Export (0) Print
Expand All

2.2.1.3 AUTHENTICATE_MESSAGE

The AUTHENTICATE_MESSAGE defines an NTLM authenticate message that is sent from the client to the server after the CHALLENGE_MESSAGE (section 2.2.1.2) is processed by the client.


0

1

2

3

4

5

6

7

8

9
1
0

1

2

3

4

5

6

7

8

9
2
0

1

2

3

4

5

6

7

8

9
3
0

1

Signature

...

MessageType

LmChallengeResponseFields

...

NtChallengeResponseFields

...

DomainNameFields

...

UserNameFields

...

WorkstationFields

...

EncryptedRandomSessionKeyFields

...

NegotiateFlags

Version

...

MIC

...

...

...

Payload (variable)

...

Signature (8 bytes): An 8-byte character array that MUST contain the ASCII string ('N', 'T', 'L', 'M', 'S', 'S', 'P', '\0').

MessageType (4 bytes): A 32-bit unsigned integer that indicates the message type. This field MUST be set to 0x00000003.

 

LmChallengeResponseFields (8 bytes): If the client chooses not to send an LmChallengeResponse to the server:

  • LmChallengeResponseLen and LmChallengeResponseMaxLen MUST be set to zero on transmission.

  • LmChallengeResponseBufferOffset field SHOULD be set to the offset from the beginning of the AUTHENTICATE_MESSAGE to where the LmChallengeResponse would be in Payload if it was present.

Otherwise, these fields are defined as:


0

1

2

3

4

5

6

7

8

9
1
0

1

2

3

4

5

6

7

8

9
2
0

1

2

3

4

5

6

7

8

9
3
0

1

LmChallengeResponseLen

LmChallengeResponseMaxLen

LmChallengeResponseBufferOffset

LmChallengeResponseLen (2 bytes): A 16-bit unsigned integer that defines the size, in bytes, of LmChallengeResponse in Payload.

LmChallengeResponseMaxLen (2 bytes): A 16-bit unsigned integer that SHOULD be set to the value of LmChallengeResponseLen and MUST be ignored on receipt.

LmChallengeResponseBufferOffset (4 bytes): A 32-bit unsigned integer that defines the offset, in bytes, from the beginning of the AUTHENTICATE_MESSAGE to LmChallengeResponse in Payload.

NtChallengeResponseFields (8 bytes): If the client chooses not to send an NtChallengeResponse to the server:

  • NtChallengeResponseLen, and NtChallengeResponseMaxLen MUST be set to zero on transmission.

  • NtChallengeResponseBufferOffset field SHOULD be set to the offset from the beginning of the AUTHENTICATE_MESSAGE to where the NtChallengeResponse would be in Payload if it was present.

Otherwise, these fields are defined as:


0

1

2

3

4

5

6

7

8

9
1
0

1

2

3

4

5

6

7

8

9
2
0

1

2

3

4

5

6

7

8

9
3
0

1

NtChallengeResponseLen

NtChallengeResponseMaxLen

NtChallengeResponseBufferOffset

NtChallengeResponseLen (2 bytes): A 16-bit unsigned integer that defines the size, in bytes, of NtChallengeResponse in Payload.

NtChallengeResponseMaxLen (2 bytes): A 16-bit unsigned integer that SHOULD be set to the value of NtChallengeResponseLen and MUST be ignored on receipt.

NtChallengeResponseBufferOffset (4 bytes): A 32-bit unsigned integer that defines the offset, in bytes, from the beginning of the AUTHENTICATE_MESSAGE to NtChallengeResponse in Payload.<8>

DomainNameFields (8 bytes): If the client chooses not to send a DomainName to the server:

  • DomainNameLen and DomainNameMaxLen MUST be set to zero on transmission.

  • DomainNameBufferOffset field SHOULD be set to the offset from the beginning of the AUTHENTICATE_MESSAGE to where the DomainName would be in Payload if it was present.

Otherwise, these fields are defined as:


0

1

2

3

4

5

6

7

8

9
1
0

1

2

3

4

5

6

7

8

9
2
0

1

2

3

4

5

6

7

8

9
3
0

1

DomainNameLen

DomainNameMaxLen

DomainNameBufferOffset

DomainNameLen (2 bytes): A 16-bit unsigned integer that defines the size, in bytes, of DomainName in Payload.

DomainNameMaxLen (2 bytes): A 16-bit unsigned integer that SHOULD be set to the value of DomainNameLen and MUST be ignored on receipt.

DomainNameBufferOffset (4 bytes): A 32-bit unsigned integer that defines the offset, in bytes, from the beginning of the AUTHENTICATE_MESSAGE to DomainName in Payload. If DomainName is a Unicode string, the values of DomainNameBufferOffset and DomainNameLen MUST be multiples of 2.

UserNameFields (8 bytes): If the client chooses not to send a UserName to the server:

  • UserNameLen and UserNameMaxLen MUST be set to zero on transmission.

  • UserNameBufferOffset field SHOULD be set to the offset from the beginning of the AUTHENTICATE_MESSAGE to where the UserName would be in Payload if it was present.

Otherwise, these fields are defined as:


0

1

2

3

4

5

6

7

8

9
1
0

1

2

3

4

5

6

7

8

9
2
0

1

2

3

4

5

6

7

8

9
3
0

1

UserNameLen

UserNameMaxLen

UserNameBufferOffset

UserNameLen (2 bytes): A 16-bit unsigned integer that defines the size, in bytes, of UserName in Payload, not including a NULL terminator.

UserNameMaxLen (2 bytes): A 16-bit unsigned integer that SHOULD be set to the value of UserNameLen and MUST be ignored on receipt.

UserNameBufferOffset (4 bytes): A 32-bit unsigned integer that defines the offset, in bytes, from the beginning of the AUTHENTICATE_MESSAGE to UserName in Payload. If UserName to be sent contains a Unicode string, the values of UserNameBufferOffset and UserNameLen MUST be multiples of 2.

WorkstationFields (8 bytes): If the client chooses not to send Workstation to the server:

  • WorkstationLen and WorkstationMaxLen MUST be set to zero on transmission.

  • WorkstationBufferOffset field SHOULD be set to the offset from the beginning of the AUTHENTICATE_MESSAGE to where the Workstation would be in Payload if it was present.

Otherwise, these fields are defined as:


0

1

2

3

4

5

6

7

8

9
1
0

1

2

3

4

5

6

7

8

9
2
0

1

2

3

4

5

6

7

8

9
3
0

1

WorkstationLen

WorkstationMaxLen

WorkstationBufferOffset

WorkstationLen (2 bytes): A 16-bit unsigned integer that defines the size, in bytes, of Workstation in Payload.

WorkstationMaxLen (2 bytes): A 16-bit unsigned integer that SHOULD be set to the value of WorkstationLen and MUST be ignored on receipt.

WorkstationBufferOffset (4 bytes): A 32-bit unsigned integer that defines the offset, in bytes, from the beginning of the AUTHENTICATE_MESSAGE to Workstation in Payload. If Workstation contains a Unicode string, the values of WorkstationBufferOffset and WorkstationLen MUST be multiples of 2.

EncryptedRandomSessionKeyFields (8 bytes): If the NTLMSSP_NEGOTIATE_KEY_EXCH flag is not set in NegotiateFlags, indicating that no EncryptedRandomSessionKey is supplied:

  • EncryptedRandomSessionKeyLen and EncryptedRandomSessionKeyMaxLen SHOULD be set to zero on transmission.

  • EncryptedRandomSessionKeyBufferOffset field SHOULD be set to the offset from the beginning of the AUTHENTICATE_MESSAGE to where the EncryptedRandomSessionKey would be in Payload if it was present.

  • EncryptedRandomSessionKeyLen, EncryptedRandomSessionKeyMaxLen and EncryptedRandomSessionKeyBufferOffset MUST be ignored on receipt.

Otherwise, these fields are defined as:


0

1

2

3

4

5

6

7

8

9
1
0

1

2

3

4

5

6

7

8

9
2
0

1

2

3

4

5

6

7

8

9
3
0

1

EncryptedRandomSessionKeyLen

EncryptedRandomSessionKeyMaxLen

EncryptedRandomSessionKeyBufferOffset

EncryptedRandomSessionKeyLen (2 bytes): A 16-bit unsigned integer that defines the size, in bytes, of EncryptedRandomSessionKey in Payload.

EncryptedRandomSessionKeyMaxLen (2 bytes): A 16-bit unsigned integer that SHOULD be set to the value of EncryptedRandomSessionKeyLen and MUST be ignored on receipt.

EncryptedRandomSessionKeyBufferOffset (4 bytes): A 32-bit unsigned integer that defines the offset, in bytes, from the beginning of the AUTHENTICATE_MESSAGE to EncryptedRandomSessionKey in Payload.

NegotiateFlags (4 bytes): In connectionless mode, a NEGOTIATE structure that contains a set of bit flags (section 2.2.2.5) and represents the conclusion of negotiation—the choices the client has made from the options the server offered in the CHALLENGE_MESSAGE. In connection-oriented mode, a NEGOTIATE structure that contains the set of bit flags (section 2.2.2.5) negotiated in the previous messages.

Version (8 bytes): A VERSION structure (section 2.2.2.10) that is present only when the NTLMSSP_NEGOTIATE_VERSION flag is set in the NegotiateFlags field. This structure is used for debugging purposes only. In normal protocol messages, it is ignored and does not affect the NTLM message processing.<9>

MIC (16 bytes): The message integrity for the NTLM NEGOTIATE_MESSAGE, CHALLENGE_MESSAGE, and AUTHENTICATE_MESSAGE.<10>

Payload (variable): A byte array that contains the data referred to by the LmChallengeResponseBufferOffset, NtChallengeResponseBufferOffset, DomainNameBufferOffset, UserNameBufferOffset, WorkstationBufferOffset, and EncryptedRandomSessionKeyBufferOffset message fields. Payload data can be present in any order within the Payload field, with variable-length padding before or after the data. The data that can be present in the Payload field of this message, in no particular order, are:


0

1

2

3

4

5

6

7

8

9
1
0

1

2

3

4

5

6

7

8

9
2
0

1

2

3

4

5

6

7

8

9
3
0

1

LmChallengeResponse (variable)

...

NtChallengeResponse (variable)

...

DomainName (variable)

...

UserName (variable)

...

Workstation (variable)

...

EncryptedRandomSessionKey (variable)

...

LmChallengeResponse (variable): An LM_RESPONSE or LMv2_RESPONSE structure that contains the computed LM response to the challenge. If NTLM v2 authentication is configured, LmChallengeResponse MUST be an LMv2_RESPONSE structure (section 2.2.2.4). Otherwise, it MUST be an LM_RESPONSE structure (section 2.2.2.3).

NtChallengeResponse (variable): An NTLM_RESPONSE or NTLMv2_RESPONSE structure that contains the computed NT response to the challenge. If NTLM v2 authentication is configured, NtChallengeResponse MUST be an NTLMv2_RESPONSE (section 2.2.2.8). Otherwise, it MUST be an NTLM_RESPONSE structure (section 2.2.2.6).

DomainName (variable): The domain or computer name hosting the user account. DomainName MUST be encoded in the negotiated character set.

UserName (variable): The name of the user to be authenticated. UserName MUST be encoded in the negotiated character set.

Workstation (variable): The name of the computer to which the user is logged on. Workstation MUST be encoded in the negotiated character set.

EncryptedRandomSessionKey (variable): The client's encrypted random session key. EncryptedRandomSessionKey and its usage are defined in sections 3.1.5 and 3.2.5.

 
Show:
© 2014 Microsoft