internal static NegotiateResponse GetNegotiateResponse(SMB1Header header, NegotiateRequest request, GSSProvider securityProvider, ConnectionState state)
{
NegotiateResponse response = new NegotiateResponse();
response.DialectIndex = (ushort)request.Dialects.IndexOf(SMBServer.NTLanManagerDialect);
response.SecurityMode = SecurityMode.UserSecurityMode | SecurityMode.EncryptPasswords;
response.MaxMpxCount = 50;
response.MaxNumberVcs = 1;
response.MaxBufferSize = 16644;
response.MaxRawSize = 65536;
response.Capabilities = ServerCapabilities.Unicode |
ServerCapabilities.LargeFiles |
ServerCapabilities.NTSMB |
ServerCapabilities.NTStatusCode |
ServerCapabilities.NTFind |
ServerCapabilities.LargeRead |
ServerCapabilities.LargeWrite;
response.SystemTime = DateTime.UtcNow;
response.ServerTimeZone = (short)-TimeZone.CurrentTimeZone.GetUtcOffset(DateTime.Now).TotalMinutes;
NegotiateMessage negotiateMessage = CreateNegotiateMessage();
ChallengeMessage challengeMessage;
NTStatus status = securityProvider.GetNTLMChallengeMessage(out state.AuthenticationContext, negotiateMessage, out challengeMessage);
if (status == NTStatus.SEC_I_CONTINUE_NEEDED)
{
response.Challenge = challengeMessage.ServerChallenge;
}
response.DomainName = String.Empty;
response.ServerName = String.Empty;
return(response);
}
public byte[] GenerateServerChallenge()
{
NegotiateMessage negotiateMessage = new NegotiateMessage();
negotiateMessage.NegotiateFlags = NegotiateFlags.NegotiateUnicode | NegotiateFlags.NegotiateOEM | NegotiateFlags.RequestTarget | NegotiateFlags.NegotiateSign | NegotiateFlags.NegotiateSeal | NegotiateFlags.NegotiateLanManagerKey | NegotiateFlags.NegotiateNTLMKey | NegotiateFlags.NegotiateAlwaysSign | NegotiateFlags.NegotiateVersion | NegotiateFlags.Negotiate128 | NegotiateFlags.Negotiate56;
negotiateMessage.Version = Authentication.Version.Server2003;
byte[] negotiateMessageBytes = negotiateMessage.GetBytes();
byte[] challengeMessageBytes = SSPIHelper.GetType2Message(negotiateMessageBytes, out m_serverContext);
ChallengeMessage challengeMessage = new ChallengeMessage(challengeMessageBytes);
m_serverChallenge = challengeMessage.ServerChallenge;
return(m_serverChallenge);
}
/// <summary>
/// Helper method for legacy implementation.
/// </summary>
public virtual NTStatus GetNtlmChallengeMessage(out GssContext?context, NegotiateMessage negotiateMessage, out ChallengeMessage?challengeMessage)
{
IGssMechanism?ntlmAuthenticationProvider = FindMechanism(NtlmSspIdentifier);
if (ntlmAuthenticationProvider != null)
{
context = new GssContext(ntlmAuthenticationProvider, null);
NTStatus result = ntlmAuthenticationProvider.AcceptSecurityContext(ref context.MechanismContext, negotiateMessage.GetBytes(), out byte[] outputToken);
challengeMessage = new ChallengeMessage(outputToken);
return(result);
}
context = null;
challengeMessage = null;
return(NTStatus.SEC_E_SECPKG_NOT_FOUND);
}
private static NegotiateMessage CreateNegotiateMessage()
{
NegotiateMessage negotiateMessage = new NegotiateMessage();
negotiateMessage.NegotiateFlags = NegotiateFlags.UnicodeEncoding |
NegotiateFlags.OEMEncoding |
NegotiateFlags.Sign |
NegotiateFlags.LanManagerKey |
NegotiateFlags.NTLMSessionSecurity |
NegotiateFlags.AlwaysSign |
NegotiateFlags.Version |
NegotiateFlags.Use128BitEncryption |
NegotiateFlags.Use56BitEncryption;
negotiateMessage.Version = NTLMVersion.Server2003;
return(negotiateMessage);
}
/// <summary>
/// Helper method for legacy implementation.
/// </summary>
public virtual NTStatus GetNTLMChallengeMessage(out GSSContext context, NegotiateMessage negotiateMessage, out ChallengeMessage challengeMessage)
{
IGSSMechanism ntlmAuthenticationProvider = FindMechanism(NTLMSSPIdentifier);
if (ntlmAuthenticationProvider != null)
{
context = new GSSContext(ntlmAuthenticationProvider, null);
byte[] outputToken;
NTStatus result = ntlmAuthenticationProvider.AcceptSecurityContext(ref context.MechanismContext, negotiateMessage.GetBytes(), out outputToken);
challengeMessage = new ChallengeMessage(outputToken);
return(result);
}
else
{
context = null;
challengeMessage = null;
return(NTStatus.SEC_E_SECPKG_NOT_FOUND);
}
}
public override NTStatus GetChallengeMessage(out object context, NegotiateMessage negotiateMessage, out ChallengeMessage challengeMessage)
{
byte[] negotiateMessageBytes = negotiateMessage.GetBytes();
SecHandle serverContext;
byte[] challengeMessageBytes;
try
{
challengeMessageBytes = SSPIHelper.GetType2Message(negotiateMessageBytes, out serverContext);
}
catch (Exception)
{
context = null;
challengeMessage = null;
// We assume that the problem is not with our implementation.
return(NTStatus.SEC_E_INVALID_TOKEN);
}
context = new AuthContext(serverContext);
challengeMessage = new ChallengeMessage(challengeMessageBytes);
return(NTStatus.SEC_I_CONTINUE_NEEDED);
}
public static byte[] GetNegotiateMessage(byte[] securityBlob, string domainName, AuthenticationMethod authenticationMethod)
{
bool useGssapi = false;
if (securityBlob.Length > 0)
{
SimpleProtectedNegotiationTokenInit?inputToken = null;
try
{
inputToken = SimpleProtectedNegotiationToken.ReadToken(securityBlob, 0, true) as SimpleProtectedNegotiationTokenInit;
}
catch
{
// ignored
}
if (inputToken == null || !ContainsMechanism(inputToken, GssProvider.NtlmSspIdentifier))
{
throw new Exception("GetNegotiateMessage: InputToken is Null OR it doesn't contain the mechanism NtlmSspIdentifier");
}
useGssapi = true;
}
NegotiateMessage negotiateMessage = new NegotiateMessage
{
NegotiateFlags = NegotiateFlags.UnicodeEncoding |
NegotiateFlags.OEMEncoding |
NegotiateFlags.Sign |
NegotiateFlags.NTLMSessionSecurity |
NegotiateFlags.DomainNameSupplied |
NegotiateFlags.WorkstationNameSupplied |
NegotiateFlags.AlwaysSign |
NegotiateFlags.Version |
NegotiateFlags.Use128BitEncryption |
NegotiateFlags.KeyExchange |
NegotiateFlags.Use56BitEncryption
};
if (authenticationMethod == AuthenticationMethod.NtlmV1)
{
negotiateMessage.NegotiateFlags |= NegotiateFlags.LanManagerSessionKey;
}
else
{
negotiateMessage.NegotiateFlags |= NegotiateFlags.ExtendedSessionSecurity;
}
negotiateMessage.Version = NtlmVersion.Server2003;
negotiateMessage.DomainName = domainName;
negotiateMessage.Workstation = Environment.MachineName;
if (!useGssapi)
{
return(negotiateMessage.GetBytes());
}
SimpleProtectedNegotiationTokenInit outputToken = new SimpleProtectedNegotiationTokenInit
{
MechanismTypeList = new List <byte[]>
{
GssProvider.NtlmSspIdentifier
},
MechanismToken = negotiateMessage.GetBytes()
};
return(outputToken.GetBytes(true));
}
public static byte[] GetNegotiateMessage(byte[] securityBlob, string domainName, AuthenticationMethod authenticationMethod)
{
bool useGSSAPI = false;
if (securityBlob.Length > 0)
{
SimpleProtectedNegotiationTokenInit inputToken = null;
try
{
inputToken = SimpleProtectedNegotiationToken.ReadToken(securityBlob, 0, true) as SimpleProtectedNegotiationTokenInit;
}
catch
{
}
if (inputToken == null || !ContainsMechanism(inputToken, GSSProvider.NTLMSSPIdentifier))
{
return(null);
}
useGSSAPI = true;
}
NegotiateMessage negotiateMessage = new NegotiateMessage();
negotiateMessage.NegotiateFlags = NegotiateFlags.UnicodeEncoding |
NegotiateFlags.OEMEncoding |
NegotiateFlags.Sign |
NegotiateFlags.NTLMSessionSecurity |
NegotiateFlags.DomainNameSupplied |
NegotiateFlags.WorkstationNameSupplied |
NegotiateFlags.AlwaysSign |
NegotiateFlags.Version |
NegotiateFlags.Use128BitEncryption |
NegotiateFlags.KeyExchange |
NegotiateFlags.Use56BitEncryption;
if (authenticationMethod == AuthenticationMethod.NTLMv1)
{
negotiateMessage.NegotiateFlags |= NegotiateFlags.LanManagerSessionKey;
}
else
{
negotiateMessage.NegotiateFlags |= NegotiateFlags.ExtendedSessionSecurity;
}
negotiateMessage.Version = NTLMVersion.Server2003;
negotiateMessage.DomainName = domainName;
negotiateMessage.Workstation = Environment.MachineName;
if (useGSSAPI)
{
SimpleProtectedNegotiationTokenInit outputToken = new SimpleProtectedNegotiationTokenInit();
outputToken.MechanismTypeList = new List <byte[]>();
outputToken.MechanismTypeList.Add(GSSProvider.NTLMSSPIdentifier);
outputToken.MechanismToken = negotiateMessage.GetBytes();
return(outputToken.GetBytes(true));
}
else
{
return(negotiateMessage.GetBytes());
}
}
public List <byte> CreateType1()
{
NegotiateMessage negotiateMessage = NegotiateMessage.CreateDefaultNegotiateMessage();
return(negotiateMessage.DumpBinary());
}
