class RubySMB::Gss::Provider::NTLM

A GSS provider that authenticates clients via the NT LAN Manager (NTLM) Security Support Provider (NTLMSSP) protocol.

Constants

Account

An account representing an identity for which this provider will accept authentication attempts.

Attributes

default_domain[R]

The default domain value to use for accounts which do not have one specified or use the special '.' value.

dns_domain[RW]
dns_hostname[RW]
netbios_domain[RW]
netbios_hostname[RW]

Public Class Methods

new(allow_anonymous: false, default_domain: 'WORKGROUP') click to toggle source

@param [Boolean] allow_anonymous whether or not to allow anonymous authentication attempts @param [String] default_domain the default domain to use for authentication, unless specified 'WORKGROUP' will

be used
# File lib/ruby_smb/gss/provider/ntlm.rb, line 237
def initialize(allow_anonymous: false, default_domain: 'WORKGROUP')
  raise ArgumentError, 'Must specify a default domain' unless default_domain

  @allow_anonymous = allow_anonymous
  @default_domain = default_domain
  @accounts = []
  @generate_server_challenge = -> { SecureRandom.bytes(8) }

  @dns_domain = @netbios_domain = 'LOCALDOMAIN'
  @dns_hostname = @netbios_hostname = 'LOCALHOST'
end

Public Instance Methods

generate_server_challenge(&block) click to toggle source

Generate the 8-byte server challenge. If a block is specified, it's used as the challenge generation routine and should return an 8-byte value.

@return [String] an 8-byte challenge value

# File lib/ruby_smb/gss/provider/ntlm.rb, line 254
def generate_server_challenge(&block)
  if block.nil?
    @generate_server_challenge.call
  else
    @generate_server_challenge = block
  end
end
get_account(username, domain: nil) click to toggle source

Lookup and return an account based on the username and optionally, the domain. If no domain is specified or or it is the special value '.', the default domain will be used. The username and domain values are case insensitive.

@param [String] username the username of the account to fetch. @param [String, nil] domain the domain in which the account to fetch exists. @return [Account, nil] the account if it was found

# File lib/ruby_smb/gss/provider/ntlm.rb, line 276
def get_account(username, domain: nil)
  # the username and password values should use the native encoding for the comparison in the #find operation
  username = username.downcase
  domain = @default_domain if domain.nil? || domain == '.'.encode(domain.encoding)
  domain = domain.downcase
  @accounts.find { |account| account.username.encode(username.encoding).downcase == username && account.domain.encode(domain.encoding).downcase == domain }
end
new_authenticator(server_client) click to toggle source
# File lib/ruby_smb/gss/provider/ntlm.rb, line 262
def new_authenticator(server_client)
  # build and return an instance that can process and track stateful information for a particular connection but
  # that's backed by this particular provider
  Authenticator.new(self, server_client)
end
put_account(username, password, domain: nil) click to toggle source

Add an account to the database.

@param [String] username the username of the account to add @param [String] password either the plaintext password or the NTLM hash of the account to add @param [String] domain the domain of the account to add, if not specified, the @default_domain will be used

# File lib/ruby_smb/gss/provider/ntlm.rb, line 290
def put_account(username, password, domain: nil)
  domain = @default_domain if domain.nil? || domain == '.'.encode(domain.encoding)
  @accounts << Account.new(username, password, domain)
end