ntlmssp

README

go-ntlmssp

Golang package that provides NTLM/Negotiate authentication over HTTP

Protocol details from https://msdn.microsoft.com/en-us/library/cc236621.aspx Implementation hints from http://davenport.sourceforge.net/ntlm.html

This package only implements authentication, no key exchange or encryption. It only supports Unicode (UTF16LE) encoding of protocol strings, no OEM encoding. This package implements NTLMv2.

Usage

url, user, password := "http://www.example.com/secrets", "robpike", "pw123"
client := &http.Client{
  Transport: ntlmssp.Negotiator{
    RoundTripper:&http.Transport{},
  },
}

req, _ := http.NewRequest("GET", url, nil)
req.SetBasicAuth(user, password)
res, _ := client.Do(req)

---

This project has adopted the Microsoft Open Source Code of Conduct. For more information see the Code of Conduct FAQ or contact opencode@microsoft.com with any additional questions or comments.

Documentation

Overview

Package ntlmssp provides NTLM/Negotiate authentication over HTTP

Protocol details from https://msdn.microsoft.com/en-us/library/cc236621.aspx, implementation hints from http://davenport.sourceforge.net/ntlm.html . This package only implements authentication, no key exchange or encryption. It only supports Unicode (UTF16LE) encoding of protocol strings, no OEM encoding. This package implements NTLMv2.

Index

• func GetDomain(user string) (string, string, bool)
• func NewNegotiateMessage(domainName, workstationName string) ([]byte, error)
• func ProcessChallenge(challengeMessageData []byte, user, password string, domainNeeded bool) ([]byte, error)
• func ProcessChallengeWithDomain(challengeMessageData []byte, domain, user, password string, domainNeeded bool) ([]byte, error)
• func ProcessChallengeWithHash(challengeMessageData []byte, user, hash string) ([]byte, error)
• type Negotiator
  • func (l Negotiator) RoundTrip(req *http.Request) (res *http.Response, err error)
• type Version
  • func DefaultVersion() Version

Functions

func GetDomain

func GetDomain(user string) (string, string, bool)

GetDomain : parse domain name from based on slashes in the input Need to check for upn as well

func NewNegotiateMessage

func NewNegotiateMessage(domainName, workstationName string) ([]byte, error)

NewNegotiateMessage creates a new NEGOTIATE message with the flags that this package supports.

func ProcessChallenge

func ProcessChallenge(challengeMessageData []byte, user, password string, domainNeeded bool) ([]byte, error)

ProcessChallenge crafts an AUTHENTICATE message in response to the CHALLENGE message that was received from the server

func ProcessChallengeWithDomain

func ProcessChallengeWithDomain(challengeMessageData []byte, domain, user, password string, domainNeeded bool) ([]byte, error)

Mostly resembles ProcessChallenge, except usage domain argument instead of challenge message's targetName

func ProcessChallengeWithHash

func ProcessChallengeWithHash(challengeMessageData []byte, user, hash string) ([]byte, error)

Types

type Negotiator

type Negotiator struct{ http.RoundTripper }

Negotiator is a http.Roundtripper decorator that automatically converts basic authentication to NTLM/Negotiate authentication when appropriate.

func (Negotiator) RoundTrip

func (l Negotiator) RoundTrip(req *http.Request) (res *http.Response, err error)

RoundTrip sends the request to the server, handling any authentication re-sends as needed.

type Version

type Version struct {
	ProductMajorVersion uint8
	ProductMinorVersion uint8
	ProductBuild        uint16

	NTLMRevisionCurrent uint8
	// contains filtered or unexported fields
}

Version is a struct representing https://msdn.microsoft.com/en-us/library/cc236654.aspx

func DefaultVersion

func DefaultVersion() Version

DefaultVersion returns a Version with "sensible" defaults (Windows 7)