// Class(60) { // OID(spnego), // Class(A0) { // Class(30) { // Class(A0) { // Class(30) { OID,OID,OID} }, // Class(A2) { OctetStream } } } } public byte [] ProcessSpnegoInitialContextTokenRequest () { Type1Message type1 = new Type1Message (NtlmVersion.Version3); type1.Flags = unchecked ((NtlmFlags) 0xE21882B7); type1.Domain = "WORKGROUP"; // FIXME: remove it ASN1 asn = new ASN1 (0x60); ASN1 asn2 = new ASN1 (0xA0); ASN1 asn21 = new ASN1 (0x30); ASN1 asn211 = new ASN1 (0xA0); ASN1 asn2111 = new ASN1 (0x30); asn211.Add (asn2111); asn2111.Add (ASN1Convert.FromOid (Constants.OidNtlmSsp)); asn2111.Add (ASN1Convert.FromOid (Constants.OidKerberos5)); asn2111.Add (ASN1Convert.FromOid (Constants.OidMIT)); ASN1 asn212 = new ASN1 (0xA2); ASN1 asn2121 = new ASN1 (0x4); asn2121.Value = type1.GetBytes (); asn212.Add (asn2121); asn21.Add (asn211); asn21.Add (asn212); asn2.Add (asn21); asn.Add (ASN1Convert.FromOid (Constants.OidSpnego)); asn.Add (asn2); return asn.GetBytes (); }
// Example from http://www.innovation.ch/java/ntlm.html public void Encode1 () { Type1Message msg = new Type1Message (); AssertEquals ("Type", 1, msg.Type); msg.Domain = "Ursa-Minor"; msg.Host = "LightCity"; AssertEquals ("GetBytes", "4E-54-4C-4D-53-53-50-00-01-00-00-00-07-B2-00-00-0A-00-0A-00-29-00-00-00-09-00-09-00-20-00-00-00-4C-49-47-48-54-43-49-54-59-55-52-53-41-2D-4D-49-4E-4F-52", BitConverter.ToString (msg.GetBytes ())); }
public override bool Connect (TdsConnectionParameters connectionParameters) { if (IsConnected) throw new InvalidOperationException ("The connection is already open."); connectionParms = connectionParameters; SetLanguage (connectionParameters.Language); SetCharset ("utf-8"); byte[] empty = new byte[0]; short authLen = 0; byte pad = (byte) 0; byte[] domainMagic = { 6, 0x7d, 0x0f, 0xfd, 0xff, 0x0, 0x0, 0x0, 0x0, 0xe0, 0x83, 0x0, 0x0, 0x68, 0x01, 0x00, 0x00, 0x09, 0x04, 0x00, 0x00 }; byte[] sqlserverMagic = { 6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe0, 0x03, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0 }; byte[] magic = null; if (connectionParameters.DomainLogin) magic = domainMagic; else magic = sqlserverMagic; string username = connectionParameters.User; string domain = null; int idx = username.IndexOf ("\\"); if (idx != -1) { domain = username.Substring (0, idx); username = username.Substring (idx + 1); connectionParameters.DefaultDomain = domain; connectionParameters.User = username; } else { domain = Environment.UserDomainName; connectionParameters.DefaultDomain = domain; } short partialPacketSize = (short) (86 + ( connectionParameters.Hostname.Length + connectionParameters.ApplicationName.Length + DataSource.Length + connectionParameters.LibraryName.Length + Language.Length + connectionParameters.Database.Length + connectionParameters.AttachDBFileName.Length) * 2); if (connectionParameters.DomainLogin) { authLen = ((short) (32 + (connectionParameters.Hostname.Length + domain.Length))); partialPacketSize += authLen; } else partialPacketSize += ((short) ((username.Length + connectionParameters.Password.Length) * 2)); int totalPacketSize = partialPacketSize; Comm.StartPacket (TdsPacketType.Logon70); Comm.Append (totalPacketSize); //Comm.Append (empty, 3, pad); //byte[] version = {0x00, 0x0, 0x0, 0x71}; //Console.WriteLine ("Version: {0}", ClientVersion[3]); Comm.Append (ClientVersion); // TDS Version 7 Comm.Append ((int)this.PacketSize); // Set the Block Size Comm.Append (empty, 3, pad); Comm.Append (magic); short curPos = 86; // Hostname Comm.Append (curPos); Comm.Append ((short) connectionParameters.Hostname.Length); curPos += (short) (connectionParameters.Hostname.Length * 2); if (connectionParameters.DomainLogin) { Comm.Append((short)0); Comm.Append((short)0); Comm.Append((short)0); Comm.Append((short)0); } else { // Username Comm.Append (curPos); Comm.Append ((short) username.Length); curPos += ((short) (username.Length * 2)); // Password Comm.Append (curPos); Comm.Append ((short) connectionParameters.Password.Length); curPos += (short) (connectionParameters.Password.Length * 2); } // AppName Comm.Append (curPos); Comm.Append ((short) connectionParameters.ApplicationName.Length); curPos += (short) (connectionParameters.ApplicationName.Length * 2); // Server Name Comm.Append (curPos); Comm.Append ((short) DataSource.Length); curPos += (short) (DataSource.Length * 2); // Unknown Comm.Append ((short) curPos); Comm.Append ((short) 0); // Library Name Comm.Append (curPos); Comm.Append ((short) connectionParameters.LibraryName.Length); curPos += (short) (connectionParameters.LibraryName.Length * 2); // Language Comm.Append (curPos); Comm.Append ((short) Language.Length); curPos += (short) (Language.Length * 2); // Database Comm.Append (curPos); Comm.Append ((short) connectionParameters.Database.Length); curPos += (short) (connectionParameters.Database.Length * 2); // MAC Address Comm.Append((byte) 0); Comm.Append((byte) 0); Comm.Append((byte) 0); Comm.Append((byte) 0); Comm.Append((byte) 0); Comm.Append((byte) 0); // Authentication Stuff Comm.Append ((short) curPos); if (connectionParameters.DomainLogin) { Comm.Append ((short) authLen); curPos += (short) authLen; } else Comm.Append ((short) 0); // Unknown Comm.Append (curPos); Comm.Append ((short)( connectionParameters.AttachDBFileName.Length)); curPos += (short)(connectionParameters.AttachDBFileName.Length*2); // Connection Parameters Comm.Append (connectionParameters.Hostname); if (!connectionParameters.DomainLogin) { // SQL Server Authentication Comm.Append (connectionParameters.User); string scrambledPwd = EncryptPassword (connectionParameters.Password); Comm.Append (scrambledPwd); } Comm.Append (connectionParameters.ApplicationName); Comm.Append (DataSource); Comm.Append (connectionParameters.LibraryName); Comm.Append (Language); Comm.Append (connectionParameters.Database); if (connectionParameters.DomainLogin) { // the rest of the packet is NTLMSSP authentication Type1Message msg = new Type1Message (); msg.Domain = domain; msg.Host = connectionParameters.Hostname; msg.Flags = NtlmFlags.NegotiateUnicode | NtlmFlags.NegotiateNtlm | NtlmFlags.NegotiateDomainSupplied | NtlmFlags.NegotiateWorkstationSupplied | NtlmFlags.NegotiateAlwaysSign; // 0xb201 Comm.Append (msg.GetBytes ()); } Comm.Append (connectionParameters.AttachDBFileName); Comm.SendPacket (); MoreResults = true; SkipToEnd (); return IsConnected; }
public byte [] ProcessMessageType1 () { Type1Message type1 = new Type1Message (NtlmVersion.Version3); type1.Flags = unchecked ((NtlmFlags) 0xE21882B7); return type1.GetBytes (); }
public void Run(string username, string password) { Console.WriteLine ("========="); helper.StandardInput.WriteLine ("SF NTLMSSP_FEATURE_SESSION_KEY"); var sf_response = helper.StandardOutput.ReadLine (); Console.WriteLine (sf_response); if (sf_response != "OK") throw new InvalidDataException (sf_response); var pw_bytes = Encoding.ASCII.GetBytes (password); helper.StandardInput.WriteLine ("PW " + Convert.ToBase64String (pw_bytes)); var pw_result = helper.StandardOutput.ReadLine (); if (pw_result != "OK") throw new InvalidDataException (pw_result); var type1 = new Type1Message (); type1.Flags |= NtlmFlags.NegotiateNtlm2Key; helper.StandardInput.WriteLine ("KK " + Convert.ToBase64String (type1.GetBytes ())); var type1_res = helper.StandardOutput.ReadLine (); if (!type1_res.StartsWith ("TT ")) throw new InvalidDataException (); var type2 = new Type2Message (Convert.FromBase64String (type1_res.Substring (3))); Console.WriteLine ("TYPE2: {0:x} {1}", type2.Flags, type2.Flags); var type3 = new Type3Message (type2); type3.Domain = "SOL"; type3.Host = "PROVCON-FAUST"; type3.Username = username; type3.Password = password; var bytes = type3.GetBytes (); helper.StandardInput.WriteLine ("KK {0}", Convert.ToBase64String (bytes)); var response2 = helper.StandardOutput.ReadLine (); Console.WriteLine (response2); if (!response2.StartsWith ("AF ")) throw new InvalidDataException (response2); }
protected override SaslExchangeStatus Exchange(ByteString serverChallenge, out ByteString clientResponse) { if (Credential == null) throw new SaslException("Credential property must be set"); clientResponse = null; switch (step) { case 0: { // send NTLM negotiate message (Type 1) const NtlmFlags type1Flags = NtlmFlags.RequestTarget | NtlmFlags.NegotiateNtlm | NtlmFlags.NegotiateUnicode | NtlmFlags.NegotiateOem | NtlmFlags.NegotiateDomainSupplied | NtlmFlags.NegotiateWorkstationSupplied; var type1 = new Type1Message(); type1.Flags = type1Flags; type1.Host = TargetHost ?? string.Empty; // ? type1.Domain = Credential.Domain ?? string.Empty; clientResponse = new ByteString(type1.GetBytes()); step++; return SaslExchangeStatus.Continuing; } case 1: { // receive NTLM challenge message (Type 2) and send NTLM authenticate message (Type 3) if (string.IsNullOrEmpty(Credential.UserName) || string.IsNullOrEmpty(Credential.Password)) return SaslExchangeStatus.Failed; var type2 = new Type2Message(serverChallenge.ByteArray); var type3 = new Type3Message(); type3.Flags = NtlmFlags.NegotiateNtlm | NtlmFlags.NegotiateUnicode; // XXX type3.Host = TargetHost ?? string.Empty; // ? type3.Domain = Credential.Domain ?? string.Empty; type3.Challenge = type2.Nonce; type3.Password = Credential.Password; type3.Username = Credential.UserName; clientResponse = new ByteString(type3.GetBytes()); step++; return SaslExchangeStatus.Succeeded; } default: clientResponse = null; return SaslExchangeStatus.Failed; // unexpected server challenge } }