rubyntlm 0.5.3 → 0.6.0

data/lib/net/ntlm/message/type3.rb

@@ -1,131 +1,131 @@
-module Net
-  module NTLM
-    class Message
-
-      # @private false
-      class Type3 < Message
-
-        string          :sign,          {:size => 8, :value => SSP_SIGN}
-        int32LE         :type,          {:value => 3}
-        security_buffer :lm_response,   {:value => ""}
-        security_buffer :ntlm_response, {:value => ""}
-        security_buffer :domain,        {:value => ""}
-        security_buffer :user,          {:value => ""}
-        security_buffer :workstation,   {:value => ""}
-        security_buffer :session_key,   {:value => "", :active => false }
-        int32LE         :flag,          {:value => 0, :active => false }
-        string          :os_version,    {:size => 8, :active => false }
-
-        class << Type3
-          # Builds a Type 3 packet
-          # @note All options must be properly encoded with either unicode or oem encoding
-          # @return [Type3]
-          # @option arg [String] :lm_response The LM hash
-          # @option arg [String] :ntlm_response The NTLM hash
-          # @option arg [String] :domain The domain to authenticate to
-          # @option arg [String] :workstation The name of the calling workstation
-          # @option arg [String] :session_key The session key
-          # @option arg [Integer] :flag Flags for the packet
-          def create(arg, opt ={})
-            t = new
-            t.lm_response = arg[:lm_response]
-            t.ntlm_response = arg[:ntlm_response]
-            t.domain = arg[:domain]
-            t.user = arg[:user]
-
-            if arg[:workstation]
-              t.workstation = arg[:workstation]
-            end
-
-            if arg[:session_key]
-              t.enable(:session_key)
-              t.session_key = arg[:session_key]
-            end
-
-            if arg[:flag]
-              t.enable(:session_key)
-              t.enable(:flag)
-              t.flag = arg[:flag]
-            end
-            t
-          end
-        end
-
-        # @param server_challenge (see #password?)
-        def blank_password?(server_challenge)
-          password?('', server_challenge)
-        end
-
-        # @param password [String]
-        # @param server_challenge [String] The server's {Type2#challenge challenge} from the
-        #   {Type2} message for which this object is a response.
-        # @return [true] if +password+ was the password used to generate this
-        #   {Type3} message
-        # @return [false] otherwise
-        def password?(password, server_challenge)
-          case ntlm_version
-          when :ntlm2_session
-            ntlm2_session_password?(password, server_challenge)
-          when :ntlmv2
-            ntlmv2_password?(password, server_challenge)
-          else
-            raise
-          end
-        end
-
-        # @return [Symbol]
-        def ntlm_version
-          if ntlm_response.size == 24 && lm_response[0,8] != "\x00"*8 && lm_response[8,16] == "\x00"*16
-            :ntlm2_session
-          elsif ntlm_response.size == 24
-            :ntlmv1
-          elsif ntlm_response.size > 24
-            :ntlmv2
-          end
-        end
-
-        private
-
-        def ntlm2_session_password?(password, server_challenge)
-          hash = ntlm_response
-          _lm, empty_hash = NTLM.ntlm2_session(
-            {
-              :ntlm_hash => NTLM.ntlm_hash(password),
-              :challenge => server_challenge,
-            },
-            {
-              :client_challenge => lm_response[0,8]
-            }
-          )
-          hash == empty_hash
-        end
-
-        def ntlmv2_password?(password, server_challenge)
-
-          # The first 16 bytes of the ntlm_response are the HMAC of the blob
-          # that follows it.
-          blob = Blob.new
-          blob.parse(ntlm_response[16..-1])
-
-          empty_hash = NTLM.ntlmv2_response(
-            {
-              # user and domain came from the serialized data here, so
-              # they're already unicode
-              :ntlmv2_hash => NTLM.ntlmv2_hash(user, '', domain, :unicode => true),
-              :challenge => server_challenge,
-              :target_info => blob.target_info
-            },
-            {
-              :client_challenge => blob.challenge,
-              # The blob's timestamp is already in milliseconds since 1601,
-              # so convert it back to epoch time first
-              :timestamp => (blob.timestamp / 10_000_000) - NTLM::TIME_OFFSET,
-            }
-          )
-
-          empty_hash == ntlm_response
-        end
-      end
-    end
-  end
-end
+module Net
+  module NTLM
+    class Message
+
+      # @private false
+      class Type3 < Message
+
+        string          :sign,          {:size => 8, :value => SSP_SIGN}
+        int32LE         :type,          {:value => 3}
+        security_buffer :lm_response,   {:value => ""}
+        security_buffer :ntlm_response, {:value => ""}
+        security_buffer :domain,        {:value => ""}
+        security_buffer :user,          {:value => ""}
+        security_buffer :workstation,   {:value => ""}
+        security_buffer :session_key,   {:value => "", :active => false }
+        int32LE         :flag,          {:value => 0, :active => false }
+        string          :os_version,    {:size => 8, :active => false }
+
+        class << Type3
+          # Builds a Type 3 packet
+          # @note All options must be properly encoded with either unicode or oem encoding
+          # @return [Type3]
+          # @option arg [String] :lm_response The LM hash
+          # @option arg [String] :ntlm_response The NTLM hash
+          # @option arg [String] :domain The domain to authenticate to
+          # @option arg [String] :workstation The name of the calling workstation
+          # @option arg [String] :session_key The session key
+          # @option arg [Integer] :flag Flags for the packet
+          def create(arg, opt ={})
+            t = new
+            t.lm_response = arg[:lm_response]
+            t.ntlm_response = arg[:ntlm_response]
+            t.domain = arg[:domain]
+            t.user = arg[:user]
+
+            if arg[:workstation]
+              t.workstation = arg[:workstation]
+            end
+
+            if arg[:session_key]
+              t.enable(:session_key)
+              t.session_key = arg[:session_key]
+            end
+
+            if arg[:flag]
+              t.enable(:session_key)
+              t.enable(:flag)
+              t.flag = arg[:flag]
+            end
+            t
+          end
+        end
+
+        # @param server_challenge (see #password?)
+        def blank_password?(server_challenge)
+          password?('', server_challenge)
+        end
+
+        # @param password [String]
+        # @param server_challenge [String] The server's {Type2#challenge challenge} from the
+        #   {Type2} message for which this object is a response.
+        # @return [true] if +password+ was the password used to generate this
+        #   {Type3} message
+        # @return [false] otherwise
+        def password?(password, server_challenge)
+          case ntlm_version
+          when :ntlm2_session
+            ntlm2_session_password?(password, server_challenge)
+          when :ntlmv2
+            ntlmv2_password?(password, server_challenge)
+          else
+            raise
+          end
+        end
+
+        # @return [Symbol]
+        def ntlm_version
+          if ntlm_response.size == 24 && lm_response[0,8] != "\x00"*8 && lm_response[8,16] == "\x00"*16
+            :ntlm2_session
+          elsif ntlm_response.size == 24
+            :ntlmv1
+          elsif ntlm_response.size > 24
+            :ntlmv2
+          end
+        end
+
+        private
+
+        def ntlm2_session_password?(password, server_challenge)
+          hash = ntlm_response
+          _lm, empty_hash = NTLM.ntlm2_session(
+            {
+              :ntlm_hash => NTLM.ntlm_hash(password),
+              :challenge => server_challenge,
+            },
+            {
+              :client_challenge => lm_response[0,8]
+            }
+          )
+          hash == empty_hash
+        end
+
+        def ntlmv2_password?(password, server_challenge)
+
+          # The first 16 bytes of the ntlm_response are the HMAC of the blob
+          # that follows it.
+          blob = Blob.new
+          blob.parse(ntlm_response[16..-1])
+
+          empty_hash = NTLM.ntlmv2_response(
+            {
+              # user and domain came from the serialized data here, so
+              # they're already unicode
+              :ntlmv2_hash => NTLM.ntlmv2_hash(user, '', domain, :unicode => true),
+              :challenge => server_challenge,
+              :target_info => blob.target_info
+            },
+            {
+              :client_challenge => blob.challenge,
+              # The blob's timestamp is already in milliseconds since 1601,
+              # so convert it back to epoch time first
+              :timestamp => (blob.timestamp / 10_000_000) - NTLM::TIME_OFFSET,
+            }
+          )
+
+          empty_hash == ntlm_response
+        end
+      end
+    end
+  end
+end

data/lib/net/ntlm/security_buffer.rb

@@ -1,48 +1,48 @@
-
-module Net
-  module NTLM
-
-    class SecurityBuffer < FieldSet
-
-      int16LE   :length,        {:value => 0}
-      int16LE   :allocated,     {:value => 0}
-      int32LE   :offset,        {:value => 0}
-
-      attr_accessor :active
-      def initialize(opts={})
-        super()
-        @value  = opts[:value]
-        @active = opts[:active].nil? ? true : opts[:active]
-        @size = 8
-      end
-
-      def parse(str, offset=0)
-        if @active and str.size >= offset + @size
-          super(str, offset)
-          @value = str[self.offset, self.length]
-          @size
-        else
-          0
-        end
-      end
-
-      def serialize
-        super if @active
-      end
-
-      def value
-        @value
-      end
-
-      def value=(val)
-        @value = val
-        self.length = self.allocated = val.size
-      end
-
-      def data_size
-        @active ? @value.size : 0
-      end
-    end
-
-  end
+
+module Net
+  module NTLM
+
+    class SecurityBuffer < FieldSet
+
+      int16LE   :length,        {:value => 0}
+      int16LE   :allocated,     {:value => 0}
+      int32LE   :offset,        {:value => 0}
+
+      attr_accessor :active
+      def initialize(opts={})
+        super()
+        @value  = opts[:value]
+        @active = opts[:active].nil? ? true : opts[:active]
+        @size = 8
+      end
+
+      def parse(str, offset=0)
+        if @active and str.size >= offset + @size
+          super(str, offset)
+          @value = str[self.offset, self.length]
+          @size
+        else
+          0
+        end
+      end
+
+      def serialize
+        super if @active
+      end
+
+      def value
+        @value
+      end
+
+      def value=(val)
+        @value = val
+        self.length = self.allocated = val.size
+      end
+
+      def data_size
+        @active ? @value.size : 0
+      end
+    end
+
+  end
 end

data/lib/net/ntlm/string.rb

@@ -1,35 +1,35 @@
-module Net
-  module NTLM
-
-    class String < Field
-      def initialize(opts)
-        super(opts)
-        @size = opts[:size]
-      end
-
-      def parse(str, offset=0)
-        if @active and str.size >= offset + @size
-          @value = str[offset, @size]
-          @size
-        else
-          0
-        end
-      end
-
-      def serialize
-        if @active
-          @value.to_s
-        else
-          ""
-        end
-      end
-
-      def value=(val)
-        @value = val
-        @size = @value.nil? ? 0 : @value.size
-        @active = (@size > 0)
-      end
-    end
-
-  end
+module Net
+  module NTLM
+
+    class String < Field
+      def initialize(opts)
+        super(opts)
+        @size = opts[:size]
+      end
+
+      def parse(str, offset=0)
+        if @active and str.size >= offset + @size
+          @value = str[offset, @size]
+          @size
+        else
+          0
+        end
+      end
+
+      def serialize
+        if @active
+          @value.to_s
+        else
+          ""
+        end
+      end
+
+      def value=(val)
+        @value = val
+        @size = @value.nil? ? 0 : @value.size
+        @active = (@size > 0)
+      end
+    end
+
+  end
 end

data/lib/net/ntlm/target_info.rb

@@ -0,0 +1,89 @@
+module Net
+  module NTLM
+
+    # Represents a list of AV_PAIR structures
+    # @see https://msdn.microsoft.com/en-us/library/cc236646.aspx
+    class TargetInfo
+
+      # Allowed AvId values for an AV_PAIR
+      MSV_AV_EOL               = "\x00\x00".freeze
+      MSV_AV_NB_COMPUTER_NAME  = "\x01\x00".freeze
+      MSV_AV_NB_DOMAIN_NAME    = "\x02\x00".freeze
+      MSV_AV_DNS_COMPUTER_NAME = "\x03\x00".freeze
+      MSV_AV_DNS_DOMAIN_NAME   = "\x04\x00".freeze
+      MSV_AV_DNS_TREE_NAME     = "\x05\x00".freeze
+      MSV_AV_FLAGS             = "\x06\x00".freeze
+      MSV_AV_TIMESTAMP         = "\x07\x00".freeze
+      MSV_AV_SINGLE_HOST       = "\x08\x00".freeze
+      MSV_AV_TARGET_NAME       = "\x09\x00".freeze
+      MSV_AV_CHANNEL_BINDINGS  = "\x0A\x00".freeze
+
+      # @param av_pair_sequence [String] AV_PAIR list from challenge message
+      def initialize(av_pair_sequence)
+        @av_pairs = read_pairs(av_pair_sequence)
+      end
+
+      attr_reader :av_pairs
+
+      def to_s
+        result = ''
+        av_pairs.each do |k,v|
+          result << k
+          result << [v.length].pack('S')
+          result << v
+        end
+        result << Net::NTLM::TargetInfo::MSV_AV_EOL
+        result << [0].pack('S')
+        result.force_encoding(Encoding::ASCII_8BIT)
+      end
+
+      private
+
+      VALID_PAIR_ID = [
+          MSV_AV_EOL,
+          MSV_AV_NB_COMPUTER_NAME,
+          MSV_AV_NB_DOMAIN_NAME,
+          MSV_AV_DNS_COMPUTER_NAME,
+          MSV_AV_DNS_DOMAIN_NAME,
+          MSV_AV_DNS_TREE_NAME,
+          MSV_AV_FLAGS,
+          MSV_AV_TIMESTAMP,
+          MSV_AV_SINGLE_HOST,
+          MSV_AV_TARGET_NAME,
+          MSV_AV_CHANNEL_BINDINGS
+      ].freeze
+
+      def read_pairs(av_pair_sequence)
+        offset = 0
+        result = {}
+        return result if av_pair_sequence.nil?
+
+        until offset >= av_pair_sequence.length
+          id = av_pair_sequence[offset..offset+1]
+
+          unless VALID_PAIR_ID.include?(id)
+            raise Net::NTLM::InvalidTargetDataError.new( 
+              "Invalid AvId #{to_hex(id)} in AV_PAIR structure",
+              av_pair_sequence
+            )
+          end
+
+          length = av_pair_sequence[offset+2..offset+3].unpack('S')[0].to_i
+          if length > 0
+            value = av_pair_sequence[offset+4..offset+4+length-1]
+            result[id] = value
+          end
+
+          offset += 4 + length
+        end
+
+        result
+      end
+
+      def to_hex(str)
+        return nil if str.nil?
+        str.bytes.map {|b| '0x' + b.to_s(16).rjust(2,'0').upcase}.join('-')
+      end
+    end
+  end
+end