[jcifs] NTLM, NTLMv2 code.
Allen, Michael B (RSCH)
Michael_B_Allen at ml.com
Thu Feb 14 15:19:11 EST 2002
> -----Original Message-----
> From: Christopher R. Hertel [SMTP:crh at ubiqx.mn.org]
>
> Mike,
>
> Where did you find the docs to do NTLM and/or NTLMv2 (do we do both)?
>
We do regular NTLM authentication which is clearly documented in section 2.10 of
the Leach doc. I don't think NTLMv2 is understood very well but there's a bit on it in
Luke's book. Of course what matters to us is that the server will negotiate the
common denominator :~)
> Need to grok this stuff...
>
If it's for the SMB URL stuff I don't think you do. The authentication mechanisms
known as NTLM and NTLMv2 are like hash this key, send it to the server in the
such-and-such request, run the challenge through DES, wiggle your big left toe and
cough twice. On the surface all you need it a domain, username, and password. I
suppose you might have a parameter like ?AUTH=NTLMv2 or something but other
than that I wouldn't worry about it. I think you'd be better of spending your time
getting learned on LDAP and Active Directory.
As for our code, the below is from the top of:
http://jcifs.samba.org/src/src/jcifs/smb/SmbSession.java
and follows the description in 2.10 verbatum. Not very exciting.
Mike
// KGS!@#$%
static final byte[] S8 = {
(byte)0x4b, (byte)0x47, (byte)0x53, (byte)0x21,
(byte)0x40, (byte)0x23, (byte)0x24, (byte)0x25
};
static void E( byte[] key, byte[] data, byte[] e ) {
byte[] key7 = new byte[7];
byte[] e8 = new byte[8];
for( int i = 0; i < key.length / 7; i++ ) {
System.arraycopy( key, i * 7, key7, 0, 7 );
DES des = new DES( key7 );
des.encrypt( data, e8 );
System.arraycopy( e8, 0, e, i * 8, 8 );
}
}
static byte[] getPreNTLMResponse( String password, byte[] challenge ) {
byte[] p14 = new byte[14];
byte[] p21 = new byte[21];
byte[] p24 = new byte[24];
System.arraycopy( password.toUpperCase().getBytes(), 0, p14, 0, password.length() );
E( p14, S8, p21);
E( p21, challenge, p24);
return p24;
}
static byte[] getNTLMResponse( String password, byte[] challenge ) {
byte[] uni = null;
byte[] p21 = new byte[21];
byte[] p24 = new byte[24];
try {
uni = password.getBytes( "UnicodeLittleUnmarked" );
} catch( UnsupportedEncodingException uee ) {
Log.printStackTrace( "password encryption exception", uee );
}
MD4 md4 = new MD4();
md4.update( uni );
System.arraycopy( md4.digest(), 0, p21, 0, 16 );
E( p21, challenge, p24 );
return p24;
}
More information about the jcifs
mailing list