zydronium/SMBLibrary
1
0
Fork 0
mirror of https://github.com/TalAloni/SMBLibrary.git synced 2025-07-14 21:35:04 +02:00
Code Issues Projects Releases Packages Wiki Activity

SPNEGO: Assume NegTokenInit2 SPNEGO extension was sent for server-initiated negotiation

Browse source
This commit is contained in:
Tal Aloni 2018-12-23 19:11:53 +02:00
parent 86afb5af33
commit 268b9e9527
3 changed files with 18 additions and 9 deletions
Download patch file Download diff file Expand all files Collapse all files

4
SMBLibrary/Authentication/GSSAPI/GSSProvider.cs
View file

@ -1,4 +1,4 @@
/* Copyright (C) 2017 Tal Aloni <tal.aloni.il@gmail.com>. All rights reserved. /* Copyright (C) 2017-2018 Tal Aloni <tal.aloni.il@gmail.com>. All rights reserved.
* *
* You can redistribute this program and/or modify it under the terms of * You can redistribute this program and/or modify it under the terms of
* the GNU Lesser Public License as published by the Free Software Foundation, * the GNU Lesser Public License as published by the Free Software Foundation,
@ -57,7 +57,7 @@ namespace SMBLibrary.Authentication.GSSAPI
SimpleProtectedNegotiationToken spnegoToken = null; SimpleProtectedNegotiationToken spnegoToken = null;
try try
{ {
spnegoToken = SimpleProtectedNegotiationToken.ReadToken(inputToken, 0); spnegoToken = SimpleProtectedNegotiationToken.ReadToken(inputToken, 0, false);
} }
catch catch
{ {

15
SMBLibrary/Authentication/GSSAPI/SPNEGO/SimpleProtectedNegotiationToken.cs
View file

@ -1,4 +1,4 @@
/* Copyright (C) 2017 Tal Aloni <tal.aloni.il@gmail.com>. All rights reserved. /* Copyright (C) 2017-2018 Tal Aloni <tal.aloni.il@gmail.com>. All rights reserved.
* *
* You can redistribute this program and/or modify it under the terms of * You can redistribute this program and/or modify it under the terms of
* the GNU Lesser Public License as published by the Free Software Foundation, * the GNU Lesser Public License as published by the Free Software Foundation,
@ -6,7 +6,6 @@
*/ */
using System; using System;
using System.Collections.Generic; using System.Collections.Generic;
using System.Text;
using Utilities; using Utilities;
namespace SMBLibrary.Authentication.GSSAPI namespace SMBLibrary.Authentication.GSSAPI
@ -49,7 +48,7 @@ namespace SMBLibrary.Authentication.GSSAPI
/// https://tools.ietf.org/html/rfc2743 /// https://tools.ietf.org/html/rfc2743
/// </summary> /// </summary>
/// <exception cref="System.IO.InvalidDataException"></exception> /// <exception cref="System.IO.InvalidDataException"></exception>
public static SimpleProtectedNegotiationToken ReadToken(byte[] tokenBytes, int offset) public static SimpleProtectedNegotiationToken ReadToken(byte[] tokenBytes, int offset, bool serverInitiatedNegotiation)
{ {
byte tag = ByteReader.ReadByte(tokenBytes, ref offset); byte tag = ByteReader.ReadByte(tokenBytes, ref offset);
if (tag == ApplicationTag) if (tag == ApplicationTag)
@ -70,9 +69,19 @@ namespace SMBLibrary.Authentication.GSSAPI
{ {
tag = ByteReader.ReadByte(tokenBytes, ref offset); tag = ByteReader.ReadByte(tokenBytes, ref offset);
if (tag == SimpleProtectedNegotiationTokenInit.NegTokenInitTag) if (tag == SimpleProtectedNegotiationTokenInit.NegTokenInitTag)
{
if (serverInitiatedNegotiation)
{
// [MS-SPNG] Standard GSS has a strict notion of client (initiator) and server (acceptor).
// If the client has not sent a negTokenInit ([RFC4178] section 4.2.1) message, no context establishment token is expected from the server.
// The [NegTokenInit2] SPNEGO extension allows the server to generate a context establishment token message [..] and send it to the client.
return new SimpleProtectedNegotiationTokenInit2(tokenBytes, offset);
}
else
{ {
return new SimpleProtectedNegotiationTokenInit(tokenBytes, offset); return new SimpleProtectedNegotiationTokenInit(tokenBytes, offset);
} }
}
else if (tag == SimpleProtectedNegotiationTokenResponse.NegTokenRespTag) else if (tag == SimpleProtectedNegotiationTokenResponse.NegTokenRespTag)
{ {
return new SimpleProtectedNegotiationTokenResponse(tokenBytes, offset); return new SimpleProtectedNegotiationTokenResponse(tokenBytes, offset);

6
SMBLibrary/Client/Helpers/NTLMAuthenticationHelper.cs
View file

@ -1,4 +1,4 @@
/* Copyright (C) 2017 Tal Aloni <tal.aloni.il@gmail.com>. All rights reserved. /* Copyright (C) 2017-2018 Tal Aloni <tal.aloni.il@gmail.com>. All rights reserved.
* *
* You can redistribute this program and/or modify it under the terms of * You can redistribute this program and/or modify it under the terms of
* the GNU Lesser Public License as published by the Free Software Foundation, * the GNU Lesser Public License as published by the Free Software Foundation,
@ -23,7 +23,7 @@ namespace SMBLibrary.Client
SimpleProtectedNegotiationTokenInit inputToken = null; SimpleProtectedNegotiationTokenInit inputToken = null;
try try
{ {
inputToken = SimpleProtectedNegotiationToken.ReadToken(securityBlob, 0) as SimpleProtectedNegotiationTokenInit; inputToken = SimpleProtectedNegotiationToken.ReadToken(securityBlob, 0, true) as SimpleProtectedNegotiationTokenInit;
} }
catch catch
{ {
@ -82,7 +82,7 @@ namespace SMBLibrary.Client
SimpleProtectedNegotiationTokenResponse inputToken = null; SimpleProtectedNegotiationTokenResponse inputToken = null;
try try
{ {
inputToken = SimpleProtectedNegotiationToken.ReadToken(securityBlob, 0) as SimpleProtectedNegotiationTokenResponse; inputToken = SimpleProtectedNegotiationToken.ReadToken(securityBlob, 0, false) as SimpleProtectedNegotiationTokenResponse;
} }
catch catch
{ {