public static byte[] SEALKEY(NtlmFlags flags, byte[] exportedSessionKey, bool client = true) { if ((flags & NtlmFlags.NegotiateExtendedSessionSecurity) != 0) { byte[] subkey; if ((flags & NtlmFlags.Negotiate128) != 0) { subkey = exportedSessionKey; } else if ((flags & NtlmFlags.Negotiate56) != 0) { subkey = new byte[7]; Buffer.BlockCopy(exportedSessionKey, 0, subkey, 0, subkey.Length); } else { subkey = new byte[5]; Buffer.BlockCopy(exportedSessionKey, 0, subkey, 0, subkey.Length); } var magic = client ? ClientSealMagic : ServerSealMagic; var sealKey = MD5(ConcatenationOf(subkey, magic)); if (subkey != exportedSessionKey) { Array.Clear(subkey, 0, subkey.Length); } return(sealKey); } else if ((flags & NtlmFlags.NegotiateLanManagerKey) != 0) { byte[] suffix; int length; if ((flags & NtlmFlags.Negotiate56) != 0) { suffix = SealKeySuffix56; length = 7; } else { suffix = SealKeySuffix40; length = 5; } var sealKey = new byte[length + suffix.Length]; Buffer.BlockCopy(exportedSessionKey, 0, sealKey, 0, length); Buffer.BlockCopy(suffix, 0, sealKey, length, suffix.Length); return(sealKey); } else { return(exportedSessionKey); } }
public static byte[] SIGNKEY(NtlmFlags flags, byte[] exportedSessionKey, bool client = true) { if ((flags & NtlmFlags.NegotiateExtendedSessionSecurity) != 0) { var magic = client ? ClientSignMagic : ServerSignMagic; return(MD5(ConcatenationOf(exportedSessionKey, magic))); } else { return(null); } }
public void TestNtlmAuthWithDomain() { const NtlmFlags initialFlags = NtlmFlags.NegotiateUnicode | NtlmFlags.NegotiateOem | NtlmFlags.NegotiateNtlm | NtlmFlags.NegotiateNtlm2Key | NtlmFlags.RequestTarget | NtlmFlags.NegotiateDomainSupplied; var credentials = new NetworkCredential("domain\\username", "password"); var uri = new Uri("imap://imap.gmail.com"); var sasl = new SaslMechanismNtlm(uri, credentials); string challenge; byte[] decoded; challenge = sasl.Challenge(string.Empty); decoded = Convert.FromBase64String(challenge); var type1 = new Type1Message(decoded, 0, decoded.Length); Assert.AreEqual(initialFlags, type1.Flags, "Expected initial NTLM client challenge flags do not match."); Assert.AreEqual("DOMAIN", type1.Domain, "Expected initial NTLM client challenge domain does not match."); Assert.AreEqual(string.Empty, type1.Host, "Expected initial NTLM client challenge host does not match."); Assert.IsFalse(sasl.IsAuthenticated, "NTLM should not be authenticated."); }
public NtlmNegotiateMessage(NtlmFlags flags, string domain, string workstation, Version osVersion = null) : base(1) { Flags = flags & ~(NtlmFlags.NegotiateDomainSupplied | NtlmFlags.NegotiateWorkstationSupplied | NtlmFlags.NegotiateVersion); // Note: If the NTLMSSP_NEGOTIATE_VERSION flag is set by the client application, the Version field // MUST be set to the current version (section 2.2.2.10), the DomainName field MUST be set to // a zero-length string, and the Workstation field MUST be set to a zero-length string. if (osVersion != null) { Flags |= NtlmFlags.NegotiateVersion; Workstation = string.Empty; Domain = string.Empty; OSVersion = osVersion; } else { if (!string.IsNullOrEmpty(workstation)) { Flags |= NtlmFlags.NegotiateWorkstationSupplied; Workstation = workstation.ToUpperInvariant(); } else { Workstation = string.Empty; } if (!string.IsNullOrEmpty(domain)) { Flags |= NtlmFlags.NegotiateDomainSupplied; Domain = domain.ToUpperInvariant(); } else { Domain = string.Empty; } } }
public NtlmChallengeMessage(NtlmFlags flags, Version osVersion = null) : base(2) { serverChallenge = NtlmUtils.NONCE(8); OSVersion = osVersion; Flags = flags; }