diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index 245a07f8..c2f934f9 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -3,7 +3,7 @@ name: SMBJ Release
on:
push:
tags:
- - '*'
+ - 'v*'
permissions:
contents: write
diff --git a/src/it/docker-image/smb.conf b/src/it/docker-image/smb.conf
index 16ece625..30a0d5e4 100644
--- a/src/it/docker-image/smb.conf
+++ b/src/it/docker-image/smb.conf
@@ -1,8 +1,5 @@
[global]
security = user
-log level = 5
-log file = /var/log/samba/smbd.log
-max log size = 10000
load printers = no
printcap name = /dev/null
@@ -17,6 +14,10 @@ server string = %h server (Samba, Ubuntu)
dns proxy = no
interfaces = 192.168.2.0/24 eth0
bind interfaces only = yes
+log level = 5
+log file = /var/log/samba/log.%m
+max log size = 1000
+syslog = 0
panic action = /usr/share/samba/panic-action %d
server role = standalone server
passdb backend = tdbsam
diff --git a/src/it/resources/logback-test.xml b/src/it/resources/logback-test.xml
index 5499077f..8230eae6 100644
--- a/src/it/resources/logback-test.xml
+++ b/src/it/resources/logback-test.xml
@@ -27,6 +27,6 @@
-
+
diff --git a/src/main/java/com/hierynomus/ntlm/NtlmConfig.java b/src/main/java/com/hierynomus/ntlm/NtlmConfig.java
index c02119e0..9a31d85f 100644
--- a/src/main/java/com/hierynomus/ntlm/NtlmConfig.java
+++ b/src/main/java/com/hierynomus/ntlm/NtlmConfig.java
@@ -16,6 +16,9 @@
package com.hierynomus.ntlm;
import com.hierynomus.ntlm.messages.WindowsVersion;
+import com.hierynomus.ntlm.messages.WindowsVersion.NtlmRevisionCurrent;
+import com.hierynomus.ntlm.messages.WindowsVersion.ProductMajorVersion;
+import com.hierynomus.ntlm.messages.WindowsVersion.ProductMinorVersion;
public class NtlmConfig {
private WindowsVersion windowsVersion;
@@ -62,6 +65,7 @@ public static class Builder {
public Builder() {
config = new NtlmConfig();
+ config.windowsVersion = new WindowsVersion(ProductMajorVersion.WINDOWS_MAJOR_VERSION_6, ProductMinorVersion.WINDOWS_MINOR_VERSION_1, 7600, NtlmRevisionCurrent.NTLMSSP_REVISION_W2K3);
config.integrity = false; // TODO temporarily disabled until we can figure out why it fails (probably mechListMIC in NegTokenTarg)
config.omitVersion = false;
}
diff --git a/src/main/java/com/hierynomus/ntlm/functions/NtlmV2Functions.java b/src/main/java/com/hierynomus/ntlm/functions/NtlmV2Functions.java
index 248ecbb4..00f9e33e 100644
--- a/src/main/java/com/hierynomus/ntlm/functions/NtlmV2Functions.java
+++ b/src/main/java/com/hierynomus/ntlm/functions/NtlmV2Functions.java
@@ -73,7 +73,7 @@ public ComputedNtlmV2Response computeResponse(String username, String domain, ch
byte[] ntResponse = getNtV2Response(responseKeyNT, serverNtlmChallenge.getServerChallenge(),
clientChallenge, time, clientTargetInfo);
- byte[] ntProofStr = Arrays.copyOfRange(ntResponse, 0, 16);
+ byte[] ntProofStr = Arrays.copyOfRange(ntResponse, 0, 16); // first 16 bytes of ntlmv2Response is ntProofStr
byte[] sessionBaseKey = getSessionBaseKey(responseKeyNT, ntProofStr);
return new ComputedNtlmV2Response(ntResponse, lmResponse, sessionBaseKey);
diff --git a/src/main/java/com/hierynomus/ntlm/messages/NtlmNegotiate.java b/src/main/java/com/hierynomus/ntlm/messages/NtlmNegotiate.java
index 1ddc7967..784e33b0 100644
--- a/src/main/java/com/hierynomus/ntlm/messages/NtlmNegotiate.java
+++ b/src/main/java/com/hierynomus/ntlm/messages/NtlmNegotiate.java
@@ -15,17 +15,17 @@
*/
package com.hierynomus.ntlm.messages;
-import static com.hierynomus.ntlm.messages.NtlmNegotiateFlag.NTLMSSP_NEGOTIATE_VERSION;
import static com.hierynomus.ntlm.messages.Utils.EMPTY;
import static com.hierynomus.ntlm.messages.Utils.writeOffsettedByteArrayFields;
-import java.util.Set;
-
import com.hierynomus.ntlm.functions.NtlmFunctions;
import com.hierynomus.protocol.commons.Charsets;
-import com.hierynomus.protocol.commons.EnumWithValue.EnumUtils;
import com.hierynomus.protocol.commons.buffer.Buffer;
+import java.util.Set;
+
+import static com.hierynomus.ntlm.messages.NtlmNegotiateFlag.*;
+
/**
* [MS-NLMP].pdf 2.2.1.1 NEGOTIATE_MESSAGE
*/
@@ -39,6 +39,7 @@ public NtlmNegotiate(Set flags, String domain, String worksta
super(flags, version);
this.domain = domain != null ? NtlmFunctions.oem(domain) : EMPTY;
this.workstation = workstation != null ? NtlmFunctions.oem(workstation) : EMPTY;
+ this.omitVersion = omitVersion;
}
public void write(Buffer.PlainBuffer buffer) {
@@ -53,13 +54,28 @@ public void write(Buffer.PlainBuffer buffer) {
if (!omitVersion) {
offset += 8; // Version (8 bytes)
}
- // DomainNameFields (8 bytes)
- offset = writeOffsettedByteArrayFields(buffer, domain, offset);
- // WorkstationFields (8 bytes)
- offset = writeOffsettedByteArrayFields(buffer, workstation, offset);
- // if `omitVersion`, omit this field, because some implementations (e.g. Windows 2000) don't like it
- if (negotiateFlags.contains(NTLMSSP_NEGOTIATE_VERSION)) {
+ if (negotiateFlags.contains(NTLMSSP_NEGOTIATE_OEM_DOMAIN_SUPPLIED)) {
+ // DomainNameFields (8 bytes)
+ offset = writeOffsettedByteArrayFields(buffer, domain, offset);
+ } else {
+ buffer.putUInt16(0); // DomainNameLen (2 bytes)
+ buffer.putUInt16(0); // DomainNameMaxLen (2 bytes)
+ buffer.putUInt32(0); // DomainNameBufferOffset (4 bytes)
+ }
+
+ if (negotiateFlags.contains(NTLMSSP_NEGOTIATE_OEM_WORKSTATION_SUPPLIED)) {
+ // WorkstationFields (8 bytes)
+ offset = writeOffsettedByteArrayFields(buffer, workstation, offset);
+ } else {
+ buffer.putUInt16(0); // WorkstationLen (2 bytes)
+ buffer.putUInt16(0); // WorkstationMaxLen (2 bytes)
+ buffer.putUInt32(0); // WorkstationBufferOffset (4 bytes)
+ }
+
+ // if `omitVersion`, omit this field, because some implementations (e.g. Windows
+ // 2000) don't like it
+ if (!omitVersion && negotiateFlags.contains(NTLMSSP_NEGOTIATE_VERSION)) {
version.writeTo(buffer); // Version (8 bytes)
} else if (!omitVersion) {
buffer.putUInt64(0); // Reserved (8 bytes)
@@ -78,4 +94,5 @@ public String toString() {
" version=" + version + "\n" +
"}";
}
+
}
diff --git a/src/main/java/com/hierynomus/smbj/SmbConfig.java b/src/main/java/com/hierynomus/smbj/SmbConfig.java
index 9597d7a5..40e8f29f 100644
--- a/src/main/java/com/hierynomus/smbj/SmbConfig.java
+++ b/src/main/java/com/hierynomus/smbj/SmbConfig.java
@@ -36,10 +36,6 @@
import com.hierynomus.mssmb2.SMB2Dialect;
import com.hierynomus.mssmb2.SMB2GlobalCapability;
import com.hierynomus.ntlm.NtlmConfig;
-import com.hierynomus.ntlm.messages.WindowsVersion;
-import com.hierynomus.ntlm.messages.WindowsVersion.NtlmRevisionCurrent;
-import com.hierynomus.ntlm.messages.WindowsVersion.ProductMajorVersion;
-import com.hierynomus.ntlm.messages.WindowsVersion.ProductMinorVersion;
import com.hierynomus.protocol.commons.Factory;
import com.hierynomus.protocol.commons.socket.ProxySocketFactory;
import com.hierynomus.security.SecurityProvider;
@@ -120,8 +116,6 @@ public static Builder builder() {
.withClientGSSContextConfig(GSSContextConfig.createDefaultConfig())
.withEncryptData(false);
- b.withNtlmConfig().withWindowsVersion(new WindowsVersion(ProductMajorVersion.WINDOWS_MAJOR_VERSION_6, ProductMinorVersion.WINDOWS_MINOR_VERSION_1, 0, NtlmRevisionCurrent.NTLMSSP_REVISION_W2K3));
-
return b;
}
@@ -485,8 +479,9 @@ public Builder withEncryptData(boolean encryptData) {
/**
* Set the workstation name to be used in the NTLM authentication.
*
- * @deprecated Moved into withNtlmConfig(NtlmConfig.builder().withWorkstationName(..).build())
- * */
+ * @deprecated Moved into
+ * withNtlmConfig(NtlmConfig.builder().withWorkstationName(..).build())
+ */
public Builder withWorkStationName(String workStationName) {
ntlmConfigBuilder.withWorkstationName(workStationName);
return this;
diff --git a/src/test/groovy/com/hierynomus/spnego/NegTokenInitSpec.groovy b/src/test/groovy/com/hierynomus/spnego/NegTokenInitSpec.groovy
index a7ec34bc..5ee69c6e 100644
--- a/src/test/groovy/com/hierynomus/spnego/NegTokenInitSpec.groovy
+++ b/src/test/groovy/com/hierynomus/spnego/NegTokenInitSpec.groovy
@@ -32,7 +32,7 @@ import static com.hierynomus.ntlm.messages.NtlmNegotiateFlag.NTLMSSP_NEGOTIATE_N
import static com.hierynomus.ntlm.messages.NtlmNegotiateFlag.NTLMSSP_NEGOTIATE_SIGN
import static com.hierynomus.ntlm.messages.NtlmNegotiateFlag.NTLMSSP_NEGOTIATE_TARGET_INFO
import static com.hierynomus.ntlm.messages.NtlmNegotiateFlag.NTLMSSP_NEGOTIATE_UNICODE
-import static com.hierynomus.ntlm.messages.NtlmNegotiateFlag.NTLMSSP_NEGOTIATE_VERSION
+import static com.hierynomus.ntlm.messages.NtlmNegotiateFlag.NTLMSSP_REQUEST_TARGET
import static com.hierynomus.ntlm.messages.WindowsVersion.NtlmRevisionCurrent.NTLMSSP_REVISION_W2K3
import static com.hierynomus.ntlm.messages.WindowsVersion.ProductMajorVersion.WINDOWS_MAJOR_VERSION_6
import static com.hierynomus.ntlm.messages.WindowsVersion.ProductMinorVersion.WINDOWS_MINOR_VERSION_1
@@ -64,11 +64,11 @@ class NegTokenInitSpec extends Specification {
NTLMSSP_NEGOTIATE_ALWAYS_SIGN,
NTLMSSP_NEGOTIATE_KEY_EXCH,
NTLMSSP_NEGOTIATE_NTLM,
- NTLMSSP_NEGOTIATE_VERSION,
+ NTLMSSP_REQUEST_TARGET,
NTLMSSP_NEGOTIATE_UNICODE)
when:
- new NtlmNegotiate(flags, "", "", new WindowsVersion(WINDOWS_MAJOR_VERSION_6, WINDOWS_MINOR_VERSION_1, 0, NTLMSSP_REVISION_W2K3), false).write(ntlmBuffer)
+ new NtlmNegotiate(flags, "", "", new WindowsVersion(WINDOWS_MAJOR_VERSION_6, WINDOWS_MINOR_VERSION_1, 7600, NTLMSSP_REVISION_W2K3), true).write(ntlmBuffer)
initToken.addSupportedMech(new ASN1ObjectIdentifier("1.3.6.1.4.1.311.2.2.10"))
initToken.setMechToken(ntlmBuffer.compactData)
initToken.write(spnegoBuffer)
diff --git a/src/test/resources/spnego/negTokenInit_ntlm b/src/test/resources/spnego/negTokenInit_ntlm
index 9bb1ddd1..d886b0c0 100644
Binary files a/src/test/resources/spnego/negTokenInit_ntlm and b/src/test/resources/spnego/negTokenInit_ntlm differ