// Class(60) {
// OID(spnego),
// Class(A0) {
// Class(30) {
// Class(A0) {
// Class(30) { OID,OID,OID} },
// Class(A2) { OctetStream } } } }
public byte [] ProcessSpnegoInitialContextTokenRequest ()
{
Type1Message type1 = new Type1Message (NtlmVersion.Version3);
type1.Flags = unchecked ((NtlmFlags) 0xE21882B7);
type1.Domain = "WORKGROUP"; // FIXME: remove it
ASN1 asn = new ASN1 (0x60);
ASN1 asn2 = new ASN1 (0xA0);
ASN1 asn21 = new ASN1 (0x30);
ASN1 asn211 = new ASN1 (0xA0);
ASN1 asn2111 = new ASN1 (0x30);
asn211.Add (asn2111);
asn2111.Add (ASN1Convert.FromOid (Constants.OidNtlmSsp));
asn2111.Add (ASN1Convert.FromOid (Constants.OidKerberos5));
asn2111.Add (ASN1Convert.FromOid (Constants.OidMIT));
ASN1 asn212 = new ASN1 (0xA2);
ASN1 asn2121 = new ASN1 (0x4);
asn2121.Value = type1.GetBytes ();
asn212.Add (asn2121);
asn21.Add (asn211);
asn21.Add (asn212);
asn2.Add (asn21);
asn.Add (ASN1Convert.FromOid (Constants.OidSpnego));
asn.Add (asn2);
return asn.GetBytes ();
}
// Example from http://www.innovation.ch/java/ntlm.html
public void Encode1 ()
{
Type1Message msg = new Type1Message ();
AssertEquals ("Type", 1, msg.Type);
msg.Domain = "Ursa-Minor";
msg.Host = "LightCity";
AssertEquals ("GetBytes", "4E-54-4C-4D-53-53-50-00-01-00-00-00-07-B2-00-00-0A-00-0A-00-29-00-00-00-09-00-09-00-20-00-00-00-4C-49-47-48-54-43-49-54-59-55-52-53-41-2D-4D-49-4E-4F-52", BitConverter.ToString (msg.GetBytes ()));
}
public override bool Connect (TdsConnectionParameters connectionParameters)
{
if (IsConnected)
throw new InvalidOperationException ("The connection is already open.");
connectionParms = connectionParameters;
SetLanguage (connectionParameters.Language);
SetCharset ("utf-8");
byte[] empty = new byte[0];
short authLen = 0;
byte pad = (byte) 0;
byte[] domainMagic = { 6, 0x7d, 0x0f, 0xfd, 0xff, 0x0, 0x0, 0x0,
0x0, 0xe0, 0x83, 0x0, 0x0,
0x68, 0x01, 0x00, 0x00, 0x09, 0x04, 0x00, 0x00 };
byte[] sqlserverMagic = { 6, 0x0, 0x0, 0x0,
0x0, 0x0, 0x0, 0x0,
0x0, 0xe0, 0x03, 0x0,
0x0, 0x0, 0x0, 0x0, 0x0, 0x0,
0x0, 0x0, 0x0 };
byte[] magic = null;
if (connectionParameters.DomainLogin)
magic = domainMagic;
else
magic = sqlserverMagic;
string username = connectionParameters.User;
string domain = null;
int idx = username.IndexOf ("\\");
if (idx != -1) {
domain = username.Substring (0, idx);
username = username.Substring (idx + 1);
connectionParameters.DefaultDomain = domain;
connectionParameters.User = username;
} else {
domain = Environment.UserDomainName;
connectionParameters.DefaultDomain = domain;
}
short partialPacketSize = (short) (86 + (
connectionParameters.Hostname.Length +
connectionParameters.ApplicationName.Length +
DataSource.Length +
connectionParameters.LibraryName.Length +
Language.Length +
connectionParameters.Database.Length +
connectionParameters.AttachDBFileName.Length) * 2);
if (connectionParameters.DomainLogin) {
authLen = ((short) (32 + (connectionParameters.Hostname.Length +
domain.Length)));
partialPacketSize += authLen;
} else
partialPacketSize += ((short) ((username.Length + connectionParameters.Password.Length) * 2));
int totalPacketSize = partialPacketSize;
Comm.StartPacket (TdsPacketType.Logon70);
Comm.Append (totalPacketSize);
//Comm.Append (empty, 3, pad);
//byte[] version = {0x00, 0x0, 0x0, 0x71};
//Console.WriteLine ("Version: {0}", ClientVersion[3]);
Comm.Append (ClientVersion); // TDS Version 7
Comm.Append ((int)this.PacketSize); // Set the Block Size
Comm.Append (empty, 3, pad);
Comm.Append (magic);
short curPos = 86;
// Hostname
Comm.Append (curPos);
Comm.Append ((short) connectionParameters.Hostname.Length);
curPos += (short) (connectionParameters.Hostname.Length * 2);
if (connectionParameters.DomainLogin) {
Comm.Append((short)0);
Comm.Append((short)0);
Comm.Append((short)0);
Comm.Append((short)0);
} else {
// Username
Comm.Append (curPos);
Comm.Append ((short) username.Length);
curPos += ((short) (username.Length * 2));
// Password
Comm.Append (curPos);
Comm.Append ((short) connectionParameters.Password.Length);
curPos += (short) (connectionParameters.Password.Length * 2);
}
// AppName
Comm.Append (curPos);
Comm.Append ((short) connectionParameters.ApplicationName.Length);
curPos += (short) (connectionParameters.ApplicationName.Length * 2);
// Server Name
Comm.Append (curPos);
Comm.Append ((short) DataSource.Length);
curPos += (short) (DataSource.Length * 2);
// Unknown
Comm.Append ((short) curPos);
Comm.Append ((short) 0);
// Library Name
Comm.Append (curPos);
Comm.Append ((short) connectionParameters.LibraryName.Length);
curPos += (short) (connectionParameters.LibraryName.Length * 2);
// Language
Comm.Append (curPos);
Comm.Append ((short) Language.Length);
curPos += (short) (Language.Length * 2);
// Database
Comm.Append (curPos);
Comm.Append ((short) connectionParameters.Database.Length);
curPos += (short) (connectionParameters.Database.Length * 2);
// MAC Address
Comm.Append((byte) 0);
Comm.Append((byte) 0);
Comm.Append((byte) 0);
Comm.Append((byte) 0);
Comm.Append((byte) 0);
Comm.Append((byte) 0);
// Authentication Stuff
Comm.Append ((short) curPos);
if (connectionParameters.DomainLogin) {
Comm.Append ((short) authLen);
curPos += (short) authLen;
} else
Comm.Append ((short) 0);
// Unknown
Comm.Append (curPos);
Comm.Append ((short)( connectionParameters.AttachDBFileName.Length));
curPos += (short)(connectionParameters.AttachDBFileName.Length*2);
// Connection Parameters
Comm.Append (connectionParameters.Hostname);
if (!connectionParameters.DomainLogin) {
// SQL Server Authentication
Comm.Append (connectionParameters.User);
string scrambledPwd = EncryptPassword (connectionParameters.Password);
Comm.Append (scrambledPwd);
}
Comm.Append (connectionParameters.ApplicationName);
Comm.Append (DataSource);
Comm.Append (connectionParameters.LibraryName);
Comm.Append (Language);
Comm.Append (connectionParameters.Database);
if (connectionParameters.DomainLogin) {
// the rest of the packet is NTLMSSP authentication
Type1Message msg = new Type1Message ();
msg.Domain = domain;
msg.Host = connectionParameters.Hostname;
msg.Flags = NtlmFlags.NegotiateUnicode |
NtlmFlags.NegotiateNtlm |
NtlmFlags.NegotiateDomainSupplied |
NtlmFlags.NegotiateWorkstationSupplied |
NtlmFlags.NegotiateAlwaysSign; // 0xb201
Comm.Append (msg.GetBytes ());
}
Comm.Append (connectionParameters.AttachDBFileName);
Comm.SendPacket ();
MoreResults = true;
SkipToEnd ();
return IsConnected;
}
public byte [] ProcessMessageType1 ()
{
Type1Message type1 = new Type1Message (NtlmVersion.Version3);
type1.Flags = unchecked ((NtlmFlags) 0xE21882B7);
return type1.GetBytes ();
}
public void Run(string username, string password)
{
Console.WriteLine ("=========");
helper.StandardInput.WriteLine ("SF NTLMSSP_FEATURE_SESSION_KEY");
var sf_response = helper.StandardOutput.ReadLine ();
Console.WriteLine (sf_response);
if (sf_response != "OK")
throw new InvalidDataException (sf_response);
var pw_bytes = Encoding.ASCII.GetBytes (password);
helper.StandardInput.WriteLine ("PW " + Convert.ToBase64String (pw_bytes));
var pw_result = helper.StandardOutput.ReadLine ();
if (pw_result != "OK")
throw new InvalidDataException (pw_result);
var type1 = new Type1Message ();
type1.Flags |= NtlmFlags.NegotiateNtlm2Key;
helper.StandardInput.WriteLine ("KK " + Convert.ToBase64String (type1.GetBytes ()));
var type1_res = helper.StandardOutput.ReadLine ();
if (!type1_res.StartsWith ("TT "))
throw new InvalidDataException ();
var type2 = new Type2Message (Convert.FromBase64String (type1_res.Substring (3)));
Console.WriteLine ("TYPE2: {0:x} {1}", type2.Flags, type2.Flags);
var type3 = new Type3Message (type2);
type3.Domain = "SOL";
type3.Host = "PROVCON-FAUST";
type3.Username = username;
type3.Password = password;
var bytes = type3.GetBytes ();
helper.StandardInput.WriteLine ("KK {0}", Convert.ToBase64String (bytes));
var response2 = helper.StandardOutput.ReadLine ();
Console.WriteLine (response2);
if (!response2.StartsWith ("AF "))
throw new InvalidDataException (response2);
}
protected override SaslExchangeStatus Exchange(ByteString serverChallenge, out ByteString clientResponse)
{
if (Credential == null)
throw new SaslException("Credential property must be set");
clientResponse = null;
switch (step) {
case 0: { // send NTLM negotiate message (Type 1)
const NtlmFlags type1Flags =
NtlmFlags.RequestTarget |
NtlmFlags.NegotiateNtlm |
NtlmFlags.NegotiateUnicode |
NtlmFlags.NegotiateOem |
NtlmFlags.NegotiateDomainSupplied |
NtlmFlags.NegotiateWorkstationSupplied;
var type1 = new Type1Message();
type1.Flags = type1Flags;
type1.Host = TargetHost ?? string.Empty; // ?
type1.Domain = Credential.Domain ?? string.Empty;
clientResponse = new ByteString(type1.GetBytes());
step++;
return SaslExchangeStatus.Continuing;
}
case 1: { // receive NTLM challenge message (Type 2) and send NTLM authenticate message (Type 3)
if (string.IsNullOrEmpty(Credential.UserName) || string.IsNullOrEmpty(Credential.Password))
return SaslExchangeStatus.Failed;
var type2 = new Type2Message(serverChallenge.ByteArray);
var type3 = new Type3Message();
type3.Flags = NtlmFlags.NegotiateNtlm | NtlmFlags.NegotiateUnicode; // XXX
type3.Host = TargetHost ?? string.Empty; // ?
type3.Domain = Credential.Domain ?? string.Empty;
type3.Challenge = type2.Nonce;
type3.Password = Credential.Password;
type3.Username = Credential.UserName;
clientResponse = new ByteString(type3.GetBytes());
step++;
return SaslExchangeStatus.Succeeded;
}
default:
clientResponse = null;
return SaslExchangeStatus.Failed; // unexpected server challenge
}
}
