Split off from 0.10.0 without the reworked authentication fixes

WORKING_AUTH_TODO

@@ -0,0 +1,12 @@
+Missing commit: 10001efcf7b5beee6994fb0e4a3680a6503f6eab
+Extract TargetInfo to separate class and correct offsets for NtlmNegotiate (#630)
+
+* Extract TargetInfo to separate class and correct offsets for NtlmNegotiate
+
+* Add Target SPN AvId if NTLMSSP_REQUEST_TARGET set
+
+* Use clientTargetInfo to calculate NTLM clientChallenge
+------
+Missing commit: 3e454de9a29db2ef0896af60573378ea7ba4fa4b
+Fix ClassCastException (fixes \#712)
+------

src/main/java/com/hierynomus/ntlm/NtlmConfig.java

@@ -15,6 +15,9 @@
  */
 package com.hierynomus.ntlm;
 
+import java.security.SecureRandom;
+import java.util.Random;
+
 import com.hierynomus.ntlm.messages.WindowsVersion;
 import com.hierynomus.ntlm.messages.WindowsVersion.NtlmRevisionCurrent;
 import com.hierynomus.ntlm.messages.WindowsVersion.ProductMajorVersion;
@@ -25,13 +28,14 @@ public class NtlmConfig {
     private String workstationName;
     private boolean integrity;
     private boolean omitVersion;
+    private byte[] machineID;
 
     public static NtlmConfig defaultConfig() {
-        return builder().build();
+        return builder(new SecureRandom()).build();
     }
 
-    public static Builder builder() {
-        return new Builder();
+    public static Builder builder(Random r) {
+        return new Builder(r);
     }
 
     private NtlmConfig() {
@@ -42,6 +46,7 @@ private NtlmConfig(NtlmConfig other) {
         this.workstationName = other.workstationName;
         this.integrity = other.integrity;
         this.omitVersion = other.omitVersion;
+        this.machineID = other.machineID;
     }
 
     public WindowsVersion getWindowsVersion() {
@@ -60,14 +65,20 @@ public boolean isOmitVersion() {
         return omitVersion;
     }
 
+    public byte[] getMachineID() {
+        return machineID;
+    }
+
     public static class Builder {
         private NtlmConfig config;
 
-        public Builder() {
+        public Builder(Random r) {
             config = new NtlmConfig();
             config.windowsVersion = new WindowsVersion(ProductMajorVersion.WINDOWS_MAJOR_VERSION_6, ProductMinorVersion.WINDOWS_MINOR_VERSION_1, 7600, NtlmRevisionCurrent.NTLMSSP_REVISION_W2K3);
-            config.integrity = false; // TODO temporarily disabled until we can figure out why it fails (probably mechListMIC in NegTokenTarg)
+            config.integrity = false;
             config.omitVersion = false;
+            config.machineID = new byte[32];
+            r.nextBytes(config.machineID);
         }
 
         public Builder withWindowsVersion(WindowsVersion windowsVersion) {
@@ -90,6 +101,17 @@ public Builder withOmitVersion(boolean omitVersion) {
             return this;
         }
 
+        public Builder withMachineID(byte[] machineID) {
+            if (machineID == null) {
+                throw new IllegalArgumentException("MachineID must not be null");
+            }
+            if (machineID.length != 32) {
+                throw new IllegalArgumentException("MachineID must be 32 bytes");
+            }
+            config.machineID = machineID;
+            return this;
+        }
+
         public NtlmConfig build() {
             return new NtlmConfig(config);
         }

src/main/java/com/hierynomus/ntlm/av/AvPairChannelBindings.java

@@ -24,6 +24,10 @@ public class AvPairChannelBindings extends AvPair<byte[]> {
         super(AvId.MsvAvChannelBindings);
     }
 
+    public AvPairChannelBindings(byte[] value) {
+        super(AvId.MsvAvChannelBindings, value);
+    }
+
     @Override
     public void write(Buffer<?> buffer) {
         buffer.putUInt16((int) this.avId.getValue()); // AvId (2 bytes)

src/main/java/com/hierynomus/ntlm/av/AvPairSingleHost.java

@@ -25,6 +25,11 @@ public class AvPairSingleHost extends AvPair<byte[]> {
         super(AvId.MsvAvSingleHost);
     }
 
+    public AvPairSingleHost(byte[] value, byte[] machineID) {
+        super(AvId.MsvAvSingleHost, value);
+        this.machineID = machineID;
+    }
+
     public AvPairSingleHost read(Buffer<?> buffer) throws BufferException {
         buffer.readUInt16(); // AvLen (2 bytes)
         buffer.readUInt32(); // Size (4 bytes)

src/main/java/com/hierynomus/ntlm/messages/NtlmAuthenticate.java

@@ -21,6 +21,7 @@
 import com.hierynomus.protocol.commons.EnumWithValue;
 import com.hierynomus.protocol.commons.buffer.Buffer;
 import com.hierynomus.protocol.commons.buffer.Endian;
+import com.hierynomus.protocol.commons.buffer.Buffer.PlainBuffer;
 
 import static com.hierynomus.ntlm.messages.Utils.*;
 
@@ -45,7 +46,7 @@ public NtlmAuthenticate(
         byte[] lmResponse, byte[] ntResponse,
         String userName, String domainName, String workstation,
         byte[] encryptedRandomSessionKey, Set<NtlmNegotiateFlag> negotiateFlags,
-        WindowsVersion version, boolean isIntegrityEnabled, boolean isOmitVersion) {
+        WindowsVersion version) {
         super(negotiateFlags, version);
         this.lmResponse = ensureNotNull(lmResponse);
         this.ntResponse = ensureNotNull(ntResponse);
@@ -54,70 +55,58 @@ public NtlmAuthenticate(
         this.workstation = ensureNotNull(workstation);
         this.encryptedRandomSessionKey = ensureNotNull(encryptedRandomSessionKey);
         this.negotiateFlags = negotiateFlags;
-        this.integrityEnabled = isIntegrityEnabled;
-        this.omitVersion = isOmitVersion;
     }
 
-    @Override
-    public void write(Buffer.PlainBuffer buffer) {
+    private int getBaseMessageSize() {
         int baseMessageSize = 64;
-        if (integrityEnabled) {
-            baseMessageSize += 16;
-        }
-
-        if (!omitVersion) {
+        if (negotiateFlags.contains(NtlmNegotiateFlag.NTLMSSP_NEGOTIATE_VERSION) || mic != null) {
             baseMessageSize += 8;
         }
 
-        writeNtlmAuthenticate(buffer, baseMessageSize);
-
-        // MIC (16 bytes)
         if (mic != null) {
-            buffer.putRawBytes(mic);
-        } else if (integrityEnabled) {
-            buffer.putUInt64(0L);
-            buffer.putUInt64(0L);
-        } else {
-            // Skipping MIC, not enabled.
+            baseMessageSize += 16;
         }
 
-        // Payload
-        buffer.putRawBytes(lmResponse);
-        buffer.putRawBytes(ntResponse);
-        buffer.putRawBytes(domainName);
-        buffer.putRawBytes(userName);
-        buffer.putRawBytes(workstation);
-        buffer.putRawBytes(encryptedRandomSessionKey);
+        return baseMessageSize;
     }
 
-    public void setMic(byte[] mic) {
-        this.mic = mic;
-    }
+    @Override
+    public void write(PlainBuffer buffer) {
 
-    public void writeNtlmAuthenticate(Buffer.PlainBuffer buffer, int baseMessageSize) {
         buffer.putString("NTLMSSP\0", Charsets.UTF_8); // Signature (8 bytes)
         buffer.putUInt32(0x03); // MessageType (4 bytes)
 
-        int offset = baseMessageSize; // for the offset
+        int offset = getBaseMessageSize(); // for the offset
         offset = writeOffsettedByteArrayFields(buffer, lmResponse, offset); // LmChallengeResponseFields (8 bytes)
         offset = writeOffsettedByteArrayFields(buffer, ntResponse, offset); // NtChallengeResponseFields (8 bytes)
         offset = writeOffsettedByteArrayFields(buffer, domainName, offset); // DomainNameFields (8 bytes)
         offset = writeOffsettedByteArrayFields(buffer, userName, offset); // UserNameFields (8 bytes)
         offset = writeOffsettedByteArrayFields(buffer, workstation, offset); // WorkstationFields (8 bytes)
-        if (negotiateFlags.contains(NtlmNegotiateFlag.NTLMSSP_NEGOTIATE_KEY_EXCH)) { // TODO probably unnecessary check
-            offset = writeOffsettedByteArrayFields(buffer, encryptedRandomSessionKey, offset);
-        } else {
-            offset = writeOffsettedByteArrayFields(buffer, EMPTY, offset);
-        }
+        offset = writeOffsettedByteArrayFields(buffer, encryptedRandomSessionKey, offset); // EncryptedRandomSessionKeyFields (8 bytes)
 
         buffer.putUInt32(EnumWithValue.EnumUtils.toLong(negotiateFlags)); // NegotiateFlags (4 bytes)
 
-        // If `omitVersion`, we skip rendering the Version, as some servers don't like it.
         if (negotiateFlags.contains(NtlmNegotiateFlag.NTLMSSP_NEGOTIATE_VERSION)) {
             buffer.putRawBytes(getVersion()); // Version (8 bytes)
-        } else if (!omitVersion) {
-            buffer.putUInt64(0L);
+        } else if (mic != null) {
+            buffer.putUInt64(0L); // If the MIC is present, the Version field MUST be present.
         }
+
+        if (mic != null) {
+            buffer.putRawBytes(mic, 0, 16); // MIC (16 bytes)
+        }
+
+        // Payload
+        buffer.putRawBytes(lmResponse);
+        buffer.putRawBytes(ntResponse);
+        buffer.putRawBytes(domainName);
+        buffer.putRawBytes(userName);
+        buffer.putRawBytes(workstation);
+        buffer.putRawBytes(encryptedRandomSessionKey);
+    }
+
+    public void setMic(byte[] mic) {
+        this.mic = mic;
     }
 
     /**
@@ -136,16 +125,17 @@ public byte[] getVersion() {
         return plainBuffer.getCompactData();
     }
 
+
     @Override
     public String toString() {
         return "NtlmAuthenticate{\n" +
-            "  mic=" + (mic != null ? ByteArrayUtils.printHex(mic) : "[]") + ",\n" +
-            "  lmResponse=" + ByteArrayUtils.printHex(lmResponse) + ",\n" +
-            "  ntResponse=" + ByteArrayUtils.printHex(ntResponse) + ",\n" +
-            "  domainName='" + NtlmFunctions.unicode(domainName) + "',\n" +
-            "  userName='" + NtlmFunctions.unicode(userName) + "',\n" +
-            "  workstation='" + NtlmFunctions.unicode(workstation) + "',\n" +
-            "  encryptedRandomSessionKey=[<secret>],\n" +
-            '}';
+                "  mic=" + (mic != null ? ByteArrayUtils.printHex(mic) : "[]") + ",\n" +
+                "  lmResponse=" + ByteArrayUtils.printHex(lmResponse) + ",\n" +
+                "  ntResponse=" + ByteArrayUtils.printHex(ntResponse) + ",\n" +
+                "  domainName='" + NtlmFunctions.unicode(domainName) + "',\n" +
+                "  userName='" + NtlmFunctions.unicode(userName) + "',\n" +
+                "  workstation='" + NtlmFunctions.unicode(workstation) + "',\n" +
+                "  encryptedRandomSessionKey=[<secret>],\n" +
+                '}';
     }
 }

src/main/java/com/hierynomus/smbj/SmbConfig.java

@@ -100,7 +100,6 @@ public static SmbConfig createDefaultConfig() {
     public static Builder builder() {
         Builder b =  new Builder()
             .withClientGuid(UUID.randomUUID())
-            .withRandomProvider(new SecureRandom())
             .withSecurityProvider(getDefaultSecurityProvider())
             .withSocketFactory(new ProxySocketFactory())
             .withSigningRequired(false)
@@ -141,6 +140,7 @@ private static List<Factory.Named<Authenticator>> getDefaultAuthenticators() {
 
     private SmbConfig() {
         dialects = EnumSet.noneOf(SMB2Dialect.class);
+        random = new SecureRandom();
         authenticators = new ArrayList<>();
     }
 
@@ -281,7 +281,7 @@ public static class Builder {
 
         Builder() {
             config = new SmbConfig();
-            ntlmConfigBuilder = NtlmConfig.builder();
+            ntlmConfigBuilder = NtlmConfig.builder(config.random);
         }
 
         public Builder withRandomProvider(Random random) {