/// <summary>
/// compute response
/// </summary>
/// <param name="flags">the flags for challenge</param>
/// <param name="serverChallenge">the server challenge</param>
/// <param name="targetInfo">the target info contains avpairs</param>
/// <param name="responseKeyNT">the response nt key</param>
/// <param name="responseKeyLM">the response lm key</param>
/// <param name="lmChallengeResponse">the challenge response lm</param>
/// <param name="ntChallengeResponse">the challenge response nt</param>
private void ComputeResponse(
NegotiateTypes flags,
ulong serverChallenge,
ICollection <AV_PAIR> targetInfo,
byte[] responseKeyNT,
byte[] responseKeyLM,
out byte[] lmChallengeResponse,
out byte[] ntChallengeResponse
)
{
// clientChallenge, a random 8 bytes.
ulong clientChallenge = NlmpUtility.BytesToSecurityUInt64(NlmpUtility.Nonce(8));
// time
ulong time = 0;
if (!NlmpUtility.IsNtlmV1(this.client.Config.Version))
{
time = NlmpUtility.GetTime(targetInfo);
}
byte[] sessionBaseKey = null;
// compute response
NlmpUtility.ComputeResponse(
this.client.Config.Version, flags, responseKeyNT, responseKeyLM, serverChallenge, clientChallenge,
time, NlmpUtility.AvPairCollectionGetBytes(targetInfo), out ntChallengeResponse,
out lmChallengeResponse, out sessionBaseKey);
// save key to context
this.client.Context.SessionBaseKey = sessionBaseKey;
}
/// <summary>
/// create a challenge packet. This packet contains CHALLENGE_MESSAGE. The CHALLENGE_MESSAGE defines an NTLM
/// challenge message that is sent from the server to the client. The CHALLENGE_MESSAGE is used by the server
/// to challenge the client to prove its identity.
/// </summary>
/// <param name="negotiateFlags">The client sets flags to indicate options it supports.</param>
/// <param name="version">
/// This structure is used for debugging purposes only. In normal (non-debugging) protocol messages, it is
/// ignored and does not affect the NTLM message processing.
/// </param>
/// <param name="serverChallenge">contains the NTLM challenge. The challenge is a 64-bit nonce.</param>
/// <param name="targetName">
/// TargetName contains the name of the server authentication realm, and MUST be expressed in the negotiated
/// character set. A server that is a member of a domain returns the domain of which it is a member, and a
/// server that is not a member of a domain returns the server name. This param can be null.
/// </param>
/// <param name="targetInfo">
/// TargetInfo contains a sequence of AV_PAIR structures.This param can be null.
/// </param>
/// <returns>the NlmpChallengePacket</returns>
/// <noException></noException>
public NlmpChallengePacket CreateChallengePacket(
NegotiateTypes negotiateFlags,
VERSION version,
ulong serverChallenge,
string targetName,
ICollection <AV_PAIR> targetInfo
)
{
NlmpChallengePacket packet = new NlmpChallengePacket();
packet.SetNegotiateFlags(negotiateFlags);
if (NlmpUtility.IsVersionRequired(negotiateFlags))
{
packet.SetVersion(version);
}
packet.SetServerChallenge(serverChallenge);
if (NlmpUtility.IsDomainType(negotiateFlags) || NlmpUtility.IsServerType(negotiateFlags))
{
packet.SetTargetName(targetName);
}
// generate bytes of targetinfo
byte[] targetInfoBytes = NlmpUtility.AvPairCollectionGetBytes(targetInfo);
// initialize targetinfofield
packet.SetTargetInfo(targetInfoBytes);
return(packet);
}
public void GetSecurityToken(
NlmpVersion ntlmVersion,
string domainName,
string userName,
string password,
ulong serverTime,
ulong serverChallenge,
out byte[] caseInsensitivePassword,
out byte[] caseSensitivePassword)
{
if (ntlmVersion != NlmpVersion.v1 && ntlmVersion != NlmpVersion.v2)
{
throw new ArgumentException(
string.Format("the ntlmVersion({0}) must be valid NlmpVersion value", ntlmVersion), "ntlmVersion");
}
caseInsensitivePassword = null;
caseSensitivePassword = null;
#region Prepare the TargetInfo
byte[] targetInfo = null;
List <AV_PAIR> pairs = new List <AV_PAIR>();
NlmpUtility.AddAVPair(pairs, AV_PAIR_IDs.MsvAvEOL, 0x00, null);
targetInfo = NlmpUtility.AvPairCollectionGetBytes(pairs);
#endregion
#region Prepare the Nlmp Negotiate Flags
// the flags for negotiate
NegotiateTypes nlmpFlags = NegotiateTypes.NTLMSSP_NEGOTIATE_NTLM | NegotiateTypes.NTLM_NEGOTIATE_OEM;
#endregion
// exported to application for the SessionKey.
byte[] sessionBaseKey = null;
#region Prepare the keys
// responseKeyNT
byte[] responseKeyNT = NlmpUtility.GetResponseKeyNt(ntlmVersion, domainName, userName, password);
// responseKeyLM
byte[] responseKeyLM = NlmpUtility.GetResponseKeyLm(ntlmVersion, domainName, userName, password);
#endregion
#region Compute Response
// clientChallenge, a 8 bytes random number.
ulong clientChallenge = BitConverter.ToUInt64(NlmpUtility.Nonce(8), 0);
// compute response
NlmpUtility.ComputeResponse(
ntlmVersion, nlmpFlags, responseKeyNT, responseKeyLM, serverChallenge, clientChallenge, serverTime,
targetInfo, out caseSensitivePassword, out caseInsensitivePassword, out sessionBaseKey);
#endregion
}
