public bool HandleNTLM(ref byte[] bytes, ref bool haveChallenge)
{
if (haveChallenge)
{
// FIXME: We don't actually check the result.
var message = new Type3Message(bytes);
if (message.Type != 3)
{
throw new InvalidOperationException();
}
return(true);
}
else
{
var message = new Type1Message(bytes);
if (message.Type != 1)
{
throw new InvalidOperationException();
}
var type2 = new Type2Message();
haveChallenge = true;
bytes = type2.GetBytes();
return(false);
}
}
public bool HandleNTLM(ref byte[] bytes)
{
var type = MessageBase.GetType(bytes);
if (type < 0)
{
throw new InvalidOperationException();
}
if (type == 3)
{
// FIXME: We don't actually check the result.
var message = new Type3Message(bytes);
if (message.Type != 3)
{
throw new InvalidOperationException();
}
return(true);
}
if (type == 1)
{
var message = new Type1Message(bytes);
if (message.Type != 1)
{
throw new InvalidOperationException();
}
var type2 = new Type2Message();
bytes = type2.GetBytes();
return(false);
}
throw new InvalidOperationException();
}
static void AssertNtlmv2(SaslMechanismNtlm sasl, string challenge1, string challenge2)
{
var challenge = sasl.Challenge(string.Empty);
Assert.AreEqual(challenge1, challenge, "Initial challenge");
Assert.IsFalse(sasl.IsAuthenticated, "IsAuthenticated");
challenge = sasl.Challenge(challenge2);
var token = Convert.FromBase64String(challenge2);
var type2 = new Type2Message(token, 0, token.Length);
var type3 = new Type3Message(type2, null, sasl.Level, sasl.Credentials.UserName, sasl.Credentials.Password, sasl.Workstation);
var ignoreLength = type2.EncodedTargetInfo.Length + 28 + 16;
var actual = Convert.FromBase64String(challenge);
var expected = type3.Encode();
var ntlmBufferIndex = expected.Length - ignoreLength;
var targetInfoIndex = ntlmBufferIndex + 16 /* md5 hash */ + 28;
Assert.AreEqual(expected.Length, actual.Length, "Final challenge differs in length: {0} vs {1}", expected.Length, actual.Length);
for (int i = 0; i < expected.Length - ignoreLength; i++)
{
Assert.AreEqual(expected[i], actual[i], "Final challenge differs at index {0}", i);
}
// now compare the TargetInfo blobs
for (int i = targetInfoIndex; i < expected.Length; i++)
{
Assert.AreEqual(expected[i], actual[i], "Final challenge differs at index {0}", i);
}
Assert.IsTrue(sasl.IsAuthenticated, "IsAuthenticated");
}
public void BadType3Message()
{
byte[] bad = (byte[])data1.Clone();
bad [56] = 0x00;
bad [57] = 0x00;
Type3Message msg = new Type3Message(bad);
}
static void AssertNtlm2Key(SaslMechanismNtlm sasl, string challenge1, string challenge2)
{
var challenge = sasl.Challenge(string.Empty);
Assert.AreEqual(challenge1, challenge, "Initial challenge");
Assert.IsFalse(sasl.IsAuthenticated, "IsAuthenticated");
challenge = sasl.Challenge(challenge2);
var token = Convert.FromBase64String(challenge2);
var type2 = new Type2Message(token, 0, token.Length);
var type3 = new Type3Message(type2, null, sasl.Level, sasl.Credentials.UserName, sasl.Credentials.Password, sasl.Workstation);
var ignoreLength = 48;
var actual = Convert.FromBase64String(challenge);
var expected = type3.Encode();
Assert.AreEqual(expected.Length, actual.Length, "Final challenge differs in length: {0} vs {1}", expected.Length, actual.Length);
for (int i = 0; i < expected.Length - ignoreLength; i++)
{
Assert.AreEqual(expected[i], actual[i], "Final challenge differs at index {0}", i);
}
Assert.IsTrue(sasl.IsAuthenticated, "IsAuthenticated");
}
static MessageBase GetChallengeResponse(string userName, string password, string domain, byte[] token, int startIndex, int length)
{
var type2 = new Type2Message(token, startIndex, length);
var type3 = new Type3Message(type2, userName, string.Empty);
type3.Password = password;
type3.Domain = domain;
return(type3);
}
public void TestNtlmType3MessageEncode()
{
const string expected = "TlRMTVNTUAADAAAAGAAYAGoAAAAYABgAggAAAAwADABAAAAACAAIAEwAAAAWABYAVAAAAAAAAACaAAAAAQIAAEQATwBNAEEASQBOAHUAcwBlAHIAVwBPAFIASwBTAFQAQQBUAEkATwBOAJje97h/iKpdr+Lfd5aIoXLe8Rx9XM3vE91UKLAehvTfyr6sOUlG29Q+6I95TdYyVQ==";
const string challenge2 = "TlRMTVNTUAACAAAADAAMADAAAAABAoEAASNFZ4mrze8AAAAAAAAAAGIAYgA8AAAARABPAE0AQQBJAE4AAgAMAEQATwBNAEEASQBOAAEADABTAEUAUgBWAEUAUgAEABQAZABvAG0AYQBpAG4ALgBjAG8AbQADACIAcwBlAHIAdgBlAHIALgBkAG8AbQBhAGkAbgAuAGMAbwBtAAAAAAA=";
var token = Convert.FromBase64String(challenge2);
var type2 = new Type2Message(token, 0, token.Length);
var type3 = new Type3Message(type2, null, NtlmAuthLevel.LM_and_NTLM, "user", "password", "WORKSTATION");
var actual = Convert.ToBase64String(type3.Encode());
Assert.AreEqual(expected, actual, "The encoded Type3Message did not match the expected result.");
}
public void SerializeType3Message()
{
Type2Message m2 = Type2Message.Deserialize(type2MessageVersion3);
// Compute the challenge response
Type3Message msg = new Type3Message("Testuser", "Testpassword",
m2.Challenge, "MyWorkstation");
byte[] serialized = msg.Serialize();
Assert.IsTrue(type3Message.SequenceEqual(serialized));
}
// Example from http://www.innovation.ch/java/ntlm.html
public void Encode1()
{
Type3Message msg = new Type3Message();
msg.Challenge = nonce;
msg.Domain = "Ursa-Minor";
msg.Host = "LightCity";
msg.Password = "******";
msg.Username = "******";
AssertEquals("Type", 3, msg.Type);
AssertEquals("GetBytes", "4E-54-4C-4D-53-53-50-00-03-00-00-00-18-00-18-00-72-00-00-00-18-00-18-00-8A-00-00-00-14-00-14-00-40-00-00-00-0C-00-0C-00-54-00-00-00-12-00-12-00-60-00-00-00-00-00-00-00-A2-00-00-00-01-82-00-00-55-00-52-00-53-00-41-00-2D-00-4D-00-49-00-4E-00-4F-00-52-00-5A-00-61-00-70-00-68-00-6F-00-64-00-4C-00-49-00-47-00-48-00-54-00-43-00-49-00-54-00-59-00-AD-87-CA-6D-EF-E3-46-85-B9-C4-3C-47-7A-8C-42-D6-00-66-7D-68-92-E7-E8-97-E0-E0-0D-E3-10-4A-1B-F2-05-3F-07-C7-DD-A8-2D-3C-48-9A-E9-89-E1-B0-00-D3", BitConverter.ToString(msg.GetBytes()));
}
/// <summary>
/// Computes the actual challenge response to an NTLM challenge
/// which is sent as part of an NTLM type 2 message.
/// </summary>
/// <param name="challenge">The challenge sent by the server.</param>
/// <returns>The response to the NTLM challenge.</returns>
/// <exception cref="SaslException">Thrown if the challenge
/// response could not be computed.</exception>
protected byte[] ComputeChallengeResponse(byte[] challenge)
{
try {
Type2Message msg = Type2Message.Deserialize(challenge);
byte[] data = new Type3Message(Username, Password, msg.Challenge,
"Workstation").Serialize();
return(data);
} catch (Exception e) {
throw new SaslException("The challenge response could not be " +
"computed.", e);
}
}
// Example from http://www.innovation.ch/java/ntlm.html
public void Decode1()
{
Type3Message msg = new Type3Message(data1);
AssertEquals("Domain", "URSA-MINOR", msg.Domain);
AssertEquals("Host", "LIGHTCITY", msg.Host);
AssertEquals("Username", "Zaphod", msg.Username);
AssertEquals("Flags", (NtlmFlags)0x8201, msg.Flags);
AssertEquals("Type", 3, msg.Type);
AssertNull("Password", msg.Password);
AssertEquals("LM", "AD-87-CA-6D-EF-E3-46-85-B9-C4-3C-47-7A-8C-42-D6-00-66-7D-68-92-E7-E8-97", BitConverter.ToString(msg.LM));
AssertEquals("NT", "E0-E0-0D-E3-10-4A-1B-F2-05-3F-07-C7-DD-A8-2D-3C-48-9A-E9-89-E1-B0-00-D3", BitConverter.ToString(msg.NT));
}
public void Challenge()
{
Type3Message msg = new Type3Message();
AssertNull("Challenge", msg.Challenge);
byte[] c = new byte [8];
msg.Challenge = c;
AssertEquals("Challenge.Length", 8, msg.Challenge.Length);
c [0] = 1;
AssertEquals("Challenge not directly accessible", 0, msg.Challenge [0]);
}
// Example from http://davenport.sourceforge.net/ntlm.html#type3MessageExample
public void Decode2()
{
Type3Message msg = new Type3Message(data2);
AssertEquals("Domain", "DOMAIN", msg.Domain);
AssertEquals("Host", "WORKSTATION", msg.Host);
AssertEquals("Username", "user", msg.Username);
AssertEquals("Flags", (NtlmFlags)0x201, msg.Flags);
AssertEquals("Type", 3, msg.Type);
AssertNull("Password", msg.Password);
AssertEquals("LM", "C3-37-CD-5C-BD-44-FC-97-82-A6-67-AF-6D-42-7C-6D-E6-7C-20-C2-D3-E7-7C-56", BitConverter.ToString(msg.LM));
AssertEquals("NT", "25-A9-8C-1C-31-E8-18-47-46-6B-29-B2-DF-46-80-F3-99-58-FB-8C-21-3A-9C-C6", BitConverter.ToString(msg.NT));
}
public void Challenge()
{
Type3Message msg = new Type3Message();
Assert.IsNull(msg.Challenge, "Challenge");
byte[] c = new byte [8];
msg.Challenge = c;
Assert.AreEqual(8, msg.Challenge.Length, "Challenge.Length");
c [0] = 1;
Assert.AreEqual(0, msg.Challenge [0], "Challenge not directly accessible");
}
// Example from http://davenport.sourceforge.net/ntlm.html#type3MessageExample
public void Decode2()
{
Type3Message msg = new Type3Message(data2);
Assert.AreEqual("DOMAIN", msg.Domain, "Domain");
Assert.AreEqual("WORKSTATION", msg.Host, "Host");
Assert.AreEqual("user", msg.Username, "Username");
Assert.AreEqual((NtlmFlags)0x201, msg.Flags, "Flags");
Assert.AreEqual(3, msg.Type, "Type");
Assert.IsNull(msg.Password, "Password");
Assert.AreEqual("C3-37-CD-5C-BD-44-FC-97-82-A6-67-AF-6D-42-7C-6D-E6-7C-20-C2-D3-E7-7C-56", BitConverter.ToString(msg.LM), "LM");
Assert.AreEqual("25-A9-8C-1C-31-E8-18-47-46-6B-29-B2-DF-46-80-F3-99-58-FB-8C-21-3A-9C-C6", BitConverter.ToString(msg.NT), "NT");
}
// Example from http://www.innovation.ch/java/ntlm.html
public void Decode1()
{
Type3Message msg = new Type3Message(data1);
Assert.AreEqual("URSA-MINOR", msg.Domain, "Domain");
Assert.AreEqual("LIGHTCITY", msg.Host, "Host");
Assert.AreEqual("Zaphod", msg.Username, "Username");
Assert.AreEqual((NtlmFlags)0x8201, msg.Flags, "Flags");
Assert.AreEqual(3, msg.Type, "Type");
Assert.IsNull(msg.Password, "Password");
Assert.AreEqual("AD-87-CA-6D-EF-E3-46-85-B9-C4-3C-47-7A-8C-42-D6-00-66-7D-68-92-E7-E8-97", BitConverter.ToString(msg.LM), "LM");
Assert.AreEqual("E0-E0-0D-E3-10-4A-1B-F2-05-3F-07-C7-DD-A8-2D-3C-48-9A-E9-89-E1-B0-00-D3", BitConverter.ToString(msg.NT), "NT");
}
// Example from http://www.innovation.ch/java/ntlm.html
public void Encode1()
{
Type3Message msg = new Type3Message();
msg.Challenge = nonce;
// Type3Message now encodes domain and host case-sensitive.
msg.Domain = "URSA-MINOR";
msg.Host = "LIGHTCITY";
msg.Password = "******";
msg.Username = "******";
Assert.AreEqual(3, msg.Type, "Type");
Assert.AreEqual("4E-54-4C-4D-53-53-50-00-03-00-00-00-18-00-18-00-72-00-00-00-18-00-18-00-8A-00-00-00-14-00-14-00-40-00-00-00-0C-00-0C-00-54-00-00-00-12-00-12-00-60-00-00-00-00-00-00-00-A2-00-00-00-01-B2-00-00-55-00-52-00-53-00-41-00-2D-00-4D-00-49-00-4E-00-4F-00-52-00-5A-00-61-00-70-00-68-00-6F-00-64-00-4C-00-49-00-47-00-48-00-54-00-43-00-49-00-54-00-59-00-AD-87-CA-6D-EF-E3-46-85-B9-C4-3C-47-7A-8C-42-D6-00-66-7D-68-92-E7-E8-97-E0-E0-0D-E3-10-4A-1B-F2-05-3F-07-C7-DD-A8-2D-3C-48-9A-E9-89-E1-B0-00-D3", BitConverter.ToString(msg.GetBytes()), "GetBytes");
}
// Example for a password smaller than 8 characters - which implies a weak DES key
public void SmallPassword()
{
Type3Message msg = new Type3Message();
msg.Challenge = new byte [8] {
0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07
};
msg.Domain = "DOMAIN";
msg.Host = "HOST";
msg.Password = "******";
msg.Username = "******";
AssertEquals("Type", 3, msg.Type);
AssertEquals("GetBytes", "4E-54-4C-4D-53-53-50-00-03-00-00-00-18-00-18-00-64-00-00-00-18-00-18-00-7C-00-00-00-0C-00-0C-00-40-00-00-00-10-00-10-00-4C-00-00-00-08-00-08-00-5C-00-00-00-00-00-00-00-94-00-00-00-01-82-00-00-44-00-4F-00-4D-00-41-00-49-00-4E-00-75-00-73-00-65-00-72-00-6E-00-61-00-6D-00-65-00-48-00-4F-00-53-00-54-00-CA-12-00-72-3C-41-D5-77-AB-18-C7-64-C6-DE-F3-4F-A6-1B-FA-06-71-EA-5F-C8-7A-CE-90-85-AB-CC-37-59-38-0B-1C-68-62-E3-98-C3-C0-EF-9C-FC-22-E8-A2-C2", BitConverter.ToString(msg.GetBytes()));
}
/// <summary>
/// Computes the actual challenge response to an NTLM challenge
/// which is sent as part of an NTLM type 2 message.
/// </summary>
/// <param name="challenge">The challenge sent by the server.</param>
/// <returns>The response to the NTLM challenge.</returns>
/// <exception cref="SaslException">Thrown if the challenge
/// response could not be computed.</exception>
protected new byte[] ComputeChallengeResponse(byte[] challenge)
{
try {
Type2Message msg = Type2Message.Deserialize(challenge);
// This creates an NTLMv2 challenge response.
byte[] data = new Type3Message(Username, Password, msg.Challenge,
Username, true, msg.TargetName,
msg.RawTargetInformation).Serialize();
return(data);
} catch (Exception e) {
throw new SaslException("The challenge response could not be " +
"computed.", e);
}
}
// Example for a password smaller than 8 characters - which implies a weak DES key
public void SmallPassword()
{
Type3Message msg = new Type3Message();
msg.Challenge = new byte [8] {
0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07
};
msg.Domain = "DOMAIN";
msg.Host = "HOST";
// [SuppressMessage("Microsoft.Security", "CS002:SecretInNextLine", Justification="Not a secret.")]
msg.Password = "******";
msg.Username = "******";
Assert.AreEqual(3, msg.Type, "Type");
Assert.AreEqual("4E-54-4C-4D-53-53-50-00-03-00-00-00-18-00-18-00-64-00-00-00-18-00-18-00-7C-00-00-00-0C-00-0C-00-40-00-00-00-10-00-10-00-4C-00-00-00-08-00-08-00-5C-00-00-00-00-00-00-00-94-00-00-00-01-B2-00-00-44-00-4F-00-4D-00-41-00-49-00-4E-00-75-00-73-00-65-00-72-00-6E-00-61-00-6D-00-65-00-48-00-4F-00-53-00-54-00-CA-12-00-72-3C-41-D5-77-AB-18-C7-64-C6-DE-F3-4F-A6-1B-FA-06-71-EA-5F-C8-7A-CE-90-85-AB-CC-37-59-38-0B-1C-68-62-E3-98-C3-C0-EF-9C-FC-22-E8-A2-C2", BitConverter.ToString(msg.GetBytes()), "GetBytes");
}
/// <summary>
/// Computes the actual challenge response to an NTLM challenge
/// which is sent as part of an NTLM type 2 message.
/// </summary>
/// <param name="challenge">The challenge sent by the server.</param>
/// <returns>The response to the NTLM challenge.</returns>
/// <exception cref="SaslException">Thrown if the challenge
/// response could not be computed.</exception>
protected new byte[] ComputeChallengeResponse(byte[] challenge)
{
try {
Type2Message msg = Type2Message.Deserialize(challenge);
// This creates an NTLMv2 challenge response.
var type3Message = new Type3Message(Credential, msg.Challenge,
Credential.UserName, _additionalFlags, true, msg.TargetName,
msg.RawTargetInformation);
SessionKey = type3Message.SessionKey;
return(type3Message.Serialize());
} catch (Exception e) {
throw new SaslException("The challenge response could not be " +
"computed.", e);
}
}
public byte [] ProcessMessageType3(string user, string password)
{
TargetName = Environment.MachineName;
ServerName = Environment.MachineName;
// FIXME
DomainName = ServerName; // IPGlobalProperties.GetIPGlobalProperties ().DomainName;
DnsHostName = Dns.GetHostName();
DnsDomainName = DnsHostName; // FIXME
type3 = new Type3Message(NtlmVersion.Version3);
type3.Flags = (NtlmFlags)(unchecked ((int)0xE2188235));
type3.Domain = DomainName;
type3.Host = DnsHostName;
type3.Challenge = type2.Nonce;
type3.Username = user;
type3.Password = password;
return(type3.GetBytes());
}
public void TestNtlmType3MessageDecode()
{
const string challenge3 = "TlRMTVNTUAADAAAAGAAYAGoAAAAYABgAggAAAAwADABAAAAACAAIAEwAAAAWABYAVAAAAAAAAACaAAAAAQIAAEQATwBNAEEASQBOAHUAcwBlAHIAVwBPAFIASwBTAFQAQQBUAEkATwBOAJje97h/iKpdr+Lfd5aIoXLe8Rx9XM3vE91UKLAehvTfyr6sOUlG29Q+6I95TdYyVQ==";
var flags = NtlmFlags.NegotiateNtlm | NtlmFlags.NegotiateUnicode;
var token = Convert.FromBase64String(challenge3);
var type3 = new Type3Message(token, 0, token.Length);
Assert.AreEqual(flags, type3.Flags, "The expected flags do not match.");
Assert.AreEqual("DOMAIN", type3.Domain, "The expected Domain does not match.");
Assert.AreEqual("WORKSTATION", type3.Host, "The expected Host does not match.");
Assert.AreEqual("user", type3.Username, "The expected Username does not match.");
var nt = HexEncode(type3.NT);
Assert.AreEqual("dd5428b01e86f4dfcabeac394946dbd43ee88f794dd63255", nt, "The NT payload does not match.");
var lm = HexEncode(type3.LM);
Assert.AreEqual("98def7b87f88aa5dafe2df779688a172def11c7d5ccdef13", lm, "The LM payload does not match.");
}
public void ProcessMessageType3(byte [] raw)
{
/*
* MemoryStream ms = new MemoryStream (raw);
* if (!Verify (NtlmSSP, raw, 0, 8))
* throw new SecurityNegotiationException ("Expected NTLM SSPI header not found");
* BinaryReader reader = new BinaryReader (ms);
* reader.ReadInt64 (); // skip 8 bytes
* if (reader.ReadInt32 () != 3)
* throw new SecurityNegotiationException ("SSPI type 3 message is expected");
* SspiSecurityBufferStruct lmResInfo = ReadSecurityBuffer (reader);
* SspiSecurityBufferStruct ntlmResInfo = ReadSecurityBuffer (reader);
* SspiSecurityBufferStruct targetNameInfo = ReadSecurityBuffer (reader);
* SspiSecurityBufferStruct userNameInfo = ReadSecurityBuffer (reader);
* SspiSecurityBufferStruct wsNameInfo = ReadSecurityBuffer (reader);
* SspiSecurityBufferStruct sessionKeyInfo = ReadSecurityBuffer (reader);
* int flags = reader.ReadInt32 ();
* ServerOSVersion = reader.ReadInt64 ();
*/
type3 = new Type3Message(raw, NtlmVersion.Version3);
}
public Authorization Authenticate(string challenge, WebRequest webRequest, ICredentials credentials)
{
HttpWebRequest request = webRequest as HttpWebRequest;
if (request == null)
{
return(null);
}
NetworkCredential cred = credentials.GetCredential(request.RequestUri, "NTLM");
if (cred == null)
{
return(null);
}
string userName = cred.UserName;
string domain = cred.Domain;
string password = cred.Password;
if (userName == null || userName == "")
{
return(null);
}
domain = domain != null && domain.Length > 0 ? domain : request.Headers ["Host"];
bool completed = false;
if (message == null)
{
Type1Message type1 = new Type1Message();
type1.Domain = domain;
message = type1;
}
else if (message.Type == 1)
{
// Should I check the credentials?
if (challenge == null)
{
message = null;
return(null);
}
Type2Message type2 = new Type2Message(Convert.FromBase64String(challenge));
if (password == null)
{
password = "";
}
Type3Message type3 = new Type3Message();
type3.Domain = domain;
type3.Username = userName;
type3.Challenge = type2.Nonce;
type3.Password = password;
message = type3;
completed = true;
}
else
{
// Should I check the credentials?
// type must be 3 here
if (challenge == null || challenge == String.Empty)
{
Type1Message type1 = new Type1Message();
type1.Domain = domain;
message = type1;
}
else
{
completed = true;
}
}
string token = "NTLM " + Convert.ToBase64String(message.GetBytes());
return(new Authorization(token, completed));
}
public void Decode_BadHeader()
{
byte[] header = { 0x4e, 0x54, 0x4c, 0x4d, 0x53, 0x53, 0x50, 0x01, 0x00, 0x00, 0x00, 0x00 };
Type3Message msg = new Type3Message(header);
}
public Authorization Authenticate(string challenge, WebRequest webRequest, ICredentials credentials)
{
HttpWebRequest request = webRequest as HttpWebRequest;
if (request == null)
{
return(null);
}
NetworkCredential cred = credentials.GetCredential(request.RequestUri, "NTLM");
if (cred == null)
{
return(null);
}
string userName = cred.UserName;
string domain = cred.Domain;
string password = cred.Password;
if (userName == null || userName == "")
{
return(null);
}
if (String.IsNullOrEmpty(domain))
{
int idx = userName.IndexOf('\\');
if (idx == -1)
{
idx = userName.IndexOf('/');
}
if (idx >= 0)
{
domain = userName.Substring(0, idx);
userName = userName.Substring(idx + 1);
}
}
bool completed = false;
if (message == null)
{
Type1Message type1 = new Type1Message();
type1.Domain = domain;
type1.Host = ""; // MS does not send it
type1.Flags |= NtlmFlags.NegotiateNtlm2Key;
message = type1;
}
else if (message.Type == 1)
{
// Should I check the credentials?
if (challenge == null)
{
message = null;
return(null);
}
Type2Message type2 = new Type2Message(Convert.FromBase64String(challenge));
if (password == null)
{
password = "";
}
Type3Message type3 = new Type3Message(type2);
type3.Username = userName;
type3.Password = password;
message = type3;
completed = true;
}
else
{
// Should I check the credentials?
// type must be 3 here
if (challenge == null || challenge == String.Empty)
{
Type1Message type1 = new Type1Message();
type1.Domain = domain;
type1.Host = ""; // MS does not send it
message = type1;
}
else
{
completed = true;
}
}
string token = "NTLM " + Convert.ToBase64String(message.GetBytes());
return(new Authorization(token, completed));
}
public void Challenge_Null()
{
Type3Message msg = new Type3Message();
msg.Challenge = null;
}
/// <exception cref="SharpCifs.Smb.SmbException"></exception>
public virtual byte[] InitSecContext(byte[] token, int offset, int len)
{
switch (State)
{
case 1:
{
Type1Message msg1 = new Type1Message(NtlmsspFlags,
Auth.GetDomain(),
Workstation);
token = msg1.ToByteArray();
if (Log.Level >= 4)
{
Log.WriteLine(msg1);
if (Log.Level >= 6)
{
Hexdump.ToHexdump(Log, token, 0, token.Length);
}
}
State++;
break;
}
case 2:
{
try
{
Type2Message msg2 = new Type2Message(token);
if (Log.Level >= 4)
{
Log.WriteLine(msg2);
if (Log.Level >= 6)
{
Hexdump.ToHexdump(Log, token, 0, token.Length);
}
}
ServerChallenge = msg2.GetChallenge();
NtlmsspFlags &= msg2.GetFlags();
//netbiosName = getNtlmsspListItem(token, 0x0001);
Type3Message msg3 = new Type3Message(msg2,
Auth.GetPassword(),
Auth.GetDomain(),
Auth.GetUsername(),
Workstation,
NtlmsspFlags);
token = msg3.ToByteArray();
if (Log.Level >= 4)
{
Log.WriteLine(msg3);
if (Log.Level >= 6)
{
Hexdump.ToHexdump(Log, token, 0, token.Length);
}
}
if ((NtlmsspFlags & NtlmFlags.NtlmsspNegotiateSign) != 0)
{
SigningKey = msg3.GetMasterKey();
}
isEstablished = true;
State++;
break;
}
catch (Exception e)
{
throw new SmbException(e.Message, e);
}
}
default:
{
throw new SmbException("Invalid state");
}
}
return token;
}
public void Challenge_InvalidLength()
{
Type3Message msg = new Type3Message();
msg.Challenge = new byte [9];
}
public Authorization Authenticate (string challenge, WebRequest webRequest, ICredentials credentials)
{
HttpWebRequest request = webRequest as HttpWebRequest;
if (request == null)
return null;
NetworkCredential cred = credentials.GetCredential (request.RequestUri, "NTLM");
if (cred == null)
return null;
string userName = cred.UserName;
string domain = cred.Domain;
string password = cred.Password;
if (userName == null || userName == "")
return null;
if (String.IsNullOrEmpty (domain)) {
int idx = userName.IndexOf ('\\');
if (idx == -1) {
idx = userName.IndexOf ('/');
}
if (idx >= 0) {
domain = userName.Substring (0, idx);
userName = userName.Substring (idx + 1);
}
}
bool completed = false;
if (message == null) {
Type1Message type1 = new Type1Message ();
type1.Domain = domain;
type1.Host = ""; // MS does not send it
type1.Flags |= NtlmFlags.NegotiateNtlm2Key;
message = type1;
} else if (message.Type == 1) {
// Should I check the credentials?
if (challenge == null) {
message = null;
return null;
}
Type2Message type2 = new Type2Message (Convert.FromBase64String (challenge));
if (password == null)
password = "";
Type3Message type3 = new Type3Message (type2);
type3.Username = userName;
type3.Password = password;
type3.Domain = domain;
message = type3;
completed = true;
} else {
// Should I check the credentials?
// type must be 3 here
if (challenge == null || challenge == String.Empty) {
Type1Message type1 = new Type1Message ();
type1.Domain = domain;
type1.Host = ""; // MS does not send it
message = type1;
} else {
completed = true;
}
}
string token = "NTLM " + Convert.ToBase64String (message.GetBytes ());
return new Authorization (token, completed);
}
