", "Welcome1", "")
challengeData, _ := base64.StdEncoding.DecodeString(challengeMessage) challengeData, _ := base64.StdEncoding.DecodeString(challengeMessage)
c, _ := messages.ParseChallengeMessage(challengeData) c, _ := ntlm.ParseChallengeMessage(challengeData)
fmt.Println("----- Challenge Message ----- ") fmt.Println("----- Challenge Message ----- ")
fmt.Println(c.String()) fmt.Println(c.String())
@ -37,9 +36,9 @@ func main() {
authenticateData, _ := base64.StdEncoding.DecodeString(authenticateMessage) authenticateData, _ := base64.StdEncoding.DecodeString(authenticateMessage)
var context ntlm.ServerSession var context ntlm.ServerSession
msg, err := messages.ParseAuthenticateMessage(authenticateData, 2) msg, err := ntlm.ParseAuthenticateMessage(authenticateData, 2)
if err != nil { if err != nil {
msg2, newErr := messages.ParseAuthenticateMessage(authenticateData, 1) msg2, newErr := ntlm.ParseAuthenticateMessage(authenticateData, 1)
if newErr != nil { if newErr != nil {
fmt.Printf("Error ParseAuthenticateMessage , %s", err) fmt.Printf("Error ParseAuthenticateMessage , %s", err)
return return