Merge pull request #4 from ThomsonReutersEikon/refactor_messages
Refactor messages
This commit is contained in:
Matthew Kanwisher
commit
aeba978d32
@ -14,7 +14,6 @@ the client and the server, for our use we hardcoded a supported set of negotiati
|
||||
|
||||
```go
|
||||
import "github.com/ThomsonReutersEikon/go-ntlm/ntlm"
|
||||
import "github.com/ThomsonReutersEikon/go-ntlm/ntlm/messages"
|
||||
|
||||
session, err = ntlm.CreateClientSession(ntlm.Version2, ntlm.ConnectionlessMode)
|
||||
session.SetUserInfo("someuser","somepassword","somedomain")
|
||||
@ -23,7 +22,7 @@ negotiate := session.GenerateNegotiateMessage()
|
||||
|
||||
<send negotiate to server>
|
||||
|
||||
challenge, err := messages.ParseChallengeMessage(challengeBytes)
|
||||
challenge, err := ntlm.ParseChallengeMessage(challengeBytes)
|
||||
session.ProcessChallengeMessage(challenge)
|
||||
|
||||
authenticate := session.GenerateAuthenticateMessage()
|
||||
@ -43,7 +42,7 @@ challenge := session.GenerateChallengeMessage()
|
||||
|
||||
<receive authentication bytes>
|
||||
|
||||
auth, err := messages.ParseAuthentiateMessage(authenticateBytes)
|
||||
auth, err := ntlm.ParseAuthentiateMessage(authenticateBytes)
|
||||
session.ProcessAuthenticateMessage(auth)
|
||||
```
|
||||
|
||||
|
||||
@ -1,6 +1,6 @@
|
||||
//Copyright 2013 Thomson Reuters Global Resources. All Rights Reserved. Proprietary and confidential information of TRGR. Disclosure, use, or reproduction without written authorization of TRGR is prohibited.
|
||||
|
||||
package messages
|
||||
package ntlm
|
||||
|
||||
import (
|
||||
"bytes"
|
||||
@ -140,7 +140,7 @@ func ReadAvPair(data []byte, offset int) *AvPair {
|
||||
}
|
||||
|
||||
func (a *AvPair) UnicodeStringValue() string {
|
||||
return Utf16ToString(a.Value)
|
||||
return utf16ToString(a.Value)
|
||||
}
|
||||
|
||||
func (a *AvPair) Bytes() (result []byte) {
|
||||
@ -1,6 +1,6 @@
|
||||
//Copyright 2013 Thomson Reuters Global Resources. All Rights Reserved. Proprietary and confidential information of TRGR. Disclosure, use, or reproduction without written authorization of TRGR is prohibited.
|
||||
|
||||
package messages
|
||||
package ntlm
|
||||
|
||||
import (
|
||||
"bytes"
|
||||
@ -6,6 +6,7 @@ import (
|
||||
"bytes"
|
||||
"crypto/rand"
|
||||
"unicode/utf16"
|
||||
"encoding/binary"
|
||||
)
|
||||
|
||||
// Concatenate two byte slices into a new slice
|
||||
@ -63,3 +64,26 @@ func utf16FromString(s string) []byte {
|
||||
}
|
||||
return result
|
||||
}
|
||||
|
||||
// Convert a UTF16 string to UTF8 string for Go usage
|
||||
func utf16ToString(bytes []byte) string {
|
||||
var data []uint16
|
||||
|
||||
// NOTE: This is definitely not the best way to do this, but when I tried using a buffer.Read I could not get it to work
|
||||
for offset := 0; offset < len(bytes); offset = offset + 2 {
|
||||
i := binary.LittleEndian.Uint16(bytes[offset : offset+2])
|
||||
data = append(data, i)
|
||||
}
|
||||
|
||||
return string(utf16.Decode(data))
|
||||
}
|
||||
|
||||
func uint32ToBytes(v uint32) []byte {
|
||||
bytes := make([]byte, 4)
|
||||
bytes[0] = byte(v & 0xff)
|
||||
bytes[1] = byte((v >> 8) & 0xff)
|
||||
bytes[2] = byte((v >> 16) & 0xff)
|
||||
bytes[3] = byte((v >> 24) & 0xff)
|
||||
return bytes
|
||||
}
|
||||
|
||||
|
||||
20
ntlm/keys.go
20
ntlm/keys.go
@ -2,13 +2,9 @@
|
||||
|
||||
package ntlm
|
||||
|
||||
import (
|
||||
"github.com/ThomsonReutersEikon/go-ntlm/ntlm/messages"
|
||||
)
|
||||
|
||||
// Define KXKEY(SessionBaseKey, LmChallengeResponse, ServerChallenge) as
|
||||
func kxKey(flags uint32, sessionBaseKey []byte, lmChallengeResponse []byte, serverChallenge []byte, lmnowf []byte) (keyExchangeKey []byte, err error) {
|
||||
if messages.NTLMSSP_NEGOTIATE_LM_KEY.IsSet(flags) {
|
||||
if NTLMSSP_NEGOTIATE_LM_KEY.IsSet(flags) {
|
||||
var part1, part2 []byte
|
||||
part1, err = des(lmnowf[0:7], lmChallengeResponse[0:8])
|
||||
if err != nil {
|
||||
@ -22,7 +18,7 @@ func kxKey(flags uint32, sessionBaseKey []byte, lmChallengeResponse []byte, serv
|
||||
}
|
||||
|
||||
keyExchangeKey = concat(part1, part2)
|
||||
} else if messages.NTLMSSP_REQUEST_NON_NT_SESSION_KEY.IsSet(flags) {
|
||||
} else if NTLMSSP_REQUEST_NON_NT_SESSION_KEY.IsSet(flags) {
|
||||
keyExchangeKey = concat(lmnowf[0:8], zeroBytes(8))
|
||||
} else {
|
||||
keyExchangeKey = sessionBaseKey
|
||||
@ -33,7 +29,7 @@ func kxKey(flags uint32, sessionBaseKey []byte, lmChallengeResponse []byte, serv
|
||||
|
||||
// Define SIGNKEY(NegFlg, RandomSessionKey, Mode) as
|
||||
func signKey(flags uint32, randomSessionKey []byte, mode string) (signKey []byte) {
|
||||
if messages.NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY.IsSet(flags) {
|
||||
if NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY.IsSet(flags) {
|
||||
if mode == "Client" {
|
||||
signKey = md5(concat(randomSessionKey, []byte("session key to client-to-server signing key magic constant\x00")))
|
||||
} else {
|
||||
@ -47,10 +43,10 @@ func signKey(flags uint32, randomSessionKey []byte, mode string) (signKey []byte
|
||||
|
||||
// Define SEALKEY(NegotiateFlags, RandomSessionKey, Mode) as
|
||||
func sealKey(flags uint32, randomSessionKey []byte, mode string) (sealKey []byte) {
|
||||
if messages.NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY.IsSet(flags) {
|
||||
if messages.NTLMSSP_NEGOTIATE_128.IsSet(flags) {
|
||||
if NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY.IsSet(flags) {
|
||||
if NTLMSSP_NEGOTIATE_128.IsSet(flags) {
|
||||
sealKey = randomSessionKey
|
||||
} else if messages.NTLMSSP_NEGOTIATE_56.IsSet(flags) {
|
||||
} else if NTLMSSP_NEGOTIATE_56.IsSet(flags) {
|
||||
sealKey = randomSessionKey[0:7]
|
||||
} else {
|
||||
sealKey = randomSessionKey[0:5]
|
||||
@ -60,8 +56,8 @@ func sealKey(flags uint32, randomSessionKey []byte, mode string) (sealKey []byte
|
||||
} else {
|
||||
sealKey = md5(concat(sealKey, []byte("session key to server-to-client sealing key magic constant\x00")))
|
||||
}
|
||||
} else if messages.NTLMSSP_NEGOTIATE_LM_KEY.IsSet(flags) {
|
||||
if messages.NTLMSSP_NEGOTIATE_56.IsSet(flags) {
|
||||
} else if NTLMSSP_NEGOTIATE_LM_KEY.IsSet(flags) {
|
||||
if NTLMSSP_NEGOTIATE_56.IsSet(flags) {
|
||||
sealKey = concat(randomSessionKey[0:7], []byte{0xA0})
|
||||
} else {
|
||||
sealKey = concat(randomSessionKey[0:5], []byte{0xE5, 0x38, 0xB0})
|
||||
|
||||
@ -1,6 +1,6 @@
|
||||
//Copyright 2013 Thomson Reuters Global Resources. All Rights Reserved. Proprietary and confidential information of TRGR. Disclosure, use, or reproduction without written authorization of TRGR is prohibited.
|
||||
|
||||
package messages
|
||||
package ntlm
|
||||
|
||||
import (
|
||||
"bytes"
|
||||
@ -10,7 +10,7 @@ import (
|
||||
"fmt"
|
||||
)
|
||||
|
||||
type Authenticate struct {
|
||||
type AuthenticateMessage struct {
|
||||
// sig - 8 bytes
|
||||
Signature []byte
|
||||
// message type - 4 bytes
|
||||
@ -38,7 +38,7 @@ type Authenticate struct {
|
||||
/// MS-NLMP 2.2.1.3 - In connectionless mode, a NEGOTIATE structure that contains a set of bit flags (section 2.2.2.5) and represents the
|
||||
// conclusion of negotiation—the choices the client has made from the options the server offered in the CHALLENGE_MESSAGE.
|
||||
// In connection-oriented mode, a NEGOTIATE structure that contains the set of bit flags (section 2.2.2.5) negotiated in
|
||||
// the previous messages.
|
||||
// the previous
|
||||
NegotiateFlags uint32 // 4 bytes
|
||||
|
||||
// Version (8 bytes): A VERSION structure (section 2.2.2.10) that is present only when the NTLMSSP_NEGOTIATE_VERSION
|
||||
@ -53,8 +53,8 @@ type Authenticate struct {
|
||||
Payload []byte
|
||||
}
|
||||
|
||||
func ParseAuthenticateMessage(body []byte, ntlmVersion int) (*Authenticate, error) {
|
||||
am := new(Authenticate)
|
||||
func ParseAuthenticateMessage(body []byte, ntlmVersion int) (*AuthenticateMessage, error) {
|
||||
am := new(AuthenticateMessage)
|
||||
|
||||
am.Signature = body[0:8]
|
||||
if !bytes.Equal(am.Signature, []byte("NTLMSSP\x00")) {
|
||||
@ -155,7 +155,7 @@ func ParseAuthenticateMessage(body []byte, ntlmVersion int) (*Authenticate, erro
|
||||
return am, nil
|
||||
}
|
||||
|
||||
func (a *Authenticate) ClientChallenge() (response []byte) {
|
||||
func (a *AuthenticateMessage) ClientChallenge() (response []byte) {
|
||||
if a.NtlmV2Response != nil {
|
||||
response = a.NtlmV2Response.NtlmV2ClientChallenge.ChallengeFromClient
|
||||
} else if a.NtlmV1Response != nil && NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY.IsSet(a.NegotiateFlags) {
|
||||
@ -165,7 +165,7 @@ func (a *Authenticate) ClientChallenge() (response []byte) {
|
||||
return response
|
||||
}
|
||||
|
||||
func (a *Authenticate) getLowestPayloadOffset() int {
|
||||
func (a *AuthenticateMessage) getLowestPayloadOffset() int {
|
||||
payloadStructs := [...]*PayloadStruct{a.LmChallengeResponse, a.NtChallengeResponseFields, a.DomainName, a.UserName, a.Workstation, a.EncryptedRandomSessionKey}
|
||||
|
||||
// Find the lowest offset value
|
||||
@ -180,7 +180,7 @@ func (a *Authenticate) getLowestPayloadOffset() int {
|
||||
return lowest
|
||||
}
|
||||
|
||||
func (a *Authenticate) Bytes() []byte {
|
||||
func (a *AuthenticateMessage) Bytes() []byte {
|
||||
payloadLen := int(a.LmChallengeResponse.Len + a.NtChallengeResponseFields.Len + a.DomainName.Len + a.UserName.Len + a.Workstation.Len + a.EncryptedRandomSessionKey.Len)
|
||||
messageLen := 8 + 4 + 6*8 + 4 + 8 + 16
|
||||
payloadOffset := uint32(messageLen)
|
||||
@ -216,7 +216,7 @@ func (a *Authenticate) Bytes() []byte {
|
||||
payloadOffset += uint32(a.EncryptedRandomSessionKey.Len)
|
||||
buffer.Write(a.EncryptedRandomSessionKey.Bytes())
|
||||
|
||||
buffer.Write(Uint32ToBytes(a.NegotiateFlags))
|
||||
buffer.Write(uint32ToBytes(a.NegotiateFlags))
|
||||
|
||||
if a.Version != nil {
|
||||
buffer.Write(a.Version.Bytes())
|
||||
@ -241,7 +241,7 @@ func (a *Authenticate) Bytes() []byte {
|
||||
return buffer.Bytes()
|
||||
}
|
||||
|
||||
func (a *Authenticate) String() string {
|
||||
func (a *AuthenticateMessage) String() string {
|
||||
var buffer bytes.Buffer
|
||||
|
||||
buffer.WriteString("Authenticate NTLM Message\n")
|
||||
@ -1,6 +1,6 @@
|
||||
//Copyright 2013 Thomson Reuters Global Resources. All Rights Reserved. Proprietary and confidential information of TRGR. Disclosure, use, or reproduction without written authorization of TRGR is prohibited.
|
||||
|
||||
package messages
|
||||
package ntlm
|
||||
|
||||
import (
|
||||
"bytes"
|
||||
@ -1,6 +1,6 @@
|
||||
//Copyright 2013 Thomson Reuters Global Resources. All Rights Reserved. Proprietary and confidential information of TRGR. Disclosure, use, or reproduction without written authorization of TRGR is prohibited.
|
||||
|
||||
package messages
|
||||
package ntlm
|
||||
|
||||
import (
|
||||
"bytes"
|
||||
@ -10,7 +10,7 @@ import (
|
||||
"fmt"
|
||||
)
|
||||
|
||||
type Challenge struct {
|
||||
type ChallengeMessage struct {
|
||||
// sig - 8 bytes
|
||||
Signature []byte
|
||||
// message type - 4 bytes
|
||||
@ -53,8 +53,8 @@ type Challenge struct {
|
||||
Payload []byte
|
||||
}
|
||||
|
||||
func ParseChallengeMessage(body []byte) (*Challenge, error) {
|
||||
challenge := new(Challenge)
|
||||
func ParseChallengeMessage(body []byte) (*ChallengeMessage, error) {
|
||||
challenge := new(ChallengeMessage)
|
||||
|
||||
challenge.Signature = body[0:8]
|
||||
if !bytes.Equal(challenge.Signature, []byte("NTLMSSP\x00")) {
|
||||
@ -101,7 +101,7 @@ func ParseChallengeMessage(body []byte) (*Challenge, error) {
|
||||
return challenge, nil
|
||||
}
|
||||
|
||||
func (c *Challenge) Bytes() []byte {
|
||||
func (c *ChallengeMessage) Bytes() []byte {
|
||||
payloadLen := int(c.TargetName.Len + c.TargetInfoPayloadStruct.Len)
|
||||
messageLen := 8 + 4 + 8 + 4 + 8 + 8 + 8 + 8
|
||||
payloadOffset := uint32(messageLen)
|
||||
@ -137,7 +137,7 @@ func (c *Challenge) Bytes() []byte {
|
||||
return buffer.Bytes()
|
||||
}
|
||||
|
||||
func (c *Challenge) getLowestPayloadOffset() int {
|
||||
func (c *ChallengeMessage) getLowestPayloadOffset() int {
|
||||
payloadStructs := [...]*PayloadStruct{c.TargetName, c.TargetInfoPayloadStruct}
|
||||
|
||||
// Find the lowest offset value
|
||||
@ -152,7 +152,7 @@ func (c *Challenge) getLowestPayloadOffset() int {
|
||||
return lowest
|
||||
}
|
||||
|
||||
func (c *Challenge) String() string {
|
||||
func (c *ChallengeMessage) String() string {
|
||||
var buffer bytes.Buffer
|
||||
|
||||
buffer.WriteString("Challenge NTLM Message")
|
||||
@ -1,6 +1,6 @@
|
||||
//Copyright 2013 Thomson Reuters Global Resources. All Rights Reserved. Proprietary and confidential information of TRGR. Disclosure, use, or reproduction without written authorization of TRGR is prohibited.
|
||||
|
||||
package messages
|
||||
package ntlm
|
||||
|
||||
import (
|
||||
"bytes"
|
||||
@ -1,8 +1,8 @@
|
||||
//Copyright 2013 Thomson Reuters Global Resources. All Rights Reserved. Proprietary and confidential information of TRGR. Disclosure, use, or reproduction without written authorization of TRGR is prohibited.
|
||||
|
||||
package messages
|
||||
package ntlm
|
||||
|
||||
type Negotiate struct {
|
||||
type NegotiateMessage struct {
|
||||
// All bytes of the message
|
||||
Bytes []byte
|
||||
|
||||
@ -1,39 +0,0 @@
|
||||
//Copyright 2013 Thomson Reuters Global Resources. All Rights Reserved. Proprietary and confidential information of TRGR. Disclosure, use, or reproduction without written authorization of TRGR is prohibited.
|
||||
|
||||
package messages
|
||||
|
||||
import (
|
||||
"encoding/binary"
|
||||
"unicode/utf16"
|
||||
)
|
||||
|
||||
// Convert a UTF16 string to UTF8 string for Go usage
|
||||
func Utf16ToString(bytes []byte) string {
|
||||
var data []uint16
|
||||
|
||||
// NOTE: This is definitely not the best way to do this, but when I tried using a buffer.Read I could not get it to work
|
||||
for offset := 0; offset < len(bytes); offset = offset + 2 {
|
||||
i := binary.LittleEndian.Uint16(bytes[offset : offset+2])
|
||||
data = append(data, i)
|
||||
}
|
||||
|
||||
return string(utf16.Decode(data))
|
||||
}
|
||||
|
||||
func StringToUtf16(value string) []byte {
|
||||
result := make([]byte, len(value)*2)
|
||||
stringBytes := []byte(value)
|
||||
for i := 0; i < len(value); i++ {
|
||||
result[i*2] = stringBytes[i]
|
||||
}
|
||||
return result
|
||||
}
|
||||
|
||||
func Uint32ToBytes(v uint32) []byte {
|
||||
bytes := make([]byte, 4)
|
||||
bytes[0] = byte(v & 0xff)
|
||||
bytes[1] = byte((v >> 8) & 0xff)
|
||||
bytes[2] = byte((v >> 16) & 0xff)
|
||||
bytes[3] = byte((v >> 24) & 0xff)
|
||||
return bytes
|
||||
}
|
||||
@ -1,6 +1,6 @@
|
||||
//Copyright 2013 Thomson Reuters Global Resources. All Rights Reserved. Proprietary and confidential information of TRGR. Disclosure, use, or reproduction without written authorization of TRGR is prohibited.
|
||||
|
||||
package messages
|
||||
package ntlm
|
||||
|
||||
// During NTLM authentication, each of the following flags is a possible value of the NegotiateFlags field of the NEGOTIATE_MESSAGE,
|
||||
// CHALLENGE_MESSAGE, and AUTHENTICATE_MESSAGE, unless otherwise noted. These flags define client or server NTLM capabilities
|
||||
@ -63,7 +63,7 @@ const (
|
||||
NTLMSSP_NEGOTIATE_OEM_WORKSTATION_SUPPLIED
|
||||
// r7 (1 bit): This bit is unused and MUST be zero.
|
||||
NTLMSSP_R7
|
||||
// M (1 bit): If set, requests the presence of a signature block on all messages. NTLMSSP_NEGOTIATE_ALWAYS_SIGN MUST be
|
||||
// M (1 bit): If set, requests the presence of a signature block on all NTLMSSP_NEGOTIATE_ALWAYS_SIGN MUST be
|
||||
// set in the NEGOTIATE_MESSAGE to the server and the CHALLENGE_MESSAGE to the client. NTLMSSP_NEGOTIATE_ALWAYS_SIGN is
|
||||
// overridden by NTLMSSP_NEGOTIATE_SIGN and NTLMSSP_NEGOTIATE_SEAL, if they are supported. An alternate name for this field
|
||||
// is NTLMSSP_NEGOTIATE_ALWAYS_SIGN.
|
||||
@ -1,6 +1,6 @@
|
||||
//Copyright 2013 Thomson Reuters Global Resources. All Rights Reserved. Proprietary and confidential information of TRGR. Disclosure, use, or reproduction without written authorization of TRGR is prohibited.
|
||||
|
||||
package messages
|
||||
package ntlm
|
||||
|
||||
import (
|
||||
"encoding/binary"
|
||||
19
ntlm/ntlm.go
19
ntlm/ntlm.go
@ -7,7 +7,6 @@ package ntlm
|
||||
import (
|
||||
rc4P "crypto/rc4"
|
||||
"errors"
|
||||
"github.com/ThomsonReutersEikon/go-ntlm/ntlm/messages"
|
||||
)
|
||||
|
||||
type Version int
|
||||
@ -44,9 +43,9 @@ type ClientSession interface {
|
||||
SetUserInfo(username string, password string, domain string)
|
||||
SetMode(mode Mode)
|
||||
|
||||
GenerateNegotiateMessage() (*messages.Negotiate, error)
|
||||
ProcessChallengeMessage(*messages.Challenge) error
|
||||
GenerateAuthenticateMessage() (*messages.Authenticate, error)
|
||||
GenerateNegotiateMessage() (*NegotiateMessage, error)
|
||||
ProcessChallengeMessage(*ChallengeMessage) error
|
||||
GenerateAuthenticateMessage() (*AuthenticateMessage, error)
|
||||
|
||||
Seal(message []byte) ([]byte, error)
|
||||
Sign(message []byte) ([]byte, error)
|
||||
@ -78,9 +77,9 @@ type ServerSession interface {
|
||||
SetMode(mode Mode)
|
||||
SetServerChallenge(challege []byte)
|
||||
|
||||
ProcessNegotiateMessage(*messages.Negotiate) error
|
||||
GenerateChallengeMessage() (*messages.Challenge, error)
|
||||
ProcessAuthenticateMessage(*messages.Authenticate) error
|
||||
ProcessNegotiateMessage(*NegotiateMessage) error
|
||||
GenerateChallengeMessage() (*ChallengeMessage, error)
|
||||
ProcessAuthenticateMessage(*AuthenticateMessage) error
|
||||
|
||||
GetSessionData() *SessionData
|
||||
|
||||
@ -101,9 +100,9 @@ type SessionData struct {
|
||||
|
||||
NegotiateFlags uint32
|
||||
|
||||
negotiateMessage *messages.Negotiate
|
||||
challengeMessage *messages.Challenge
|
||||
authenticateMessage *messages.Authenticate
|
||||
negotiateMessage *NegotiateMessage
|
||||
challengeMessage *ChallengeMessage
|
||||
authenticateMessage *AuthenticateMessage
|
||||
|
||||
serverChallenge []byte
|
||||
clientChallenge []byte
|
||||
|
||||
@ -7,7 +7,6 @@ import (
|
||||
l4g "code.google.com/p/log4go"
|
||||
rc4P "crypto/rc4"
|
||||
"errors"
|
||||
"github.com/ThomsonReutersEikon/go-ntlm/ntlm/messages"
|
||||
"strings"
|
||||
)
|
||||
|
||||
@ -47,7 +46,7 @@ func (n *V1Session) fetchResponseKeys() (err error) {
|
||||
}
|
||||
|
||||
func (n *V1Session) computeExpectedResponses() (err error) {
|
||||
if messages.NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY.IsSet(n.NegotiateFlags) {
|
||||
if NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY.IsSet(n.NegotiateFlags) {
|
||||
n.ntChallengeResponse, err = desL(n.responseKeyNT, md5(concat(n.serverChallenge, n.clientChallenge))[0:8])
|
||||
if err != nil {
|
||||
return err
|
||||
@ -82,7 +81,7 @@ func (n *V1Session) computeSessionBaseKey() (err error) {
|
||||
}
|
||||
|
||||
func (n *V1Session) computeKeyExchangeKey() (err error) {
|
||||
if messages.NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY.IsSet(n.NegotiateFlags) {
|
||||
if NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY.IsSet(n.NegotiateFlags) {
|
||||
n.keyExchangeKey = hmacMd5(n.sessionBaseKey, concat(n.serverChallenge, n.lmChallengeResponse[0:8]))
|
||||
} else {
|
||||
n.keyExchangeKey, err = kxKey(n.NegotiateFlags, n.sessionBaseKey, n.lmChallengeResponse, n.serverChallenge, n.responseKeyLM)
|
||||
@ -96,7 +95,7 @@ func (n *V1Session) calculateKeys(ntlmRevisionCurrent uint8) (err error) {
|
||||
// We must treat the flags as if NTLMSSP_NEGOTIATE_LM_KEY is set.
|
||||
// This information is not contained (at least currently, until they correct it) in the MS-NLMP document
|
||||
if ntlmRevisionCurrent == 15 {
|
||||
n.NegotiateFlags = messages.NTLMSSP_NEGOTIATE_LM_KEY.Set(n.NegotiateFlags)
|
||||
n.NegotiateFlags = NTLMSSP_NEGOTIATE_LM_KEY.Set(n.NegotiateFlags)
|
||||
}
|
||||
|
||||
n.ClientSigningKey = signKey(n.NegotiateFlags, n.exportedSessionKey, "Client")
|
||||
@ -116,9 +115,9 @@ func (n *V1Session) Sign(message []byte) ([]byte, error) {
|
||||
|
||||
func ntlmV1Mac(message []byte, sequenceNumber int, handle *rc4P.Cipher, sealingKey, signingKey []byte, NegotiateFlags uint32) []byte {
|
||||
// TODO: Need to keep track of the sequence number for connection oriented NTLM
|
||||
if messages.NTLMSSP_NEGOTIATE_DATAGRAM.IsSet(NegotiateFlags) && messages.NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY.IsSet(NegotiateFlags) {
|
||||
if NTLMSSP_NEGOTIATE_DATAGRAM.IsSet(NegotiateFlags) && NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY.IsSet(NegotiateFlags) {
|
||||
handle, _ = reinitSealingKey(sealingKey, sequenceNumber)
|
||||
} else if messages.NTLMSSP_NEGOTIATE_DATAGRAM.IsSet(NegotiateFlags) {
|
||||
} else if NTLMSSP_NEGOTIATE_DATAGRAM.IsSet(NegotiateFlags) {
|
||||
// CONOR: Reinitializing the rc4 cipher on every requst, but not using the
|
||||
// algorithm as described in the MS-NTLM document. Just reinitialize it directly.
|
||||
handle, _ = rc4Init(sealingKey)
|
||||
@ -155,12 +154,12 @@ type V1ServerSession struct {
|
||||
V1Session
|
||||
}
|
||||
|
||||
func (n *V1ServerSession) ProcessNegotiateMessage(nm *messages.Negotiate) (err error) {
|
||||
func (n *V1ServerSession) ProcessNegotiateMessage(nm *NegotiateMessage) (err error) {
|
||||
n.negotiateMessage = nm
|
||||
return
|
||||
}
|
||||
|
||||
func (n *V1ServerSession) GenerateChallengeMessage() (cm *messages.Challenge, err error) {
|
||||
func (n *V1ServerSession) GenerateChallengeMessage() (cm *ChallengeMessage, err error) {
|
||||
// TODO: Generate this challenge message
|
||||
return
|
||||
}
|
||||
@ -173,7 +172,7 @@ func (n *V1ServerSession) GetSessionData() *SessionData {
|
||||
return &n.SessionData
|
||||
}
|
||||
|
||||
func (n *V1ServerSession) ProcessAuthenticateMessage(am *messages.Authenticate) (err error) {
|
||||
func (n *V1ServerSession) ProcessAuthenticateMessage(am *AuthenticateMessage) (err error) {
|
||||
n.authenticateMessage = am
|
||||
n.NegotiateFlags = am.NegotiateFlags
|
||||
n.clientChallenge = am.ClientChallenge()
|
||||
@ -209,7 +208,7 @@ func (n *V1ServerSession) ProcessAuthenticateMessage(am *messages.Authenticate)
|
||||
// to compare the lmChallengeResponse if the ntChallengeRepsonse fails, but with extended session security
|
||||
// this would *always* pass because the lmChallengeResponse and expectedLmChallengeRepsonse will always
|
||||
// be the same
|
||||
if !bytes.Equal(am.LmChallengeResponse.Payload, n.lmChallengeResponse) || messages.NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY.IsSet(n.NegotiateFlags) {
|
||||
if !bytes.Equal(am.LmChallengeResponse.Payload, n.lmChallengeResponse) || NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY.IsSet(n.NegotiateFlags) {
|
||||
return errors.New("Could not authenticate")
|
||||
}
|
||||
}
|
||||
@ -240,7 +239,7 @@ func (n *V1ServerSession) ProcessAuthenticateMessage(am *messages.Authenticate)
|
||||
}
|
||||
|
||||
func (n *V1ServerSession) computeExportedSessionKey() (err error) {
|
||||
if messages.NTLMSSP_NEGOTIATE_KEY_EXCH.IsSet(n.NegotiateFlags) {
|
||||
if NTLMSSP_NEGOTIATE_KEY_EXCH.IsSet(n.NegotiateFlags) {
|
||||
n.exportedSessionKey, err = rc4K(n.keyExchangeKey, n.encryptedRandomSessionKey)
|
||||
if err != nil {
|
||||
return err
|
||||
@ -263,11 +262,11 @@ type V1ClientSession struct {
|
||||
V1Session
|
||||
}
|
||||
|
||||
func (n *V1ClientSession) GenerateNegotiateMessage() (nm *messages.Negotiate, err error) {
|
||||
func (n *V1ClientSession) GenerateNegotiateMessage() (nm *NegotiateMessage, err error) {
|
||||
return nil, nil
|
||||
}
|
||||
|
||||
func (n *V1ClientSession) ProcessChallengeMessage(cm *messages.Challenge) (err error) {
|
||||
func (n *V1ClientSession) ProcessChallengeMessage(cm *ChallengeMessage) (err error) {
|
||||
n.challengeMessage = cm
|
||||
n.serverChallenge = cm.ServerChallenge
|
||||
n.clientChallenge = randomBytes(8)
|
||||
@ -275,18 +274,18 @@ func (n *V1ClientSession) ProcessChallengeMessage(cm *messages.Challenge) (err e
|
||||
// Set up the default flags for processing the response. These are the flags that we will return
|
||||
// in the authenticate message
|
||||
flags := uint32(0)
|
||||
flags = messages.NTLMSSP_NEGOTIATE_KEY_EXCH.Set(flags)
|
||||
flags = NTLMSSP_NEGOTIATE_KEY_EXCH.Set(flags)
|
||||
// NOTE: Unsetting this flag in order to get the server to generate the signatures we can recognize
|
||||
flags = messages.NTLMSSP_NEGOTIATE_VERSION.Set(flags)
|
||||
flags = messages.NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY.Set(flags)
|
||||
flags = messages.NTLMSSP_NEGOTIATE_TARGET_INFO.Set(flags)
|
||||
flags = messages.NTLMSSP_NEGOTIATE_IDENTIFY.Set(flags)
|
||||
flags = messages.NTLMSSP_NEGOTIATE_ALWAYS_SIGN.Set(flags)
|
||||
flags = messages.NTLMSSP_NEGOTIATE_NTLM.Set(flags)
|
||||
flags = messages.NTLMSSP_NEGOTIATE_DATAGRAM.Set(flags)
|
||||
flags = messages.NTLMSSP_NEGOTIATE_SIGN.Set(flags)
|
||||
flags = messages.NTLMSSP_REQUEST_TARGET.Set(flags)
|
||||
flags = messages.NTLMSSP_NEGOTIATE_UNICODE.Set(flags)
|
||||
flags = NTLMSSP_NEGOTIATE_VERSION.Set(flags)
|
||||
flags = NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY.Set(flags)
|
||||
flags = NTLMSSP_NEGOTIATE_TARGET_INFO.Set(flags)
|
||||
flags = NTLMSSP_NEGOTIATE_IDENTIFY.Set(flags)
|
||||
flags = NTLMSSP_NEGOTIATE_ALWAYS_SIGN.Set(flags)
|
||||
flags = NTLMSSP_NEGOTIATE_NTLM.Set(flags)
|
||||
flags = NTLMSSP_NEGOTIATE_DATAGRAM.Set(flags)
|
||||
flags = NTLMSSP_NEGOTIATE_SIGN.Set(flags)
|
||||
flags = NTLMSSP_REQUEST_TARGET.Set(flags)
|
||||
flags = NTLMSSP_NEGOTIATE_UNICODE.Set(flags)
|
||||
|
||||
n.NegotiateFlags = flags
|
||||
|
||||
@ -332,23 +331,23 @@ func (n *V1ClientSession) ProcessChallengeMessage(cm *messages.Challenge) (err e
|
||||
return nil
|
||||
}
|
||||
|
||||
func (n *V1ClientSession) GenerateAuthenticateMessage() (am *messages.Authenticate, err error) {
|
||||
am = new(messages.Authenticate)
|
||||
func (n *V1ClientSession) GenerateAuthenticateMessage() (am *AuthenticateMessage, err error) {
|
||||
am = new(AuthenticateMessage)
|
||||
am.Signature = []byte("NTLMSSP\x00")
|
||||
am.MessageType = uint32(3)
|
||||
am.LmChallengeResponse, _ = messages.CreateBytePayload(n.lmChallengeResponse)
|
||||
am.NtChallengeResponseFields, _ = messages.CreateBytePayload(n.ntChallengeResponse)
|
||||
am.DomainName, _ = messages.CreateStringPayload(n.userDomain)
|
||||
am.UserName, _ = messages.CreateStringPayload(n.user)
|
||||
am.Workstation, _ = messages.CreateStringPayload("SQUAREMILL")
|
||||
am.EncryptedRandomSessionKey, _ = messages.CreateBytePayload(n.encryptedRandomSessionKey)
|
||||
am.LmChallengeResponse, _ = CreateBytePayload(n.lmChallengeResponse)
|
||||
am.NtChallengeResponseFields, _ = CreateBytePayload(n.ntChallengeResponse)
|
||||
am.DomainName, _ = CreateStringPayload(n.userDomain)
|
||||
am.UserName, _ = CreateStringPayload(n.user)
|
||||
am.Workstation, _ = CreateStringPayload("SQUAREMILL")
|
||||
am.EncryptedRandomSessionKey, _ = CreateBytePayload(n.encryptedRandomSessionKey)
|
||||
am.NegotiateFlags = n.NegotiateFlags
|
||||
am.Version = &messages.VersionStruct{ProductMajorVersion: uint8(5), ProductMinorVersion: uint8(1), ProductBuild: uint16(2600), NTLMRevisionCurrent: uint8(15)}
|
||||
am.Version = &VersionStruct{ProductMajorVersion: uint8(5), ProductMinorVersion: uint8(1), ProductBuild: uint16(2600), NTLMRevisionCurrent: uint8(15)}
|
||||
return am, nil
|
||||
}
|
||||
|
||||
func (n *V1ClientSession) computeEncryptedSessionKey() (err error) {
|
||||
if messages.NTLMSSP_NEGOTIATE_KEY_EXCH.IsSet(n.NegotiateFlags) {
|
||||
if NTLMSSP_NEGOTIATE_KEY_EXCH.IsSet(n.NegotiateFlags) {
|
||||
n.exportedSessionKey = randomBytes(16)
|
||||
n.encryptedRandomSessionKey, err = rc4K(n.keyExchangeKey, n.exportedSessionKey)
|
||||
if err != nil {
|
||||
|
||||
@ -6,7 +6,6 @@ import (
|
||||
"bytes"
|
||||
"encoding/base64"
|
||||
"encoding/hex"
|
||||
"github.com/ThomsonReutersEikon/go-ntlm/ntlm/messages"
|
||||
"testing"
|
||||
)
|
||||
|
||||
@ -47,10 +46,10 @@ func TestNtlmV1ExtendedSessionSecurity(t *testing.T) {
|
||||
authenticateMessage := "TlRMTVNTUAADAAAAGAAYAJgAAAAYABgAsAAAAAAAAABIAAAAOgA6AEgAAAAWABYAggAAABAAEADIAAAAVYKYYgUCzg4AAAAPMQAwADAAMAAwADEALgB3AGMAcABAAHQAaABvAG0AcwBvAG4AcgBlAHUAdABlAHIAcwAuAGMAbwBtAE4AWQBDAFMATQBTAEcAOQA5ADAAOQBRWAK3h/TIywAAAAAAAAAAAAAAAAAAAAA3tp89kZU1hs1XZp7KTyGm3XsFAT9stEDW9YXDaeYVBmBcBb//2FOu"
|
||||
|
||||
challengeData, _ := base64.StdEncoding.DecodeString(challengeMessage)
|
||||
c, _ := messages.ParseChallengeMessage(challengeData)
|
||||
c, _ := ParseChallengeMessage(challengeData)
|
||||
|
||||
authenticateData, _ := base64.StdEncoding.DecodeString(authenticateMessage)
|
||||
msg, err := messages.ParseAuthenticateMessage(authenticateData, 1)
|
||||
msg, err := ParseAuthenticateMessage(authenticateData, 1)
|
||||
if err != nil {
|
||||
t.Errorf("Could not process authenticate message: %s", err)
|
||||
}
|
||||
@ -69,17 +68,17 @@ func TestNtlmV1ExtendedSessionSecurity(t *testing.T) {
|
||||
|
||||
func TestNtlmV1(t *testing.T) {
|
||||
flags := uint32(0)
|
||||
flags = messages.NTLMSSP_NEGOTIATE_KEY_EXCH.Set(flags)
|
||||
flags = messages.NTLMSSP_NEGOTIATE_56.Set(flags)
|
||||
flags = messages.NTLMSSP_NEGOTIATE_128.Set(flags)
|
||||
flags = messages.NTLMSSP_NEGOTIATE_VERSION.Set(flags)
|
||||
flags = messages.NTLMSSP_TARGET_TYPE_SERVER.Set(flags)
|
||||
flags = messages.NTLMSSP_NEGOTIATE_ALWAYS_SIGN.Set(flags)
|
||||
flags = messages.NTLMSSP_NEGOTIATE_NTLM.Set(flags)
|
||||
flags = messages.NTLMSSP_NEGOTIATE_SEAL.Set(flags)
|
||||
flags = messages.NTLMSSP_NEGOTIATE_SIGN.Set(flags)
|
||||
flags = messages.NTLM_NEGOTIATE_OEM.Set(flags)
|
||||
flags = messages.NTLMSSP_NEGOTIATE_UNICODE.Set(flags)
|
||||
flags = NTLMSSP_NEGOTIATE_KEY_EXCH.Set(flags)
|
||||
flags = NTLMSSP_NEGOTIATE_56.Set(flags)
|
||||
flags = NTLMSSP_NEGOTIATE_128.Set(flags)
|
||||
flags = NTLMSSP_NEGOTIATE_VERSION.Set(flags)
|
||||
flags = NTLMSSP_TARGET_TYPE_SERVER.Set(flags)
|
||||
flags = NTLMSSP_NEGOTIATE_ALWAYS_SIGN.Set(flags)
|
||||
flags = NTLMSSP_NEGOTIATE_NTLM.Set(flags)
|
||||
flags = NTLMSSP_NEGOTIATE_SEAL.Set(flags)
|
||||
flags = NTLMSSP_NEGOTIATE_SIGN.Set(flags)
|
||||
flags = NTLM_NEGOTIATE_OEM.Set(flags)
|
||||
flags = NTLMSSP_NEGOTIATE_UNICODE.Set(flags)
|
||||
|
||||
n := new(V1ClientSession)
|
||||
n.SetUserInfo("User", "Password", "Domain")
|
||||
@ -106,10 +105,10 @@ func TestNtlmV1(t *testing.T) {
|
||||
checkV1Value(t, "LMChallengeResponse", n.lmChallengeResponse, "98def7b87f88aa5dafe2df779688a172def11c7d5ccdef13", err)
|
||||
|
||||
// If the NTLMSSP_NEGOTIATE_LM_KEY flag is set then the KeyExchangeKey is:
|
||||
n.NegotiateFlags = messages.NTLMSSP_NEGOTIATE_LM_KEY.Set(n.NegotiateFlags)
|
||||
n.NegotiateFlags = NTLMSSP_NEGOTIATE_LM_KEY.Set(n.NegotiateFlags)
|
||||
err = n.computeKeyExchangeKey()
|
||||
checkV1Value(t, "keyExchangeKey with NTLMSSP_NEGOTIATE_LM_KEY", n.keyExchangeKey, "b09e379f7fbecb1eaf0afdcb0383c8a0", err)
|
||||
n.NegotiateFlags = messages.NTLMSSP_NEGOTIATE_LM_KEY.Unset(n.NegotiateFlags)
|
||||
n.NegotiateFlags = NTLMSSP_NEGOTIATE_LM_KEY.Unset(n.NegotiateFlags)
|
||||
|
||||
// 4.2.2.2.3 Encrypted Session Key
|
||||
//n.randomSessionKey, _ = hex.DecodeString("55555555555555555555555555555555")
|
||||
@ -121,24 +120,24 @@ func TestNtlmV1(t *testing.T) {
|
||||
//checkV1Value(t, "ExportedSessionKey", n.exportedSessionKey, "55555555555555555555555555555555", err)
|
||||
|
||||
// NTLMSSP_REQUEST_NON_NT_SESSION_KEY is set:
|
||||
n.NegotiateFlags = messages.NTLMSSP_REQUEST_NON_NT_SESSION_KEY.Set(n.NegotiateFlags)
|
||||
n.NegotiateFlags = NTLMSSP_REQUEST_NON_NT_SESSION_KEY.Set(n.NegotiateFlags)
|
||||
err = n.computeKeyExchangeKey()
|
||||
// n.encryptedRandomSessionKey, err = hex.DecodeString("7452ca55c225a1ca04b48fae32cf56fc")
|
||||
// err = n.computeExportedSessionKey()
|
||||
// checkV1Value(t, "ExportedSessionKey - NTLMSSP_REQUEST_NON_NT_SESSION_KEY", n.exportedSessionKey, "55555555555555555555555555555555", err)
|
||||
n.NegotiateFlags = messages.NTLMSSP_REQUEST_NON_NT_SESSION_KEY.Unset(n.NegotiateFlags)
|
||||
n.NegotiateFlags = NTLMSSP_REQUEST_NON_NT_SESSION_KEY.Unset(n.NegotiateFlags)
|
||||
|
||||
// NTLMSSP_NEGOTIATE_LM_KEY is set:
|
||||
n.NegotiateFlags = messages.NTLMSSP_NEGOTIATE_LM_KEY.Set(n.NegotiateFlags)
|
||||
n.NegotiateFlags = NTLMSSP_NEGOTIATE_LM_KEY.Set(n.NegotiateFlags)
|
||||
err = n.computeKeyExchangeKey()
|
||||
// n.encryptedRandomSessionKey, err = hex.DecodeString("4cd7bb57d697ef9b549f02b8f9b37864")
|
||||
// err = n.computeExportedSessionKey()
|
||||
// checkV1Value(t, "ExportedSessionKey - NTLMSSP_NEGOTIATE_LM_KEY", n.exportedSessionKey, "55555555555555555555555555555555", err)
|
||||
n.NegotiateFlags = messages.NTLMSSP_NEGOTIATE_LM_KEY.Unset(n.NegotiateFlags)
|
||||
n.NegotiateFlags = NTLMSSP_NEGOTIATE_LM_KEY.Unset(n.NegotiateFlags)
|
||||
|
||||
// 4.2.2.3 Messages
|
||||
challengeMessageBytes, _ := hex.DecodeString("4e544c4d53535000020000000c000c003800000033820a820123456789abcdef00000000000000000000000000000000060070170000000f530065007200760065007200")
|
||||
challengeMessage, err := messages.ParseChallengeMessage(challengeMessageBytes)
|
||||
challengeMessage, err := ParseChallengeMessage(challengeMessageBytes)
|
||||
if err == nil {
|
||||
challengeMessage.String()
|
||||
} else {
|
||||
@ -155,7 +154,7 @@ func TestNtlmV1(t *testing.T) {
|
||||
server := new(V1ServerSession)
|
||||
server.SetUserInfo("User", "Password", "Domain")
|
||||
authenticateMessageBytes, err := hex.DecodeString("4e544c4d5353500003000000180018006c00000018001800840000000c000c00480000000800080054000000100010005c000000100010009c000000358280e20501280a0000000f44006f006d00610069006e00550073006500720043004f004d005000550054004500520098def7b87f88aa5dafe2df779688a172def11c7d5ccdef1367c43011f30298a2ad35ece64f16331c44bdbed927841f94518822b1b3f350c8958682ecbb3e3cb7")
|
||||
authenticateMessage, err := messages.ParseAuthenticateMessage(authenticateMessageBytes, 1)
|
||||
authenticateMessage, err := ParseAuthenticateMessage(authenticateMessageBytes, 1)
|
||||
if err == nil {
|
||||
authenticateMessage.String()
|
||||
} else {
|
||||
@ -174,16 +173,16 @@ func TestNtlmV1(t *testing.T) {
|
||||
|
||||
func TestNTLMv1WithClientChallenge(t *testing.T) {
|
||||
flags := uint32(0)
|
||||
flags = messages.NTLMSSP_NEGOTIATE_56.Set(flags)
|
||||
flags = messages.NTLMSSP_NEGOTIATE_VERSION.Set(flags)
|
||||
flags = messages.NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY.Set(flags)
|
||||
flags = messages.NTLMSSP_TARGET_TYPE_SERVER.Set(flags)
|
||||
flags = messages.NTLMSSP_NEGOTIATE_ALWAYS_SIGN.Set(flags)
|
||||
flags = messages.NTLMSSP_NEGOTIATE_NTLM.Set(flags)
|
||||
flags = messages.NTLMSSP_NEGOTIATE_SEAL.Set(flags)
|
||||
flags = messages.NTLMSSP_NEGOTIATE_SIGN.Set(flags)
|
||||
flags = messages.NTLM_NEGOTIATE_OEM.Set(flags)
|
||||
flags = messages.NTLMSSP_NEGOTIATE_UNICODE.Set(flags)
|
||||
flags = NTLMSSP_NEGOTIATE_56.Set(flags)
|
||||
flags = NTLMSSP_NEGOTIATE_VERSION.Set(flags)
|
||||
flags = NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY.Set(flags)
|
||||
flags = NTLMSSP_TARGET_TYPE_SERVER.Set(flags)
|
||||
flags = NTLMSSP_NEGOTIATE_ALWAYS_SIGN.Set(flags)
|
||||
flags = NTLMSSP_NEGOTIATE_NTLM.Set(flags)
|
||||
flags = NTLMSSP_NEGOTIATE_SEAL.Set(flags)
|
||||
flags = NTLMSSP_NEGOTIATE_SIGN.Set(flags)
|
||||
flags = NTLM_NEGOTIATE_OEM.Set(flags)
|
||||
flags = NTLMSSP_NEGOTIATE_UNICODE.Set(flags)
|
||||
|
||||
n := new(V1Session)
|
||||
n.NegotiateFlags = flags
|
||||
@ -203,7 +202,7 @@ func TestNTLMv1WithClientChallenge(t *testing.T) {
|
||||
checkV1Value(t, "keyExchangeKey", n.keyExchangeKey, "eb93429a8bd952f8b89c55b87f475edc", err)
|
||||
|
||||
challengeMessageBytes, _ := hex.DecodeString("4e544c4d53535000020000000c000c003800000033820a820123456789abcdef00000000000000000000000000000000060070170000000f530065007200760065007200")
|
||||
challengeMessage, err := messages.ParseChallengeMessage(challengeMessageBytes)
|
||||
challengeMessage, err := ParseChallengeMessage(challengeMessageBytes)
|
||||
if err == nil {
|
||||
challengeMessage.String()
|
||||
} else {
|
||||
@ -222,7 +221,7 @@ func TestNTLMv1WithClientChallenge(t *testing.T) {
|
||||
server.serverChallenge = challengeMessage.ServerChallenge
|
||||
|
||||
authenticateMessageBytes, _ := hex.DecodeString("4e544c4d5353500003000000180018006c00000018001800840000000c000c00480000000800080054000000100010005c000000000000009c000000358208820501280a0000000f44006f006d00610069006e00550073006500720043004f004d0050005500540045005200aaaaaaaaaaaaaaaa000000000000000000000000000000007537f803ae367128ca458204bde7caf81e97ed2683267232")
|
||||
authenticateMessage, err := messages.ParseAuthenticateMessage(authenticateMessageBytes, 1)
|
||||
authenticateMessage, err := ParseAuthenticateMessage(authenticateMessageBytes, 1)
|
||||
if err == nil {
|
||||
authenticateMessage.String()
|
||||
} else {
|
||||
|
||||
113
ntlm/ntlmv2.go
113
ntlm/ntlmv2.go
@ -8,7 +8,6 @@ import (
|
||||
rc4P "crypto/rc4"
|
||||
"encoding/binary"
|
||||
"errors"
|
||||
"github.com/ThomsonReutersEikon/go-ntlm/ntlm/messages"
|
||||
"strings"
|
||||
"time"
|
||||
)
|
||||
@ -73,7 +72,7 @@ func (n *V2Session) calculateKeys(ntlmRevisionCurrent uint8) (err error) {
|
||||
// We must treat the flags as if NTLMSSP_NEGOTIATE_LM_KEY is set.
|
||||
// This information is not contained (at least currently, until they correct it) in the MS-NLMP document
|
||||
if ntlmRevisionCurrent == 15 {
|
||||
n.NegotiateFlags = messages.NTLMSSP_NEGOTIATE_LM_KEY.Set(n.NegotiateFlags)
|
||||
n.NegotiateFlags = NTLMSSP_NEGOTIATE_LM_KEY.Set(n.NegotiateFlags)
|
||||
}
|
||||
|
||||
n.ClientSigningKey = signKey(n.NegotiateFlags, n.exportedSessionKey, "Client")
|
||||
@ -94,9 +93,9 @@ func (n *V2Session) Sign(message []byte) ([]byte, error) {
|
||||
func NtlmVCommonMac(message []byte, sequenceNumber int, sealingKey, signingKey []byte, NegotiateFlags uint32) []byte {
|
||||
var handle *rc4P.Cipher
|
||||
// TODO: Need to keep track of the sequence number for connection oriented NTLM
|
||||
if messages.NTLMSSP_NEGOTIATE_DATAGRAM.IsSet(NegotiateFlags) && messages.NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY.IsSet(NegotiateFlags) {
|
||||
if NTLMSSP_NEGOTIATE_DATAGRAM.IsSet(NegotiateFlags) && NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY.IsSet(NegotiateFlags) {
|
||||
handle, _ = reinitSealingKey(sealingKey, sequenceNumber)
|
||||
} else if messages.NTLMSSP_NEGOTIATE_DATAGRAM.IsSet(NegotiateFlags) {
|
||||
} else if NTLMSSP_NEGOTIATE_DATAGRAM.IsSet(NegotiateFlags) {
|
||||
// CONOR: Reinitializing the rc4 cipher on every requst, but not using the
|
||||
// algorithm as described in the MS-NTLM document. Just reinitialize it directly.
|
||||
handle, _ = rc4Init(sealingKey)
|
||||
@ -107,9 +106,9 @@ func NtlmVCommonMac(message []byte, sequenceNumber int, sealingKey, signingKey [
|
||||
|
||||
func NtlmV2Mac(message []byte, sequenceNumber int, handle *rc4P.Cipher, sealingKey, signingKey []byte, NegotiateFlags uint32) []byte {
|
||||
// TODO: Need to keep track of the sequence number for connection oriented NTLM
|
||||
if messages.NTLMSSP_NEGOTIATE_DATAGRAM.IsSet(NegotiateFlags) && messages.NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY.IsSet(NegotiateFlags) {
|
||||
if NTLMSSP_NEGOTIATE_DATAGRAM.IsSet(NegotiateFlags) && NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY.IsSet(NegotiateFlags) {
|
||||
handle, _ = reinitSealingKey(sealingKey, sequenceNumber)
|
||||
} else if messages.NTLMSSP_NEGOTIATE_DATAGRAM.IsSet(NegotiateFlags) {
|
||||
} else if NTLMSSP_NEGOTIATE_DATAGRAM.IsSet(NegotiateFlags) {
|
||||
// CONOR: Reinitializing the rc4 cipher on every requst, but not using the
|
||||
// algorithm as described in the MS-NTLM document. Just reinitialize it directly.
|
||||
handle, _ = rc4Init(sealingKey)
|
||||
@ -150,30 +149,30 @@ func (n *V2ServerSession) SetServerChallenge(challenge []byte) {
|
||||
n.serverChallenge = challenge
|
||||
}
|
||||
|
||||
func (n *V2ServerSession) ProcessNegotiateMessage(nm *messages.Negotiate) (err error) {
|
||||
func (n *V2ServerSession) ProcessNegotiateMessage(nm *NegotiateMessage) (err error) {
|
||||
n.negotiateMessage = nm
|
||||
return
|
||||
}
|
||||
|
||||
func (n *V2ServerSession) GenerateChallengeMessage() (cm *messages.Challenge, err error) {
|
||||
cm = new(messages.Challenge)
|
||||
func (n *V2ServerSession) GenerateChallengeMessage() (cm *ChallengeMessage, err error) {
|
||||
cm = new(ChallengeMessage)
|
||||
cm.Signature = []byte("NTLMSSP\x00")
|
||||
cm.MessageType = uint32(2)
|
||||
cm.TargetName, _ = messages.CreateBytePayload(make([]byte, 0))
|
||||
cm.TargetName, _ = CreateBytePayload(make([]byte, 0))
|
||||
|
||||
flags := uint32(0)
|
||||
flags = messages.NTLMSSP_NEGOTIATE_KEY_EXCH.Set(flags)
|
||||
flags = messages.NTLMSSP_NEGOTIATE_VERSION.Set(flags)
|
||||
flags = messages.NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY.Set(flags)
|
||||
flags = messages.NTLMSSP_NEGOTIATE_TARGET_INFO.Set(flags)
|
||||
flags = messages.NTLMSSP_NEGOTIATE_IDENTIFY.Set(flags)
|
||||
flags = messages.NTLMSSP_NEGOTIATE_ALWAYS_SIGN.Set(flags)
|
||||
flags = messages.NTLMSSP_NEGOTIATE_NTLM.Set(flags)
|
||||
flags = messages.NTLMSSP_NEGOTIATE_DATAGRAM.Set(flags)
|
||||
flags = messages.NTLMSSP_NEGOTIATE_SIGN.Set(flags)
|
||||
flags = messages.NTLMSSP_REQUEST_TARGET.Set(flags)
|
||||
flags = messages.NTLMSSP_NEGOTIATE_UNICODE.Set(flags)
|
||||
flags = messages.NTLMSSP_NEGOTIATE_128.Set(flags)
|
||||
flags = NTLMSSP_NEGOTIATE_KEY_EXCH.Set(flags)
|
||||
flags = NTLMSSP_NEGOTIATE_VERSION.Set(flags)
|
||||
flags = NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY.Set(flags)
|
||||
flags = NTLMSSP_NEGOTIATE_TARGET_INFO.Set(flags)
|
||||
flags = NTLMSSP_NEGOTIATE_IDENTIFY.Set(flags)
|
||||
flags = NTLMSSP_NEGOTIATE_ALWAYS_SIGN.Set(flags)
|
||||
flags = NTLMSSP_NEGOTIATE_NTLM.Set(flags)
|
||||
flags = NTLMSSP_NEGOTIATE_DATAGRAM.Set(flags)
|
||||
flags = NTLMSSP_NEGOTIATE_SIGN.Set(flags)
|
||||
flags = NTLMSSP_REQUEST_TARGET.Set(flags)
|
||||
flags = NTLMSSP_NEGOTIATE_UNICODE.Set(flags)
|
||||
flags = NTLMSSP_NEGOTIATE_128.Set(flags)
|
||||
|
||||
cm.NegotiateFlags = flags
|
||||
|
||||
@ -182,21 +181,21 @@ func (n *V2ServerSession) GenerateChallengeMessage() (cm *messages.Challenge, er
|
||||
cm.Reserved = make([]byte, 8)
|
||||
|
||||
// Create the AvPairs we need
|
||||
pairs := new(messages.AvPairs)
|
||||
pairs.AddAvPair(messages.MsvAvNbDomainName, messages.StringToUtf16("REUTERS"))
|
||||
pairs.AddAvPair(messages.MsvAvNbComputerName, messages.StringToUtf16("UKBP-CBTRMFE06"))
|
||||
pairs.AddAvPair(messages.MsvAvDnsDomainName, messages.StringToUtf16("Reuters.net"))
|
||||
pairs.AddAvPair(messages.MsvAvDnsComputerName, messages.StringToUtf16("ukbp-cbtrmfe06.Reuters.net"))
|
||||
pairs.AddAvPair(messages.MsvAvDnsTreeName, messages.StringToUtf16("Reuters.net"))
|
||||
pairs.AddAvPair(messages.MsvAvEOL, make([]byte, 0))
|
||||
pairs := new(AvPairs)
|
||||
pairs.AddAvPair(MsvAvNbDomainName, utf16FromString("REUTERS"))
|
||||
pairs.AddAvPair(MsvAvNbComputerName, utf16FromString("UKBP-CBTRMFE06"))
|
||||
pairs.AddAvPair(MsvAvDnsDomainName, utf16FromString("Reuters.net"))
|
||||
pairs.AddAvPair(MsvAvDnsComputerName, utf16FromString("ukbp-cbtrmfe06.Reuters.net"))
|
||||
pairs.AddAvPair(MsvAvDnsTreeName, utf16FromString("Reuters.net"))
|
||||
pairs.AddAvPair(MsvAvEOL, make([]byte, 0))
|
||||
cm.TargetInfo = pairs
|
||||
cm.TargetInfoPayloadStruct, _ = messages.CreateBytePayload(pairs.Bytes())
|
||||
cm.TargetInfoPayloadStruct, _ = CreateBytePayload(pairs.Bytes())
|
||||
|
||||
cm.Version = &messages.VersionStruct{ProductMajorVersion: uint8(5), ProductMinorVersion: uint8(1), ProductBuild: uint16(2600), NTLMRevisionCurrent: uint8(15)}
|
||||
cm.Version = &VersionStruct{ProductMajorVersion: uint8(5), ProductMinorVersion: uint8(1), ProductBuild: uint16(2600), NTLMRevisionCurrent: uint8(15)}
|
||||
return cm, nil
|
||||
}
|
||||
|
||||
func (n *V2ServerSession) ProcessAuthenticateMessage(am *messages.Authenticate) (err error) {
|
||||
func (n *V2ServerSession) ProcessAuthenticateMessage(am *AuthenticateMessage) (err error) {
|
||||
n.authenticateMessage = am
|
||||
n.NegotiateFlags = am.NegotiateFlags
|
||||
n.clientChallenge = am.ClientChallenge()
|
||||
@ -257,7 +256,7 @@ func (n *V2ServerSession) ProcessAuthenticateMessage(am *messages.Authenticate)
|
||||
}
|
||||
|
||||
func (n *V2ServerSession) computeExportedSessionKey() (err error) {
|
||||
if messages.NTLMSSP_NEGOTIATE_KEY_EXCH.IsSet(n.NegotiateFlags) {
|
||||
if NTLMSSP_NEGOTIATE_KEY_EXCH.IsSet(n.NegotiateFlags) {
|
||||
n.exportedSessionKey, err = rc4K(n.keyExchangeKey, n.encryptedRandomSessionKey)
|
||||
if err != nil {
|
||||
return err
|
||||
@ -280,11 +279,11 @@ type V2ClientSession struct {
|
||||
V2Session
|
||||
}
|
||||
|
||||
func (n *V2ClientSession) GenerateNegotiateMessage() (nm *messages.Negotiate, err error) {
|
||||
func (n *V2ClientSession) GenerateNegotiateMessage() (nm *NegotiateMessage, err error) {
|
||||
return nil, nil
|
||||
}
|
||||
|
||||
func (n *V2ClientSession) ProcessChallengeMessage(cm *messages.Challenge) (err error) {
|
||||
func (n *V2ClientSession) ProcessChallengeMessage(cm *ChallengeMessage) (err error) {
|
||||
n.challengeMessage = cm
|
||||
n.serverChallenge = cm.ServerChallenge
|
||||
n.clientChallenge = randomBytes(8)
|
||||
@ -292,18 +291,18 @@ func (n *V2ClientSession) ProcessChallengeMessage(cm *messages.Challenge) (err e
|
||||
// Set up the default flags for processing the response. These are the flags that we will return
|
||||
// in the authenticate message
|
||||
flags := uint32(0)
|
||||
flags = messages.NTLMSSP_NEGOTIATE_KEY_EXCH.Set(flags)
|
||||
flags = messages.NTLMSSP_NEGOTIATE_VERSION.Set(flags)
|
||||
flags = messages.NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY.Set(flags)
|
||||
flags = messages.NTLMSSP_NEGOTIATE_TARGET_INFO.Set(flags)
|
||||
flags = messages.NTLMSSP_NEGOTIATE_IDENTIFY.Set(flags)
|
||||
flags = messages.NTLMSSP_NEGOTIATE_ALWAYS_SIGN.Set(flags)
|
||||
flags = messages.NTLMSSP_NEGOTIATE_NTLM.Set(flags)
|
||||
flags = messages.NTLMSSP_NEGOTIATE_DATAGRAM.Set(flags)
|
||||
flags = messages.NTLMSSP_NEGOTIATE_SIGN.Set(flags)
|
||||
flags = messages.NTLMSSP_REQUEST_TARGET.Set(flags)
|
||||
flags = messages.NTLMSSP_NEGOTIATE_UNICODE.Set(flags)
|
||||
flags = messages.NTLMSSP_NEGOTIATE_128.Set(flags)
|
||||
flags = NTLMSSP_NEGOTIATE_KEY_EXCH.Set(flags)
|
||||
flags = NTLMSSP_NEGOTIATE_VERSION.Set(flags)
|
||||
flags = NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY.Set(flags)
|
||||
flags = NTLMSSP_NEGOTIATE_TARGET_INFO.Set(flags)
|
||||
flags = NTLMSSP_NEGOTIATE_IDENTIFY.Set(flags)
|
||||
flags = NTLMSSP_NEGOTIATE_ALWAYS_SIGN.Set(flags)
|
||||
flags = NTLMSSP_NEGOTIATE_NTLM.Set(flags)
|
||||
flags = NTLMSSP_NEGOTIATE_DATAGRAM.Set(flags)
|
||||
flags = NTLMSSP_NEGOTIATE_SIGN.Set(flags)
|
||||
flags = NTLMSSP_REQUEST_TARGET.Set(flags)
|
||||
flags = NTLMSSP_NEGOTIATE_UNICODE.Set(flags)
|
||||
flags = NTLMSSP_NEGOTIATE_128.Set(flags)
|
||||
|
||||
n.NegotiateFlags = flags
|
||||
|
||||
@ -344,24 +343,24 @@ func (n *V2ClientSession) ProcessChallengeMessage(cm *messages.Challenge) (err e
|
||||
return nil
|
||||
}
|
||||
|
||||
func (n *V2ClientSession) GenerateAuthenticateMessage() (am *messages.Authenticate, err error) {
|
||||
am = new(messages.Authenticate)
|
||||
func (n *V2ClientSession) GenerateAuthenticateMessage() (am *AuthenticateMessage, err error) {
|
||||
am = new(AuthenticateMessage)
|
||||
am.Signature = []byte("NTLMSSP\x00")
|
||||
am.MessageType = uint32(3)
|
||||
am.LmChallengeResponse, _ = messages.CreateBytePayload(n.lmChallengeResponse)
|
||||
am.NtChallengeResponseFields, _ = messages.CreateBytePayload(n.ntChallengeResponse)
|
||||
am.DomainName, _ = messages.CreateStringPayload(n.userDomain)
|
||||
am.UserName, _ = messages.CreateStringPayload(n.user)
|
||||
am.Workstation, _ = messages.CreateStringPayload("SQUAREMILL")
|
||||
am.EncryptedRandomSessionKey, _ = messages.CreateBytePayload(n.encryptedRandomSessionKey)
|
||||
am.LmChallengeResponse, _ = CreateBytePayload(n.lmChallengeResponse)
|
||||
am.NtChallengeResponseFields, _ = CreateBytePayload(n.ntChallengeResponse)
|
||||
am.DomainName, _ = CreateStringPayload(n.userDomain)
|
||||
am.UserName, _ = CreateStringPayload(n.user)
|
||||
am.Workstation, _ = CreateStringPayload("SQUAREMILL")
|
||||
am.EncryptedRandomSessionKey, _ = CreateBytePayload(n.encryptedRandomSessionKey)
|
||||
am.NegotiateFlags = n.NegotiateFlags
|
||||
am.Mic = make([]byte, 16)
|
||||
am.Version = &messages.VersionStruct{ProductMajorVersion: uint8(5), ProductMinorVersion: uint8(1), ProductBuild: uint16(2600), NTLMRevisionCurrent: 0x0F}
|
||||
am.Version = &VersionStruct{ProductMajorVersion: uint8(5), ProductMinorVersion: uint8(1), ProductBuild: uint16(2600), NTLMRevisionCurrent: 0x0F}
|
||||
return am, nil
|
||||
}
|
||||
|
||||
func (n *V2ClientSession) computeEncryptedSessionKey() (err error) {
|
||||
if messages.NTLMSSP_NEGOTIATE_KEY_EXCH.IsSet(n.NegotiateFlags) {
|
||||
if NTLMSSP_NEGOTIATE_KEY_EXCH.IsSet(n.NegotiateFlags) {
|
||||
n.exportedSessionKey = randomBytes(16)
|
||||
n.encryptedRandomSessionKey, err = rc4K(n.keyExchangeKey, n.exportedSessionKey)
|
||||
if err != nil {
|
||||
|
||||
@ -6,7 +6,6 @@ import (
|
||||
"bytes"
|
||||
"encoding/base64"
|
||||
"encoding/hex"
|
||||
"github.com/ThomsonReutersEikon/go-ntlm/ntlm/messages"
|
||||
"strings"
|
||||
"testing"
|
||||
"time"
|
||||
@ -34,19 +33,19 @@ func TestNTOWFv2(t *testing.T) {
|
||||
|
||||
func TestNTLMv2(t *testing.T) {
|
||||
flags := uint32(0)
|
||||
flags = messages.NTLMSSP_NEGOTIATE_KEY_EXCH.Set(flags)
|
||||
flags = messages.NTLMSSP_NEGOTIATE_56.Set(flags)
|
||||
flags = messages.NTLMSSP_NEGOTIATE_128.Set(flags)
|
||||
flags = messages.NTLMSSP_NEGOTIATE_VERSION.Set(flags)
|
||||
flags = messages.NTLMSSP_NEGOTIATE_TARGET_INFO.Set(flags)
|
||||
flags = messages.NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY.Set(flags)
|
||||
flags = messages.NTLMSSP_TARGET_TYPE_SERVER.Set(flags)
|
||||
flags = messages.NTLMSSP_NEGOTIATE_ALWAYS_SIGN.Set(flags)
|
||||
flags = messages.NTLMSSP_NEGOTIATE_NTLM.Set(flags)
|
||||
flags = messages.NTLMSSP_NEGOTIATE_SEAL.Set(flags)
|
||||
flags = messages.NTLMSSP_NEGOTIATE_SIGN.Set(flags)
|
||||
flags = messages.NTLM_NEGOTIATE_OEM.Set(flags)
|
||||
flags = messages.NTLMSSP_NEGOTIATE_UNICODE.Set(flags)
|
||||
flags = NTLMSSP_NEGOTIATE_KEY_EXCH.Set(flags)
|
||||
flags = NTLMSSP_NEGOTIATE_56.Set(flags)
|
||||
flags = NTLMSSP_NEGOTIATE_128.Set(flags)
|
||||
flags = NTLMSSP_NEGOTIATE_VERSION.Set(flags)
|
||||
flags = NTLMSSP_NEGOTIATE_TARGET_INFO.Set(flags)
|
||||
flags = NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY.Set(flags)
|
||||
flags = NTLMSSP_TARGET_TYPE_SERVER.Set(flags)
|
||||
flags = NTLMSSP_NEGOTIATE_ALWAYS_SIGN.Set(flags)
|
||||
flags = NTLMSSP_NEGOTIATE_NTLM.Set(flags)
|
||||
flags = NTLMSSP_NEGOTIATE_SEAL.Set(flags)
|
||||
flags = NTLMSSP_NEGOTIATE_SIGN.Set(flags)
|
||||
flags = NTLM_NEGOTIATE_OEM.Set(flags)
|
||||
flags = NTLMSSP_NEGOTIATE_UNICODE.Set(flags)
|
||||
|
||||
// n := new(V2Session)
|
||||
// n.SetUserInfo("User","Password","Domain")
|
||||
@ -64,7 +63,7 @@ func TestNTLMv2(t *testing.T) {
|
||||
client.SetUserInfo("User", "Password", "Domain")
|
||||
|
||||
challengeMessageBytes, _ := hex.DecodeString("4e544c4d53535000020000000c000c003800000033828ae20123456789abcdef00000000000000002400240044000000060070170000000f53006500720076006500720002000c0044006f006d00610069006e0001000c0053006500720076006500720000000000")
|
||||
challengeMessage, err := messages.ParseChallengeMessage(challengeMessageBytes)
|
||||
challengeMessage, err := ParseChallengeMessage(challengeMessageBytes)
|
||||
if err == nil {
|
||||
challengeMessage.String()
|
||||
} else {
|
||||
@ -99,7 +98,7 @@ func TestNTLMv2(t *testing.T) {
|
||||
0000000000000000c5dad2544fc97990
|
||||
94ce1ce90bc9d03e`))
|
||||
|
||||
authenticateMessage, err := messages.ParseAuthenticateMessage(authenticateMessageBytes, 2)
|
||||
authenticateMessage, err := ParseAuthenticateMessage(authenticateMessageBytes, 2)
|
||||
if err == nil {
|
||||
authenticateMessage.String()
|
||||
} else {
|
||||
@ -166,7 +165,7 @@ func TestNTLMv2WithDomain(t *testing.T) {
|
||||
server.SetUserInfo("blahblah", "Welcome1", "blahblah")
|
||||
|
||||
authenticateData, _ := base64.StdEncoding.DecodeString(authenticateMessage)
|
||||
a, _ := messages.ParseAuthenticateMessage(authenticateData, 2)
|
||||
a, _ := ParseAuthenticateMessage(authenticateData, 2)
|
||||
|
||||
serverChallenge, _ := hex.DecodeString("3d74b2d04ebe1eb3")
|
||||
server.SetServerChallenge(serverChallenge)
|
||||
|
||||
@ -1,6 +1,6 @@
|
||||
//Copyright 2013 Thomson Reuters Global Resources. All Rights Reserved. Proprietary and confidential information of TRGR. Disclosure, use, or reproduction without written authorization of TRGR is prohibited.
|
||||
|
||||
package messages
|
||||
package ntlm
|
||||
|
||||
import (
|
||||
"bytes"
|
||||
@ -38,7 +38,7 @@ func (p *PayloadStruct) String() string {
|
||||
|
||||
switch p.Type {
|
||||
case UnicodeStringPayload:
|
||||
returnString = Utf16ToString(p.Payload)
|
||||
returnString = utf16ToString(p.Payload)
|
||||
case OemStringPayload:
|
||||
returnString = string(p.Payload)
|
||||
case BytesPayload:
|
||||
@ -60,7 +60,7 @@ func CreateBytePayload(bytes []byte) (*PayloadStruct, error) {
|
||||
|
||||
func CreateStringPayload(value string) (*PayloadStruct, error) {
|
||||
// Create UTF16 unicode bytes from string
|
||||
bytes := StringToUtf16(value)
|
||||
bytes := utf16FromString(value)
|
||||
p := new(PayloadStruct)
|
||||
p.Type = UnicodeStringPayload
|
||||
p.Len = uint16(len(bytes))
|
||||
@ -7,7 +7,6 @@ import (
|
||||
"encoding/binary"
|
||||
"encoding/hex"
|
||||
"fmt"
|
||||
"github.com/ThomsonReutersEikon/go-ntlm/ntlm/messages"
|
||||
)
|
||||
|
||||
type NtlmsspMessageSignature struct {
|
||||
@ -48,7 +47,7 @@ func sign(negFlags uint32, handle *rc4P.Cipher, signingKey []byte, seqNum uint32
|
||||
}
|
||||
|
||||
func mac(negFlags uint32, handle *rc4P.Cipher, signingKey []byte, seqNum uint32, message []byte) (result *NtlmsspMessageSignature) {
|
||||
if messages.NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY.IsSet(negFlags) {
|
||||
if NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY.IsSet(negFlags) {
|
||||
result = macWithExtendedSessionSecurity(negFlags, handle, signingKey, seqNum, message)
|
||||
} else {
|
||||
result = macWithoutExtendedSessionSecurity(handle, seqNum, message)
|
||||
@ -105,7 +104,7 @@ func macWithExtendedSessionSecurity(negFlags uint32, handle *rc4P.Cipher, signin
|
||||
seqNumBytes := make([]byte, 4)
|
||||
binary.LittleEndian.PutUint32(seqNumBytes, seqNum)
|
||||
sig.CheckSum = hmacMd5(signingKey, concat(seqNumBytes, message))[0:8]
|
||||
if messages.NTLMSSP_NEGOTIATE_KEY_EXCH.IsSet(negFlags) {
|
||||
if NTLMSSP_NEGOTIATE_KEY_EXCH.IsSet(negFlags) {
|
||||
sig.CheckSum = rc4(handle, sig.CheckSum)
|
||||
}
|
||||
sig.SeqNum = seqNumBytes
|
||||
|
||||
@ -5,7 +5,6 @@ package ntlm
|
||||
import (
|
||||
"bytes"
|
||||
"encoding/hex"
|
||||
"github.com/ThomsonReutersEikon/go-ntlm/ntlm/messages"
|
||||
"testing"
|
||||
)
|
||||
|
||||
@ -42,7 +41,7 @@ func TestSealSignWithExtendedSessionSecurity(t *testing.T) {
|
||||
plaintext, _ := hex.DecodeString("50006c00610069006e007400650078007400")
|
||||
seqNum := uint32(0)
|
||||
flags := uint32(0)
|
||||
flags = messages.NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY.Set(flags)
|
||||
flags = NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY.Set(flags)
|
||||
|
||||
sealed, sig := seal(flags, handle, signKey, seqNum, plaintext)
|
||||
checkSigValue(t, "Sealed Data", sealed, "a02372f6530273f3aa1eb90190ce5200c99d", nil)
|
||||
@ -57,8 +56,8 @@ func TestSealSignWithExtendedSessionSecurityKeyEx(t *testing.T) {
|
||||
plaintext, _ := hex.DecodeString("50006c00610069006e007400650078007400")
|
||||
seqNum := uint32(0)
|
||||
flags := uint32(0)
|
||||
flags = messages.NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY.Set(flags)
|
||||
flags = messages.NTLMSSP_NEGOTIATE_KEY_EXCH.Set(flags)
|
||||
flags = NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY.Set(flags)
|
||||
flags = NTLMSSP_NEGOTIATE_KEY_EXCH.Set(flags)
|
||||
|
||||
sealed, sig := seal(flags, handle, signKey, seqNum, plaintext)
|
||||
checkSigValue(t, "Sealed Data", sealed, "54e50165bf1936dc996020c1811b0f06fb5f", nil)
|
||||
|
||||
@ -1,6 +1,6 @@
|
||||
//Copyright 2013 Thomson Reuters Global Resources. All Rights Reserved. Proprietary and confidential information of TRGR. Disclosure, use, or reproduction without written authorization of TRGR is prohibited.
|
||||
|
||||
package messages
|
||||
package ntlm
|
||||
|
||||
import (
|
||||
"bytes"
|
||||
@ -4,7 +4,6 @@ import (
|
||||
"encoding/base64"
|
||||
"flag"
|
||||
"fmt"
|
||||
"github.com/ThomsonReutersEikon/go-ntlm/ntlm/messages"
|
||||
)
|
||||
|
||||
func main() {
|
||||
@ -14,6 +13,6 @@ func main() {
|
||||
fmt.Println("Paste the base64 encoded Authenticate message (with no line breaks):")
|
||||
fmt.Scanf("%s", &data)
|
||||
authenticateData, _ := base64.StdEncoding.DecodeString(data)
|
||||
a, _ := messages.ParseAuthenticateMessage(authenticateData, *ntlmVersion)
|
||||
a, _ := ntlm.ParseAuthenticateMessage(authenticateData, *ntlmVersion)
|
||||
fmt.Printf(a.String())
|
||||
}
|
||||
|
||||
@ -4,7 +4,6 @@ import (
|
||||
"encoding/base64"
|
||||
"fmt"
|
||||
"github.com/ThomsonReutersEikon/go-ntlm/ntlm"
|
||||
"github.com/ThomsonReutersEikon/go-ntlm/ntlm/messages"
|
||||
)
|
||||
|
||||
func main() {
|
||||
@ -28,7 +27,7 @@ func main() {
|
||||
server.SetUserInfo("050045.rmwatest@reuters.com", "Welcome1", "")
|
||||
|
||||
challengeData, _ := base64.StdEncoding.DecodeString(challengeMessage)
|
||||
c, _ := messages.ParseChallengeMessage(challengeData)
|
||||
c, _ := ntlm.ParseChallengeMessage(challengeData)
|
||||
|
||||
fmt.Println("----- Challenge Message ----- ")
|
||||
fmt.Println(c.String())
|
||||
@ -37,9 +36,9 @@ func main() {
|
||||
authenticateData, _ := base64.StdEncoding.DecodeString(authenticateMessage)
|
||||
var context ntlm.ServerSession
|
||||
|
||||
msg, err := messages.ParseAuthenticateMessage(authenticateData, 2)
|
||||
msg, err := ntlm.ParseAuthenticateMessage(authenticateData, 2)
|
||||
if err != nil {
|
||||
msg2, newErr := messages.ParseAuthenticateMessage(authenticateData, 1)
|
||||
msg2, newErr := ntlm.ParseAuthenticateMessage(authenticateData, 1)
|
||||
if newErr != nil {
|
||||
fmt.Printf("Error ParseAuthenticateMessage , %s", err)
|
||||
return
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user