rubyntlm 0.4.0 → 0.5.0

data/lib/net/ntlm/encode_util.rb

@@ -24,8 +24,8 @@ module NTLM
       end
     else # Use native 1.9 string encoding functions
 
-         # Decode a UTF16 string to a ASCII string
-         # @param [String] str The string to convert
+      # Decode a UTF16 string to a ASCII string
+      # @param [String] str The string to convert
       def self.decode_utf16le(str)
         str.force_encoding(Encoding::UTF_16LE)
         str.encode(Encoding::UTF_8, Encoding::UTF_16LE).force_encoding('UTF-8')

data/lib/net/ntlm/field_set.rb

@@ -88,12 +88,12 @@ module Net
         @alist = self.class.prototypes.map{ |n, t, o| [n, t.new(o)] }
       end
 
-      def serialize
-        @alist.map{|n, f| f.serialize }.join
+      def parse(str, offset=0)
+        @alist.inject(offset){|cur, a| cur += a[1].parse(str, cur)}
       end
 
-      def parse(str, offset=0)
-        @alist.inject(offset){|cur, a|  cur += a[1].parse(str, cur)}
+      def serialize
+        @alist.map{|n, f| f.serialize }.join
       end
 
       def size
@@ -119,7 +119,11 @@ module Net
       def disable(name)
         self[name].active = false
       end
+
+      def has_disabled_fields?
+        @alist.any? { |name, field| !field.active }
+      end
     end
 
   end
-end
+end

data/lib/net/ntlm/message.rb

@@ -20,9 +20,10 @@ module NTLM
       :LOCAL_CALL           => 0x00004000,
       :ALWAYS_SIGN          => 0x00008000,
       :TARGET_TYPE_DOMAIN   => 0x00010000,
-      :TARGET_INFO          => 0x00800000,
       :NTLM2_KEY            => 0x00080000,
+      :TARGET_INFO          => 0x00800000,
       :KEY128               => 0x20000000,
+      :KEY_EXCHANGE         => 0x40000000,
       :KEY56                => 0x80000000
   }.freeze
 
@@ -42,14 +43,14 @@ module NTLM
         m = Type0.new
         m.parse(str)
         case m.type
-          when 1
-            t = Type1.parse(str)
-          when 2
-            t = Type2.parse(str)
-          when 3
-            t = Type3.parse(str)
-          else
-            raise ArgumentError, "unknown type: #{m.type}"
+        when 1
+          t = Type1.new.parse(str)
+        when 2
+          t = Type2.new.parse(str)
+        when 3
+          t = Type3.new.parse(str)
+        else
+          raise ArgumentError, "unknown type: #{m.type}"
         end
         t
       end
@@ -59,6 +60,19 @@ module NTLM
       end
     end
 
+    # @return [self]
+    def parse(str)
+      super
+
+      while has_disabled_fields? && serialize.size < str.size
+        # enable the next disabled field
+        self.class.names.find { |name| !self[name].active && enable(name) }
+        super
+      end
+
+      self
+    end
+
     def has_flag?(flag)
       (self[:flag].value & FLAGS[flag]) == FLAGS[flag]
     end

data/lib/net/ntlm/message/type1.rb

@@ -10,34 +10,9 @@ module Net
         int32LE         :flag,         {:value => DEFAULT_FLAGS[:TYPE1] }
         security_buffer :domain,       {:value => ""}
         security_buffer :workstation,  {:value => Socket.gethostname }
-        string          :padding,      {:size => 0, :value => "", :active => false }
+        string          :os_version,   {:size => 8, :value => "", :active => false }
 
-        class << Type1
-          # Parses a Type 1 Message
-          # @param [String] str A string containing Type 1 data
-          # @return [Type1] The parsed Type 1 message
-          def parse(str)
-            t = new
-            t.parse(str)
-            t
-          end
-        end
-
-        # @!visibility private
-        def parse(str)
-          super(str)
-          enable(:domain) if has_flag?(:DOMAIN_SUPPLIED)
-          enable(:workstation) if has_flag?(:WORKSTATION_SUPPLIED)
-          super(str)
-          if ( (len = data_edge - head_size) > 0)
-            self.padding = "\0" * len
-            super(str)
-          end
-        end
       end
-
     end
   end
 end
-
-

data/lib/net/ntlm/message/type2.rb

@@ -5,39 +5,14 @@ module Net
       # @private false
       class Type2 < Message
 
-        string        :sign,         {:size => 8, :value => SSP_SIGN}
-        int32LE       :type,      {:value => 2}
-        security_buffer   :target_name,  {:size => 0, :value => ""}
-        int32LE       :flag,         {:value => DEFAULT_FLAGS[:TYPE2]}
-        int64LE           :challenge,    {:value => 0}
-        int64LE           :context,      {:value => 0, :active => false}
-        security_buffer   :target_info,  {:value => "", :active => false}
-        string        :padding,   {:size => 0, :value => "", :active => false }
-
-        class << Type2
-          # Parse a Type 2 packet
-          # @param [String] str A string containing Type 2 data
-          # @return [Type2]
-          def parse(str)
-            t = new
-            t.parse(str)
-            t
-          end
-        end
-
-        # @!visibility private
-        def parse(str)
-          super(str)
-          if has_flag?(:TARGET_INFO)
-            enable(:context)
-            enable(:target_info)
-            super(str)
-          end
-          if ( (len = data_edge - head_size) > 0)
-            self.padding = "\0" * len
-            super(str)
-          end
-        end
+        string          :sign,        { :size => 8, :value => SSP_SIGN }
+        int32LE         :type,        { :value => 2 }
+        security_buffer :target_name, { :size => 0, :value => "" }
+        int32LE         :flag,        { :value => DEFAULT_FLAGS[:TYPE2] }
+        int64LE         :challenge,   { :value => 0}
+        int64LE         :context,     { :value => 0, :active => false }
+        security_buffer :target_info, { :value => "", :active => false }
+        string          :os_version,  { :size => 8, :value => "", :active => false }
 
         # Generates a Type 3 response based on the Type 2 Information
         # @return [Type3]
@@ -45,9 +20,9 @@ module Net
         # @option arg [String] :password The user's password
         # @option arg [String] :domain ('') The domain to authenticate to
         # @option opt [String] :workstation (Socket.gethostname) The name of the calling workstation
-        # @option opt [Boolean] :use_default_target (False) Use the domain supplied by the server in the Type 2 packet
+        # @option opt [Boolean] :use_default_target (false) Use the domain supplied by the server in the Type 2 packet
         # @note An empty :domain option authenticates to the local machine.
-        # @note The :use_default_target has presidence over the :domain option
+        # @note The :use_default_target has precedence over the :domain option
         def response(arg, opt = {})
           usr = arg[:user]
           pwd = arg[:password]
@@ -115,9 +90,8 @@ module Net
                            :flag => self.flag
                        })
         end
-      end
-
 
+      end
 
     end
   end

data/lib/net/ntlm/message/type3.rb

@@ -13,18 +13,10 @@ module Net
         security_buffer :user,          {:value => ""}
         security_buffer :workstation,   {:value => ""}
         security_buffer :session_key,   {:value => "", :active => false }
-        int64LE         :flag,          {:value => 0, :active => false }
+        int32LE         :flag,          {:value => 0, :active => false }
+        string          :os_version,    {:size => 8, :active => false }
 
         class << Type3
-          # Parse a Type 3 packet
-          # @param [String] str A string containing Type 3 data
-          # @return [Type2]
-          def parse(str)
-            t = new
-            t.parse(str)
-            t
-          end
-
           # Builds a Type 3 packet
           # @note All options must be properly encoded with either unicode or oem encoding
           # @return [Type3]
@@ -47,7 +39,7 @@ module Net
 
             if arg[:session_key]
               t.enable(:session_key)
-              t.session_key = arg[session_key]
+              t.session_key = arg[:session_key]
             end
 
             if arg[:flag]
@@ -58,11 +50,82 @@ module Net
             t
           end
         end
-      end
 
+        # @param server_challenge (see #password?)
+        def blank_password?(server_challenge)
+          password?('', server_challenge)
+        end
+
+        # @param password [String]
+        # @param server_challenge [String] The server's {Type2#challenge challenge} from the
+        #   {Type2} message for which this object is a response.
+        # @return [true] if +password+ was the password used to generate this
+        #   {Type3} message
+        # @return [false] otherwise
+        def password?(password, server_challenge)
+          case ntlm_version
+          when :ntlm2_session
+            ntlm2_session_password?(password, server_challenge)
+          when :ntlmv2
+            ntlmv2_password?(password, server_challenge)
+          else
+            raise
+          end
+        end
+
+        # @return [Symbol]
+        def ntlm_version
+          if ntlm_response.size == 24 && lm_response[0,8] != "\x00"*8 && lm_response[8,16] == "\x00"*16
+            :ntlm2_session
+          elsif ntlm_response.size == 24
+            :ntlmv1
+          elsif ntlm_response.size > 24
+            :ntlmv2
+          end
+        end
+
+        private
+
+        def ntlm2_session_password?(password, server_challenge)
+          hash = ntlm_response
+          _lm, empty_hash = NTLM.ntlm2_session(
+            {
+              :ntlm_hash => NTLM.ntlm_hash(password),
+              :challenge => server_challenge,
+            },
+            {
+              :client_challenge => lm_response[0,8]
+            }
+          )
+          hash == empty_hash
+        end
+
+        def ntlmv2_password?(password, server_challenge)
+
+          # The first 16 bytes of the ntlm_response are the HMAC of the blob
+          # that follows it.
+          blob = Blob.new
+          blob.parse(ntlm_response[16..-1])
 
+          empty_hash = NTLM.ntlmv2_response(
+            {
+              # user and domain came from the serialized data here, so
+              # they're already unicode
+              :ntlmv2_hash => NTLM.ntlmv2_hash(user, '', domain, :unicode => true),
+              :challenge => server_challenge,
+              :target_info => blob.target_info
+            },
+            {
+              :client_challenge => blob.challenge,
+              # The blob's timestamp is already in milliseconds since 1601,
+              # so convert it back to epoch time first
+              :timestamp => (blob.timestamp / 10_000_000) - NTLM::TIME_OFFSET,
+            }
+          )
+
+          empty_hash == ntlm_response
+        end
+      end
     end
   end
 end
-
-

data/lib/net/ntlm/version.rb

@@ -3,7 +3,7 @@ module Net
     # @private
     module VERSION
       MAJOR = 0
-      MINOR = 4
+      MINOR = 5
       TINY  = 0
       STRING = [MAJOR, MINOR, TINY].join('.')
     end

data/rubyntlm.gemspec

@@ -18,10 +18,11 @@ Gem::Specification.new do |s|
   s.require_paths = ["lib"]
 
   s.required_ruby_version = '>= 1.8.7'
-  
+
   s.license = 'MIT'
 
+  s.add_development_dependency "pry"
   s.add_development_dependency "rake"
-  s.add_development_dependency "rspec"
+  s.add_development_dependency "rspec", ">= 2.11"
   s.add_development_dependency "simplecov"
 end

data/spec/lib/net/ntlm/blob_spec.rb

@@ -13,4 +13,4 @@ describe Net::NTLM::Blob do
   ]
 
   it_behaves_like 'a fieldset', fields
-end
+end

data/spec/lib/net/ntlm/client/session_spec.rb

@@ -0,0 +1,68 @@
+require 'spec_helper'
+
+describe Net::NTLM::Client::Session do
+  let(:t2_challenge) { Net::NTLM::Message.decode64 "TlRMTVNTUAACAAAADAAMADgAAAA1goriAAyk1DmJUnUAAAAAAAAAAFAAUABEAAAABgLwIwAAAA9TAEUAUgBWAEUAUgACAAwAUwBFAFIAVgBFAFIAAQAMAFMARQBSAFYARQBSAAQADABzAGUAcgB2AGUAcgADAAwAcwBlAHIAdgBlAHIABwAIADd7mrNaB9ABAAAAAA==" }
+  let(:inst) { Net::NTLM::Client::Session.new(nil, t2_challenge) }
+  let(:user_session_key) {["3c4918ff0b33e2603e5d7ceaf34bb7d5"].pack("H*")}
+  let(:client_sign_key) {["f7f97a82ec390f9c903dac4f6aceb132"].pack("H*")}
+  let(:client_seal_key) {["6f0d99535033951cbe499cd1914fe9ee"].pack("H*")}
+  let(:server_sign_key) {["f7f97a82ec390f9c903dac4f6aceb132"].pack("H*")}
+  let(:server_seal_key) {["6f0d99535033951cbe499cd1914fe9ee"].pack("H*")}
+
+  describe "#sign_message" do
+
+    it "signs a message and when KEY_EXCHANGE is true" do
+      expect(inst).to receive(:client_sign_key).and_return(client_sign_key)
+      expect(inst).to receive(:client_seal_key).and_return(client_seal_key)
+      expect(inst).to receive(:negotiate_key_exchange?).and_return(true)
+      sm = inst.sign_message("Test Message")
+      str = "01000000b35ccd60c110c52f00000000"
+      expect(sm.unpack("H*")[0]).to eq(str)
+    end
+
+  end
+
+  describe "#verify_signature" do
+
+    it "verifies a message signature" do
+      expect(inst).to receive(:server_sign_key).and_return(server_sign_key)
+      expect(inst).to receive(:server_seal_key).and_return(server_seal_key)
+      expect(inst).to receive(:negotiate_key_exchange?).and_return(true)
+      sig = "01000000b35ccd60c110c52f00000000"
+      sm = inst.verify_signature([sig].pack("H*"), "Test Message")
+      expect(sm).to be true
+    end
+
+  end
+
+  describe "#seal_message" do
+    it "should seal the message" do
+      expect(inst).to receive(:client_seal_key).and_return(client_seal_key)
+      emsg = inst.seal_message("rubyntlm")
+      expect(emsg.unpack("H*")[0]).to eq("d7389b9604f6274f")
+    end
+  end
+
+  describe "#unseal_message" do
+    it "should unseal the message" do
+      expect(inst).to receive(:server_seal_key).and_return(server_seal_key)
+      msg = inst.unseal_message(["d7389b9604f6274f"].pack("H*"))
+      expect(msg).to eq("rubyntlm")
+    end
+  end
+
+  describe "#master_key" do
+    it "returns a random 16-byte key when negotiate_key_exchange? is true" do
+      expect(inst).to receive(:negotiate_key_exchange?).and_return(true)
+      expect(inst).not_to receive(:user_session_key)
+      inst.send :master_key
+    end
+
+    it "returns the user_session_key when negotiate_key_exchange? is false" do
+      expect(inst).to receive(:negotiate_key_exchange?).and_return(false)
+      expect(inst).to receive(:user_session_key).and_return(user_session_key)
+      inst.send :master_key
+    end
+  end
+
+end

data/spec/lib/net/ntlm/client_spec.rb

@@ -0,0 +1,64 @@
+require 'spec_helper'
+
+describe Net::NTLM::Client do
+  let(:inst) { Net::NTLM::Client.new("test", "test01", :workstation => "testhost") }
+  let(:user_session_key) {["3c4918ff0b33e2603e5d7ceaf34bb7d5"].pack("H*")}
+
+  describe "#init_context" do
+
+    it "returns a default Type1 message" do
+      t1 = inst.init_context
+      expect(t1).to be_instance_of Net::NTLM::Message::Type1
+      expect(t1.domain).to eq("")
+      expect(t1.workstation).to eq("testhost")
+      expect(t1).to have_flag(:UNICODE)
+      expect(t1).to have_flag(:OEM)
+      expect(t1).to have_flag(:SIGN)
+      expect(t1).to have_flag(:SEAL)
+      expect(t1).to have_flag(:REQUEST_TARGET)
+      expect(t1).to have_flag(:NTLM)
+      expect(t1).to have_flag(:ALWAYS_SIGN)
+      expect(t1).to have_flag(:NTLM2_KEY)
+      expect(t1).to have_flag(:KEY128)
+      expect(t1).to have_flag(:KEY_EXCHANGE)
+      expect(t1).to have_flag(:KEY56)
+    end
+
+    it "clears session variable on new init_context" do
+      inst.instance_variable_set :@session, "BADSESSION"
+      expect(inst.session).to eq("BADSESSION")
+      inst.init_context
+      expect(inst.session).to be_nil
+    end
+
+    it "returns a Type1 message with custom flags" do
+      flags = Net::NTLM::FLAGS[:UNICODE] | Net::NTLM::FLAGS[:REQUEST_TARGET] | Net::NTLM::FLAGS[:NTLM]
+      inst = Net::NTLM::Client.new("test", "test01", :workstation => "testhost", :flags => flags)
+      t1 = inst.init_context
+      expect(t1).to be_instance_of Net::NTLM::Message::Type1
+      expect(t1.domain).to eq("")
+      expect(t1.workstation).to eq("testhost")
+      expect(t1).to have_flag(:UNICODE)
+      expect(t1).not_to have_flag(:OEM)
+      expect(t1).not_to have_flag(:SIGN)
+      expect(t1).not_to have_flag(:SEAL)
+      expect(t1).to have_flag(:REQUEST_TARGET)
+      expect(t1).to have_flag(:NTLM)
+      expect(t1).not_to have_flag(:ALWAYS_SIGN)
+      expect(t1).not_to have_flag(:NTLM2_KEY)
+      expect(t1).not_to have_flag(:KEY128)
+      expect(t1).not_to have_flag(:KEY_EXCHANGE)
+      expect(t1).not_to have_flag(:KEY56)
+    end
+
+    it "calls authenticate! when we receive a Challenge Message" do
+      t2_challenge = "TlRMTVNTUAACAAAADAAMADgAAAA1goriAAyk1DmJUnUAAAAAAAAAAFAAUABEAAAABgLwIwAAAA9TAEUAUgBWAEUAUgACAAwAUwBFAFIAVgBFAFIAAQAMAFMARQBSAFYARQBSAAQADABzAGUAcgB2AGUAcgADAAwAcwBlAHIAdgBlAHIABwAIADd7mrNaB9ABAAAAAA=="
+      session = double("session")
+      expect(session).to receive(:authenticate!)
+      expect(Net::NTLM::Client::Session).to receive(:new).with(inst, instance_of(Net::NTLM::Message::Type2)).and_return(session)
+      inst.init_context t2_challenge
+    end
+
+  end
+
+end