/// <summary>
/// verify the implicit ntlm session security token.
/// this api is invoked by protocol need the implicit Ntlm authenticate, such as CifsSdk and the SmbSdk with
/// none extended session security.
/// </summary>
/// <param name="accountName">the user name which determined by the security context of the user initiating the
/// connection to share</param>
/// <param name="domainName">the Primary Domain of the user</param>
/// <param name="serverTime">the time of the server</param>
/// <param name="caseInsensitivePassword">the NtChallengeResponse</param>
/// <param name="caseSensitivePassword">the LmChallengeResponse</param>
/// <returns>success or fail</returns>
public bool VerifySecurityToken(
//string workstationName,
string accountName,
string domainName,
ulong serverTime,
byte[] caseInsensitivePassword,
byte[] caseSensitivePassword)
{
if (string.IsNullOrEmpty(accountName))
{
return(false);
}
this.systemTime = serverTime;
NlmpAuthenticatePacket authenticatePacket = new NlmpAuthenticatePacket();
authenticatePacket.SetNtChallengeResponse(caseSensitivePassword);
authenticatePacket.SetLmChallengeResponse(caseInsensitivePassword);
authenticatePacket.SetDomainName(domainName);
authenticatePacket.SetUserName(accountName);
authenticatePacket.SetWorkstation(string.Empty);
authenticatePacket.SetEncryptedRandomSessionKey(new byte[0]);
try
{
this.AcceptAuthenticatePacket(authenticatePacket);
}
catch (InvalidOperationException)
{
return(false);
}
catch (ArgumentException) // caseSensitivePassword or caseInsensitivePassword is not long enough
{
return(false);
}
return(true);
}
/// <summary>
/// this function create an authenticate packet.
/// after client received the challenge packet from server, client create an authenticate packet to server.
/// the authenticate packet contains the authentication information of user that is generated by the credential
/// of user.
/// this function does not set the mic field of packet. it must be set manually if need.
/// </summary>
/// <param name="negotiateFlags">this flags indicates the capabilities that client supports.</param>
/// <param name="version">
/// This structure is used for debugging purposes only. In normal (non-debugging) protocol messages, it is
/// ignored and does not affect the NTLM message processing.
/// </param>
/// <param name="lmChallengeResponse">
/// An LM_RESPONSE or LMv2_RESPONSE structure that contains the computed LM response to the challenge. If
/// NTLM v2 authentication is configured, LmChallengeResponse MUST be an LMv2_RESPONSE structure. Otherwise,
/// it MUST be an LM_RESPONSE structure.
/// </param>
/// <param name="ntChallengeResponse">
/// An NTLM_RESPONSE or NTLMv2_RESPONSE structure that contains the computed NT response to the challenge.
/// If NTLM v2 authentication is configured, NtChallengeResponse MUST be an NTLMv2_RESPONSE. Otherwise, it
/// MUST be an NTLM_RESPONSE structure.
/// </param>
/// <param name="domainName">
/// The domain or computer name hosting the user account. DomainName MUST be encoded in the negotiated
/// character set. This param can not be null.
/// </param>
/// <param name="userName">
/// The name of the user to be authenticated. UserName MUST be encoded in the negotiated character set. This
/// param can not be null.
/// </param>
/// <param name="workstation">
/// The name of the computer to which the user is logged on. Workstation MUST be encoded in the negotiated
/// character set. This param can not be null.
/// </param>
/// <param name="encryptedRandomSessionKey">
/// The client's encrypted random session key. This param can be null.
/// </param>
/// <returns>the authenticate packet</returns>
/// <exception cref="System.ArgumentNullException">
/// when LM is using, the ntChallengeResponse should be null!
/// </exception>
public NlmpAuthenticatePacket CreateAuthenticatePacket(
NegotiateTypes negotiateFlags,
VERSION version,
byte[] lmChallengeResponse,
byte[] ntChallengeResponse,
string domainName,
string userName,
string workstation,
byte[] encryptedRandomSessionKey
)
{
#region Parameter check
if (domainName == null)
{
throw new ArgumentNullException("domainName");
}
if (userName == null)
{
throw new ArgumentNullException("userName");
}
if (workstation == null)
{
throw new ArgumentNullException("workstation");
}
if (NlmpUtility.IsLm(negotiateFlags) && ntChallengeResponse != null)
{
throw new ArgumentException(
"when LM is using, the ntChallengeResponse should be null!", "ntChallengeResponse");
}
#endregion
NlmpAuthenticatePacket packet = new NlmpAuthenticatePacket();
// update flags
packet.SetNegotiateFlags(negotiateFlags);
// if version required, update version
if (NlmpUtility.IsVersionRequired(negotiateFlags))
{
packet.SetVersion(version);
}
// update domain name
packet.SetDomainName(domainName);
// update user name
packet.SetUserName(userName);
// if version required, update workstation
if (NlmpUtility.IsVersionRequired(negotiateFlags))
{
packet.SetWorkstation(workstation);
}
// update lmChallengeResponse
packet.SetLmChallengeResponse(lmChallengeResponse);
// update ntChallengeResponse
packet.SetNtChallengeResponse(ntChallengeResponse);
// update encryptedRandomSessionKey
packet.SetEncryptedRandomSessionKey(encryptedRandomSessionKey);
return(packet);
}
/// <summary>
/// this function create an authenticate packet.
/// after client received the challenge packet from server, client create an authenticate packet to server.
/// the authenticate packet contains the authentication information of user that is generated by the credential
/// of user.
/// this function does not set the mic field of packet. it must be set manually if need.
/// </summary>
/// <param name="negotiateFlags">this flags indicates the capabilities that client supports.</param>
/// <param name="version">
/// This structure is used for debugging purposes only. In normal (non-debugging) protocol messages, it is
/// ignored and does not affect the NTLM message processing.
/// </param>
/// <param name="lmChallengeResponse">
/// An LM_RESPONSE or LMv2_RESPONSE structure that contains the computed LM response to the challenge. If
/// NTLM v2 authentication is configured, LmChallengeResponse MUST be an LMv2_RESPONSE structure. Otherwise,
/// it MUST be an LM_RESPONSE structure.
/// </param>
/// <param name="ntChallengeResponse">
/// An NTLM_RESPONSE or NTLMv2_RESPONSE structure that contains the computed NT response to the challenge.
/// If NTLM v2 authentication is configured, NtChallengeResponse MUST be an NTLMv2_RESPONSE. Otherwise, it
/// MUST be an NTLM_RESPONSE structure.
/// </param>
/// <param name="domainName">
/// The domain or computer name hosting the user account. DomainName MUST be encoded in the negotiated
/// character set. This param can not be null.
/// </param>
/// <param name="userName">
/// The name of the user to be authenticated. UserName MUST be encoded in the negotiated character set. This
/// param can not be null.
/// </param>
/// <param name="workstation">
/// The name of the computer to which the user is logged on. Workstation MUST be encoded in the negotiated
/// character set. This param can not be null.
/// </param>
/// <param name="encryptedRandomSessionKey">
/// The client's encrypted random session key. This param can be null.
/// </param>
/// <returns>the authenticate packet</returns>
/// <exception cref="System.ArgumentNullException">
/// when LM is using, the ntChallengeResponse should be null!
/// </exception>
public NlmpAuthenticatePacket CreateAuthenticatePacket(
NegotiateTypes negotiateFlags,
VERSION version,
byte[] lmChallengeResponse,
byte[] ntChallengeResponse,
string domainName,
string userName,
string workstation,
byte[] encryptedRandomSessionKey
)
{
#region Parameter check
if (domainName == null)
{
throw new ArgumentNullException("domainName");
}
if (userName == null)
{
throw new ArgumentNullException("userName");
}
if (workstation == null)
{
throw new ArgumentNullException("workstation");
}
if (NlmpUtility.IsLm(negotiateFlags) && ntChallengeResponse != null)
{
throw new ArgumentException(
"when LM is using, the ntChallengeResponse should be null!", "ntChallengeResponse");
}
#endregion
NlmpAuthenticatePacket packet = new NlmpAuthenticatePacket();
// update flags
packet.SetNegotiateFlags(negotiateFlags);
// if version required, update version
if (NlmpUtility.IsVersionRequired(negotiateFlags))
{
packet.SetVersion(version);
}
// update domain name
packet.SetDomainName(domainName);
// update user name
packet.SetUserName(userName);
// if version required, update workstation
if (NlmpUtility.IsVersionRequired(negotiateFlags))
{
packet.SetWorkstation(workstation);
}
// update lmChallengeResponse
packet.SetLmChallengeResponse(lmChallengeResponse);
// update ntChallengeResponse
packet.SetNtChallengeResponse(ntChallengeResponse);
// update encryptedRandomSessionKey
packet.SetEncryptedRandomSessionKey(encryptedRandomSessionKey);
return packet;
}
/// <summary>
/// verify the implicit ntlm session security token.
/// this api is invoked by protocol need the implicit Ntlm authenticate, such as CifsSdk and the SmbSdk with
/// none extended session security.
/// </summary>
/// <param name="accountName">the user name which determined by the security context of the user initiating the
/// connection to share</param>
/// <param name="domainName">the Primary Domain of the user</param>
/// <param name="serverTime">the time of the server</param>
/// <param name="caseInsensitivePassword">the NtChallengeResponse</param>
/// <param name="caseSensitivePassword">the LmChallengeResponse</param>
/// <returns>success or fail</returns>
public bool VerifySecurityToken(
//string workstationName,
string accountName,
string domainName,
ulong serverTime,
byte[] caseInsensitivePassword,
byte[] caseSensitivePassword)
{
if (string.IsNullOrEmpty(accountName))
{
return false;
}
this.systemTime = serverTime;
NlmpAuthenticatePacket authenticatePacket = new NlmpAuthenticatePacket();
authenticatePacket.SetNtChallengeResponse(caseSensitivePassword);
authenticatePacket.SetLmChallengeResponse(caseInsensitivePassword);
authenticatePacket.SetDomainName(domainName);
authenticatePacket.SetUserName(accountName);
authenticatePacket.SetWorkstation(string.Empty);
authenticatePacket.SetEncryptedRandomSessionKey(new byte[0]);
try
{
this.AcceptAuthenticatePacket(authenticatePacket);
}
catch (InvalidOperationException)
{
return false;
}
catch (ArgumentException) // caseSensitivePassword or caseInsensitivePassword is not long enough
{
return false;
}
return true;
}