Initial go at an NTLM Client that will do session signing/sealing

[zenchild]

There is some duplication between Net::NTLM and Net::NTLM::Client::Session but it was necessary to decouple some of the processing without effecting how Net::NTLM is being used for legacy purposes. Maybe we can rectify some of this in a 2.0 release.

CC: @pmorton This is required in order to get Negotiate session encryption working for WinRM.

[pmorton]

Looking at the build failures... Let's drops support for Ruby 1.8 all together. No one in their right mind should be using it. Since this would break backwards compatibility (semver), let's just rev to 2.0 now and if we want to address the duplication we should do so in 2.1.

[pmorton]

Accidentally clicked close instead of comment... Reopening.

[zenchild]

It's actually pretty easy to add support for 1.8.x back in. I'm just used to using the new style hashes and didn't even thing twice about it.

[zenchild]

OK, I just pushed up a commit that should fix the 1.8.x break. This should remain backward compatible for now so I think we should rev to 0.5.0. There are some changes I'd like to make in the future that would push it to an official 1.x release though so we can kill Ruby 1.8.x support at that time. Thoughts?

[pmorton]

@zenchild I guess I am too eager to rid the world of 1.8.7. I am fine depreciating support in the next major version. @sneal how would you deal about taking test lead? Since this is a monior release (with some awesome new features) I want to make sure that we don't break stuff that works already.

[sneal]

@pmorton Sure, I can test this out. I didn't realize anyone still used 1.8.7

[jlee-r7]

pack("Q") will be wrong on big endian systems. This should be NTLM.pack_int64le(rand(MAX64))

[zenchild]

Thanks @jlee-r7. I made your suggested changes.

[zenchild]

Unless there are any other comments I might merge this in....

[sneal]

@zenchild I (lightly) tested the new client with a modified version of the http example. I need some guidance on how to proceed with trying out the signing and sealing.

BTW - It worked great.

[zenchild]

@sneal The easiest way to test the signing+sealing is to use WinRM with it. Check out the "dan/spnego-encryption" branch from the WinRM repo. By the way, that branch is never meant to be merged to master as it is, it's only for testing. Once you have the branch checked out make sure and bundle install because it needs to pull down the right rubyntlm code. After that, this is what I was using for testing communications:

require "bundler/setup"
require "net/ntlm"
require "net/ntlm/client"
require "winrm"
require "pry"

endpoint = 'http://192.168.56.101:5985/wsman'
username = "user"
password = "pass"

winrm = WinRM::WinRMWebService.new(endpoint, :negotiate, user: username, pass: password)

binding.pry

Once pry opens up I just run WinRM commands like normal. I originally had a wireshark session open so I could watch the net traffic, but you probably don't need to go that far.

[jlee-r7]

I ran into an issue with this code while trying to use it in SMB2. See #19

[jlee-r7]

Any chance this will get landed soon? @zenchild @pmorton

[zenchild]

@pmorton and @sneal I'm going to merge this code as well as the fix that @jlee-r7 has in PR #19.

[sneal]

I say , seems pretty low risk and I was able to regress the existing functionality.