public bool IsPasswordEmpty(AuthenticateMessage message)
{
// Special case for anonymous authentication, see [MS-NLMP] 3.3.1 - NTLM v1 Authentication
if (message.LmChallengeResponse.Length == 1 || message.NtChallengeResponse.Length == 0)
{
return(true);
}
byte[] clientChallenge = ByteReader.ReadBytes(message.LmChallengeResponse, 0, 8);
byte[] emptyPasswordNTLMv1Response = NTAuthentication.ComputeNTLMv1ExtendedSecurityResponse(m_serverChallenge, clientChallenge, String.Empty);
if (ByteUtils.AreByteArraysEqual(emptyPasswordNTLMv1Response, message.NtChallengeResponse))
{
return(true);
}
if (message.NtChallengeResponse.Length > 24)
{
NTLMv2ClientChallengeStructure clientChallengeStructure = new NTLMv2ClientChallengeStructure(message.NtChallengeResponse, 16);
byte[] clientChallengeStructurePadded = clientChallengeStructure.GetBytesPadded();
byte[] emptyPasswordNTLMv2Response = NTAuthentication.ComputeNTLMv2Response(m_serverChallenge, clientChallengeStructurePadded, String.Empty, message.UserName, message.DomainName);
if (ByteUtils.AreByteArraysEqual(emptyPasswordNTLMv2Response, message.NtChallengeResponse))
{
return(true);
}
}
return(false);
}
/// <summary>
/// LM v1 / NTLM v1 Extended Security
/// </summary>
public User AuthenticateV1Extended(string accountNameToAuth, byte[] serverChallenge, byte[] lmResponse, byte[] ntlmResponse)
{
for (int index = 0; index < this.Count; index++)
{
string accountName = this[index].AccountName;
string password = this[index].Password;
if (String.Equals(accountName, accountNameToAuth, StringComparison.InvariantCultureIgnoreCase))
{
byte[] clientChallenge = ByteReader.ReadBytes(lmResponse, 0, 8);
byte[] expectedNTLMv1Response = NTAuthentication.ComputeNTLMv1ExtendedSecurityResponse(serverChallenge, clientChallenge, password);
if (ByteUtils.AreByteArraysEqual(expectedNTLMv1Response, ntlmResponse))
{
return(this[index]);
}
}
}
return(null);
}