You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
808 lines
22 KiB
808 lines
22 KiB
8 years ago
|
// This code is derived from jcifs smb client library <jcifs at samba dot org>
|
||
|
// Ported by J. Arturo <webmaster at komodosoft dot net>
|
||
|
//
|
||
|
// This library is free software; you can redistribute it and/or
|
||
|
// modify it under the terms of the GNU Lesser General Public
|
||
|
// License as published by the Free Software Foundation; either
|
||
|
// version 2.1 of the License, or (at your option) any later version.
|
||
|
//
|
||
|
// This library is distributed in the hope that it will be useful,
|
||
|
// but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||
|
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
||
|
// Lesser General Public License for more details.
|
||
|
//
|
||
|
// You should have received a copy of the GNU Lesser General Public
|
||
|
// License along with this library; if not, write to the Free Software
|
||
|
// Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
|
||
|
using System;
|
||
|
using SharpCifs.Util;
|
||
|
using SharpCifs.Util.Sharpen;
|
||
|
|
||
|
namespace SharpCifs.Smb
|
||
|
{
|
||
|
/// <summary>This class stores and encrypts NTLM user credentials.</summary>
|
||
|
/// <remarks>
|
||
|
/// This class stores and encrypts NTLM user credentials. The default
|
||
|
/// credentials are retrieved from the <tt>jcifs.smb.client.domain</tt>,
|
||
|
/// <tt>jcifs.smb.client.username</tt>, and <tt>jcifs.smb.client.password</tt>
|
||
|
/// properties.
|
||
|
/// <p>
|
||
|
/// Read <a href="../../../authhandler.html">jCIFS Exceptions and
|
||
|
/// NtlmAuthenticator</a> for related information.
|
||
|
/// </remarks>
|
||
|
|
||
|
public sealed class NtlmPasswordAuthentication : Principal
|
||
|
{
|
||
|
private static readonly int LmCompatibility = Config.GetInt("jcifs.smb.lmCompatibility"
|
||
|
, 3);
|
||
|
|
||
|
private static readonly Random Random = new Random();
|
||
|
|
||
|
private static LogStream _log = LogStream.GetInstance();
|
||
|
|
||
|
private static readonly byte[] S8 = { unchecked(unchecked(0x4b)), unchecked(unchecked(0x47)), unchecked(unchecked(0x53)), unchecked(unchecked(0x21)), unchecked(unchecked(0x40)), unchecked(unchecked(0x23)), unchecked(unchecked(0x24)), unchecked(unchecked(0x25)) };
|
||
|
|
||
|
// KGS!@#$%
|
||
|
private static void E(byte[] key, byte[] data, byte[] e)
|
||
|
{
|
||
|
byte[] key7 = new byte[7];
|
||
|
byte[] e8 = new byte[8];
|
||
|
for (int i = 0; i < key.Length / 7; i++)
|
||
|
{
|
||
|
Array.Copy(key, i * 7, key7, 0, 7);
|
||
|
DES des = new DES(key7);
|
||
|
des.Encrypt(data, e8);
|
||
|
Array.Copy(e8, 0, e, i * 8, 8);
|
||
|
}
|
||
|
}
|
||
|
|
||
|
internal static string DefaultDomain;
|
||
|
|
||
|
internal static string DefaultUsername;
|
||
|
|
||
|
internal static string DefaultPassword;
|
||
|
|
||
|
internal static readonly string Blank = string.Empty;
|
||
|
|
||
|
public static readonly NtlmPasswordAuthentication Anonymous = new NtlmPasswordAuthentication
|
||
|
(string.Empty, string.Empty, string.Empty);
|
||
|
|
||
|
internal static void InitDefaults()
|
||
|
{
|
||
|
if (DefaultDomain != null)
|
||
|
{
|
||
|
return;
|
||
|
}
|
||
|
DefaultDomain = Config.GetProperty("jcifs.smb.client.domain", "?");
|
||
|
DefaultUsername = Config.GetProperty("jcifs.smb.client.username", "GUEST");
|
||
|
DefaultPassword = Config.GetProperty("jcifs.smb.client.password", Blank);
|
||
|
}
|
||
|
|
||
|
/// <summary>Generate the ANSI DES hash for the password associated with these credentials.
|
||
|
/// </summary>
|
||
|
/// <remarks>Generate the ANSI DES hash for the password associated with these credentials.
|
||
|
/// </remarks>
|
||
|
public static byte[] GetPreNtlmResponse(string password, byte[] challenge)
|
||
|
{
|
||
|
byte[] p14 = new byte[14];
|
||
|
byte[] p21 = new byte[21];
|
||
|
byte[] p24 = new byte[24];
|
||
|
byte[] passwordBytes;
|
||
|
try
|
||
|
{
|
||
|
passwordBytes = Runtime.GetBytesForString(password.ToUpper(), SmbConstants.OemEncoding);
|
||
|
}
|
||
|
catch (UnsupportedEncodingException uee)
|
||
|
{
|
||
|
throw new RuntimeException("Try setting jcifs.encoding=US-ASCII", uee);
|
||
|
}
|
||
|
int passwordLength = passwordBytes.Length;
|
||
|
// Only encrypt the first 14 bytes of the password for Pre 0.12 NT LM
|
||
|
if (passwordLength > 14)
|
||
|
{
|
||
|
passwordLength = 14;
|
||
|
}
|
||
|
Array.Copy(passwordBytes, 0, p14, 0, passwordLength);
|
||
|
E(p14, S8, p21);
|
||
|
E(p21, challenge, p24);
|
||
|
return p24;
|
||
|
}
|
||
|
|
||
|
/// <summary>Generate the Unicode MD4 hash for the password associated with these credentials.
|
||
|
/// </summary>
|
||
|
/// <remarks>Generate the Unicode MD4 hash for the password associated with these credentials.
|
||
|
/// </remarks>
|
||
|
public static byte[] GetNtlmResponse(string password, byte[] challenge)
|
||
|
{
|
||
|
byte[] uni = null;
|
||
|
byte[] p21 = new byte[21];
|
||
|
byte[] p24 = new byte[24];
|
||
|
try
|
||
|
{
|
||
|
uni = Runtime.GetBytesForString(password, SmbConstants.UniEncoding);
|
||
|
}
|
||
|
catch (UnsupportedEncodingException uee)
|
||
|
{
|
||
|
if (_log.Level > 0)
|
||
|
{
|
||
|
Runtime.PrintStackTrace(uee, _log);
|
||
|
}
|
||
|
}
|
||
|
Md4 md4 = new Md4();
|
||
|
md4.Update(uni);
|
||
|
try
|
||
|
{
|
||
|
md4.Digest(p21, 0, 16);
|
||
|
}
|
||
|
catch (Exception ex)
|
||
|
{
|
||
|
if (_log.Level > 0)
|
||
|
{
|
||
|
Runtime.PrintStackTrace(ex, _log);
|
||
|
}
|
||
|
}
|
||
|
E(p21, challenge, p24);
|
||
|
return p24;
|
||
|
}
|
||
|
|
||
|
/// <summary>Creates the LMv2 response for the supplied information.</summary>
|
||
|
/// <remarks>Creates the LMv2 response for the supplied information.</remarks>
|
||
|
/// <param name="domain">The domain in which the username exists.</param>
|
||
|
/// <param name="user">The username.</param>
|
||
|
/// <param name="password">The user's password.</param>
|
||
|
/// <param name="challenge">The server challenge.</param>
|
||
|
/// <param name="clientChallenge">The client challenge (nonce).</param>
|
||
|
public static byte[] GetLMv2Response(string domain, string user, string password,
|
||
|
byte[] challenge, byte[] clientChallenge)
|
||
|
{
|
||
|
try
|
||
|
{
|
||
|
byte[] hash = new byte[16];
|
||
|
byte[] response = new byte[24];
|
||
|
// The next 2-1/2 lines of this should be placed with nTOWFv1 in place of password
|
||
|
Md4 md4 = new Md4();
|
||
|
md4.Update(Runtime.GetBytesForString(password, SmbConstants.UniEncoding)
|
||
|
);
|
||
|
Hmact64 hmac = new Hmact64(md4.Digest());
|
||
|
hmac.Update(Runtime.GetBytesForString(user.ToUpper(), SmbConstants.UniEncoding
|
||
|
));
|
||
|
hmac.Update(Runtime.GetBytesForString(domain.ToUpper(), SmbConstants.UniEncoding
|
||
|
));
|
||
|
hmac = new Hmact64(hmac.Digest());
|
||
|
hmac.Update(challenge);
|
||
|
hmac.Update(clientChallenge);
|
||
|
hmac.Digest(response, 0, 16);
|
||
|
Array.Copy(clientChallenge, 0, response, 16, 8);
|
||
|
return response;
|
||
|
}
|
||
|
catch (Exception ex)
|
||
|
{
|
||
|
if (_log.Level > 0)
|
||
|
{
|
||
|
Runtime.PrintStackTrace(ex, _log);
|
||
|
}
|
||
|
return null;
|
||
|
}
|
||
|
}
|
||
|
|
||
|
public static byte[] GetNtlm2Response(byte[] nTowFv1, byte[] serverChallenge, byte
|
||
|
[] clientChallenge)
|
||
|
{
|
||
|
byte[] sessionHash = new byte[8];
|
||
|
try
|
||
|
{
|
||
|
MessageDigest md5;
|
||
|
md5 = MessageDigest.GetInstance("MD5");
|
||
|
md5.Update(serverChallenge);
|
||
|
md5.Update(clientChallenge, 0, 8);
|
||
|
Array.Copy(md5.Digest(), 0, sessionHash, 0, 8);
|
||
|
}
|
||
|
catch (Exception gse)
|
||
|
{
|
||
|
if (_log.Level > 0)
|
||
|
{
|
||
|
Runtime.PrintStackTrace(gse, _log);
|
||
|
}
|
||
|
throw new RuntimeException("MD5", gse);
|
||
|
}
|
||
|
byte[] key = new byte[21];
|
||
|
Array.Copy(nTowFv1, 0, key, 0, 16);
|
||
|
byte[] ntResponse = new byte[24];
|
||
|
E(key, sessionHash, ntResponse);
|
||
|
return ntResponse;
|
||
|
}
|
||
|
|
||
|
public static byte[] NtowFv1(string password)
|
||
|
{
|
||
|
if (password == null)
|
||
|
{
|
||
|
throw new RuntimeException("Password parameter is required");
|
||
|
}
|
||
|
try
|
||
|
{
|
||
|
Md4 md4 = new Md4();
|
||
|
md4.Update(Runtime.GetBytesForString(password, SmbConstants.UniEncoding)
|
||
|
);
|
||
|
return md4.Digest();
|
||
|
}
|
||
|
catch (UnsupportedEncodingException uee)
|
||
|
{
|
||
|
throw new RuntimeException(uee.Message);
|
||
|
}
|
||
|
}
|
||
|
|
||
|
public static byte[] NtowFv2(string domain, string username, string password)
|
||
|
{
|
||
|
try
|
||
|
{
|
||
|
Md4 md4 = new Md4();
|
||
|
md4.Update(Runtime.GetBytesForString(password, SmbConstants.UniEncoding)
|
||
|
);
|
||
|
Hmact64 hmac = new Hmact64(md4.Digest());
|
||
|
hmac.Update(Runtime.GetBytesForString(username.ToUpper(), SmbConstants.UniEncoding
|
||
|
));
|
||
|
hmac.Update(Runtime.GetBytesForString(domain, SmbConstants.UniEncoding));
|
||
|
return hmac.Digest();
|
||
|
}
|
||
|
catch (UnsupportedEncodingException uee)
|
||
|
{
|
||
|
throw new RuntimeException(uee.Message);
|
||
|
}
|
||
|
}
|
||
|
|
||
|
internal static byte[] ComputeResponse(byte[] responseKey, byte[] serverChallenge
|
||
|
, byte[] clientData, int offset, int length)
|
||
|
{
|
||
|
Hmact64 hmac = new Hmact64(responseKey);
|
||
|
hmac.Update(serverChallenge);
|
||
|
hmac.Update(clientData, offset, length);
|
||
|
byte[] mac = hmac.Digest();
|
||
|
byte[] ret = new byte[mac.Length + clientData.Length];
|
||
|
Array.Copy(mac, 0, ret, 0, mac.Length);
|
||
|
Array.Copy(clientData, 0, ret, mac.Length, clientData.Length);
|
||
|
return ret;
|
||
|
}
|
||
|
|
||
|
public static byte[] GetLMv2Response(byte[] responseKeyLm, byte[] serverChallenge
|
||
|
, byte[] clientChallenge)
|
||
|
{
|
||
|
return ComputeResponse(responseKeyLm, serverChallenge
|
||
|
, clientChallenge, 0, clientChallenge.Length);
|
||
|
}
|
||
|
|
||
|
public static byte[] GetNtlMv2Response(byte[] responseKeyNt, byte[] serverChallenge
|
||
|
, byte[] clientChallenge, long nanos1601, byte[] targetInfo)
|
||
|
{
|
||
|
int targetInfoLength = targetInfo != null ? targetInfo.Length : 0;
|
||
|
byte[] temp = new byte[28 + targetInfoLength + 4];
|
||
|
Encdec.Enc_uint32le(unchecked(0x00000101), temp, 0);
|
||
|
// Header
|
||
|
Encdec.Enc_uint32le(unchecked(0x00000000), temp, 4);
|
||
|
// Reserved
|
||
|
Encdec.Enc_uint64le(nanos1601, temp, 8);
|
||
|
Array.Copy(clientChallenge, 0, temp, 16, 8);
|
||
|
Encdec.Enc_uint32le(unchecked(0x00000000), temp, 24);
|
||
|
// Unknown
|
||
|
if (targetInfo != null)
|
||
|
{
|
||
|
Array.Copy(targetInfo, 0, temp, 28, targetInfoLength);
|
||
|
}
|
||
|
Encdec.Enc_uint32le(unchecked(0x00000000), temp, 28 + targetInfoLength);
|
||
|
// mystery bytes!
|
||
|
return ComputeResponse(responseKeyNt, serverChallenge
|
||
|
, temp, 0, temp.Length);
|
||
|
}
|
||
|
|
||
|
internal static readonly NtlmPasswordAuthentication Null = new NtlmPasswordAuthentication
|
||
|
(string.Empty, string.Empty, string.Empty);
|
||
|
|
||
|
internal static readonly NtlmPasswordAuthentication Guest = new NtlmPasswordAuthentication
|
||
|
("?", "GUEST", string.Empty);
|
||
|
|
||
|
internal static readonly NtlmPasswordAuthentication Default = new NtlmPasswordAuthentication
|
||
|
(null);
|
||
|
|
||
|
internal string Domain;
|
||
|
|
||
|
internal string Username;
|
||
|
|
||
|
internal string Password;
|
||
|
|
||
|
internal byte[] AnsiHash;
|
||
|
|
||
|
internal byte[] UnicodeHash;
|
||
|
|
||
|
internal bool HashesExternal;
|
||
|
|
||
|
internal byte[] ClientChallenge;
|
||
|
|
||
|
internal byte[] Challenge;
|
||
|
|
||
|
/// <summary>
|
||
|
/// Create an <tt>NtlmPasswordAuthentication</tt> object from the userinfo
|
||
|
/// component of an SMB URL like "<tt>domain;user:pass</tt>".
|
||
|
/// </summary>
|
||
|
/// <remarks>
|
||
|
/// Create an <tt>NtlmPasswordAuthentication</tt> object from the userinfo
|
||
|
/// component of an SMB URL like "<tt>domain;user:pass</tt>". This constructor
|
||
|
/// is used internally be jCIFS when parsing SMB URLs.
|
||
|
/// </remarks>
|
||
|
public NtlmPasswordAuthentication(string userInfo)
|
||
|
{
|
||
|
Domain = Username = Password = null;
|
||
|
if (userInfo != null)
|
||
|
{
|
||
|
try
|
||
|
{
|
||
|
userInfo = Unescape(userInfo);
|
||
|
}
|
||
|
catch (UnsupportedEncodingException)
|
||
|
{
|
||
|
}
|
||
|
int i;
|
||
|
int u;
|
||
|
int end;
|
||
|
char c;
|
||
|
end = userInfo.Length;
|
||
|
for (i = 0, u = 0; i < end; i++)
|
||
|
{
|
||
|
c = userInfo[i];
|
||
|
if (c == ';')
|
||
|
{
|
||
|
Domain = Runtime.Substring(userInfo, 0, i);
|
||
|
u = i + 1;
|
||
|
}
|
||
|
else
|
||
|
{
|
||
|
if (c == ':')
|
||
|
{
|
||
|
Password = Runtime.Substring(userInfo, i + 1);
|
||
|
break;
|
||
|
}
|
||
|
}
|
||
|
}
|
||
|
Username = Runtime.Substring(userInfo, u, i);
|
||
|
}
|
||
|
InitDefaults();
|
||
|
if (Domain == null)
|
||
|
{
|
||
|
Domain = DefaultDomain;
|
||
|
}
|
||
|
if (Username == null)
|
||
|
{
|
||
|
Username = DefaultUsername;
|
||
|
}
|
||
|
if (Password == null)
|
||
|
{
|
||
|
Password = DefaultPassword;
|
||
|
}
|
||
|
}
|
||
|
|
||
|
/// <summary>
|
||
|
/// Create an <tt>NtlmPasswordAuthentication</tt> object from a
|
||
|
/// domain, username, and password.
|
||
|
/// </summary>
|
||
|
/// <remarks>
|
||
|
/// Create an <tt>NtlmPasswordAuthentication</tt> object from a
|
||
|
/// domain, username, and password. Parameters that are <tt>null</tt>
|
||
|
/// will be substituted with <tt>jcifs.smb.client.domain</tt>,
|
||
|
/// <tt>jcifs.smb.client.username</tt>, <tt>jcifs.smb.client.password</tt>
|
||
|
/// property values.
|
||
|
/// </remarks>
|
||
|
public NtlmPasswordAuthentication(string domain, string username, string password
|
||
|
)
|
||
|
{
|
||
|
int ci;
|
||
|
if (username != null)
|
||
|
{
|
||
|
ci = username.IndexOf('@');
|
||
|
if (ci > 0)
|
||
|
{
|
||
|
domain = Runtime.Substring(username, ci + 1);
|
||
|
username = Runtime.Substring(username, 0, ci);
|
||
|
}
|
||
|
else
|
||
|
{
|
||
|
ci = username.IndexOf('\\');
|
||
|
if (ci > 0)
|
||
|
{
|
||
|
domain = Runtime.Substring(username, 0, ci);
|
||
|
username = Runtime.Substring(username, ci + 1);
|
||
|
}
|
||
|
}
|
||
|
}
|
||
|
this.Domain = domain;
|
||
|
this.Username = username;
|
||
|
this.Password = password;
|
||
|
InitDefaults();
|
||
|
if (domain == null)
|
||
|
{
|
||
|
this.Domain = DefaultDomain;
|
||
|
}
|
||
|
if (username == null)
|
||
|
{
|
||
|
this.Username = DefaultUsername;
|
||
|
}
|
||
|
if (password == null)
|
||
|
{
|
||
|
this.Password = DefaultPassword;
|
||
|
}
|
||
|
}
|
||
|
|
||
|
/// <summary>
|
||
|
/// Create an <tt>NtlmPasswordAuthentication</tt> object with raw password
|
||
|
/// hashes.
|
||
|
/// </summary>
|
||
|
/// <remarks>
|
||
|
/// Create an <tt>NtlmPasswordAuthentication</tt> object with raw password
|
||
|
/// hashes. This is used exclusively by the <tt>jcifs.http.NtlmSsp</tt>
|
||
|
/// class which is in turn used by NTLM HTTP authentication functionality.
|
||
|
/// </remarks>
|
||
|
public NtlmPasswordAuthentication(string domain, string username, byte[] challenge
|
||
|
, byte[] ansiHash, byte[] unicodeHash)
|
||
|
{
|
||
|
if (domain == null || username == null || ansiHash == null || unicodeHash == null)
|
||
|
{
|
||
|
throw new ArgumentException("External credentials cannot be null");
|
||
|
}
|
||
|
this.Domain = domain;
|
||
|
this.Username = username;
|
||
|
Password = null;
|
||
|
this.Challenge = challenge;
|
||
|
this.AnsiHash = ansiHash;
|
||
|
this.UnicodeHash = unicodeHash;
|
||
|
HashesExternal = true;
|
||
|
}
|
||
|
|
||
|
/// <summary>Returns the domain.</summary>
|
||
|
/// <remarks>Returns the domain.</remarks>
|
||
|
public string GetDomain()
|
||
|
{
|
||
|
return Domain;
|
||
|
}
|
||
|
|
||
|
/// <summary>Returns the username.</summary>
|
||
|
/// <remarks>Returns the username.</remarks>
|
||
|
public string GetUsername()
|
||
|
{
|
||
|
return Username;
|
||
|
}
|
||
|
|
||
|
/// <summary>
|
||
|
/// Returns the password in plain text or <tt>null</tt> if the raw password
|
||
|
/// hashes were used to construct this <tt>NtlmPasswordAuthentication</tt>
|
||
|
/// object which will be the case when NTLM HTTP Authentication is
|
||
|
/// used.
|
||
|
/// </summary>
|
||
|
/// <remarks>
|
||
|
/// Returns the password in plain text or <tt>null</tt> if the raw password
|
||
|
/// hashes were used to construct this <tt>NtlmPasswordAuthentication</tt>
|
||
|
/// object which will be the case when NTLM HTTP Authentication is
|
||
|
/// used. There is no way to retrieve a users password in plain text unless
|
||
|
/// it is supplied by the user at runtime.
|
||
|
/// </remarks>
|
||
|
public string GetPassword()
|
||
|
{
|
||
|
return Password;
|
||
|
}
|
||
|
|
||
|
/// <summary>
|
||
|
/// Return the domain and username in the format:
|
||
|
/// <tt>domain\\username</tt>.
|
||
|
/// </summary>
|
||
|
/// <remarks>
|
||
|
/// Return the domain and username in the format:
|
||
|
/// <tt>domain\\username</tt>. This is equivalent to <tt>toString()</tt>.
|
||
|
/// </remarks>
|
||
|
public new string GetName()
|
||
|
{
|
||
|
bool d = Domain.Length > 0 && Domain.Equals("?") == false;
|
||
|
return d ? Domain + "\\" + Username : Username;
|
||
|
}
|
||
|
|
||
|
/// <summary>Computes the 24 byte ANSI password hash given the 8 byte server challenge.
|
||
|
/// </summary>
|
||
|
/// <remarks>Computes the 24 byte ANSI password hash given the 8 byte server challenge.
|
||
|
/// </remarks>
|
||
|
public byte[] GetAnsiHash(byte[] challenge)
|
||
|
{
|
||
|
if (HashesExternal)
|
||
|
{
|
||
|
return AnsiHash;
|
||
|
}
|
||
|
switch (LmCompatibility)
|
||
|
{
|
||
|
case 0:
|
||
|
case 1:
|
||
|
{
|
||
|
return GetPreNtlmResponse(Password, challenge);
|
||
|
}
|
||
|
|
||
|
case 2:
|
||
|
{
|
||
|
return GetNtlmResponse(Password, challenge);
|
||
|
}
|
||
|
|
||
|
case 3:
|
||
|
case 4:
|
||
|
case 5:
|
||
|
{
|
||
|
if (ClientChallenge == null)
|
||
|
{
|
||
|
ClientChallenge = new byte[8];
|
||
|
Random.NextBytes(ClientChallenge);
|
||
|
}
|
||
|
return GetLMv2Response(Domain, Username, Password, challenge, ClientChallenge);
|
||
|
}
|
||
|
|
||
|
default:
|
||
|
{
|
||
|
return GetPreNtlmResponse(Password, challenge);
|
||
|
}
|
||
|
}
|
||
|
}
|
||
|
|
||
|
/// <summary>Computes the 24 byte Unicode password hash given the 8 byte server challenge.
|
||
|
/// </summary>
|
||
|
/// <remarks>Computes the 24 byte Unicode password hash given the 8 byte server challenge.
|
||
|
/// </remarks>
|
||
|
public byte[] GetUnicodeHash(byte[] challenge)
|
||
|
{
|
||
|
if (HashesExternal)
|
||
|
{
|
||
|
return UnicodeHash;
|
||
|
}
|
||
|
switch (LmCompatibility)
|
||
|
{
|
||
|
case 0:
|
||
|
case 1:
|
||
|
case 2:
|
||
|
{
|
||
|
return GetNtlmResponse(Password, challenge);
|
||
|
}
|
||
|
|
||
|
case 3:
|
||
|
case 4:
|
||
|
case 5:
|
||
|
{
|
||
|
return new byte[0];
|
||
|
}
|
||
|
|
||
|
default:
|
||
|
{
|
||
|
return GetNtlmResponse(Password, challenge);
|
||
|
}
|
||
|
}
|
||
|
}
|
||
|
|
||
|
/// <exception cref="SharpCifs.Smb.SmbException"></exception>
|
||
|
public byte[] GetSigningKey(byte[] challenge)
|
||
|
{
|
||
|
switch (LmCompatibility)
|
||
|
{
|
||
|
case 0:
|
||
|
case 1:
|
||
|
case 2:
|
||
|
{
|
||
|
byte[] signingKey = new byte[40];
|
||
|
GetUserSessionKey(challenge, signingKey, 0);
|
||
|
Array.Copy(GetUnicodeHash(challenge), 0, signingKey, 16, 24);
|
||
|
return signingKey;
|
||
|
}
|
||
|
|
||
|
case 3:
|
||
|
case 4:
|
||
|
case 5:
|
||
|
{
|
||
|
throw new SmbException("NTLMv2 requires extended security (jcifs.smb.client.useExtendedSecurity must be true if jcifs.smb.lmCompatibility >= 3)"
|
||
|
);
|
||
|
}
|
||
|
}
|
||
|
return null;
|
||
|
}
|
||
|
|
||
|
/// <summary>Returns the effective user session key.</summary>
|
||
|
/// <remarks>Returns the effective user session key.</remarks>
|
||
|
/// <param name="challenge">The server challenge.</param>
|
||
|
/// <returns>
|
||
|
/// A <code>byte[]</code> containing the effective user session key,
|
||
|
/// used in SMB MAC signing and NTLMSSP signing and sealing.
|
||
|
/// </returns>
|
||
|
public byte[] GetUserSessionKey(byte[] challenge)
|
||
|
{
|
||
|
if (HashesExternal)
|
||
|
{
|
||
|
return null;
|
||
|
}
|
||
|
byte[] key = new byte[16];
|
||
|
try
|
||
|
{
|
||
|
GetUserSessionKey(challenge, key, 0);
|
||
|
}
|
||
|
catch (Exception ex)
|
||
|
{
|
||
|
if (_log.Level > 0)
|
||
|
{
|
||
|
Runtime.PrintStackTrace(ex, _log);
|
||
|
}
|
||
|
}
|
||
|
return key;
|
||
|
}
|
||
|
|
||
|
/// <summary>Calculates the effective user session key.</summary>
|
||
|
/// <remarks>Calculates the effective user session key.</remarks>
|
||
|
/// <param name="challenge">The server challenge.</param>
|
||
|
/// <param name="dest">
|
||
|
/// The destination array in which the user session key will be
|
||
|
/// placed.
|
||
|
/// </param>
|
||
|
/// <param name="offset">
|
||
|
/// The offset in the destination array at which the
|
||
|
/// session key will start.
|
||
|
/// </param>
|
||
|
/// <exception cref="SharpCifs.Smb.SmbException"></exception>
|
||
|
internal void GetUserSessionKey(byte[] challenge, byte[] dest, int offset)
|
||
|
{
|
||
|
if (HashesExternal)
|
||
|
{
|
||
|
return;
|
||
|
}
|
||
|
try
|
||
|
{
|
||
|
Md4 md4 = new Md4();
|
||
|
md4.Update(Runtime.GetBytesForString(Password, SmbConstants.UniEncoding)
|
||
|
);
|
||
|
switch (LmCompatibility)
|
||
|
{
|
||
|
case 0:
|
||
|
case 1:
|
||
|
case 2:
|
||
|
{
|
||
|
md4.Update(md4.Digest());
|
||
|
md4.Digest(dest, offset, 16);
|
||
|
break;
|
||
|
}
|
||
|
|
||
|
case 3:
|
||
|
case 4:
|
||
|
case 5:
|
||
|
{
|
||
|
if (ClientChallenge == null)
|
||
|
{
|
||
|
ClientChallenge = new byte[8];
|
||
|
Random.NextBytes(ClientChallenge);
|
||
|
}
|
||
|
Hmact64 hmac = new Hmact64(md4.Digest());
|
||
|
hmac.Update(Runtime.GetBytesForString(Username.ToUpper(), SmbConstants.UniEncoding
|
||
|
));
|
||
|
hmac.Update(Runtime.GetBytesForString(Domain.ToUpper(), SmbConstants.UniEncoding
|
||
|
));
|
||
|
byte[] ntlmv2Hash = hmac.Digest();
|
||
|
hmac = new Hmact64(ntlmv2Hash);
|
||
|
hmac.Update(challenge);
|
||
|
hmac.Update(ClientChallenge);
|
||
|
Hmact64 userKey = new Hmact64(ntlmv2Hash);
|
||
|
userKey.Update(hmac.Digest());
|
||
|
userKey.Digest(dest, offset, 16);
|
||
|
break;
|
||
|
}
|
||
|
|
||
|
default:
|
||
|
{
|
||
|
md4.Update(md4.Digest());
|
||
|
md4.Digest(dest, offset, 16);
|
||
|
break;
|
||
|
}
|
||
|
}
|
||
|
}
|
||
|
catch (Exception e)
|
||
|
{
|
||
|
throw new SmbException(string.Empty, e);
|
||
|
}
|
||
|
}
|
||
|
|
||
|
/// <summary>
|
||
|
/// Compares two <tt>NtlmPasswordAuthentication</tt> objects for
|
||
|
/// equality.
|
||
|
/// </summary>
|
||
|
/// <remarks>
|
||
|
/// Compares two <tt>NtlmPasswordAuthentication</tt> objects for
|
||
|
/// equality. Two <tt>NtlmPasswordAuthentication</tt> objects are equal if
|
||
|
/// their caseless domain and username fields are equal and either both hashes are external and they are equal or both internally supplied passwords are equal. If one <tt>NtlmPasswordAuthentication</tt> object has external hashes (meaning negotiated via NTLM HTTP Authentication) and the other does not they will not be equal. This is technically not correct however the server 8 byte challage would be required to compute and compare the password hashes but that it not available with this method.
|
||
|
/// </remarks>
|
||
|
public override bool Equals(object obj)
|
||
|
{
|
||
|
if (obj is NtlmPasswordAuthentication)
|
||
|
{
|
||
|
NtlmPasswordAuthentication ntlm = (NtlmPasswordAuthentication
|
||
|
)obj;
|
||
|
if (ntlm.Domain.ToUpper().Equals(Domain.ToUpper()) && ntlm.Username.ToUpper().Equals
|
||
|
(Username.ToUpper()))
|
||
|
{
|
||
|
if (HashesExternal && ntlm.HashesExternal)
|
||
|
{
|
||
|
|
||
|
return Arrays.Equals(AnsiHash, ntlm.AnsiHash) && Arrays.Equals(UnicodeHash, ntlm.
|
||
|
UnicodeHash);
|
||
|
}
|
||
|
if (!HashesExternal && Password.Equals(ntlm.Password))
|
||
|
{
|
||
|
return true;
|
||
|
}
|
||
|
}
|
||
|
}
|
||
|
return false;
|
||
|
}
|
||
|
|
||
|
/// <summary>Return the upcased username hash code.</summary>
|
||
|
/// <remarks>Return the upcased username hash code.</remarks>
|
||
|
public override int GetHashCode()
|
||
|
{
|
||
|
return GetName().ToUpper().GetHashCode();
|
||
|
}
|
||
|
|
||
|
/// <summary>
|
||
|
/// Return the domain and username in the format:
|
||
|
/// <tt>domain\\username</tt>.
|
||
|
/// </summary>
|
||
|
/// <remarks>
|
||
|
/// Return the domain and username in the format:
|
||
|
/// <tt>domain\\username</tt>. This is equivalent to <tt>getName()</tt>.
|
||
|
/// </remarks>
|
||
|
public override string ToString()
|
||
|
{
|
||
|
return GetName();
|
||
|
}
|
||
|
|
||
|
/// <exception cref="System.FormatException"></exception>
|
||
|
/// <exception cref="UnsupportedEncodingException"></exception>
|
||
|
internal static string Unescape(string str)
|
||
|
{
|
||
|
char ch;
|
||
|
int i;
|
||
|
int j;
|
||
|
int state;
|
||
|
int len;
|
||
|
char[] @out;
|
||
|
byte[] b = new byte[1];
|
||
|
if (str == null)
|
||
|
{
|
||
|
return null;
|
||
|
}
|
||
|
len = str.Length;
|
||
|
@out = new char[len];
|
||
|
state = 0;
|
||
|
for (i = j = 0; i < len; i++)
|
||
|
{
|
||
|
switch (state)
|
||
|
{
|
||
|
case 0:
|
||
|
{
|
||
|
ch = str[i];
|
||
|
if (ch == '%')
|
||
|
{
|
||
|
state = 1;
|
||
|
}
|
||
|
else
|
||
|
{
|
||
|
@out[j++] = ch;
|
||
|
}
|
||
|
break;
|
||
|
}
|
||
|
|
||
|
case 1:
|
||
|
{
|
||
|
b[0] = unchecked((byte)(Convert.ToInt32(Runtime.Substring(str, i,
|
||
|
i + 2), 16) & unchecked(0xFF)));
|
||
|
@out[j++] = (Runtime.GetStringForBytes(b, 0, 1, "ASCII"))[0];
|
||
|
i++;
|
||
|
state = 0;
|
||
|
break;
|
||
|
}
|
||
|
}
|
||
|
}
|
||
|
return new string(@out, 0, j);
|
||
|
}
|
||
|
}
|
||
|
}
|