public bool IsPasswordEmpty(AuthenticateMessage message) { // Special case for anonymous authentication, see [MS-NLMP] 3.3.1 - NTLM v1 Authentication if (message.LmChallengeResponse.Length == 1 || message.NtChallengeResponse.Length == 0) { return(true); } byte[] clientChallenge = ByteReader.ReadBytes(message.LmChallengeResponse, 0, 8); byte[] emptyPasswordNTLMv1Response = NTAuthentication.ComputeNTLMv1ExtendedSecurityResponse(m_serverChallenge, clientChallenge, String.Empty); if (ByteUtils.AreByteArraysEqual(emptyPasswordNTLMv1Response, message.NtChallengeResponse)) { return(true); } if (message.NtChallengeResponse.Length > 24) { NTLMv2ClientChallengeStructure clientChallengeStructure = new NTLMv2ClientChallengeStructure(message.NtChallengeResponse, 16); byte[] clientChallengeStructurePadded = clientChallengeStructure.GetBytesPadded(); byte[] emptyPasswordNTLMv2Response = NTAuthentication.ComputeNTLMv2Response(m_serverChallenge, clientChallengeStructurePadded, String.Empty, message.UserName, message.DomainName); if (ByteUtils.AreByteArraysEqual(emptyPasswordNTLMv2Response, message.NtChallengeResponse)) { return(true); } } return(false); }
public override async Task <AuthenticateResponse> Authenticate(AuthenticateMessage request, ServerCallContext context) { try { var userEntity = await _coreService.Authenticate(request.Name, EncodePassword(request.Password)); if (userEntity != null) { return(new AuthenticateResponse { Code = ResponseCode.Success, Data = _mapper.Map <User>(userEntity) }); } return(new AuthenticateResponse { Code = ResponseCode.GeneralError, Message = "Invalid username or password." }); } catch (Exception e) { return(new AuthenticateResponse { Code = ResponseCode.GeneralError, Message = e.Message }); } }
private bool Authenticate() { try { lock (this) { if (string.IsNullOrWhiteSpace(RequestedUsername)) { return(false); } _webSocket = new WebSocket(Endpoint); _webSocket.OnMessage += HandleAuthResponseMessage; _webSocket.Connect(); } int tries = 40; // wait for 10 seconds while (ReadyState != WebSocketState.Open && tries > 0) { Thread.Sleep(250); tries--; } if (ReadyState != WebSocketState.Open) { throw new Exception("Websocket Timeout"); } AuthenticateMessage requestMessage = new AuthenticateMessage(); requestMessage.PlayerName = RequestedUsername; string msg = JsonConvert.SerializeObject(requestMessage); lock (this) { if (_webSocket != null) { _webSocket.Send(msg); } } // wait for the delegate function to set _currentPlayer tries = 10; while (_currentPlayer == null && tries > 0) { Thread.Sleep(1000); tries--; } } catch (Exception e) { Log(e.ToString()); ResetSavedSession(); } lock (this) { _webSocket.Close(); _webSocket = null; } return(_currentPlayer != null); }
private static AuthenticateMessage CreateAuthenticateMessage(string accountNameToAuth, byte[] lmChallengeResponse, byte[] ntChallengeResponse) { AuthenticateMessage authenticateMessage = new AuthenticateMessage(); authenticateMessage.NegotiateFlags = NegotiateFlags.UnicodeEncoding | NegotiateFlags.OEMEncoding | NegotiateFlags.Sign | NegotiateFlags.NTLMSessionSecurity | NegotiateFlags.AlwaysSign | NegotiateFlags.Version | NegotiateFlags.Use128BitEncryption | NegotiateFlags.Use56BitEncryption; if (AuthenticationMessageUtils.IsNTLMv1ExtendedSessionSecurity(lmChallengeResponse) || AuthenticationMessageUtils.IsNTLMv2NTResponse(ntChallengeResponse)) { authenticateMessage.NegotiateFlags |= NegotiateFlags.ExtendedSessionSecurity; } else { authenticateMessage.NegotiateFlags |= NegotiateFlags.LanManagerSessionKey; } authenticateMessage.UserName = accountNameToAuth; authenticateMessage.LmChallengeResponse = lmChallengeResponse; authenticateMessage.NtChallengeResponse = ntChallengeResponse; authenticateMessage.Version = NTLMVersion.Server2003; return(authenticateMessage); }
public void HandleIncomingMessage(Message msg) { switch (msg.GetNetworkMessageType()) { case NetworkMessageType.Authenticate: AuthenticateMessage mA = msg as AuthenticateMessage; client.InitClient(mA.ClientId, "This is Client \n Id:" + mA.ClientId); break; case NetworkMessageType.Transform: TransformMessage transformMsg = msg as TransformMessage; if (!client.IsClientsCharacterCreated) { client.CreateClientsCharacter(transformMsg); } else { if (transformMsg.AcknowledgmentId != -1) { int acknoledgmentIdx = unAcknowledgedInputRequests. FindIndex(it => it.RequestId == transformMsg.AcknowledgmentId); if (acknoledgmentIdx != -1) { /* Removes this unacknowledged message and all that came before */ unAcknowledgedInputRequests.RemoveRange(0, acknoledgmentIdx + 1); /* Peform position prediction based on last acknowledged position */ lastAcknowledgedPosition = transformMsg.Position.Vect3; Vector3 newPosBasedOnAck = new Vector3(lastAcknowledgedPosition.x, lastAcknowledgedPosition.y, lastAcknowledgedPosition.z); foreach (InputMessage inputMsg in unAcknowledgedInputRequests) { newPosBasedOnAck += client.GetPositionChangeBasedOnInput(inputMsg); } client.SlowlyUpdateCharactersPosition(newPosBasedOnAck); } } else { client.UpdateCharactersTransform(transformMsg); } } break; case NetworkMessageType.MultipleTransforms: MultipleTranformMessage multipleTransfMsg = msg as MultipleTranformMessage; /* Update other player characters */ otherPlayerCharManager.UpdateOtherCharPosition(multipleTransfMsg); break; case NetworkMessageType.Disconnect: otherPlayerCharManager.DespawnDisconnectedPlayer(msg as DisconnectMessage); break; } }
private void authenticated(AuthenticateMessage msg) { if (msg.IsAuthenticate) { this.User = msg.LoginName; _manager.RequestNavigate(RegionNames.ContentTopRegion, new Uri(ViewNames.ModernFinder, UriKind.Relative)); var reg = _manager.Regions[RegionNames.LeftRegion]; reg.Remove(reg.Views.First()); } }
internal static SMB1Command GetSessionSetupResponse(SMB1Header header, SessionSetupAndXRequest request, GSSProvider securityProvider, SMB1ConnectionState state) { SessionSetupAndXResponse response = new SessionSetupAndXResponse(); // The PrimaryDomain field in the request is used to determine with domain controller should authenticate the user credentials, // However, the domain controller itself does not use this field. // See: http://msdn.microsoft.com/en-us/library/windows/desktop/aa378749%28v=vs.85%29.aspx AuthenticateMessage message = CreateAuthenticateMessage(request.AccountName, request.OEMPassword, request.UnicodePassword); header.Status = securityProvider.NTLMAuthenticate(state.AuthenticationContext, message); if (header.Status != NTStatus.STATUS_SUCCESS) { state.LogToServer(Severity.Information, "Session Setup: User '{0}' failed authentication (Domain: '{1}', OS: '{2}'), NTStatus: {3}", request.AccountName, request.PrimaryDomain, request.NativeOS, header.Status); return(new ErrorResponse(request.CommandName)); } string osVersion = securityProvider.GetContextAttribute(state.AuthenticationContext, GSSAttributeName.OSVersion) as string; byte[] sessionKey = securityProvider.GetContextAttribute(state.AuthenticationContext, GSSAttributeName.SessionKey) as byte[]; object accessToken = securityProvider.GetContextAttribute(state.AuthenticationContext, GSSAttributeName.AccessToken); bool? isGuest = securityProvider.GetContextAttribute(state.AuthenticationContext, GSSAttributeName.IsGuest) as bool?; SMB1Session session; if (!isGuest.HasValue || !isGuest.Value) { state.LogToServer(Severity.Information, "Session Setup: User '{0}' authenticated successfully (Domain: '{1}', Workstation: '{2}', OS version: '{3}').", message.UserName, message.DomainName, message.WorkStation, osVersion); session = state.CreateSession(message.UserName, message.WorkStation, sessionKey, accessToken); } else { state.LogToServer(Severity.Information, "Session Setup: User '{0}' failed authentication (Domain: '{1}', Workstation: '{2}', OS version: '{3}'), logged in as guest.", message.UserName, message.DomainName, message.WorkStation, osVersion); session = state.CreateSession("Guest", message.WorkStation, sessionKey, accessToken); response.Action = SessionSetupAction.SetupGuest; } if (session == null) { header.Status = NTStatus.STATUS_TOO_MANY_SESSIONS; return(new ErrorResponse(request.CommandName)); } header.UID = session.UserID; response.PrimaryDomain = request.PrimaryDomain; if ((request.Capabilities & ServerCapabilities.LargeRead) > 0) { state.LargeRead = true; } if ((request.Capabilities & ServerCapabilities.LargeWrite) > 0) { state.LargeWrite = true; } response.NativeOS = String.Empty; // "Windows Server 2003 3790 Service Pack 2" response.NativeLanMan = String.Empty; // "Windows Server 2003 5.2" return(response); }
/// <summary> /// Helper method for legacy implementation. /// </summary> public virtual NTStatus NtlmAuthenticate(GssContext?context, AuthenticateMessage authenticateMessage) { if (context == null || !ByteUtils.AreByteArraysEqual(context.Mechanism.Identifier, NtlmSspIdentifier)) { return(NTStatus.SEC_E_SECPKG_NOT_FOUND); } IGssMechanism mechanism = context.Mechanism; NTStatus result = mechanism.AcceptSecurityContext(ref context.MechanismContext, authenticateMessage.GetBytes(), out _); return(result); }
/// <summary> /// Helper method for legacy implementation. /// </summary> public virtual NTStatus NTLMAuthenticate(GSSContext context, AuthenticateMessage authenticateMessage) { if (context != null && ByteUtils.AreByteArraysEqual(context.Mechanism.Identifier, NTLMSSPIdentifier)) { IGSSMechanism mechanism = context.Mechanism; byte[] outputToken; NTStatus result = mechanism.AcceptSecurityContext(ref context.MechanismContext, authenticateMessage.GetBytes(), out outputToken); return(result); } else { return(NTStatus.SEC_E_SECPKG_NOT_FOUND); } }
public static AuthenticateMessage Parse(byte[] Data) { var parsedMessage = new AuthenticateMessage(); parsedMessage.ZSecurityRequestSignature = System.Text.Encoding.ASCII.GetString(Data, 0, 4); parsedMessage.Unkown_0 = BitConverter.ToInt32(Data, 4); parsedMessage.ZWatchSignature = System.Text.Encoding.ASCII.GetString(Data, 8, 4); parsedMessage.Unkown_1 = BitConverter.ToInt32(Data, 12); parsedMessage.Unkown_2 = new byte[20]; Buffer.BlockCopy(Data, 13, parsedMessage.Unkown_2, 0, parsedMessage.Unkown_2.Length); return(parsedMessage); }
public static IMessageStruct ParseMessageData(Message message) { switch ((Message.TYPE_ID)message.TypeID) { case Message.TYPE_ID.FIRST_SECURE_MESSAGE: return(FirstSecureMessage.Parse(message.Data)); case Message.TYPE_ID.FIRST_SECURE_MESSAGE_SERVER: return(FirstSecureMessageServer.Parse(message.Data)); case Message.TYPE_ID.GENERATE_SECURITY_CONTEXT: return(GenerateSecurityContext.Parse(message.Data)); case Message.TYPE_ID.SECURITY_CONTEXT_SERVER_MSG: return(SecurityContextServer.Parse(message.Data)); case Message.TYPE_ID.AUTHENTICATE_MSG: return(AuthenticateMessage.Parse(message.Data)); case Message.TYPE_ID.SERVER_ACCESS_GRANTED: return(ServerAccessGranted.Parse(message.Data)); case Message.TYPE_ID.SERVER_ACCESS_DENIED: return(ServerAccessDenied.Parse(message.Data)); case Message.TYPE_ID.CONNECT_MSG: return(ConnectMessage.Parse(message.Data)); case Message.TYPE_ID.CONNECT_ACK_MSG: return(ConnectAckMessage.Parse(message.Data)); case Message.TYPE_ID.STATE_MSG: return(StateMessage.Parse(message.Data)); case Message.TYPE_ID.USER_MSG: return(UserMessage.Parse(message.Data)); case Message.TYPE_ID.ERROR_MSG: return(ErrorMessage.Parse(message.Data)); case Message.TYPE_ID.WATCH_MSG: return(WatchMessage.Parse(message.Data)); case Message.TYPE_ID.DATA_MSG: return(DataMessage.Parse(message.Data)); default: return(null); } }
private void authenticate(AuthenticateMessage msg) { if (msg.IsAuthenticate) { this.LoginPanelVisible = Visibility.Collapsed; this.AbonentPanelVisible = Visibility.Visible; this.IsAuthenticate = true; } else { this.LoginPanelVisible = Visibility.Visible; this.AbonentPanelVisible = Visibility.Collapsed; this.IsAuthenticate = false; } }
/// <summary> /// Helper method for legacy implementation. /// </summary> public NTStatus NTLMAuthenticate(object context, AuthenticateMessage authenticateMessage) { IGSSMechanism ntlmAuthenticationProvider = FindMechanism(NTLMSSPIdentifier); if (ntlmAuthenticationProvider != null) { byte[] outputToken; NTStatus result = ntlmAuthenticationProvider.AcceptSecurityContext(ref context, authenticateMessage.GetBytes(), out outputToken); return(result); } else { return(NTStatus.SEC_E_SECPKG_NOT_FOUND); } }
public void TestNTLMv1ExtendedSessionSecurityKeyExchangeMIC() { string password = "******"; byte[] type1 = new byte[] { 0x4e, 0x54, 0x4c, 0x4d, 0x53, 0x53, 0x50, 0x00, 0x01, 0x00, 0x00, 0x00, 0x97, 0x82, 0x08, 0xe2, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x0a, 0x00, 0x00, 0x28, 0x00, 0x00, 0x00, 0x0f }; byte[] type2 = new byte[] { 0x4e, 0x54, 0x4c, 0x4d, 0x53, 0x53, 0x50, 0x00, 0x02, 0x00, 0x00, 0x00, 0x10, 0x00, 0x10, 0x00, 0x38, 0x00, 0x00, 0x00, 0x15, 0x82, 0x8a, 0xe2, 0x7a, 0x6d, 0x47, 0x52, 0x11, 0x8b, 0x9f, 0x37, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x60, 0x00, 0x60, 0x00, 0x48, 0x00, 0x00, 0x00, 0x06, 0x00, 0x71, 0x17, 0x00, 0x00, 0x00, 0x0f, 0x54, 0x00, 0x41, 0x00, 0x4c, 0x00, 0x2d, 0x00, 0x56, 0x00, 0x4d, 0x00, 0x31, 0x00, 0x30, 0x00, 0x02, 0x00, 0x10, 0x00, 0x54, 0x00, 0x41, 0x00, 0x4c, 0x00, 0x2d, 0x00, 0x56, 0x00, 0x4d, 0x00, 0x31, 0x00, 0x30, 0x00, 0x01, 0x00, 0x10, 0x00, 0x54, 0x00, 0x41, 0x00, 0x4c, 0x00, 0x2d, 0x00, 0x56, 0x00, 0x4d, 0x00, 0x31, 0x00, 0x30, 0x00, 0x04, 0x00, 0x10, 0x00, 0x54, 0x00, 0x61, 0x00, 0x6c, 0x00, 0x2d, 0x00, 0x56, 0x00, 0x4d, 0x00, 0x31, 0x00, 0x30, 0x00, 0x03, 0x00, 0x10, 0x00, 0x54, 0x00, 0x61, 0x00, 0x6c, 0x00, 0x2d, 0x00, 0x56, 0x00, 0x4d, 0x00, 0x31, 0x00, 0x30, 0x00, 0x07, 0x00, 0x08, 0x00, 0x28, 0x9a, 0x19, 0xec, 0x8d, 0x92, 0xd2, 0x01, 0x00, 0x00, 0x00, 0x00 }; byte[] type3 = new byte[] { 0x4e, 0x54, 0x4c, 0x4d, 0x53, 0x53, 0x50, 0x00, 0x03, 0x00, 0x00, 0x00, 0x18, 0x00, 0x18, 0x00, 0x7c, 0x00, 0x00, 0x00, 0x18, 0x00, 0x18, 0x00, 0x94, 0x00, 0x00, 0x00, 0x0e, 0x00, 0x0e, 0x00, 0x58, 0x00, 0x00, 0x00, 0x08, 0x00, 0x08, 0x00, 0x66, 0x00, 0x00, 0x00, 0x0e, 0x00, 0x0e, 0x00, 0x6e, 0x00, 0x00, 0x00, 0x10, 0x00, 0x10, 0x00, 0xac, 0x00, 0x00, 0x00, 0x15, 0x82, 0x88, 0xe2, 0x0a, 0x00, 0x00, 0x28, 0x00, 0x00, 0x00, 0x0f, 0xc6, 0x21, 0x82, 0x59, 0x83, 0xda, 0xc7, 0xe7, 0xfa, 0x96, 0x44, 0x67, 0x16, 0xc3, 0xb3, 0x5b, 0x54, 0x00, 0x41, 0x00, 0x4c, 0x00, 0x2d, 0x00, 0x56, 0x00, 0x4d, 0x00, 0x36, 0x00, 0x55, 0x00, 0x73, 0x00, 0x65, 0x00, 0x72, 0x00, 0x54, 0x00, 0x41, 0x00, 0x4c, 0x00, 0x2d, 0x00, 0x56, 0x00, 0x4d, 0x00, 0x36, 0x00, 0x90, 0x13, 0xb0, 0x36, 0xa4, 0xa5, 0xf0, 0x2e, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x5c, 0x46, 0xea, 0x77, 0x30, 0x44, 0xee, 0xa5, 0x98, 0x26, 0xa0, 0x93, 0x71, 0x5c, 0x83, 0xff, 0x76, 0x70, 0x1d, 0xf0, 0xb8, 0xa0, 0xad, 0x4d, 0xac, 0xe9, 0xf4, 0x5c, 0x3e, 0xb1, 0xb6, 0x48, 0x08, 0xa0, 0x46, 0x8c, 0x31, 0xe1, 0x2d, 0x60 }; byte[] serverChallenge = new ChallengeMessage(type2).ServerChallenge; AuthenticateMessage authenticateMessage = new AuthenticateMessage(type3); byte[] sessionBaseKey = new MD4().GetByteHashFromBytes(NTLMCryptography.NTOWFv1(password)); byte[] lmowf = NTLMCryptography.LMOWFv1(password); byte[] exportedSessionKey = GetExportedSessionKey(sessionBaseKey, authenticateMessage, serverChallenge, lmowf); // https://msdn.microsoft.com/en-us/library/cc236695.aspx const int micFieldOffset = 72; ByteWriter.WriteBytes(type3, micFieldOffset, new byte[16]); byte[] temp = ByteUtils.Concatenate(ByteUtils.Concatenate(type1, type2), type3); byte[] mic = new HMACMD5(exportedSessionKey).ComputeHash(temp); byte[] expected = new byte[] { 0xc6, 0x21, 0x82, 0x59, 0x83, 0xda, 0xc7, 0xe7, 0xfa, 0x96, 0x44, 0x67, 0x16, 0xc3, 0xb3, 0x5b }; Assert.IsTrue(ByteUtils.AreByteArraysEqual(mic, expected)); }
public static bool NTLMv2AuthenticateMessageTest() { byte[] expected = new byte[] { 0x4e, 0x54, 0x4c, 0x4d, 0x53, 0x53, 0x50, 0x00, 0x03, 0x00, 0x00, 0x00, 0x18, 0x00, 0x18, 0x00, 0x6c, 0x00, 0x00, 0x00, 0x54, 0x00, 0x54, 0x00, 0x84, 0x00, 0x00, 0x00, 0x0c, 0x00, 0x0c, 0x00, 0x48, 0x00, 0x00, 0x00, 0x08, 0x00, 0x08, 0x00, 0x54, 0x00, 0x00, 0x00, 0x10, 0x00, 0x10, 0x00, 0x5c, 0x00, 0x00, 0x00, 0x10, 0x00, 0x10, 0x00, 0xd8, 0x00, 0x00, 0x00, 0x35, 0x82, 0x88, 0xe2, 0x05, 0x01, 0x28, 0x0a, 0x00, 0x00, 0x00, 0x0f, 0x44, 0x00, 0x6f, 0x00, 0x6d, 0x00, 0x61, 0x00, 0x69, 0x00, 0x6e, 0x00, 0x55, 0x00, 0x73, 0x00, 0x65, 0x00, 0x72, 0x00, 0x43, 0x00, 0x4f, 0x00, 0x4d, 0x00, 0x50, 0x00, 0x55, 0x00, 0x54, 0x00, 0x45, 0x00, 0x52, 0x00, 0x86, 0xc3, 0x50, 0x97, 0xac, 0x9c, 0xec, 0x10, 0x25, 0x54, 0x76, 0x4a, 0x57, 0xcc, 0xcc, 0x19, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0x68, 0xcd, 0x0a, 0xb8, 0x51, 0xe5, 0x1c, 0x96, 0xaa, 0xbc, 0x92, 0x7b, 0xeb, 0xef, 0x6a, 0x1c, 0x01, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0x00, 0x00, 0x00, 0x00, 0x02, 0x00, 0x0c, 0x00, 0x44, 0x00, 0x6f, 0x00, 0x6d, 0x00, 0x61, 0x00, 0x69, 0x00, 0x6e, 0x00, 0x01, 0x00, 0x0c, 0x00, 0x53, 0x00, 0x65, 0x00, 0x72, 0x00, 0x76, 0x00, 0x65, 0x00, 0x72, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xc5, 0xda, 0xd2, 0x54, 0x4f, 0xc9, 0x79, 0x90, 0x94, 0xce, 0x1c, 0xe9, 0x0b, 0xc9, 0xd0, 0x3e }; AuthenticateMessage cmp = new AuthenticateMessage(expected); byte[] sessionKey = { 0xc5, 0xda, 0xd2, 0x54, 0x4f, 0xc9, 0x79, 0x90, 0x94, 0xce, 0x1c, 0xe9, 0x0b, 0xc9, 0xd0, 0x3e }; byte[] serverChallenge = new byte[] { 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef }; byte[] clientChallenge = new byte[] { 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa }; byte[] serverAVPair = AVPairUtils.GetAVPairSequence("Domain", "Server"); DateTime time = DateTime.FromFileTimeUtc(0); // same as new byte[8] NTLMv2ClientChallenge clientChallengeStructure = new NTLMv2ClientChallenge(time, clientChallenge, "Domain", "Server"); byte[] clientChallengeStructurePadded = clientChallengeStructure.GetBytesPadded(); byte[] clientNTProof = NTLMCryptography.ComputeNTLMv2Proof(serverChallenge, clientChallengeStructurePadded, "Password", "User", "Domain"); AuthenticateMessage message = new AuthenticateMessage(); message.EncryptedRandomSessionKey = sessionKey; message.Version = new NTLMVersion(5, 1, 2600, NTLMVersion.NTLMSSP_REVISION_W2K3); message.NegotiateFlags = NegotiateFlags.UnicodeEncoding | NegotiateFlags.TargetNameSupplied | NegotiateFlags.Sign | NegotiateFlags.Seal | NegotiateFlags.NTLMSessionSecurity | NegotiateFlags.AlwaysSign | NegotiateFlags.ExtendedSessionSecurity | NegotiateFlags.TargetInfo | NegotiateFlags.Version | NegotiateFlags.Use128BitEncryption | NegotiateFlags.KeyExchange | NegotiateFlags.Use56BitEncryption; message.DomainName = "Domain"; message.WorkStation = "COMPUTER"; message.UserName = "******"; message.LmChallengeResponse = NTLMCryptography.ComputeLMv2Response(serverChallenge, clientChallenge, "Password", "User", "Domain"); message.NtChallengeResponse = ByteUtils.Concatenate(clientNTProof, clientChallengeStructurePadded); byte[] messageBytes = message.GetBytes(); // The payload entries may be distributed differently so we use cmp.GetBytes() bool success = ByteUtils.AreByteArraysEqual(messageBytes, cmp.GetBytes()); return(success); }
private void Authenticate(AuthenticateMessage message) { var result = DataProvider.Authenticate(this, message); if (result == AuthenticateResult.Success) { isAuthenticated = true; } // Send message back to client with the result clientConnection.AuthenticateResult(result); // Initialize player data if authenticated if (isAuthenticated) { Initialize(); } }
public IPrincipal AuthenticateAdvertiser(AuthenticateMessage message) { var advertiser = _advertiserRepository.Get(message.Username); if (advertiser == null) { throw new InvalidUsernameException(); } var encryptedProvidedPassword = _cryptographyService.Encrypt(message.Password); if (!advertiser.Password.Equals(encryptedProvidedPassword)) { throw new InvalidPasswordException(); } return(Authenticate(AUTHENTICATION_TYPE_ADVERTISER)); }
private static byte[] GetExportedSessionKey(byte[] sessionBaseKey, AuthenticateMessage message, byte[] serverChallenge, byte[] lmowf) { byte[] keyExchangeKey; if (AuthenticationMessageUtils.IsNTLMv2NTResponse(message.NtChallengeResponse)) { keyExchangeKey = sessionBaseKey; } else { keyExchangeKey = NtlmCryptography.KXKey(sessionBaseKey, message.NegotiateFlags, message.LmChallengeResponse, serverChallenge, lmowf); } if ((message.NegotiateFlags & NegotiateFlags.KeyExchange) > 0) { return(RC4.Decrypt(keyExchangeKey, message.EncryptedRandomSessionKey)); } return(keyExchangeKey); }
/// <summary> /// Note: The 'limitblankpassworduse' (Under HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa) /// will cause AcceptSecurityContext to return SEC_E_LOGON_DENIED when the correct password is blank. /// </summary> public User Authenticate(string accountNameToAuth, byte[] lmResponse, byte[] ntlmResponse) { if (accountNameToAuth == String.Empty || (String.Equals(accountNameToAuth, "Guest", StringComparison.InvariantCultureIgnoreCase) && IsPasswordEmpty(lmResponse, ntlmResponse) && this.EnableGuestLogin)) { int guestIndex = IndexOf("Guest"); if (guestIndex >= 0) { return(this[guestIndex]); } return(null); } int index = IndexOf(accountNameToAuth); if (index >= 0) { // We should not spam the security event log, and should call the Windows LogonUser API // just to verify the user has a blank password. if (!AreEmptyPasswordsAllowed() && IsPasswordEmpty(lmResponse, ntlmResponse) && LoginAPI.HasEmptyPassword(accountNameToAuth)) { throw new EmptyPasswordNotAllowedException(); } AuthenticateMessage authenticateMessage = new AuthenticateMessage(); authenticateMessage.NegotiateFlags = NegotiateFlags.NegotiateUnicode | NegotiateFlags.NegotiateOEM | NegotiateFlags.RequestTarget | NegotiateFlags.NegotiateSign | NegotiateFlags.NegotiateSeal | NegotiateFlags.NegotiateLanManagerKey | NegotiateFlags.NegotiateNTLMKey | NegotiateFlags.NegotiateAlwaysSign | NegotiateFlags.NegotiateVersion | NegotiateFlags.Negotiate128 | NegotiateFlags.Negotiate56; authenticateMessage.UserName = accountNameToAuth; authenticateMessage.LmChallengeResponse = lmResponse; authenticateMessage.NtChallengeResponse = ntlmResponse; authenticateMessage.Version = Authentication.Version.Server2003; byte[] authenticateMessageBytes = authenticateMessage.GetBytes(); bool success = SSPIHelper.AuthenticateType3Message(m_serverContext, authenticateMessageBytes); if (success) { return(this[index]); } } return(null); }
public void TestNTLMv1MIC() { string password = "******"; byte[] type1 = new byte[] { 0x4e, 0x54, 0x4c, 0x4d, 0x53, 0x53, 0x50, 0x00, 0x01, 0x00, 0x00, 0x00, 0x97, 0x82, 0x08, 0xe2, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x0a, 0x00, 0x39, 0x38, 0x00, 0x00, 0x00, 0x0f }; byte[] type2 = new byte[] { 0x4e, 0x54, 0x4c, 0x4d, 0x53, 0x53, 0x50, 0x00, 0x02, 0x00, 0x00, 0x00, 0x06, 0x00, 0x06, 0x00, 0x38, 0x00, 0x00, 0x00, 0x15, 0x02, 0x82, 0xa2, 0xe8, 0xbe, 0x2f, 0x5b, 0xc5, 0xe9, 0xf7, 0xa7, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x18, 0x00, 0x18, 0x00, 0x3e, 0x00, 0x00, 0x00, 0x05, 0x02, 0xce, 0x0e, 0x00, 0x00, 0x00, 0x0f, 0x54, 0x00, 0x41, 0x00, 0x4c, 0x00, 0x02, 0x00, 0x06, 0x00, 0x54, 0x00, 0x41, 0x00, 0x4c, 0x00, 0x01, 0x00, 0x06, 0x00, 0x54, 0x00, 0x41, 0x00, 0x4c, 0x00, 0x00, 0x00, 0x00, 0x00 }; byte[] type3 = new byte[] { 0x4e, 0x54, 0x4c, 0x4d, 0x53, 0x53, 0x50, 0x00, 0x03, 0x00, 0x00, 0x00, 0x18, 0x00, 0x18, 0x00, 0x7c, 0x00, 0x00, 0x00, 0x18, 0x00, 0x18, 0x00, 0x94, 0x00, 0x00, 0x00, 0x0e, 0x00, 0x0e, 0x00, 0x58, 0x00, 0x00, 0x00, 0x08, 0x00, 0x08, 0x00, 0x66, 0x00, 0x00, 0x00, 0x0e, 0x00, 0x0e, 0x00, 0x6e, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xac, 0x00, 0x00, 0x00, 0x15, 0x02, 0x80, 0xa2, 0x0a, 0x00, 0x39, 0x38, 0x00, 0x00, 0x00, 0x0f, 0xae, 0xa7, 0xba, 0x44, 0x4e, 0x93, 0xa7, 0xdb, 0xb3, 0x0c, 0x85, 0x49, 0xc2, 0x2b, 0xba, 0x9a, 0x54, 0x00, 0x41, 0x00, 0x4c, 0x00, 0x2d, 0x00, 0x56, 0x00, 0x4d, 0x00, 0x36, 0x00, 0x55, 0x00, 0x73, 0x00, 0x65, 0x00, 0x72, 0x00, 0x54, 0x00, 0x41, 0x00, 0x4c, 0x00, 0x2d, 0x00, 0x56, 0x00, 0x4d, 0x00, 0x36, 0x00, 0xa6, 0x71, 0xbd, 0x94, 0x78, 0x4f, 0x05, 0xf1, 0x3f, 0x3a, 0x7b, 0x41, 0xcf, 0x53, 0x2e, 0x36, 0x73, 0xe2, 0x14, 0x53, 0xbd, 0x42, 0x5e, 0x8f, 0xa6, 0x71, 0xbd, 0x94, 0x78, 0x4f, 0x05, 0xf1, 0x3f, 0x3a, 0x7b, 0x41, 0xcf, 0x53, 0x2e, 0x36, 0x73, 0xe2, 0x14, 0x53, 0xbd, 0x42, 0x5e, 0x8f }; byte[] serverChallenge = new ChallengeMessage(type2).ServerChallenge; AuthenticateMessage authenticateMessage = new AuthenticateMessage(type3); byte[] sessionBaseKey = new MD4().GetByteHashFromBytes(NTLMCryptography.NTOWFv1(password)); byte[] lmowf = NTLMCryptography.LMOWFv1(password); byte[] exportedSessionKey = GetExportedSessionKey(sessionBaseKey, authenticateMessage, serverChallenge, lmowf); // https://msdn.microsoft.com/en-us/library/cc236695.aspx const int micFieldOffset = 72; ByteWriter.WriteBytes(type3, micFieldOffset, new byte[16]); byte[] temp = ByteUtils.Concatenate(ByteUtils.Concatenate(type1, type2), type3); byte[] mic = new HMACMD5(exportedSessionKey).ComputeHash(temp); byte[] expected = new byte[] { 0xae, 0xa7, 0xba, 0x44, 0x4e, 0x93, 0xa7, 0xdb, 0xb3, 0x0c, 0x85, 0x49, 0xc2, 0x2b, 0xba, 0x9a }; Assert.IsTrue(ByteUtils.AreByteArraysEqual(mic, expected)); }
public void TestLMMIC() { string password = "******"; byte[] type1 = new byte[] { 0x4e, 0x54, 0x4c, 0x4d, 0x53, 0x53, 0x50, 0x00, 0x01, 0x00, 0x00, 0x00, 0x97, 0x82, 0x08, 0xe2, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x06, 0x01, 0xb1, 0x1d, 0x00, 0x00, 0x00, 0x0f }; byte[] type2 = new byte[] { 0x4e, 0x54, 0x4c, 0x4d, 0x53, 0x53, 0x50, 0x00, 0x02, 0x00, 0x00, 0x00, 0x06, 0x00, 0x06, 0x00, 0x38, 0x00, 0x00, 0x00, 0x95, 0x00, 0x82, 0xa2, 0x28, 0x96, 0xe3, 0x6a, 0xd1, 0xb7, 0x74, 0xb8, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x18, 0x00, 0x18, 0x00, 0x3e, 0x00, 0x00, 0x00, 0x05, 0x02, 0xce, 0x0e, 0x00, 0x00, 0x00, 0x0f, 0x54, 0x00, 0x41, 0x00, 0x4c, 0x00, 0x02, 0x00, 0x06, 0x00, 0x54, 0x00, 0x41, 0x00, 0x4c, 0x00, 0x01, 0x00, 0x06, 0x00, 0x54, 0x00, 0x41, 0x00, 0x4c, 0x00, 0x00, 0x00, 0x00, 0x00 }; byte[] type3 = new byte[] { 0x4e, 0x54, 0x4c, 0x4d, 0x53, 0x53, 0x50, 0x00, 0x03, 0x00, 0x00, 0x00, 0x18, 0x00, 0x18, 0x00, 0x7c, 0x00, 0x00, 0x00, 0x18, 0x00, 0x18, 0x00, 0x94, 0x00, 0x00, 0x00, 0x0e, 0x00, 0x0e, 0x00, 0x58, 0x00, 0x00, 0x00, 0x08, 0x00, 0x08, 0x00, 0x66, 0x00, 0x00, 0x00, 0x0e, 0x00, 0x0e, 0x00, 0x6e, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xac, 0x00, 0x00, 0x00, 0x95, 0x00, 0x80, 0xa2, 0x06, 0x01, 0xb1, 0x1d, 0x00, 0x00, 0x00, 0x0f, 0x4e, 0x65, 0x54, 0xe6, 0xb3, 0xdc, 0xdc, 0x16, 0xef, 0xc4, 0xd0, 0x03, 0x3b, 0x81, 0x61, 0x6f, 0x54, 0x00, 0x41, 0x00, 0x4c, 0x00, 0x2d, 0x00, 0x56, 0x00, 0x4d, 0x00, 0x37, 0x00, 0x55, 0x00, 0x73, 0x00, 0x65, 0x00, 0x72, 0x00, 0x54, 0x00, 0x41, 0x00, 0x4c, 0x00, 0x2d, 0x00, 0x56, 0x00, 0x4d, 0x00, 0x37, 0x00, 0xc1, 0xd1, 0x06, 0x56, 0xa3, 0xa9, 0x64, 0x14, 0x0e, 0x7f, 0x43, 0x19, 0x3f, 0x29, 0xf3, 0x72, 0xa3, 0xc1, 0xbe, 0x02, 0xd0, 0x6f, 0xff, 0x20, 0xc1, 0xd1, 0x06, 0x56, 0xa3, 0xa9, 0x64, 0x14, 0x0e, 0x7f, 0x43, 0x19, 0x3f, 0x29, 0xf3, 0x72, 0xa3, 0xc1, 0xbe, 0x02, 0xd0, 0x6f, 0xff, 0x20 }; byte[] serverChallenge = new ChallengeMessage(type2).ServerChallenge; AuthenticateMessage authenticateMessage = new AuthenticateMessage(type3); byte[] sessionBaseKey = new MD4().GetByteHashFromBytes(NTLMCryptography.NTOWFv1(password)); byte[] lmowf = NTLMCryptography.LMOWFv1(password); byte[] exportedSessionKey = GetExportedSessionKey(sessionBaseKey, authenticateMessage, serverChallenge, lmowf); // https://msdn.microsoft.com/en-us/library/cc236695.aspx const int micFieldOffset = 72; ByteWriter.WriteBytes(type3, micFieldOffset, new byte[16]); byte[] temp = ByteUtils.Concatenate(ByteUtils.Concatenate(type1, type2), type3); byte[] mic = new HMACMD5(exportedSessionKey).ComputeHash(temp); byte[] expected = new byte[] { 0x4e, 0x65, 0x54, 0xe6, 0xb3, 0xdc, 0xdc, 0x16, 0xef, 0xc4, 0xd0, 0x03, 0x3b, 0x81, 0x61, 0x6f }; Assert.IsTrue(ByteUtils.AreByteArraysEqual(mic, expected)); }
public AuthenticatedMessage Authenticate(AuthenticateMessage message) { AuthenticatedMessage response = new AuthenticatedMessage(); if (String.IsNullOrWhiteSpace(message.PlayerName)) { response.Status = AuthenticationStatus.BadUser; _websocket.LogMessage($"Player failed authenticate: bad PlayerName"); return(response); } Player player; try { player = _websocket.GetCurrentSessionPlayer(); player.Color = message.PlayerColor; } catch (Exception e) { _websocket.LogMessage($"Caught exception from GetCurrentPlayer, {e.Message}"); player = null; } if (player == null) { Player prev = Server.Instance.Players.FirstOrDefault(p => p.Name == message.PlayerName); if (prev != null) { _websocket.LogMessage($"Found existing player matching name {message.PlayerName}, removing..."); Server.Instance.Players.Remove(prev); } player = _websocket.CreatePlayerSession(message.PlayerName.Truncate(MaxPlayerNameLen)); } response.PlayerId = player.Id.ToString(); response.PlayerName = player.Name; response.PlayerColor = player.Color; response.SessionId = player.SessionData.SessionId; _websocket.LogMessage($"Player authenticated: {JsonConvert.SerializeObject(response)}"); return(response); }
public User Authenticate(AuthenticateMessage message) { User user; if ((message.NegotiateFlags & NegotiateFlags.NegotiateExtendedSecurity) > 0) { user = AuthenticateV1Extended(message.UserName, m_serverChallenge, message.LmChallengeResponse, message.NtChallengeResponse); } else { user = AuthenticateV1(message.UserName, m_serverChallenge, message.LmChallengeResponse, message.NtChallengeResponse); } if (user == null) { // NTLM v2 user = AuthenticateV2(message.DomainName, message.UserName, m_serverChallenge, message.LmChallengeResponse, message.NtChallengeResponse); } return(user); }
/// <summary> /// Note: The 'limitblankpassworduse' (Under HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa) /// will cause AcceptSecurityContext to return SEC_E_LOGON_DENIED when the correct password is blank. /// </summary> public User Authenticate(byte[] authenticateMessageBytes) { AuthenticateMessage message = new AuthenticateMessage(authenticateMessageBytes); if ((message.NegotiateFlags & NegotiateFlags.NegotiateAnonymous) > 0 || (String.Equals(message.UserName, "Guest", StringComparison.InvariantCultureIgnoreCase) && IsPasswordEmpty(message) && this.EnableGuestLogin)) { int guestIndex = IndexOf("Guest"); if (guestIndex >= 0) { return(this[guestIndex]); } return(null); } int index = IndexOf(message.UserName); if (index >= 0) { // We should not spam the security event log, and should call the Windows LogonUser API // just to verify the user has a blank password. if (!AreEmptyPasswordsAllowed() && IsPasswordEmpty(message) && LoginAPI.HasEmptyPassword(message.UserName)) { throw new EmptyPasswordNotAllowedException(); } bool success = SSPIHelper.AuthenticateType3Message(m_serverContext, authenticateMessageBytes); if (success) { return(this[index]); } } return(null); }
public static byte[]? GetAuthenticateMessage(byte[] securityBlob, string domainName, string userName, string password, AuthenticationMethod authenticationMethod, out byte[]?sessionKey) { sessionKey = null; bool useGssApi = false; SimpleProtectedNegotiationTokenResponse?inputToken = null; try { inputToken = SimpleProtectedNegotiationToken.ReadToken(securityBlob, 0, false) as SimpleProtectedNegotiationTokenResponse; } catch { // ignored } ChallengeMessage?challengeMessage; if (inputToken != null) { challengeMessage = GetChallengeMessage(inputToken.ResponseToken); useGssApi = true; } else { challengeMessage = GetChallengeMessage(securityBlob); } if (challengeMessage == null) { return(null); } DateTime time = DateTime.UtcNow; byte[] clientChallenge = new byte[8]; new Random().NextBytes(clientChallenge); AuthenticateMessage authenticateMessage = new AuthenticateMessage { // https://msdn.microsoft.com/en-us/library/cc236676.aspx NegotiateFlags = NegotiateFlags.Sign | NegotiateFlags.NTLMSessionSecurity | NegotiateFlags.AlwaysSign | NegotiateFlags.Version | NegotiateFlags.Use128BitEncryption | NegotiateFlags.Use56BitEncryption }; if ((challengeMessage.NegotiateFlags & NegotiateFlags.UnicodeEncoding) > 0) { authenticateMessage.NegotiateFlags |= NegotiateFlags.UnicodeEncoding; } else { authenticateMessage.NegotiateFlags |= NegotiateFlags.OEMEncoding; } if ((challengeMessage.NegotiateFlags & NegotiateFlags.KeyExchange) > 0) { authenticateMessage.NegotiateFlags |= NegotiateFlags.KeyExchange; } if (authenticationMethod == AuthenticationMethod.NtlmV1) { authenticateMessage.NegotiateFlags |= NegotiateFlags.LanManagerSessionKey; } else { authenticateMessage.NegotiateFlags |= NegotiateFlags.ExtendedSessionSecurity; } authenticateMessage.UserName = userName; authenticateMessage.DomainName = domainName; authenticateMessage.WorkStation = Environment.MachineName; byte[] sessionBaseKey; byte[] keyExchangeKey; if (authenticationMethod == AuthenticationMethod.NtlmV1 || authenticationMethod == AuthenticationMethod.NtlmV1ExtendedSessionSecurity) { if (authenticationMethod == AuthenticationMethod.NtlmV1) { authenticateMessage.LmChallengeResponse = NtlmCryptography.ComputeLMv1Response(challengeMessage.ServerChallenge, password); authenticateMessage.NtChallengeResponse = NtlmCryptography.ComputeNTLMv1Response(challengeMessage.ServerChallenge, password); } else // NtlmV1ExtendedSessionSecurity { authenticateMessage.LmChallengeResponse = ByteUtils.Concatenate(clientChallenge, new byte[16]); authenticateMessage.NtChallengeResponse = NtlmCryptography.ComputeNTLMv1ExtendedSessionSecurityResponse(challengeMessage.ServerChallenge, clientChallenge, password); } // https://msdn.microsoft.com/en-us/library/cc236699.aspx sessionBaseKey = new MD4().GetByteHashFromBytes(NtlmCryptography.NTOWFv1(password)); byte[] lmowf = NtlmCryptography.LMOWFv1(password); keyExchangeKey = NtlmCryptography.KXKey(sessionBaseKey, authenticateMessage.NegotiateFlags, authenticateMessage.LmChallengeResponse, challengeMessage.ServerChallenge, lmowf); } else // NtlmV2 { NTLMv2ClientChallenge clientChallengeStructure = new NTLMv2ClientChallenge(time, clientChallenge, challengeMessage.TargetInfo); byte[] clientChallengeStructurePadded = clientChallengeStructure.GetBytesPadded(); byte[] ntProofStr = NtlmCryptography.ComputeNTLMv2Proof(challengeMessage.ServerChallenge, clientChallengeStructurePadded, password, userName, domainName); authenticateMessage.LmChallengeResponse = NtlmCryptography.ComputeLMv2Response(challengeMessage.ServerChallenge, clientChallenge, password, userName, challengeMessage.TargetName); authenticateMessage.NtChallengeResponse = ByteUtils.Concatenate(ntProofStr, clientChallengeStructurePadded); // https://msdn.microsoft.com/en-us/library/cc236700.aspx byte[] responseKeyNT = NtlmCryptography.NTOWFv2(password, userName, domainName); using HMACMD5 md5 = new HMACMD5(responseKeyNT); sessionBaseKey = md5.ComputeHash(ntProofStr); keyExchangeKey = sessionBaseKey; } authenticateMessage.Version = NtlmVersion.Server2003; // https://msdn.microsoft.com/en-us/library/cc236676.aspx if ((challengeMessage.NegotiateFlags & NegotiateFlags.KeyExchange) > 0) { sessionKey = new byte[16]; new Random().NextBytes(sessionKey); authenticateMessage.EncryptedRandomSessionKey = RC4.Encrypt(keyExchangeKey, sessionKey); } else { sessionKey = keyExchangeKey; } if (!useGssApi) { return(authenticateMessage.GetBytes()); } SimpleProtectedNegotiationTokenResponse outputToken = new SimpleProtectedNegotiationTokenResponse { ResponseToken = authenticateMessage.GetBytes() }; return(outputToken.GetBytes()); }
static public AuthenticateMessage CreateType3(this ChallengeMessage challengeMessage, string strUserName, byte[] passwordNTHash) { return(AuthenticateMessage.CreateAuthenticateMessage(challengeMessage, strUserName, passwordNTHash)); }
/// <summary> /// Authenticate will return false when the password is correct in these cases: /// 1. The correct password is blank and 'limitblankpassworduse' is set to 1. /// 2. The user is listed in the "Deny access to this computer from the network" list. /// </summary> public override NTStatus Authenticate(object context, byte[] authenticateMessageBytes) { AuthenticateMessage message; try { message = new AuthenticateMessage(authenticateMessageBytes); } catch (Exception) { return(NTStatus.SEC_E_INVALID_TOKEN); } AuthContext authContext = context as AuthContext; if (authContext == null) { // There are two possible reasons for authContext to be null: // 1. We have a bug in our implementation, let's assume that's not the case, // according to [MS-SMB2] 3.3.5.5.1 we aren't allowed to return SEC_E_INVALID_HANDLE anyway. // 2. The client sent AuthenticateMessage without sending NegotiateMessage first, // in this case the correct response is SEC_E_INVALID_TOKEN. return(NTStatus.SEC_E_INVALID_TOKEN); } authContext.DomainName = message.DomainName; authContext.UserName = message.UserName; authContext.WorkStation = message.WorkStation; if (message.Version != null) { authContext.OSVersion = message.Version.ToString(); } if ((message.NegotiateFlags & NegotiateFlags.Anonymous) > 0 || !IsUserExists(message.UserName)) { if (this.EnableGuestLogin) { authContext.IsGuest = true; return(NTStatus.STATUS_SUCCESS); } else { return(NTStatus.STATUS_LOGON_FAILURE); } } bool success; try { success = SSPIHelper.AuthenticateType3Message(authContext.ServerContext, authenticateMessageBytes); } catch (Exception) { // We assume that the problem is not with our implementation. return(NTStatus.SEC_E_INVALID_TOKEN); } if (success) { return(NTStatus.STATUS_SUCCESS); } else { Win32Error result = (Win32Error)Marshal.GetLastWin32Error(); // Windows will permit fallback when these conditions are met: // 1. The guest user account is enabled. // 2. The guest user account does not have a password set. // 3. The specified account does not exist. // OR: // The password is correct but 'limitblankpassworduse' is set to 1 (logon over a network is disabled for accounts without a password). bool allowFallback = (result == Win32Error.ERROR_ACCOUNT_RESTRICTION); if (allowFallback && this.EnableGuestLogin) { authContext.IsGuest = true; return(NTStatus.STATUS_SUCCESS); } else { return(ToNTStatus(result)); } } }
public Task<bool> Authenticate(UInt64 UserId, UInt64 DeviceId, UInt64 Secret) { var msg = new AuthenticateMessage() { user_id = UserId, device_id = DeviceId, secret = Secret, }; var signal = new AutoResetEvent(false); Action<Dictionary<String, Object>> handler = dictionary => { token = Convert.ToUInt64(dictionary["token"]); signal.Set(); }; lock (rpchandler) rpchandler[(UInt16)MessageType.AUTHENTICATE_RESPONSE].Enqueue(handler); return Send(serializer.Serialize(msg)) .ContinueWith(task => { bool proceed = task.Result; if (proceed) signal.WaitOne(); // block until the next response return proceed; }); }
public void Update(Server server) { int recHostId; int connectionId; int channelId; byte[] recBuffer = new byte[1024]; int bufferSize = 1024; int dataSize; byte error; NetworkEventType recData = NetworkTransport.Receive(out recHostId, out connectionId, out channelId, recBuffer, bufferSize, out dataSize, out error); switch (recData) { case NetworkEventType.ConnectEvent: if (!clientDataManager.IsPlayerAlreadySpawned(connectionId)) { /* Create player */ GameObject characterObj = server.SpawnClientsCharacter(connectionId); clientDataManager.CreateCharacter(characterObj, connectionId); /* Identify the player */ AuthenticateMessage mA = new AuthenticateMessage(connectionId, connectionId); SendNetworkReliableMessage(mA, connectionId); /* Send Info about other player positions */ SendClientAllOtherCharacterPositions(connectionId); /* Send player his position */ SendPositionToNewelyCreatedCharacter(server, characterObj.transform.position, connectionId); } break; case NetworkEventType.DataEvent: Stream stream = new MemoryStream(recBuffer); Message message = (Message)binFormater.Deserialize(stream); clientDataManager.HandlePlayerMessagesData(this, message); break; case NetworkEventType.DisconnectEvent: GameObject characterToRemove = clientDataManager.RemoveCharacterFromWorld(connectionId); server.DeleteGameObject(characterToRemove); clientDataManager.InformAllClientAboutCharacterDisconnect(this, connectionId); break; } /* Inform all clients about other client character positions */ sendPositionTimer += Time.deltaTime; if (sendPositionTimer > GameConsts.TTW_FOR_OTHER_CHAR_POS_UPDATE) { clientDataManager.SendAllPlayersAllOtherPlayerPostions(this); sendPositionTimer = 0f; } }
public void TestNTLMv2KeyExchangeMIC() { byte[] responseKeyNT = NTLMCryptography.NTOWFv2("Password", "User", "TAL-VM6"); byte[] type1 = new byte[] { 0x4e, 0x54, 0x4c, 0x4d, 0x53, 0x53, 0x50, 0x00, 0x01, 0x00, 0x00, 0x00, 0x97, 0x82, 0x08, 0xe2, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x0a, 0x00, 0x00, 0x28, 0x00, 0x00, 0x00, 0x0f }; byte[] type2 = new byte[] { 0x4e, 0x54, 0x4c, 0x4d, 0x53, 0x53, 0x50, 0x00, 0x02, 0x00, 0x00, 0x00, 0x10, 0x00, 0x10, 0x00, 0x38, 0x00, 0x00, 0x00, 0x15, 0x82, 0x8a, 0xe2, 0x63, 0x74, 0x79, 0x77, 0xe1, 0xea, 0x35, 0x51, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x60, 0x00, 0x60, 0x00, 0x48, 0x00, 0x00, 0x00, 0x06, 0x00, 0x71, 0x17, 0x00, 0x00, 0x00, 0x0f, 0x54, 0x00, 0x41, 0x00, 0x4c, 0x00, 0x2d, 0x00, 0x56, 0x00, 0x4d, 0x00, 0x31, 0x00, 0x30, 0x00, 0x02, 0x00, 0x10, 0x00, 0x54, 0x00, 0x41, 0x00, 0x4c, 0x00, 0x2d, 0x00, 0x56, 0x00, 0x4d, 0x00, 0x31, 0x00, 0x30, 0x00, 0x01, 0x00, 0x10, 0x00, 0x54, 0x00, 0x41, 0x00, 0x4c, 0x00, 0x2d, 0x00, 0x56, 0x00, 0x4d, 0x00, 0x31, 0x00, 0x30, 0x00, 0x04, 0x00, 0x10, 0x00, 0x54, 0x00, 0x61, 0x00, 0x6c, 0x00, 0x2d, 0x00, 0x56, 0x00, 0x4d, 0x00, 0x31, 0x00, 0x30, 0x00, 0x03, 0x00, 0x10, 0x00, 0x54, 0x00, 0x61, 0x00, 0x6c, 0x00, 0x2d, 0x00, 0x56, 0x00, 0x4d, 0x00, 0x31, 0x00, 0x30, 0x00, 0x07, 0x00, 0x08, 0x00, 0x1f, 0x8a, 0xd4, 0xff, 0x01, 0x91, 0xd2, 0x01, 0x00, 0x00, 0x00, 0x00 }; byte[] type3 = new byte[] { 0x4e, 0x54, 0x4c, 0x4d, 0x53, 0x53, 0x50, 0x00, 0x03, 0x00, 0x00, 0x00, 0x18, 0x00, 0x18, 0x00, 0x7c, 0x00, 0x00, 0x00, 0x02, 0x01, 0x02, 0x01, 0x94, 0x00, 0x00, 0x00, 0x0e, 0x00, 0x0e, 0x00, 0x58, 0x00, 0x00, 0x00, 0x08, 0x00, 0x08, 0x00, 0x66, 0x00, 0x00, 0x00, 0x0e, 0x00, 0x0e, 0x00, 0x6e, 0x00, 0x00, 0x00, 0x10, 0x00, 0x10, 0x00, 0x96, 0x01, 0x00, 0x00, 0x15, 0x82, 0x88, 0xe2, 0x0a, 0x00, 0x00, 0x28, 0x00, 0x00, 0x00, 0x0f, 0x82, 0x3c, 0xff, 0x48, 0xa9, 0x03, 0x13, 0x4c, 0x33, 0x3c, 0x09, 0x87, 0xf3, 0x16, 0x59, 0x89, 0x54, 0x00, 0x41, 0x00, 0x4c, 0x00, 0x2d, 0x00, 0x56, 0x00, 0x4d, 0x00, 0x36, 0x00, 0x55, 0x00, 0x73, 0x00, 0x65, 0x00, 0x72, 0x00, 0x54, 0x00, 0x41, 0x00, 0x4c, 0x00, 0x2d, 0x00, 0x56, 0x00, 0x4d, 0x00, 0x36, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xb3, 0x06, 0x65, 0xe3, 0x9f, 0x03, 0xe1, 0xc3, 0xd8, 0x28, 0x7c, 0x9c, 0x35, 0x0d, 0x32, 0x4c, 0x01, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x1f, 0x8a, 0xd4, 0xff, 0x01, 0x91, 0xd2, 0x01, 0x77, 0x71, 0x91, 0x94, 0xb1, 0x6e, 0x66, 0x28, 0x00, 0x00, 0x00, 0x00, 0x02, 0x00, 0x10, 0x00, 0x54, 0x00, 0x41, 0x00, 0x4c, 0x00, 0x2d, 0x00, 0x56, 0x00, 0x4d, 0x00, 0x31, 0x00, 0x30, 0x00, 0x01, 0x00, 0x10, 0x00, 0x54, 0x00, 0x41, 0x00, 0x4c, 0x00, 0x2d, 0x00, 0x56, 0x00, 0x4d, 0x00, 0x31, 0x00, 0x30, 0x00, 0x04, 0x00, 0x10, 0x00, 0x54, 0x00, 0x61, 0x00, 0x6c, 0x00, 0x2d, 0x00, 0x56, 0x00, 0x4d, 0x00, 0x31, 0x00, 0x30, 0x00, 0x03, 0x00, 0x10, 0x00, 0x54, 0x00, 0x61, 0x00, 0x6c, 0x00, 0x2d, 0x00, 0x56, 0x00, 0x4d, 0x00, 0x31, 0x00, 0x30, 0x00, 0x07, 0x00, 0x08, 0x00, 0x1f, 0x8a, 0xd4, 0xff, 0x01, 0x91, 0xd2, 0x01, 0x06, 0x00, 0x04, 0x00, 0x02, 0x00, 0x00, 0x00, 0x08, 0x00, 0x30, 0x00, 0x30, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x20, 0x00, 0x00, 0x19, 0x0d, 0x73, 0xca, 0x97, 0x30, 0x2a, 0xa7, 0x7a, 0x1f, 0xb6, 0xad, 0xe2, 0xe5, 0x4a, 0x59, 0x4a, 0x93, 0x7e, 0x37, 0xcd, 0x0c, 0xd7, 0x90, 0x25, 0xc4, 0xaf, 0x8a, 0x17, 0x99, 0x69, 0x56, 0x0a, 0x00, 0x10, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x09, 0x00, 0x1a, 0x00, 0x63, 0x00, 0x69, 0x00, 0x66, 0x00, 0x73, 0x00, 0x2f, 0x00, 0x54, 0x00, 0x61, 0x00, 0x6c, 0x00, 0x2d, 0x00, 0x56, 0x00, 0x4d, 0x00, 0x31, 0x00, 0x30, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x71, 0x7c, 0xce, 0x0b, 0x92, 0x46, 0x46, 0x0d, 0x5b, 0x3b, 0x11, 0xb4, 0xde, 0x86, 0x28, 0x11 }; byte[] serverChallenge = new ChallengeMessage(type2).ServerChallenge; AuthenticateMessage authenticateMessage = new AuthenticateMessage(type3); byte[] ntProofStr = ByteReader.ReadBytes(authenticateMessage.NtChallengeResponse, 0, 16); byte[] sessionBaseKey = new HMACMD5(responseKeyNT).ComputeHash(ntProofStr); byte[] exportedSessionKey = GetExportedSessionKey(sessionBaseKey, authenticateMessage, serverChallenge, null); // https://msdn.microsoft.com/en-us/library/cc236695.aspx const int micFieldOffset = 72; ByteWriter.WriteBytes(type3, micFieldOffset, new byte[16]); byte[] temp = ByteUtils.Concatenate(ByteUtils.Concatenate(type1, type2), type3); byte[] mic = new HMACMD5(exportedSessionKey).ComputeHash(temp); byte[] expected = new byte[] { 0x82, 0x3c, 0xff, 0x48, 0xa9, 0x03, 0x13, 0x4c, 0x33, 0x3c, 0x09, 0x87, 0xf3, 0x16, 0x59, 0x89 }; Assert.IsTrue(ByteUtils.AreByteArraysEqual(mic, expected)); }
public AuthenticateResult Authenticate(Player player, AuthenticateMessage message) { throw new System.NotImplementedException(); }