public NTStatus Login(string domainName, string userName, string password, AuthenticationMethod authenticationMethod) { if (!m_isConnected) { throw new InvalidOperationException("A connection must be successfully established before attempting login"); } byte[] negotiateMessage = NTLMAuthenticationHelper.GetNegotiateMessage(m_securityBlob, domainName, authenticationMethod); if (negotiateMessage == null) { return(NTStatus.SEC_E_INVALID_TOKEN); } SessionSetupRequest request = new SessionSetupRequest(); request.SecurityMode = SecurityMode.SigningEnabled; request.SecurityBuffer = negotiateMessage; TrySendCommand(request); SMB2Command response = WaitForCommand(SMB2CommandName.SessionSetup); if (response != null) { if (response.Header.Status == NTStatus.STATUS_MORE_PROCESSING_REQUIRED && response is SessionSetupResponse) { byte[] authenticateMessage = NTLMAuthenticationHelper.GetAuthenticateMessage(((SessionSetupResponse)response).SecurityBuffer, domainName, userName, password, authenticationMethod, out m_sessionKey); if (authenticateMessage == null) { return(NTStatus.SEC_E_INVALID_TOKEN); } m_sessionID = response.Header.SessionID; request = new SessionSetupRequest(); request.SecurityMode = SecurityMode.SigningEnabled; request.SecurityBuffer = authenticateMessage; TrySendCommand(request); response = WaitForCommand(SMB2CommandName.SessionSetup); if (response != null) { m_isLoggedIn = (response.Header.Status == NTStatus.STATUS_SUCCESS); if (m_isLoggedIn) { m_signingKey = SMB2Cryptography.GenerateSigningKey(m_sessionKey, m_dialect, null); if (m_dialect == SMB2Dialect.SMB300) { m_encryptSessionData = (((SessionSetupResponse)response).SessionFlags & SessionFlags.EncryptData) > 0; m_encryptionKey = SMB2Cryptography.GenerateClientEncryptionKey(m_sessionKey, SMB2Dialect.SMB300, null); m_decryptionKey = SMB2Cryptography.GenerateClientDecryptionKey(m_sessionKey, SMB2Dialect.SMB300, null); } } return(response.Header.Status); } } else { return(response.Header.Status); } } return(NTStatus.STATUS_INVALID_SMB); }
public void TestDecryptionKeyGeneration() { byte[] sessionKey = new byte[] { 0xB4, 0x54, 0x67, 0x71, 0xB5, 0x15, 0xF7, 0x66, 0xA8, 0x67, 0x35, 0x53, 0x2D, 0xD6, 0xC4, 0xF0 }; byte[] decryptionKey = SMB2Cryptography.GenerateClientDecryptionKey(sessionKey, SMB2Dialect.SMB300, null); byte[] expectedDecryptionKey = new byte[] { 0x8F, 0xE2, 0xB5, 0x7E, 0xC3, 0x4D, 0x2D, 0xB5, 0xB1, 0xA9, 0x72, 0x7F, 0x52, 0x6B, 0xBD, 0xB5 }; Assert.True(ByteUtils.AreByteArraysEqual(expectedDecryptionKey, decryptionKey)); }