README
¶
NTLM Implementation for Go
This is a native implementation of NTLM for Go that was implemented using the Microsoft MS-NLMP documentation available at http://msdn.microsoft.com/en-us/library/cc236621.aspx. The library is currently in use and has been tested with connectionless NTLMv1 and v2 with and without extended session security.
Usage Notes
Currently the implementation only supports connectionless (datagram) oriented NTLM. We did not need connection oriented NTLM for our usage and so it is not implemented. However it should be extremely straightforward to implement connection oriented NTLM as all the operations required are present in the library. The major missing piece is the negotiation of capabilities between the client and the server, for our use we hardcoded a supported set of negotiation flags.
Sample Usage as NTLM Client
import "ntlm"
import "ntlm/messages"
session = ntlm.NewClientSession(ntlm.Version1, ntlm.ConnectionlessMode)
session.SetUserInfo("someuser","somepassword","somedomain")
negotiate := session.GenerateNegotiateMessage()
<send negotiate to server>
challenge, err := messages.ParseChallengeMessage(challengeBytes)
session.ProcessChallengeMessage(challenge)
authenticate := session.GenerateAuthenticateMessage()
<send authenticate message to server>
Sample Usage as NTLM Server
session = ntlm.NewServerSession(ntlm.Version1, ntlm.ConnectionlessMode)
session.SetUserInfo("someuser","somepassword","somedomain")
challenge := session.GenerateChallengeMessage()
<send challenge to client>
<receive authentication bytes>
auth, err := messages.ParseAuthentiateMessage(authenticateBytes)
session.ProcessAuthenticateMessage(auth)
Generating a message MAC
Once a session is created you can generate the Mac for a message using:
message := "this is some message to sign"
sequenceNumber := 100
signature, err := session.Mac([]byte(message), sequenceNumber)
License
Copyright Thomson Reuters Global Resources 2013 Apache License
Documentation
¶
Index ¶
Constants ¶
const ( NTLMVersion1 = ntlm.Version1 NTLMVersion2 = ntlm.Version2 )
const ( NEGOTIATE_MESSAGE = 1 CHALLENGE_MESSAGE = 2 AUTHENTICATE_MESSAGE = 3 )
const ( NEGOTIATE_UNICODE = 0x00000001 NEGOTIATE_OEM = 0x00000002 NEGOTIATE_TARGET = 0x00000004 NEGOTIATE_SIGN = 0x00000010 NEGOTIATE_SEAL = 0x00000020 NEGOTIATE_DATAGRAM = 0x00000040 NEGOTIATE_LMKEY = 0x00000080 NEGOTIATE_NTLM = 0x00000200 NEGOTIATE_ANONYMOUS = 0x00000800 NEGOTIATE_OEM_DOMAIN_SUPPLIED = 0x00001000 NEGOTIATE_OEM_WORKSTATION_SUPPLIED = 0x00002000 NEGOTIATE_ALWAYS_SIGN = 0x00008000 NEGOTIATE_TARGET_TYPE_DOMAIN = 0x00010000 NEGOTIATE_TARGET_TYPE_SERVER = 0x00020000 NEGOTIATE_EXTENDED_SESSIONSECURITY = 0x00080000 NEGOTIATE_IDENTIFY = 0x00100000 REQUEST_NON_NT_SESSION_KEY = 0x00400000 NEGOTIATE_TARGET_INFO = 0x00800000 NEGOTIATE_VERSION = 0x02000000 NEGOTIATE_128 = 0x20000000 NEGOTIATE_KEY_EXCH = 0x40000000 NEGOTIATE_56 = 0x80000000 )
const NEGOTIATE_FLAGS = NEGOTIATE_UNICODE | NEGOTIATE_NTLM | NEGOTIATE_OEM_DOMAIN_SUPPLIED | NEGOTIATE_OEM_WORKSTATION_SUPPLIED | NEGOTIATE_ALWAYS_SIGN | NEGOTIATE_EXTENDED_SESSIONSECURITY
Variables ¶
This section is empty.
Functions ¶
func NTLMV1Auth ¶
func NTLMV1Auth(host, user, password, workstation string) *ntlmv1Auth
PlainAuth returns an Auth that implements the PLAIN authentication mechanism as defined in RFC 4616. The returned Auth uses the given username and password to authenticate on TLS connections to host and act as identity. Usually identity will be left blank to act as username.
Types ¶
type NTLMSSP ¶
func (*NTLMSSP) InitialBytes ¶
Source Files
Directories
¶
| Path | Synopsis |
|---|---|
|
Package NTLM implements the interfaces used for interacting with NTLMv1 and NTLMv2.
|
Package NTLM implements the interfaces used for interacting with NTLMv1 and NTLMv2. |
|
md4
Package md4 implements the MD4 hash algorithm as defined in RFC 1320.
|
Package md4 implements the MD4 hash algorithm as defined in RFC 1320. |