terraform/vendor/github.com/Azure/go-ntlmssp/authenticate_message.go

package ntlmssp

import (
	"bytes"
	"crypto/rand"
	"encoding/binary"
	"errors"
	"time"
)

type authenicateMessage struct {
	LmChallengeResponse []byte
	NtChallengeResponse []byte

	TargetName string
	UserName   string

	// only set if negotiateFlag_NTLMSSP_NEGOTIATE_KEY_EXCH
	EncryptedRandomSessionKey []byte

	NegotiateFlags negotiateFlags

	MIC []byte
}

type authenticateMessageFields struct {
	messageHeader
	LmChallengeResponse varField
	NtChallengeResponse varField
	TargetName          varField
	UserName            varField
	Workstation         varField
	_                   [8]byte
	NegotiateFlags      negotiateFlags
}

func (m authenicateMessage) MarshalBinary() ([]byte, error) {
	if !m.NegotiateFlags.Has(negotiateFlagNTLMSSPNEGOTIATEUNICODE) {
		return nil, errors.New("Only unicode is supported")
	}

	target, user := toUnicode(m.TargetName), toUnicode(m.UserName)
	workstation := toUnicode("go-ntlmssp")

	ptr := binary.Size(&authenticateMessageFields{})
	f := authenticateMessageFields{
		messageHeader:       newMessageHeader(3),
		NegotiateFlags:      m.NegotiateFlags,
		LmChallengeResponse: newVarField(&ptr, len(m.LmChallengeResponse)),
		NtChallengeResponse: newVarField(&ptr, len(m.NtChallengeResponse)),
		TargetName:          newVarField(&ptr, len(target)),
		UserName:            newVarField(&ptr, len(user)),
		Workstation:         newVarField(&ptr, len(workstation)),
	}

	f.NegotiateFlags.Unset(negotiateFlagNTLMSSPNEGOTIATEVERSION)

	b := bytes.Buffer{}
	if err := binary.Write(&b, binary.LittleEndian, &f); err != nil {
		return nil, err
	}
	if err := binary.Write(&b, binary.LittleEndian, &m.LmChallengeResponse); err != nil {
		return nil, err
	}
	if err := binary.Write(&b, binary.LittleEndian, &m.NtChallengeResponse); err != nil {
		return nil, err
	}
	if err := binary.Write(&b, binary.LittleEndian, &target); err != nil {
		return nil, err
	}
	if err := binary.Write(&b, binary.LittleEndian, &user); err != nil {
		return nil, err
	}
	if err := binary.Write(&b, binary.LittleEndian, &workstation); err != nil {
		return nil, err
	}

	return b.Bytes(), nil
}

//ProcessChallenge crafts an AUTHENTICATE message in response to the CHALLENGE message
//that was received from the server
func ProcessChallenge(challengeMessageData []byte, user, password string) ([]byte, error) {
	if user == "" && password == "" {
		return nil, errors.New("Anonymous authentication not supported")
	}

	var cm challengeMessage
	if err := cm.UnmarshalBinary(challengeMessageData); err != nil {
		return nil, err
	}

	if cm.NegotiateFlags.Has(negotiateFlagNTLMSSPNEGOTIATELMKEY) {
		return nil, errors.New("Only NTLM v2 is supported, but server requested v1 (NTLMSSP_NEGOTIATE_LM_KEY)")
	}
	if cm.NegotiateFlags.Has(negotiateFlagNTLMSSPNEGOTIATEKEYEXCH) {
		return nil, errors.New("Key exchange requested but not supported (NTLMSSP_NEGOTIATE_KEY_EXCH)")
	}

	am := authenicateMessage{
		UserName:       user,
		TargetName:     cm.TargetName,
		NegotiateFlags: cm.NegotiateFlags,
	}

	timestamp := cm.TargetInfo[avIDMsvAvTimestamp]
	if timestamp == nil { // no time sent, take current time
		ft := uint64(time.Now().UnixNano()) / 100
		ft += 116444736000000000 // add time between unix & windows offset
		timestamp = make([]byte, 8)
		binary.LittleEndian.PutUint64(timestamp, ft)
	}

	clientChallenge := make([]byte, 8)
	rand.Reader.Read(clientChallenge)

	ntlmV2Hash := getNtlmV2Hash(password, user, cm.TargetName)

	am.NtChallengeResponse = computeNtlmV2Response(ntlmV2Hash,
		cm.ServerChallenge[:], clientChallenge, timestamp, cm.TargetInfoRaw)

	if cm.TargetInfoRaw == nil {
		am.LmChallengeResponse = computeLmV2Response(ntlmV2Hash,
			cm.ServerChallenge[:], clientChallenge)
	}

	return am.MarshalBinary()
}
Remove LGPL dependencies This changeset performs the following: - Updates `masterzen/winrm` vendor to include change from (https://github.com/masterzen/winrm/pull/73) - Updates `dylanmei/winrmtest` vendor to include change from (https://github.com/dylanmei/winrmtest/pull/4) - Updates `packer-community/winrmcp` vendor to include the removal of the `masterzen/winrm/winrm` sub-class as a result of the `winrm` CLI tool being removed from the `masterzen/winrm` repository. - Changes `communicator/winrm/communicator.go` to conform to the new ABI in the `masterzen/winrm` library. This should completely remove any LGPL licensed dependencies inside of the Terraform project. ``` $ make test ==> Checking that code complies with gofmt requirements... go generate $(go list ./... \| grep -v /terraform/vendor/) 2017/08/20 13:40:16 Generated command/internal_plugin_list.go go test -i $(go list ./... \| grep -v '/terraform/vendor/' \| grep -v '/builtin/bins/') \|\| exit 1 echo $(go list ./... \| grep -v '/terraform/vendor/' \| grep -v '/builtin/bins/') \| \ xargs -t -n4 go test -timeout=60s -parallel=4 go test -timeout=60s -parallel=4 github.com/hashicorp/terraform github.com/hashicorp/terraform/backend github.com/hashicorp/terraform/backend/atlas github.com/hashicorp/terraform/backend/init ok github.com/hashicorp/terraform 0.011s ok github.com/hashicorp/terraform/backend 0.020s ok github.com/hashicorp/terraform/backend/atlas 0.634s ok github.com/hashicorp/terraform/backend/init 0.007s go test -timeout=60s -parallel=4 github.com/hashicorp/terraform/backend/legacy github.com/hashicorp/terraform/backend/local github.com/hashicorp/terraform/backend/remote-state github.com/hashicorp/terraf orm/backend/remote-state/azure ok github.com/hashicorp/terraform/backend/legacy 0.009s ok github.com/hashicorp/terraform/backend/local 0.211s ok github.com/hashicorp/terraform/backend/remote-state 0.006s ok github.com/hashicorp/terraform/backend/remote-state/azure 0.010s go test -timeout=60s -parallel=4 github.com/hashicorp/terraform/backend/remote-state/consul github.com/hashicorp/terraform/backend/remote-state/inmem github.com/hashicorp/terraform/backend/remote-state/s 3 github.com/hashicorp/terraform/backend/remote-state/swift ok github.com/hashicorp/terraform/backend/remote-state/consul 0.007s ok github.com/hashicorp/terraform/backend/remote-state/inmem 0.013s ok github.com/hashicorp/terraform/backend/remote-state/s3 0.007s ok github.com/hashicorp/terraform/backend/remote-state/swift 0.013s go test -timeout=60s -parallel=4 github.com/hashicorp/terraform/builtin/providers/test github.com/hashicorp/terraform/builtin/provisioners/chef github.com/hashicorp/terraform/builtin/provisioners/file gi thub.com/hashicorp/terraform/builtin/provisioners/local-exec ok github.com/hashicorp/terraform/builtin/providers/test 1.544s ok github.com/hashicorp/terraform/builtin/provisioners/chef 0.017s ok github.com/hashicorp/terraform/builtin/provisioners/file 0.006s ok github.com/hashicorp/terraform/builtin/provisioners/local-exec 0.078s go test -timeout=60s -parallel=4 github.com/hashicorp/terraform/builtin/provisioners/remote-exec github.com/hashicorp/terraform/builtin/provisioners/salt-masterless github.com/hashicorp/terraform/command github.com/hashicorp/terraform/command/clistate ok github.com/hashicorp/terraform/builtin/provisioners/remote-exec 1.037s ok github.com/hashicorp/terraform/builtin/provisioners/salt-masterless 0.008s ok github.com/hashicorp/terraform/command 14.589s ? github.com/hashicorp/terraform/command/clistate [no test files] go test -timeout=60s -parallel=4 github.com/hashicorp/terraform/command/e2etest github.com/hashicorp/terraform/command/format github.com/hashicorp/terraform/communicator github.com/hashicorp/terraform/co mmunicator/remote ok github.com/hashicorp/terraform/command/e2etest 3.729s ok github.com/hashicorp/terraform/command/format 0.004s ok github.com/hashicorp/terraform/communicator 0.005s ok github.com/hashicorp/terraform/communicator/remote 0.003s [no tests to run] go test -timeout=60s -parallel=4 github.com/hashicorp/terraform/communicator/shared github.com/hashicorp/terraform/communicator/ssh github.com/hashicorp/terraform/communicator/winrm github.com/hashicorp/ terraform/config ok github.com/hashicorp/terraform/communicator/shared 0.007s ok github.com/hashicorp/terraform/communicator/ssh 0.016s ok github.com/hashicorp/terraform/communicator/winrm 0.018s ok github.com/hashicorp/terraform/config 0.213s go test -timeout=60s -parallel=4 github.com/hashicorp/terraform/config/module github.com/hashicorp/terraform/dag github.com/hashicorp/terraform/digraph github.com/hashicorp/terraform/flatmap ok github.com/hashicorp/terraform/config/module 0.044s ok github.com/hashicorp/terraform/dag 0.010s ok github.com/hashicorp/terraform/digraph 0.002s ok github.com/hashicorp/terraform/flatmap 0.002s go test -timeout=60s -parallel=4 github.com/hashicorp/terraform/helper/acctest github.com/hashicorp/terraform/helper/config github.com/hashicorp/terraform/helper/copy github.com/hashicorp/terraform/helpe r/diff ? github.com/hashicorp/terraform/helper/acctest [no test files] ok github.com/hashicorp/terraform/helper/config 0.005s ? github.com/hashicorp/terraform/helper/copy [no test files] ok github.com/hashicorp/terraform/helper/diff 0.005s go test -timeout=60s -parallel=4 github.com/hashicorp/terraform/helper/encryption github.com/hashicorp/terraform/helper/experiment github.com/hashicorp/terraform/helper/hashcode github.com/hashicorp/terr aform/helper/hilmapstructure ? github.com/hashicorp/terraform/helper/encryption [no test files] ok github.com/hashicorp/terraform/helper/experiment 0.001s ok github.com/hashicorp/terraform/helper/hashcode 0.001s ? github.com/hashicorp/terraform/helper/hilmapstructure [no test files] go test -timeout=60s -parallel=4 github.com/hashicorp/terraform/helper/logging github.com/hashicorp/terraform/helper/mutexkv github.com/hashicorp/terraform/helper/pathorcontents github.com/hashicorp/terr aform/helper/resource ? github.com/hashicorp/terraform/helper/logging [no test files] ok github.com/hashicorp/terraform/helper/mutexkv 0.055s ok github.com/hashicorp/terraform/helper/pathorcontents 0.002s ok github.com/hashicorp/terraform/helper/resource 2.659s go test -timeout=60s -parallel=4 github.com/hashicorp/terraform/helper/schema github.com/hashicorp/terraform/helper/shadow github.com/hashicorp/terraform/helper/signalwrapper github.com/hashicorp/terrafo rm/helper/slowmessage ok github.com/hashicorp/terraform/helper/schema 0.063s ok github.com/hashicorp/terraform/helper/shadow 0.156s ok github.com/hashicorp/terraform/helper/signalwrapper 0.022s ok github.com/hashicorp/terraform/helper/slowmessage 0.102s go test -timeout=60s -parallel=4 github.com/hashicorp/terraform/helper/structure github.com/hashicorp/terraform/helper/validation github.com/hashicorp/terraform/helper/variables github.com/hashicorp/terr aform/helper/wrappedreadline ok github.com/hashicorp/terraform/helper/structure 0.004s ok github.com/hashicorp/terraform/helper/validation 0.004s ok github.com/hashicorp/terraform/helper/variables 0.006s ? github.com/hashicorp/terraform/helper/wrappedreadline [no test files] go test -timeout=60s -parallel=4 github.com/hashicorp/terraform/helper/wrappedstreams github.com/hashicorp/terraform/moduledeps github.com/hashicorp/terraform/plugin github.com/hashicorp/terraform/plugin /discovery ? github.com/hashicorp/terraform/helper/wrappedstreams [no test files] ok github.com/hashicorp/terraform/moduledeps 0.004s ok github.com/hashicorp/terraform/plugin 0.046s ok github.com/hashicorp/terraform/plugin/discovery 0.029s go test -timeout=60s -parallel=4 github.com/hashicorp/terraform/repl github.com/hashicorp/terraform/scripts github.com/hashicorp/terraform/state github.com/hashicorp/terraform/state/remote ok github.com/hashicorp/terraform/repl 0.006s ok github.com/hashicorp/terraform/scripts 0.008s ok github.com/hashicorp/terraform/state 2.617s ok github.com/hashicorp/terraform/state/remote 0.025s go test -timeout=60s -parallel=4 github.com/hashicorp/terraform/terraform github.com/hashicorp/terraform/tools/terraform-bundle go test -timeout=60s -parallel=4 github.com/hashicorp/terraform/terraform github.com/hashicorp/terraform/tools/terraform-bundle ok github.com/hashicorp/terraform/terraform 4.222s ? github.com/hashicorp/terraform/tools/terraform-bundle [no test files] ``` 2017-08-20 19:53:48 +02:00			`package ntlmssp`

			`import (`
			`"bytes"`
			`"crypto/rand"`
			`"encoding/binary"`
			`"errors"`
			`"time"`
			`)`

			`type authenicateMessage struct {`
			`LmChallengeResponse []byte`
			`NtChallengeResponse []byte`

			`TargetName string`
			`UserName string`

			`// only set if negotiateFlag_NTLMSSP_NEGOTIATE_KEY_EXCH`
			`EncryptedRandomSessionKey []byte`

			`NegotiateFlags negotiateFlags`

			`MIC []byte`
			`}`

			`type authenticateMessageFields struct {`
			`messageHeader`
			`LmChallengeResponse varField`
			`NtChallengeResponse varField`
			`TargetName varField`
			`UserName varField`
			`Workstation varField`
			`_ [8]byte`
			`NegotiateFlags negotiateFlags`
			`}`

			`func (m authenicateMessage) MarshalBinary() ([]byte, error) {`
			`if !m.NegotiateFlags.Has(negotiateFlagNTLMSSPNEGOTIATEUNICODE) {`
			`return nil, errors.New("Only unicode is supported")`
			`}`

			`target, user := toUnicode(m.TargetName), toUnicode(m.UserName)`
			`workstation := toUnicode("go-ntlmssp")`

			`ptr := binary.Size(&authenticateMessageFields{})`
			`f := authenticateMessageFields{`
			`messageHeader: newMessageHeader(3),`
			`NegotiateFlags: m.NegotiateFlags,`
			`LmChallengeResponse: newVarField(&ptr, len(m.LmChallengeResponse)),`
			`NtChallengeResponse: newVarField(&ptr, len(m.NtChallengeResponse)),`
			`TargetName: newVarField(&ptr, len(target)),`
			`UserName: newVarField(&ptr, len(user)),`
			`Workstation: newVarField(&ptr, len(workstation)),`
			`}`

			`f.NegotiateFlags.Unset(negotiateFlagNTLMSSPNEGOTIATEVERSION)`

			`b := bytes.Buffer{}`
			`if err := binary.Write(&b, binary.LittleEndian, &f); err != nil {`
			`return nil, err`
			`}`
			`if err := binary.Write(&b, binary.LittleEndian, &m.LmChallengeResponse); err != nil {`
			`return nil, err`
			`}`
			`if err := binary.Write(&b, binary.LittleEndian, &m.NtChallengeResponse); err != nil {`
			`return nil, err`
			`}`
			`if err := binary.Write(&b, binary.LittleEndian, &target); err != nil {`
			`return nil, err`
			`}`
			`if err := binary.Write(&b, binary.LittleEndian, &user); err != nil {`
			`return nil, err`
			`}`
			`if err := binary.Write(&b, binary.LittleEndian, &workstation); err != nil {`
			`return nil, err`
			`}`

			`return b.Bytes(), nil`
			`}`

			`//ProcessChallenge crafts an AUTHENTICATE message in response to the CHALLENGE message`
			`//that was received from the server`
			`func ProcessChallenge(challengeMessageData []byte, user, password string) ([]byte, error) {`
			`if user == "" && password == "" {`
			`return nil, errors.New("Anonymous authentication not supported")`
			`}`

			`var cm challengeMessage`
			`if err := cm.UnmarshalBinary(challengeMessageData); err != nil {`
			`return nil, err`
			`}`

			`if cm.NegotiateFlags.Has(negotiateFlagNTLMSSPNEGOTIATELMKEY) {`
			`return nil, errors.New("Only NTLM v2 is supported, but server requested v1 (NTLMSSP_NEGOTIATE_LM_KEY)")`
			`}`
			`if cm.NegotiateFlags.Has(negotiateFlagNTLMSSPNEGOTIATEKEYEXCH) {`
			`return nil, errors.New("Key exchange requested but not supported (NTLMSSP_NEGOTIATE_KEY_EXCH)")`
			`}`

			`am := authenicateMessage{`
			`UserName: user,`
			`TargetName: cm.TargetName,`
			`NegotiateFlags: cm.NegotiateFlags,`
			`}`

			`timestamp := cm.TargetInfo[avIDMsvAvTimestamp]`
			`if timestamp == nil { // no time sent, take current time`
			`ft := uint64(time.Now().UnixNano()) / 100`
			`ft += 116444736000000000 // add time between unix & windows offset`
			`timestamp = make([]byte, 8)`
			`binary.LittleEndian.PutUint64(timestamp, ft)`
			`}`

			`clientChallenge := make([]byte, 8)`
			`rand.Reader.Read(clientChallenge)`

			`ntlmV2Hash := getNtlmV2Hash(password, user, cm.TargetName)`

			`am.NtChallengeResponse = computeNtlmV2Response(ntlmV2Hash,`
			`cm.ServerChallenge[:], clientChallenge, timestamp, cm.TargetInfoRaw)`

			`if cm.TargetInfoRaw == nil {`
			`am.LmChallengeResponse = computeLmV2Response(ntlmV2Hash,`
			`cm.ServerChallenge[:], clientChallenge)`
			`}`

			`return am.MarshalBinary()`
			`}`