// Example from http://www.innovation.ch/java/ntlm.html
public void Encode1 ()
{
Type3Message msg = new Type3Message ();
msg.Challenge = nonce;
msg.Domain = "Ursa-Minor";
msg.Host = "LightCity";
msg.Password = "******";
msg.Username = "******";
AssertEquals ("Type", 3, msg.Type);
AssertEquals ("GetBytes", "4E-54-4C-4D-53-53-50-00-03-00-00-00-18-00-18-00-72-00-00-00-18-00-18-00-8A-00-00-00-14-00-14-00-40-00-00-00-0C-00-0C-00-54-00-00-00-12-00-12-00-60-00-00-00-00-00-00-00-A2-00-00-00-01-B2-00-00-55-00-52-00-53-00-41-00-2D-00-4D-00-49-00-4E-00-4F-00-52-00-5A-00-61-00-70-00-68-00-6F-00-64-00-4C-00-49-00-47-00-48-00-54-00-43-00-49-00-54-00-59-00-AD-87-CA-6D-EF-E3-46-85-B9-C4-3C-47-7A-8C-42-D6-00-66-7D-68-92-E7-E8-97-E0-E0-0D-E3-10-4A-1B-F2-05-3F-07-C7-DD-A8-2D-3C-48-9A-E9-89-E1-B0-00-D3", BitConverter.ToString (msg.GetBytes ()));
}
// Example for a password smaller than 8 characters - which implies a weak DES key
public void SmallPassword ()
{
Type3Message msg = new Type3Message ();
msg.Challenge = new byte [8] { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07 };
msg.Domain = "DOMAIN";
msg.Host = "HOST";
msg.Password = "******";
msg.Username = "******";
Assert.AreEqual (3, msg.Type, "Type");
Assert.AreEqual ("4E-54-4C-4D-53-53-50-00-03-00-00-00-18-00-18-00-64-00-00-00-18-00-18-00-7C-00-00-00-0C-00-0C-00-40-00-00-00-10-00-10-00-4C-00-00-00-08-00-08-00-5C-00-00-00-00-00-00-00-94-00-00-00-01-B2-00-00-44-00-4F-00-4D-00-41-00-49-00-4E-00-75-00-73-00-65-00-72-00-6E-00-61-00-6D-00-65-00-48-00-4F-00-53-00-54-00-CA-12-00-72-3C-41-D5-77-AB-18-C7-64-C6-DE-F3-4F-A6-1B-FA-06-71-EA-5F-C8-7A-CE-90-85-AB-CC-37-59-38-0B-1C-68-62-E3-98-C3-C0-EF-9C-FC-22-E8-A2-C2", BitConverter.ToString (msg.GetBytes ()), "GetBytes");
}
// Example from http://www.innovation.ch/java/ntlm.html
public void Encode1 ()
{
Type3Message msg = new Type3Message ();
msg.Challenge = nonce;
// Type3Message now encodes domain and host case-sensitive.
msg.Domain = "URSA-MINOR";
msg.Host = "LIGHTCITY";
msg.Password = "******";
msg.Username = "******";
Assert.AreEqual (3, msg.Type, "Type");
Assert.AreEqual ("4E-54-4C-4D-53-53-50-00-03-00-00-00-18-00-18-00-72-00-00-00-18-00-18-00-8A-00-00-00-14-00-14-00-40-00-00-00-0C-00-0C-00-54-00-00-00-12-00-12-00-60-00-00-00-00-00-00-00-A2-00-00-00-01-B2-00-00-55-00-52-00-53-00-41-00-2D-00-4D-00-49-00-4E-00-4F-00-52-00-5A-00-61-00-70-00-68-00-6F-00-64-00-4C-00-49-00-47-00-48-00-54-00-43-00-49-00-54-00-59-00-AD-87-CA-6D-EF-E3-46-85-B9-C4-3C-47-7A-8C-42-D6-00-66-7D-68-92-E7-E8-97-E0-E0-0D-E3-10-4A-1B-F2-05-3F-07-C7-DD-A8-2D-3C-48-9A-E9-89-E1-B0-00-D3", BitConverter.ToString (msg.GetBytes ()), "GetBytes");
}
static void Compute_Type3(Type2Message type2)
{
Type3Message type3 = new Type3Message ();
type3.Domain = "";
type3.Host = "PROVCON-FAUST";
type3.Username = "******";
type3.Challenge = type2.Nonce;
type3.Password = "******";
HexDump ("CHALLENGE", type2.Nonce);
var bytes = type3.GetBytes ();
var message = new Type3Message (bytes);
HexDump ("LM", message.LM);
HexDump ("NT", message.NT);
}
protected internal int ProcessAuthentication ()
{
int pdu_size = Comm.GetTdsShort ();
byte[] msg2 = Comm.GetBytes (pdu_size, true);
Type2Message t2 = new Type2Message (msg2);
// 0x0001 Negotiate Unicode
// 0x0200 Negotiate NTLM
// 0x8000 Negotiate Always Sign
Type3Message t3 = new Type3Message (t2);
t3.Domain = this.connectionParms.DefaultDomain;
t3.Host = this.connectionParms.Hostname;
t3.Username = this.connectionParms.User;
t3.Password = GetPlainPassword(this.connectionParms.Password);
Comm.StartPacket (TdsPacketType.SspAuth); // 0x11
Comm.Append (t3.GetBytes ());
try {
Comm.SendPacket ();
} catch (IOException ex) {
connected = false;
throw new TdsInternalException ("Server closed the connection.", ex);
}
return 1; // TDS_SUCCEED
}
protected internal int ProcessAuthentication ()
{
int pdu_size = Comm.GetTdsShort ();
byte[] msg2 = Comm.GetBytes (pdu_size, true);
Type2Message t2 = new Type2Message (msg2);
// 0x0001 Negotiate Unicode
// 0x0200 Negotiate NTLM
// 0x8000 Negotiate Always Sign
Type3Message t3 = new Type3Message ();
t3.Challenge = t2.Nonce;
t3.Domain = this.connectionParms.DefaultDomain;
t3.Host = this.connectionParms.Hostname;
t3.Username = this.connectionParms.User;
t3.Password = this.connectionParms.Password;
Comm.StartPacket (TdsPacketType.SspAuth); // 0x11
Comm.Append (t3.GetBytes ());
Comm.SendPacket ();
return 1; // TDS_SUCCEED
}
public byte [] ProcessMessageType3 (string user, string password)
{
TargetName = Environment.MachineName;
ServerName = Environment.MachineName;
// FIXME
DomainName = ServerName;// IPGlobalProperties.GetIPGlobalProperties ().DomainName;
DnsHostName = Dns.GetHostName ();
DnsDomainName = DnsHostName; // FIXME
type3 = new Type3Message (NtlmVersion.Version3);
type3.Flags = (NtlmFlags) (unchecked ((int) 0xE2188235));
type3.Domain = DomainName;
type3.Host = DnsHostName;
type3.Challenge = type2.Nonce;
type3.Username = user;
type3.Password = password;
return type3.GetBytes ();
}
public void Run(string username, string password)
{
Console.WriteLine ("=========");
helper.StandardInput.WriteLine ("SF NTLMSSP_FEATURE_SESSION_KEY");
var sf_response = helper.StandardOutput.ReadLine ();
Console.WriteLine (sf_response);
if (sf_response != "OK")
throw new InvalidDataException (sf_response);
var pw_bytes = Encoding.ASCII.GetBytes (password);
helper.StandardInput.WriteLine ("PW " + Convert.ToBase64String (pw_bytes));
var pw_result = helper.StandardOutput.ReadLine ();
if (pw_result != "OK")
throw new InvalidDataException (pw_result);
var type1 = new Type1Message ();
type1.Flags |= NtlmFlags.NegotiateNtlm2Key;
helper.StandardInput.WriteLine ("KK " + Convert.ToBase64String (type1.GetBytes ()));
var type1_res = helper.StandardOutput.ReadLine ();
if (!type1_res.StartsWith ("TT "))
throw new InvalidDataException ();
var type2 = new Type2Message (Convert.FromBase64String (type1_res.Substring (3)));
Console.WriteLine ("TYPE2: {0:x} {1}", type2.Flags, type2.Flags);
var type3 = new Type3Message (type2);
type3.Domain = "SOL";
type3.Host = "PROVCON-FAUST";
type3.Username = username;
type3.Password = password;
var bytes = type3.GetBytes ();
helper.StandardInput.WriteLine ("KK {0}", Convert.ToBase64String (bytes));
var response2 = helper.StandardOutput.ReadLine ();
Console.WriteLine (response2);
if (!response2.StartsWith ("AF "))
throw new InvalidDataException (response2);
}
protected override SaslExchangeStatus Exchange(ByteString serverChallenge, out ByteString clientResponse)
{
if (Credential == null)
throw new SaslException("Credential property must be set");
clientResponse = null;
switch (step) {
case 0: { // send NTLM negotiate message (Type 1)
const NtlmFlags type1Flags =
NtlmFlags.RequestTarget |
NtlmFlags.NegotiateNtlm |
NtlmFlags.NegotiateUnicode |
NtlmFlags.NegotiateOem |
NtlmFlags.NegotiateDomainSupplied |
NtlmFlags.NegotiateWorkstationSupplied;
var type1 = new Type1Message();
type1.Flags = type1Flags;
type1.Host = TargetHost ?? string.Empty; // ?
type1.Domain = Credential.Domain ?? string.Empty;
clientResponse = new ByteString(type1.GetBytes());
step++;
return SaslExchangeStatus.Continuing;
}
case 1: { // receive NTLM challenge message (Type 2) and send NTLM authenticate message (Type 3)
if (string.IsNullOrEmpty(Credential.UserName) || string.IsNullOrEmpty(Credential.Password))
return SaslExchangeStatus.Failed;
var type2 = new Type2Message(serverChallenge.ByteArray);
var type3 = new Type3Message();
type3.Flags = NtlmFlags.NegotiateNtlm | NtlmFlags.NegotiateUnicode; // XXX
type3.Host = TargetHost ?? string.Empty; // ?
type3.Domain = Credential.Domain ?? string.Empty;
type3.Challenge = type2.Nonce;
type3.Password = Credential.Password;
type3.Username = Credential.UserName;
clientResponse = new ByteString(type3.GetBytes());
step++;
return SaslExchangeStatus.Succeeded;
}
default:
clientResponse = null;
return SaslExchangeStatus.Failed; // unexpected server challenge
}
}