diff --git a/SMBLibrary/Authentication/GSSAPI/IGSSMechanism.cs b/SMBLibrary/Authentication/GSSAPI/IGSSMechanism.cs new file mode 100644 index 0000000..d903272 --- /dev/null +++ b/SMBLibrary/Authentication/GSSAPI/IGSSMechanism.cs @@ -0,0 +1,35 @@ +/* Copyright (C) 2017 Tal Aloni . All rights reserved. + * + * You can redistribute this program and/or modify it under the terms of + * the GNU Lesser Public License as published by the Free Software Foundation, + * either version 3 of the License, or (at your option) any later version. + */ +using System; +using System.Collections.Generic; + +namespace SMBLibrary.Authentication.GSSAPI +{ + public interface IGSSMechanism + { + /// + /// Equivalent to GSS_Accept_sec_context + /// + NTStatus AcceptSecurityContext(ref object context, byte[] inputToken, out byte[] outputToken); + + /// + /// Equivalent to GSS_Delete_sec_context + /// Obtains information about a given security context (even an incomplete one) + /// + void DeleteSecurityContext(ref object context); + + /// + /// Equivalent to GSS_Inquire_context + /// + object GetContextAttribute(object context, GSSAttributeName attributeName); + + byte[] Identifier + { + get; + } + } +} diff --git a/SMBLibrary/Authentication/NTLM/NTLMAuthenticationProviderBase.cs b/SMBLibrary/Authentication/NTLM/NTLMAuthenticationProviderBase.cs index b285864..546e2ad 100644 --- a/SMBLibrary/Authentication/NTLM/NTLMAuthenticationProviderBase.cs +++ b/SMBLibrary/Authentication/NTLM/NTLMAuthenticationProviderBase.cs @@ -10,8 +10,38 @@ using SMBLibrary.Authentication.GSSAPI; namespace SMBLibrary.Authentication.NTLM { - public abstract class NTLMAuthenticationProviderBase + public abstract class NTLMAuthenticationProviderBase : IGSSMechanism { + public static readonly byte[] NTLMSSPIdentifier = new byte[] { 0x2b, 0x06, 0x01, 0x04, 0x01, 0x82, 0x37, 0x02, 0x02, 0x0a }; + + public NTStatus AcceptSecurityContext(ref object context, byte[] inputToken, out byte[] outputToken) + { + outputToken = null; + if (!AuthenticationMessageUtils.IsSignatureValid(inputToken)) + { + return NTStatus.SEC_E_INVALID_TOKEN; + } + + MessageTypeName messageType = AuthenticationMessageUtils.GetMessageType(inputToken); + if (messageType == MessageTypeName.Negotiate) + { + NegotiateMessage input = new NegotiateMessage(inputToken); + ChallengeMessage output; + NTStatus status = GetChallengeMessage(out context, input, out output); + outputToken = output.GetBytes(); + return status; + } + else if (messageType == MessageTypeName.Authenticate) + { + AuthenticateMessage message = new AuthenticateMessage(inputToken); + return Authenticate(context, message); + } + else + { + return NTStatus.SEC_E_INVALID_TOKEN; + } + } + public abstract NTStatus GetChallengeMessage(out object context, NegotiateMessage negotiateMessage, out ChallengeMessage challengeMessage); public abstract NTStatus Authenticate(object context, AuthenticateMessage authenticateMessage); @@ -19,5 +49,13 @@ namespace SMBLibrary.Authentication.NTLM public abstract void DeleteSecurityContext(ref object context); public abstract object GetContextAttribute(object context, GSSAttributeName attributeName); + + public byte[] Identifier + { + get + { + return NTLMSSPIdentifier; + } + } } } diff --git a/SMBLibrary/SMBLibrary.csproj b/SMBLibrary/SMBLibrary.csproj index e1e99da..e97f6f0 100644 --- a/SMBLibrary/SMBLibrary.csproj +++ b/SMBLibrary/SMBLibrary.csproj @@ -33,6 +33,7 @@ +