Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add anonymous authentication support #45

Merged
merged 6 commits into from
Jun 6, 2024
Merged

Add anonymous authentication support #45

merged 6 commits into from
Jun 6, 2024

Conversation

zeroSteiner
Copy link
Contributor

@zeroSteiner zeroSteiner commented Jan 26, 2022
edited
Loading

These changes adjust some things to allow the NTLM session to authenticate anonymously (without a username and password).

For both NTLMv1 an NTLMv2, the docs call out that when the username and password are blank strings, the challenge fields should be special values.

If (User is set to "" && Passwd is set to "")
-- Special case for anonymous authentication
Set NtChallengeResponseLen to 0
Set NtChallengeResponseMaxLen to 0
Set NtChallengeResponseBufferOffset to 0
Set LmChallengeResponse to Z(1)
Else

This also adjusts the Message class to pad security buffer fields to a two byte boundary when the UNICODE flag is set. Per MS-NLMP Section 2.2.1.3 the user, domain and workstation fields must have offsets that are multiples of 2. A single null byte is used as padding when necessary. When the UNICODE flag is not set, no padding takes place. The padding is necessary because the code path executed when using anonymous authentication sets the lm_response field to a single null byte and shifts all fields after it.

The last change adjusts how the character encoding is determined. Per MS_NLMP Section 2.2.2.5, the UNICODE flag should take priority regardless of the value of the OEM flag. That is to say that when both are set, the "... choice of character set encoding MUST be Unicode".

Lastly some specs that exercise the updated code paths were added.

This was tested in combination with RubySMB and the anonymous_auth example.

@zeroSteiner
Set the session key and responses for anonymous
bbae7ee
@zeroSteiner
Pad payload buffers to a 2-byte boundary
a201c8a 
Per MS-NLMP 2.2.1.3, the DomainNameBufferOffset, UserNameBufferOffset, and
WorkstationBufferOffset fields must be multiples of 2.
@zeroSteiner
Check the UNICODE flag before the OEM flag
3cca5e5 
Per MS-NLMP 2.2.2.5, the character set encoding is only OEM if the
unicode flag is not set while the OEM flag is set. If the unicode flag
is set, the encoding is unicode.
@zeroSteiner
Only pad to a 2-byte boundary when UNICODE is set
8ca91de
@zeroSteiner
Add a specs for the anonymous session changes
797364f
@zeroSteiner
Add specs for Type3#serialize padding
b172f24
This was referenced Jan 26, 2022
Merged
Merged
@adfoster-r7
Copy link

Looks good to me 👍

From a quick look at the recent pull requests, I think @mwrock might still be active to help with publishing this 🤞

@adfoster-r7
Copy link

Let us know if there's anything we can do to help out @mwrock 🎉

@zeroSteiner zeroSteiner mentioned this pull request May 10, 2022
Closed
@cdelafuente-r7 cdelafuente-r7 mentioned this pull request May 11, 2022
Merged
2 tasks
@pcai
Copy link
Contributor

pcai commented Jun 6, 2024

thanks!

@pcai pcai merged commit cd73ea7 into WinRb:master Jun 6, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@zeroSteiner @adfoster-r7 @pcai