feat(mssql): support Integrated Security with native NTLMv2 handshake

Author: vkuttyp

Directory.Build.props

@@ -7,6 +7,6 @@
     <Authors>vkuttyp</Authors>
     <PackageLicenseExpression>MIT</PackageLicenseExpression>
     <RepositoryUrl>https://github.com/vkuttyp/CosmoSQLClient-Dotnet</RepositoryUrl>
-    <Version>1.5.9</Version>
+    <Version>1.6.0</Version>
   </PropertyGroup>
 </Project>

src/CosmoSQLClient.MsSql/Auth/NtlmAuth.cs

@@ -0,0 +1,244 @@
+using System.Security.Cryptography;
+using System.Text;
+
+namespace CosmoSQLClient.MsSql.Auth;
+
+/// <summary>
+/// Implements the NTLMv2 authentication protocol used by Windows domain auth.
+/// Ported from CosmoSQLClient-Swift.
+/// </summary>
+internal static class NtlmAuth
+{
+    private static readonly byte[] NtlmSignature = { 0x4E, 0x54, 0x4C, 0x4D, 0x53, 0x53, 0x50, 0x00 };
+    private const uint NegotiateFlags = 0x62088235;
+
+    public static byte[] BuildNegotiate()
+    {
+        using var ms = new MemoryStream();
+        using var bw = new BinaryWriter(ms);
+
+        bw.Write(NtlmSignature);
+        bw.Write(1u); // MessageType = 1
+        bw.Write(NegotiateFlags);
+        // DomainNameFields (len=0, maxLen=0, offset=0)
+        bw.Write(new byte[8]);
+        // WorkstationFields (len=0, maxLen=0, offset=0)
+        bw.Write(new byte[8]);
+        // Version (8 bytes: Windows 10 marker)
+        bw.Write(new byte[] { 0x0A, 0x00, 0x3F, 0x00, 0x00, 0x00, 0x00, 0x0F });
+
+        return ms.ToArray();
+    }
+
+    public record NtlmChallenge(byte[] ServerChallenge, byte[] TargetInfo, uint Flags);
+
+    public static NtlmChallenge ParseChallenge(byte[] data)
+    {
+        if (data.Length < 56) throw new Exception("Invalid NTLM challenge length.");
+        
+        for (int i = 0; i < 8; i++)
+            if (data[i] != NtlmSignature[i]) throw new Exception("Invalid NTLM signature.");
+        
+        uint type = BitConverter.ToUInt32(data, 8);
+        if (type != 2) throw new Exception("Invalid NTLM message type.");
+
+        uint flags = BitConverter.ToUInt32(data, 20);
+        byte[] challenge = new byte[8];
+        Array.Copy(data, 24, challenge, 0, 8);
+
+        short tiLen = BitConverter.ToInt16(data, 40);
+        int tiOffset = BitConverter.ToInt32(data, 44);
+        byte[] targetInfo = new byte[0];
+        if (tiLen > 0 && tiOffset + tiLen <= data.Length)
+        {
+            targetInfo = new byte[tiLen];
+            Array.Copy(data, tiOffset, targetInfo, 0, tiLen);
+        }
+
+        return new NtlmChallenge(challenge, targetInfo, flags);
+    }
+
+    public static byte[] BuildAuthenticate(
+        byte[] challengeData,
+        string username,
+        string password,
+        string domain,
+        string workstation)
+    {
+        var challenge = ParseChallenge(challengeData);
+
+        // Derive NTLMv2 key
+        byte[] ntHash = ComputeMd4(Encoding.Unicode.GetBytes(password));
+        byte[] identity = Encoding.Unicode.GetBytes(username.ToUpperInvariant() + domain);
+        byte[] ntlmv2Key = ComputeHmacMd5(ntHash, identity);
+
+        // NTLMv2 blob
+        byte[] clientChallenge = new byte[8];
+        using (var rng = RandomNumberGenerator.Create()) { rng.GetBytes(clientChallenge); }
+        
+        byte[] timestamp = GetWindowsTimestamp();
+        byte[] blob = BuildBlob(timestamp, clientChallenge, challenge.TargetInfo);
+
+        // NT response = HMAC-MD5(ntlmv2Key, serverChallenge + blob) + blob
+        byte[] challengeAndBlob = new byte[8 + blob.Length];
+        Array.Copy(challenge.ServerChallenge, 0, challengeAndBlob, 0, 8);
+        Array.Copy(blob, 0, challengeAndBlob, 8, blob.Length);
+        
+        byte[] ntProofStr = ComputeHmacMd5(ntlmv2Key, challengeAndBlob);
+        byte[] ntResponse = new byte[ntProofStr.Length + blob.Length];
+        Array.Copy(ntProofStr, 0, ntResponse, 0, ntProofStr.Length);
+        Array.Copy(blob, 0, ntResponse, ntProofStr.Length, blob.Length);
+
+        // LM response = HMAC-MD5(ntlmv2Key, serverChallenge + clientChallenge) + clientChallenge
+        byte[] challengeAndClient = new byte[8 + 8];
+        Array.Copy(challenge.ServerChallenge, 0, challengeAndClient, 0, 8);
+        Array.Copy(clientChallenge, 0, challengeAndClient, 8, 8);
+        byte[] lmProofStr = ComputeHmacMd5(ntlmv2Key, challengeAndClient);
+        byte[] lmResponse = new byte[lmProofStr.Length + 8];
+        Array.Copy(lmProofStr, 0, lmResponse, 0, lmProofStr.Length);
+        Array.Copy(clientChallenge, 0, lmResponse, lmProofStr.Length, 8);
+
+        byte[] domainBytes = Encoding.Unicode.GetBytes(domain);
+        byte[] userBytes = Encoding.Unicode.GetBytes(username);
+        byte[] wsBytes = Encoding.Unicode.GetBytes(workstation);
+
+        int headerSize = 72;
+        using var ms = new MemoryStream();
+        using var bw = new BinaryWriter(ms);
+        
+        var payload = new List<byte[]>();
+        
+        byte[] BuildSecBuf(byte[] data)
+        {
+            short len = (short)data.Length;
+            int offset = headerSize + payload.Sum(p => p.Length);
+            payload.Add(data);
+            
+            var buf = new byte[8];
+            Array.Copy(BitConverter.GetBytes(len), 0, buf, 0, 2);
+            Array.Copy(BitConverter.GetBytes(len), 0, buf, 2, 2);
+            Array.Copy(BitConverter.GetBytes(offset), 0, buf, 4, 4);
+            return buf;
+        }
+
+        byte[] lmBuf = BuildSecBuf(lmResponse);
+        byte[] ntBuf = BuildSecBuf(ntResponse);
+        byte[] domBuf = BuildSecBuf(domainBytes);
+        byte[] usrBuf = BuildSecBuf(userBytes);
+        byte[] wsBuf = BuildSecBuf(wsBytes);
+
+        bw.Write(NtlmSignature);
+        bw.Write(3u); // MessageType = 3
+        bw.Write(lmBuf);
+        bw.Write(ntBuf);
+        bw.Write(domBuf);
+        bw.Write(usrBuf);
+        bw.Write(wsBuf);
+        bw.Write(new byte[8]); // EncryptedRandomSessionKey
+        bw.Write(NegotiateFlags);
+        
+        foreach (var p in payload) bw.Write(p);
+
+        return ms.ToArray();
+    }
+
+    private static byte[] BuildBlob(byte[] timestamp, byte[] clientChallenge, byte[] targetInfo)
+    {
+        using var ms = new MemoryStream();
+        using var bw = new BinaryWriter(ms);
+        
+        bw.Write(new byte[] { 0x01, 0x01, 0x00, 0x00 }); // Blob signature
+        bw.Write(0u); // Reserved
+        bw.Write(timestamp);
+        bw.Write(clientChallenge);
+        bw.Write(0u); // Reserved
+        bw.Write(targetInfo);
+        bw.Write(0u); // MsvAvEOL
+        
+        return ms.ToArray();
+    }
+
+    private static byte[] GetWindowsTimestamp()
+    {
+        return BitConverter.GetBytes(DateTime.UtcNow.ToFileTimeUtc());
+    }
+
+    private static byte[] ComputeMd4(byte[] input)
+    {
+        return MD4.Hash(input);
+    }
+
+    private static byte[] ComputeHmacMd5(byte[] key, byte[] data)
+    {
+        using var hmac = new HMACMD5(key);
+        return hmac.ComputeHash(data);
+    }
+}
+
+internal static class MD4
+{
+    public static byte[] Hash(byte[] input)
+    {
+        uint a = 0x67452301;
+        uint b = 0xefcdab89;
+        uint c = 0x98badcfe;
+        uint d = 0x10325476;
+
+        byte[] data = new byte[((input.Length + 8) / 64 + 1) * 64];
+        Array.Copy(input, data, input.Length);
+        data[input.Length] = 0x80;
+        
+        byte[] lengthBits = BitConverter.GetBytes((ulong)input.Length * 8);
+        Array.Copy(lengthBits, 0, data, data.Length - 8, 8);
+
+        for (int i = 0; i < data.Length; i += 64)
+        {
+            uint[] x = new uint[16];
+            for (int j = 0; j < 16; j++)
+                x[j] = BitConverter.ToUInt32(data, i + j * 4);
+
+            uint aa = a, bb = b, cc = c, dd = d;
+
+            a = Round1(a, b, c, d, x[0], 3); d = Round1(d, a, b, c, x[1], 7);
+            c = Round1(c, d, a, b, x[2], 11); b = Round1(b, c, d, a, x[3], 19);
+            a = Round1(a, b, c, d, x[4], 3); d = Round1(d, a, b, c, x[5], 7);
+            c = Round1(c, d, a, b, x[6], 11); b = Round1(b, c, d, a, x[7], 19);
+            a = Round1(a, b, c, d, x[8], 3); d = Round1(d, a, b, c, x[9], 7);
+            c = Round1(c, d, a, b, x[10], 11); b = Round1(b, c, d, a, x[11], 19);
+            a = Round1(a, b, c, d, x[12], 3); d = Round1(d, a, b, c, x[13], 7);
+            c = Round1(c, d, a, b, x[14], 11); b = Round1(b, c, d, a, x[15], 19);
+
+            a = Round2(a, b, c, d, x[0], 3); d = Round2(d, a, b, c, x[4], 5);
+            c = Round2(c, d, a, b, x[8], 9); b = Round2(b, c, d, a, x[12], 13);
+            a = Round2(a, b, c, d, x[1], 3); d = Round2(d, a, b, c, x[5], 5);
+            c = Round2(c, d, a, b, x[9], 9); b = Round2(b, c, d, a, x[13], 13);
+            a = Round2(a, b, c, d, x[2], 3); d = Round2(d, a, b, c, x[6], 5);
+            c = Round2(c, d, a, b, x[10], 9); b = Round2(b, c, d, a, x[14], 13);
+            a = Round2(a, b, c, d, x[3], 3); d = Round2(d, a, b, c, x[7], 5);
+            c = Round2(c, d, a, b, x[11], 9); b = Round2(b, c, d, a, x[15], 13);
+
+            a = Round3(a, b, c, d, x[0], 3); d = Round3(d, a, b, c, x[8], 9);
+            c = Round3(c, d, a, b, x[4], 11); b = Round3(b, c, d, a, x[12], 15);
+            a = Round3(a, b, c, d, x[2], 3); d = Round3(d, a, b, c, x[10], 9);
+            c = Round3(c, d, a, b, x[6], 11); b = Round3(b, c, d, a, x[14], 15);
+            a = Round3(a, b, c, d, x[1], 3); d = Round3(d, a, b, c, x[9], 9);
+            c = Round3(c, d, a, b, x[5], 11); b = Round3(b, c, d, a, x[13], 15);
+            a = Round3(a, b, c, d, x[3], 3); d = Round3(d, a, b, c, x[11], 9);
+            c = Round3(c, d, a, b, x[7], 11); b = Round3(b, c, d, a, x[15], 15);
+
+            a += aa; b += bb; c += cc; d += dd;
+        }
+
+        byte[] res = new byte[16];
+        Array.Copy(BitConverter.GetBytes(a), 0, res, 0, 4);
+        Array.Copy(BitConverter.GetBytes(b), 0, res, 4, 4);
+        Array.Copy(BitConverter.GetBytes(c), 0, res, 8, 4);
+        Array.Copy(BitConverter.GetBytes(d), 0, res, 12, 4);
+        return res;
+    }
+
+    private static uint Round1(uint a, uint b, uint c, uint d, uint x, int s) => Rol(a + ((b & c) | (~b & d)) + x, s);
+    private static uint Round2(uint a, uint b, uint c, uint d, uint x, int s) => Rol(a + ((b & c) | (b & d) | (c & d)) + x + 0x5a827999, s);
+    private static uint Round3(uint a, uint b, uint c, uint d, uint x, int s) => Rol(a + (b ^ c ^ d) + x + 0x6ed9eba1, s);
+    private static uint Rol(uint x, int n) => (x << n) | (x >> (32 - n));
+}

src/CosmoSQLClient.MsSql/MsSqlConnection.cs

@@ -8,6 +8,7 @@
 using System.Security.Cryptography.X509Certificates;
 using System.Text;
 using CosmoSQLClient.Core;
+using CosmoSQLClient.MsSql.Auth;
 using CosmoSQLClient.MsSql.Tds;
 
 namespace CosmoSQLClient.MsSql;
@@ -656,26 +657,62 @@ await WritePacketsAsync(TdsPacketType.PreLogin, TdsPreLogin.BuildRequest(wantEnc
         }
 
         // ── Login7 ────────────────────────────────────────────────────────────
-        if (_config.IntegratedSecurity && string.IsNullOrEmpty(_config.Username))
-        {
-            throw SqlException.Auth("Integrated Security (SSPI) is not yet supported by this driver. Please provide a User Id and Password.");
-        }
-
-        var loginPayload = TdsLogin7.Build(new TdsLogin7.Options
+        bool useNtlm = _config.IntegratedSecurity || !string.IsNullOrEmpty(_config.Domain);
+        
+        var loginOptions = new TdsLogin7.Options
         {
             Host     = _config.Host,
             Database = _config.Database,
-            Username = _config.Username ?? string.Empty,
-            Password = _config.Password ?? string.Empty,
+            Username = useNtlm ? string.Empty : (_config.Username ?? string.Empty),
+            Password = useNtlm ? string.Empty : (_config.Password ?? string.Empty),
             Domain   = _config.Domain,
             AppName  = _config.AppName,
-        });
+        };
+
+        var loginPayload = TdsLogin7.Build(loginOptions);
+        
+        // If NTLM is requested, we send NTLM_NEGOTIATE in the SSPI field of Login7
+        if (useNtlm)
+        {
+            // We need to inject the SSPI data into the Login7 payload.
+            loginOptions = loginOptions with { SspiData = NtlmAuth.BuildNegotiate() };
+            loginPayload = TdsLogin7.Build(loginOptions);
+        }
 
         await WritePacketsAsync(TdsPacketType.Login7, loginPayload).ConfigureAwait(false);
         var loginPayloadResp = await ReceiveAsync(ct).ConfigureAwait(false);
-
         var loginTokens      = TdsDecoder.Decode(loginPayloadResp);
 
+        if (useNtlm)
+        {
+            // Step 2: Server sends NTLM_CHALLENGE in an SSPI token (0xED)
+            var sspiToken = loginTokens.OfType<TdsSspi>().FirstOrDefault();
+            if (sspiToken == null)
+            {
+                RaiseMessages(loginTokens);
+                throw SqlException.Auth("NTLM challenge not received from server.");
+            }
+
+            // Step 3: Client sends NTLM_AUTHENTICATE
+            string effectiveUser = _config.Username ?? string.Empty;
+            if (string.IsNullOrEmpty(effectiveUser)) effectiveUser = Environment.UserName;
+            
+            string effectivePass = _config.Password ?? string.Empty;
+            string effectiveDom  = _config.Domain   ?? string.Empty;
+
+            var authBlob = NtlmAuth.BuildAuthenticate(
+                sspiToken.Data,
+                effectiveUser,
+                effectivePass,
+                effectiveDom,
+                Environment.MachineName
+            );
+
+            await WritePacketsAsync(TdsPacketType.SspiAuth, authBlob).ConfigureAwait(false);
+            var authRespPayload = await ReceiveAsync(ct).ConfigureAwait(false);
+            loginTokens = TdsDecoder.Decode(authRespPayload);
+        }
+
         // If the server returned a LoginAck the connection is established, even if it
         // also sent error 4064 ("cannot open database X, using default instead").
         // In that case treat error messages as info and don't throw.

src/CosmoSQLClient.MsSql/Tds/TdsDecoder.cs

@@ -193,6 +193,10 @@ internal static (List<object> Decoded, int NewOffset, List<TdsColumnMeta> ColMet
                         results.Add(ReadLoginAck(ref r));
                         break;
 
+                    case TdsTokenType.SspiMessage:
+                        results.Add(ReadSspi(ref r));
+                        break;
+
                     // Length-prefixed tokens that are not needed — skip over them.
                     case TdsTokenType.Order:
                     case TdsTokenType.ColInfo:
@@ -235,6 +239,13 @@ private static TdsLoginAck ReadLoginAck(ref SpanReader r)
         return new TdsLoginAck(serverName);
     }
 
+    private static TdsSspi ReadSspi(ref SpanReader r)
+    {
+        var len = r.ReadUInt16();
+        var data = r.ReadBytes(len).ToArray();
+        return new TdsSspi(data);
+    }
+
     private static TdsEnvChange ReadEnvChange(ref SpanReader r)
     {
         // Read the full body using the token length so we never get out of sync.