// Class(60) {
// OID(spnego),
// Class(A0) {
// Class(30) {
// Class(A0) {
// Class(30) { OID,OID,OID} },
// Class(A2) { OctetStream } } } }
public byte [] ProcessSpnegoInitialContextTokenRequest ()
{
Type1Message type1 = new Type1Message (NtlmVersion.Version3);
type1.Flags = unchecked ((NtlmFlags) 0xE21882B7);
type1.Domain = "WORKGROUP"; // FIXME: remove it
ASN1 asn = new ASN1 (0x60);
ASN1 asn2 = new ASN1 (0xA0);
ASN1 asn21 = new ASN1 (0x30);
ASN1 asn211 = new ASN1 (0xA0);
ASN1 asn2111 = new ASN1 (0x30);
asn211.Add (asn2111);
asn2111.Add (ASN1Convert.FromOid (Constants.OidNtlmSsp));
asn2111.Add (ASN1Convert.FromOid (Constants.OidKerberos5));
asn2111.Add (ASN1Convert.FromOid (Constants.OidMIT));
ASN1 asn212 = new ASN1 (0xA2);
ASN1 asn2121 = new ASN1 (0x4);
asn2121.Value = type1.GetBytes ();
asn212.Add (asn2121);
asn21.Add (asn211);
asn21.Add (asn212);
asn2.Add (asn21);
asn.Add (ASN1Convert.FromOid (Constants.OidSpnego));
asn.Add (asn2);
return asn.GetBytes ();
}
// Example from http://www.innovation.ch/java/ntlm.html
public void Encode1 ()
{
Type1Message msg = new Type1Message ();
AssertEquals ("Type", 1, msg.Type);
msg.Domain = "Ursa-Minor";
msg.Host = "LightCity";
AssertEquals ("GetBytes", "4E-54-4C-4D-53-53-50-00-01-00-00-00-07-B2-00-00-0A-00-0A-00-29-00-00-00-09-00-09-00-20-00-00-00-4C-49-47-48-54-43-49-54-59-55-52-53-41-2D-4D-49-4E-4F-52", BitConverter.ToString (msg.GetBytes ()));
}
// Example from http://davenport.sourceforge.net/ntlm.html#type1MessageExample
public void Decode2 ()
{
byte[] data = { 0x4e, 0x54, 0x4c, 0x4d, 0x53, 0x53, 0x50, 0x00, 0x01, 0x00, 0x00, 0x00, 0x07, 0x32, 0x00, 0x00, 0x06, 0x00, 0x06, 0x00, 0x2b, 0x00, 0x00, 0x00, 0x0b, 0x00, 0x0b, 0x00, 0x20, 0x00, 0x00, 0x00, 0x57, 0x4f, 0x52, 0x4b, 0x53, 0x54, 0x41, 0x54, 0x49, 0x4f, 0x4e, 0x44, 0x4f, 0x4d, 0x41, 0x49, 0x4e };
Type1Message msg = new Type1Message (data);
AssertEquals ("Domain", "DOMAIN", msg.Domain);
AssertEquals ("Flags", (NtlmFlags)0x3207, msg.Flags);
AssertEquals ("Host", "WORKSTATION", msg.Host);
AssertEquals ("Type", 1, msg.Type);
}
// Example from http://www.innovation.ch/java/ntlm.html
public void Decode1 ()
{
byte[] data = { 0x4e, 0x54, 0x4c, 0x4d, 0x53, 0x53, 0x50, 0x00, 0x01, 0x00, 0x00, 0x00, 0x03, 0xb2, 0x00, 0x00, 0x0a, 0x00, 0x0a, 0x00, 0x29, 0x00, 0x00, 0x00, 0x09, 0x00, 0x09, 0x00, 0x20, 0x00, 0x00, 0x00, 0x4c, 0x49, 0x47, 0x48, 0x54, 0x43, 0x49, 0x54, 0x59, 0x55, 0x52, 0x53, 0x41, 0x2d, 0x4d, 0x49, 0x4e, 0x4f, 0x52 };
Type1Message msg = new Type1Message (data);
AssertEquals ("Domain", "URSA-MINOR", msg.Domain);
AssertEquals ("Flags", (NtlmFlags)0xb203, msg.Flags);
AssertEquals ("Host", "LIGHTCITY", msg.Host);
AssertEquals ("Type", 1, msg.Type);
}
// Example from http://davenport.sourceforge.net/ntlm.html#type1MessageExample
public void Decode2 ()
{
byte[] data = { 0x4e, 0x54, 0x4c, 0x4d, 0x53, 0x53, 0x50, 0x00, 0x01, 0x00, 0x00, 0x00, 0x07, 0x32, 0x00, 0x00, 0x06, 0x00, 0x06, 0x00, 0x2b, 0x00, 0x00, 0x00, 0x0b, 0x00, 0x0b, 0x00, 0x20, 0x00, 0x00, 0x00, 0x57, 0x4f, 0x52, 0x4b, 0x53, 0x54, 0x41, 0x54, 0x49, 0x4f, 0x4e, 0x44, 0x4f, 0x4d, 0x41, 0x49, 0x4e };
Type1Message msg = new Type1Message (data);
Assert.AreEqual ("DOMAIN", msg.Domain, "Domain");
Assert.AreEqual ((NtlmFlags)0x3207, msg.Flags, "Flags");
Assert.AreEqual ("WORKSTATION", msg.Host, "Host");
Assert.AreEqual (1, msg.Type, "Type");
}
// Example from http://www.innovation.ch/java/ntlm.html
public void Decode1 ()
{
byte[] data = { 0x4e, 0x54, 0x4c, 0x4d, 0x53, 0x53, 0x50, 0x00, 0x01, 0x00, 0x00, 0x00, 0x03, 0xb2, 0x00, 0x00, 0x0a, 0x00, 0x0a, 0x00, 0x29, 0x00, 0x00, 0x00, 0x09, 0x00, 0x09, 0x00, 0x20, 0x00, 0x00, 0x00, 0x4c, 0x49, 0x47, 0x48, 0x54, 0x43, 0x49, 0x54, 0x59, 0x55, 0x52, 0x53, 0x41, 0x2d, 0x4d, 0x49, 0x4e, 0x4f, 0x52 };
Type1Message msg = new Type1Message (data);
Assert.AreEqual ("URSA-MINOR", msg.Domain, "Domain");
Assert.AreEqual ((NtlmFlags)0xb203, msg.Flags, "Flags");
Assert.AreEqual ("LIGHTCITY", msg.Host, "Host");
Assert.AreEqual (1, msg.Type, "Type");
}
public Authorization Authenticate (string challenge, WebRequest webRequest, ICredentials credentials)
{
HttpWebRequest request = webRequest as HttpWebRequest;
if (request == null)
return null;
NetworkCredential cred = credentials.GetCredential (request.RequestUri, "NTLM");
if (cred == null)
return null;
string userName = cred.UserName;
string domain = cred.Domain;
string password = cred.Password;
if (userName == null || userName == "")
return null;
domain = domain != null && domain.Length > 0 ? domain : request.Headers ["Host"];
bool completed = false;
if (message == null) {
Type1Message type1 = new Type1Message ();
type1.Domain = domain;
message = type1;
} else if (message.Type == 1) {
// Should I check the credentials?
if (challenge == null) {
message = null;
return null;
}
Type2Message type2 = new Type2Message (Convert.FromBase64String (challenge));
if (password == null)
password = "";
Type3Message type3 = new Type3Message ();
type3.Domain = domain;
type3.Username = userName;
type3.Challenge = type2.Nonce;
type3.Password = password;
message = type3;
completed = true;
} else {
// Should I check the credentials?
// type must be 3 here
if (challenge == null || challenge == String.Empty) {
Type1Message type1 = new Type1Message ();
type1.Domain = domain;
message = type1;
} else {
completed = true;
}
}
string token = "NTLM " + Convert.ToBase64String (message.GetBytes ());
return new Authorization (token, completed);
}
public Authorization Authenticate (string challenge, WebRequest webRequest, ICredentials credentials)
{
HttpWebRequest request = webRequest as HttpWebRequest;
if (request == null)
return null;
NetworkCredential cred = credentials.GetCredential (request.RequestUri, "NTLM");
if (cred == null)
return null;
string userName = cred.UserName;
string domain = cred.Domain;
string password = cred.Password;
if (userName == null || userName == "")
return null;
if (String.IsNullOrEmpty (domain)) {
int idx = userName.IndexOf ('\\');
if (idx == -1) {
idx = userName.IndexOf ('/');
}
if (idx >= 0) {
domain = userName.Substring (0, idx);
userName = userName.Substring (idx + 1);
}
}
bool completed = false;
if (message == null) {
Type1Message type1 = new Type1Message ();
type1.Domain = domain;
type1.Host = ""; // MS does not send it
type1.Flags |= NtlmFlags.NegotiateNtlm2Key;
message = type1;
} else if (message.Type == 1) {
// Should I check the credentials?
if (challenge == null) {
message = null;
return null;
}
Type2Message type2 = new Type2Message (Convert.FromBase64String (challenge));
if (password == null)
password = "";
Type3Message type3 = new Type3Message (type2);
type3.Username = userName;
type3.Password = password;
type3.Domain = domain;
message = type3;
completed = true;
} else {
// Should I check the credentials?
// type must be 3 here
if (challenge == null || challenge == String.Empty) {
Type1Message type1 = new Type1Message ();
type1.Domain = domain;
type1.Host = ""; // MS does not send it
message = type1;
} else {
completed = true;
}
}
string token = "NTLM " + Convert.ToBase64String (message.GetBytes ());
return new Authorization (token, completed);
}
public override bool Connect (TdsConnectionParameters connectionParameters)
{
if (IsConnected)
throw new InvalidOperationException ("The connection is already open.");
connectionParms = connectionParameters;
SetLanguage (connectionParameters.Language);
SetCharset ("utf-8");
byte[] empty = new byte[0];
short authLen = 0;
byte pad = (byte) 0;
byte[] domainMagic = { 6, 0x7d, 0x0f, 0xfd, 0xff, 0x0, 0x0, 0x0,
0x0, 0xe0, 0x83, 0x0, 0x0,
0x68, 0x01, 0x00, 0x00, 0x09, 0x04, 0x00, 0x00 };
byte[] sqlserverMagic = { 6, 0x0, 0x0, 0x0,
0x0, 0x0, 0x0, 0x0,
0x0, 0xe0, 0x03, 0x0,
0x0, 0x0, 0x0, 0x0, 0x0, 0x0,
0x0, 0x0, 0x0 };
byte[] magic = null;
if (connectionParameters.DomainLogin)
magic = domainMagic;
else
magic = sqlserverMagic;
string username = connectionParameters.User;
string domain = null;
int idx = username.IndexOf ("\\");
if (idx != -1) {
domain = username.Substring (0, idx);
username = username.Substring (idx + 1);
connectionParameters.DefaultDomain = domain;
connectionParameters.User = username;
} else {
domain = Environment.UserDomainName;
connectionParameters.DefaultDomain = domain;
}
short partialPacketSize = (short) (86 + (
connectionParameters.Hostname.Length +
connectionParameters.ApplicationName.Length +
DataSource.Length +
connectionParameters.LibraryName.Length +
Language.Length +
connectionParameters.Database.Length +
connectionParameters.AttachDBFileName.Length) * 2);
if (connectionParameters.DomainLogin) {
authLen = ((short) (32 + (connectionParameters.Hostname.Length +
domain.Length)));
partialPacketSize += authLen;
} else
partialPacketSize += ((short) ((username.Length + connectionParameters.Password.Length) * 2));
int totalPacketSize = partialPacketSize;
Comm.StartPacket (TdsPacketType.Logon70);
Comm.Append (totalPacketSize);
//Comm.Append (empty, 3, pad);
//byte[] version = {0x00, 0x0, 0x0, 0x71};
//Console.WriteLine ("Version: {0}", ClientVersion[3]);
Comm.Append (ClientVersion); // TDS Version 7
Comm.Append ((int)this.PacketSize); // Set the Block Size
Comm.Append (empty, 3, pad);
Comm.Append (magic);
short curPos = 86;
// Hostname
Comm.Append (curPos);
Comm.Append ((short) connectionParameters.Hostname.Length);
curPos += (short) (connectionParameters.Hostname.Length * 2);
if (connectionParameters.DomainLogin) {
Comm.Append((short)0);
Comm.Append((short)0);
Comm.Append((short)0);
Comm.Append((short)0);
} else {
// Username
Comm.Append (curPos);
Comm.Append ((short) username.Length);
curPos += ((short) (username.Length * 2));
// Password
Comm.Append (curPos);
Comm.Append ((short) connectionParameters.Password.Length);
curPos += (short) (connectionParameters.Password.Length * 2);
}
// AppName
Comm.Append (curPos);
Comm.Append ((short) connectionParameters.ApplicationName.Length);
curPos += (short) (connectionParameters.ApplicationName.Length * 2);
// Server Name
Comm.Append (curPos);
Comm.Append ((short) DataSource.Length);
curPos += (short) (DataSource.Length * 2);
// Unknown
Comm.Append ((short) curPos);
Comm.Append ((short) 0);
// Library Name
Comm.Append (curPos);
Comm.Append ((short) connectionParameters.LibraryName.Length);
curPos += (short) (connectionParameters.LibraryName.Length * 2);
// Language
Comm.Append (curPos);
Comm.Append ((short) Language.Length);
curPos += (short) (Language.Length * 2);
// Database
Comm.Append (curPos);
Comm.Append ((short) connectionParameters.Database.Length);
curPos += (short) (connectionParameters.Database.Length * 2);
// MAC Address
Comm.Append((byte) 0);
Comm.Append((byte) 0);
Comm.Append((byte) 0);
Comm.Append((byte) 0);
Comm.Append((byte) 0);
Comm.Append((byte) 0);
// Authentication Stuff
Comm.Append ((short) curPos);
if (connectionParameters.DomainLogin) {
Comm.Append ((short) authLen);
curPos += (short) authLen;
} else
Comm.Append ((short) 0);
// Unknown
Comm.Append (curPos);
Comm.Append ((short)( connectionParameters.AttachDBFileName.Length));
curPos += (short)(connectionParameters.AttachDBFileName.Length*2);
// Connection Parameters
Comm.Append (connectionParameters.Hostname);
if (!connectionParameters.DomainLogin) {
// SQL Server Authentication
Comm.Append (connectionParameters.User);
string scrambledPwd = EncryptPassword (connectionParameters.Password);
Comm.Append (scrambledPwd);
}
Comm.Append (connectionParameters.ApplicationName);
Comm.Append (DataSource);
Comm.Append (connectionParameters.LibraryName);
Comm.Append (Language);
Comm.Append (connectionParameters.Database);
if (connectionParameters.DomainLogin) {
// the rest of the packet is NTLMSSP authentication
Type1Message msg = new Type1Message ();
msg.Domain = domain;
msg.Host = connectionParameters.Hostname;
msg.Flags = NtlmFlags.NegotiateUnicode |
NtlmFlags.NegotiateNtlm |
NtlmFlags.NegotiateDomainSupplied |
NtlmFlags.NegotiateWorkstationSupplied |
NtlmFlags.NegotiateAlwaysSign; // 0xb201
Comm.Append (msg.GetBytes ());
}
Comm.Append (connectionParameters.AttachDBFileName);
Comm.SendPacket ();
MoreResults = true;
SkipToEnd ();
return IsConnected;
}
public void ProcessMessageType1 (byte [] raw)
{
type1 = new Type1Message (raw, NtlmVersion.Version3);
}
public byte [] ProcessMessageType1 ()
{
Type1Message type1 = new Type1Message (NtlmVersion.Version3);
type1.Flags = unchecked ((NtlmFlags) 0xE21882B7);
return type1.GetBytes ();
}
public void Run(string username, string password)
{
Console.WriteLine ("=========");
helper.StandardInput.WriteLine ("SF NTLMSSP_FEATURE_SESSION_KEY");
var sf_response = helper.StandardOutput.ReadLine ();
Console.WriteLine (sf_response);
if (sf_response != "OK")
throw new InvalidDataException (sf_response);
var pw_bytes = Encoding.ASCII.GetBytes (password);
helper.StandardInput.WriteLine ("PW " + Convert.ToBase64String (pw_bytes));
var pw_result = helper.StandardOutput.ReadLine ();
if (pw_result != "OK")
throw new InvalidDataException (pw_result);
var type1 = new Type1Message ();
type1.Flags |= NtlmFlags.NegotiateNtlm2Key;
helper.StandardInput.WriteLine ("KK " + Convert.ToBase64String (type1.GetBytes ()));
var type1_res = helper.StandardOutput.ReadLine ();
if (!type1_res.StartsWith ("TT "))
throw new InvalidDataException ();
var type2 = new Type2Message (Convert.FromBase64String (type1_res.Substring (3)));
Console.WriteLine ("TYPE2: {0:x} {1}", type2.Flags, type2.Flags);
var type3 = new Type3Message (type2);
type3.Domain = "SOL";
type3.Host = "PROVCON-FAUST";
type3.Username = username;
type3.Password = password;
var bytes = type3.GetBytes ();
helper.StandardInput.WriteLine ("KK {0}", Convert.ToBase64String (bytes));
var response2 = helper.StandardOutput.ReadLine ();
Console.WriteLine (response2);
if (!response2.StartsWith ("AF "))
throw new InvalidDataException (response2);
}
public override void Authenticate(byte[] clientResponse, out byte[] serverChallenge)
{
#pragma warning disable 168
#if MONO_SECURITY_DLL
var type3 = new Type1Message(clientResponse);
#else
var type3 = Activator.CreateInstance(typeOfType3Message, clientResponse);
#endif
#pragma warning restore 168
throw new NotImplementedException();
}
public override void Negotiate(byte[] clientResponse, out byte[] serverChallenge)
{
#if MONO_SECURITY_DLL
var type1 = new Type1Message(clientResponse);
var type2 = new Type2Message();
if ((int)(type1.Flags & NtlmFlags.NegotiateUnicode) != 0)
type2.Flags |= NtlmFlags.NegotiateUnicode;
else if ((int)(type1.Flags & NtlmFlags.NegotiateOem) != 0)
type2.Flags |= NtlmFlags.NegotiateOem;
type2.Nonce = Nonce.Create(8, false);
serverChallenge = type2.GetBytes();
#else
var type1 = Activator.CreateInstance(typeOfType1Message, clientResponse);
var type2 = Activator.CreateInstance(typeOfType2Message);
var type1Flags = (int)typeOfType1Message.GetProperty("Flags").GetValue(type1, null);
var type2Flags = 0x00000200; // NegotiateNtlm
if ((type1Flags & 0x00000001) != 0) // NegotiateUnicode
type2Flags |= 0x00000001;
else if ((type1Flags & 0x00000002) != 0) // NegotiateOem
type2Flags |= 0x00000002;
typeOfType2Message.GetProperty("Flags").SetValue(type2, type2Flags, null);
typeOfType2Message.GetProperty("Nonce").SetValue(type2, Nonce.Generate(8, false), null);
serverChallenge = (byte[])typeOfType2Message.GetMethod("GetBytes").Invoke(type2, null);
#endif
}
protected override SaslExchangeStatus Exchange(ByteString serverChallenge, out ByteString clientResponse)
{
if (Credential == null)
throw new SaslException("Credential property must be set");
clientResponse = null;
switch (step) {
case 0: { // send NTLM negotiate message (Type 1)
const NtlmFlags type1Flags =
NtlmFlags.RequestTarget |
NtlmFlags.NegotiateNtlm |
NtlmFlags.NegotiateUnicode |
NtlmFlags.NegotiateOem |
NtlmFlags.NegotiateDomainSupplied |
NtlmFlags.NegotiateWorkstationSupplied;
var type1 = new Type1Message();
type1.Flags = type1Flags;
type1.Host = TargetHost ?? string.Empty; // ?
type1.Domain = Credential.Domain ?? string.Empty;
clientResponse = new ByteString(type1.GetBytes());
step++;
return SaslExchangeStatus.Continuing;
}
case 1: { // receive NTLM challenge message (Type 2) and send NTLM authenticate message (Type 3)
if (string.IsNullOrEmpty(Credential.UserName) || string.IsNullOrEmpty(Credential.Password))
return SaslExchangeStatus.Failed;
var type2 = new Type2Message(serverChallenge.ByteArray);
var type3 = new Type3Message();
type3.Flags = NtlmFlags.NegotiateNtlm | NtlmFlags.NegotiateUnicode; // XXX
type3.Host = TargetHost ?? string.Empty; // ?
type3.Domain = Credential.Domain ?? string.Empty;
type3.Challenge = type2.Nonce;
type3.Password = Credential.Password;
type3.Username = Credential.UserName;
clientResponse = new ByteString(type3.GetBytes());
step++;
return SaslExchangeStatus.Succeeded;
}
default:
clientResponse = null;
return SaslExchangeStatus.Failed; // unexpected server challenge
}
}
