ntlm

package module
v1.0.0 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Nov 7, 2020 License: Apache-2.0 Imports: 16 Imported by: 0

README

NTLM Implementation for Go

This is a native implementation of NTLM for Go that was implemented using the Microsoft MS-NLMP documentation available at http://msdn.microsoft.com/en-us/library/cc236621.aspx. The library is currently in use and has been tested with connectionless NTLMv1 and v2 with and without extended session security.

Usage Notes

Currently the implementation only supports connectionless (datagram) oriented NTLM. We did not need connection oriented NTLM for our usage and so it is not implemented. However it should be extremely straightforward to implement connection oriented NTLM as all the operations required are present in the library. The major missing piece is the negotiation of capabilities between the client and the server, for our use we hardcoded a supported set of negotiation flags.

Sample Usage as NTLM Client

import "ntlm"
import "ntlm/messages"

session = ntlm.NewClientSession(ntlm.Version1, ntlm.ConnectionlessMode)
session.SetUserInfo("someuser","somepassword","somedomain")

negotiate := session.GenerateNegotiateMessage()

<send negotiate to server>

challenge, err := messages.ParseChallengeMessage(challengeBytes)
session.ProcessChallengeMessage(challenge)

authenticate := session.GenerateAuthenticateMessage()

<send authenticate message to server>

Sample Usage as NTLM Server

session = ntlm.NewServerSession(ntlm.Version1, ntlm.ConnectionlessMode)
session.SetUserInfo("someuser","somepassword","somedomain")

challenge := session.GenerateChallengeMessage()

<send challenge to client>

<receive authentication bytes>

auth, err := messages.ParseAuthentiateMessage(authenticateBytes)
session.ProcessAuthenticateMessage(auth)

Generating a message MAC

Once a session is created you can generate the Mac for a message using:

message := "this is some message to sign"
sequenceNumber := 100
signature, err := session.Mac([]byte(message), sequenceNumber)

License

Copyright Thomson Reuters Global Resources 2013 Apache License

Documentation

Overview

Copyright 2013 Thomson Reuters Global Resources. All Rights Reserved. Proprietary and confidential information of TRGR. Disclosure, use, or reproduction without written authorization of TRGR is prohibited.

Copyright 2013 Thomson Reuters Global Resources. All Rights Reserved. Proprietary and confidential information of TRGR. Disclosure, use, or reproduction without written authorization of TRGR is prohibited.

Copyright 2013 Thomson Reuters Global Resources. All Rights Reserved. Proprietary and confidential information of TRGR. Disclosure, use, or reproduction without written authorization of TRGR is prohibited.

Copyright 2013 Thomson Reuters Global Resources. All Rights Reserved. Proprietary and confidential information of TRGR. Disclosure, use, or reproduction without written authorization of TRGR is prohibited. Package NTLM implements the interfaces used for interacting with NTLMv1 and NTLMv2. To create NTLM v1 or v2 sessions you would use CreateClientSession and create ClientServerSession.

Copyright 2013 Thomson Reuters Global Resources. All Rights Reserved. Proprietary and confidential information of TRGR. Disclosure, use, or reproduction without written authorization of TRGR is prohibited. Receve an Authenticate message and authenticate the user

Copyright 2013 Thomson Reuters Global Resources. All Rights Reserved. Proprietary and confidential information of TRGR. Disclosure, use, or reproduction without written authorization of TRGR is prohibited. Receve an Authenticate message and authenticate the user

Copyright 2013 Thomson Reuters Global Resources. All Rights Reserved. Proprietary and confidential information of TRGR. Disclosure, use, or reproduction without written authorization of TRGR is prohibited.

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func MacsEqual

func MacsEqual(slice1, slice2 []byte) bool

func NtlmV2Mac

func NtlmV2Mac(message []byte, sequenceNumber int, handle *rc4P.Cipher, sealingKey, signingKey []byte, NegotiateFlags uint32) []byte

func NtlmVCommonMac

func NtlmVCommonMac(message []byte, sequenceNumber int, sealingKey, signingKey []byte, NegotiateFlags uint32) []byte

Mildly ghetto that we expose this

Types

type ClientSession

type ClientSession interface {
	SetUserInfo(username string, password string, domain string)
	SetMode(mode Mode)

	GenerateNegotiateMessage() (*messages.Negotiate, error)
	ProcessChallengeMessage(*messages.Challenge) error
	GenerateAuthenticateMessage() (*messages.Authenticate, error)

	Seal(message []byte) ([]byte, error)
	Sign(message []byte) ([]byte, error)
	Mac(message []byte, sequenceNumber int) ([]byte, error)
	VerifyMac(message, expectedMac []byte, sequenceNumber int) (bool, error)
}

func CreateClientSession

func CreateClientSession(version Version, mode Mode) (n ClientSession, err error)

Creates an NTLM v1 or v2 client mode - This must be ConnectionlessMode or ConnectionOrientedMode depending on what type of NTLM is used version - This must be Version1 or Version2 depending on the version of NTLM used

type Mode

type Mode int
const (
	ConnectionlessMode Mode = iota
	ConnectionOrientedMode
)

type NtlmsspMessageSignature

type NtlmsspMessageSignature struct {
	ByteData []byte
	// A 32-bit unsigned integer that contains the signature version. This field MUST be 0x00000001.
	Version []byte
	// A 4-byte array that contains the random pad for the message.
	RandomPad []byte
	// A 4-byte array that contains the checksum for the message.
	CheckSum []byte
	// A 32-bit unsigned integer that contains the NTLM sequence number for this application message.
	SeqNum []byte
}

func (*NtlmsspMessageSignature) Bytes

func (n *NtlmsspMessageSignature) Bytes() []byte

func (*NtlmsspMessageSignature) String

func (n *NtlmsspMessageSignature) String() string

type ServerSession

type ServerSession interface {
	SetUserInfo(username string, password string, domain string)
	GetUserInfo() (string, string, string)

	SetMode(mode Mode)
	SetServerChallenge(challege []byte)

	ProcessNegotiateMessage(*messages.Negotiate) error
	GenerateChallengeMessage() (*messages.Challenge, error)
	ProcessAuthenticateMessage(*messages.Authenticate) error

	GetSessionData() *SessionData

	Version() int
	Seal(message []byte) ([]byte, error)
	Sign(message []byte) ([]byte, error)
	Mac(message []byte, sequenceNumber int) ([]byte, error)
	VerifyMac(message, expectedMac []byte, sequenceNumber int) (bool, error)
}

func CreateServerSession

func CreateServerSession(version Version, mode Mode) (n ServerSession, err error)

Creates an NTLM v1 or v2 server mode - This must be ConnectionlessMode or ConnectionOrientedMode depending on what type of NTLM is used version - This must be Version1 or Version2 depending on the version of NTLM used

type SessionData

type SessionData struct {
	NegotiateFlags uint32

	ClientSigningKey []byte
	ServerSigningKey []byte
	ClientSealingKey []byte
	ServerSealingKey []byte
	// contains filtered or unexported fields
}

This struct collects NTLM data structures and keys that are used across all types of NTLM requests

type V1ClientSession

type V1ClientSession struct {
	V1Session
}

func (*V1ClientSession) GenerateAuthenticateMessage

func (n *V1ClientSession) GenerateAuthenticateMessage() (am *messages.Authenticate, err error)

func (*V1ClientSession) GenerateNegotiateMessage

func (n *V1ClientSession) GenerateNegotiateMessage() (nm *messages.Negotiate, err error)

func (*V1ClientSession) Mac

func (n *V1ClientSession) Mac(message []byte, sequenceNumber int) ([]byte, error)

func (*V1ClientSession) ProcessChallengeMessage

func (n *V1ClientSession) ProcessChallengeMessage(cm *messages.Challenge) (err error)

func (*V1ClientSession) VerifyMac

func (n *V1ClientSession) VerifyMac(message, expectedMac []byte, sequenceNumber int) (bool, error)

type V1ServerSession

type V1ServerSession struct {
	V1Session
}

func (*V1ServerSession) GenerateChallengeMessage

func (n *V1ServerSession) GenerateChallengeMessage() (cm *messages.Challenge, err error)

func (*V1ServerSession) GetSessionData

func (n *V1ServerSession) GetSessionData() *SessionData

func (*V1ServerSession) Mac

func (n *V1ServerSession) Mac(message []byte, sequenceNumber int) ([]byte, error)

func (*V1ServerSession) ProcessAuthenticateMessage

func (n *V1ServerSession) ProcessAuthenticateMessage(am *messages.Authenticate) (err error)

func (*V1ServerSession) ProcessNegotiateMessage

func (n *V1ServerSession) ProcessNegotiateMessage(nm *messages.Negotiate) (err error)

func (*V1ServerSession) SetServerChallenge

func (n *V1ServerSession) SetServerChallenge(challenge []byte)

func (*V1ServerSession) VerifyMac

func (n *V1ServerSession) VerifyMac(message, expectedMac []byte, sequenceNumber int) (bool, error)

type V1Session

type V1Session struct {
	SessionData
}

func (*V1Session) GetUserInfo

func (n *V1Session) GetUserInfo() (string, string, string)

func (*V1Session) Seal

func (n *V1Session) Seal(message []byte) ([]byte, error)

func (*V1Session) SetMode

func (n *V1Session) SetMode(mode Mode)

func (*V1Session) SetUserInfo

func (n *V1Session) SetUserInfo(username string, password string, domain string)

func (*V1Session) Sign

func (n *V1Session) Sign(message []byte) ([]byte, error)

func (*V1Session) Version

func (n *V1Session) Version() int

type V2ClientSession

type V2ClientSession struct {
	V2Session
}

func (*V2ClientSession) GenerateAuthenticateMessage

func (n *V2ClientSession) GenerateAuthenticateMessage() (am *messages.Authenticate, err error)

func (*V2ClientSession) GenerateNegotiateMessage

func (n *V2ClientSession) GenerateNegotiateMessage() (nm *messages.Negotiate, err error)

func (*V2ClientSession) Mac

func (n *V2ClientSession) Mac(message []byte, sequenceNumber int) ([]byte, error)

func (*V2ClientSession) ProcessChallengeMessage

func (n *V2ClientSession) ProcessChallengeMessage(cm *messages.Challenge) (err error)

func (*V2ClientSession) VerifyMac

func (n *V2ClientSession) VerifyMac(message, expectedMac []byte, sequenceNumber int) (bool, error)

type V2ServerSession

type V2ServerSession struct {
	V2Session
}

func (*V2ServerSession) GenerateChallengeMessage

func (n *V2ServerSession) GenerateChallengeMessage() (cm *messages.Challenge, err error)

func (*V2ServerSession) GetSessionData

func (n *V2ServerSession) GetSessionData() *SessionData

func (*V2ServerSession) Mac

func (n *V2ServerSession) Mac(message []byte, sequenceNumber int) ([]byte, error)

func (*V2ServerSession) ProcessAuthenticateMessage

func (n *V2ServerSession) ProcessAuthenticateMessage(am *messages.Authenticate) (err error)

func (*V2ServerSession) ProcessNegotiateMessage

func (n *V2ServerSession) ProcessNegotiateMessage(nm *messages.Negotiate) (err error)

func (*V2ServerSession) SetServerChallenge

func (n *V2ServerSession) SetServerChallenge(challenge []byte)

func (*V2ServerSession) VerifyMac

func (n *V2ServerSession) VerifyMac(message, expectedMac []byte, sequenceNumber int) (bool, error)

type V2Session

type V2Session struct {
	SessionData
}

func (*V2Session) GetUserInfo

func (n *V2Session) GetUserInfo() (string, string, string)

func (*V2Session) Seal

func (n *V2Session) Seal(message []byte) ([]byte, error)

func (*V2Session) SetMode

func (n *V2Session) SetMode(mode Mode)

func (*V2Session) SetUserInfo

func (n *V2Session) SetUserInfo(username string, password string, domain string)

func (*V2Session) Sign

func (n *V2Session) Sign(message []byte) ([]byte, error)

func (*V2Session) Version

func (n *V2Session) Version() int

type Version

type Version int
const (
	Version1 Version = 1
	Version2 Version = 2
)

Directories

Path Synopsis
Package md4 implements the MD4 hash algorithm as defined in RFC 1320.
Package md4 implements the MD4 hash algorithm as defined in RFC 1320.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL