274 lines
8.1 KiB
C#
274 lines
8.1 KiB
C#
|
using System;
|
||
|
using System.IO;
|
||
|
using System.Net;
|
||
|
using System.Net.NetworkInformation;
|
||
|
using System.Security.Cryptography;
|
||
|
using System.Text;
|
||
|
using Mono.Security;
|
||
|
using Mono.Security.Protocol.Ntlm;
|
||
|
|
||
|
namespace System.ServiceModel.Security
|
||
|
{
|
||
|
internal abstract class SspiSession
|
||
|
{
|
||
|
internal static readonly byte [] NtlmSSP = new byte [] {
|
||
|
0x4E, 0x54, 0x4C, 0x4D, 0x53, 0x53, 0x50, 0x00};
|
||
|
|
||
|
public long Challenge, Context, ClientOSVersion, ServerOSVersion;
|
||
|
public string ServerName, DomainName, DnsHostName, DnsDomainName;
|
||
|
|
||
|
public bool Verify (byte [] expected, byte [] actual, int offset, int length)
|
||
|
{
|
||
|
if (expected.Length != length)
|
||
|
return false;
|
||
|
for (int i = 0; i < length; i++)
|
||
|
if (expected [i] != actual [i + offset])
|
||
|
return false;
|
||
|
return true;
|
||
|
}
|
||
|
|
||
|
public SspiSecurityBufferStruct ReadSecurityBuffer (BinaryReader reader)
|
||
|
{
|
||
|
return new SspiSecurityBufferStruct (
|
||
|
reader.ReadInt16 (),
|
||
|
reader.ReadInt16 (),
|
||
|
reader.ReadInt32 ());
|
||
|
}
|
||
|
}
|
||
|
|
||
|
internal struct SspiSecurityBufferStruct
|
||
|
{
|
||
|
public SspiSecurityBufferStruct (short length, short allocatedSpace, int offset)
|
||
|
{
|
||
|
Length = length;
|
||
|
AllocatedSpace = allocatedSpace;
|
||
|
Offset = offset;
|
||
|
}
|
||
|
|
||
|
public readonly short Length;
|
||
|
public readonly short AllocatedSpace;
|
||
|
public readonly int Offset;
|
||
|
}
|
||
|
|
||
|
internal class SspiClientSession : SspiSession
|
||
|
{
|
||
|
Type2Message type2;
|
||
|
Type3Message type3;
|
||
|
|
||
|
// Class(60) {
|
||
|
// OID(spnego),
|
||
|
// Class(A0) {
|
||
|
// Class(30) {
|
||
|
// Class(A0) {
|
||
|
// Class(30) { OID,OID,OID} },
|
||
|
// Class(A2) { OctetStream } } } }
|
||
|
public byte [] ProcessSpnegoInitialContextTokenRequest ()
|
||
|
{
|
||
|
Type1Message type1 = new Type1Message (NtlmVersion.Version3);
|
||
|
type1.Flags = unchecked ((NtlmFlags) 0xE21882B7);
|
||
|
type1.Domain = "WORKGROUP"; // FIXME: remove it
|
||
|
|
||
|
ASN1 asn = new ASN1 (0x60);
|
||
|
ASN1 asn2 = new ASN1 (0xA0);
|
||
|
ASN1 asn21 = new ASN1 (0x30);
|
||
|
ASN1 asn211 = new ASN1 (0xA0);
|
||
|
ASN1 asn2111 = new ASN1 (0x30);
|
||
|
asn211.Add (asn2111);
|
||
|
asn2111.Add (ASN1Convert.FromOid (Constants.OidNtlmSsp));
|
||
|
asn2111.Add (ASN1Convert.FromOid (Constants.OidKerberos5));
|
||
|
asn2111.Add (ASN1Convert.FromOid (Constants.OidMIT));
|
||
|
ASN1 asn212 = new ASN1 (0xA2);
|
||
|
ASN1 asn2121 = new ASN1 (0x4);
|
||
|
asn2121.Value = type1.GetBytes ();
|
||
|
asn212.Add (asn2121);
|
||
|
asn21.Add (asn211);
|
||
|
asn21.Add (asn212);
|
||
|
asn2.Add (asn21);
|
||
|
asn.Add (ASN1Convert.FromOid (Constants.OidSpnego));
|
||
|
asn.Add (asn2);
|
||
|
return asn.GetBytes ();
|
||
|
}
|
||
|
|
||
|
// Example buffer:
|
||
|
// A18181 307F A003
|
||
|
// 0A0101
|
||
|
// A10C 060A2B06010401823702020A
|
||
|
// A26A 0468 NTLM
|
||
|
// NTLM = 4E544C4D53535000 0200000004000400 3800000035829AE2
|
||
|
// 0D1A7FF0F171F339 0000000000000000 2C002C003C000000
|
||
|
// 0501280A0000000F 5000430002000400 5000430001000400
|
||
|
// 5000430004000400 5000430003000400 5000430006000400
|
||
|
// 0100000000000000
|
||
|
public void ProcessSpnegoInitialContextTokenResponse (byte [] raw)
|
||
|
{
|
||
|
ASN1 asn1 = new ASN1 (raw);
|
||
|
// FIXME: check OIDs and structure
|
||
|
ProcessMessageType2 (asn1 [0] [2] [0].Value);
|
||
|
}
|
||
|
|
||
|
// Class { Class { Class { OctetStream } } }
|
||
|
public byte [] ProcessSpnegoProcessContextToken (string user, string pass)
|
||
|
{
|
||
|
ASN1 asn = new ASN1 (0xA1);
|
||
|
ASN1 asn2 = new ASN1 (0x30);
|
||
|
ASN1 asn3 = new ASN1 (0xA2);
|
||
|
asn3.Add (new ASN1 (0x04, ProcessMessageType3 (user, pass)));
|
||
|
asn2.Add (asn3);
|
||
|
asn.Add (asn2);
|
||
|
return asn.GetBytes ();
|
||
|
}
|
||
|
|
||
|
public byte [] ProcessMessageType1 ()
|
||
|
{
|
||
|
Type1Message type1 = new Type1Message (NtlmVersion.Version3);
|
||
|
type1.Flags = unchecked ((NtlmFlags) 0xE21882B7);
|
||
|
return type1.GetBytes ();
|
||
|
}
|
||
|
|
||
|
string TargetName;
|
||
|
|
||
|
public void ProcessMessageType2 (byte [] raw)
|
||
|
{
|
||
|
type2 = new Type2Message (raw);
|
||
|
}
|
||
|
|
||
|
public byte [] ProcessMessageType3 (string user, string password)
|
||
|
{
|
||
|
TargetName = Environment.MachineName;
|
||
|
ServerName = Environment.MachineName;
|
||
|
// FIXME
|
||
|
DomainName = ServerName;// IPGlobalProperties.GetIPGlobalProperties ().DomainName;
|
||
|
DnsHostName = Dns.GetHostName ();
|
||
|
DnsDomainName = DnsHostName; // FIXME
|
||
|
|
||
|
type3 = new Type3Message (NtlmVersion.Version3);
|
||
|
type3.Flags = (NtlmFlags) (unchecked ((int) 0xE2188235));
|
||
|
type3.Domain = DomainName;
|
||
|
type3.Host = DnsHostName;
|
||
|
type3.Challenge = type2.Nonce;
|
||
|
type3.Username = user;
|
||
|
type3.Password = password;
|
||
|
|
||
|
return type3.GetBytes ();
|
||
|
}
|
||
|
}
|
||
|
|
||
|
internal class SspiServerSession : SspiSession
|
||
|
{
|
||
|
public string TargetName;
|
||
|
public long SuppliedDomain, SuppliedWorkstation;
|
||
|
Type1Message type1;
|
||
|
Type2Message type2;
|
||
|
Type3Message type3;
|
||
|
|
||
|
// Example buffer:
|
||
|
// 6069 0606 2B0601050502 A05F 305D A024 3022
|
||
|
// 060A 2B06010401823702020A
|
||
|
// 0609 2A864882F712010202
|
||
|
// 0609 2A864886F712010202
|
||
|
// A235 0433 NTLM
|
||
|
// NTLM = 4E544C4D53535000 01000000 B7B218E2 090009002A000000
|
||
|
// 0200020028000000 0501280A0000000F 5043 574F524B47524F5550
|
||
|
public void ProcessSpnegoInitialContextTokenRequest (byte [] raw)
|
||
|
{
|
||
|
ASN1 asn1 = new ASN1 (raw);
|
||
|
// FIXME: check OIDs
|
||
|
ProcessMessageType1 (asn1 [1] [0] [1] [0].Value);
|
||
|
}
|
||
|
|
||
|
// Class {
|
||
|
// Class {
|
||
|
// Class { Enum },
|
||
|
// Class { OID(NTLMSSP) },
|
||
|
// Class { OctetStream } } }
|
||
|
public byte [] ProcessSpnegoInitialContextTokenResponse ()
|
||
|
{
|
||
|
ASN1 top = new ASN1 (0xA1);
|
||
|
ASN1 asn = new ASN1 (0x30);
|
||
|
ASN1 asn1 = new ASN1 (0xA0);
|
||
|
// FIXME: what is this enum?
|
||
|
asn1.Add (new ASN1 (0x0A, new byte [] {1})); // Enum whatever
|
||
|
ASN1 asn2 = new ASN1 (0xA1);
|
||
|
asn2.Add (ASN1Convert.FromOid (Constants.OidNtlmSsp));
|
||
|
ASN1 asn3 = new ASN1 (0xA2);
|
||
|
asn3.Add (new ASN1 (0x04, ProcessMessageType2 ()));
|
||
|
asn.Add (asn1);
|
||
|
asn.Add (asn2);
|
||
|
asn.Add (asn3);
|
||
|
top.Add (asn);
|
||
|
return top.GetBytes ();
|
||
|
}
|
||
|
|
||
|
// Example buffer:
|
||
|
// A181A7
|
||
|
// 3081A4
|
||
|
// A281A1
|
||
|
// 04819E
|
||
|
// 4E544C4D53535000 03000000
|
||
|
// 180018005E000000 1800180076000000 0400040048000000
|
||
|
// 0E000E004C000000 040004005A000000 100010008E000000
|
||
|
// 358218E2 0501280A0000000F
|
||
|
// 50004300 6100740073007500730068006900 50004300
|
||
|
// [8 bytes LM] [16 bytes of 0s]
|
||
|
// [24 bytes of NTLM]
|
||
|
// C94EE2ADE7E32244 BD60D3B33609C167
|
||
|
public void ProcessSpnegoProcessContextToken (byte [] raw)
|
||
|
{
|
||
|
ASN1 asn1 = new ASN1 (raw);
|
||
|
// FIXME: check structure
|
||
|
ProcessMessageType3 (asn1 [0] [0] [0].Value);
|
||
|
}
|
||
|
|
||
|
public void ProcessMessageType1 (byte [] raw)
|
||
|
{
|
||
|
type1 = new Type1Message (raw, NtlmVersion.Version3);
|
||
|
}
|
||
|
|
||
|
public byte [] ProcessMessageType2 ()
|
||
|
{
|
||
|
byte [] bytes = new byte [8];
|
||
|
RandomNumberGenerator.Create ().GetNonZeroBytes (bytes);
|
||
|
Challenge = bytes [0] << 24 + bytes [1] << 16 + bytes [2] << 8 + bytes [3];
|
||
|
Context = 0; // FIXME
|
||
|
ServerOSVersion = 0x0F00000A28010500; // FIXME
|
||
|
TargetName = Environment.MachineName;
|
||
|
ServerName = Environment.MachineName;
|
||
|
// FIXME
|
||
|
DomainName = ServerName;// IPGlobalProperties.GetIPGlobalProperties ().DomainName;
|
||
|
DnsHostName = Dns.GetHostName ();
|
||
|
DnsDomainName = DnsHostName; // FIXME
|
||
|
|
||
|
type2 = new Type2Message (NtlmVersion.Version3);
|
||
|
type2.Flags = (NtlmFlags) (unchecked ((int) 0xE21882B7));
|
||
|
type2.TargetName = TargetName;
|
||
|
type2.Target.ServerName = ServerName;
|
||
|
type2.Target.DomainName = DomainName;
|
||
|
type2.Target.DnsHostName = DnsHostName;
|
||
|
type2.Target.DnsDomainName = DnsDomainName;
|
||
|
return type2.GetBytes ();
|
||
|
}
|
||
|
|
||
|
public void ProcessMessageType3 (byte [] raw)
|
||
|
{
|
||
|
/*
|
||
|
MemoryStream ms = new MemoryStream (raw);
|
||
|
if (!Verify (NtlmSSP, raw, 0, 8))
|
||
|
throw new SecurityNegotiationException ("Expected NTLM SSPI header not found");
|
||
|
BinaryReader reader = new BinaryReader (ms);
|
||
|
reader.ReadInt64 (); // skip 8 bytes
|
||
|
if (reader.ReadInt32 () != 3)
|
||
|
throw new SecurityNegotiationException ("SSPI type 3 message is expected");
|
||
|
SspiSecurityBufferStruct lmResInfo = ReadSecurityBuffer (reader);
|
||
|
SspiSecurityBufferStruct ntlmResInfo = ReadSecurityBuffer (reader);
|
||
|
SspiSecurityBufferStruct targetNameInfo = ReadSecurityBuffer (reader);
|
||
|
SspiSecurityBufferStruct userNameInfo = ReadSecurityBuffer (reader);
|
||
|
SspiSecurityBufferStruct wsNameInfo = ReadSecurityBuffer (reader);
|
||
|
SspiSecurityBufferStruct sessionKeyInfo = ReadSecurityBuffer (reader);
|
||
|
int flags = reader.ReadInt32 ();
|
||
|
ServerOSVersion = reader.ReadInt64 ();
|
||
|
*/
|
||
|
type3 = new Type3Message (raw, NtlmVersion.Version3);
|
||
|
}
|
||
|
}
|
||
|
}
|