rubyntlm 0.6.3 → 0.6.5

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 9ef7e8c4a2e91abd9fac8aff17da320fc011a25b0a74b14e8f121332daa33ee6
-  data.tar.gz: 9158fdcca0c6121fbfc27731bae0865398aee7a410e0be463872cfe764924b61
+  metadata.gz: 12b18439c86b30b978043850938e3ec611230d2e0783828d6db337dfe4ea97ad
+  data.tar.gz: 872a21844c21c9f64815abd312156c3fcddb8ebedc5185ec128106b6714b8521
 SHA512:
-  metadata.gz: f3150588419fc1a400aacc52cbbdd61df58212e77cead9cc7b90b71af31d9a9d0cae90285e9d555bb1a953b4085af47ddc82c350b89b2ce31475e70f6c909a49
-  data.tar.gz: 20f50357f7ae738617386d1504dfae5d759ecceb2f7adc501e1458be80d22ea2864dc1b216d4853cda568271e81134fcda182f520477f8fd8613386e168ceefc
+  metadata.gz: 03df0639b70648b2db81684060ce732d46f21a392590f4995ddb4c97399036ffc8d9a47fd1460b64441a34bebdbabfbd1f3d625bf1246a9e178a0901770f0ee5
+  data.tar.gz: e3ff9341eb1738c501fe90d9456a8203e5771af2c459bb53f0168e24cbdd549540a0369d9a83f2864dce4fac86595cca4c7207b88f11a1b843d9fdbf52b59b20

data/.devcontainer/devcontainer.json

@@ -0,0 +1,22 @@
+// For format details, see https://aka.ms/devcontainer.json. For config options, see the
+// README at: https://github.com/devcontainers/templates/tree/main/src/ruby
+{
+	"name": "Ruby",
+	// Or use a Dockerfile or Docker Compose file. More info: https://containers.dev/guide/dockerfile
+	"image": "mcr.microsoft.com/devcontainers/ruby:1-3.3-bullseye"
+
+	// Features to add to the dev container. More info: https://containers.dev/features.
+	// "features": {},
+
+	// Use 'forwardPorts' to make a list of ports inside the container available locally.
+	// "forwardPorts": [],
+
+	// Use 'postCreateCommand' to run commands after the container is created.
+	// "postCreateCommand": "ruby --version",
+
+	// Configure tool-specific properties.
+	// "customizations": {},
+
+	// Uncomment to connect as root instead. More info: https://aka.ms/dev-containers-non-root.
+	// "remoteUser": "root"
+}

data/.github/dependabot.yml

@@ -0,0 +1,10 @@
+version: 2
+updates:
+  - package-ecosystem: "github-actions"
+    directory: "/"
+    schedule:
+      interval: "weekly"
+  - package-ecosystem: "devcontainers"
+    directory: "/"
+    schedule:
+      interval: weekly

data/.github/workflows/build.yml

@@ -0,0 +1,24 @@
+---
+name: build
+
+"on":
+  pull_request:
+  push:
+    branches:
+      - master
+
+jobs:
+  unit:
+    strategy:
+      fail-fast: false
+      matrix:
+        os: [ubuntu-latest, windows-2019]
+        ruby: ['2.6', '2.7', '3.0', '3.1', '3.2', '3.3']
+    runs-on: ${{ matrix.os }}
+    steps:
+    - uses: actions/checkout@v4
+    - uses: ruby/setup-ruby@v1
+      with:
+        ruby-version: ${{ matrix.ruby }}
+        bundler-cache: true
+    - run: bundle exec rake

data/CHANGELOG.md

@@ -1,5 +1,18 @@
 # Change Log
 
+## 0.6.5 (2024-06-11)
+
+* Update available NegotiateFlags during authentication
+* Fix NTLMv2 hash when username contains non-ASCII characters by @cdelafuente-r7 in https://github.com/WinRb/rubyntlm/pull/56
+
+## 0.6.4 (2024-06-06)
+
+* Fix applying DES-CBC when using OpenSSL 3 by @paulvt in https://github.com/WinRb/rubyntlm/pull/51
+* Add dependency to `base64` gem by @yahonda in https://github.com/WinRb/rubyntlm/pull/62
+* Avoid usage of legacy algorithms on libssl-3.0+ by @larskanis in https://github.com/WinRb/rubyntlm/pull/53
+* Add anonymous authentication support by @zeroSteiner in https://github.com/WinRb/rubyntlm/pull/45
+* Update minimum supported ruby to 2.6. Add support for ruby 3.2 and 3.3
+
 ## [0.6.3](https://github.com/WinRb/rubyntlm/tree/0.6.3) (2021-01-26)
 [Full Changelog](https://github.com/WinRb/rubyntlm/compare/v0.6.2...0.6.3)
 
@@ -124,4 +137,4 @@
 ## [v0.2.0](https://github.com/WinRb/rubyntlm/tree/v0.2.0) (2013-03-22)
 
 
-\* *This Change Log was automatically generated by [github_changelog_generator](https://github.com/skywinder/Github-Changelog-Generator)*
+\* *This Change Log was automatically generated by [github_changelog_generator](https://github.com/skywinder/Github-Changelog-Generator)*

data/README.md

@@ -1,6 +1,6 @@
 # Ruby/NTLM -- NTLM Authentication Library for Ruby
 
-[![Build Status](https://travis-ci.org/WinRb/rubyntlm.png)](https://travis-ci.org/WinRb/rubyntlm)
+[![CI status](https://github.com/WinRb/rubyntlm/actions/workflows/build.yml/badge.svg)](https://github.com/WinRb/rubyntlm/actions/workflows/build.yml)
 
 Ruby/NTLM provides message creator and parser for the NTLM authentication. 
 

data/lib/net/ntlm/client/session.rb

@@ -26,8 +26,8 @@ module Net
       def authenticate!
         calculate_user_session_key!
         type3_opts = {
-          :lm_response   => lmv2_resp,
-          :ntlm_response => ntlmv2_resp,
+          :lm_response   => is_anonymous? ? "\x00".b : lmv2_resp,
+          :ntlm_response => is_anonymous? ? '' : ntlmv2_resp,
           :domain        => domain,
           :user          => username,
           :workstation   => workstation,
@@ -36,11 +36,8 @@ module Net
         t3 = Message::Type3.create type3_opts
         if negotiate_key_exchange?
           t3.enable(:session_key)
-          rc4 = OpenSSL::Cipher.new("rc4")
-          rc4.encrypt
-          rc4.key = user_session_key
-          sk = rc4.update exported_session_key
-          sk << rc4.final
+          rc4 = Net::NTLM::Rc4.new(user_session_key)
+          sk = rc4.encrypt exported_session_key
           t3.session_key = sk
         end
         t3
@@ -50,7 +47,7 @@ module Net
         @exported_session_key ||=
           begin
             if negotiate_key_exchange?
-              OpenSSL::Cipher.new("rc4").random_key
+              OpenSSL::Random.random_bytes(16)
             else
               user_session_key
             end
@@ -61,8 +58,7 @@ module Net
         seq = sequence
         sig = OpenSSL::HMAC.digest(OpenSSL::Digest::MD5.new, client_sign_key, "#{seq}#{message}")[0..7]
         if negotiate_key_exchange?
-          sig = client_cipher.update sig
-          sig << client_cipher.final
+          sig = client_cipher.encrypt sig
         end
         "#{VERSION_MAGIC}#{sig}#{seq}"
       end
@@ -71,20 +67,21 @@ module Net
         seq = signature[-4..-1]
         sig = OpenSSL::HMAC.digest(OpenSSL::Digest::MD5.new, server_sign_key, "#{seq}#{message}")[0..7]
         if negotiate_key_exchange?
-          sig = server_cipher.update sig
-          sig << server_cipher.final
+          sig = server_cipher.encrypt sig
         end
         "#{VERSION_MAGIC}#{sig}#{seq}" == signature
       end
 
       def seal_message(message)
-        emessage = client_cipher.update(message)
-        emessage + client_cipher.final
+        client_cipher.encrypt(message)
       end
 
       def unseal_message(emessage)
-        message = server_cipher.update(emessage)
-        message + server_cipher.final
+        server_cipher.encrypt(emessage)
+      end
+
+      def is_anonymous?
+        username == '' && password == ''
       end
 
       private
@@ -123,23 +120,11 @@ module Net
       end
 
       def client_cipher
-        @client_cipher ||=
-          begin
-            rc4 = OpenSSL::Cipher.new("rc4")
-            rc4.encrypt
-            rc4.key = client_seal_key
-            rc4
-          end
+        @client_cipher ||= Net::NTLM::Rc4.new(client_seal_key)
       end
 
       def server_cipher
-        @server_cipher ||=
-          begin
-            rc4 = OpenSSL::Cipher.new("rc4")
-            rc4.decrypt
-            rc4.key = server_seal_key
-            rc4
-          end
+        @server_cipher ||= Net::NTLM::Rc4.new(server_seal_key)
       end
 
       def client_challenge
@@ -157,7 +142,8 @@ module Net
       end
 
       def use_oem_strings?
-        challenge_message.has_flag? :OEM
+        # @see https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-nlmp/99d90ff4-957f-4c8a-80e4-5bfe5a9a9832
+        !challenge_message.has_flag?(:UNICODE) && challenge_message.has_flag?(:OEM)
       end
 
       def negotiate_key_exchange?
@@ -193,7 +179,12 @@ module Net
       end
 
       def calculate_user_session_key!
-        @user_session_key = OpenSSL::HMAC.digest(OpenSSL::Digest::MD5.new, ntlmv2_hash, nt_proof_str)
+        if is_anonymous?
+          # see MS-NLMP section 3.4
+          @user_session_key = "\x00".b * 16
+        else
+          @user_session_key = OpenSSL::HMAC.digest(OpenSSL::Digest::MD5.new, ntlmv2_hash, nt_proof_str)
+        end
       end
 
       def lmv2_resp
@@ -231,7 +222,6 @@ module Net
           end
         end
       end
-
     end
   end
 end

data/lib/net/ntlm/encode_util.rb

@@ -39,7 +39,7 @@ module NTLM
       #   the function will convert the string bytes to UTF-16LE and note the encoding as UTF-8 so that byte
       #   concatination works seamlessly.
       def self.encode_utf16le(str)
-        str.dup.force_encoding('UTF-8').encode(Encoding::UTF_16LE, Encoding::UTF_8).force_encoding('UTF-8')
+        str.dup.force_encoding('UTF-8').encode(Encoding::UTF_16LE, Encoding::UTF_8).force_encoding('ASCII-8BIT')
       end
     end
   end

data/lib/net/ntlm/md4.rb

@@ -0,0 +1,80 @@
+require 'openssl'
+
+module Net
+module NTLM
+
+  class Md4
+
+    begin
+      OpenSSL::Digest::MD4.digest("")
+    rescue
+      # libssl-3.0+ doesn't support legacy MD4 -> use our own implementation
+
+      require 'stringio'
+
+      def self.digest(string)
+        # functions
+        mask = (1 << 32) - 1
+        f = proc {|x, y, z| x & y | x.^(mask) & z}
+        g = proc {|x, y, z| x & y | x & z | y & z}
+        h = proc {|x, y, z| x ^ y ^ z}
+        r = proc {|v, s| (v << s).&(mask) | (v.&(mask) >> (32 - s))}
+
+        # initial hash
+        a, b, c, d = 0x67452301, 0xefcdab89, 0x98badcfe, 0x10325476
+
+        bit_len = string.size << 3
+        string += "\x80"
+        while (string.size % 64) != 56
+          string += "\0"
+        end
+        string = string.force_encoding('ascii-8bit') + [bit_len & mask, bit_len >> 32].pack("V2")
+
+        if string.size % 64 != 0
+          fail "failed to pad to correct length"
+        end
+
+        io = StringIO.new(string)
+        block = ""
+
+        while io.read(64, block)
+          x = block.unpack("V16")
+
+          # Process this block.
+          aa, bb, cc, dd = a, b, c, d
+          [0, 4, 8, 12].each {|i|
+            a = r[a + f[b, c, d] + x[i],  3]; i += 1
+            d = r[d + f[a, b, c] + x[i],  7]; i += 1
+            c = r[c + f[d, a, b] + x[i], 11]; i += 1
+            b = r[b + f[c, d, a] + x[i], 19]
+          }
+          [0, 1, 2, 3].each {|i|
+            a = r[a + g[b, c, d] + x[i] + 0x5a827999,  3]; i += 4
+            d = r[d + g[a, b, c] + x[i] + 0x5a827999,  5]; i += 4
+            c = r[c + g[d, a, b] + x[i] + 0x5a827999,  9]; i += 4
+            b = r[b + g[c, d, a] + x[i] + 0x5a827999, 13]
+          }
+          [0, 2, 1, 3].each {|i|
+            a = r[a + h[b, c, d] + x[i] + 0x6ed9eba1,  3]; i += 8
+            d = r[d + h[a, b, c] + x[i] + 0x6ed9eba1,  9]; i -= 4
+            c = r[c + h[d, a, b] + x[i] + 0x6ed9eba1, 11]; i += 8
+            b = r[b + h[c, d, a] + x[i] + 0x6ed9eba1, 15]
+          }
+          a = (a + aa) & mask
+          b = (b + bb) & mask
+          c = (c + cc) & mask
+          d = (d + dd) & mask
+        end
+
+        [a, b, c, d].pack("V4")
+      end
+
+    else
+      # Openssl/libssl provides MD4, so we can use it.
+      def self.digest(string)
+        OpenSSL::Digest::MD4.digest(string)
+      end
+    end
+  end
+end
+end

data/lib/net/ntlm/message.rb

@@ -3,28 +3,36 @@ module NTLM
 
   SSP_SIGN = "NTLMSSP\0"
 
+  # See [2.2.2.5 NEGOTIATE](https://msdn.microsoft.com/en-us/library/cc236650.aspx)
   FLAGS = {
       :UNICODE              => 0x00000001,
       :OEM                  => 0x00000002,
       :REQUEST_TARGET       => 0x00000004,
-      :MBZ9                 => 0x00000008,
       :SIGN                 => 0x00000010,
       :SEAL                 => 0x00000020,
       :NEG_DATAGRAM         => 0x00000040,
-      :NETWARE              => 0x00000100,
+      :NEG_LM_KEY           => 0x00000080,
       :NTLM                 => 0x00000200,
-      :NEG_NT_ONLY          => 0x00000400,
-      :MBZ7                 => 0x00000800,
+      :NEG_ANONYMOUS        => 0x00000800,
       :DOMAIN_SUPPLIED      => 0x00001000,
       :WORKSTATION_SUPPLIED => 0x00002000,
-      :LOCAL_CALL           => 0x00004000,
       :ALWAYS_SIGN          => 0x00008000,
       :TARGET_TYPE_DOMAIN   => 0x00010000,
+      :TARGET_TYPE_SERVER   => 0x00020000,
       :NTLM2_KEY            => 0x00080000,
+      :NEG_IDENTIFY         => 0x00100000,
+      :NON_NT_SESSION_KEY   => 0x00400000,
       :TARGET_INFO          => 0x00800000,
+      :NEG_VERSION          => 0x02000000,
       :KEY128               => 0x20000000,
       :KEY_EXCHANGE         => 0x40000000,
-      :KEY56                => 0x80000000
+      :KEY56                => 0x80000000,
+      # Undocumented flags:
+      :MBZ9                 => 0x00000008,
+      :NETWARE              => 0x00000100,
+      :NEG_NT_ONLY          => 0x00000400,
+      :MBZ7                 => 0x00000800, # alias for :NEG_ANONYMOUS
+      :LOCAL_CALL           => 0x00004000,
   }.freeze
 
   FLAG_KEYS = FLAGS.keys.sort{|a, b| FLAGS[a] <=> FLAGS[b] }
@@ -35,7 +43,6 @@ module NTLM
       :TYPE3 => FLAGS[:UNICODE] | FLAGS[:REQUEST_TARGET] | FLAGS[:NTLM] | FLAGS[:ALWAYS_SIGN] | FLAGS[:NTLM2_KEY]
   }
 
-
   # @private false
   class Message < FieldSet
     class << Message
@@ -87,7 +94,7 @@ module NTLM
 
     def serialize
       deflag
-      super + security_buffers.map{|n, f| f.value}.join
+      super + security_buffers.map{|n, f| f.value + (has_flag?(:UNICODE) ? "\x00".b * (f.value.length % 2) : '')}.join
     end
 
     def encode64
@@ -117,6 +124,7 @@ module NTLM
       security_buffers.inject(head_size){|cur, a|
         a[1].offset = cur
         cur += a[1].data_size
+        has_flag?(:UNICODE) ? cur + cur % 2 : cur
       }
     end
 

data/lib/net/ntlm/rc4.rb

@@ -0,0 +1,59 @@
+require 'openssl'
+
+module Net
+module NTLM
+
+  begin
+    OpenSSL::Cipher.new("rc4")
+  rescue
+    # libssl-3.0+ doesn't support legacy Rc4 -> use our own implementation
+
+    class Rc4
+      def initialize(str)
+        raise ArgumentError, "RC4: Key supplied is blank"  if str.eql?('')
+        initialize_state(str)
+        @q1, @q2 = 0, 0
+      end
+
+      def encrypt(text)
+        text.each_byte.map do |b|
+          @q1 = (@q1 + 1) % 256
+          @q2 = (@q2 + @state[@q1]) % 256
+          @state[@q1], @state[@q2] = @state[@q2], @state[@q1]
+          b ^ @state[(@state[@q1] + @state[@q2]) % 256]
+        end.pack("C*")
+      end
+
+      private
+
+      # The initial state which is then modified by the key-scheduling algorithm
+      INITIAL_STATE = (0..255).to_a
+
+      # Performs the key-scheduling algorithm to initialize the state.
+      def initialize_state(key)
+        i = j = 0
+        @state = INITIAL_STATE.dup
+        key_length = key.length
+        while i < 256
+          j = (j + @state[i] + key.getbyte(i % key_length)) % 256
+          @state[i], @state[j] = @state[j], @state[i]
+          i += 1
+        end
+      end
+    end
+
+  else
+    # Openssl/libssl provides RC4, so we can use it.
+    class Rc4
+      def initialize(str)
+        @ci = OpenSSL::Cipher.new("rc4")
+        @ci.key = str
+      end
+
+      def encrypt(text)
+        @ci.update(text) + @ci.final
+      end
+    end
+  end
+end
+end

data/lib/net/ntlm/version.rb

@@ -4,7 +4,7 @@ module Net
     module VERSION
       MAJOR = 0
       MINOR = 6
-      TINY  = 3
+      TINY  = 5
       STRING = [MAJOR, MINOR, TINY].join('.')
     end
   end

data/lib/net/ntlm.rb

@@ -59,6 +59,8 @@ require 'net/ntlm/message/type2'
 require 'net/ntlm/message/type3'
 
 require 'net/ntlm/encode_util'
+require 'net/ntlm/md4'
+require 'net/ntlm/rc4'
 
 require 'net/ntlm/client'
 require 'net/ntlm/channel_binding'
@@ -94,10 +96,10 @@ module Net
         end
       end
 
-      # Conver the value to a 64-Bit Little Endian Int
+      # Convert the value to a 64-bit little-endian integer
       # @param [String] val The string to convert
       def pack_int64le(val)
-          [val & 0x00000000ffffffff, val >> 32].pack("V2")
+        [val & 0x00000000ffffffff, val >> 32].pack("V2")
       end
 
       # Builds an array of strings that are 7 characters long
@@ -111,7 +113,8 @@ module Net
         ret
       end
 
-      # Not sure what this is doing
+      # Each byte of a DES key contains seven bits of key material and one odd-parity bit.
+      # The parity bit should be set so that there are an odd number of 1 bits in each byte.
       # @param [String] str String to generate keys for
       # @api private
       def gen_keys(str)
@@ -123,22 +126,24 @@ module Net
       end
 
       def apply_des(plain, keys)
-        dec = OpenSSL::Cipher.new("des-cbc").encrypt
-        dec.padding = 0
         keys.map {|k|
-          dec.key = k
+          # Spec requires des-cbc, but openssl 3 does not support single des
+          # by default, so just do triple DES (EDE) with the same key
+          dec = OpenSSL::Cipher.new("des-ede-cbc").encrypt
+          dec.padding = 0
+          dec.key = k + k
           dec.update(plain) + dec.final
         }
       end
 
-      # Generates a Lan Manager Hash
+      # Generates a {https://en.wikipedia.org/wiki/LAN_Manager LAN Manager Hash}
       # @param [String] password The password to base the hash on
       def lm_hash(password)
         keys = gen_keys password.upcase.ljust(14, "\0")
         apply_des(LM_MAGIC, keys).join
       end
 
-      # Generate a NTLM Hash
+      # Generate an NTLM Hash
       # @param [String] password The password to base the hash on
       # @option opt :unicode (false) Unicode encode the password
       def ntlm_hash(password, opt = {})
@@ -146,14 +151,14 @@ module Net
         unless opt[:unicode]
           pwd = EncodeUtil.encode_utf16le(pwd)
         end
-        OpenSSL::Digest::MD4.digest pwd
+        Net::NTLM::Md4.digest pwd
       end
 
       # Generate a NTLMv2 Hash
       # @param [String] user The username
       # @param [String] password The password
       # @param [String] target The domain or workstation to authenticate to
-      # @option opt :unicode (false) Unicode encode the domain
+      # @option [Boolean] opt :unicode (false) Unicode encode the domain.
       def ntlmv2_hash(user, password, target, opt={})
         if is_ntlm_hash? password
           decoded_password = EncodeUtil.decode_utf16le(password)
@@ -161,7 +166,18 @@ module Net
         else
           ntlmhash = ntlm_hash(password, opt)
         end
-        userdomain = user.upcase + target
+
+        if opt[:unicode]
+          # Uppercase operation on username containing non-ASCI characters
+          # after behing unicode encoded with `EncodeUtil.encode_utf16le`
+          # doesn't play well. Upcase should be done before encoding.
+          user_upcase = EncodeUtil.decode_utf16le(user).upcase
+          user_upcase = EncodeUtil.encode_utf16le(user_upcase)
+        else
+          user_upcase = user.upcase
+        end
+        userdomain = user_upcase + target
+
         unless opt[:unicode]
           userdomain = EncodeUtil.encode_utf16le(userdomain)
         end

data/rubyntlm.gemspec

@@ -13,11 +13,10 @@ Gem::Specification.new do |s|
 
 
   s.files         = `git ls-files`.split($/)
-  s.executables   = s.files.grep(%r{^bin/}) { |f| File.basename(f) }
   s.test_files    = s.files.grep(%r{^(test|spec|features)/})
   s.require_paths = ["lib"]
 
-  s.required_ruby_version = '>= 1.8.7'
+  s.required_ruby_version = '>= 2.6.0'
 
   s.license = 'MIT'
 
@@ -26,4 +25,7 @@ Gem::Specification.new do |s|
   s.add_development_dependency "rake"
   s.add_development_dependency "rspec", ">= 2.11"
   s.add_development_dependency "simplecov"
+  s.add_dependency "base64"
+
+  s.metadata["rubygems_mfa_required"] = "true"
 end

data/spec/lib/net/ntlm/client/session_spec.rb

@@ -65,4 +65,23 @@ describe Net::NTLM::Client::Session do
     end
   end
 
+  context 'when authenticating anonymously' do
+    let(:inst) { Net::NTLM::Client::Session.new(Net::NTLM::Client.new('', ''), t2_challenge) }
+
+    describe "#authenticate!" do
+      it "should set the response fields correctly" do
+        t3 = inst.authenticate!
+        expect(t3).to be_a(Net::NTLM::Message::Type3)
+        expect(t3.lm_response).to eq("\x00".b)
+        expect(t3.ntlm_response).to eq('')
+      end
+    end
+
+    describe "#is_anonymous?" do
+      it "should be true" do
+        expect(inst.is_anonymous?).to be_truthy
+      end
+    end
+  end
+
 end

data/spec/lib/net/ntlm/message/type3_spec.rb

@@ -222,4 +222,46 @@ describe Net::NTLM::Message::Type3 do
 
   end
 
+  describe '#serialize' do
+    context 'when the username contains non-ASCI characters' do
+      let(:t3) {
+        t2 = Net::NTLM::Message::Type2.new
+        t2.response(
+          {
+            :user => 'Hélène',
+            :password => '123456',
+            :domain => ''
+          },
+          {
+            :ntlmv2 => true,
+            :workstation => 'testlab.local'
+          }
+        )
+      }
+
+      it 'serializes without error' do
+        expect { t3.serialize }.not_to raise_error
+      end
+    end
+
+    subject(:message) { described_class.create(opts) }
+    context 'with the UNICODE flag set' do
+      let(:opts) { {lm_response: "\x00".b, ntlm_response: '', domain: '', workstation: '', user: '', flag: Net::NTLM::DEFAULT_FLAGS[:TYPE3] | Net::NTLM::FLAGS[:UNICODE] } }
+
+      it 'should pad the domain field to a multiple of 2' do
+        message.serialize
+        expect(message[:domain][:offset].value % 2).to eq 0
+      end
+
+      it 'should pad the user field to a multiple of 2' do
+        message.serialize
+        expect(message[:user][:offset].value % 2).to eq 0
+      end
+
+      it 'should pad the workstation field to a multiple of 2' do
+        message.serialize
+        expect(message[:workstation][:offset].value % 2).to eq 0
+      end
+    end
+  end
 end

data/spec/lib/net/ntlm_spec.rb

@@ -59,6 +59,14 @@ describe Net::NTLM do
     end
   end
 
+  context 'when the username contains non-ASCI characters' do
+    let(:user) { 'юзер' }
+
+    it 'should return the correct ntlmv2 hash' do
+      expect(Net::NTLM::ntlmv2_hash(user, passwd, domain, { unicode: true })).to eq(["a0f4b914a37faeaee884b6b04a20faf0"].pack("H*"))
+    end
+  end
+
   it 'should generate an lm_response' do
     expect(Net::NTLM::lm_response(
         {

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: rubyntlm
 version: !ruby/object:Gem::Version
-  version: 0.6.3
+  version: 0.6.5
 platform: ruby
 authors:
 - Kohei Kajimoto
@@ -9,7 +9,7 @@ authors:
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2021-01-27 00:00:00.000000000 Z
+date: 2024-06-12 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: github_changelog_generator
@@ -81,6 +81,20 @@ dependencies:
     - - ">="
       - !ruby/object:Gem::Version
         version: '0'
+- !ruby/object:Gem::Dependency
+  name: base64
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
 description: Ruby/NTLM provides message creator and parser for the NTLM authentication.
 email:
 - koheik@gmail.com
@@ -89,9 +103,11 @@ executables: []
 extensions: []
 extra_rdoc_files: []
 files:
+- ".devcontainer/devcontainer.json"
+- ".github/dependabot.yml"
+- ".github/workflows/build.yml"
 - ".gitignore"
 - ".rspec"
-- ".travis.yml"
 - CHANGELOG.md
 - Gemfile
 - LICENSE
@@ -112,11 +128,13 @@ files:
 - lib/net/ntlm/int16_le.rb
 - lib/net/ntlm/int32_le.rb
 - lib/net/ntlm/int64_le.rb
+- lib/net/ntlm/md4.rb
 - lib/net/ntlm/message.rb
 - lib/net/ntlm/message/type0.rb
 - lib/net/ntlm/message/type1.rb
 - lib/net/ntlm/message/type2.rb
 - lib/net/ntlm/message/type3.rb
+- lib/net/ntlm/rc4.rb
 - lib/net/ntlm/security_buffer.rb
 - lib/net/ntlm/string.rb
 - lib/net/ntlm/target_info.rb
@@ -152,7 +170,8 @@ files:
 homepage: https://github.com/winrb/rubyntlm
 licenses:
 - MIT
-metadata: {}
+metadata:
+  rubygems_mfa_required: 'true'
 post_install_message: 
 rdoc_options: []
 require_paths:
@@ -161,14 +180,14 @@ required_ruby_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
-      version: 1.8.7
+      version: 2.6.0
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.1.4
+rubygems_version: 3.5.3
 signing_key: 
 specification_version: 4
 summary: Ruby/NTLM library.

data/.travis.yml

@@ -1,13 +0,0 @@
-language: ruby
-rvm:
-  - 2.1.9
-  - 2.6.6
-  - 2.7.1
-  - 3.0.0
-before_install:
-  - gem update bundler
-
-# This prevents testing branches that are created just for PRs
-branches:
-  only:
-  - master