Awesome

NTLM Implementation for Go

This is a native implementation of NTLM for Go that was implemented

• using the Microsoft MS-NLMP documentation
• and a comprehensive description of NTLM based on research by Eric Glass

Project status

The library is used by multiple projects, e.g. rdpgw (a Remote Desktop Gateway server).

The major missing piece is the negotiation of capabilities between the client and the server. Currently, the negotiation flags are hardcoded, which should be fine for most (modern) clients/servers.

Currently, the project is in low maintenance mode. The NTLM protocol is being superseded by newer protocols, but is still required for good compatibility with existing client/server implementations. Feel free to submit an issue or a pull request, but new features are unlikely to be implemented without funding.

Sample Usage as NTLM Client

import "github.com/ThomsonReutersEikon/go-ntlm/ntlm"

session, err = ntlm.CreateClientSession(ntlm.Version2, ntlm.ConnectionlessMode)
session.SetUserInfo("someuser","somepassword","somedomain")

negotiate := session.GenerateNegotiateMessage()

<send negotiate to server>

challenge, err := ntlm.ParseChallengeMessage(challengeBytes)
session.ProcessChallengeMessage(challenge)

authenticate := session.GenerateAuthenticateMessage()

<send authenticate message to server>

Sample Usage as NTLM Server

session, err := ntlm.CreateServerSession(ntlm.Version2, ntlm.ConnectionlessMode)
session.SetUserInfo("someuser","somepassword","somedomain")
session.SetRequireNtHash(true) // enforce the use of the more secure Nt hash (instead of the accepting the old LM hash)

challenge := session.GenerateChallengeMessage()

<send challenge to client>

<receive authentication bytes>

auth, err := ntlm.ParseAuthenticateMessage(authenticateBytes)
session.ProcessAuthenticateMessage(auth)

Generating a message MAC

Once a session is created you can generate the Mac for a message using:

message := "this is some message to sign"
sequenceNumber := 100
signature, err := session.Mac([]byte(message), sequenceNumber)

License

Copyright Thomson Reuters Global Resources 2013 (BSD-4 License)

Note that the library was originally developed by Thomson Reuters Global Resources, but is no longer maintained by them.