hierynomus / smbj

Server Message Block (SMB2, SMB3) implementation in Java
Other
713 stars 180 forks source link

NtlmAuthenticator, HTTP netlogon #613

Open jbakermk opened 3 years ago

jbakermk commented 3 years ago

Reading the NtlmAuthenticator code, it looks rather like it could authenticate NTLM tokens sent by browsers during the SPNEGO process. Is this possible?

hierynomus commented 3 years ago

I do not know, never tried this. I guess it uses the same protocol, so I think you should be able to try that.

jbakermk commented 3 years ago

So I've had a good look at this problem. The issue seems to lie in the NtlmAuthenticator code, which doesn't know how to deal with a type 3 token sent by the browser. A NETLOGON is required at this point.

The relevant Liferay NTLM code is here. Does this look like it could be transplanted to smbj?

            _netlogonConnection.connect(
                _domainController, _domainControllerName, _ntlmServiceAccount,
                _secureRandom);

            NetlogonAuthenticator netlogonAuthenticator =
                netlogonConnection.computeNetlogonAuthenticator();

            NetlogonIdentityInfo netlogonIdentityInfo =
                new NetlogonIdentityInfo(
                    domain, 0x00000820, 0, 0, userName, workstation);

            NetlogonNetworkInfo netlogonNetworkInfo = new NetlogonNetworkInfo(
                netlogonIdentityInfo, serverChallenge, ntResponse, lmResponse);

            NetrLogonSamLogon netrLogonSamLogon = new NetrLogonSamLogon(
                _domainControllerName, _ntlmServiceAccount.getComputerName(),
                netlogonAuthenticator, new NetlogonAuthenticator(), 2,
                netlogonNetworkInfo, 2, new NetlogonValidationSamInfo(), 0);

            DcerpcHandle dcerpcHandle = netlogonConnection.getDcerpcHandle();

            dcerpcHandle.sendrecv(netrLogonSamLogon);

            if (netrLogonSamLogon.getStatus() == 0) {_