//Parse User name and domain name
//check are they both 0 length? if yes, set a flag in conversation data that indicates null credentials
public static bool AreTheCredentialsNull(FrameData fd)
{
if (fd.payload == null)
{
return(false);
}
// does not matter if the frame is fragmented. What we want - the length fields - are right near the beginning of the payload - just 36 bytes into it
TDSReader ByteReader = new TDSReader(fd.payload, 0, -1, fd.payloadLength);
ByteReader.ReadBytes(8); // TDS header
ByteReader.ReadBytes(8); // Skip NTLMSSP string.
ByteReader.ReadBytes(4); // Skip Message type
ByteReader.ReadBytes(8); // Skip LmChallengeResponseFields - 8 bytes expected
ByteReader.ReadBytes(8); // Skip NtChallengeResponseFields - 8 bytes expected
short DomainNameLen = ByteReader.ReadInt16(); // Read DomainNameFields->Length - 2 bytes
ByteReader.ReadBytes(2); // Skip DomainNameFields->MaximumLength - 2 bytes - to be ignored per the spec
int DomainNameOffSet = ByteReader.ReadInt32(); // Read DomainNameFields->BufferOffset - 4 bytes
short UserNameLen = ByteReader.ReadInt16(); // Read UserNameFields-Length
ByteReader.ReadBytes(2); // Skip UserNameFields-MaximumLength - 2 bytes - to be ignored per the spec
int UserNameOffSet = (int)ByteReader.ReadInt16(); // Read UserNameFields-BufferOffset
if (UserNameLen > 0 && DomainNameLen > 0)
{
return(false);
}
return(true); // user name or domain name are null
}
public void Read(TDSReader r)
{
Status = r.ReadInt32();
}