Smarter "AUTHENTICATE_MESSAGE" encoding by using

Rican7 · Rican7 · commit c9a54d3d630e · 2015-08-27T13:17:59.000-04:00
the server-provided "TargetName"
diff --git a/src/Robin/Ntlm/Message/AbstractAuthenticateMessageEncoder.php b/src/Robin/Ntlm/Message/AbstractAuthenticateMessageEncoder.php
@@ -103,7 +103,8 @@ protected function __construct(EncodingConverterInterface $encoding_converter)
      * @param int $negotiate_flags The negotiation flags encoded in the message.
      * @param string $lm_challenge_response The calcualted LM response.
      * @param string $nt_challenge_response The calcualted NT response.
-     * @param string $nt_domain The domain name of the NT user authenticating.
+     * @param string $target_name The "TargetName" (domain/server name) of the
+     *   NT user authenticating.
      * @param string $username The user's "username".
      * @param string $client_hostname The hostname of the client (the hostname
      *   of the machine calling this code).
@@ -114,7 +115,7 @@ public function encodeBinaryMessageString(
         $negotiate_flags,
         $lm_challenge_response,
         $nt_challenge_response,
-        $nt_domain,
+        $target_name,
         $username,
         $client_hostname,
         $session_key
@@ -128,7 +129,7 @@ public function encodeBinaryMessageString(
 
         // Convert our provided values to proper encoding
         $username = $this->encoding_converter->convert($username, $expected_encoding);
-        $nt_domain = $this->encoding_converter->convert(strtoupper($nt_domain), $expected_encoding);
+        $target_name = $this->encoding_converter->convert(strtoupper($target_name), $expected_encoding);
         $client_hostname = $this->encoding_converter->convert(strtoupper($client_hostname), $expected_encoding);
         $session_key = $this->encoding_converter->convert(strtoupper($session_key), $expected_encoding);
 
@@ -157,13 +158,13 @@ public function encodeBinaryMessageString(
         $binary_string .= pack('V', $message_position); // 32-bit unsigned little-endian, 1st value in the payload
         $message_position += $nt_response_length;
 
-        $domain_name_length = strlen($nt_domain);
+        $target_name_length = strlen($target_name);
 
         // Domain name fields: length; length; offset of the value from the beginning of the message
-        $binary_string .= pack('v', $domain_name_length); // 16-bit unsigned little-endian
-        $binary_string .= pack('v', $domain_name_length); // 16-bit unsigned little-endian
+        $binary_string .= pack('v', $target_name_length); // 16-bit unsigned little-endian
+        $binary_string .= pack('v', $target_name_length); // 16-bit unsigned little-endian
         $binary_string .= pack('V', $message_position); // 32-bit unsigned little-endian, 1st value in the payload
-        $message_position += $domain_name_length;
+        $message_position += $target_name_length;
 
         $username_length = strlen($username);
 
@@ -194,7 +195,7 @@ public function encodeBinaryMessageString(
         // Add our payload data
         $binary_string .= $lm_challenge_response;
         $binary_string .= $nt_challenge_response;
-        $binary_string .= $nt_domain;
+        $binary_string .= $target_name;
         $binary_string .= $username;
         $binary_string .= $client_hostname;
         $binary_string .= $session_key;
diff --git a/src/Robin/Ntlm/Message/NtlmV1AuthenticateMessageEncoder.php b/src/Robin/Ntlm/Message/NtlmV1AuthenticateMessageEncoder.php
@@ -159,6 +159,7 @@ public function encode(
     ) {
         $negotiate_flags = $server_challenge->getNegotiateFlags();
         $server_challenge_nonce = $server_challenge->getNonce();
+        $target_name = $server_challenge->getTargetName() ?: $nt_domain;
 
         $client_challenge = null;
 
@@ -218,7 +219,7 @@ public function encode(
             $negotiate_flags,
             $lm_challenge_response,
             $nt_challenge_response,
-            $nt_domain,
+            $target_name,
             $username,
             $client_hostname,
             $session_key
diff --git a/src/Robin/Ntlm/Message/NtlmV2AuthenticateMessageEncoder.php b/src/Robin/Ntlm/Message/NtlmV2AuthenticateMessageEncoder.php
@@ -138,6 +138,7 @@ public function encode(
         $negotiate_flags = $server_challenge->getNegotiateFlags();
         $server_challenge_nonce = $server_challenge->getNonce();
         $target_info = $server_challenge->getTargetInfo();
+        $target_name = $server_challenge->getTargetName() ?: $nt_domain;
 
         // Generate a client challenge
         $client_challenge = $this->random_byte_generator->generate(static::CLIENT_CHALLENGE_LENGTH);
@@ -146,7 +147,7 @@ public function encode(
         $binary_blob = $this->encodeBlob(new DateTime(), $client_challenge, $target_info);
 
         if ($credential->isPlaintext()) {
-            $nt_hash = $this->nt_hasher->hash($credential, $username, $nt_domain);
+            $nt_hash = $this->nt_hasher->hash($credential, $username, $target_name);
         } elseif ($credential instanceof HashCredentialInterface && HashType::NT_V2 === $credential->getType()) {
             $nt_hash = $credential;
         } else {
@@ -170,7 +171,7 @@ public function encode(
             $negotiate_flags,
             $lm_challenge_response,
             $nt_challenge_response,
-            $nt_domain,
+            $target_name,
             $username,
             $client_hostname,
             $session_key
