Poco::Net

class NTLMCredentials

File Information

Library: Net
Package: NTLM
Header: Poco/Net/NTLMCredentials.h

Description

This is a utility class for working with NTLMv2 Authentication.

Note: This implementation is based on the "The NTLM Authentication Protocol and Security Support Provider" document written by Eric Glass and avilable from http://davenport.sourceforge.net/ntlm.html and the NT LAN Manager (NTLM) Authentication Protocol [MS-NLMP] document by Microsoft.

Member Summary

Member Functions: createLMv2Response, createNTLMv2Hash, createNTLMv2Response, createNonce, createPasswordHash, createTimestamp, formatAuthenticateMessage, formatNegotiateMessage, fromBase64, parseChallengeMessage, readBufferDesc, splitUsername, toBase64, writeBufferDesc

Nested Classes

struct AuthenticateMessage

This message is sent from the client to authenticate itself by providing a response to the server challenge. 

struct BufferDesc

 

struct ChallengeMessage

This message is sent back by the server and contains the NTLM challenge. 

struct NegotiateMessage

This message is sent from the client to initiate NTLM authentication. 

Enumerations

Anonymous

NTLM_MESSAGE_TYPE_NEGOTIATE = 0x01

NTLM_MESSAGE_TYPE_CHALLENGE = 0x02

NTLM_MESSAGE_TYPE_AUTHENTICATE = 0x03

Anonymous

NTLM_FLAG_NEGOTIATE_UNICODE = 0x00000001

NTLM_FLAG_NEGOTIATE_OEM = 0x00000002

NTLM_FLAG_REQUEST_TARGET = 0x00000004

NTLM_FLAG_NEGOTIATE_NTLM = 0x00000200

NTLM_FLAG_DOMAIN_SUPPLIED = 0x00001000

NTLM_FLAG_WORKST_SUPPLIED = 0x00002000

NTLM_FLAG_NEGOTIATE_LOCAL = 0x00004000

NTLM_FLAG_NEGOTIATE_ALWAYS_SIGN = 0x00008000

NTLM_FLAG_NEGOTIATE_NTLM2_KEY = 0x00080000

NTLM_FLAG_TARGET_DOMAIN = 0x00010000

NTLM_FLAG_TARGET_SERVER = 0x00020000

NTLM_FLAG_TARGET_SHARE = 0x00040000

NTLM_FLAG_NEGOTIATE_TARGET = 0x00800000

NTLM_FLAG_NEGOTIATE_128 = 0x20000000

NTLM_FLAG_NEGOTIATE_56 = 0x80000000

Member Functions

createLMv2Response static

static std::vector < unsigned char > createLMv2Response(
    const std::vector < unsigned char > & ntlm2Hash,
    const std::vector < unsigned char > & challenge,
    const std::vector < unsigned char > & nonce
);

Creates the LMv2 response by computing the HMAC-MD5 of the challenge and nonce, using the ntlm2Hash (see createNTLMv2Hash()) as HMAC passphrase.

createNTLMv2Hash static

static std::vector < unsigned char > createNTLMv2Hash(
    const std::string & username,
    const std::string & target,
    const std::string & password
);

Creates the NTLMv2 hash, which is the HMAC-MD5 of the concatenated UTF-16 uppercase username and target, using the password hash as HMAC passphrase.

createNTLMv2Response static

static std::vector < unsigned char > createNTLMv2Response(
    const std::vector < unsigned char > & ntlm2Hash,
    const std::vector < unsigned char > & challenge,
    const std::vector < unsigned char > & nonce,
    const std::vector < unsigned char > & targetInfo,
    Poco::UInt64 timestamp
);

Creates the NTLMv2 response by creating the "blob" and prepending its HMAC-MD5, using the ntlm2Hash as HMAC passphrase.

createNonce static

static std::vector < unsigned char > createNonce();

Creates an 8-byte client nonce for NTLM authentication.

createPasswordHash static

static std::vector < unsigned char > createPasswordHash(
    const std::string & password
);

Creates the NTLM password hash (MD4 of UTF-16-converted password).

createTimestamp static

static Poco::UInt64 createTimestamp();

Creates the NTLM timestamp in tenths of a microsecond since January 1, 1601, using the current system time.

formatAuthenticateMessage static

static std::vector < unsigned char > formatAuthenticateMessage(
    const AuthenticateMessage & message
);

Creates the NTLM Type 3 Authenticate message used for sending the response to the challenge.

formatNegotiateMessage static

static std::vector < unsigned char > formatNegotiateMessage(
    const NegotiateMessage & message
);

Creates the NTLM Type 1 Negotiate message used for initiating NTLM authentication from the client.

fromBase64 static

static std::vector < unsigned char > fromBase64(
    const std::string & base64
);

Decodes the given base64-encoded string.

parseChallengeMessage static

static bool parseChallengeMessage(
    const unsigned char * buffer,
    std::size_t size,
    ChallengeMessage & message
);

Parses a NTLM Type 2 Challenge message.

Returns true if the message was parsed successfully, otherwise false.

readBufferDesc static

static void readBufferDesc(
    Poco::BinaryReader & reader,
    BufferDesc & desc
);

Reads a buffer descriptor.

splitUsername static

static void splitUsername(
    const std::string & usernameAndDomain,
    std::string & username,
    std::string & domain
);

Splits a username containing a domain into plain username and domain. Supported formats are <DOMAIN>\<username> and <username>@<DOMAIN>.

toBase64 static

static std::string toBase64(
    const std::vector < unsigned char > & buffer
);

Converts the buffer to a base64-encoded string.

writeBufferDesc static

static void writeBufferDesc(
    Poco::BinaryWriter & writer,
    const BufferDesc & desc
);

Writes a buffer descriptor.

Variables

NTLMSSP static

static const std::string NTLMSSP;

Message signature string.

Securely control IoT edge devices from anywhere   Connect a Device