Compare commits
4 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
| adaea700ae | |||
| 468f0240be | |||
| f8cadb2287 | |||
| befb826740 |
@@ -83,6 +83,7 @@ func (m authenicateMessage) MarshalBinary() ([]byte, error) {
|
||||
// that was received from the server
|
||||
func ProcessChallenge(challengeMessageData []byte, user, password string) ([]byte, error) {
|
||||
if user == "" && password == "" {
|
||||
PrintDebug("User %s, Pass Length %d", user, len(password))
|
||||
return nil, errors.New("Anonymous authentication not supported")
|
||||
}
|
||||
|
||||
@@ -92,13 +93,16 @@ func ProcessChallenge(challengeMessageData []byte, user, password string) ([]byt
|
||||
|
||||
var cm challengeMessage
|
||||
if err := cm.UnmarshalBinary(challengeMessageData); err != nil {
|
||||
PrintDebug("Failed to unmarshal challenge data")
|
||||
return nil, err
|
||||
}
|
||||
|
||||
if cm.NegotiateFlags.Has(negotiateFlagNTLMSSPNEGOTIATELMKEY) {
|
||||
PrintDebug("server requested NTLM v1")
|
||||
return nil, errors.New("Only NTLM v2 is supported, but server requested v1 (NTLMSSP_NEGOTIATE_LM_KEY)")
|
||||
}
|
||||
if cm.NegotiateFlags.Has(negotiateFlagNTLMSSPNEGOTIATEKEYEXCH) {
|
||||
PrintDebug("Key exchange requested but not supported")
|
||||
return nil, errors.New("Key exchange requested but not supported (NTLMSSP_NEGOTIATE_KEY_EXCH)")
|
||||
}
|
||||
|
||||
@@ -120,6 +124,7 @@ func ProcessChallenge(challengeMessageData []byte, user, password string) ([]byt
|
||||
rand.Reader.Read(clientChallenge)
|
||||
|
||||
ntlmV2Hash := getNtlmV2Hash(password, user, cm.TargetName)
|
||||
PrintDebug("NTLM V2 hash '%s'", base64.StdEncoding.EncodeToString(ntlmV2Hash))
|
||||
|
||||
am.NtChallengeResponse = computeNtlmV2Response(ntlmV2Hash,
|
||||
cm.ServerChallenge[:], clientChallenge, timestamp, cm.TargetInfoRaw)
|
||||
@@ -129,5 +134,7 @@ func ProcessChallenge(challengeMessageData []byte, user, password string) ([]byt
|
||||
cm.ServerChallenge[:], clientChallenge)
|
||||
}
|
||||
|
||||
PrintDebug("Challenge response:\nNT '%s';\nLM '%s'", base64.StdEncoding.EncodeToString(am.NtChallengeResponse), base64.StdEncoding.EncodeToString(am.LmChallengeResponse))
|
||||
|
||||
return am.MarshalBinary()
|
||||
}
|
||||
|
||||
@@ -121,8 +121,14 @@ func (l Negotiator) RoundTrip(req *http.Request) (res *http.Response, err error)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
// debugging
|
||||
//PrintDebug("Received NTLM Type 2 Challenge: %s", base64.StdEncoding.EncodeToString(challengeMessage))
|
||||
//DecodeNTLMMessage(challengeMessage)
|
||||
|
||||
if !(resauth.IsNegotiate() || resauth.IsNTLM()) || len(challengeMessage) == 0 {
|
||||
// Negotiation failed, let client deal with response
|
||||
PrintDebug("Negotiation failed")
|
||||
return res, nil
|
||||
}
|
||||
io.Copy(io.Discard, res.Body)
|
||||
|
||||
10
nlmp.go
10
nlmp.go
@@ -10,8 +10,9 @@ package ntlmssp
|
||||
import (
|
||||
"crypto/hmac"
|
||||
"crypto/md5"
|
||||
"golang.org/x/crypto/md4"
|
||||
"strings"
|
||||
|
||||
"golang.org/x/crypto/md4"
|
||||
)
|
||||
|
||||
func getNtlmV2Hash(password, username, target string) []byte {
|
||||
@@ -28,13 +29,20 @@ func computeNtlmV2Response(ntlmV2Hash, serverChallenge, clientChallenge,
|
||||
timestamp, targetInfo []byte) []byte {
|
||||
|
||||
temp := []byte{1, 1, 0, 0, 0, 0, 0, 0}
|
||||
PrintDebug("NTLMv2 response", temp)
|
||||
temp = append(temp, timestamp...)
|
||||
PrintDebug("NTLMv2 response", temp)
|
||||
temp = append(temp, clientChallenge...)
|
||||
PrintDebug("NTLMv2 response", temp)
|
||||
temp = append(temp, 0, 0, 0, 0)
|
||||
PrintDebug("NTLMv2 response", temp)
|
||||
temp = append(temp, targetInfo...)
|
||||
PrintDebug("NTLMv2 response", temp)
|
||||
temp = append(temp, 0, 0, 0, 0)
|
||||
PrintDebug("NTLMv2 response", temp)
|
||||
|
||||
NTProofStr := hmacMd5(ntlmV2Hash, serverChallenge, temp)
|
||||
PrintDebug("Proof string", NTProofStr)
|
||||
return append(NTProofStr, temp...)
|
||||
}
|
||||
|
||||
|
||||
Reference in New Issue
Block a user