From 4a21cbd618b459155f8b8ee7f4491cd54f5efa77 Mon Sep 17 00:00:00 2001
From: Dave <dave.johnston@icloud.com>
Date: Fri, 10 Aug 2018 18:55:52 +0100
Subject: [PATCH]     Negotiation fails for servers where 'NTLMv2 session
 security' is required (#18)

If a server has specified that NTLMv2 session security is required,
    then negotiation will fail as the client does not advertise this during
    the handshake. The negoiate message needs to include the relevant
    flag 'negotiateFlagNTLMSSPNEGOTIATEEXTENDEDSESSIONSECURITY'

    To test enable this on the remote server by using regedt32 to modify the
    key
    HKLM\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\NtlmMinServerSec and
    set the value to 0x20080000
---
 negotiate_message.go | 3 ++-
 nlmp_test.go         | 8 ++++----
 2 files changed, 6 insertions(+), 5 deletions(-)

diff --git a/negotiate_message.go b/negotiate_message.go
index 28f0537..e466a98 100644
--- a/negotiate_message.go
+++ b/negotiate_message.go
@@ -22,7 +22,8 @@ type negotiateMessageFields struct {
 var defaultFlags = negotiateFlagNTLMSSPNEGOTIATETARGETINFO |
 	negotiateFlagNTLMSSPNEGOTIATE56 |
 	negotiateFlagNTLMSSPNEGOTIATE128 |
-	negotiateFlagNTLMSSPNEGOTIATEUNICODE
+	negotiateFlagNTLMSSPNEGOTIATEUNICODE |
+	negotiateFlagNTLMSSPNEGOTIATEEXTENDEDSESSIONSECURITY
 
 //NewNegotiateMessage creates a new NEGOTIATE message with the
 //flags that this package supports.
diff --git a/nlmp_test.go b/nlmp_test.go
index c0ece95..b025ccc 100644
--- a/nlmp_test.go
+++ b/nlmp_test.go
@@ -26,21 +26,21 @@ func TestUsernameDomainWorkstation(t *testing.T) {
 	}{
 		{username, "", username, "", []byte{
 			0x4e, 0x54, 0x4c, 0x4d, 0x53, 0x53, 0x50, 0x00, 0x01, 0x00, 0x00, 0x00, 0x01, 0x00,
-			0x80, 0xa0, 0x00, 0x00, 0x00, 0x00, 0x28, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+			0x88, 0xa0, 0x00, 0x00, 0x00, 0x00, 0x28, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
 			0x28, 0x00, 0x00, 0x00, 0x06, 0x01, 0xb1, 0x1d, 0x00, 0x00, 0x00, 0x0f}},
 		{domain + "\\" + username, "", username, domain, []byte{
 			0x4e, 0x54, 0x4c, 0x4d, 0x53, 0x53, 0x50, 0x00, 0x01, 0x00, 0x00, 0x00, 0x01, 0x10,
-			0x80, 0xa0, 0x08, 0x00, 0x08, 0x00, 0x28, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+			0x88, 0xa0, 0x08, 0x00, 0x08, 0x00, 0x28, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
 			0x30, 0x00, 0x00, 0x00, 0x06, 0x01, 0xb1, 0x1d, 0x00, 0x00, 0x00, 0x0f, 0x4d, 0x59,
 			0x44, 0x4f, 0x4d, 0x41, 0x49, 0x4e}},
 		{domain + "\\" + username, workstation, username, domain, []byte{
 			0x4e, 0x54, 0x4c, 0x4d, 0x53, 0x53, 0x50, 0x00, 0x01, 0x00, 0x00, 0x00, 0x01, 0x30,
-			0x80, 0xa0, 0x08, 0x00, 0x08, 0x00, 0x28, 0x00, 0x00, 0x00, 0x04, 0x00, 0x04, 0x00,
+			0x88, 0xa0, 0x08, 0x00, 0x08, 0x00, 0x28, 0x00, 0x00, 0x00, 0x04, 0x00, 0x04, 0x00,
 			0x30, 0x00, 0x00, 0x00, 0x06, 0x01, 0xb1, 0x1d, 0x00, 0x00, 0x00, 0x0f, 0x4d, 0x59,
 			0x44, 0x4f, 0x4d, 0x41, 0x49, 0x4e, 0x4d, 0x59, 0x50, 0x43}},
 		{username, workstation, username, "", []byte{
 			0x4e, 0x54, 0x4c, 0x4d, 0x53, 0x53, 0x50, 0x00, 0x01, 0x00, 0x00, 0x00, 0x01, 0x20,
-			0x80, 0xa0, 0x00, 0x00, 0x00, 0x00, 0x28, 0x00, 0x00, 0x00, 0x04, 0x00, 0x04, 0x00,
+			0x88, 0xa0, 0x00, 0x00, 0x00, 0x00, 0x28, 0x00, 0x00, 0x00, 0x04, 0x00, 0x04, 0x00,
 			0x28, 0x00, 0x00, 0x00, 0x06, 0x01, 0xb1, 0x1d, 0x00, 0x00, 0x00, 0x0f, 0x4d, 0x59,
 			0x50, 0x43}},
 	}