nathan/go-ntlmssp
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

more logging

Browse Source
This commit is contained in:
Nathan Coad
2025-03-17 09:30:04 +11:00
parent f1ae4c4171
commit befb826740
2 changed files with 13 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
authenticate_message.go
View File

@@ -3,7 +3,6 @@ package ntlmssp
import ( import (
"bytes" "bytes"
"crypto/rand" "crypto/rand"
"encoding/base64"
"encoding/binary" "encoding/binary"
"errors" "errors"
"time" "time"
@@ -83,22 +82,22 @@ func (m authenicateMessage) MarshalBinary() ([]byte, error) {
// that was received from the server // that was received from the server
func ProcessChallenge(challengeMessageData []byte, user, password string) ([]byte, error) { func ProcessChallenge(challengeMessageData []byte, user, password string) ([]byte, error) {
if user == "" && password == "" { if user == "" && password == "" {
PrintDebug("User %s, Pass Length %d", user, len(password))
return nil, errors.New("Anonymous authentication not supported") return nil, errors.New("Anonymous authentication not supported")
} }
// debugging
PrintDebug("Received NTLM Type 2 Challenge: %s", base64.StdEncoding.EncodeToString(challengeMessageData))
DecodeNTLMMessage(challengeMessageData)
var cm challengeMessage var cm challengeMessage
if err := cm.UnmarshalBinary(challengeMessageData); err != nil { if err := cm.UnmarshalBinary(challengeMessageData); err != nil {
PrintDebug("Failed to unmarshal challenge data")
return nil, err return nil, err
} }
if cm.NegotiateFlags.Has(negotiateFlagNTLMSSPNEGOTIATELMKEY) { if cm.NegotiateFlags.Has(negotiateFlagNTLMSSPNEGOTIATELMKEY) {
PrintDebug("server requested NTLM v1")
return nil, errors.New("Only NTLM v2 is supported, but server requested v1 (NTLMSSP_NEGOTIATE_LM_KEY)") return nil, errors.New("Only NTLM v2 is supported, but server requested v1 (NTLMSSP_NEGOTIATE_LM_KEY)")
} }
if cm.NegotiateFlags.Has(negotiateFlagNTLMSSPNEGOTIATEKEYEXCH) { if cm.NegotiateFlags.Has(negotiateFlagNTLMSSPNEGOTIATEKEYEXCH) {
PrintDebug("Key exchange requested but not supported")
return nil, errors.New("Key exchange requested but not supported (NTLMSSP_NEGOTIATE_KEY_EXCH)") return nil, errors.New("Key exchange requested but not supported (NTLMSSP_NEGOTIATE_KEY_EXCH)")
} }
@@ -120,6 +119,7 @@ func ProcessChallenge(challengeMessageData []byte, user, password string) ([]byt
rand.Reader.Read(clientChallenge) rand.Reader.Read(clientChallenge)
ntlmV2Hash := getNtlmV2Hash(password, user, cm.TargetName) ntlmV2Hash := getNtlmV2Hash(password, user, cm.TargetName)
PrintDebug("NTLM V2 hash '%s'", ntlmV2Hash)
am.NtChallengeResponse = computeNtlmV2Response(ntlmV2Hash, am.NtChallengeResponse = computeNtlmV2Response(ntlmV2Hash,
cm.ServerChallenge[:], clientChallenge, timestamp, cm.TargetInfoRaw) cm.ServerChallenge[:], clientChallenge, timestamp, cm.TargetInfoRaw)
@@ -129,5 +129,7 @@ func ProcessChallenge(challengeMessageData []byte, user, password string) ([]byt
cm.ServerChallenge[:], clientChallenge) cm.ServerChallenge[:], clientChallenge)
} }
PrintDebug("Challenge response: NT %s; LM %s", am.NtChallengeResponse, am.LmChallengeResponse)
return am.MarshalBinary() return am.MarshalBinary()
} }

6
negotiator.go
View File

@@ -121,8 +121,14 @@ func (l Negotiator) RoundTrip(req *http.Request) (res *http.Response, err error)
if err != nil { if err != nil {
return nil, err return nil, err
} }
// debugging
PrintDebug("Received NTLM Type 2 Challenge: %s", base64.StdEncoding.EncodeToString(challengeMessage))
DecodeNTLMMessage(challengeMessage)
if !(resauth.IsNegotiate() || resauth.IsNTLM()) || len(challengeMessage) == 0 { if !(resauth.IsNegotiate() || resauth.IsNTLM()) || len(challengeMessage) == 0 {
// Negotiation failed, let client deal with response // Negotiation failed, let client deal with response
PrintDebug("Negotiation failed")
return res, nil return res, nil
} }
io.Copy(io.Discard, res.Body) io.Copy(io.Discard, res.Body)