static MessageBase GetChallengeResponse(string userName, string password, string domain, byte[] token, int startIndex, int length)
{
var type2 = new Type2Message(token, startIndex, length);
var type3 = new Type3Message(type2, userName, string.Empty);
type3.Password = password;
type3.Domain = domain;
return(type3);
}
public void TestNtlmType3MessageEncode()
{
const string expected = "TlRMTVNTUAADAAAAGAAYAGoAAAAYABgAggAAAAwADABAAAAACAAIAEwAAAAWABYAVAAAAAAAAACaAAAAAQIAAEQATwBNAEEASQBOAHUAcwBlAHIAVwBPAFIASwBTAFQAQQBUAEkATwBOAJje97h/iKpdr+Lfd5aIoXLe8Rx9XM3vE91UKLAehvTfyr6sOUlG29Q+6I95TdYyVQ==";
const string challenge2 = "TlRMTVNTUAACAAAADAAMADAAAAABAoEAASNFZ4mrze8AAAAAAAAAAGIAYgA8AAAARABPAE0AQQBJAE4AAgAMAEQATwBNAEEASQBOAAEADABTAEUAUgBWAEUAUgAEABQAZABvAG0AYQBpAG4ALgBjAG8AbQADACIAcwBlAHIAdgBlAHIALgBkAG8AbQBhAGkAbgAuAGMAbwBtAAAAAAA=";
var token = Convert.FromBase64String(challenge2);
var type2 = new Type2Message(token, 0, token.Length);
var type3 = new Type3Message(type2, null, NtlmAuthLevel.LM_and_NTLM, "user", "password", "WORKSTATION");
var actual = Convert.ToBase64String(type3.Encode());
Assert.AreEqual(expected, actual, "The encoded Type3Message did not match the expected result.");
}
public void SerializeType3Message()
{
Type2Message m2 = Type2Message.Deserialize(type2MessageVersion3);
// Compute the challenge response
Type3Message msg = new Type3Message("Testuser", "Testpassword",
m2.Challenge, "MyWorkstation");
byte[] serialized = msg.Serialize();
Assert.IsTrue(type3Message.SequenceEqual(serialized));
}
/// <summary>
/// Computes the actual challenge response to an NTLM challenge
/// which is sent as part of an NTLM type 2 message.
/// </summary>
/// <param name="challenge">The challenge sent by the server.</param>
/// <returns>The response to the NTLM challenge.</returns>
/// <exception cref="SaslException">Thrown if the challenge
/// response could not be computed.</exception>
protected byte[] ComputeChallengeResponse(byte[] challenge)
{
try {
Type2Message msg = Type2Message.Deserialize(challenge);
byte[] data = new Type3Message(Username, Password, msg.Challenge,
"Workstation").Serialize();
return(data);
} catch (Exception e) {
throw new SaslException("The challenge response could not be " +
"computed.", e);
}
}
/// <summary>
/// Computes the actual challenge response to an NTLM challenge
/// which is sent as part of an NTLM type 2 message.
/// </summary>
/// <param name="challenge">The challenge sent by the server.</param>
/// <returns>The response to the NTLM challenge.</returns>
/// <exception cref="SaslException">Thrown if the challenge
/// response could not be computed.</exception>
protected new byte[] ComputeChallengeResponse(byte[] challenge)
{
try {
Type2Message msg = Type2Message.Deserialize(challenge);
// This creates an NTLMv2 challenge response.
byte[] data = new Type3Message(Username, Password, msg.Challenge,
Username, true, msg.TargetName,
msg.RawTargetInformation).Serialize();
return(data);
} catch (Exception e) {
throw new SaslException("The challenge response could not be " +
"computed.", e);
}
}
/// <summary>
/// Computes the actual challenge response to an NTLM challenge
/// which is sent as part of an NTLM type 2 message.
/// </summary>
/// <param name="challenge">The challenge sent by the server.</param>
/// <returns>The response to the NTLM challenge.</returns>
/// <exception cref="SaslException">Thrown if the challenge
/// response could not be computed.</exception>
protected new byte[] ComputeChallengeResponse(byte[] challenge)
{
try {
Type2Message msg = Type2Message.Deserialize(challenge);
// This creates an NTLMv2 challenge response.
var type3Message = new Type3Message(Credential, msg.Challenge,
Credential.UserName, _additionalFlags, true, msg.TargetName,
msg.RawTargetInformation);
SessionKey = type3Message.SessionKey;
return(type3Message.Serialize());
} catch (Exception e) {
throw new SaslException("The challenge response could not be " +
"computed.", e);
}
}
public byte [] ProcessMessageType2()
{
byte [] bytes = new byte [8];
RandomNumberGenerator.Create().GetNonZeroBytes(bytes);
Challenge = bytes [0] << 24 + bytes [1] << 16 + bytes [2] << 8 + bytes [3];
Context = 0; // FIXME
ServerOSVersion = 0x0F00000A28010500; // FIXME
TargetName = Environment.MachineName;
ServerName = Environment.MachineName;
// FIXME
DomainName = ServerName; // IPGlobalProperties.GetIPGlobalProperties ().DomainName;
DnsHostName = Dns.GetHostName();
DnsDomainName = DnsHostName; // FIXME
type2 = new Type2Message(NtlmVersion.Version3);
type2.Flags = (NtlmFlags)(unchecked ((int)0xE21882B7));
type2.TargetName = TargetName;
type2.Target.ServerName = ServerName;
type2.Target.DomainName = DomainName;
type2.Target.DnsHostName = DnsHostName;
type2.Target.DnsDomainName = DnsDomainName;
return(type2.GetBytes());
}
public void DeserializeType2Version3Message()
{
Type2Message msg = Type2Message.Deserialize(type2MessageVersion3);
byte[] expectedChallenge = new byte[] {
0xA6, 0xBC, 0xAF, 0x32, 0xA5, 0x51, 0x36, 0x65
};
Assert.AreEqual <Type2Version>(Type2Version.Version3, msg.Version);
Assert.AreEqual <int>(42009093, (int)msg.Flags);
Assert.IsTrue(expectedChallenge.SequenceEqual(msg.Challenge));
Assert.AreEqual <long>(0, msg.Context);
Assert.AreEqual <string>("LOCALHOST", msg.TargetName);
Assert.AreEqual <string>("LOCALHOST",
msg.TargetInformation.DomainName);
Assert.AreEqual <string>("VMWARE-5T5GC9PU",
msg.TargetInformation.ServerName);
Assert.AreEqual <string>("localhost",
msg.TargetInformation.DnsDomainName);
Assert.AreEqual <string>("vmware-5t5gc9pu.localhost",
msg.TargetInformation.DnsHostname);
Assert.AreEqual <short>(3790, msg.OSVersion.BuildNumber);
Assert.AreEqual <short>(5, msg.OSVersion.MajorVersion);
Assert.AreEqual <short>(2, msg.OSVersion.MinorVersion);
}
public Authorization Authenticate(string challenge, WebRequest webRequest, ICredentials credentials)
{
HttpWebRequest request = webRequest as HttpWebRequest;
if (request == null)
{
return(null);
}
NetworkCredential cred = credentials.GetCredential(request.RequestUri, "NTLM");
if (cred == null)
{
return(null);
}
string userName = cred.UserName;
string domain = cred.Domain;
string password = cred.Password;
if (userName == null || userName == "")
{
return(null);
}
domain = domain != null && domain.Length > 0 ? domain : request.Headers ["Host"];
bool completed = false;
if (message == null)
{
Type1Message type1 = new Type1Message();
type1.Domain = domain;
message = type1;
}
else if (message.Type == 1)
{
// Should I check the credentials?
if (challenge == null)
{
message = null;
return(null);
}
Type2Message type2 = new Type2Message(Convert.FromBase64String(challenge));
if (password == null)
{
password = "";
}
Type3Message type3 = new Type3Message();
type3.Domain = domain;
type3.Username = userName;
type3.Challenge = type2.Nonce;
type3.Password = password;
message = type3;
completed = true;
}
else
{
// Should I check the credentials?
// type must be 3 here
if (challenge == null || challenge == String.Empty)
{
Type1Message type1 = new Type1Message();
type1.Domain = domain;
message = type1;
}
else
{
completed = true;
}
}
string token = "NTLM " + Convert.ToBase64String(message.GetBytes());
return(new Authorization(token, completed));
}
/// <exception cref="SharpCifs.Smb.SmbException"></exception>
public virtual byte[] InitSecContext(byte[] token, int offset, int len)
{
switch (State)
{
case 1:
{
Type1Message msg1 = new Type1Message(NtlmsspFlags,
Auth.GetDomain(),
Workstation);
token = msg1.ToByteArray();
if (Log.Level >= 4)
{
Log.WriteLine(msg1);
if (Log.Level >= 6)
{
Hexdump.ToHexdump(Log, token, 0, token.Length);
}
}
State++;
break;
}
case 2:
{
try
{
Type2Message msg2 = new Type2Message(token);
if (Log.Level >= 4)
{
Log.WriteLine(msg2);
if (Log.Level >= 6)
{
Hexdump.ToHexdump(Log, token, 0, token.Length);
}
}
ServerChallenge = msg2.GetChallenge();
NtlmsspFlags &= msg2.GetFlags();
//netbiosName = getNtlmsspListItem(token, 0x0001);
Type3Message msg3 = new Type3Message(msg2,
Auth.GetPassword(),
Auth.GetDomain(),
Auth.GetUsername(),
Workstation,
NtlmsspFlags);
token = msg3.ToByteArray();
if (Log.Level >= 4)
{
Log.WriteLine(msg3);
if (Log.Level >= 6)
{
Hexdump.ToHexdump(Log, token, 0, token.Length);
}
}
if ((NtlmsspFlags & NtlmFlags.NtlmsspNegotiateSign) != 0)
{
SigningKey = msg3.GetMasterKey();
}
isEstablished = true;
State++;
break;
}
catch (Exception e)
{
throw new SmbException(e.Message, e);
}
}
default:
{
throw new SmbException("Invalid state");
}
}
return token;
}
public Authorization Authenticate(string challenge, WebRequest webRequest, ICredentials credentials)
{
HttpWebRequest request = webRequest as HttpWebRequest;
if (request == null)
{
return(null);
}
NetworkCredential cred = credentials.GetCredential(request.RequestUri, "NTLM");
if (cred == null)
{
return(null);
}
string userName = cred.UserName;
string domain = cred.Domain;
string password = cred.Password;
if (userName == null || userName == "")
{
return(null);
}
if (String.IsNullOrEmpty(domain))
{
int idx = userName.IndexOf('\\');
if (idx == -1)
{
idx = userName.IndexOf('/');
}
if (idx >= 0)
{
domain = userName.Substring(0, idx);
userName = userName.Substring(idx + 1);
}
}
bool completed = false;
if (message == null)
{
Type1Message type1 = new Type1Message();
type1.Domain = domain;
type1.Host = ""; // MS does not send it
type1.Flags |= NtlmFlags.NegotiateNtlm2Key;
message = type1;
}
else if (message.Type == 1)
{
// Should I check the credentials?
if (challenge == null)
{
message = null;
return(null);
}
Type2Message type2 = new Type2Message(Convert.FromBase64String(challenge));
if (password == null)
{
password = "";
}
Type3Message type3 = new Type3Message(type2);
type3.Username = userName;
type3.Password = password;
message = type3;
completed = true;
}
else
{
// Should I check the credentials?
// type must be 3 here
if (challenge == null || challenge == String.Empty)
{
Type1Message type1 = new Type1Message();
type1.Domain = domain;
type1.Host = ""; // MS does not send it
message = type1;
}
else
{
completed = true;
}
}
string token = "NTLM " + Convert.ToBase64String(message.GetBytes());
return(new Authorization(token, completed));
}
public HttpResponse HandleAuthentication(HttpRequest request, string authHeader)
{
if (AuthenticationType == AuthenticationType.ForceNone)
{
// Must not contain any auth header
if (authHeader == null)
{
return(null);
}
return(OnError("Must not contain any auth header."));
}
if (authHeader == null)
{
haveChallenge = false;
return(OnUnauthenticated(request, AuthenticationType.ToString(), AuthenticationType == AuthenticationType.NTLM));
}
int pos = authHeader.IndexOf(' ');
var mode = authHeader.Substring(0, pos);
var arg = authHeader.Substring(pos + 1);
if (!mode.Equals(AuthenticationType.ToString()))
{
return(OnError("Invalid authentication scheme: {0}", mode));
}
if (mode.Equals("Basic"))
{
if (arg.Equals("eGFtYXJpbjptb25rZXk="))
{
return(null);
}
return(OnError("Invalid Basic Authentication header"));
}
else if (!mode.Equals("NTLM"))
{
return(OnError("Invalid authentication scheme: {0}", mode));
}
var bytes = Convert.FromBase64String(arg);
if (haveChallenge)
{
// FIXME: We don't actually check the result.
var message = new Type3Message(bytes);
if (message.Type != 3)
{
throw new InvalidOperationException();
}
return(null);
}
else
{
var message = new Type1Message(bytes);
if (message.Type != 1)
{
throw new InvalidOperationException();
}
var type2 = new Type2Message();
var token = "NTLM " + Convert.ToBase64String(type2.GetBytes());
haveChallenge = true;
return(OnUnauthenticated(request, token, false));
}
}
public void ProcessMessageType2(byte [] raw)
{
type2 = new Type2Message(raw);
}
public void Nonce_InvalidLength()
{
Type2Message msg = new Type2Message();
msg.Nonce = new byte [9];
}
public void Nonce_Null()
{
Type2Message msg = new Type2Message();
msg.Nonce = null;
}
MessageBase GetChallengeResponse(string userName, string password, byte[] token, int startIndex, int length)
{
var type2 = new Type2Message(token, startIndex, length);
return(new Type3Message(type2, OSVersion, Level, userName, password, Workstation));
}
public Authorization Authenticate (string challenge, WebRequest webRequest, ICredentials credentials)
{
HttpWebRequest request = webRequest as HttpWebRequest;
if (request == null)
return null;
NetworkCredential cred = credentials.GetCredential (request.RequestUri, "NTLM");
if (cred == null)
return null;
string userName = cred.UserName;
string domain = cred.Domain;
string password = cred.Password;
if (userName == null || userName == "")
return null;
if (String.IsNullOrEmpty (domain)) {
int idx = userName.IndexOf ('\\');
if (idx == -1) {
idx = userName.IndexOf ('/');
}
if (idx >= 0) {
domain = userName.Substring (0, idx);
userName = userName.Substring (idx + 1);
}
}
bool completed = false;
if (message == null) {
Type1Message type1 = new Type1Message ();
type1.Domain = domain;
type1.Host = ""; // MS does not send it
type1.Flags |= NtlmFlags.NegotiateNtlm2Key;
message = type1;
} else if (message.Type == 1) {
// Should I check the credentials?
if (challenge == null) {
message = null;
return null;
}
Type2Message type2 = new Type2Message (Convert.FromBase64String (challenge));
if (password == null)
password = "";
Type3Message type3 = new Type3Message (type2);
type3.Username = userName;
type3.Password = password;
type3.Domain = domain;
message = type3;
completed = true;
} else {
// Should I check the credentials?
// type must be 3 here
if (challenge == null || challenge == String.Empty) {
Type1Message type1 = new Type1Message ();
type1.Domain = domain;
type1.Host = ""; // MS does not send it
message = type1;
} else {
completed = true;
}
}
string token = "NTLM " + Convert.ToBase64String (message.GetBytes ());
return new Authorization (token, completed);
}
