/// <summary> /// initialize the target info, contains av pairs. /// </summary> /// <param name="targetInfoBytes">the bytes of target info that specified in the AV_PAIR collection</param> /// <returns>the initialized target info, av pairs collection</returns> private ICollection <AV_PAIR> InitializeTargetInfo( byte[] targetInfoBytes ) { ICollection <AV_PAIR> targetInfo = NlmpUtility.BytesGetAvPairCollection(targetInfoBytes); InitializeMsAvFlags(targetInfo); InitializeRestriction(targetInfo); return(targetInfo); }
/// <summary> /// retrieve the domain name from client. client encode the domain name in the authenticate packet. /// </summary> /// <param name="authenticatePacket">the authenticate packet contains the domain name</param> /// <returns>the authentication information of client</returns> private ClientAuthenticateInfomation RetrieveClientAuthenticateInformation( NlmpAuthenticatePacket authenticatePacket) { ClientAuthenticateInfomation authenticateInformation = new ClientAuthenticateInfomation(); // retrieve the version of client if (authenticatePacket.Payload.NtChallengeResponseFields.Len == NTLM_V1_NT_CHALLENGE_RESPONSE_LENGTH) { authenticateInformation.Version = NlmpVersion.v1; } else { authenticateInformation.Version = NlmpVersion.v2; } // retrieve the client challenge if (authenticateInformation.Version == NlmpVersion.v1) { authenticateInformation.ClientChallenge = BitConverter.ToUInt64(ArrayUtility.SubArray <byte>( authenticatePacket.Payload.LmChallengeResponse, 0, TIME_CLIENT_CHALLENGE_LENGTH), 0); } else { authenticateInformation.ClientChallenge = BitConverter.ToUInt64( ArrayUtility.SubArray <byte>(authenticatePacket.Payload.NtChallengeResponse, NTLM_V2_CLIENT_CHALLENGE_OFFSET_IN_NT_CHALLENGE_RESPONSE, TIME_CLIENT_CHALLENGE_LENGTH), 0); } // retrieve the domain name of client if (NlmpUtility.IsUnicode(authenticatePacket.Payload.NegotiateFlags)) { authenticateInformation.DomainName = Encoding.Unicode.GetString(authenticatePacket.Payload.DomainName); } else { authenticateInformation.DomainName = Encoding.ASCII.GetString(authenticatePacket.Payload.DomainName); } // retrieve the user name of client if (NlmpUtility.IsUnicode(authenticatePacket.Payload.NegotiateFlags)) { authenticateInformation.UserName = Encoding.Unicode.GetString(authenticatePacket.Payload.UserName); } else { authenticateInformation.UserName = Encoding.ASCII.GetString(authenticatePacket.Payload.UserName); } // retrieve the server name of client if (authenticateInformation.Version == NlmpVersion.v2) { authenticateInformation.ServerName = ArrayUtility.SubArray <byte>(authenticatePacket.Payload.NtChallengeResponse, NTLM_V2_SERVER_NAME_OFFSET_IN_NT_CHALLENGE_RESPONSE, authenticatePacket.Payload.NtChallengeResponseFields.Len - NTLM_V2_SERVER_NAME_OFFSET_IN_NT_CHALLENGE_RESPONSE - NTLM_V2_SERVER_NAME_RESERVED_LENGTH_IN_NT_CHALLENGE_RESPONSE); } // retrieve the time of client ICollection <AV_PAIR> targetInfo = NlmpUtility.BytesGetAvPairCollection(this.challenge.Payload.TargetInfo); // retrieve the time authenticateInformation.ClientTime = NlmpUtility.GetTime(targetInfo); // if server did not response the timestamp, use the client time stamp if (!NlmpUtility.AvPairContains(targetInfo, AV_PAIR_IDs.MsvAvTimestamp) && authenticateInformation.Version == NlmpVersion.v2) { authenticateInformation.ClientTime = BitConverter.ToUInt64( ArrayUtility.SubArray <byte>(authenticatePacket.Payload.NtChallengeResponse, NTLM_V2_TIME_STAMP_OFFSET_IN_NT_CHALLENGE_RESPONSE, TIME_STAMP_LENGTH), 0); } return(authenticateInformation); }