Initial go at an NTLM Client that will do session signing/sealing #16
Conversation
|
Looking at the build failures... Let's drops support for Ruby 1.8 all together. No one in their right mind should be using it. Since this would break backwards compatibility (semver), let's just rev to 2.0 now and if we want to address the duplication we should do so in 2.1. |
|
Accidentally clicked close instead of comment... Reopening. |
|
It's actually pretty easy to add support for 1.8.x back in. I'm just used to using the new style hashes and didn't even thing twice about it. |
|
OK, I just pushed up a commit that should fix the 1.8.x break. This should remain backward compatible for now so I think we should rev to 0.5.0. There are some changes I'd like to make in the future that would push it to an official 1.x release though so we can kill Ruby 1.8.x support at that time. Thoughts? |
|
@pmorton Sure, I can test this out. I didn't realize anyone still used 1.8.7 |
| end | ||
|
|
||
| def client_challenge | ||
| @client_challenge ||= [rand(MAX64)].pack("Q") |
There was a problem hiding this comment.
pack("Q") will be wrong on big endian systems. This should be NTLM.pack_int64le(rand(MAX64))
|
Thanks @jlee-r7. I made your suggested changes. |
|
Unless there are any other comments I might merge this in.... |
|
@zenchild I (lightly) tested the new client with a modified version of the http example. I need some guidance on how to proceed with trying out the signing and sealing. BTW - It worked great. |
|
@sneal The easiest way to test the signing+sealing is to use WinRM with it. Check out the "dan/spnego-encryption" branch from the WinRM repo. By the way, that branch is never meant to be merged to master as it is, it's only for testing. Once you have the branch checked out make sure and require "bundler/setup"
require "net/ntlm"
require "net/ntlm/client"
require "winrm"
require "pry"
endpoint = 'http://192.168.56.101:5985/wsman'
username = "user"
password = "pass"
winrm = WinRM::WinRMWebService.new(endpoint, :negotiate, user: username, pass: password)
binding.pryOnce pry opens up I just run WinRM commands like normal. I originally had a wireshark session open so I could watch the net traffic, but you probably don't need to go that far. |
|
I ran into an issue with this code while trying to use it in SMB2. See #19 |
|
I say |
, seems pretty low risk and I was able to regress the existing functionality.
Initial go at an NTLM Client that will do session signing/sealing
There is some duplication between
Net::NTLMandNet::NTLM::Client::Sessionbut it was necessary to decouple some of the processing without effecting howNet::NTLMis being used for legacy purposes. Maybe we can rectify some of this in a 2.0 release.CC: @pmorton This is required in order to get Negotiate session encryption working for WinRM.