work on systems with openssl3

[shax-xxx]

Hello. Due upcoming Ubuntu 22.04 LTS release smbprotocol auth mechanism does not work.

openssl version 
OpenSSL 3.0.2 15 Mar 2022 (Library: OpenSSL 3.0.2 15 Mar 2022)

on

smbclient.register_session(
                server="192.168.1.2",
                username="admin",
                password="jhgkjhkjhkj",
                port=445)

I recieve this:

Traceback (most recent call last):
  File "/home/shax/Documents/mil/python3.5_proj/rateharvest/env/lib/python3.10/site-packages/smbprotocol/session.py", line 278, in connect
    out_token = context.step(in_token)
  File "/home/shax/Documents/mil/python3.5_proj/rateharvest/env/lib/python3.10/site-packages/spnego/_negotiate.py", line 124, in step
    mech_token_in, mech_list_mic, is_spnego = self._step_spnego_input(in_token=in_token)
  File "/home/shax/Documents/mil/python3.5_proj/rateharvest/env/lib/python3.10/site-packages/spnego/_negotiate.py", line 171, in _step_spnego_input
    mech_list = self._rebuild_context_list(mech_types=in_token.mech_types)
  File "/home/shax/Documents/mil/python3.5_proj/rateharvest/env/lib/python3.10/site-packages/spnego/_negotiate.py", line 416, in _rebuild_context_list
    raise BadMechanismError(context_msg="Unable to negotiate common mechanism", base_error=last_err)
spnego.exceptions.BadMechanismError: SpnegoError (1): unsupported hash type md4, Context: Unable to negotiate common mechanism

I think it's because openssl3 does not have md4

$openssl list -digest-commands

blake2b512        blake2s256        md5               sha1              
sha224            sha256            sha3-224          sha3-256          
sha3-384          sha3-512          sha384            sha512            
sha512-224        sha512-256        shake128          shake256          

>>>import hashlib
>>>hashlib.new('md4')

Traceback (most recent call last):
  File "/usr/lib/python3.10/hashlib.py", line 160, in __hash_new
    return _hashlib.new(name, data, **kwargs)
ValueError: [digital envelope routines] unsupported

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "<stdin>", line 1, in <module>
  File "/usr/lib/python3.10/hashlib.py", line 166, in __hash_new
    return __get_builtin_constructor(name)(data)
  File "/usr/lib/python3.10/hashlib.py", line 123, in __get_builtin_constructor
    raise ValueError('unsupported hash type ' + name)
ValueError: unsupported hash type md4

Any workaround?

[adiroiban]

Thank for the report

This is an issue in the pyspnego library.

https://github.com/jborean93/pyspnego/blob/03eb0c9f04daad67b1173f27fb365f10bc432caa/src/spnego/_ntlm_raw/crypto.py#L133

Looking at the code, md4 is used for NTLM v1 .

With the implementation here

https://github.com/jborean93/pyspnego/blob/03eb0c9f04daad67b1173f27fb365f10bc432caa/src/spnego/_ntlm_raw/crypto.py#L342

I guess that the only option for legacy, is to vendor/copy/reimplement md4 in pysnego

https://github.com/rpicard/py-md4

---

Reported "upstream" issue here https://github.com/jborean93/pyspnego/issues/37 :)

[shax-xxx]

maybe this will be helpful https://gist.github.com/kangtastic/c3349fc4f9d659ee362b12d7d8c639b6

(from: stackoverflow)

[jborean93]

Thanks @adiroiban for opening the other issue there. This is definitely a problem for pyspnego and unfortunately is more widespread than just NTLM v1. It's used as the NTv1 hash which NTLM v2 constructs a hash derived from this value. This means the problem affects NTLM altogether rather than the older versions.

Closing this and will continue to track the issue in https://github.com/jborean93/pyspnego/issues/37