public bool IsPasswordEmpty(AuthenticateMessage message)
{
// Special case for anonymous authentication, see [MS-NLMP] 3.3.1 - NTLM v1 Authentication
if (message.LmChallengeResponse.Length == 1 || message.NtChallengeResponse.Length == 0)
{
return(true);
}
byte[] clientChallenge = ByteReader.ReadBytes(message.LmChallengeResponse, 0, 8);
byte[] emptyPasswordNTLMv1Response = NTAuthentication.ComputeNTLMv1ExtendedSecurityResponse(m_serverChallenge, clientChallenge, String.Empty);
if (ByteUtils.AreByteArraysEqual(emptyPasswordNTLMv1Response, message.NtChallengeResponse))
{
return(true);
}
if (message.NtChallengeResponse.Length > 24)
{
NTLMv2ClientChallengeStructure clientChallengeStructure = new NTLMv2ClientChallengeStructure(message.NtChallengeResponse, 16);
byte[] clientChallengeStructurePadded = clientChallengeStructure.GetBytesPadded();
byte[] emptyPasswordNTLMv2Response = NTAuthentication.ComputeNTLMv2Response(m_serverChallenge, clientChallengeStructurePadded, String.Empty, message.UserName, message.DomainName);
if (ByteUtils.AreByteArraysEqual(emptyPasswordNTLMv2Response, message.NtChallengeResponse))
{
return(true);
}
}
return(false);
}
public override async Task <AuthenticateResponse> Authenticate(AuthenticateMessage request,
ServerCallContext context)
{
try
{
var userEntity = await _coreService.Authenticate(request.Name, EncodePassword(request.Password));
if (userEntity != null)
{
return(new AuthenticateResponse
{
Code = ResponseCode.Success,
Data = _mapper.Map <User>(userEntity)
});
}
return(new AuthenticateResponse
{
Code = ResponseCode.GeneralError,
Message = "Invalid username or password."
});
}
catch (Exception e)
{
return(new AuthenticateResponse
{
Code = ResponseCode.GeneralError,
Message = e.Message
});
}
}
private bool Authenticate()
{
try
{
lock (this)
{
if (string.IsNullOrWhiteSpace(RequestedUsername))
{
return(false);
}
_webSocket = new WebSocket(Endpoint);
_webSocket.OnMessage += HandleAuthResponseMessage;
_webSocket.Connect();
}
int tries = 40; // wait for 10 seconds
while (ReadyState != WebSocketState.Open && tries > 0)
{
Thread.Sleep(250);
tries--;
}
if (ReadyState != WebSocketState.Open)
{
throw new Exception("Websocket Timeout");
}
AuthenticateMessage requestMessage = new AuthenticateMessage();
requestMessage.PlayerName = RequestedUsername;
string msg = JsonConvert.SerializeObject(requestMessage);
lock (this)
{
if (_webSocket != null)
{
_webSocket.Send(msg);
}
}
// wait for the delegate function to set _currentPlayer
tries = 10;
while (_currentPlayer == null && tries > 0)
{
Thread.Sleep(1000);
tries--;
}
}
catch (Exception e)
{
Log(e.ToString());
ResetSavedSession();
}
lock (this)
{
_webSocket.Close();
_webSocket = null;
}
return(_currentPlayer != null);
}
private static AuthenticateMessage CreateAuthenticateMessage(string accountNameToAuth, byte[] lmChallengeResponse, byte[] ntChallengeResponse)
{
AuthenticateMessage authenticateMessage = new AuthenticateMessage();
authenticateMessage.NegotiateFlags = NegotiateFlags.UnicodeEncoding |
NegotiateFlags.OEMEncoding |
NegotiateFlags.Sign |
NegotiateFlags.NTLMSessionSecurity |
NegotiateFlags.AlwaysSign |
NegotiateFlags.Version |
NegotiateFlags.Use128BitEncryption |
NegotiateFlags.Use56BitEncryption;
if (AuthenticationMessageUtils.IsNTLMv1ExtendedSessionSecurity(lmChallengeResponse) ||
AuthenticationMessageUtils.IsNTLMv2NTResponse(ntChallengeResponse))
{
authenticateMessage.NegotiateFlags |= NegotiateFlags.ExtendedSessionSecurity;
}
else
{
authenticateMessage.NegotiateFlags |= NegotiateFlags.LanManagerSessionKey;
}
authenticateMessage.UserName = accountNameToAuth;
authenticateMessage.LmChallengeResponse = lmChallengeResponse;
authenticateMessage.NtChallengeResponse = ntChallengeResponse;
authenticateMessage.Version = NTLMVersion.Server2003;
return(authenticateMessage);
}
public void HandleIncomingMessage(Message msg)
{
switch (msg.GetNetworkMessageType())
{
case NetworkMessageType.Authenticate:
AuthenticateMessage mA = msg as AuthenticateMessage;
client.InitClient(mA.ClientId, "This is Client \n Id:" + mA.ClientId);
break;
case NetworkMessageType.Transform:
TransformMessage transformMsg = msg as TransformMessage;
if (!client.IsClientsCharacterCreated)
{
client.CreateClientsCharacter(transformMsg);
}
else
{
if (transformMsg.AcknowledgmentId != -1)
{
int acknoledgmentIdx = unAcknowledgedInputRequests.
FindIndex(it => it.RequestId == transformMsg.AcknowledgmentId);
if (acknoledgmentIdx != -1)
{
/* Removes this unacknowledged message and all that came before */
unAcknowledgedInputRequests.RemoveRange(0, acknoledgmentIdx + 1);
/* Peform position prediction based on last acknowledged position */
lastAcknowledgedPosition = transformMsg.Position.Vect3;
Vector3 newPosBasedOnAck = new Vector3(lastAcknowledgedPosition.x,
lastAcknowledgedPosition.y, lastAcknowledgedPosition.z);
foreach (InputMessage inputMsg in unAcknowledgedInputRequests)
{
newPosBasedOnAck += client.GetPositionChangeBasedOnInput(inputMsg);
}
client.SlowlyUpdateCharactersPosition(newPosBasedOnAck);
}
}
else
{
client.UpdateCharactersTransform(transformMsg);
}
}
break;
case NetworkMessageType.MultipleTransforms:
MultipleTranformMessage multipleTransfMsg = msg as MultipleTranformMessage;
/* Update other player characters */
otherPlayerCharManager.UpdateOtherCharPosition(multipleTransfMsg);
break;
case NetworkMessageType.Disconnect:
otherPlayerCharManager.DespawnDisconnectedPlayer(msg as DisconnectMessage);
break;
}
}
private void authenticated(AuthenticateMessage msg)
{
if (msg.IsAuthenticate)
{
this.User = msg.LoginName;
_manager.RequestNavigate(RegionNames.ContentTopRegion, new Uri(ViewNames.ModernFinder, UriKind.Relative));
var reg = _manager.Regions[RegionNames.LeftRegion];
reg.Remove(reg.Views.First());
}
}
internal static SMB1Command GetSessionSetupResponse(SMB1Header header, SessionSetupAndXRequest request, GSSProvider securityProvider, SMB1ConnectionState state)
{
SessionSetupAndXResponse response = new SessionSetupAndXResponse();
// The PrimaryDomain field in the request is used to determine with domain controller should authenticate the user credentials,
// However, the domain controller itself does not use this field.
// See: http://msdn.microsoft.com/en-us/library/windows/desktop/aa378749%28v=vs.85%29.aspx
AuthenticateMessage message = CreateAuthenticateMessage(request.AccountName, request.OEMPassword, request.UnicodePassword);
header.Status = securityProvider.NTLMAuthenticate(state.AuthenticationContext, message);
if (header.Status != NTStatus.STATUS_SUCCESS)
{
state.LogToServer(Severity.Information, "Session Setup: User '{0}' failed authentication (Domain: '{1}', OS: '{2}'), NTStatus: {3}", request.AccountName, request.PrimaryDomain, request.NativeOS, header.Status);
return(new ErrorResponse(request.CommandName));
}
string osVersion = securityProvider.GetContextAttribute(state.AuthenticationContext, GSSAttributeName.OSVersion) as string;
byte[] sessionKey = securityProvider.GetContextAttribute(state.AuthenticationContext, GSSAttributeName.SessionKey) as byte[];
object accessToken = securityProvider.GetContextAttribute(state.AuthenticationContext, GSSAttributeName.AccessToken);
bool? isGuest = securityProvider.GetContextAttribute(state.AuthenticationContext, GSSAttributeName.IsGuest) as bool?;
SMB1Session session;
if (!isGuest.HasValue || !isGuest.Value)
{
state.LogToServer(Severity.Information, "Session Setup: User '{0}' authenticated successfully (Domain: '{1}', Workstation: '{2}', OS version: '{3}').", message.UserName, message.DomainName, message.WorkStation, osVersion);
session = state.CreateSession(message.UserName, message.WorkStation, sessionKey, accessToken);
}
else
{
state.LogToServer(Severity.Information, "Session Setup: User '{0}' failed authentication (Domain: '{1}', Workstation: '{2}', OS version: '{3}'), logged in as guest.", message.UserName, message.DomainName, message.WorkStation, osVersion);
session = state.CreateSession("Guest", message.WorkStation, sessionKey, accessToken);
response.Action = SessionSetupAction.SetupGuest;
}
if (session == null)
{
header.Status = NTStatus.STATUS_TOO_MANY_SESSIONS;
return(new ErrorResponse(request.CommandName));
}
header.UID = session.UserID;
response.PrimaryDomain = request.PrimaryDomain;
if ((request.Capabilities & ServerCapabilities.LargeRead) > 0)
{
state.LargeRead = true;
}
if ((request.Capabilities & ServerCapabilities.LargeWrite) > 0)
{
state.LargeWrite = true;
}
response.NativeOS = String.Empty; // "Windows Server 2003 3790 Service Pack 2"
response.NativeLanMan = String.Empty; // "Windows Server 2003 5.2"
return(response);
}
/// <summary>
/// Helper method for legacy implementation.
/// </summary>
public virtual NTStatus NtlmAuthenticate(GssContext?context, AuthenticateMessage authenticateMessage)
{
if (context == null || !ByteUtils.AreByteArraysEqual(context.Mechanism.Identifier, NtlmSspIdentifier))
{
return(NTStatus.SEC_E_SECPKG_NOT_FOUND);
}
IGssMechanism mechanism = context.Mechanism;
NTStatus result = mechanism.AcceptSecurityContext(ref context.MechanismContext, authenticateMessage.GetBytes(), out _);
return(result);
}
/// <summary>
/// Helper method for legacy implementation.
/// </summary>
public virtual NTStatus NTLMAuthenticate(GSSContext context, AuthenticateMessage authenticateMessage)
{
if (context != null && ByteUtils.AreByteArraysEqual(context.Mechanism.Identifier, NTLMSSPIdentifier))
{
IGSSMechanism mechanism = context.Mechanism;
byte[] outputToken;
NTStatus result = mechanism.AcceptSecurityContext(ref context.MechanismContext, authenticateMessage.GetBytes(), out outputToken);
return(result);
}
else
{
return(NTStatus.SEC_E_SECPKG_NOT_FOUND);
}
}
public static AuthenticateMessage Parse(byte[] Data)
{
var parsedMessage = new AuthenticateMessage();
parsedMessage.ZSecurityRequestSignature = System.Text.Encoding.ASCII.GetString(Data, 0, 4);
parsedMessage.Unkown_0 = BitConverter.ToInt32(Data, 4);
parsedMessage.ZWatchSignature = System.Text.Encoding.ASCII.GetString(Data, 8, 4);
parsedMessage.Unkown_1 = BitConverter.ToInt32(Data, 12);
parsedMessage.Unkown_2 = new byte[20];
Buffer.BlockCopy(Data, 13, parsedMessage.Unkown_2, 0, parsedMessage.Unkown_2.Length);
return(parsedMessage);
}
public static IMessageStruct ParseMessageData(Message message)
{
switch ((Message.TYPE_ID)message.TypeID)
{
case Message.TYPE_ID.FIRST_SECURE_MESSAGE:
return(FirstSecureMessage.Parse(message.Data));
case Message.TYPE_ID.FIRST_SECURE_MESSAGE_SERVER:
return(FirstSecureMessageServer.Parse(message.Data));
case Message.TYPE_ID.GENERATE_SECURITY_CONTEXT:
return(GenerateSecurityContext.Parse(message.Data));
case Message.TYPE_ID.SECURITY_CONTEXT_SERVER_MSG:
return(SecurityContextServer.Parse(message.Data));
case Message.TYPE_ID.AUTHENTICATE_MSG:
return(AuthenticateMessage.Parse(message.Data));
case Message.TYPE_ID.SERVER_ACCESS_GRANTED:
return(ServerAccessGranted.Parse(message.Data));
case Message.TYPE_ID.SERVER_ACCESS_DENIED:
return(ServerAccessDenied.Parse(message.Data));
case Message.TYPE_ID.CONNECT_MSG:
return(ConnectMessage.Parse(message.Data));
case Message.TYPE_ID.CONNECT_ACK_MSG:
return(ConnectAckMessage.Parse(message.Data));
case Message.TYPE_ID.STATE_MSG:
return(StateMessage.Parse(message.Data));
case Message.TYPE_ID.USER_MSG:
return(UserMessage.Parse(message.Data));
case Message.TYPE_ID.ERROR_MSG:
return(ErrorMessage.Parse(message.Data));
case Message.TYPE_ID.WATCH_MSG:
return(WatchMessage.Parse(message.Data));
case Message.TYPE_ID.DATA_MSG:
return(DataMessage.Parse(message.Data));
default:
return(null);
}
}
private void authenticate(AuthenticateMessage msg)
{
if (msg.IsAuthenticate)
{
this.LoginPanelVisible = Visibility.Collapsed;
this.AbonentPanelVisible = Visibility.Visible;
this.IsAuthenticate = true;
}
else
{
this.LoginPanelVisible = Visibility.Visible;
this.AbonentPanelVisible = Visibility.Collapsed;
this.IsAuthenticate = false;
}
}
/// <summary>
/// Helper method for legacy implementation.
/// </summary>
public NTStatus NTLMAuthenticate(object context, AuthenticateMessage authenticateMessage)
{
IGSSMechanism ntlmAuthenticationProvider = FindMechanism(NTLMSSPIdentifier);
if (ntlmAuthenticationProvider != null)
{
byte[] outputToken;
NTStatus result = ntlmAuthenticationProvider.AcceptSecurityContext(ref context, authenticateMessage.GetBytes(), out outputToken);
return(result);
}
else
{
return(NTStatus.SEC_E_SECPKG_NOT_FOUND);
}
}
public void TestNTLMv1ExtendedSessionSecurityKeyExchangeMIC()
{
string password = "******";
byte[] type1 = new byte[] { 0x4e, 0x54, 0x4c, 0x4d, 0x53, 0x53, 0x50, 0x00, 0x01, 0x00, 0x00, 0x00, 0x97, 0x82, 0x08, 0xe2,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x0a, 0x00, 0x00, 0x28, 0x00, 0x00, 0x00, 0x0f };
byte[] type2 = new byte[] { 0x4e, 0x54, 0x4c, 0x4d, 0x53, 0x53, 0x50, 0x00, 0x02, 0x00, 0x00, 0x00, 0x10, 0x00, 0x10, 0x00,
0x38, 0x00, 0x00, 0x00, 0x15, 0x82, 0x8a, 0xe2, 0x7a, 0x6d, 0x47, 0x52, 0x11, 0x8b, 0x9f, 0x37,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x60, 0x00, 0x60, 0x00, 0x48, 0x00, 0x00, 0x00,
0x06, 0x00, 0x71, 0x17, 0x00, 0x00, 0x00, 0x0f, 0x54, 0x00, 0x41, 0x00, 0x4c, 0x00, 0x2d, 0x00,
0x56, 0x00, 0x4d, 0x00, 0x31, 0x00, 0x30, 0x00, 0x02, 0x00, 0x10, 0x00, 0x54, 0x00, 0x41, 0x00,
0x4c, 0x00, 0x2d, 0x00, 0x56, 0x00, 0x4d, 0x00, 0x31, 0x00, 0x30, 0x00, 0x01, 0x00, 0x10, 0x00,
0x54, 0x00, 0x41, 0x00, 0x4c, 0x00, 0x2d, 0x00, 0x56, 0x00, 0x4d, 0x00, 0x31, 0x00, 0x30, 0x00,
0x04, 0x00, 0x10, 0x00, 0x54, 0x00, 0x61, 0x00, 0x6c, 0x00, 0x2d, 0x00, 0x56, 0x00, 0x4d, 0x00,
0x31, 0x00, 0x30, 0x00, 0x03, 0x00, 0x10, 0x00, 0x54, 0x00, 0x61, 0x00, 0x6c, 0x00, 0x2d, 0x00,
0x56, 0x00, 0x4d, 0x00, 0x31, 0x00, 0x30, 0x00, 0x07, 0x00, 0x08, 0x00, 0x28, 0x9a, 0x19, 0xec,
0x8d, 0x92, 0xd2, 0x01, 0x00, 0x00, 0x00, 0x00 };
byte[] type3 = new byte[] { 0x4e, 0x54, 0x4c, 0x4d, 0x53, 0x53, 0x50, 0x00, 0x03, 0x00, 0x00, 0x00, 0x18, 0x00, 0x18, 0x00,
0x7c, 0x00, 0x00, 0x00, 0x18, 0x00, 0x18, 0x00, 0x94, 0x00, 0x00, 0x00, 0x0e, 0x00, 0x0e, 0x00,
0x58, 0x00, 0x00, 0x00, 0x08, 0x00, 0x08, 0x00, 0x66, 0x00, 0x00, 0x00, 0x0e, 0x00, 0x0e, 0x00,
0x6e, 0x00, 0x00, 0x00, 0x10, 0x00, 0x10, 0x00, 0xac, 0x00, 0x00, 0x00, 0x15, 0x82, 0x88, 0xe2,
0x0a, 0x00, 0x00, 0x28, 0x00, 0x00, 0x00, 0x0f, 0xc6, 0x21, 0x82, 0x59, 0x83, 0xda, 0xc7, 0xe7,
0xfa, 0x96, 0x44, 0x67, 0x16, 0xc3, 0xb3, 0x5b, 0x54, 0x00, 0x41, 0x00, 0x4c, 0x00, 0x2d, 0x00,
0x56, 0x00, 0x4d, 0x00, 0x36, 0x00, 0x55, 0x00, 0x73, 0x00, 0x65, 0x00, 0x72, 0x00, 0x54, 0x00,
0x41, 0x00, 0x4c, 0x00, 0x2d, 0x00, 0x56, 0x00, 0x4d, 0x00, 0x36, 0x00, 0x90, 0x13, 0xb0, 0x36,
0xa4, 0xa5, 0xf0, 0x2e, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x5c, 0x46, 0xea, 0x77, 0x30, 0x44, 0xee, 0xa5, 0x98, 0x26, 0xa0, 0x93,
0x71, 0x5c, 0x83, 0xff, 0x76, 0x70, 0x1d, 0xf0, 0xb8, 0xa0, 0xad, 0x4d, 0xac, 0xe9, 0xf4, 0x5c,
0x3e, 0xb1, 0xb6, 0x48, 0x08, 0xa0, 0x46, 0x8c, 0x31, 0xe1, 0x2d, 0x60 };
byte[] serverChallenge = new ChallengeMessage(type2).ServerChallenge;
AuthenticateMessage authenticateMessage = new AuthenticateMessage(type3);
byte[] sessionBaseKey = new MD4().GetByteHashFromBytes(NTLMCryptography.NTOWFv1(password));
byte[] lmowf = NTLMCryptography.LMOWFv1(password);
byte[] exportedSessionKey = GetExportedSessionKey(sessionBaseKey, authenticateMessage, serverChallenge, lmowf);
// https://msdn.microsoft.com/en-us/library/cc236695.aspx
const int micFieldOffset = 72;
ByteWriter.WriteBytes(type3, micFieldOffset, new byte[16]);
byte[] temp = ByteUtils.Concatenate(ByteUtils.Concatenate(type1, type2), type3);
byte[] mic = new HMACMD5(exportedSessionKey).ComputeHash(temp);
byte[] expected = new byte[] { 0xc6, 0x21, 0x82, 0x59, 0x83, 0xda, 0xc7, 0xe7, 0xfa, 0x96, 0x44, 0x67, 0x16, 0xc3, 0xb3, 0x5b };
Assert.IsTrue(ByteUtils.AreByteArraysEqual(mic, expected));
}
public static bool NTLMv2AuthenticateMessageTest()
{
byte[] expected = new byte[] { 0x4e, 0x54, 0x4c, 0x4d, 0x53, 0x53, 0x50, 0x00, 0x03, 0x00, 0x00, 0x00, 0x18, 0x00, 0x18, 0x00,
0x6c, 0x00, 0x00, 0x00, 0x54, 0x00, 0x54, 0x00, 0x84, 0x00, 0x00, 0x00, 0x0c, 0x00, 0x0c, 0x00,
0x48, 0x00, 0x00, 0x00, 0x08, 0x00, 0x08, 0x00, 0x54, 0x00, 0x00, 0x00, 0x10, 0x00, 0x10, 0x00,
0x5c, 0x00, 0x00, 0x00, 0x10, 0x00, 0x10, 0x00, 0xd8, 0x00, 0x00, 0x00, 0x35, 0x82, 0x88, 0xe2,
0x05, 0x01, 0x28, 0x0a, 0x00, 0x00, 0x00, 0x0f, 0x44, 0x00, 0x6f, 0x00, 0x6d, 0x00, 0x61, 0x00,
0x69, 0x00, 0x6e, 0x00, 0x55, 0x00, 0x73, 0x00, 0x65, 0x00, 0x72, 0x00, 0x43, 0x00, 0x4f, 0x00,
0x4d, 0x00, 0x50, 0x00, 0x55, 0x00, 0x54, 0x00, 0x45, 0x00, 0x52, 0x00, 0x86, 0xc3, 0x50, 0x97,
0xac, 0x9c, 0xec, 0x10, 0x25, 0x54, 0x76, 0x4a, 0x57, 0xcc, 0xcc, 0x19, 0xaa, 0xaa, 0xaa, 0xaa,
0xaa, 0xaa, 0xaa, 0xaa, 0x68, 0xcd, 0x0a, 0xb8, 0x51, 0xe5, 0x1c, 0x96, 0xaa, 0xbc, 0x92, 0x7b,
0xeb, 0xef, 0x6a, 0x1c, 0x01, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0x00, 0x00, 0x00, 0x00,
0x02, 0x00, 0x0c, 0x00, 0x44, 0x00, 0x6f, 0x00, 0x6d, 0x00, 0x61, 0x00, 0x69, 0x00, 0x6e, 0x00,
0x01, 0x00, 0x0c, 0x00, 0x53, 0x00, 0x65, 0x00, 0x72, 0x00, 0x76, 0x00, 0x65, 0x00, 0x72, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xc5, 0xda, 0xd2, 0x54, 0x4f, 0xc9, 0x79, 0x90,
0x94, 0xce, 0x1c, 0xe9, 0x0b, 0xc9, 0xd0, 0x3e };
AuthenticateMessage cmp = new AuthenticateMessage(expected);
byte[] sessionKey = { 0xc5, 0xda, 0xd2, 0x54, 0x4f, 0xc9, 0x79, 0x90, 0x94, 0xce, 0x1c, 0xe9, 0x0b, 0xc9, 0xd0, 0x3e };
byte[] serverChallenge = new byte[] { 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef };
byte[] clientChallenge = new byte[] { 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa };
byte[] serverAVPair = AVPairUtils.GetAVPairSequence("Domain", "Server");
DateTime time = DateTime.FromFileTimeUtc(0); // same as new byte[8]
NTLMv2ClientChallenge clientChallengeStructure = new NTLMv2ClientChallenge(time, clientChallenge, "Domain", "Server");
byte[] clientChallengeStructurePadded = clientChallengeStructure.GetBytesPadded();
byte[] clientNTProof = NTLMCryptography.ComputeNTLMv2Proof(serverChallenge, clientChallengeStructurePadded, "Password", "User", "Domain");
AuthenticateMessage message = new AuthenticateMessage();
message.EncryptedRandomSessionKey = sessionKey;
message.Version = new NTLMVersion(5, 1, 2600, NTLMVersion.NTLMSSP_REVISION_W2K3);
message.NegotiateFlags = NegotiateFlags.UnicodeEncoding | NegotiateFlags.TargetNameSupplied | NegotiateFlags.Sign | NegotiateFlags.Seal | NegotiateFlags.NTLMSessionSecurity | NegotiateFlags.AlwaysSign | NegotiateFlags.ExtendedSessionSecurity | NegotiateFlags.TargetInfo | NegotiateFlags.Version | NegotiateFlags.Use128BitEncryption | NegotiateFlags.KeyExchange | NegotiateFlags.Use56BitEncryption;
message.DomainName = "Domain";
message.WorkStation = "COMPUTER";
message.UserName = "******";
message.LmChallengeResponse = NTLMCryptography.ComputeLMv2Response(serverChallenge, clientChallenge, "Password", "User", "Domain");
message.NtChallengeResponse = ByteUtils.Concatenate(clientNTProof, clientChallengeStructurePadded);
byte[] messageBytes = message.GetBytes();
// The payload entries may be distributed differently so we use cmp.GetBytes()
bool success = ByteUtils.AreByteArraysEqual(messageBytes, cmp.GetBytes());
return(success);
}
private void Authenticate(AuthenticateMessage message)
{
var result = DataProvider.Authenticate(this, message);
if (result == AuthenticateResult.Success)
{
isAuthenticated = true;
}
// Send message back to client with the result
clientConnection.AuthenticateResult(result);
// Initialize player data if authenticated
if (isAuthenticated)
{
Initialize();
}
}
public IPrincipal AuthenticateAdvertiser(AuthenticateMessage message)
{
var advertiser = _advertiserRepository.Get(message.Username);
if (advertiser == null)
{
throw new InvalidUsernameException();
}
var encryptedProvidedPassword = _cryptographyService.Encrypt(message.Password);
if (!advertiser.Password.Equals(encryptedProvidedPassword))
{
throw new InvalidPasswordException();
}
return(Authenticate(AUTHENTICATION_TYPE_ADVERTISER));
}
private static byte[] GetExportedSessionKey(byte[] sessionBaseKey, AuthenticateMessage message, byte[] serverChallenge, byte[] lmowf)
{
byte[] keyExchangeKey;
if (AuthenticationMessageUtils.IsNTLMv2NTResponse(message.NtChallengeResponse))
{
keyExchangeKey = sessionBaseKey;
}
else
{
keyExchangeKey = NtlmCryptography.KXKey(sessionBaseKey, message.NegotiateFlags, message.LmChallengeResponse, serverChallenge, lmowf);
}
if ((message.NegotiateFlags & NegotiateFlags.KeyExchange) > 0)
{
return(RC4.Decrypt(keyExchangeKey, message.EncryptedRandomSessionKey));
}
return(keyExchangeKey);
}
/// <summary>
/// Note: The 'limitblankpassworduse' (Under HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa)
/// will cause AcceptSecurityContext to return SEC_E_LOGON_DENIED when the correct password is blank.
/// </summary>
public User Authenticate(string accountNameToAuth, byte[] lmResponse, byte[] ntlmResponse)
{
if (accountNameToAuth == String.Empty ||
(String.Equals(accountNameToAuth, "Guest", StringComparison.InvariantCultureIgnoreCase) && IsPasswordEmpty(lmResponse, ntlmResponse) && this.EnableGuestLogin))
{
int guestIndex = IndexOf("Guest");
if (guestIndex >= 0)
{
return(this[guestIndex]);
}
return(null);
}
int index = IndexOf(accountNameToAuth);
if (index >= 0)
{
// We should not spam the security event log, and should call the Windows LogonUser API
// just to verify the user has a blank password.
if (!AreEmptyPasswordsAllowed() &&
IsPasswordEmpty(lmResponse, ntlmResponse) &&
LoginAPI.HasEmptyPassword(accountNameToAuth))
{
throw new EmptyPasswordNotAllowedException();
}
AuthenticateMessage authenticateMessage = new AuthenticateMessage();
authenticateMessage.NegotiateFlags = NegotiateFlags.NegotiateUnicode | NegotiateFlags.NegotiateOEM | NegotiateFlags.RequestTarget | NegotiateFlags.NegotiateSign | NegotiateFlags.NegotiateSeal | NegotiateFlags.NegotiateLanManagerKey | NegotiateFlags.NegotiateNTLMKey | NegotiateFlags.NegotiateAlwaysSign | NegotiateFlags.NegotiateVersion | NegotiateFlags.Negotiate128 | NegotiateFlags.Negotiate56;
authenticateMessage.UserName = accountNameToAuth;
authenticateMessage.LmChallengeResponse = lmResponse;
authenticateMessage.NtChallengeResponse = ntlmResponse;
authenticateMessage.Version = Authentication.Version.Server2003;
byte[] authenticateMessageBytes = authenticateMessage.GetBytes();
bool success = SSPIHelper.AuthenticateType3Message(m_serverContext, authenticateMessageBytes);
if (success)
{
return(this[index]);
}
}
return(null);
}
public void TestNTLMv1MIC()
{
string password = "******";
byte[] type1 = new byte[] { 0x4e, 0x54, 0x4c, 0x4d, 0x53, 0x53, 0x50, 0x00, 0x01, 0x00, 0x00, 0x00, 0x97, 0x82, 0x08, 0xe2,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x0a, 0x00, 0x39, 0x38, 0x00, 0x00, 0x00, 0x0f };
byte[] type2 = new byte[] { 0x4e, 0x54, 0x4c, 0x4d, 0x53, 0x53, 0x50, 0x00, 0x02, 0x00, 0x00, 0x00, 0x06, 0x00, 0x06, 0x00,
0x38, 0x00, 0x00, 0x00, 0x15, 0x02, 0x82, 0xa2, 0xe8, 0xbe, 0x2f, 0x5b, 0xc5, 0xe9, 0xf7, 0xa7,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x18, 0x00, 0x18, 0x00, 0x3e, 0x00, 0x00, 0x00,
0x05, 0x02, 0xce, 0x0e, 0x00, 0x00, 0x00, 0x0f, 0x54, 0x00, 0x41, 0x00, 0x4c, 0x00, 0x02, 0x00,
0x06, 0x00, 0x54, 0x00, 0x41, 0x00, 0x4c, 0x00, 0x01, 0x00, 0x06, 0x00, 0x54, 0x00, 0x41, 0x00,
0x4c, 0x00, 0x00, 0x00, 0x00, 0x00 };
byte[] type3 = new byte[] { 0x4e, 0x54, 0x4c, 0x4d, 0x53, 0x53, 0x50, 0x00, 0x03, 0x00, 0x00, 0x00, 0x18, 0x00, 0x18, 0x00,
0x7c, 0x00, 0x00, 0x00, 0x18, 0x00, 0x18, 0x00, 0x94, 0x00, 0x00, 0x00, 0x0e, 0x00, 0x0e, 0x00,
0x58, 0x00, 0x00, 0x00, 0x08, 0x00, 0x08, 0x00, 0x66, 0x00, 0x00, 0x00, 0x0e, 0x00, 0x0e, 0x00,
0x6e, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xac, 0x00, 0x00, 0x00, 0x15, 0x02, 0x80, 0xa2,
0x0a, 0x00, 0x39, 0x38, 0x00, 0x00, 0x00, 0x0f, 0xae, 0xa7, 0xba, 0x44, 0x4e, 0x93, 0xa7, 0xdb,
0xb3, 0x0c, 0x85, 0x49, 0xc2, 0x2b, 0xba, 0x9a, 0x54, 0x00, 0x41, 0x00, 0x4c, 0x00, 0x2d, 0x00,
0x56, 0x00, 0x4d, 0x00, 0x36, 0x00, 0x55, 0x00, 0x73, 0x00, 0x65, 0x00, 0x72, 0x00, 0x54, 0x00,
0x41, 0x00, 0x4c, 0x00, 0x2d, 0x00, 0x56, 0x00, 0x4d, 0x00, 0x36, 0x00, 0xa6, 0x71, 0xbd, 0x94,
0x78, 0x4f, 0x05, 0xf1, 0x3f, 0x3a, 0x7b, 0x41, 0xcf, 0x53, 0x2e, 0x36, 0x73, 0xe2, 0x14, 0x53,
0xbd, 0x42, 0x5e, 0x8f, 0xa6, 0x71, 0xbd, 0x94, 0x78, 0x4f, 0x05, 0xf1, 0x3f, 0x3a, 0x7b, 0x41,
0xcf, 0x53, 0x2e, 0x36, 0x73, 0xe2, 0x14, 0x53, 0xbd, 0x42, 0x5e, 0x8f };
byte[] serverChallenge = new ChallengeMessage(type2).ServerChallenge;
AuthenticateMessage authenticateMessage = new AuthenticateMessage(type3);
byte[] sessionBaseKey = new MD4().GetByteHashFromBytes(NTLMCryptography.NTOWFv1(password));
byte[] lmowf = NTLMCryptography.LMOWFv1(password);
byte[] exportedSessionKey = GetExportedSessionKey(sessionBaseKey, authenticateMessage, serverChallenge, lmowf);
// https://msdn.microsoft.com/en-us/library/cc236695.aspx
const int micFieldOffset = 72;
ByteWriter.WriteBytes(type3, micFieldOffset, new byte[16]);
byte[] temp = ByteUtils.Concatenate(ByteUtils.Concatenate(type1, type2), type3);
byte[] mic = new HMACMD5(exportedSessionKey).ComputeHash(temp);
byte[] expected = new byte[] { 0xae, 0xa7, 0xba, 0x44, 0x4e, 0x93, 0xa7, 0xdb, 0xb3, 0x0c, 0x85, 0x49, 0xc2, 0x2b, 0xba, 0x9a };
Assert.IsTrue(ByteUtils.AreByteArraysEqual(mic, expected));
}
public void TestLMMIC()
{
string password = "******";
byte[] type1 = new byte[] { 0x4e, 0x54, 0x4c, 0x4d, 0x53, 0x53, 0x50, 0x00, 0x01, 0x00, 0x00, 0x00, 0x97, 0x82, 0x08, 0xe2,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x06, 0x01, 0xb1, 0x1d, 0x00, 0x00, 0x00, 0x0f };
byte[] type2 = new byte[] { 0x4e, 0x54, 0x4c, 0x4d, 0x53, 0x53, 0x50, 0x00, 0x02, 0x00, 0x00, 0x00, 0x06, 0x00, 0x06, 0x00,
0x38, 0x00, 0x00, 0x00, 0x95, 0x00, 0x82, 0xa2, 0x28, 0x96, 0xe3, 0x6a, 0xd1, 0xb7, 0x74, 0xb8,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x18, 0x00, 0x18, 0x00, 0x3e, 0x00, 0x00, 0x00,
0x05, 0x02, 0xce, 0x0e, 0x00, 0x00, 0x00, 0x0f, 0x54, 0x00, 0x41, 0x00, 0x4c, 0x00, 0x02, 0x00,
0x06, 0x00, 0x54, 0x00, 0x41, 0x00, 0x4c, 0x00, 0x01, 0x00, 0x06, 0x00, 0x54, 0x00, 0x41, 0x00,
0x4c, 0x00, 0x00, 0x00, 0x00, 0x00 };
byte[] type3 = new byte[] { 0x4e, 0x54, 0x4c, 0x4d, 0x53, 0x53, 0x50, 0x00, 0x03, 0x00, 0x00, 0x00, 0x18, 0x00, 0x18, 0x00,
0x7c, 0x00, 0x00, 0x00, 0x18, 0x00, 0x18, 0x00, 0x94, 0x00, 0x00, 0x00, 0x0e, 0x00, 0x0e, 0x00,
0x58, 0x00, 0x00, 0x00, 0x08, 0x00, 0x08, 0x00, 0x66, 0x00, 0x00, 0x00, 0x0e, 0x00, 0x0e, 0x00,
0x6e, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xac, 0x00, 0x00, 0x00, 0x95, 0x00, 0x80, 0xa2,
0x06, 0x01, 0xb1, 0x1d, 0x00, 0x00, 0x00, 0x0f, 0x4e, 0x65, 0x54, 0xe6, 0xb3, 0xdc, 0xdc, 0x16,
0xef, 0xc4, 0xd0, 0x03, 0x3b, 0x81, 0x61, 0x6f, 0x54, 0x00, 0x41, 0x00, 0x4c, 0x00, 0x2d, 0x00,
0x56, 0x00, 0x4d, 0x00, 0x37, 0x00, 0x55, 0x00, 0x73, 0x00, 0x65, 0x00, 0x72, 0x00, 0x54, 0x00,
0x41, 0x00, 0x4c, 0x00, 0x2d, 0x00, 0x56, 0x00, 0x4d, 0x00, 0x37, 0x00, 0xc1, 0xd1, 0x06, 0x56,
0xa3, 0xa9, 0x64, 0x14, 0x0e, 0x7f, 0x43, 0x19, 0x3f, 0x29, 0xf3, 0x72, 0xa3, 0xc1, 0xbe, 0x02,
0xd0, 0x6f, 0xff, 0x20, 0xc1, 0xd1, 0x06, 0x56, 0xa3, 0xa9, 0x64, 0x14, 0x0e, 0x7f, 0x43, 0x19,
0x3f, 0x29, 0xf3, 0x72, 0xa3, 0xc1, 0xbe, 0x02, 0xd0, 0x6f, 0xff, 0x20 };
byte[] serverChallenge = new ChallengeMessage(type2).ServerChallenge;
AuthenticateMessage authenticateMessage = new AuthenticateMessage(type3);
byte[] sessionBaseKey = new MD4().GetByteHashFromBytes(NTLMCryptography.NTOWFv1(password));
byte[] lmowf = NTLMCryptography.LMOWFv1(password);
byte[] exportedSessionKey = GetExportedSessionKey(sessionBaseKey, authenticateMessage, serverChallenge, lmowf);
// https://msdn.microsoft.com/en-us/library/cc236695.aspx
const int micFieldOffset = 72;
ByteWriter.WriteBytes(type3, micFieldOffset, new byte[16]);
byte[] temp = ByteUtils.Concatenate(ByteUtils.Concatenate(type1, type2), type3);
byte[] mic = new HMACMD5(exportedSessionKey).ComputeHash(temp);
byte[] expected = new byte[] { 0x4e, 0x65, 0x54, 0xe6, 0xb3, 0xdc, 0xdc, 0x16, 0xef, 0xc4, 0xd0, 0x03, 0x3b, 0x81, 0x61, 0x6f };
Assert.IsTrue(ByteUtils.AreByteArraysEqual(mic, expected));
}
public AuthenticatedMessage Authenticate(AuthenticateMessage message)
{
AuthenticatedMessage response = new AuthenticatedMessage();
if (String.IsNullOrWhiteSpace(message.PlayerName))
{
response.Status = AuthenticationStatus.BadUser;
_websocket.LogMessage($"Player failed authenticate: bad PlayerName");
return(response);
}
Player player;
try
{
player = _websocket.GetCurrentSessionPlayer();
player.Color = message.PlayerColor;
}
catch (Exception e)
{
_websocket.LogMessage($"Caught exception from GetCurrentPlayer, {e.Message}");
player = null;
}
if (player == null)
{
Player prev = Server.Instance.Players.FirstOrDefault(p => p.Name == message.PlayerName);
if (prev != null)
{
_websocket.LogMessage($"Found existing player matching name {message.PlayerName}, removing...");
Server.Instance.Players.Remove(prev);
}
player = _websocket.CreatePlayerSession(message.PlayerName.Truncate(MaxPlayerNameLen));
}
response.PlayerId = player.Id.ToString();
response.PlayerName = player.Name;
response.PlayerColor = player.Color;
response.SessionId = player.SessionData.SessionId;
_websocket.LogMessage($"Player authenticated: {JsonConvert.SerializeObject(response)}");
return(response);
}
public User Authenticate(AuthenticateMessage message)
{
User user;
if ((message.NegotiateFlags & NegotiateFlags.NegotiateExtendedSecurity) > 0)
{
user = AuthenticateV1Extended(message.UserName, m_serverChallenge, message.LmChallengeResponse, message.NtChallengeResponse);
}
else
{
user = AuthenticateV1(message.UserName, m_serverChallenge, message.LmChallengeResponse, message.NtChallengeResponse);
}
if (user == null)
{
// NTLM v2
user = AuthenticateV2(message.DomainName, message.UserName, m_serverChallenge, message.LmChallengeResponse, message.NtChallengeResponse);
}
return(user);
}
/// <summary>
/// Note: The 'limitblankpassworduse' (Under HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa)
/// will cause AcceptSecurityContext to return SEC_E_LOGON_DENIED when the correct password is blank.
/// </summary>
public User Authenticate(byte[] authenticateMessageBytes)
{
AuthenticateMessage message = new AuthenticateMessage(authenticateMessageBytes);
if ((message.NegotiateFlags & NegotiateFlags.NegotiateAnonymous) > 0 ||
(String.Equals(message.UserName, "Guest", StringComparison.InvariantCultureIgnoreCase) && IsPasswordEmpty(message) && this.EnableGuestLogin))
{
int guestIndex = IndexOf("Guest");
if (guestIndex >= 0)
{
return(this[guestIndex]);
}
return(null);
}
int index = IndexOf(message.UserName);
if (index >= 0)
{
// We should not spam the security event log, and should call the Windows LogonUser API
// just to verify the user has a blank password.
if (!AreEmptyPasswordsAllowed() &&
IsPasswordEmpty(message) &&
LoginAPI.HasEmptyPassword(message.UserName))
{
throw new EmptyPasswordNotAllowedException();
}
bool success = SSPIHelper.AuthenticateType3Message(m_serverContext, authenticateMessageBytes);
if (success)
{
return(this[index]);
}
}
return(null);
}
public static byte[]? GetAuthenticateMessage(byte[] securityBlob, string domainName, string userName, string password, AuthenticationMethod authenticationMethod, out byte[]?sessionKey)
{
sessionKey = null;
bool useGssApi = false;
SimpleProtectedNegotiationTokenResponse?inputToken = null;
try
{
inputToken = SimpleProtectedNegotiationToken.ReadToken(securityBlob, 0, false) as SimpleProtectedNegotiationTokenResponse;
}
catch
{
// ignored
}
ChallengeMessage?challengeMessage;
if (inputToken != null)
{
challengeMessage = GetChallengeMessage(inputToken.ResponseToken);
useGssApi = true;
}
else
{
challengeMessage = GetChallengeMessage(securityBlob);
}
if (challengeMessage == null)
{
return(null);
}
DateTime time = DateTime.UtcNow;
byte[] clientChallenge = new byte[8];
new Random().NextBytes(clientChallenge);
AuthenticateMessage authenticateMessage = new AuthenticateMessage
{
// https://msdn.microsoft.com/en-us/library/cc236676.aspx
NegotiateFlags = NegotiateFlags.Sign |
NegotiateFlags.NTLMSessionSecurity |
NegotiateFlags.AlwaysSign |
NegotiateFlags.Version |
NegotiateFlags.Use128BitEncryption |
NegotiateFlags.Use56BitEncryption
};
if ((challengeMessage.NegotiateFlags & NegotiateFlags.UnicodeEncoding) > 0)
{
authenticateMessage.NegotiateFlags |= NegotiateFlags.UnicodeEncoding;
}
else
{
authenticateMessage.NegotiateFlags |= NegotiateFlags.OEMEncoding;
}
if ((challengeMessage.NegotiateFlags & NegotiateFlags.KeyExchange) > 0)
{
authenticateMessage.NegotiateFlags |= NegotiateFlags.KeyExchange;
}
if (authenticationMethod == AuthenticationMethod.NtlmV1)
{
authenticateMessage.NegotiateFlags |= NegotiateFlags.LanManagerSessionKey;
}
else
{
authenticateMessage.NegotiateFlags |= NegotiateFlags.ExtendedSessionSecurity;
}
authenticateMessage.UserName = userName;
authenticateMessage.DomainName = domainName;
authenticateMessage.WorkStation = Environment.MachineName;
byte[] sessionBaseKey;
byte[] keyExchangeKey;
if (authenticationMethod == AuthenticationMethod.NtlmV1 || authenticationMethod == AuthenticationMethod.NtlmV1ExtendedSessionSecurity)
{
if (authenticationMethod == AuthenticationMethod.NtlmV1)
{
authenticateMessage.LmChallengeResponse = NtlmCryptography.ComputeLMv1Response(challengeMessage.ServerChallenge, password);
authenticateMessage.NtChallengeResponse = NtlmCryptography.ComputeNTLMv1Response(challengeMessage.ServerChallenge, password);
}
else // NtlmV1ExtendedSessionSecurity
{
authenticateMessage.LmChallengeResponse = ByteUtils.Concatenate(clientChallenge, new byte[16]);
authenticateMessage.NtChallengeResponse = NtlmCryptography.ComputeNTLMv1ExtendedSessionSecurityResponse(challengeMessage.ServerChallenge, clientChallenge, password);
}
// https://msdn.microsoft.com/en-us/library/cc236699.aspx
sessionBaseKey = new MD4().GetByteHashFromBytes(NtlmCryptography.NTOWFv1(password));
byte[] lmowf = NtlmCryptography.LMOWFv1(password);
keyExchangeKey = NtlmCryptography.KXKey(sessionBaseKey, authenticateMessage.NegotiateFlags, authenticateMessage.LmChallengeResponse, challengeMessage.ServerChallenge, lmowf);
}
else // NtlmV2
{
NTLMv2ClientChallenge clientChallengeStructure = new NTLMv2ClientChallenge(time, clientChallenge, challengeMessage.TargetInfo);
byte[] clientChallengeStructurePadded = clientChallengeStructure.GetBytesPadded();
byte[] ntProofStr = NtlmCryptography.ComputeNTLMv2Proof(challengeMessage.ServerChallenge, clientChallengeStructurePadded, password, userName, domainName);
authenticateMessage.LmChallengeResponse = NtlmCryptography.ComputeLMv2Response(challengeMessage.ServerChallenge, clientChallenge, password, userName, challengeMessage.TargetName);
authenticateMessage.NtChallengeResponse = ByteUtils.Concatenate(ntProofStr, clientChallengeStructurePadded);
// https://msdn.microsoft.com/en-us/library/cc236700.aspx
byte[] responseKeyNT = NtlmCryptography.NTOWFv2(password, userName, domainName);
using HMACMD5 md5 = new HMACMD5(responseKeyNT);
sessionBaseKey = md5.ComputeHash(ntProofStr);
keyExchangeKey = sessionBaseKey;
}
authenticateMessage.Version = NtlmVersion.Server2003;
// https://msdn.microsoft.com/en-us/library/cc236676.aspx
if ((challengeMessage.NegotiateFlags & NegotiateFlags.KeyExchange) > 0)
{
sessionKey = new byte[16];
new Random().NextBytes(sessionKey);
authenticateMessage.EncryptedRandomSessionKey = RC4.Encrypt(keyExchangeKey, sessionKey);
}
else
{
sessionKey = keyExchangeKey;
}
if (!useGssApi)
{
return(authenticateMessage.GetBytes());
}
SimpleProtectedNegotiationTokenResponse outputToken = new SimpleProtectedNegotiationTokenResponse
{
ResponseToken = authenticateMessage.GetBytes()
};
return(outputToken.GetBytes());
}
static public AuthenticateMessage CreateType3(this ChallengeMessage challengeMessage, string strUserName, byte[] passwordNTHash)
{
return(AuthenticateMessage.CreateAuthenticateMessage(challengeMessage, strUserName, passwordNTHash));
}
/// <summary>
/// Authenticate will return false when the password is correct in these cases:
/// 1. The correct password is blank and 'limitblankpassworduse' is set to 1.
/// 2. The user is listed in the "Deny access to this computer from the network" list.
/// </summary>
public override NTStatus Authenticate(object context, byte[] authenticateMessageBytes)
{
AuthenticateMessage message;
try
{
message = new AuthenticateMessage(authenticateMessageBytes);
}
catch (Exception)
{
return(NTStatus.SEC_E_INVALID_TOKEN);
}
AuthContext authContext = context as AuthContext;
if (authContext == null)
{
// There are two possible reasons for authContext to be null:
// 1. We have a bug in our implementation, let's assume that's not the case,
// according to [MS-SMB2] 3.3.5.5.1 we aren't allowed to return SEC_E_INVALID_HANDLE anyway.
// 2. The client sent AuthenticateMessage without sending NegotiateMessage first,
// in this case the correct response is SEC_E_INVALID_TOKEN.
return(NTStatus.SEC_E_INVALID_TOKEN);
}
authContext.DomainName = message.DomainName;
authContext.UserName = message.UserName;
authContext.WorkStation = message.WorkStation;
if (message.Version != null)
{
authContext.OSVersion = message.Version.ToString();
}
if ((message.NegotiateFlags & NegotiateFlags.Anonymous) > 0 ||
!IsUserExists(message.UserName))
{
if (this.EnableGuestLogin)
{
authContext.IsGuest = true;
return(NTStatus.STATUS_SUCCESS);
}
else
{
return(NTStatus.STATUS_LOGON_FAILURE);
}
}
bool success;
try
{
success = SSPIHelper.AuthenticateType3Message(authContext.ServerContext, authenticateMessageBytes);
}
catch (Exception)
{
// We assume that the problem is not with our implementation.
return(NTStatus.SEC_E_INVALID_TOKEN);
}
if (success)
{
return(NTStatus.STATUS_SUCCESS);
}
else
{
Win32Error result = (Win32Error)Marshal.GetLastWin32Error();
// Windows will permit fallback when these conditions are met:
// 1. The guest user account is enabled.
// 2. The guest user account does not have a password set.
// 3. The specified account does not exist.
// OR:
// The password is correct but 'limitblankpassworduse' is set to 1 (logon over a network is disabled for accounts without a password).
bool allowFallback = (result == Win32Error.ERROR_ACCOUNT_RESTRICTION);
if (allowFallback && this.EnableGuestLogin)
{
authContext.IsGuest = true;
return(NTStatus.STATUS_SUCCESS);
}
else
{
return(ToNTStatus(result));
}
}
}
public Task<bool> Authenticate(UInt64 UserId, UInt64 DeviceId, UInt64 Secret)
{
var msg = new AuthenticateMessage()
{
user_id = UserId,
device_id = DeviceId,
secret = Secret,
};
var signal = new AutoResetEvent(false);
Action<Dictionary<String, Object>> handler = dictionary =>
{
token = Convert.ToUInt64(dictionary["token"]);
signal.Set();
};
lock (rpchandler) rpchandler[(UInt16)MessageType.AUTHENTICATE_RESPONSE].Enqueue(handler);
return Send(serializer.Serialize(msg))
.ContinueWith(task =>
{
bool proceed = task.Result;
if (proceed) signal.WaitOne(); // block until the next response
return proceed;
});
}
public void Update(Server server)
{
int recHostId;
int connectionId;
int channelId;
byte[] recBuffer = new byte[1024];
int bufferSize = 1024;
int dataSize;
byte error;
NetworkEventType recData = NetworkTransport.Receive(out recHostId, out connectionId, out channelId,
recBuffer, bufferSize, out dataSize, out error);
switch (recData)
{
case NetworkEventType.ConnectEvent:
if (!clientDataManager.IsPlayerAlreadySpawned(connectionId))
{
/* Create player */
GameObject characterObj = server.SpawnClientsCharacter(connectionId);
clientDataManager.CreateCharacter(characterObj, connectionId);
/* Identify the player */
AuthenticateMessage mA = new AuthenticateMessage(connectionId, connectionId);
SendNetworkReliableMessage(mA, connectionId);
/* Send Info about other player positions */
SendClientAllOtherCharacterPositions(connectionId);
/* Send player his position */
SendPositionToNewelyCreatedCharacter(server, characterObj.transform.position, connectionId);
}
break;
case NetworkEventType.DataEvent:
Stream stream = new MemoryStream(recBuffer);
Message message = (Message)binFormater.Deserialize(stream);
clientDataManager.HandlePlayerMessagesData(this, message);
break;
case NetworkEventType.DisconnectEvent:
GameObject characterToRemove = clientDataManager.RemoveCharacterFromWorld(connectionId);
server.DeleteGameObject(characterToRemove);
clientDataManager.InformAllClientAboutCharacterDisconnect(this, connectionId);
break;
}
/* Inform all clients about other client character positions */
sendPositionTimer += Time.deltaTime;
if (sendPositionTimer > GameConsts.TTW_FOR_OTHER_CHAR_POS_UPDATE)
{
clientDataManager.SendAllPlayersAllOtherPlayerPostions(this);
sendPositionTimer = 0f;
}
}
public void TestNTLMv2KeyExchangeMIC()
{
byte[] responseKeyNT = NTLMCryptography.NTOWFv2("Password", "User", "TAL-VM6");
byte[] type1 = new byte[] { 0x4e, 0x54, 0x4c, 0x4d, 0x53, 0x53, 0x50, 0x00, 0x01, 0x00, 0x00, 0x00, 0x97, 0x82, 0x08, 0xe2,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x0a, 0x00, 0x00, 0x28, 0x00, 0x00, 0x00, 0x0f };
byte[] type2 = new byte[] { 0x4e, 0x54, 0x4c, 0x4d, 0x53, 0x53, 0x50, 0x00, 0x02, 0x00, 0x00, 0x00, 0x10, 0x00, 0x10, 0x00,
0x38, 0x00, 0x00, 0x00, 0x15, 0x82, 0x8a, 0xe2, 0x63, 0x74, 0x79, 0x77, 0xe1, 0xea, 0x35, 0x51,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x60, 0x00, 0x60, 0x00, 0x48, 0x00, 0x00, 0x00,
0x06, 0x00, 0x71, 0x17, 0x00, 0x00, 0x00, 0x0f, 0x54, 0x00, 0x41, 0x00, 0x4c, 0x00, 0x2d, 0x00,
0x56, 0x00, 0x4d, 0x00, 0x31, 0x00, 0x30, 0x00, 0x02, 0x00, 0x10, 0x00, 0x54, 0x00, 0x41, 0x00,
0x4c, 0x00, 0x2d, 0x00, 0x56, 0x00, 0x4d, 0x00, 0x31, 0x00, 0x30, 0x00, 0x01, 0x00, 0x10, 0x00,
0x54, 0x00, 0x41, 0x00, 0x4c, 0x00, 0x2d, 0x00, 0x56, 0x00, 0x4d, 0x00, 0x31, 0x00, 0x30, 0x00,
0x04, 0x00, 0x10, 0x00, 0x54, 0x00, 0x61, 0x00, 0x6c, 0x00, 0x2d, 0x00, 0x56, 0x00, 0x4d, 0x00,
0x31, 0x00, 0x30, 0x00, 0x03, 0x00, 0x10, 0x00, 0x54, 0x00, 0x61, 0x00, 0x6c, 0x00, 0x2d, 0x00,
0x56, 0x00, 0x4d, 0x00, 0x31, 0x00, 0x30, 0x00, 0x07, 0x00, 0x08, 0x00, 0x1f, 0x8a, 0xd4, 0xff,
0x01, 0x91, 0xd2, 0x01, 0x00, 0x00, 0x00, 0x00 };
byte[] type3 = new byte[] { 0x4e, 0x54, 0x4c, 0x4d, 0x53, 0x53, 0x50, 0x00, 0x03, 0x00, 0x00, 0x00, 0x18, 0x00, 0x18, 0x00,
0x7c, 0x00, 0x00, 0x00, 0x02, 0x01, 0x02, 0x01, 0x94, 0x00, 0x00, 0x00, 0x0e, 0x00, 0x0e, 0x00,
0x58, 0x00, 0x00, 0x00, 0x08, 0x00, 0x08, 0x00, 0x66, 0x00, 0x00, 0x00, 0x0e, 0x00, 0x0e, 0x00,
0x6e, 0x00, 0x00, 0x00, 0x10, 0x00, 0x10, 0x00, 0x96, 0x01, 0x00, 0x00, 0x15, 0x82, 0x88, 0xe2,
0x0a, 0x00, 0x00, 0x28, 0x00, 0x00, 0x00, 0x0f, 0x82, 0x3c, 0xff, 0x48, 0xa9, 0x03, 0x13, 0x4c,
0x33, 0x3c, 0x09, 0x87, 0xf3, 0x16, 0x59, 0x89, 0x54, 0x00, 0x41, 0x00, 0x4c, 0x00, 0x2d, 0x00,
0x56, 0x00, 0x4d, 0x00, 0x36, 0x00, 0x55, 0x00, 0x73, 0x00, 0x65, 0x00, 0x72, 0x00, 0x54, 0x00,
0x41, 0x00, 0x4c, 0x00, 0x2d, 0x00, 0x56, 0x00, 0x4d, 0x00, 0x36, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0xb3, 0x06, 0x65, 0xe3, 0x9f, 0x03, 0xe1, 0xc3, 0xd8, 0x28, 0x7c, 0x9c,
0x35, 0x0d, 0x32, 0x4c, 0x01, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x1f, 0x8a, 0xd4, 0xff,
0x01, 0x91, 0xd2, 0x01, 0x77, 0x71, 0x91, 0x94, 0xb1, 0x6e, 0x66, 0x28, 0x00, 0x00, 0x00, 0x00,
0x02, 0x00, 0x10, 0x00, 0x54, 0x00, 0x41, 0x00, 0x4c, 0x00, 0x2d, 0x00, 0x56, 0x00, 0x4d, 0x00,
0x31, 0x00, 0x30, 0x00, 0x01, 0x00, 0x10, 0x00, 0x54, 0x00, 0x41, 0x00, 0x4c, 0x00, 0x2d, 0x00,
0x56, 0x00, 0x4d, 0x00, 0x31, 0x00, 0x30, 0x00, 0x04, 0x00, 0x10, 0x00, 0x54, 0x00, 0x61, 0x00,
0x6c, 0x00, 0x2d, 0x00, 0x56, 0x00, 0x4d, 0x00, 0x31, 0x00, 0x30, 0x00, 0x03, 0x00, 0x10, 0x00,
0x54, 0x00, 0x61, 0x00, 0x6c, 0x00, 0x2d, 0x00, 0x56, 0x00, 0x4d, 0x00, 0x31, 0x00, 0x30, 0x00,
0x07, 0x00, 0x08, 0x00, 0x1f, 0x8a, 0xd4, 0xff, 0x01, 0x91, 0xd2, 0x01, 0x06, 0x00, 0x04, 0x00,
0x02, 0x00, 0x00, 0x00, 0x08, 0x00, 0x30, 0x00, 0x30, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x01, 0x00, 0x00, 0x00, 0x00, 0x20, 0x00, 0x00, 0x19, 0x0d, 0x73, 0xca, 0x97, 0x30, 0x2a, 0xa7,
0x7a, 0x1f, 0xb6, 0xad, 0xe2, 0xe5, 0x4a, 0x59, 0x4a, 0x93, 0x7e, 0x37, 0xcd, 0x0c, 0xd7, 0x90,
0x25, 0xc4, 0xaf, 0x8a, 0x17, 0x99, 0x69, 0x56, 0x0a, 0x00, 0x10, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x09, 0x00, 0x1a, 0x00,
0x63, 0x00, 0x69, 0x00, 0x66, 0x00, 0x73, 0x00, 0x2f, 0x00, 0x54, 0x00, 0x61, 0x00, 0x6c, 0x00,
0x2d, 0x00, 0x56, 0x00, 0x4d, 0x00, 0x31, 0x00, 0x30, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x71, 0x7c, 0xce, 0x0b, 0x92, 0x46, 0x46, 0x0d, 0x5b, 0x3b,
0x11, 0xb4, 0xde, 0x86, 0x28, 0x11 };
byte[] serverChallenge = new ChallengeMessage(type2).ServerChallenge;
AuthenticateMessage authenticateMessage = new AuthenticateMessage(type3);
byte[] ntProofStr = ByteReader.ReadBytes(authenticateMessage.NtChallengeResponse, 0, 16);
byte[] sessionBaseKey = new HMACMD5(responseKeyNT).ComputeHash(ntProofStr);
byte[] exportedSessionKey = GetExportedSessionKey(sessionBaseKey, authenticateMessage, serverChallenge, null);
// https://msdn.microsoft.com/en-us/library/cc236695.aspx
const int micFieldOffset = 72;
ByteWriter.WriteBytes(type3, micFieldOffset, new byte[16]);
byte[] temp = ByteUtils.Concatenate(ByteUtils.Concatenate(type1, type2), type3);
byte[] mic = new HMACMD5(exportedSessionKey).ComputeHash(temp);
byte[] expected = new byte[] { 0x82, 0x3c, 0xff, 0x48, 0xa9, 0x03, 0x13, 0x4c, 0x33, 0x3c, 0x09, 0x87, 0xf3, 0x16, 0x59, 0x89 };
Assert.IsTrue(ByteUtils.AreByteArraysEqual(mic, expected));
}
public AuthenticateResult Authenticate(Player player, AuthenticateMessage message)
{
throw new System.NotImplementedException();
}
