static MessageBase GetChallengeResponse(string userName, string password, string domain, byte[] token, int startIndex, int length) { var type2 = new Type2Message(token, startIndex, length); var type3 = new Type3Message(type2, userName, string.Empty); type3.Password = password; type3.Domain = domain; return(type3); }
public void TestNtlmType3MessageEncode() { const string expected = "TlRMTVNTUAADAAAAGAAYAGoAAAAYABgAggAAAAwADABAAAAACAAIAEwAAAAWABYAVAAAAAAAAACaAAAAAQIAAEQATwBNAEEASQBOAHUAcwBlAHIAVwBPAFIASwBTAFQAQQBUAEkATwBOAJje97h/iKpdr+Lfd5aIoXLe8Rx9XM3vE91UKLAehvTfyr6sOUlG29Q+6I95TdYyVQ=="; const string challenge2 = "TlRMTVNTUAACAAAADAAMADAAAAABAoEAASNFZ4mrze8AAAAAAAAAAGIAYgA8AAAARABPAE0AQQBJAE4AAgAMAEQATwBNAEEASQBOAAEADABTAEUAUgBWAEUAUgAEABQAZABvAG0AYQBpAG4ALgBjAG8AbQADACIAcwBlAHIAdgBlAHIALgBkAG8AbQBhAGkAbgAuAGMAbwBtAAAAAAA="; var token = Convert.FromBase64String(challenge2); var type2 = new Type2Message(token, 0, token.Length); var type3 = new Type3Message(type2, null, NtlmAuthLevel.LM_and_NTLM, "user", "password", "WORKSTATION"); var actual = Convert.ToBase64String(type3.Encode()); Assert.AreEqual(expected, actual, "The encoded Type3Message did not match the expected result."); }
public void SerializeType3Message() { Type2Message m2 = Type2Message.Deserialize(type2MessageVersion3); // Compute the challenge response Type3Message msg = new Type3Message("Testuser", "Testpassword", m2.Challenge, "MyWorkstation"); byte[] serialized = msg.Serialize(); Assert.IsTrue(type3Message.SequenceEqual(serialized)); }
/// <summary> /// Computes the actual challenge response to an NTLM challenge /// which is sent as part of an NTLM type 2 message. /// </summary> /// <param name="challenge">The challenge sent by the server.</param> /// <returns>The response to the NTLM challenge.</returns> /// <exception cref="SaslException">Thrown if the challenge /// response could not be computed.</exception> protected byte[] ComputeChallengeResponse(byte[] challenge) { try { Type2Message msg = Type2Message.Deserialize(challenge); byte[] data = new Type3Message(Username, Password, msg.Challenge, "Workstation").Serialize(); return(data); } catch (Exception e) { throw new SaslException("The challenge response could not be " + "computed.", e); } }
/// <summary> /// Computes the actual challenge response to an NTLM challenge /// which is sent as part of an NTLM type 2 message. /// </summary> /// <param name="challenge">The challenge sent by the server.</param> /// <returns>The response to the NTLM challenge.</returns> /// <exception cref="SaslException">Thrown if the challenge /// response could not be computed.</exception> protected new byte[] ComputeChallengeResponse(byte[] challenge) { try { Type2Message msg = Type2Message.Deserialize(challenge); // This creates an NTLMv2 challenge response. byte[] data = new Type3Message(Username, Password, msg.Challenge, Username, true, msg.TargetName, msg.RawTargetInformation).Serialize(); return(data); } catch (Exception e) { throw new SaslException("The challenge response could not be " + "computed.", e); } }
/// <summary> /// Computes the actual challenge response to an NTLM challenge /// which is sent as part of an NTLM type 2 message. /// </summary> /// <param name="challenge">The challenge sent by the server.</param> /// <returns>The response to the NTLM challenge.</returns> /// <exception cref="SaslException">Thrown if the challenge /// response could not be computed.</exception> protected new byte[] ComputeChallengeResponse(byte[] challenge) { try { Type2Message msg = Type2Message.Deserialize(challenge); // This creates an NTLMv2 challenge response. var type3Message = new Type3Message(Credential, msg.Challenge, Credential.UserName, _additionalFlags, true, msg.TargetName, msg.RawTargetInformation); SessionKey = type3Message.SessionKey; return(type3Message.Serialize()); } catch (Exception e) { throw new SaslException("The challenge response could not be " + "computed.", e); } }
public byte [] ProcessMessageType2() { byte [] bytes = new byte [8]; RandomNumberGenerator.Create().GetNonZeroBytes(bytes); Challenge = bytes [0] << 24 + bytes [1] << 16 + bytes [2] << 8 + bytes [3]; Context = 0; // FIXME ServerOSVersion = 0x0F00000A28010500; // FIXME TargetName = Environment.MachineName; ServerName = Environment.MachineName; // FIXME DomainName = ServerName; // IPGlobalProperties.GetIPGlobalProperties ().DomainName; DnsHostName = Dns.GetHostName(); DnsDomainName = DnsHostName; // FIXME type2 = new Type2Message(NtlmVersion.Version3); type2.Flags = (NtlmFlags)(unchecked ((int)0xE21882B7)); type2.TargetName = TargetName; type2.Target.ServerName = ServerName; type2.Target.DomainName = DomainName; type2.Target.DnsHostName = DnsHostName; type2.Target.DnsDomainName = DnsDomainName; return(type2.GetBytes()); }
public void DeserializeType2Version3Message() { Type2Message msg = Type2Message.Deserialize(type2MessageVersion3); byte[] expectedChallenge = new byte[] { 0xA6, 0xBC, 0xAF, 0x32, 0xA5, 0x51, 0x36, 0x65 }; Assert.AreEqual <Type2Version>(Type2Version.Version3, msg.Version); Assert.AreEqual <int>(42009093, (int)msg.Flags); Assert.IsTrue(expectedChallenge.SequenceEqual(msg.Challenge)); Assert.AreEqual <long>(0, msg.Context); Assert.AreEqual <string>("LOCALHOST", msg.TargetName); Assert.AreEqual <string>("LOCALHOST", msg.TargetInformation.DomainName); Assert.AreEqual <string>("VMWARE-5T5GC9PU", msg.TargetInformation.ServerName); Assert.AreEqual <string>("localhost", msg.TargetInformation.DnsDomainName); Assert.AreEqual <string>("vmware-5t5gc9pu.localhost", msg.TargetInformation.DnsHostname); Assert.AreEqual <short>(3790, msg.OSVersion.BuildNumber); Assert.AreEqual <short>(5, msg.OSVersion.MajorVersion); Assert.AreEqual <short>(2, msg.OSVersion.MinorVersion); }
public Authorization Authenticate(string challenge, WebRequest webRequest, ICredentials credentials) { HttpWebRequest request = webRequest as HttpWebRequest; if (request == null) { return(null); } NetworkCredential cred = credentials.GetCredential(request.RequestUri, "NTLM"); if (cred == null) { return(null); } string userName = cred.UserName; string domain = cred.Domain; string password = cred.Password; if (userName == null || userName == "") { return(null); } domain = domain != null && domain.Length > 0 ? domain : request.Headers ["Host"]; bool completed = false; if (message == null) { Type1Message type1 = new Type1Message(); type1.Domain = domain; message = type1; } else if (message.Type == 1) { // Should I check the credentials? if (challenge == null) { message = null; return(null); } Type2Message type2 = new Type2Message(Convert.FromBase64String(challenge)); if (password == null) { password = ""; } Type3Message type3 = new Type3Message(); type3.Domain = domain; type3.Username = userName; type3.Challenge = type2.Nonce; type3.Password = password; message = type3; completed = true; } else { // Should I check the credentials? // type must be 3 here if (challenge == null || challenge == String.Empty) { Type1Message type1 = new Type1Message(); type1.Domain = domain; message = type1; } else { completed = true; } } string token = "NTLM " + Convert.ToBase64String(message.GetBytes()); return(new Authorization(token, completed)); }
/// <exception cref="SharpCifs.Smb.SmbException"></exception> public virtual byte[] InitSecContext(byte[] token, int offset, int len) { switch (State) { case 1: { Type1Message msg1 = new Type1Message(NtlmsspFlags, Auth.GetDomain(), Workstation); token = msg1.ToByteArray(); if (Log.Level >= 4) { Log.WriteLine(msg1); if (Log.Level >= 6) { Hexdump.ToHexdump(Log, token, 0, token.Length); } } State++; break; } case 2: { try { Type2Message msg2 = new Type2Message(token); if (Log.Level >= 4) { Log.WriteLine(msg2); if (Log.Level >= 6) { Hexdump.ToHexdump(Log, token, 0, token.Length); } } ServerChallenge = msg2.GetChallenge(); NtlmsspFlags &= msg2.GetFlags(); //netbiosName = getNtlmsspListItem(token, 0x0001); Type3Message msg3 = new Type3Message(msg2, Auth.GetPassword(), Auth.GetDomain(), Auth.GetUsername(), Workstation, NtlmsspFlags); token = msg3.ToByteArray(); if (Log.Level >= 4) { Log.WriteLine(msg3); if (Log.Level >= 6) { Hexdump.ToHexdump(Log, token, 0, token.Length); } } if ((NtlmsspFlags & NtlmFlags.NtlmsspNegotiateSign) != 0) { SigningKey = msg3.GetMasterKey(); } isEstablished = true; State++; break; } catch (Exception e) { throw new SmbException(e.Message, e); } } default: { throw new SmbException("Invalid state"); } } return token; }
public Authorization Authenticate(string challenge, WebRequest webRequest, ICredentials credentials) { HttpWebRequest request = webRequest as HttpWebRequest; if (request == null) { return(null); } NetworkCredential cred = credentials.GetCredential(request.RequestUri, "NTLM"); if (cred == null) { return(null); } string userName = cred.UserName; string domain = cred.Domain; string password = cred.Password; if (userName == null || userName == "") { return(null); } if (String.IsNullOrEmpty(domain)) { int idx = userName.IndexOf('\\'); if (idx == -1) { idx = userName.IndexOf('/'); } if (idx >= 0) { domain = userName.Substring(0, idx); userName = userName.Substring(idx + 1); } } bool completed = false; if (message == null) { Type1Message type1 = new Type1Message(); type1.Domain = domain; type1.Host = ""; // MS does not send it type1.Flags |= NtlmFlags.NegotiateNtlm2Key; message = type1; } else if (message.Type == 1) { // Should I check the credentials? if (challenge == null) { message = null; return(null); } Type2Message type2 = new Type2Message(Convert.FromBase64String(challenge)); if (password == null) { password = ""; } Type3Message type3 = new Type3Message(type2); type3.Username = userName; type3.Password = password; message = type3; completed = true; } else { // Should I check the credentials? // type must be 3 here if (challenge == null || challenge == String.Empty) { Type1Message type1 = new Type1Message(); type1.Domain = domain; type1.Host = ""; // MS does not send it message = type1; } else { completed = true; } } string token = "NTLM " + Convert.ToBase64String(message.GetBytes()); return(new Authorization(token, completed)); }
public HttpResponse HandleAuthentication(HttpRequest request, string authHeader) { if (AuthenticationType == AuthenticationType.ForceNone) { // Must not contain any auth header if (authHeader == null) { return(null); } return(OnError("Must not contain any auth header.")); } if (authHeader == null) { haveChallenge = false; return(OnUnauthenticated(request, AuthenticationType.ToString(), AuthenticationType == AuthenticationType.NTLM)); } int pos = authHeader.IndexOf(' '); var mode = authHeader.Substring(0, pos); var arg = authHeader.Substring(pos + 1); if (!mode.Equals(AuthenticationType.ToString())) { return(OnError("Invalid authentication scheme: {0}", mode)); } if (mode.Equals("Basic")) { if (arg.Equals("eGFtYXJpbjptb25rZXk=")) { return(null); } return(OnError("Invalid Basic Authentication header")); } else if (!mode.Equals("NTLM")) { return(OnError("Invalid authentication scheme: {0}", mode)); } var bytes = Convert.FromBase64String(arg); if (haveChallenge) { // FIXME: We don't actually check the result. var message = new Type3Message(bytes); if (message.Type != 3) { throw new InvalidOperationException(); } return(null); } else { var message = new Type1Message(bytes); if (message.Type != 1) { throw new InvalidOperationException(); } var type2 = new Type2Message(); var token = "NTLM " + Convert.ToBase64String(type2.GetBytes()); haveChallenge = true; return(OnUnauthenticated(request, token, false)); } }
public void ProcessMessageType2(byte [] raw) { type2 = new Type2Message(raw); }
public void Nonce_InvalidLength() { Type2Message msg = new Type2Message(); msg.Nonce = new byte [9]; }
public void Nonce_Null() { Type2Message msg = new Type2Message(); msg.Nonce = null; }
MessageBase GetChallengeResponse(string userName, string password, byte[] token, int startIndex, int length) { var type2 = new Type2Message(token, startIndex, length); return(new Type3Message(type2, OSVersion, Level, userName, password, Workstation)); }
public Authorization Authenticate (string challenge, WebRequest webRequest, ICredentials credentials) { HttpWebRequest request = webRequest as HttpWebRequest; if (request == null) return null; NetworkCredential cred = credentials.GetCredential (request.RequestUri, "NTLM"); if (cred == null) return null; string userName = cred.UserName; string domain = cred.Domain; string password = cred.Password; if (userName == null || userName == "") return null; if (String.IsNullOrEmpty (domain)) { int idx = userName.IndexOf ('\\'); if (idx == -1) { idx = userName.IndexOf ('/'); } if (idx >= 0) { domain = userName.Substring (0, idx); userName = userName.Substring (idx + 1); } } bool completed = false; if (message == null) { Type1Message type1 = new Type1Message (); type1.Domain = domain; type1.Host = ""; // MS does not send it type1.Flags |= NtlmFlags.NegotiateNtlm2Key; message = type1; } else if (message.Type == 1) { // Should I check the credentials? if (challenge == null) { message = null; return null; } Type2Message type2 = new Type2Message (Convert.FromBase64String (challenge)); if (password == null) password = ""; Type3Message type3 = new Type3Message (type2); type3.Username = userName; type3.Password = password; type3.Domain = domain; message = type3; completed = true; } else { // Should I check the credentials? // type must be 3 here if (challenge == null || challenge == String.Empty) { Type1Message type1 = new Type1Message (); type1.Domain = domain; type1.Host = ""; // MS does not send it message = type1; } else { completed = true; } } string token = "NTLM " + Convert.ToBase64String (message.GetBytes ()); return new Authorization (token, completed); }