Bring on par with working-auth branch to improve diff readability

.github/workflows/release.yml

@@ -3,7 +3,7 @@ name: SMBJ Release
 on:
   push:
     tags:
-      - '*'
+      - 'v*'
 
 permissions:
   contents: write

src/it/docker-image/smb.conf

@@ -1,8 +1,5 @@
 [global]
 security = user
-log level = 5
-log file = /var/log/samba/smbd.log
-max log size = 10000
 
 load printers = no
 printcap name = /dev/null
@@ -17,6 +14,10 @@ server string = %h server (Samba, Ubuntu)
 dns proxy = no
 interfaces = 192.168.2.0/24 eth0
 bind interfaces only = yes
+log level = 5
+log file = /var/log/samba/log.%m
+max log size = 1000
+syslog = 0
 panic action = /usr/share/samba/panic-action %d
 server role = standalone server
 passdb backend = tdbsam

src/it/resources/logback-test.xml

@@ -27,6 +27,6 @@
         <appender-ref ref="STDOUT"/>
     </root>
 
-    <logger name="com.hierynomus.smbj" level="trace"/>
+    <logger name="com.hierynomus.smbj" level="debug"/>
 
 </configuration>

src/main/java/com/hierynomus/ntlm/NtlmConfig.java

@@ -16,6 +16,9 @@
 package com.hierynomus.ntlm;
 
 import com.hierynomus.ntlm.messages.WindowsVersion;
+import com.hierynomus.ntlm.messages.WindowsVersion.NtlmRevisionCurrent;
+import com.hierynomus.ntlm.messages.WindowsVersion.ProductMajorVersion;
+import com.hierynomus.ntlm.messages.WindowsVersion.ProductMinorVersion;
 
 public class NtlmConfig {
     private WindowsVersion windowsVersion;
@@ -62,6 +65,7 @@ public static class Builder {
 
         public Builder() {
             config = new NtlmConfig();
+            config.windowsVersion = new WindowsVersion(ProductMajorVersion.WINDOWS_MAJOR_VERSION_6, ProductMinorVersion.WINDOWS_MINOR_VERSION_1, 7600, NtlmRevisionCurrent.NTLMSSP_REVISION_W2K3);
             config.integrity = false; // TODO temporarily disabled until we can figure out why it fails (probably mechListMIC in NegTokenTarg)
             config.omitVersion = false;
         }

src/main/java/com/hierynomus/ntlm/functions/NtlmV2Functions.java

@@ -73,7 +73,7 @@ public ComputedNtlmV2Response computeResponse(String username, String domain, ch
         byte[] ntResponse = getNtV2Response(responseKeyNT, serverNtlmChallenge.getServerChallenge(),
                 clientChallenge, time, clientTargetInfo);
 
-        byte[] ntProofStr = Arrays.copyOfRange(ntResponse, 0, 16);
+        byte[] ntProofStr = Arrays.copyOfRange(ntResponse, 0, 16); // first 16 bytes of ntlmv2Response is ntProofStr
         byte[] sessionBaseKey = getSessionBaseKey(responseKeyNT, ntProofStr);
 
         return new ComputedNtlmV2Response(ntResponse, lmResponse, sessionBaseKey);

src/main/java/com/hierynomus/ntlm/messages/NtlmNegotiate.java

@@ -15,17 +15,17 @@
  */
 package com.hierynomus.ntlm.messages;
 
-import static com.hierynomus.ntlm.messages.NtlmNegotiateFlag.NTLMSSP_NEGOTIATE_VERSION;
 import static com.hierynomus.ntlm.messages.Utils.EMPTY;
 import static com.hierynomus.ntlm.messages.Utils.writeOffsettedByteArrayFields;
 
-import java.util.Set;
-
 import com.hierynomus.ntlm.functions.NtlmFunctions;
 import com.hierynomus.protocol.commons.Charsets;
-import com.hierynomus.protocol.commons.EnumWithValue.EnumUtils;
 import com.hierynomus.protocol.commons.buffer.Buffer;
 
+import java.util.Set;
+
+import static com.hierynomus.ntlm.messages.NtlmNegotiateFlag.*;
+
 /**
  * [MS-NLMP].pdf 2.2.1.1 NEGOTIATE_MESSAGE
  */
@@ -39,6 +39,7 @@ public NtlmNegotiate(Set<NtlmNegotiateFlag> flags, String domain, String worksta
         super(flags, version);
         this.domain = domain != null ? NtlmFunctions.oem(domain) : EMPTY;
         this.workstation = workstation != null ? NtlmFunctions.oem(workstation) : EMPTY;
+        this.omitVersion = omitVersion;
     }
 
     public void write(Buffer.PlainBuffer buffer) {
@@ -53,13 +54,28 @@ public void write(Buffer.PlainBuffer buffer) {
         if (!omitVersion) {
             offset += 8; // Version (8 bytes)
         }
-        // DomainNameFields (8 bytes)
-        offset = writeOffsettedByteArrayFields(buffer, domain, offset);
-        // WorkstationFields (8 bytes)
-        offset = writeOffsettedByteArrayFields(buffer, workstation, offset);
 
-        // if `omitVersion`, omit this field, because some implementations (e.g. Windows 2000) don't like it
-        if (negotiateFlags.contains(NTLMSSP_NEGOTIATE_VERSION)) {
+        if (negotiateFlags.contains(NTLMSSP_NEGOTIATE_OEM_DOMAIN_SUPPLIED)) {
+            // DomainNameFields (8 bytes)
+            offset = writeOffsettedByteArrayFields(buffer, domain, offset);
+        } else {
+            buffer.putUInt16(0); // DomainNameLen (2 bytes)
+            buffer.putUInt16(0); // DomainNameMaxLen (2 bytes)
+            buffer.putUInt32(0); // DomainNameBufferOffset (4 bytes)
+        }
+
+        if (negotiateFlags.contains(NTLMSSP_NEGOTIATE_OEM_WORKSTATION_SUPPLIED)) {
+            // WorkstationFields (8 bytes)
+            offset = writeOffsettedByteArrayFields(buffer, workstation, offset);
+        } else {
+            buffer.putUInt16(0); // WorkstationLen (2 bytes)
+            buffer.putUInt16(0); // WorkstationMaxLen (2 bytes)
+            buffer.putUInt32(0); // WorkstationBufferOffset (4 bytes)
+        }
+
+        // if `omitVersion`, omit this field, because some implementations (e.g. Windows
+        // 2000) don't like it
+        if (!omitVersion && negotiateFlags.contains(NTLMSSP_NEGOTIATE_VERSION)) {
             version.writeTo(buffer); // Version (8 bytes)
         } else if (!omitVersion) {
             buffer.putUInt64(0); // Reserved (8 bytes)
@@ -78,4 +94,5 @@ public String toString() {
                 "  version=" + version + "\n" +
                 "}";
     }
+
 }

src/main/java/com/hierynomus/smbj/SmbConfig.java

@@ -36,10 +36,6 @@
 import com.hierynomus.mssmb2.SMB2Dialect;
 import com.hierynomus.mssmb2.SMB2GlobalCapability;
 import com.hierynomus.ntlm.NtlmConfig;
-import com.hierynomus.ntlm.messages.WindowsVersion;
-import com.hierynomus.ntlm.messages.WindowsVersion.NtlmRevisionCurrent;
-import com.hierynomus.ntlm.messages.WindowsVersion.ProductMajorVersion;
-import com.hierynomus.ntlm.messages.WindowsVersion.ProductMinorVersion;
 import com.hierynomus.protocol.commons.Factory;
 import com.hierynomus.protocol.commons.socket.ProxySocketFactory;
 import com.hierynomus.security.SecurityProvider;
@@ -120,8 +116,6 @@ public static Builder builder() {
             .withClientGSSContextConfig(GSSContextConfig.createDefaultConfig())
             .withEncryptData(false);
 
-        b.withNtlmConfig().withWindowsVersion(new WindowsVersion(ProductMajorVersion.WINDOWS_MAJOR_VERSION_6, ProductMinorVersion.WINDOWS_MINOR_VERSION_1, 0, NtlmRevisionCurrent.NTLMSSP_REVISION_W2K3));
-
         return b;
     }
 
@@ -485,8 +479,9 @@ public Builder withEncryptData(boolean encryptData) {
         /**
          * Set the workstation name to be used in the NTLM authentication.
          *
-         * @deprecated Moved into withNtlmConfig(NtlmConfig.builder().withWorkstationName(..).build())
-         * */
+         * @deprecated Moved into
+         *             withNtlmConfig(NtlmConfig.builder().withWorkstationName(..).build())
+         */
         public Builder withWorkStationName(String workStationName) {
             ntlmConfigBuilder.withWorkstationName(workStationName);
             return this;

src/test/groovy/com/hierynomus/spnego/NegTokenInitSpec.groovy

@@ -32,7 +32,7 @@ import static com.hierynomus.ntlm.messages.NtlmNegotiateFlag.NTLMSSP_NEGOTIATE_N
 import static com.hierynomus.ntlm.messages.NtlmNegotiateFlag.NTLMSSP_NEGOTIATE_SIGN
 import static com.hierynomus.ntlm.messages.NtlmNegotiateFlag.NTLMSSP_NEGOTIATE_TARGET_INFO
 import static com.hierynomus.ntlm.messages.NtlmNegotiateFlag.NTLMSSP_NEGOTIATE_UNICODE
-import static com.hierynomus.ntlm.messages.NtlmNegotiateFlag.NTLMSSP_NEGOTIATE_VERSION
+import static com.hierynomus.ntlm.messages.NtlmNegotiateFlag.NTLMSSP_REQUEST_TARGET
 import static com.hierynomus.ntlm.messages.WindowsVersion.NtlmRevisionCurrent.NTLMSSP_REVISION_W2K3
 import static com.hierynomus.ntlm.messages.WindowsVersion.ProductMajorVersion.WINDOWS_MAJOR_VERSION_6
 import static com.hierynomus.ntlm.messages.WindowsVersion.ProductMinorVersion.WINDOWS_MINOR_VERSION_1
@@ -64,11 +64,11 @@ class NegTokenInitSpec extends Specification {
       NTLMSSP_NEGOTIATE_ALWAYS_SIGN,
       NTLMSSP_NEGOTIATE_KEY_EXCH,
       NTLMSSP_NEGOTIATE_NTLM,
-      NTLMSSP_NEGOTIATE_VERSION,
+      NTLMSSP_REQUEST_TARGET,
       NTLMSSP_NEGOTIATE_UNICODE)
 
     when:
-    new NtlmNegotiate(flags, "", "", new WindowsVersion(WINDOWS_MAJOR_VERSION_6, WINDOWS_MINOR_VERSION_1, 0, NTLMSSP_REVISION_W2K3), false).write(ntlmBuffer)
+    new NtlmNegotiate(flags, "", "", new WindowsVersion(WINDOWS_MAJOR_VERSION_6, WINDOWS_MINOR_VERSION_1, 7600, NTLMSSP_REVISION_W2K3), true).write(ntlmBuffer)
     initToken.addSupportedMech(new ASN1ObjectIdentifier("1.3.6.1.4.1.311.2.2.10"))
     initToken.setMechToken(ntlmBuffer.compactData)
     initToken.write(spnegoBuffer)