/// <summary>
        /// create a challenge packet. This packet contains CHALLENGE_MESSAGE. The CHALLENGE_MESSAGE defines an NTLM
        /// challenge message that is sent from the server to the client. The CHALLENGE_MESSAGE is used by the server
        /// to challenge the client to prove its identity.
        /// </summary>
        /// <param name="negotiateFlags">The client sets flags to indicate options it supports.</param>
        /// <param name="version">
        /// This structure is used for debugging purposes only. In normal (non-debugging) protocol messages, it is
        /// ignored and does not affect the NTLM message processing.
        /// </param>
        /// <param name="serverChallenge">contains the NTLM challenge. The challenge is a 64-bit nonce.</param>
        /// <param name="targetName">
        /// TargetName contains the name of the server authentication realm, and MUST be expressed in the negotiated
        /// character set. A server that is a member of a domain returns the domain of which it is a member, and a
        /// server that is not a member of a domain returns the server name. This param can be null.
        /// </param>
        /// <param name="targetInfo">
        /// TargetInfo contains a sequence of AV_PAIR structures.This param can be null.
        /// </param>
        /// <returns>the NlmpChallengePacket</returns>
        /// <noException></noException>
        public NlmpChallengePacket CreateChallengePacket(
            NegotiateTypes negotiateFlags,
            VERSION version,
            ulong serverChallenge,
            string targetName,
            ICollection <AV_PAIR> targetInfo
            )
        {
            NlmpChallengePacket packet = new NlmpChallengePacket();

            packet.SetNegotiateFlags(negotiateFlags);

            if (NlmpUtility.IsVersionRequired(negotiateFlags))
            {
                packet.SetVersion(version);
            }

            packet.SetServerChallenge(serverChallenge);

            if (NlmpUtility.IsDomainType(negotiateFlags) || NlmpUtility.IsServerType(negotiateFlags))
            {
                packet.SetTargetName(targetName);
            }

            // generate bytes of targetinfo
            byte[] targetInfoBytes = NlmpUtility.AvPairCollectionGetBytes(targetInfo);

            // initialize targetinfofield
            packet.SetTargetInfo(targetInfoBytes);

            return(packet);
        }
Exemple #2
0
 /// <summary>
 /// set the version
 /// </summary>
 /// <param name="version">the new version</param>
 /// <exception cref="ArgumentException">Reserved of VERSION must be 0!</exception>
 public override void SetVersion(
     VERSION version
     )
 {
     if (version.Reserved.Reserved1 != 0 || version.Reserved.Reserved2 != 0 || version.Reserved.Reserved3 != 0)
     {
         throw new ArgumentException("Reserved of VERSION must be 0!", "version");
     }
 }
Exemple #3
0
        /// <summary>
        /// get the security token
        /// </summary>
        /// <returns>the security token</returns>
        private byte[] GetSecurityToken(string workstationName)
        {
            if (this.client == null)
            {
                throw new InvalidOperationException("The client is null! You must initialize this field first!");
            }

            // get current version
            VERSION version = NlmpUtility.GetVersion();

            NlmpNegotiatePacket packet = this.client.CreateNegotiatePacket(
                this.Context.ClientConfigFlags, version, this.currentActiveCredential.DomainName,
                workstationName);

            this.negotiate = packet;

            return(packet.ToBytes());
        }
Exemple #4
0
        /// <summary>
        /// accept the negotiate packet, generated the challenge packet.
        /// </summary>
        /// <param name="negotiatePacket">the negotiate packet</param>
        private void AcceptNegotiatePacket(NlmpNegotiatePacket negotiatePacket)
        {
            // save the negotiate, to valid the mic when authenticate.
            this.negotiate = negotiatePacket;

            // generated negotiate flags for challenge packet
            NegotiateTypes negotiateFlags = GeneratedNegotiateFlags(negotiatePacket);

            // initialize target name
            string targetName = GenerateTargetName();

            // initialize av pairs.
            ICollection <AV_PAIR> targetInfo = GenerateTargetInfo();

            VERSION sspiVersion = NlmpUtility.GetVersion();
            // the serverChallenge is 8 bytes.
            ulong serverChallenge = BitConverter.ToUInt64(NlmpUtility.Nonce(8), 0);

            NlmpChallengePacket challengePacket = this.nlmpServer.CreateChallengePacket(
                negotiateFlags, sspiVersion, serverChallenge, targetName, targetInfo);

            this.challenge = challengePacket;
            this.token     = challengePacket.ToBytes();
        }
        /// <summary>
        /// this function create an authenticate packet.
        /// after client received the challenge packet from server, client create an authenticate packet to server.
        /// the authenticate packet contains the authentication information of user that is generated by the credential
        /// of user.
        /// this function does not set the mic field of packet. it must be set manually if need.
        /// </summary>
        /// <param name="negotiateFlags">this flags indicates the capabilities that client supports.</param>
        /// <param name="version">
        /// This structure is used for debugging purposes only. In normal (non-debugging) protocol messages, it is
        /// ignored and does not affect the NTLM message processing.
        /// </param>
        /// <param name="lmChallengeResponse">
        /// An LM_RESPONSE or LMv2_RESPONSE structure that contains the computed LM response to the challenge. If
        /// NTLM v2 authentication is configured, LmChallengeResponse MUST be an LMv2_RESPONSE structure. Otherwise,
        /// it MUST be an LM_RESPONSE structure.
        /// </param>
        /// <param name="ntChallengeResponse">
        /// An NTLM_RESPONSE or NTLMv2_RESPONSE structure that contains the computed NT response to the challenge.
        /// If NTLM v2 authentication is configured, NtChallengeResponse MUST be an NTLMv2_RESPONSE. Otherwise, it
        /// MUST be an NTLM_RESPONSE structure.
        /// </param>
        /// <param name="domainName">
        /// The domain or computer name hosting the user account. DomainName MUST be encoded in the negotiated
        /// character set. This param can not be null.
        /// </param>
        /// <param name="userName">
        /// The name of the user to be authenticated. UserName MUST be encoded in the negotiated character set. This
        /// param can not be null.
        /// </param>
        /// <param name="workstation">
        /// The name of the computer to which the user is logged on. Workstation MUST be encoded in the negotiated
        /// character set. This param can not be null.
        /// </param>
        /// <param name="encryptedRandomSessionKey">
        /// The client's encrypted random session key. This param can be null.
        /// </param>
        /// <returns>the authenticate packet</returns>
        /// <exception cref="System.ArgumentNullException">
        /// when LM is using, the ntChallengeResponse should be null!
        /// </exception>
        public NlmpAuthenticatePacket CreateAuthenticatePacket(
            NegotiateTypes negotiateFlags,
            VERSION version,
            byte[] lmChallengeResponse,
            byte[] ntChallengeResponse,
            string domainName,
            string userName,
            string workstation,
            byte[] encryptedRandomSessionKey
            )
        {
            #region Parameter check

            if (domainName == null)
            {
                throw new ArgumentNullException("domainName");
            }

            if (userName == null)
            {
                throw new ArgumentNullException("userName");
            }

            if (workstation == null)
            {
                throw new ArgumentNullException("workstation");
            }

            if (NlmpUtility.IsLm(negotiateFlags) && ntChallengeResponse != null)
            {
                throw new ArgumentException(
                          "when LM is using, the ntChallengeResponse should be null!", "ntChallengeResponse");
            }

            #endregion

            NlmpAuthenticatePacket packet = new NlmpAuthenticatePacket();

            // update flags
            packet.SetNegotiateFlags(negotiateFlags);

            // if version required, update version
            if (NlmpUtility.IsVersionRequired(negotiateFlags))
            {
                packet.SetVersion(version);
            }

            // update domain name
            packet.SetDomainName(domainName);

            // update user name
            packet.SetUserName(userName);

            // if version required, update workstation
            if (NlmpUtility.IsVersionRequired(negotiateFlags))
            {
                packet.SetWorkstation(workstation);
            }

            // update lmChallengeResponse
            packet.SetLmChallengeResponse(lmChallengeResponse);

            // update ntChallengeResponse
            packet.SetNtChallengeResponse(ntChallengeResponse);

            // update encryptedRandomSessionKey
            packet.SetEncryptedRandomSessionKey(encryptedRandomSessionKey);

            return(packet);
        }
        /// <summary>
        /// this function create a negotiate packet.
        /// client send the negotiate packet to server to indicate the supported capabilities.
        /// in connection-oriented mode, this is the first packet that client send to server.
        /// </summary>
        /// <param name="negotiateFlags">this flags indicates the capabilities that client supports.</param>
        /// <param name="version">
        /// This structure is used for debugging purposes only. In normal (non-debugging) protocol messages, it is
        /// ignored and does not affect the NTLM message processing.
        /// </param>
        /// <param name="domainName">
        /// DomainName contains the name of the client authentication domain that MUST be encoded using the OEM
        /// character set. This param can not be null.
        /// </param>
        /// <param name="workstationName">
        /// WorkstationName contains the name of the client machine that MUST be encoded using the OEM character
        /// set. Otherwise, this data is not present. This param can not be null.
        /// </param>
        /// <returns>the negotiate packet</returns>
        /// <exception cref="ArgumentNullException">domainName must not be null</exception>
        /// <exception cref="ArgumentNullException">workstationName must not be null</exception>
        /// <exception cref="ArgumentException">
        /// when version is required, the domainName and workstationName must be string.Empty
        /// </exception>
        public NlmpNegotiatePacket CreateNegotiatePacket(
            NegotiateTypes negotiateFlags,
            VERSION version,
            string domainName,
            string workstationName
            )
        {
            #region Parameter validation

            if (NlmpUtility.IsConnectionless(negotiateFlags))
            {
                throw new NotSupportedException("NEGOTIATE message is not supported under Connectionless mode.");
            }

            if (NlmpUtility.IsDomainNameSupplied(negotiateFlags) && (domainName == null))
            {
                throw new ArgumentNullException("domainName");
            }

            if (NlmpUtility.IsWorkstationSupplied(negotiateFlags) && (workstationName == null))
            {
                throw new ArgumentNullException("workstationName");
            }

            if (NlmpUtility.IsVersionRequired(negotiateFlags))
            {
                if (domainName.Length != 0)
                {
                    throw new ArgumentException(
                              "when version is required, the domainName should be string.Empty!", "domainName");
                }

                if (workstationName.Length != 0)
                {
                    throw new ArgumentException(
                              "when version is required, the workstationName should be string.Empty!", "workstationName");
                }
            }
            else
            {
                if (NlmpUtility.IsDomainNameSupplied(negotiateFlags) && domainName.Length == 0)
                {
                    throw new ArgumentException(
                              "when version is not required, the domainName should not be string.Empty!", "domainName");
                }

                if (NlmpUtility.IsWorkstationSupplied(negotiateFlags) && workstationName.Length == 0)
                {
                    throw new ArgumentException(
                              "when version is not required, the workstationName should not be string.Empty!",
                              "workstationName");
                }
            }

            #endregion

            NlmpNegotiatePacket packet = new NlmpNegotiatePacket();

            packet.SetNegotiateFlags(negotiateFlags);

            if (NlmpUtility.IsVersionRequired(negotiateFlags))
            {
                packet.SetVersion(version);
            }

            if (NlmpUtility.IsDomainNameSupplied(negotiateFlags))
            {
                packet.SetDomainName(domainName);
            }

            if (NlmpUtility.IsWorkstationSupplied(negotiateFlags))
            {
                packet.SetWorkstationName(workstationName);
            }

            return(packet);
        }
 /// <summary>
 /// set the version
 /// </summary>
 /// <param name="version">the new version</param>
 public abstract void SetVersion(
     VERSION version
     );
 /// <summary>
 /// set the version
 /// </summary>
 /// <param name="version">the new version</param>
 public override void SetVersion(
     VERSION version
     )
 {
     payload.Version = version;
 }