public override NTStatus GetChallengeMessage(out object context, NegotiateMessage negotiateMessage, out ChallengeMessage challengeMessage)
{
byte[] serverChallenge = GenerateServerChallenge();
context = new AuthContext(serverChallenge);
challengeMessage = new ChallengeMessage();
// https://msdn.microsoft.com/en-us/library/cc236691.aspx
challengeMessage.NegotiateFlags = NegotiateFlags.TargetTypeServer |
NegotiateFlags.TargetInfo |
NegotiateFlags.TargetNameSupplied |
NegotiateFlags.Version;
// [MS-NLMP] NTLMSSP_NEGOTIATE_NTLM MUST be set in the [..] CHALLENGE_MESSAGE to the client.
challengeMessage.NegotiateFlags |= NegotiateFlags.NTLMSessionSecurity;
if ((negotiateMessage.NegotiateFlags & NegotiateFlags.UnicodeEncoding) > 0)
{
challengeMessage.NegotiateFlags |= NegotiateFlags.UnicodeEncoding;
}
else if ((negotiateMessage.NegotiateFlags & NegotiateFlags.OEMEncoding) > 0)
{
challengeMessage.NegotiateFlags |= NegotiateFlags.OEMEncoding;
}
if ((negotiateMessage.NegotiateFlags & NegotiateFlags.ExtendedSessionSecurity) > 0)
{
challengeMessage.NegotiateFlags |= NegotiateFlags.ExtendedSessionSecurity;
}
else if ((negotiateMessage.NegotiateFlags & NegotiateFlags.LanManagerSessionKey) > 0)
{
challengeMessage.NegotiateFlags |= NegotiateFlags.LanManagerSessionKey;
}
if ((negotiateMessage.NegotiateFlags & NegotiateFlags.Sign) > 0)
{
// [MS-NLMP] If the client sends NTLMSSP_NEGOTIATE_SIGN to the server in the NEGOTIATE_MESSAGE,
// the server MUST return NTLMSSP_NEGOTIATE_SIGN to the client in the CHALLENGE_MESSAGE.
challengeMessage.NegotiateFlags |= NegotiateFlags.Sign;
}
if ((negotiateMessage.NegotiateFlags & NegotiateFlags.Seal) > 0)
{
// [MS-NLMP] If the client sends NTLMSSP_NEGOTIATE_SEAL to the server in the NEGOTIATE_MESSAGE,
// the server MUST return NTLMSSP_NEGOTIATE_SEAL to the client in the CHALLENGE_MESSAGE.
challengeMessage.NegotiateFlags |= NegotiateFlags.Seal;
}
if ((negotiateMessage.NegotiateFlags & NegotiateFlags.Sign) > 0 ||
(negotiateMessage.NegotiateFlags & NegotiateFlags.Seal) > 0)
{
if ((negotiateMessage.NegotiateFlags & NegotiateFlags.Use56BitEncryption) > 0)
{
// [MS-NLMP] If the client sends NTLMSSP_NEGOTIATE_SEAL or NTLMSSP_NEGOTIATE_SIGN with
// NTLMSSP_NEGOTIATE_56 to the server in the NEGOTIATE_MESSAGE, the server MUST return
// NTLMSSP_NEGOTIATE_56 to the client in the CHALLENGE_MESSAGE.
challengeMessage.NegotiateFlags |= NegotiateFlags.Use56BitEncryption;
}
if ((negotiateMessage.NegotiateFlags & NegotiateFlags.Use128BitEncryption) > 0)
{
// [MS-NLMP] If the client sends NTLMSSP_NEGOTIATE_128 to the server in the NEGOTIATE_MESSAGE,
// the server MUST return NTLMSSP_NEGOTIATE_128 to the client in the CHALLENGE_MESSAGE only if
// the client sets NTLMSSP_NEGOTIATE_SEAL or NTLMSSP_NEGOTIATE_SIGN.
challengeMessage.NegotiateFlags |= NegotiateFlags.Use128BitEncryption;
}
}
if ((negotiateMessage.NegotiateFlags & NegotiateFlags.KeyExchange) > 0)
{
challengeMessage.NegotiateFlags |= NegotiateFlags.KeyExchange;
}
challengeMessage.TargetName = Environment.MachineName;
challengeMessage.ServerChallenge = serverChallenge;
challengeMessage.TargetInfo = AVPairUtils.GetAVPairSequence(Environment.MachineName, Environment.MachineName);
challengeMessage.Version = NTLMVersion.Server2003;
return(NTStatus.SEC_I_CONTINUE_NEEDED);
}
public abstract NTStatus GetChallengeMessage(out object context, NegotiateMessage negotiateMessage, out ChallengeMessage challengeMessage);
