rubyntlm 0.6.1 → 0.6.2

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: f4f6956cb7312016f0dd160d795fc7835e9d9dd9
-  data.tar.gz: e81b31dd74c218f3765619086f03846dab005f0f
+  metadata.gz: 1faff36beeb295ca5d6326a6140686242c3c2447
+  data.tar.gz: 23a28cbdddae6dc194754d2a069c6b0cdfbeee05
 SHA512:
-  metadata.gz: ae8d487fdeef742a2bc53a821fc491e26a5c34a5d7a1ae8b24d03c42dd0c842c7ec1591cf7a46028747d7411b3cf4b20ad5d396d812a7da0c601b1559d8aa625
-  data.tar.gz: b33ee3d2081189aae2b2567aef95f89e2e2bacbc03966b51da178d014b78bbc29b0c37a3488f1b86b2aeb23488b08dac71e1ea0142d324c5a09d8bca2f3a9067
+  metadata.gz: 33144b0784c9d24f9be05709cef524ed451a45c7c9a54afcafe26aa1a8a9a7bdbfffe6d4252508bc8c924c96c2812c84d2f833204f7ee1a50de234c38b36bb10
+  data.tar.gz: 661166a477bf794791376cd7f52aa881f78c0ce6f8bef732ba85f09a703df055a6869305f13e432803e9f5736c3a44d67588240b5f606d7797e4a73d925bee6a

data/.gitignore

@@ -1,3 +1,4 @@
-.yardoc
-/doc
-Gemfile.lock
+.yardoc
+/doc
+Gemfile.lock
+pkg

data/.rspec

@@ -1,2 +1,2 @@
---format documentation
---color
+--format documentation
+--color

data/.travis.yml

@@ -1,12 +1,13 @@
-language: ruby
-rvm:
-  - 2.1.9
-  - 2.2.0
-  - 2.3.1
-before_install:
-  - gem update bundler
-
-# This prevents testing branches that are created just for PRs
-branches:
-  only:
-  - master
+language: ruby
+rvm:
+  - 2.1.9
+  - 2.2.0
+  - 2.3.1
+  - 2.4.0
+before_install:
+  - gem update bundler
+
+# This prevents testing branches that are created just for PRs
+branches:
+  only:
+  - master

data/CHANGELOG.md

@@ -1,6 +1,118 @@
-0.2.0 - Major changes to behavior!!!!
-  - Bug - Type 1 packets do not include a domain and workstation by defauly. Packet capture software will see this type of packet as malformed. All packets now include this information
-  - Bug - Type 3 packets do not include the calling workstation. This should be setup by default.
-
-0.1.2
- - Feature user can specify the target domain 
+# Change Log
+
+## [0.6.2](https://github.com/WinRb/rubyntlm/tree/0.6.2) (2017-04-06)
+[Full Changelog](https://github.com/WinRb/rubyntlm/compare/v0.6.1...0.6.2)
+
+**Merged pull requests:**
+
+- Support Ruby 2.4 [\#34](https://github.com/WinRb/rubyntlm/pull/34) ([fwininger](https://github.com/fwininger))
+- ignore pkg directory in git [\#33](https://github.com/WinRb/rubyntlm/pull/33) ([mwrock](https://github.com/mwrock))
+
+## [v0.6.1](https://github.com/WinRb/rubyntlm/tree/v0.6.1) (2016-09-15)
+[Full Changelog](https://github.com/WinRb/rubyntlm/compare/v0.6.0...v0.6.1)
+
+**Merged pull requests:**
+
+- Release 0.6.1 [\#32](https://github.com/WinRb/rubyntlm/pull/32) ([mwrock](https://github.com/mwrock))
+- only test supported rubies and do not test twice [\#31](https://github.com/WinRb/rubyntlm/pull/31) ([mwrock](https://github.com/mwrock))
+- Protect against mutating frozen strings [\#30](https://github.com/WinRb/rubyntlm/pull/30) ([mwrock](https://github.com/mwrock))
+
+## [v0.6.0](https://github.com/WinRb/rubyntlm/tree/v0.6.0) (2016-02-16)
+[Full Changelog](https://github.com/WinRb/rubyntlm/compare/0.5.3...v0.6.0)
+
+**Closed issues:**
+
+- support Extended Protection for Authentication \(Channel Binding Tokens\) [\#27](https://github.com/WinRb/rubyntlm/issues/27)
+- RubyNTLM is not documented [\#20](https://github.com/WinRb/rubyntlm/issues/20)
+
+**Merged pull requests:**
+
+- Support Extended Protection for Authentication \(Channel binding\) [\#28](https://github.com/WinRb/rubyntlm/pull/28) ([mwrock](https://github.com/mwrock))
+
+## [0.5.3](https://github.com/WinRb/rubyntlm/tree/0.5.3) (2016-01-22)
+[Full Changelog](https://github.com/WinRb/rubyntlm/compare/v0.5.3...0.5.3)
+
+## [v0.5.3](https://github.com/WinRb/rubyntlm/tree/v0.5.3) (2016-01-22)
+[Full Changelog](https://github.com/WinRb/rubyntlm/compare/0.5.2...v0.5.3)
+
+**Merged pull requests:**
+
+- fix session.workstation when passing only domain [\#26](https://github.com/WinRb/rubyntlm/pull/26) ([mwrock](https://github.com/mwrock))
+
+## [0.5.2](https://github.com/WinRb/rubyntlm/tree/0.5.2) (2015-07-20)
+[Full Changelog](https://github.com/WinRb/rubyntlm/compare/0.5.1...0.5.2)
+
+**Merged pull requests:**
+
+- Add Pass the Hash capability to the NTLM client [\#24](https://github.com/WinRb/rubyntlm/pull/24) ([dmaloney-r7](https://github.com/dmaloney-r7))
+
+## [0.5.1](https://github.com/WinRb/rubyntlm/tree/0.5.1) (2015-06-23)
+[Full Changelog](https://github.com/WinRb/rubyntlm/compare/0.5.0...0.5.1)
+
+**Merged pull requests:**
+
+- fix NTLM1 auth - NTLM::lm\_response\(pwd, chal\) and NTLM::ntlm\_response… [\#23](https://github.com/WinRb/rubyntlm/pull/23) ([marek-veber](https://github.com/marek-veber))
+- Make the session key available to clients [\#21](https://github.com/WinRb/rubyntlm/pull/21) ([jlee-r7](https://github.com/jlee-r7))
+
+## [0.5.0](https://github.com/WinRb/rubyntlm/tree/0.5.0) (2015-02-22)
+[Full Changelog](https://github.com/WinRb/rubyntlm/compare/v0.4.0...0.5.0)
+
+**Closed issues:**
+
+- require 'net/ntlm/version' in spec/lib/net/ntlm/version\_spec.rb [\#12](https://github.com/WinRb/rubyntlm/issues/12)
+- License missing from gemspec [\#5](https://github.com/WinRb/rubyntlm/issues/5)
+
+**Merged pull requests:**
+
+- Encode client and domain in oem/unicode in `Client\#authenticate!` [\#19](https://github.com/WinRb/rubyntlm/pull/19) ([jlee-r7](https://github.com/jlee-r7))
+- require version to fix specs [\#17](https://github.com/WinRb/rubyntlm/pull/17) ([sneal](https://github.com/sneal))
+- Initial go at an NTLM Client that will do session signing/sealing [\#16](https://github.com/WinRb/rubyntlm/pull/16) ([zenchild](https://github.com/zenchild))
+- Verify passwords in Type3 messages [\#15](https://github.com/WinRb/rubyntlm/pull/15) ([jlee-r7](https://github.com/jlee-r7))
+- RSpect should =\> expect modernization [\#14](https://github.com/WinRb/rubyntlm/pull/14) ([zenchild](https://github.com/zenchild))
+- update http example with EncodeUtil class [\#11](https://github.com/WinRb/rubyntlm/pull/11) ([stensonb](https://github.com/stensonb))
+- update readme with how to use and the correct namespacing for using the gem [\#10](https://github.com/WinRb/rubyntlm/pull/10) ([stensonb](https://github.com/stensonb))
+
+## [v0.4.0](https://github.com/WinRb/rubyntlm/tree/v0.4.0) (2013-09-12)
+[Full Changelog](https://github.com/WinRb/rubyntlm/compare/v0.3.4...v0.4.0)
+
+**Closed issues:**
+
+- The domain should always be capitalized otherwise domain authentication fails [\#7](https://github.com/WinRb/rubyntlm/issues/7)
+
+**Merged pull requests:**
+
+- Add licensing information and clean up attributions to provide licensing... [\#9](https://github.com/WinRb/rubyntlm/pull/9) ([pmorton](https://github.com/pmorton))
+- Upcase the domain [\#8](https://github.com/WinRb/rubyntlm/pull/8) ([pmorton](https://github.com/pmorton))
+- Refactor/refactor classes [\#6](https://github.com/WinRb/rubyntlm/pull/6) ([dmaloney-r7](https://github.com/dmaloney-r7))
+
+## [v0.3.4](https://github.com/WinRb/rubyntlm/tree/v0.3.4) (2013-08-08)
+[Full Changelog](https://github.com/WinRb/rubyntlm/compare/v0.3.3...v0.3.4)
+
+## [v0.3.3](https://github.com/WinRb/rubyntlm/tree/v0.3.3) (2013-07-23)
+[Full Changelog](https://github.com/WinRb/rubyntlm/compare/v0.3.2...v0.3.3)
+
+**Merged pull requests:**
+
+- Typo in NTLM namespace calls [\#4](https://github.com/WinRb/rubyntlm/pull/4) ([dmaloney-r7](https://github.com/dmaloney-r7))
+
+## [v0.3.2](https://github.com/WinRb/rubyntlm/tree/v0.3.2) (2013-06-24)
+[Full Changelog](https://github.com/WinRb/rubyntlm/compare/v0.3.1...v0.3.2)
+
+**Closed issues:**
+
+- Gem is locked at 1.9.2 [\#1](https://github.com/WinRb/rubyntlm/issues/1)
+
+## [v0.3.1](https://github.com/WinRb/rubyntlm/tree/v0.3.1) (2013-03-29)
+[Full Changelog](https://github.com/WinRb/rubyntlm/compare/v0.3.0...v0.3.1)
+
+**Merged pull requests:**
+
+- Fix gemspec for the proper ruby version and bump the version [\#2](https://github.com/WinRb/rubyntlm/pull/2) ([pmorton](https://github.com/pmorton))
+
+## [v0.3.0](https://github.com/WinRb/rubyntlm/tree/v0.3.0) (2013-03-25)
+[Full Changelog](https://github.com/WinRb/rubyntlm/compare/v0.2.0...v0.3.0)
+
+## [v0.2.0](https://github.com/WinRb/rubyntlm/tree/v0.2.0) (2013-03-22)
+
+
+\* *This Change Log was automatically generated by [github_changelog_generator](https://github.com/skywinder/Github-Changelog-Generator)*

data/Gemfile

@@ -1,3 +1,3 @@
-source 'https://rubygems.org'
-
-gemspec
+source 'https://rubygems.org'
+
+gemspec

data/LICENSE

@@ -1,20 +1,20 @@
-The MIT License (MIT)
-
-Copyright (c) 2013 Paul Morton, Matt Zukowski, Kohei Kajimoto
-
-Permission is hereby granted, free of charge, to any person obtaining a copy of
-this software and associated documentation files (the "Software"), to deal in
-the Software without restriction, including without limitation the rights to
-use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of
-the Software, and to permit persons to whom the Software is furnished to do so,
-subject to the following conditions:
-
-The above copyright notice and this permission notice shall be included in all
-copies or substantial portions of the Software.
-
-THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
-IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS
-FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR
-COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER
-IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
+The MIT License (MIT)
+
+Copyright (c) 2013 Paul Morton, Matt Zukowski, Kohei Kajimoto
+
+Permission is hereby granted, free of charge, to any person obtaining a copy of
+this software and associated documentation files (the "Software"), to deal in
+the Software without restriction, including without limitation the rights to
+use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of
+the Software, and to permit persons to whom the Software is furnished to do so,
+subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS
+FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR
+COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER
+IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
 CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

data/Rakefile

@@ -1,22 +1,25 @@
-require "bundler/gem_tasks"
-
-
-require 'rspec/core/rake_task'
-RSpec::Core::RakeTask.new(:spec)
-
-task :default => :spec
-
-desc "Generate code coverage"
-task :coverage do
-  ENV['COVERAGE'] = 'true'
-  Rake::Task["spec"].execute
-end
-
-desc "Open a Pry console for this library"
-task :console do
-  require 'pry'
-  require 'net/ntlm'
-  ARGV.clear
-  Pry.start
-end
-
+require "bundler/gem_tasks"
+require 'github_changelog_generator/task'
+
+require 'rspec/core/rake_task'
+RSpec::Core::RakeTask.new(:spec)
+
+task :default => :spec
+
+desc "Generate code coverage"
+task :coverage do
+  ENV['COVERAGE'] = 'true'
+  Rake::Task["spec"].execute
+end
+
+desc "Open a Pry console for this library"
+task :console do
+  require 'pry'
+  require 'net/ntlm'
+  ARGV.clear
+  Pry.start
+end
+
+GitHubChangelogGenerator::RakeTask.new :changelog do |config|
+  config.future_release = Net::NTLM::VERSION::STRING
+end

data/lib/net/ntlm.rb

@@ -1,266 +1,266 @@
-# encoding: UTF-8
-#
-# = net/ntlm.rb
-#
-# An NTLM Authentication Library for Ruby
-#
-# This code is a derivative of "dbf2.rb" written by yrock
-# and Minero Aoki. You can find original code here:
-# http://jp.rubyist.net/magazine/?0013-CodeReview
-# -------------------------------------------------------------
-# Copyright (c) 2005,2006 yrock
-#
-#
-# 2006-02-11 refactored by Minero Aoki
-# -------------------------------------------------------------
-#
-# All protocol information used to write this code stems from
-# "The NTLM Authentication Protocol" by Eric Glass. The author
-# would thank to him for this tremendous work and making it
-# available on the net.
-# http://davenport.sourceforge.net/ntlm.html
-# -------------------------------------------------------------
-# Copyright (c) 2003 Eric Glass
-#
-# -------------------------------------------------------------
-#
-# The author also looked Mozilla-Firefox-1.0.7 source code,
-# namely, security/manager/ssl/src/nsNTLMAuthModule.cpp and
-# Jonathan Bastien-Filiatrault's libntlm-ruby.
-# "http://x2a.org/websvn/filedetails.php?
-# repname=libntlm-ruby&path=%2Ftrunk%2Fntlm.rb&sc=1"
-# The latter has a minor bug in its separate_keys function.
-# The third key has to begin from the 14th character of the
-# input string instead of 13th:)
-#--
-# $Id: ntlm.rb,v 1.1 2006/10/05 01:36:52 koheik Exp $
-#++
-
-require 'base64'
-require 'openssl'
-require 'openssl/digest'
-require 'socket'
-
-# Load Order is important here
-require 'net/ntlm/exceptions'
-require 'net/ntlm/field'
-require 'net/ntlm/int16_le'
-require 'net/ntlm/int32_le'
-require 'net/ntlm/int64_le'
-require 'net/ntlm/string'
-
-require 'net/ntlm/field_set'
-require 'net/ntlm/blob'
-require 'net/ntlm/security_buffer'
-require 'net/ntlm/message'
-require 'net/ntlm/message/type0'
-require 'net/ntlm/message/type1'
-require 'net/ntlm/message/type2'
-require 'net/ntlm/message/type3'
-
-require 'net/ntlm/encode_util'
-
-require 'net/ntlm/client'
-require 'net/ntlm/channel_binding'
-require 'net/ntlm/target_info'
-
-module Net
-  module NTLM
-
-    LM_MAGIC = "KGS!@\#$%"
-    TIME_OFFSET = 11644473600
-    MAX64 = 0xffffffffffffffff
-
-
-    class << self
-
-      # Valid format for LAN Manager hex digest portion: 32 hexadecimal characters.
-      LAN_MANAGER_HEX_DIGEST_REGEXP = /[0-9a-f]{32}/i
-      # Valid format for NT LAN Manager hex digest portion: 32 hexadecimal characters.
-      NT_LAN_MANAGER_HEX_DIGEST_REGEXP = /[0-9a-f]{32}/i
-      # Valid format for an NTLM hash composed of `'<LAN Manager hex digest>:<NT LAN Manager hex digest>'`.
-      DATA_REGEXP = /\A#{LAN_MANAGER_HEX_DIGEST_REGEXP}:#{NT_LAN_MANAGER_HEX_DIGEST_REGEXP}\z/
-
-      # Takes a string and determines whether it is a valid NTLM Hash
-      # @param [String] the string to validate
-      # @return [Boolean] whether or not the string is a valid NTLM hash
-      def is_ntlm_hash?(data)
-        decoded_data = data.dup
-        decoded_data = EncodeUtil.decode_utf16le(decoded_data)
-        if DATA_REGEXP.match(decoded_data)
-          true
-        else
-          false
-        end
-      end
-
-      # Conver the value to a 64-Bit Little Endian Int
-      # @param [String] val The string to convert
-      def pack_int64le(val)
-          [val & 0x00000000ffffffff, val >> 32].pack("V2")
-      end
-
-      # Builds an array of strings that are 7 characters long
-      # @param [String] str The string to split
-      # @api private
-      def split7(str)
-        s = str.dup
-        until s.empty?
-          (ret ||= []).push s.slice!(0, 7)
-        end
-        ret
-      end
-
-      # Not sure what this is doing
-      # @param [String] str String to generate keys for
-      # @api private
-      def gen_keys(str)
-        split7(str).map{ |str7|
-          bits = split7(str7.unpack("B*")[0]).inject('')\
-            {|ret, tkn| ret += tkn + (tkn.gsub('1', '').size % 2).to_s }
-          [bits].pack("B*")
-        }
-      end
-
-      def apply_des(plain, keys)
-        dec = OpenSSL::Cipher::Cipher.new("des-cbc")
-        dec.padding = 0
-        keys.map {|k|
-          dec.key = k
-          dec.encrypt.update(plain) + dec.final
-        }
-      end
-
-      # Generates a Lan Manager Hash
-      # @param [String] password The password to base the hash on
-      def lm_hash(password)
-        keys = gen_keys password.upcase.ljust(14, "\0")
-        apply_des(LM_MAGIC, keys).join
-      end
-
-      # Generate a NTLM Hash
-      # @param [String] password The password to base the hash on
-      # @option opt :unicode (false) Unicode encode the password
-      def ntlm_hash(password, opt = {})
-        pwd = password.dup
-        unless opt[:unicode]
-          pwd = EncodeUtil.encode_utf16le(pwd)
-        end
-        OpenSSL::Digest::MD4.digest pwd
-      end
-
-      # Generate a NTLMv2 Hash
-      # @param [String] user The username
-      # @param [String] password The password
-      # @param [String] target The domain or workstation to authenticate to
-      # @option opt :unicode (false) Unicode encode the domain
-      def ntlmv2_hash(user, password, target, opt={})
-        if is_ntlm_hash? password
-          decoded_password = EncodeUtil.decode_utf16le(password)
-          ntlmhash = [decoded_password.upcase[33,65]].pack('H32')
-        else
-          ntlmhash = ntlm_hash(password, opt)
-        end
-        userdomain = user.upcase + target
-        unless opt[:unicode]
-          userdomain = EncodeUtil.encode_utf16le(userdomain)
-        end
-        OpenSSL::HMAC.digest(OpenSSL::Digest::MD5.new, ntlmhash, userdomain)
-      end
-
-      def lm_response(arg)
-        begin
-          hash = arg[:lm_hash]
-          chal = arg[:challenge]
-        rescue
-          raise ArgumentError
-        end
-        chal = NTLM::pack_int64le(chal) if chal.is_a?(Integer)
-        keys = gen_keys hash.ljust(21, "\0")
-        apply_des(chal, keys).join
-      end
-
-      def ntlm_response(arg)
-        hash = arg[:ntlm_hash]
-        chal = arg[:challenge]
-        chal = NTLM::pack_int64le(chal) if chal.is_a?(Integer)
-        keys = gen_keys hash.ljust(21, "\0")
-        apply_des(chal, keys).join
-      end
-
-      def ntlmv2_response(arg, opt = {})
-        begin
-          key = arg[:ntlmv2_hash]
-          chal = arg[:challenge]
-          ti = arg[:target_info]
-        rescue
-          raise ArgumentError
-        end
-        chal = NTLM::pack_int64le(chal) if chal.is_a?(Integer)
-
-        if opt[:client_challenge]
-          cc  = opt[:client_challenge]
-        else
-          cc = rand(MAX64)
-        end
-        cc = NTLM::pack_int64le(cc) if cc.is_a?(Integer)
-
-        if opt[:timestamp]
-          ts = opt[:timestamp]
-        else
-          ts = Time.now.to_i
-        end
-        # epoch -> milsec from Jan 1, 1601
-        ts = 10_000_000 * (ts + TIME_OFFSET)
-
-        blob = Blob.new
-        blob.timestamp = ts
-        blob.challenge = cc
-        blob.target_info = ti
-
-        bb = blob.serialize
-
-        OpenSSL::HMAC.digest(OpenSSL::Digest::MD5.new, key, chal + bb) + bb
-      end
-
-      def lmv2_response(arg, opt = {})
-        key = arg[:ntlmv2_hash]
-        chal = arg[:challenge]
-
-        chal = NTLM::pack_int64le(chal) if chal.is_a?(Integer)
-
-        if opt[:client_challenge]
-          cc  = opt[:client_challenge]
-        else
-          cc = rand(MAX64)
-        end
-        cc = NTLM::pack_int64le(cc) if cc.is_a?(Integer)
-
-        OpenSSL::HMAC.digest(OpenSSL::Digest::MD5.new, key, chal + cc) + cc
-      end
-
-      def ntlm2_session(arg, opt = {})
-        begin
-          passwd_hash = arg[:ntlm_hash]
-          chal = arg[:challenge]
-        rescue
-          raise ArgumentError
-        end
-        chal = NTLM::pack_int64le(chal) if chal.is_a?(Integer)
-
-        if opt[:client_challenge]
-          cc = opt[:client_challenge]
-        else
-          cc = rand(MAX64)
-        end
-        cc = NTLM::pack_int64le(cc) if cc.is_a?(Integer)
-
-        keys = gen_keys(passwd_hash.ljust(21, "\0"))
-        session_hash = OpenSSL::Digest::MD5.digest(chal + cc).slice(0, 8)
-        response = apply_des(session_hash, keys).join
-        [cc.ljust(24, "\0"), response]
-      end
-    end
-
-  end
-end
+# encoding: UTF-8
+#
+# = net/ntlm.rb
+#
+# An NTLM Authentication Library for Ruby
+#
+# This code is a derivative of "dbf2.rb" written by yrock
+# and Minero Aoki. You can find original code here:
+# http://jp.rubyist.net/magazine/?0013-CodeReview
+# -------------------------------------------------------------
+# Copyright (c) 2005,2006 yrock
+#
+#
+# 2006-02-11 refactored by Minero Aoki
+# -------------------------------------------------------------
+#
+# All protocol information used to write this code stems from
+# "The NTLM Authentication Protocol" by Eric Glass. The author
+# would thank to him for this tremendous work and making it
+# available on the net.
+# http://davenport.sourceforge.net/ntlm.html
+# -------------------------------------------------------------
+# Copyright (c) 2003 Eric Glass
+#
+# -------------------------------------------------------------
+#
+# The author also looked Mozilla-Firefox-1.0.7 source code,
+# namely, security/manager/ssl/src/nsNTLMAuthModule.cpp and
+# Jonathan Bastien-Filiatrault's libntlm-ruby.
+# "http://x2a.org/websvn/filedetails.php?
+# repname=libntlm-ruby&path=%2Ftrunk%2Fntlm.rb&sc=1"
+# The latter has a minor bug in its separate_keys function.
+# The third key has to begin from the 14th character of the
+# input string instead of 13th:)
+#--
+# $Id: ntlm.rb,v 1.1 2006/10/05 01:36:52 koheik Exp $
+#++
+
+require 'base64'
+require 'openssl'
+require 'openssl/digest'
+require 'socket'
+
+# Load Order is important here
+require 'net/ntlm/exceptions'
+require 'net/ntlm/field'
+require 'net/ntlm/int16_le'
+require 'net/ntlm/int32_le'
+require 'net/ntlm/int64_le'
+require 'net/ntlm/string'
+
+require 'net/ntlm/field_set'
+require 'net/ntlm/blob'
+require 'net/ntlm/security_buffer'
+require 'net/ntlm/message'
+require 'net/ntlm/message/type0'
+require 'net/ntlm/message/type1'
+require 'net/ntlm/message/type2'
+require 'net/ntlm/message/type3'
+
+require 'net/ntlm/encode_util'
+
+require 'net/ntlm/client'
+require 'net/ntlm/channel_binding'
+require 'net/ntlm/target_info'
+
+module Net
+  module NTLM
+
+    LM_MAGIC = "KGS!@\#$%"
+    TIME_OFFSET = 11644473600
+    MAX64 = 0xffffffffffffffff
+
+
+    class << self
+
+      # Valid format for LAN Manager hex digest portion: 32 hexadecimal characters.
+      LAN_MANAGER_HEX_DIGEST_REGEXP = /[0-9a-f]{32}/i
+      # Valid format for NT LAN Manager hex digest portion: 32 hexadecimal characters.
+      NT_LAN_MANAGER_HEX_DIGEST_REGEXP = /[0-9a-f]{32}/i
+      # Valid format for an NTLM hash composed of `'<LAN Manager hex digest>:<NT LAN Manager hex digest>'`.
+      DATA_REGEXP = /\A#{LAN_MANAGER_HEX_DIGEST_REGEXP}:#{NT_LAN_MANAGER_HEX_DIGEST_REGEXP}\z/
+
+      # Takes a string and determines whether it is a valid NTLM Hash
+      # @param [String] the string to validate
+      # @return [Boolean] whether or not the string is a valid NTLM hash
+      def is_ntlm_hash?(data)
+        decoded_data = data.dup
+        decoded_data = EncodeUtil.decode_utf16le(decoded_data)
+        if DATA_REGEXP.match(decoded_data)
+          true
+        else
+          false
+        end
+      end
+
+      # Conver the value to a 64-Bit Little Endian Int
+      # @param [String] val The string to convert
+      def pack_int64le(val)
+          [val & 0x00000000ffffffff, val >> 32].pack("V2")
+      end
+
+      # Builds an array of strings that are 7 characters long
+      # @param [String] str The string to split
+      # @api private
+      def split7(str)
+        s = str.dup
+        until s.empty?
+          (ret ||= []).push s.slice!(0, 7)
+        end
+        ret
+      end
+
+      # Not sure what this is doing
+      # @param [String] str String to generate keys for
+      # @api private
+      def gen_keys(str)
+        split7(str).map{ |str7|
+          bits = split7(str7.unpack("B*")[0]).inject('')\
+            {|ret, tkn| ret += tkn + (tkn.gsub('1', '').size % 2).to_s }
+          [bits].pack("B*")
+        }
+      end
+
+      def apply_des(plain, keys)
+        dec = OpenSSL::Cipher.new("des-cbc")
+        dec.padding = 0
+        keys.map {|k|
+          dec.key = k
+          dec.encrypt.update(plain) + dec.final
+        }
+      end
+
+      # Generates a Lan Manager Hash
+      # @param [String] password The password to base the hash on
+      def lm_hash(password)
+        keys = gen_keys password.upcase.ljust(14, "\0")
+        apply_des(LM_MAGIC, keys).join
+      end
+
+      # Generate a NTLM Hash
+      # @param [String] password The password to base the hash on
+      # @option opt :unicode (false) Unicode encode the password
+      def ntlm_hash(password, opt = {})
+        pwd = password.dup
+        unless opt[:unicode]
+          pwd = EncodeUtil.encode_utf16le(pwd)
+        end
+        OpenSSL::Digest::MD4.digest pwd
+      end
+
+      # Generate a NTLMv2 Hash
+      # @param [String] user The username
+      # @param [String] password The password
+      # @param [String] target The domain or workstation to authenticate to
+      # @option opt :unicode (false) Unicode encode the domain
+      def ntlmv2_hash(user, password, target, opt={})
+        if is_ntlm_hash? password
+          decoded_password = EncodeUtil.decode_utf16le(password)
+          ntlmhash = [decoded_password.upcase[33,65]].pack('H32')
+        else
+          ntlmhash = ntlm_hash(password, opt)
+        end
+        userdomain = user.upcase + target
+        unless opt[:unicode]
+          userdomain = EncodeUtil.encode_utf16le(userdomain)
+        end
+        OpenSSL::HMAC.digest(OpenSSL::Digest::MD5.new, ntlmhash, userdomain)
+      end
+
+      def lm_response(arg)
+        begin
+          hash = arg[:lm_hash]
+          chal = arg[:challenge]
+        rescue
+          raise ArgumentError
+        end
+        chal = NTLM::pack_int64le(chal) if chal.is_a?(Integer)
+        keys = gen_keys hash.ljust(21, "\0")
+        apply_des(chal, keys).join
+      end
+
+      def ntlm_response(arg)
+        hash = arg[:ntlm_hash]
+        chal = arg[:challenge]
+        chal = NTLM::pack_int64le(chal) if chal.is_a?(Integer)
+        keys = gen_keys hash.ljust(21, "\0")
+        apply_des(chal, keys).join
+      end
+
+      def ntlmv2_response(arg, opt = {})
+        begin
+          key = arg[:ntlmv2_hash]
+          chal = arg[:challenge]
+          ti = arg[:target_info]
+        rescue
+          raise ArgumentError
+        end
+        chal = NTLM::pack_int64le(chal) if chal.is_a?(Integer)
+
+        if opt[:client_challenge]
+          cc  = opt[:client_challenge]
+        else
+          cc = rand(MAX64)
+        end
+        cc = NTLM::pack_int64le(cc) if cc.is_a?(Integer)
+
+        if opt[:timestamp]
+          ts = opt[:timestamp]
+        else
+          ts = Time.now.to_i
+        end
+        # epoch -> milsec from Jan 1, 1601
+        ts = 10_000_000 * (ts + TIME_OFFSET)
+
+        blob = Blob.new
+        blob.timestamp = ts
+        blob.challenge = cc
+        blob.target_info = ti
+
+        bb = blob.serialize
+
+        OpenSSL::HMAC.digest(OpenSSL::Digest::MD5.new, key, chal + bb) + bb
+      end
+
+      def lmv2_response(arg, opt = {})
+        key = arg[:ntlmv2_hash]
+        chal = arg[:challenge]
+
+        chal = NTLM::pack_int64le(chal) if chal.is_a?(Integer)
+
+        if opt[:client_challenge]
+          cc  = opt[:client_challenge]
+        else
+          cc = rand(MAX64)
+        end
+        cc = NTLM::pack_int64le(cc) if cc.is_a?(Integer)
+
+        OpenSSL::HMAC.digest(OpenSSL::Digest::MD5.new, key, chal + cc) + cc
+      end
+
+      def ntlm2_session(arg, opt = {})
+        begin
+          passwd_hash = arg[:ntlm_hash]
+          chal = arg[:challenge]
+        rescue
+          raise ArgumentError
+        end
+        chal = NTLM::pack_int64le(chal) if chal.is_a?(Integer)
+
+        if opt[:client_challenge]
+          cc = opt[:client_challenge]
+        else
+          cc = rand(MAX64)
+        end
+        cc = NTLM::pack_int64le(cc) if cc.is_a?(Integer)
+
+        keys = gen_keys(passwd_hash.ljust(21, "\0"))
+        session_hash = OpenSSL::Digest::MD5.digest(chal + cc).slice(0, 8)
+        response = apply_des(session_hash, keys).join
+        [cc.ljust(24, "\0"), response]
+      end
+    end
+
+  end
+end