ntlmssp

README

go-ntlmssp

Golang package that provides NTLM/Negotiate authentication over HTTP

Protocol details from https://msdn.microsoft.com/en-us/library/cc236621.aspx Implementation hints from http://davenport.sourceforge.net/ntlm.html

This package only implements authentication, no key exchange or encryption. It only supports Unicode (UTF16LE) encoding of protocol strings, no OEM encoding. This package implements NTLMv2.

Usage

url, user, password := "http://www.example.com/secrets", "robpike", "pw123"
client := &http.Client{
  Transport: ntlmssp.Negotiator{
    RoundTripper:&http.Transport{},
  },
}

req, _ := http.NewRequest("GET", url, nil)
req.SetBasicAuth(user, password)
res, _ := client.Do(req)

---

This project has adopted the Microsoft Open Source Code of Conduct. For more information see the Code of Conduct FAQ or contact opencode@microsoft.com with any additional questions or comments.

Documentation

Overview

Package ntlmssp provides NTLM/Negotiate authentication over HTTP

Protocol details from https://msdn.microsoft.com/en-us/library/cc236621.aspx, implementation hints from http://davenport.sourceforge.net/ntlm.html . This package only implements authentication, no key exchange or encryption. It only supports Unicode (UTF16LE) encoding of protocol strings, no OEM encoding. This package implements NTLMv2.

Index

• Constants
• func GetDomain(user string) (string, string)
• func GetTargetInfoBytes(TargetInfo map[avID][]byte) ([]byte, error)
• func NewNegotiateMessage(domainName, workstationName string) ([]byte, error)
• func ProcessChallenge(challengeMessageData []byte, user, password string, bindings *ChannelBindings) ([]byte, error)
• func ProcessChallengeWithHash(challengeMessageData []byte, user, hash string) ([]byte, error)
• type ChannelBindings
• type Negotiator
  • func (l Negotiator) RoundTrip(req *http.Request) (res *http.Response, err error)
• type Version
  • func DefaultVersion() Version

Constants

const (
	// TLSServerEndPoint is defined in RFC 5929 and stores the hash of the server certificate.
	TLSServerEndPoint string = "tls-server-end-point"
)

Functions

func GetDomain

func GetDomain(user string) (string, string)

GetDomain : parse domain name from based on slashes in the input

func GetTargetInfoBytes

func GetTargetInfoBytes(TargetInfo map[avID][]byte) ([]byte, error)

func NewNegotiateMessage

func NewNegotiateMessage(domainName, workstationName string) ([]byte, error)

NewNegotiateMessage creates a new NEGOTIATE message with the flags that this package supports.

func ProcessChallenge

func ProcessChallenge(challengeMessageData []byte, user, password string, bindings *ChannelBindings) ([]byte, error)

ProcessChallenge crafts an AUTHENTICATE message in response to the CHALLENGE message that was received from the server

func ProcessChallengeWithHash

func ProcessChallengeWithHash(challengeMessageData []byte, user, hash string) ([]byte, error)

Types

type ChannelBindings

type ChannelBindings struct {
	InitiatorAddrtype uint32
	InitiatorAddress  []uint8
	AcceptorAddrtype  uint32
	AcceptorAddress   []uint8
	ApplicationData   []uint8
}

ChannelBindings models the GSS-API channel bindings defined in RFC 2744.

type Negotiator

type Negotiator struct{ http.RoundTripper }

Negotiator is a http.Roundtripper decorator that automatically converts basic authentication to NTLM/Negotiate authentication when appropriate.

func (Negotiator) RoundTrip

func (l Negotiator) RoundTrip(req *http.Request) (res *http.Response, err error)

RoundTrip sends the request to the server, handling any authentication re-sends as needed.

type Version

type Version struct {
	ProductMajorVersion uint8
	ProductMinorVersion uint8
	ProductBuild        uint16

	NTLMRevisionCurrent uint8
	// contains filtered or unexported fields
}

Version is a struct representing https://msdn.microsoft.com/en-us/library/cc236654.aspx

func DefaultVersion

func DefaultVersion() Version

DefaultVersion returns a Version with "sensible" defaults (Windows 7)