Modified flags negotiation

- Move defaultFlags to negotiation_flags.go file
- Change `defaultFlags` to follow [MS-NLMP] documentation
- Modify "negotiation", so it is composed of shared part, with
  exception of EXTENDED_SESSIONSECURITY, which shall be enabled always

authenticate_message.go

@@ -19,7 +19,7 @@ type authenticateMessage struct {
 	TargetName string
 	UserName   string
 
-	NegotiateFlags negotiateFlags
+	NegotiateFlags NegotiateFlags
 	Version
 }
 
@@ -33,16 +33,12 @@ type authenticateMessageFields struct {
 	UserName            varField
 	Workstation         varField
 	_                   [8]byte
-	NegotiateFlags      negotiateFlags
+	NegotiateFlags      NegotiateFlags
 	Version
 	MIC
 }
 
 func (m authenticateMessage) MarshalBinary() ([]byte, error) {
-	if !m.NegotiateFlags.Has(negotiateFlagNTLMSSPNEGOTIATEUNICODE) {
-		return nil, errors.New("Only unicode is supported")
-	}
-
 	target, user := toUnicode(m.TargetName), toUnicode(m.UserName)
 	workstation := toUnicode("")
 
@@ -58,8 +54,6 @@ func (m authenticateMessage) MarshalBinary() ([]byte, error) {
 		Version:             m.Version,
 	}
 
-	f.NegotiateFlags.Unset(negotiateFlagNTLMSSPNEGOTIATEVERSION)
-
 	b := bytes.Buffer{}
 	if err := binary.Write(&b, binary.LittleEndian, &f); err != nil {
 		return nil, err
@@ -104,10 +98,16 @@ func ProcessChallenge(negotiateMessageData, challengeMessageData []byte, user, p
 		return nil, errors.New("Key exchange requested but not supported (NTLMSSP_NEGOTIATE_KEY_EXCH)")
 	}
 
+	if !cm.NegotiateFlags.Has(negotiateFlagNTLMSSPNEGOTIATEUNICODE) {
+		return nil, errors.New("Only unicode is supported")
+	}
+
+	flags := (defaultFlags & cm.NegotiateFlags) | negotiateFlagNTLMSSPNEGOTIATEEXTENDEDSESSIONSECURITY
+
 	am := authenticateMessage{
 		UserName:       user,
 		TargetName:     domain,
-		NegotiateFlags: cm.NegotiateFlags,
+		NegotiateFlags: flags,
 	}
 
 	targetInfo := cm.TargetInfo

challenge_message.go

@@ -9,7 +9,7 @@ import (
 type challengeMessageFields struct {
 	messageHeader
 	TargetName      varField
-	NegotiateFlags  negotiateFlags
+	NegotiateFlags  NegotiateFlags
 	ServerChallenge [8]byte
 	_               [8]byte
 	TargetInfo      varField

negotiate_flags.go

@@ -1,52 +1,58 @@
 package ntlmssp
 
-type negotiateFlags uint32
+type NegotiateFlags uint32
 
 const (
-	/*A*/ negotiateFlagNTLMSSPNEGOTIATEUNICODE negotiateFlags = 1 << 0
-	/*B*/ negotiateFlagNTLMNEGOTIATEOEM = 1 << 1
-	/*C*/ negotiateFlagNTLMSSPREQUESTTARGET = 1 << 2
+	/*A*/ negotiateFlagNTLMSSPNEGOTIATEUNICODE NegotiateFlags = 1 << 0
+	/*B*/ negotiateFlagNTLMNEGOTIATEOEM                       = 1 << 1
+	/*C*/ negotiateFlagNTLMSSPREQUESTTARGET                   = 1 << 2
 
 	/*D*/
-	negotiateFlagNTLMSSPNEGOTIATESIGN = 1 << 4
-	/*E*/ negotiateFlagNTLMSSPNEGOTIATESEAL = 1 << 5
+	negotiateFlagNTLMSSPNEGOTIATESIGN           = 1 << 4
+	/*E*/ negotiateFlagNTLMSSPNEGOTIATESEAL     = 1 << 5
 	/*F*/ negotiateFlagNTLMSSPNEGOTIATEDATAGRAM = 1 << 6
-	/*G*/ negotiateFlagNTLMSSPNEGOTIATELMKEY = 1 << 7
+	/*G*/ negotiateFlagNTLMSSPNEGOTIATELMKEY    = 1 << 7
 
 	/*H*/
 	negotiateFlagNTLMSSPNEGOTIATENTLM = 1 << 9
 
 	/*J*/
-	negotiateFlagANONYMOUS = 1 << 11
-	/*K*/ negotiateFlagNTLMSSPNEGOTIATEOEMDOMAINSUPPLIED = 1 << 12
+	negotiateFlagANONYMOUS                                    = 1 << 11
+	/*K*/ negotiateFlagNTLMSSPNEGOTIATEOEMDOMAINSUPPLIED      = 1 << 12
 	/*L*/ negotiateFlagNTLMSSPNEGOTIATEOEMWORKSTATIONSUPPLIED = 1 << 13
 
 	/*M*/
-	negotiateFlagNTLMSSPNEGOTIATEALWAYSSIGN = 1 << 15
+	negotiateFlagNTLMSSPNEGOTIATEALWAYSSIGN    = 1 << 15
 	/*N*/ negotiateFlagNTLMSSPTARGETTYPEDOMAIN = 1 << 16
 	/*O*/ negotiateFlagNTLMSSPTARGETTYPESERVER = 1 << 17
 
 	/*P*/
 	negotiateFlagNTLMSSPNEGOTIATEEXTENDEDSESSIONSECURITY = 1 << 19
-	/*Q*/ negotiateFlagNTLMSSPNEGOTIATEIDENTIFY = 1 << 20
+	/*Q*/ negotiateFlagNTLMSSPNEGOTIATEIDENTIFY          = 1 << 20
 
 	/*R*/
-	negotiateFlagNTLMSSPREQUESTNONNTSESSIONKEY = 1 << 22
+	negotiateFlagNTLMSSPREQUESTNONNTSESSIONKEY    = 1 << 22
 	/*S*/ negotiateFlagNTLMSSPNEGOTIATETARGETINFO = 1 << 23
 
 	/*T*/
 	negotiateFlagNTLMSSPNEGOTIATEVERSION = 1 << 25
 
 	/*U*/
-	negotiateFlagNTLMSSPNEGOTIATE128 = 1 << 29
+	negotiateFlagNTLMSSPNEGOTIATE128           = 1 << 29
 	/*V*/ negotiateFlagNTLMSSPNEGOTIATEKEYEXCH = 1 << 30
-	/*W*/ negotiateFlagNTLMSSPNEGOTIATE56 = 1 << 31
+	/*W*/ negotiateFlagNTLMSSPNEGOTIATE56      = 1 << 31
 )
 
-func (field negotiateFlags) Has(flags negotiateFlags) bool {
+func (field NegotiateFlags) Has(flags NegotiateFlags) bool {
 	return field&flags == flags
 }
 
-func (field *negotiateFlags) Unset(flags negotiateFlags) {
+func (field *NegotiateFlags) Unset(flags NegotiateFlags) {
 	*field = *field ^ (*field & flags)
 }
+
+var defaultFlags = negotiateFlagNTLMSSPNEGOTIATEEXTENDEDSESSIONSECURITY |
+	negotiateFlagNTLMSSPNEGOTIATEALWAYSSIGN |
+	negotiateFlagNTLMSSPNEGOTIATENTLM |
+	negotiateFlagNTLMSSPREQUESTTARGET |
+	negotiateFlagNTLMSSPNEGOTIATEUNICODE

negotiate_message.go

@@ -11,20 +11,14 @@ const expMsgBodyLen = 40
 
 type negotiateMessageFields struct {
 	messageHeader
-	NegotiateFlags negotiateFlags
+	NegotiateFlags NegotiateFlags
 
 	Domain      varField
 	Workstation varField
 
 	Version
 }
 
-var defaultFlags = negotiateFlagNTLMSSPNEGOTIATETARGETINFO |
-	negotiateFlagNTLMSSPNEGOTIATE56 |
-	negotiateFlagNTLMSSPNEGOTIATE128 |
-	negotiateFlagNTLMSSPNEGOTIATEUNICODE |
-	negotiateFlagNTLMSSPNEGOTIATEEXTENDEDSESSIONSECURITY
-
 //NewNegotiateMessage creates a new NEGOTIATE message with the
 //flags that this package supports.
 func NewNegotiateMessage(domainName, workstationName string) ([]byte, error) {