Ntlm Tcl Reference Documentation
Ntlm
Current Version: 11.1.0
API for implemeting both client and server sides of the NTLM protocol/algorithm. The Chilkat NTLM API is included as part of the "Chilkat Crypt" license.
Object Creation
# 'this' is not a keyword in Tcl. It can freely be used as a variable name. set this [new CkNtlm]
Properties
ClientChallenge
# ckStr is a CkString
CkNtlm_get_ClientChallenge $this $ckStr
set strVal [CkNtlm_get_clientChallenge $this]
CkNtlm_put_ClientChallenge $this $strVal
The ClientChallenge is passed in the Type 3 message from the client to the server.  It must contain exactly 8 bytes.  Because this is a string property, the bytes are get/set in encoded form (such as hex or base64) based on the value of the EncodingMode property.  For example, if the EncodingMode property = hex, then a hex representation of 8 bytes should be used to set the ClientChallenge.
Note: Setting the ClientChallenge is optional. If the ClientChallenge remains unset, it will be automatically set to 8 random bytes when the GenType3 method is called.
topDebugLogFilePath
# ckStr is a CkString
CkNtlm_get_DebugLogFilePath $this $ckStr
set strVal [CkNtlm_get_debugLogFilePath $this]
CkNtlm_put_DebugLogFilePath $this $strVal
If set to a file path, this property logs the LastErrorText of each Chilkat method or property call to the specified file. This logging helps identify the context and history of Chilkat calls leading up to any crash or hang, aiding in debugging.
Enabling the VerboseLogging property provides more detailed information. This property is mainly used for debugging rare instances where a Chilkat method call causes a hang or crash, which should generally not happen.
Possible causes of hangs include:
- A timeout property set to 0, indicating an infinite timeout.
- A hang occurring within an event callback in the application code.
- An internal bug in the Chilkat code causing the hang.
DnsComputerName
# ckStr is a CkString
CkNtlm_get_DnsComputerName $this $ckStr
set strVal [CkNtlm_get_dnsComputerName $this]
CkNtlm_put_DnsComputerName $this $strVal
Optional.  This is information that would be set by the server for inclusion in the Target Info internal portion of the Type 2 message.  Note: If any optional Target Info fields are provided, then both NetBiosComputerName and NetBiosDomainName must be provided.
DnsDomainName
# ckStr is a CkString
CkNtlm_get_DnsDomainName $this $ckStr
set strVal [CkNtlm_get_dnsDomainName $this]
CkNtlm_put_DnsDomainName $this $strVal
Optional.  This is information that would be set by the server for inclusion in the Target Info internal portion of the Type 2 message.  Note: If any optional Target Info fields are provided, then both NetBiosComputerName and NetBiosDomainName must be provided.
Domain
# ckStr is a CkString
CkNtlm_get_Domain $this $ckStr
set strVal [CkNtlm_get_domain $this]
CkNtlm_put_Domain $this $strVal
Optional. May be set by the client for inclusion in the Type 1 message.
topEncodingMode
# ckStr is a CkString
CkNtlm_get_EncodingMode $this $ckStr
set strVal [CkNtlm_get_encodingMode $this]
CkNtlm_put_EncodingMode $this $strVal
Determines the encoding mode used for getting/setting various properties, such as ClientChallenge.  The valid case-insensitive modes are Base64, modBase64, Base32, UU, QP (for quoted-printable), URL (for url-encoding), Hex, Q, B, url_oath, url_rfc1738, url_rfc2396, and url_rfc3986.
Flags
# ckStr is a CkString
CkNtlm_get_Flags $this $ckStr
set strVal [CkNtlm_get_flags $this]
CkNtlm_put_Flags $this $strVal
The negotiate flags that are set in the Type 1 message generated by the client and sent to the server. These flags have a default value and should ONLY be set by a programmer that is an expert in the NTLM protocol and knows what they mean. In general, this property should be left at it's default value.
The flags are represented as a string of letters, where each letter represents a bit. The full set of possible flags (bit values) are shown below:
NegotiateUnicode 0x00000001 NegotiateOEM 0x00000002 RequestTarget 0x00000004 NegotiateSign 0x00000010 NegotiateSeal 0x00000020 NegotiateDatagramStyle 0x00000040 NegotiateLanManagerKey 0x00000080 NegotiateNetware 0x00000100 NegotiateNTLMKey 0x00000200 NegotiateDomainSupplied 0x00001000 NegotiateWorkstationSupplied 0x00002000 NegotiateLocalCall 0x00004000 NegotiateAlwaysSign 0x00008000 TargetTypeDomain 0x00010000 TargetTypeServer 0x00020000 TargetTypeShare 0x00040000 NegotiateNTLM2Key 0x00080000 RequestInitResponse 0x00100000 RequestAcceptResponse 0x00200000 RequestNonNTSessionKey 0x00400000 NegotiateTargetInfo 0x00800000 Negotiate128 0x20000000 NegotiateKeyExchange 0x40000000 Negotiate56 0x80000000The mapping of letters to bit values are as follows:
0x01 - <code>A</code> 0x02 - <code>B</code> 0x04 - <code>C</code> 0x10 - <code>D</code> 0x20 - <code>E</code> 0x40 - <code>F</code> 0x80 - <code>G</code> 0x200 - <code>H</code> 0x400 - <code>I</code> 0x800 - <code>J</code> 0x1000 - <code>K</code> 0x2000 - <code>L</code> 0x8000 - <code>M</code> 0x10000 - <code>N</code> 0x20000 - <code>O</code> 0x40000 - <code>P</code> 0x80000 - <code>Q</code> 0x100000 - <code>R</code> 0x400000 - <code>S</code> 0x800000 - <code>T</code> 0x2000000 - <code>U</code> 0x20000000 - <code>V</code> 0x40000000 - <code>W</code> 0x80000000 - <code>X</code>The default Flags value has the following flags set: NegotiateUnicode, NegotiateOEM, RequestTarget, NegotiateNTLMKey, NegotiateAlwaysSign, NegotiateNTLM2Key. The corresponds to the string
ABCHMQ.
top
LastErrorHtml
# ckStr is a CkString
CkNtlm_get_LastErrorHtml $this $ckStr
set strVal [CkNtlm_get_lastErrorHtml $this]
Provides HTML-formatted information about the last called method or property. If a method call fails or behaves unexpectedly, check this property for details. Note that information is available regardless of the method call's success.
topLastErrorText
# ckStr is a CkString
CkNtlm_get_LastErrorText $this $ckStr
set strVal [CkNtlm_get_lastErrorText $this]
Provides plain text information about the last called method or property. If a method call fails or behaves unexpectedly, check this property for details. Note that information is available regardless of the method call's success.
LastErrorXml
# ckStr is a CkString
CkNtlm_get_LastErrorXml $this $ckStr
set strVal [CkNtlm_get_lastErrorXml $this]
Provides XML-formatted information about the last called method or property. If a method call fails or behaves unexpectedly, check this property for details. Note that information is available regardless of the method call's success.
topLastMethodSuccess
set boolVal [CkNtlm_get_LastMethodSuccess $this]
CkNtlm_put_LastMethodSuccess $this $boolVal
Indicates the success or failure of the most recent method call: 1 means success, 0 means failure. This property remains unchanged by property setters or getters.  This method is present to address challenges in checking for null or Nothing returns in certain programming languages.  Note: This property does not apply to methods that return integer values or to boolean-returning methods where the boolean does not indicate success or failure.
NetBiosComputerName
# ckStr is a CkString
CkNtlm_get_NetBiosComputerName $this $ckStr
set strVal [CkNtlm_get_netBiosComputerName $this]
CkNtlm_put_NetBiosComputerName $this $strVal
Optional.  This is information that would be set by the server for inclusion in the Target Info internal portion of the Type 2 message.  Note: If any optional Target Info fields are provided, then both NetBiosComputerName and NetBiosDomainName must be provided.
NetBiosDomainName
# ckStr is a CkString
CkNtlm_get_NetBiosDomainName $this $ckStr
set strVal [CkNtlm_get_netBiosDomainName $this]
CkNtlm_put_NetBiosDomainName $this $strVal
Optional.  This is information that would be set by the server for inclusion in the Target Info internal portion of the Type 2 message.  Note: If any optional Target Info fields are provided, then both NetBiosComputerName and NetBiosDomainName must be provided.
NtlmVersion
set intVal [CkNtlm_get_NtlmVersion $this]
CkNtlm_put_NtlmVersion $this $intVal
The version of the NTLM protocol to be used. Must be set to either 1 or 2. The default value is 1 (for NTLMv1). Setting this property equal to 2 selects NTLMv2.
topOemCodePage
set intVal [CkNtlm_get_OemCodePage $this]
CkNtlm_put_OemCodePage $this $intVal
If the A flag is unset, then Unicode strings are not used internally in the NTLM messages.  Strings are instead represented using the OEM code page (i.e. charset, or character encoding) as specified here.  In general, given that the Flags property should rarely be modified, and given that the A flag is set by default (meaning that Unicode is used), the OemCodePage property will not apply.  The default value is the default OEM code page of the local computer.
Password
# ckStr is a CkString
CkNtlm_get_Password $this $ckStr
set strVal [CkNtlm_get_password $this]
CkNtlm_put_Password $this $strVal
The password corresponding to the username of the account to be authenticated. This must be set by the client prior to generating and sending the Type 3 message.
topServerChallenge
# ckStr is a CkString
CkNtlm_get_ServerChallenge $this $ckStr
set strVal [CkNtlm_get_serverChallenge $this]
CkNtlm_put_ServerChallenge $this $strVal
This is similar to the ClientChallenge in that it must contain 8 bytes.
The ServerChallenge is passed in the Type 2 message from the server to the client.  Because this is a string property, the bytes are get/set in encoded form (such as hex or base64) based on the value of the EncodingMode property.  For example, if the EncodingMode property = hex, then a hex representation of 8 bytes should be used to set the ServerChallenge.
Note: Setting the ServerChallenge is optional. If the ServerChallenge remains unset, it will be automatically set to 8 random bytes when the GenType2 method is called.
topTargetName
# ckStr is a CkString
CkNtlm_get_TargetName $this $ckStr
set strVal [CkNtlm_get_targetName $this]
CkNtlm_put_TargetName $this $strVal
The authentication realm in which the authenticating account has membership, such as a domain for domain accounts, or a server name for local machine accounts. The TargetName is used in the Type2 message sent from the server to the client.
topUserName
# ckStr is a CkString
CkNtlm_get_UserName $this $ckStr
set strVal [CkNtlm_get_userName $this]
CkNtlm_put_UserName $this $strVal
The username of the account to be authenticated. This must be set by the client prior to generating and sending the Type 3 message.
topVerboseLogging
set boolVal [CkNtlm_get_VerboseLogging $this]
CkNtlm_put_VerboseLogging $this $boolVal
If set to 1, then the contents of LastErrorText (or LastErrorXml, or LastErrorHtml) may contain more verbose information. The default value is 0.  Verbose logging should only be used for debugging.  The potentially large quantity of logged information may adversely affect peformance.
Version
Workstation
# ckStr is a CkString
CkNtlm_get_Workstation $this $ckStr
set strVal [CkNtlm_get_workstation $this]
CkNtlm_put_Workstation $this $strVal
The value to be used in the optional workstation field in Type 1 message.
topMethods
CompareType3
# msg2 is a string
set retBool [CkNtlm_CompareType3 $this $msg1 $msg2]
Compares the internal contents of two Type3 messages to verify that the LM and NTLM response parts match.  A server would typically compute the Type3 message by calling GenType3, and then compare it with the Type3 message received from the client.  The method returns 1 if the responses match, and 0 if they do not.
GenType1
set status [CkNtlm_GenType1 $this $outStr]
set retStr [CkNtlm_genType1 $this]
Generates the Type 1 message. The Type 1 message is sent from Client to Server and initiates the NTLM authentication exchange.
Returns 1 for success, 0 for failure.
GenType2
# outStr is a CkString (output)
set status [CkNtlm_GenType2 $this $type1Msg $outStr]
set retStr [CkNtlm_genType2 $this $type1Msg]
Generates a Type2 message from a received Type1 message. The server-side generates the Type2 message and sends it to the client. This is the 2nd step in the NTLM protocol. The 1st step is the client generating the initial Type1 message which is sent to the server.
Returns 1 for success, 0 for failure.
GenType3
# outStr is a CkString (output)
set status [CkNtlm_GenType3 $this $type2Msg $outStr]
set retStr [CkNtlm_genType3 $this $type2Msg]
Generates the final message in the NTLM authentication exchange. This message is sent from the client to the server. The Type 2 message received from the server is passed to GenType3. The Username and Password properties are finally used here in the generation of the Type 3 message. Note, the Password is never actually sent. It is used to compute a binary response that the server can then check, using the password it has on file, to verify that indeed the client must've used the correct password.
Returns 1 for success, 0 for failure.
LoadType3
set status [CkNtlm_LoadType3 $this $type3Msg]
The server-side should call this method with the Type 3 message received from the client. The LoadType3 method sets the following properties: Username, Domain, Workstation, and ClientChallenge, all of which are embedded within the Type 3 message.
The server-side code may then use the Username to lookup the associated password and then it will itself call the GenType3 method to do the same computation as done by the client. The server then compares it's computed Type 3 message with the Type 3 message received from the client. If the Type 3 messages are exactly the same, then it must be that the client used the correct password, and therefore the client authentication is successful.
Returns 1 for success, 0 for failure.
ParseType1
# outStr is a CkString (output)
set status [CkNtlm_ParseType1 $this $type1Msg $outStr]
set retStr [CkNtlm_parseType1 $this $type1Msg]
For informational purposes only. Allows for the server-side to parse a Type 1 message to get human-readable information about the contents.
Returns 1 for success, 0 for failure.
ParseType2
# outStr is a CkString (output)
set status [CkNtlm_ParseType2 $this $type2Msg $outStr]
set retStr [CkNtlm_parseType2 $this $type2Msg]
For informational purposes only. Allows for the client-side to parse a Type 2 message to get human-readable information about the contents.
Returns 1 for success, 0 for failure.
ParseType3
# outStr is a CkString (output)
set status [CkNtlm_ParseType3 $this $type3Msg $outStr]
set retStr [CkNtlm_parseType3 $this $type3Msg]
For informational purposes only. Allows for the server-side to parse a Type 3 message to get human-readable information about the contents.
Returns 1 for success, 0 for failure.
SetFlag
# onOrOff is a boolean
set status [CkNtlm_SetFlag $this $flagLetter $onOrOff]
Sets one of the negotiate flags to be used in the Type 1 message sent by the client. It should normally be unnecessary to modify the default flag settings. For more information about flags, see the description for the Flags property above.
Returns 1 for success, 0 for failure.
top