123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196 |
- /* Copyright (C) 2014 Tal Aloni <tal.aloni.il@gmail.com>. All rights reserved.
- *
- * You can redistribute this program and/or modify it under the terms of
- * the GNU Lesser Public License as published by the Free Software Foundation,
- * either version 3 of the License, or (at your option) any later version.
- */
- using System;
- using System.Collections.Generic;
- using System.Text;
- using Utilities;
- using SMBLibrary.Authentication;
- namespace SMBLibrary.Server
- {
- public class IndependentUserCollection : UserCollection, INTLMAuthenticationProvider
- {
- private byte[] m_serverChallenge = new byte[8];
- public IndependentUserCollection()
- {
- }
- public IndependentUserCollection(UserCollection users)
- {
- this.AddRange(users);
- }
- /// <summary>
- /// LM v1 / NTLM v1
- /// </summary>
- public User AuthenticateV1(string accountNameToAuth, byte[] serverChallenge, byte[] lmResponse, byte[] ntlmResponse)
- {
- for (int index = 0; index < this.Count; index++)
- {
- string accountName = this[index].AccountName;
- string password = this[index].Password;
- if (String.Equals(accountName, accountNameToAuth, StringComparison.InvariantCultureIgnoreCase))
- {
- byte[] expectedLMResponse = NTAuthentication.ComputeLMv1Response(serverChallenge, password);
- if (ByteUtils.AreByteArraysEqual(expectedLMResponse, lmResponse))
- {
- return this[index];
- }
- byte[] expectedNTLMResponse = NTAuthentication.ComputeNTLMv1Response(serverChallenge, password);
- if (ByteUtils.AreByteArraysEqual(expectedNTLMResponse, ntlmResponse))
- {
- return this[index];
- }
- }
- }
- return null;
- }
- /// <summary>
- /// LM v1 / NTLM v1 Extended Security
- /// </summary>
- public User AuthenticateV1Extended(string accountNameToAuth, byte[] serverChallenge, byte[] lmResponse, byte[] ntlmResponse)
- {
- for (int index = 0; index < this.Count; index++)
- {
- string accountName = this[index].AccountName;
- string password = this[index].Password;
- if (String.Equals(accountName, accountNameToAuth, StringComparison.InvariantCultureIgnoreCase))
- {
- byte[] clientChallenge = ByteReader.ReadBytes(lmResponse, 0, 8);
- byte[] expectedNTLMv1Response = NTAuthentication.ComputeNTLMv1ExtendedSecurityResponse(serverChallenge, clientChallenge, password);
- if (ByteUtils.AreByteArraysEqual(expectedNTLMv1Response, ntlmResponse))
- {
- return this[index];
- }
- }
- }
- return null;
- }
- /// <summary>
- /// LM v2 / NTLM v2
- /// </summary>
- public User AuthenticateV2(string domainNameToAuth, string accountNameToAuth, byte[] serverChallenge, byte[] lmResponse, byte[] ntlmResponse)
- {
- for (int index = 0; index < this.Count; index++)
- {
- string accountName = this[index].AccountName;
- string password = this[index].Password;
- if (String.Equals(accountName, accountNameToAuth, StringComparison.InvariantCultureIgnoreCase))
- {
- byte[] _LMv2ClientChallenge = ByteReader.ReadBytes(lmResponse, 16, 8);
- byte[] expectedLMv2Response = NTAuthentication.ComputeLMv2Response(serverChallenge, _LMv2ClientChallenge, password, accountName, domainNameToAuth);
- if (ByteUtils.AreByteArraysEqual(expectedLMv2Response, lmResponse))
- {
- return this[index];
- }
- if (ntlmResponse.Length > 24)
- {
- NTLMv2ClientChallengeStructure clientChallengeStructure = new NTLMv2ClientChallengeStructure(ntlmResponse, 16);
- byte[] clientChallengeStructurePadded = clientChallengeStructure.GetBytesPadded();
- byte[] expectedNTLMv2Response = NTAuthentication.ComputeNTLMv2Response(serverChallenge, clientChallengeStructurePadded, password, accountName, domainNameToAuth);
- if (ByteUtils.AreByteArraysEqual(expectedNTLMv2Response, ntlmResponse))
- {
- return this[index];
- }
- }
- }
- }
- return null;
- }
- public byte[] GenerateServerChallenge()
- {
- new Random().NextBytes(m_serverChallenge);
- return m_serverChallenge;
- }
- public ChallengeMessage GetChallengeMessage(byte[] negotiateMessageBytes)
- {
- byte[] serverChallenge = GenerateServerChallenge();
- ChallengeMessage message = new ChallengeMessage();
- message.NegotiateFlags = NegotiateFlags.NegotiateUnicode |
- NegotiateFlags.RequestTarget |
- NegotiateFlags.NegotiateNTLMKey |
- NegotiateFlags.NegotiateExtendedSecurity |
- NegotiateFlags.NegotiateTargetInfo |
- NegotiateFlags.NegotiateVersion |
- NegotiateFlags.Negotiate128 |
- NegotiateFlags.Negotiate56;
- message.TargetName = Environment.MachineName;
- message.ServerChallenge = serverChallenge;
- message.TargetInfo = AVPairUtils.GetAVPairSequence(Environment.MachineName, Environment.MachineName);
- message.Version = Authentication.Version.Server2003;
- return message;
- }
- public byte[] GetChallengeMessageBytes(byte[] negotiateMessageBytes)
- {
- ChallengeMessage message = GetChallengeMessage(negotiateMessageBytes);
- return message.GetBytes();
- }
- public User Authenticate(byte[] authenticateMessageBytes)
- {
- AuthenticateMessage message = new AuthenticateMessage(authenticateMessageBytes);
- return Authenticate(message);
- }
- public User Authenticate(AuthenticateMessage message)
- {
- User user;
- if ((message.NegotiateFlags & NegotiateFlags.NegotiateExtendedSecurity) > 0)
- {
- user = AuthenticateV1Extended(message.UserName, m_serverChallenge, message.LmChallengeResponse, message.NtChallengeResponse);
- }
- else
- {
- user = AuthenticateV1(message.UserName, m_serverChallenge, message.LmChallengeResponse, message.NtChallengeResponse);
- }
- if (user == null)
- {
- // NTLM v2
- user = AuthenticateV2(message.DomainName, message.UserName, m_serverChallenge, message.LmChallengeResponse, message.NtChallengeResponse);
- }
- return user;
- }
- public User Authenticate(string accountNameToAuth, byte[] lmResponse, byte[] ntlmResponse)
- {
- return AuthenticateV1(accountNameToAuth, m_serverChallenge, lmResponse, ntlmResponse);
- }
- public bool EnableGuestLogin
- {
- get
- {
- int index = IndexOf("Guest");
- return (index >= 0 && this[index].Password == String.Empty);
- }
- }
- public byte[] ServerChallenge
- {
- get
- {
- return m_serverChallenge;
- }
- }
- }
- }
|