jellyfin/Emby.Server.Implementations/IO/SharpCifs/Smb/NtlmPasswordAuthentication.cs

// This code is derived from jcifs smb client library <jcifs at samba dot org>
// Ported by J. Arturo <webmaster at komodosoft dot net>
//  
// This library is free software; you can redistribute it and/or
// modify it under the terms of the GNU Lesser General Public
// License as published by the Free Software Foundation; either
// version 2.1 of the License, or (at your option) any later version.
// 
// This library is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
// Lesser General Public License for more details.
// 
// You should have received a copy of the GNU Lesser General Public
// License along with this library; if not, write to the Free Software
// Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
using System;
using SharpCifs.Util;
using SharpCifs.Util.Sharpen;

namespace SharpCifs.Smb
{
	/// <summary>This class stores and encrypts NTLM user credentials.</summary>
	/// <remarks>
	/// This class stores and encrypts NTLM user credentials. The default
	/// credentials are retrieved from the <tt>jcifs.smb.client.domain</tt>,
	/// <tt>jcifs.smb.client.username</tt>, and <tt>jcifs.smb.client.password</tt>
	/// properties.
	/// <p>
	/// Read <a href="../../../authhandler.html">jCIFS Exceptions and
	/// NtlmAuthenticator</a> for related information.
	/// </remarks>
	
	public sealed class NtlmPasswordAuthentication : Principal
	{
		private static readonly int LmCompatibility = Config.GetInt("jcifs.smb.lmCompatibility"
			, 3);

		private static readonly Random Random = new Random();

		private static LogStream _log = LogStream.GetInstance();

		private static readonly byte[] S8 = { unchecked(unchecked(0x4b)), unchecked(unchecked(0x47)), unchecked(unchecked(0x53)), unchecked(unchecked(0x21)), unchecked(unchecked(0x40)), unchecked(unchecked(0x23)), unchecked(unchecked(0x24)), unchecked(unchecked(0x25)) };

		// KGS!@#$%
		private static void E(byte[] key, byte[] data, byte[] e)
		{
			byte[] key7 = new byte[7];
			byte[] e8 = new byte[8];
			for (int i = 0; i < key.Length / 7; i++)
			{
				Array.Copy(key, i * 7, key7, 0, 7);
				DES des = new DES(key7);
				des.Encrypt(data, e8);
				Array.Copy(e8, 0, e, i * 8, 8);
			}
		}

		internal static string DefaultDomain;

		internal static string DefaultUsername;

		internal static string DefaultPassword;

		internal static readonly string Blank = string.Empty;

		public static readonly NtlmPasswordAuthentication Anonymous = new NtlmPasswordAuthentication
			(string.Empty, string.Empty, string.Empty);

		internal static void InitDefaults()
		{
			if (DefaultDomain != null)
			{
				return;
			}
			DefaultDomain = Config.GetProperty("jcifs.smb.client.domain", "?");
			DefaultUsername = Config.GetProperty("jcifs.smb.client.username", "GUEST");
			DefaultPassword = Config.GetProperty("jcifs.smb.client.password", Blank);
		}

		/// <summary>Generate the ANSI DES hash for the password associated with these credentials.
		/// 	</summary>
		/// <remarks>Generate the ANSI DES hash for the password associated with these credentials.
		/// 	</remarks>
		public static byte[] GetPreNtlmResponse(string password, byte[] challenge)
		{
			byte[] p14 = new byte[14];
			byte[] p21 = new byte[21];
			byte[] p24 = new byte[24];
			byte[] passwordBytes;
			try
			{
				passwordBytes = Runtime.GetBytesForString(password.ToUpper(), SmbConstants.OemEncoding);
			}
			catch (UnsupportedEncodingException uee)
			{
				throw new RuntimeException("Try setting jcifs.encoding=US-ASCII", uee);
			}
			int passwordLength = passwordBytes.Length;
			// Only encrypt the first 14 bytes of the password for Pre 0.12 NT LM
			if (passwordLength > 14)
			{
				passwordLength = 14;
			}
			Array.Copy(passwordBytes, 0, p14, 0, passwordLength);
			E(p14, S8, p21);
			E(p21, challenge, p24);
			return p24;
		}

		/// <summary>Generate the Unicode MD4 hash for the password associated with these credentials.
		/// 	</summary>
		/// <remarks>Generate the Unicode MD4 hash for the password associated with these credentials.
		/// 	</remarks>
		public static byte[] GetNtlmResponse(string password, byte[] challenge)
		{
			byte[] uni = null;
			byte[] p21 = new byte[21];
			byte[] p24 = new byte[24];
			try
			{
				uni = Runtime.GetBytesForString(password, SmbConstants.UniEncoding);
			}
			catch (UnsupportedEncodingException uee)
			{
				if (_log.Level > 0)
				{
					Runtime.PrintStackTrace(uee, _log);
				}
			}
			Md4 md4 = new Md4();
			md4.Update(uni);
			try
			{
				md4.Digest(p21, 0, 16);
			}
			catch (Exception ex)
			{
				if (_log.Level > 0)
				{
					Runtime.PrintStackTrace(ex, _log);
				}
			}
			E(p21, challenge, p24);
			return p24;
		}

		/// <summary>Creates the LMv2 response for the supplied information.</summary>
		/// <remarks>Creates the LMv2 response for the supplied information.</remarks>
		/// <param name="domain">The domain in which the username exists.</param>
		/// <param name="user">The username.</param>
		/// <param name="password">The user's password.</param>
		/// <param name="challenge">The server challenge.</param>
		/// <param name="clientChallenge">The client challenge (nonce).</param>
		public static byte[] GetLMv2Response(string domain, string user, string password, 
			byte[] challenge, byte[] clientChallenge)
		{
			try
			{
				byte[] hash = new byte[16];
				byte[] response = new byte[24];
				// The next 2-1/2 lines of this should be placed with nTOWFv1 in place of password
				Md4 md4 = new Md4();
				md4.Update(Runtime.GetBytesForString(password, SmbConstants.UniEncoding)
					);
				Hmact64 hmac = new Hmact64(md4.Digest());
				hmac.Update(Runtime.GetBytesForString(user.ToUpper(), SmbConstants.UniEncoding
					));
				hmac.Update(Runtime.GetBytesForString(domain.ToUpper(), SmbConstants.UniEncoding
					));
				hmac = new Hmact64(hmac.Digest());
				hmac.Update(challenge);
				hmac.Update(clientChallenge);
				hmac.Digest(response, 0, 16);
				Array.Copy(clientChallenge, 0, response, 16, 8);
				return response;
			}
			catch (Exception ex)
			{
				if (_log.Level > 0)
				{
					Runtime.PrintStackTrace(ex, _log);
				}
				return null;
			}
		}

		public static byte[] GetNtlm2Response(byte[] nTowFv1, byte[] serverChallenge, byte
			[] clientChallenge)
		{
			byte[] sessionHash = new byte[8];
			try
			{
				MessageDigest md5;
				md5 = MessageDigest.GetInstance("MD5");
				md5.Update(serverChallenge);
				md5.Update(clientChallenge, 0, 8);
				Array.Copy(md5.Digest(), 0, sessionHash, 0, 8);
			}
			catch (Exception gse)
			{
				if (_log.Level > 0)
				{
					Runtime.PrintStackTrace(gse, _log);
				}
				throw new RuntimeException("MD5", gse);
			}
			byte[] key = new byte[21];
			Array.Copy(nTowFv1, 0, key, 0, 16);
			byte[] ntResponse = new byte[24];
			E(key, sessionHash, ntResponse);
			return ntResponse;
		}

		public static byte[] NtowFv1(string password)
		{
			if (password == null)
			{
				throw new RuntimeException("Password parameter is required");
			}
			try
			{
				Md4 md4 = new Md4();
				md4.Update(Runtime.GetBytesForString(password, SmbConstants.UniEncoding)
					);
				return md4.Digest();
			}
			catch (UnsupportedEncodingException uee)
			{
				throw new RuntimeException(uee.Message);
			}
		}

		public static byte[] NtowFv2(string domain, string username, string password)
		{
			try
			{
				Md4 md4 = new Md4();
				md4.Update(Runtime.GetBytesForString(password, SmbConstants.UniEncoding)
					);
				Hmact64 hmac = new Hmact64(md4.Digest());
				hmac.Update(Runtime.GetBytesForString(username.ToUpper(), SmbConstants.UniEncoding
					));
				hmac.Update(Runtime.GetBytesForString(domain, SmbConstants.UniEncoding));
				return hmac.Digest();
			}
			catch (UnsupportedEncodingException uee)
			{
				throw new RuntimeException(uee.Message);
			}
		}

		internal static byte[] ComputeResponse(byte[] responseKey, byte[] serverChallenge
			, byte[] clientData, int offset, int length)
		{
			Hmact64 hmac = new Hmact64(responseKey);
			hmac.Update(serverChallenge);
			hmac.Update(clientData, offset, length);
			byte[] mac = hmac.Digest();
			byte[] ret = new byte[mac.Length + clientData.Length];
			Array.Copy(mac, 0, ret, 0, mac.Length);
			Array.Copy(clientData, 0, ret, mac.Length, clientData.Length);
			return ret;
		}

		public static byte[] GetLMv2Response(byte[] responseKeyLm, byte[] serverChallenge
			, byte[] clientChallenge)
		{
			return ComputeResponse(responseKeyLm, serverChallenge
				, clientChallenge, 0, clientChallenge.Length);
		}

		public static byte[] GetNtlMv2Response(byte[] responseKeyNt, byte[] serverChallenge
			, byte[] clientChallenge, long nanos1601, byte[] targetInfo)
		{
			int targetInfoLength = targetInfo != null ? targetInfo.Length : 0;
			byte[] temp = new byte[28 + targetInfoLength + 4];
			Encdec.Enc_uint32le(unchecked(0x00000101), temp, 0);
			// Header
			Encdec.Enc_uint32le(unchecked(0x00000000), temp, 4);
			// Reserved
			Encdec.Enc_uint64le(nanos1601, temp, 8);
			Array.Copy(clientChallenge, 0, temp, 16, 8);
			Encdec.Enc_uint32le(unchecked(0x00000000), temp, 24);
			// Unknown
			if (targetInfo != null)
			{
				Array.Copy(targetInfo, 0, temp, 28, targetInfoLength);
			}
			Encdec.Enc_uint32le(unchecked(0x00000000), temp, 28 + targetInfoLength);
			// mystery bytes!
			return ComputeResponse(responseKeyNt, serverChallenge
				, temp, 0, temp.Length);
		}

		internal static readonly NtlmPasswordAuthentication Null = new NtlmPasswordAuthentication
			(string.Empty, string.Empty, string.Empty);

		internal static readonly NtlmPasswordAuthentication Guest = new NtlmPasswordAuthentication
			("?", "GUEST", string.Empty);

		internal static readonly NtlmPasswordAuthentication Default = new NtlmPasswordAuthentication
			(null);

		internal string Domain;

		internal string Username;

		internal string Password;

		internal byte[] AnsiHash;

		internal byte[] UnicodeHash;

		internal bool HashesExternal;

		internal byte[] ClientChallenge;

		internal byte[] Challenge;

		/// <summary>
		/// Create an <tt>NtlmPasswordAuthentication</tt> object from the userinfo
		/// component of an SMB URL like "<tt>domain;user:pass</tt>".
		/// </summary>
		/// <remarks>
		/// Create an <tt>NtlmPasswordAuthentication</tt> object from the userinfo
		/// component of an SMB URL like "<tt>domain;user:pass</tt>". This constructor
		/// is used internally be jCIFS when parsing SMB URLs.
		/// </remarks>
		public NtlmPasswordAuthentication(string userInfo)
		{
			Domain = Username = Password = null;
			if (userInfo != null)
			{
				try
				{
					userInfo = Unescape(userInfo);
				}
				catch (UnsupportedEncodingException)
				{
				}
				int i;
				int u;
				int end;
				char c;
				end = userInfo.Length;
				for (i = 0, u = 0; i < end; i++)
				{
					c = userInfo[i];
					if (c == ';')
					{
						Domain = Runtime.Substring(userInfo, 0, i);
						u = i + 1;
					}
					else
					{
						if (c == ':')
						{
							Password = Runtime.Substring(userInfo, i + 1);
							break;
						}
					}
				}
				Username = Runtime.Substring(userInfo, u, i);
			}
			InitDefaults();
			if (Domain == null)
			{
				Domain = DefaultDomain;
			}
			if (Username == null)
			{
				Username = DefaultUsername;
			}
			if (Password == null)
			{
				Password = DefaultPassword;
			}
		}

		/// <summary>
		/// Create an <tt>NtlmPasswordAuthentication</tt> object from a
		/// domain, username, and password.
		/// </summary>
		/// <remarks>
		/// Create an <tt>NtlmPasswordAuthentication</tt> object from a
		/// domain, username, and password. Parameters that are <tt>null</tt>
		/// will be substituted with <tt>jcifs.smb.client.domain</tt>,
		/// <tt>jcifs.smb.client.username</tt>, <tt>jcifs.smb.client.password</tt>
		/// property values.
		/// </remarks>
		public NtlmPasswordAuthentication(string domain, string username, string password
			)
		{
			int ci;
			if (username != null)
			{
				ci = username.IndexOf('@');
				if (ci > 0)
				{
					domain = Runtime.Substring(username, ci + 1);
					username = Runtime.Substring(username, 0, ci);
				}
				else
				{
					ci = username.IndexOf('\\');
					if (ci > 0)
					{
						domain = Runtime.Substring(username, 0, ci);
						username = Runtime.Substring(username, ci + 1);
					}
				}
			}
			this.Domain = domain;
			this.Username = username;
			this.Password = password;
			InitDefaults();
			if (domain == null)
			{
				this.Domain = DefaultDomain;
			}
			if (username == null)
			{
				this.Username = DefaultUsername;
			}
			if (password == null)
			{
				this.Password = DefaultPassword;
			}
		}

		/// <summary>
		/// Create an <tt>NtlmPasswordAuthentication</tt> object with raw password
		/// hashes.
		/// </summary>
		/// <remarks>
		/// Create an <tt>NtlmPasswordAuthentication</tt> object with raw password
		/// hashes. This is used exclusively by the <tt>jcifs.http.NtlmSsp</tt>
		/// class which is in turn used by NTLM HTTP authentication functionality.
		/// </remarks>
		public NtlmPasswordAuthentication(string domain, string username, byte[] challenge
			, byte[] ansiHash, byte[] unicodeHash)
		{
			if (domain == null || username == null || ansiHash == null || unicodeHash == null)
			{
				throw new ArgumentException("External credentials cannot be null");
			}
			this.Domain = domain;
			this.Username = username;
			Password = null;
			this.Challenge = challenge;
			this.AnsiHash = ansiHash;
			this.UnicodeHash = unicodeHash;
			HashesExternal = true;
		}

		/// <summary>Returns the domain.</summary>
		/// <remarks>Returns the domain.</remarks>
		public string GetDomain()
		{
			return Domain;
		}

		/// <summary>Returns the username.</summary>
		/// <remarks>Returns the username.</remarks>
		public string GetUsername()
		{
			return Username;
		}

		/// <summary>
		/// Returns the password in plain text or <tt>null</tt> if the raw password
		/// hashes were used to construct this <tt>NtlmPasswordAuthentication</tt>
		/// object which will be the case when NTLM HTTP Authentication is
		/// used.
		/// </summary>
		/// <remarks>
		/// Returns the password in plain text or <tt>null</tt> if the raw password
		/// hashes were used to construct this <tt>NtlmPasswordAuthentication</tt>
		/// object which will be the case when NTLM HTTP Authentication is
		/// used. There is no way to retrieve a users password in plain text unless
		/// it is supplied by the user at runtime.
		/// </remarks>
		public string GetPassword()
		{
			return Password;
		}

		/// <summary>
		/// Return the domain and username in the format:
		/// <tt>domain\\username</tt>.
		/// </summary>
		/// <remarks>
		/// Return the domain and username in the format:
		/// <tt>domain\\username</tt>. This is equivalent to <tt>toString()</tt>.
		/// </remarks>
		public new string GetName()
		{
			bool d = Domain.Length > 0 && Domain.Equals("?") == false;
			return d ? Domain + "\\" + Username : Username;
		}

		/// <summary>Computes the 24 byte ANSI password hash given the 8 byte server challenge.
		/// 	</summary>
		/// <remarks>Computes the 24 byte ANSI password hash given the 8 byte server challenge.
		/// 	</remarks>
		public byte[] GetAnsiHash(byte[] challenge)
		{
			if (HashesExternal)
			{
				return AnsiHash;
			}
			switch (LmCompatibility)
			{
				case 0:
				case 1:
				{
					return GetPreNtlmResponse(Password, challenge);
				}

				case 2:
				{
					return GetNtlmResponse(Password, challenge);
				}

				case 3:
				case 4:
				case 5:
				{
					if (ClientChallenge == null)
					{
						ClientChallenge = new byte[8];
						Random.NextBytes(ClientChallenge);
					}
					return GetLMv2Response(Domain, Username, Password, challenge, ClientChallenge);
				}

				default:
				{
					return GetPreNtlmResponse(Password, challenge);
				}
			}
		}

		/// <summary>Computes the 24 byte Unicode password hash given the 8 byte server challenge.
		/// 	</summary>
		/// <remarks>Computes the 24 byte Unicode password hash given the 8 byte server challenge.
		/// 	</remarks>
		public byte[] GetUnicodeHash(byte[] challenge)
		{
			if (HashesExternal)
			{
				return UnicodeHash;
			}
			switch (LmCompatibility)
			{
				case 0:
				case 1:
				case 2:
				{
					return GetNtlmResponse(Password, challenge);
				}

				case 3:
				case 4:
				case 5:
				{
					return new byte[0];
				}

				default:
				{
					return GetNtlmResponse(Password, challenge);
				}
			}
		}

		/// <exception cref="SharpCifs.Smb.SmbException"></exception>
		public byte[] GetSigningKey(byte[] challenge)
		{
			switch (LmCompatibility)
			{
				case 0:
				case 1:
				case 2:
				{
					byte[] signingKey = new byte[40];
					GetUserSessionKey(challenge, signingKey, 0);
					Array.Copy(GetUnicodeHash(challenge), 0, signingKey, 16, 24);
					return signingKey;
				}

				case 3:
				case 4:
				case 5:
				{
					throw new SmbException("NTLMv2 requires extended security (jcifs.smb.client.useExtendedSecurity must be true if jcifs.smb.lmCompatibility >= 3)"
						);
				}
			}
			return null;
		}

		/// <summary>Returns the effective user session key.</summary>
		/// <remarks>Returns the effective user session key.</remarks>
		/// <param name="challenge">The server challenge.</param>
		/// <returns>
		/// A <code>byte[]</code> containing the effective user session key,
		/// used in SMB MAC signing and NTLMSSP signing and sealing.
		/// </returns>
		public byte[] GetUserSessionKey(byte[] challenge)
		{
			if (HashesExternal)
			{
				return null;
			}
			byte[] key = new byte[16];
			try
			{
				GetUserSessionKey(challenge, key, 0);
			}
			catch (Exception ex)
			{
				if (_log.Level > 0)
				{
					Runtime.PrintStackTrace(ex, _log);
				}
			}
			return key;
		}

		/// <summary>Calculates the effective user session key.</summary>
		/// <remarks>Calculates the effective user session key.</remarks>
		/// <param name="challenge">The server challenge.</param>
		/// <param name="dest">
		/// The destination array in which the user session key will be
		/// placed.
		/// </param>
		/// <param name="offset">
		/// The offset in the destination array at which the
		/// session key will start.
		/// </param>
		/// <exception cref="SharpCifs.Smb.SmbException"></exception>
		internal void GetUserSessionKey(byte[] challenge, byte[] dest, int offset)
		{
			if (HashesExternal)
			{
				return;
			}
			try
			{
				Md4 md4 = new Md4();
				md4.Update(Runtime.GetBytesForString(Password, SmbConstants.UniEncoding)
					);
				switch (LmCompatibility)
				{
					case 0:
					case 1:
					case 2:
					{
						md4.Update(md4.Digest());
						md4.Digest(dest, offset, 16);
						break;
					}

					case 3:
					case 4:
					case 5:
					{
						if (ClientChallenge == null)
						{
							ClientChallenge = new byte[8];
							Random.NextBytes(ClientChallenge);
						}
						Hmact64 hmac = new Hmact64(md4.Digest());
						hmac.Update(Runtime.GetBytesForString(Username.ToUpper(), SmbConstants.UniEncoding
							));
						hmac.Update(Runtime.GetBytesForString(Domain.ToUpper(), SmbConstants.UniEncoding
							));
						byte[] ntlmv2Hash = hmac.Digest();
						hmac = new Hmact64(ntlmv2Hash);
						hmac.Update(challenge);
						hmac.Update(ClientChallenge);
						Hmact64 userKey = new Hmact64(ntlmv2Hash);
						userKey.Update(hmac.Digest());
						userKey.Digest(dest, offset, 16);
						break;
					}

					default:
					{
						md4.Update(md4.Digest());
						md4.Digest(dest, offset, 16);
						break;
					}
				}
			}
			catch (Exception e)
			{
				throw new SmbException(string.Empty, e);
			}
		}

		/// <summary>
		/// Compares two <tt>NtlmPasswordAuthentication</tt> objects for
		/// equality.
		/// </summary>
		/// <remarks>
		/// Compares two <tt>NtlmPasswordAuthentication</tt> objects for
		/// equality. Two <tt>NtlmPasswordAuthentication</tt> objects are equal if
		/// their caseless domain and username fields are equal and either both hashes are external and they are equal or both internally supplied passwords are equal. If one <tt>NtlmPasswordAuthentication</tt> object has external hashes (meaning negotiated via NTLM HTTP Authentication) and the other does not they will not be equal. This is technically not correct however the server 8 byte challage would be required to compute and compare the password hashes but that it not available with this method.
		/// </remarks>
		public override bool Equals(object obj)
		{
			if (obj is NtlmPasswordAuthentication)
			{
				NtlmPasswordAuthentication ntlm = (NtlmPasswordAuthentication
					)obj;
				if (ntlm.Domain.ToUpper().Equals(Domain.ToUpper()) && ntlm.Username.ToUpper().Equals
					(Username.ToUpper()))
				{
				    if (HashesExternal && ntlm.HashesExternal)
					{						
                        
                        return Arrays.Equals(AnsiHash, ntlm.AnsiHash) && Arrays.Equals(UnicodeHash, ntlm.							
                            UnicodeHash);
					}
				    if (!HashesExternal && Password.Equals(ntlm.Password))
				    {
				        return true;
				    }
				}
			}
			return false;
		}

		/// <summary>Return the upcased username hash code.</summary>
		/// <remarks>Return the upcased username hash code.</remarks>
		public override int GetHashCode()
		{
			return GetName().ToUpper().GetHashCode();
		}

		/// <summary>
		/// Return the domain and username in the format:
		/// <tt>domain\\username</tt>.
		/// </summary>
		/// <remarks>
		/// Return the domain and username in the format:
		/// <tt>domain\\username</tt>. This is equivalent to <tt>getName()</tt>.
		/// </remarks>
		public override string ToString()
		{
			return GetName();
		}

		/// <exception cref="System.FormatException"></exception>
		/// <exception cref="UnsupportedEncodingException"></exception>
		internal static string Unescape(string str)
		{
			char ch;
			int i;
			int j;
			int state;
			int len;
			char[] @out;
			byte[] b = new byte[1];
			if (str == null)
			{
				return null;
			}
			len = str.Length;
			@out = new char[len];
			state = 0;
			for (i = j = 0; i < len; i++)
			{
				switch (state)
				{
					case 0:
					{
						ch = str[i];
						if (ch == '%')
						{
							state = 1;
						}
						else
						{
							@out[j++] = ch;
						}
						break;
					}

					case 1:
					{
						b[0] = unchecked((byte)(Convert.ToInt32(Runtime.Substring(str, i, 
							i + 2), 16) & unchecked(0xFF)));
						@out[j++] = (Runtime.GetStringForBytes(b, 0, 1, "ASCII"))[0];
						i++;
						state = 0;
					    break;
					}
				}
			}
			return new string(@out, 0, j);
		}
	}
}