diff --git a/lib/ntlm/apop.c b/lib/ntlm/apop.c index 68fd5eb18..b3632394a 100644 --- a/lib/ntlm/apop.c +++ b/lib/ntlm/apop.c @@ -1,36 +1,36 @@ /* * Copyright (c) 2010 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * * Portions Copyright (c) 2010 Apple Inc. All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ #include @@ -55,9 +55,9 @@ heim_generate_challenge(const char *hostname) hostname = host; } - t = time(NULL); + t = (uint32_t)time(NULL); num = rk_random(); - + asprintf(&str, "<%lu%lu@%s>", (unsigned long)t, (unsigned long)num, hostname); @@ -72,8 +72,8 @@ heim_apop_create(const char *challenge, const char *password) CC_MD5_CTX ctx; CC_MD5_Init(&ctx); - CC_MD5_Update(&ctx, challenge, strlen(challenge)); - CC_MD5_Update(&ctx, password, strlen(password)); + CC_MD5_Update(&ctx, challenge, (CC_LONG)strlen(challenge)); + CC_MD5_Update(&ctx, password, (CC_LONG)strlen(password)); CC_MD5_Final(hash, &ctx); @@ -102,7 +102,7 @@ heim_apop_verify(const char *challenge, const char *password, const char *respon return 0; } -struct heim_cram_md5 { +struct heim_cram_md5_data { CC_MD5_CTX ipad; CC_MD5_CTX opad; }; @@ -114,13 +114,13 @@ heim_cram_md5_export(const char *password, heim_CRAM_MD5_STATE *state) size_t keylen = strlen(password); uint8_t key[CC_MD5_BLOCK_BYTES]; uint8_t pad[CC_MD5_BLOCK_BYTES]; - struct heim_cram_md5 ctx; + struct heim_cram_md5_data ctx; size_t n; memset(&ctx, 0, sizeof(ctx)); if (keylen > CC_MD5_BLOCK_BYTES) { - CC_MD5(password, keylen, key); + CC_MD5(password, (CC_LONG)keylen, key); keylen = sizeof(keylen); } else { memcpy(key, password, keylen); @@ -163,8 +163,7 @@ heim_cram_md5_import(void *data, size_t len) { heim_CRAM_MD5_STATE state; heim_cram_md5 ctx; - unsigned n; - + if (len != sizeof(state)) return NULL; @@ -198,7 +197,7 @@ heim_cram_md5_verify_ctx(heim_cram_md5 ctx, const char *challenge, const char *r char *str = NULL; int res; - CC_MD5_Update(&ctx->ipad, challenge, strlen(challenge)); + CC_MD5_Update(&ctx->ipad, challenge, (CC_LONG)strlen(challenge)); CC_MD5_Final(hash, &ctx->ipad); CC_MD5_Update(&ctx->opad, hash, sizeof(hash)); diff --git a/lib/ntlm/digest.c b/lib/ntlm/digest.c index 1c26dcb4a..865f43662 100644 --- a/lib/ntlm/digest.c +++ b/lib/ntlm/digest.c @@ -45,7 +45,11 @@ #include "ntlm_err.h" struct heim_digest_desc { - int server; +#define F_SERVER 1 +#define F_HAVE_HASH 2 +#define F_HAVE_HA1 4 +#define F_USE_PREFIX 8 + int flags; int type; char *password; uint8_t SecretHash[CC_MD5_DIGEST_LENGTH]; @@ -53,6 +57,8 @@ struct heim_digest_desc { char *serverRealm; char *serverQOP; char *serverMethod; + char *serverMaxbuf; + char *serverOpaque; char *clientUsername; char *clientResponse; char *clientURI; @@ -62,20 +68,30 @@ struct heim_digest_desc { char *clientNC; char *serverAlgorithm; char *auth_id; + + /* internally allocated objects returned to caller */ + char *serverChallenge; + char *clientReply; + char *serverReply; }; #define FREE_AND_CLEAR(x) do { if ((x)) { free((x)); (x) = NULL; } } while(0) #define MEMSET_FREE_AND_CLEAR(x) do { if ((x)) { memset(x, 0, strlen(x)); free((x)); (x) = NULL; } } while(0) +static const char digest_prefix[] = "Digest "; + static void clear_context(heim_digest_t context) { MEMSET_FREE_AND_CLEAR(context->password); memset(context->SecretHash, 0, sizeof(context->SecretHash)); + context->flags &= ~(F_HAVE_HASH); FREE_AND_CLEAR(context->serverNonce); FREE_AND_CLEAR(context->serverRealm); FREE_AND_CLEAR(context->serverQOP); FREE_AND_CLEAR(context->serverMethod); + FREE_AND_CLEAR(context->serverMaxbuf); + FREE_AND_CLEAR(context->serverOpaque); FREE_AND_CLEAR(context->clientUsername); FREE_AND_CLEAR(context->clientResponse); FREE_AND_CLEAR(context->clientURI); @@ -85,40 +101,66 @@ clear_context(heim_digest_t context) FREE_AND_CLEAR(context->clientNC); FREE_AND_CLEAR(context->serverAlgorithm); FREE_AND_CLEAR(context->auth_id); + + FREE_AND_CLEAR(context->serverChallenge); + FREE_AND_CLEAR(context->clientReply); + FREE_AND_CLEAR(context->serverReply); +} + +static void +digest_userhash(const char *user, const char *realm, const char *password, + unsigned char md[CC_MD5_DIGEST_LENGTH]) +{ + CC_MD5_CTX ctx; + + CC_MD5_Init(&ctx); + CC_MD5_Update(&ctx, user, (CC_LONG)strlen(user)); + CC_MD5_Update(&ctx, ":", 1); + CC_MD5_Update(&ctx, realm, (CC_LONG)strlen(realm)); + CC_MD5_Update(&ctx, ":", 1); + CC_MD5_Update(&ctx, password, (CC_LONG)strlen(password)); + CC_MD5_Final(md, &ctx); } static char * -build_A1_hash(int type, - const char *username, const char *password, - const char *realm, const char *serverNonce, - const char *clientNonce, - const char *auth_id) +build_A1_hash(heim_digest_t context) { unsigned char md[CC_MD5_DIGEST_LENGTH]; CC_MD5_CTX ctx; char *A1; - CC_MD5_Init(&ctx); - CC_MD5_Update(&ctx, username, strlen(username)); - CC_MD5_Update(&ctx, ":", 1); - CC_MD5_Update(&ctx, realm, strlen(realm)); - CC_MD5_Update(&ctx, ":", 1); - CC_MD5_Update(&ctx, password, strlen(password)); - CC_MD5_Final(md, &ctx); + if (context->flags & F_HAVE_HA1) { + memcpy(md, context->SecretHash, sizeof(md)); + } else if (context->flags & F_HAVE_HASH) { + memcpy(md, context->SecretHash, sizeof(md)); + } else if (context->password) { + if (context->clientUsername == NULL) + return NULL; + if (context->serverRealm == NULL) + return NULL; + digest_userhash(context->clientUsername, + context->serverRealm, + context->password, + md); + } else + return NULL; + + if ((context->type == HEIM_DIGEST_TYPE_RFC2617_MD5_SESS || context->type == HEIM_DIGEST_TYPE_RFC2831) && (context->flags & F_HAVE_HA1) == 0) { + if (context->serverNonce == NULL) + return NULL; - if (type != HEIM_DIGEST_TYPE_RFC2069) { CC_MD5_Init(&ctx); CC_MD5_Update(&ctx, md, sizeof(md)); memset(md, 0, sizeof(md)); CC_MD5_Update(&ctx, ":", 1); - CC_MD5_Update(&ctx, serverNonce, strlen(serverNonce)); - if (clientNonce) { + CC_MD5_Update(&ctx, context->serverNonce, (CC_LONG)strlen(context->serverNonce)); + if (context->clientNonce) { CC_MD5_Update(&ctx, ":", 1); - CC_MD5_Update(&ctx, clientNonce, strlen(clientNonce)); + CC_MD5_Update(&ctx, context->clientNonce, (CC_LONG)strlen(context->clientNonce)); } - if (auth_id) { + if (context->type == HEIM_DIGEST_TYPE_RFC2831 && context->auth_id) { CC_MD5_Update(&ctx, ":", 1); - CC_MD5_Update(&ctx, auth_id, strlen(auth_id)); + CC_MD5_Update(&ctx, context->auth_id, (CC_LONG)strlen(context->auth_id)); } CC_MD5_Final(md, &ctx); } @@ -135,24 +177,26 @@ build_A2_hash(heim_digest_t context, const char *method) unsigned char md[CC_MD5_DIGEST_LENGTH]; CC_MD5_CTX ctx; char *A2; - + CC_MD5_Init(&ctx); if (method) - CC_MD5_Update(&ctx, method, strlen(method)); + CC_MD5_Update(&ctx, method, (CC_LONG)strlen(method)); CC_MD5_Update(&ctx, ":", 1); - CC_MD5_Update(&ctx, context->clientURI, strlen(context->clientURI)); - + CC_MD5_Update(&ctx, context->clientURI, (CC_LONG)strlen(context->clientURI)); + /* conf|int */ - if (context->type != HEIM_DIGEST_TYPE_RFC2069) { - if (strcmp(context->clientQOP, "auth") != 0) { + if (context->type == HEIM_DIGEST_TYPE_RFC2831) { + if (strcasecmp(context->clientQOP, "auth-int") == 0 || strcasecmp(context->clientQOP, "auth-conf") == 0) { /* XXX if we have a body hash, use that */ static char conf_zeros[] = ":00000000000000000000000000000000"; CC_MD5_Update(&ctx, conf_zeros, sizeof(conf_zeros) - 1); } } else { /* support auth-int ? */ + if (context->clientQOP && strcasecmp(context->clientQOP, "auth") != 0) + return NULL; } - + CC_MD5_Final(md, &ctx); hex_encode(md, sizeof(md), &A2); @@ -194,7 +238,7 @@ free_values(struct md5_value *val) static char * values_find(struct md5_value **val, const char *v) { - struct md5_value *cur = *val; + struct md5_value *cur; char *str; while (*val != NULL) { @@ -265,7 +309,7 @@ parse_values(const char *string, struct md5_value **val) goto error; p2 += sz; p1 = p2; - + if (*p2 == '"') { p1++; while (*p2 == '"') { @@ -292,7 +336,7 @@ parse_values(const char *string, struct md5_value **val) goto nomem; strncpy(v->mv_value, p1, p2 - p1); v->mv_value[p2 - p1] = '\0'; - + if (p2[0] == '\0') break; if (p2[0] == '"') @@ -325,6 +369,24 @@ parse_values(const char *string, struct md5_value **val) return ENOMEM; } +/* + * + */ + +static const char * +check_prefix(heim_digest_t context, const char *challenge) +{ + if (strncasecmp(digest_prefix, challenge, sizeof(digest_prefix) - 1) == 0) { + + challenge += sizeof(digest_prefix) - 1; + while (*challenge == 0x20) /* remove extra space */ + challenge++; + context->flags |= F_USE_PREFIX; + } + + return challenge; +} + /* * */ @@ -337,16 +399,89 @@ heim_digest_create(int server, int type) context = calloc(1, sizeof(*context)); if (context == NULL) return NULL; - context->server = server; + context->flags |= F_SERVER; context->type = type; return context; } +static char * +generate_nonce(void) +{ + uint8_t rand[8]; + char *nonce; + + if (CCRandomCopyBytes(kCCRandomDefault, rand, sizeof(rand)) != kCCSuccess) + return NULL; + + if (rk_hex_encode(rand, sizeof(rand), &nonce) < 0) + return NULL; + + return nonce; +} + +/** + * Generate a challange, needs to set serverRealm before calling this function. + * + * If type is set to HEIM_DIGEST_TYPE_AUTO, the HEIM_DIGEST_TYPE_RFC2831 will be used instead. + * + * For RFC2617 and RFC2831 QOP is required, so if any qop other then "auth" is requested, it need to be set with heim_diest_set_key(). + * + * @return returns the challenge or NULL on error or failure to build the string. the lifetime + * of the string is manage by heim_digest and last until the the context is + * freed or until next call to heim_digest_generate_challenge(). + */ + const char * heim_digest_generate_challenge(heim_digest_t context) { - return NULL; + char *challenge = NULL; + + if (context->serverRealm == NULL) + return NULL; + + if (context->serverNonce == NULL) { + if ((context->serverNonce = generate_nonce()) == NULL) + return NULL; + } + + if (context->serverQOP == NULL) { + if ((context->serverQOP = strdup("auth")) == NULL) + return NULL; + } + + if (context->serverMaxbuf == NULL) { + if ((context->serverMaxbuf = strdup("65536")) == NULL) + return NULL; + } + + switch(context->type) { + case HEIM_DIGEST_TYPE_RFC2617_MD5: + asprintf(&challenge, "realm=\"%s\",nonce=\"%s\",algorithm=md5,qop=\"%s\"", + context->serverRealm, context->serverNonce, + context->serverQOP); + break; + case HEIM_DIGEST_TYPE_RFC2617_MD5_SESS: + asprintf(&challenge, "realm=\"%s\",nonce=\"%s\",algorithm=md5-sess,qop=\"%s\"", + context->serverRealm, context->serverNonce, context->serverQOP); + break; + case HEIM_DIGEST_TYPE_RFC2069: + asprintf(&challenge, "realm=\"%s\",nonce=\"%s\"", + context->serverRealm, context->serverNonce); + break; + case HEIM_DIGEST_TYPE_AUTO: + context->type = HEIM_DIGEST_TYPE_RFC2831; + /* FALL THOUGH */ + case HEIM_DIGEST_TYPE_RFC2831: + asprintf(&challenge, "realm=\"%s\",nonce=\"%s\",qop=\"%s\",algorithm=md5-sess,charset=utf-8,maxbuf=%s", + context->serverRealm, context->serverNonce, context->serverQOP, context->serverMaxbuf); + break; + } + + FREE_AND_CLEAR(context->serverChallenge); + context->serverChallenge = challenge; + + return challenge; } int @@ -354,6 +489,8 @@ heim_digest_parse_challenge(heim_digest_t context, const char *challenge) { struct md5_value *val = NULL; int ret, type; + + challenge = check_prefix(context, challenge); ret = parse_values(challenge, &val); if (ret) @@ -367,29 +504,28 @@ heim_digest_parse_challenge(heim_digest_t context, const char *challenge) context->serverRealm = values_find(&val, "realm"); if (context->serverRealm == NULL) goto out; - context->serverQOP = values_find(&val, "qop"); - if (context->serverQOP == NULL) - context->serverQOP = strdup("auth"); - if (context->serverQOP == NULL) goto out; - /* check alg */ context->serverAlgorithm = values_find(&val, "algorithm"); if (context->serverAlgorithm == NULL || strcasecmp(context->serverAlgorithm, "md5") == 0) { - type = HEIM_DIGEST_TYPE_RFC2069; + type = HEIM_DIGEST_TYPE_RFC2617_MD5; } else if (strcasecmp(context->serverAlgorithm, "md5-sess") == 0) { - type = HEIM_DIGEST_TYPE_MD5_SESS; + type = HEIM_DIGEST_TYPE_RFC2617_OR_RFC2831; } else { goto out; } - if (context->type != HEIM_DIGEST_TYPE_AUTO && context->type != type) + context->serverQOP = values_find(&val, "qop"); + if (context->serverQOP == NULL) + type = HEIM_DIGEST_TYPE_RFC2069; + + context->serverOpaque = values_find(&val, "opaque"); + + if (context->type != HEIM_DIGEST_TYPE_AUTO && (context->type & type) == 0) goto out; - else + else if (context->type == HEIM_DIGEST_TYPE_AUTO) context->type = type; - - ret = 0; out: free_values(val); @@ -398,6 +534,19 @@ heim_digest_parse_challenge(heim_digest_t context, const char *challenge) return ret; } + +static void +set_auth_method(heim_digest_t context) +{ + + if (context->serverMethod == NULL) { + if (context->type == HEIM_DIGEST_TYPE_RFC2831) + context->serverMethod = strdup("AUTHENTICATE"); + else + context->serverMethod = strdup("GET"); + } +} + int heim_digest_parse_response(heim_digest_t context, const char *response) { @@ -405,20 +554,41 @@ heim_digest_parse_response(heim_digest_t context, const char *response) char *nonce; int ret; + response = check_prefix(context, response); + ret = parse_values(response, &val); if (ret) goto out; ret = 1; - if (context->type == HEIM_DIGEST_TYPE_AUTO) + if (context->type == HEIM_DIGEST_TYPE_AUTO) { goto out; + } else if (context->type == HEIM_DIGEST_TYPE_RFC2617_OR_RFC2831) { + context->clientURI = values_find(&val, "uri"); + if (context->clientURI) { + context->type = HEIM_DIGEST_TYPE_RFC2617_MD5_SESS; + } else { + context->clientURI = values_find(&val, "digest-uri"); + context->type = HEIM_DIGEST_TYPE_RFC2831; + } + } else if (context->type == HEIM_DIGEST_TYPE_RFC2831) { + context->clientURI = values_find(&val, "digest-uri"); + } else { + context->clientURI = values_find(&val, "uri"); + } + + if (context->clientURI == NULL) + goto out; context->clientUsername = values_find(&val, "username"); if (context->clientUsername == NULL) goto out; + /* if client sent realm, make sure its the same of serverRealm if its set */ context->clientRealm = values_find(&val, "realm"); - + if (context->clientRealm && context->serverRealm && strcmp(context->clientRealm, context->serverRealm) != 0) + goto out; + context->clientResponse = values_find(&val, "response"); if (context->clientResponse == NULL) goto out; @@ -431,13 +601,38 @@ heim_digest_parse_response(heim_digest_t context, const char *response) } free(nonce); - context->clientQOP = values_find(&val, "qop"); - if (context->clientQOP == NULL) - context->clientQOP = strdup("auth"); - if (context->clientQOP == NULL) goto out; - - if (context->type != HEIM_DIGEST_TYPE_RFC2069) { + + context->clientQOP = values_find(&val, "qop"); + if (context->clientQOP == NULL) goto out; + + /* + * If we have serverQOP, lets check that clientQOP exists + * in the list of server entries. + */ + + if (context->serverQOP) { + Boolean found = false; + char *b, *e; + size_t len, clen = strlen(context->clientQOP); + + b = context->serverQOP; + while (b && !found) { + e = strchr(b, ','); + if (e == NULL) + len = strlen(b); + else { + len = e - b; + e += 1; + } + if (clen == len && strncmp(b, context->clientQOP, len) == 0) + found = true; + b = e; + } + if (!found) + goto out; + } + context->clientNC = values_find(&val, "nc"); if (context->clientNC == NULL) goto out; @@ -445,11 +640,7 @@ heim_digest_parse_response(heim_digest_t context, const char *response) if (context->clientNonce == NULL) goto out; } - if (context->type == HEIM_DIGEST_TYPE_RFC2069) - context->clientURI = values_find(&val, "uri"); - else - context->clientURI = values_find(&val, "digest-uri"); - if (context->clientURI == NULL) goto out; + set_auth_method(context); ret = 0; out: @@ -457,33 +648,18 @@ heim_digest_parse_response(heim_digest_t context, const char *response) return ret; } -const char * -heim_digest_get_key(heim_digest_t context, const char *key) +char * +heim_digest_userhash(const char *user, const char *realm, const char *password) { - if (strcmp(key, "username") == 0) { - return context->clientUsername; - } else if (strcmp(key, "realm") == 0) { - return context->clientRealm; - } else { - return NULL; - } -} + unsigned char md[CC_MD5_DIGEST_LENGTH]; + char *str = NULL; -int -heim_digest_set_key(heim_digest_t context, const char *key, const char *value) -{ - if (strcmp(key, "password") == 0) { - FREE_AND_CLEAR(context->password); - if ((context->password = strdup(value)) == NULL) - return ENOMEM; - } else if (strcmp(key, "method") == 0) { - FREE_AND_CLEAR(context->serverMethod); - if ((context->serverMethod = strdup(value)) != NULL) - return ENOMEM; - } else { - return EINVAL; - } - return 0; + digest_userhash(user, realm, password, md); + + hex_encode(md, sizeof(md), &str); + if (str) + strlwr(str); + return str; } static char * @@ -498,19 +674,19 @@ build_digest(heim_digest_t context, const char *a1, const char *method) return NULL; CC_MD5_Init(&ctx); - CC_MD5_Update(&ctx, a1, strlen(a1)); + CC_MD5_Update(&ctx, a1, (CC_LONG)strlen(a1)); CC_MD5_Update(&ctx, ":", 1); - CC_MD5_Update(&ctx, context->serverNonce, strlen(context->serverNonce)); + CC_MD5_Update(&ctx, context->serverNonce, (CC_LONG)strlen(context->serverNonce)); if (context->type != HEIM_DIGEST_TYPE_RFC2069) { CC_MD5_Update(&ctx, ":", 1); - CC_MD5_Update(&ctx, context->clientNC, strlen(context->clientNC)); + CC_MD5_Update(&ctx, context->clientNC, (CC_LONG)strlen(context->clientNC)); CC_MD5_Update(&ctx, ":", 1); - CC_MD5_Update(&ctx, context->clientNonce, strlen(context->clientNonce)); + CC_MD5_Update(&ctx, context->clientNonce, (CC_LONG)strlen(context->clientNonce)); CC_MD5_Update(&ctx, ":", 1); - CC_MD5_Update(&ctx, context->clientQOP, strlen(context->clientQOP)); + CC_MD5_Update(&ctx, context->clientQOP, (CC_LONG)strlen(context->clientQOP)); } CC_MD5_Update(&ctx, ":", 1); - CC_MD5_Update(&ctx, a2, strlen(a2)); + CC_MD5_Update(&ctx, a2, (CC_LONG)strlen(a2)); CC_MD5_Final(md, &ctx); free(a2); @@ -522,35 +698,146 @@ build_digest(heim_digest_t context, const char *a1, const char *method) return str; } -const char * -heim_digest_create_response(heim_digest_t context) +static void +build_server_response(heim_digest_t context, char *a1, char **response) { - return NULL; + char *str; + + str = build_digest(context, a1, NULL); + if (str == NULL) + return; + + FREE_AND_CLEAR(context->serverReply); + asprintf(&context->serverReply, "%srspauth=%s", + (context->flags & F_USE_PREFIX) ? digest_prefix : "", + str); + free(str); + if (response) + *response = context->serverReply; +} + + +/** + * Create response from server to client to server, server verification is in response. + * clientUsername and clientURI have to be given. + * If realm is not set, its used from server. + */ + +const char * +heim_digest_create_response(heim_digest_t context, char **response) +{ + char *a1, *str, *cnonce = NULL, *opaque = NULL, *uri = NULL, *nc = NULL; + + if (response) + *response = NULL; + + if (context->clientUsername == NULL || context->clientURI == NULL) + return NULL; + + if (context->clientRealm == NULL) { + if (context->serverRealm == NULL) + return NULL; + if ((context->clientRealm = strdup(context->serverRealm)) == NULL) + return NULL; + } + + if (context->type != HEIM_DIGEST_TYPE_RFC2069) { + if (context->clientNC == NULL) { + if ((context->clientNC = strdup("00000001")) == NULL) + return NULL; + } + if (context->clientNonce == NULL) { + if ((context->clientNonce = generate_nonce()) == NULL) + return NULL; + } + + /** + * If using non RFC2069, appropriate QOP should be set. + * + * Pick QOP from server if not given, if its a list, pick the first entry + */ + if (context->clientQOP == NULL) { + char *r; + if (context->serverQOP == NULL) + return NULL; + r = strchr(context->serverQOP, ','); + if (r == NULL) { + if ((context->clientQOP = strdup(context->serverQOP)) == NULL) + return NULL; + } else { + size_t len = (r - context->serverQOP) + 1; + if ((context->clientQOP = malloc(len)) == NULL) + return NULL; + strlcpy(context->clientQOP, context->serverQOP, len); + } + } + } + + set_auth_method(context); + + a1 = build_A1_hash(context); + if (a1 == NULL) + return NULL; + + str = build_digest(context, a1, context->serverMethod); + if (str == NULL) { + MEMSET_FREE_AND_CLEAR(a1); + return NULL; + } + + MEMSET_FREE_AND_CLEAR(context->clientResponse); + context->clientResponse = str; + + if (context->clientURI) { + const char *name = "digest-uri"; + if (context->type != HEIM_DIGEST_TYPE_RFC2831) + name = "uri"; + asprintf(&uri, ",%s=\"%s\"", name, context->clientURI); + } + + if (context->serverOpaque) + asprintf(&opaque, ",opaque=\"%s\"", context->serverOpaque); + + if (context->clientNonce) + asprintf(&cnonce, ",cnonce=\"%s\"", context->clientNonce); + + if (context->clientNC) + asprintf(&nc, ",nc=%s", context->clientNC); + + asprintf(&context->clientReply, + "username=%s,realm=%s,nonce=\"%s\",qop=\"%s\"%s%s%s,response=\"%s\"%s", + context->clientUsername, context->clientRealm, + context->serverNonce, + context->clientQOP, + uri ? uri : "", + cnonce ? cnonce : "", + nc ? nc : "", + context->clientResponse, + opaque ? opaque : ""); + + build_server_response(context, a1, response); + MEMSET_FREE_AND_CLEAR(a1); + FREE_AND_CLEAR(uri); + FREE_AND_CLEAR(opaque); + FREE_AND_CLEAR(cnonce); + FREE_AND_CLEAR(nc); + + return context->clientReply; } int heim_digest_verify(heim_digest_t context, char **response) { - CC_MD5_CTX ctx; - char *a1, *a2; - uint8_t md[CC_MD5_DIGEST_LENGTH]; + char *a1; char *str; int res; if (response) *response = NULL; + + set_auth_method(context); - if (context->serverMethod == NULL) { - if (context->type != HEIM_DIGEST_TYPE_RFC2069) - context->serverMethod = strdup("AUTHENTICATE"); - else - context->serverMethod = strdup("GET"); - } - - a1 = build_A1_hash(context->type, - context->clientUsername, context->password, - context->serverRealm, context->serverNonce, - context->clientNonce, context->auth_id); + a1 = build_A1_hash(context); if (a1 == NULL) return ENOMEM; @@ -568,21 +855,42 @@ heim_digest_verify(heim_digest_t context, char **response) } /* build server_response */ - if (response) { - str = build_digest(context, a1, NULL); - if (str == NULL) { - MEMSET_FREE_AND_CLEAR(a1); - return ENOMEM; - } - - asprintf(response, "rspauth=%s", str); - free(str); - } + build_server_response(context, a1, response); MEMSET_FREE_AND_CLEAR(a1); + /* XXX break ABI and return internally allocated string instead */ + if (response) + *response = strdup(*response); return 0; } +/** + * Create a rspauth= response. + * Assumes that the A1hash/password serverNonce, clientNC, clientNonce, clientQOP is set. + * + * @return the rspauth string (including rspauth), return key are stored in serverReply and will be invalid after another call to heim_digest_* + */ + +const char * +heim_digest_server_response(heim_digest_t context) +{ + char *a1; + + if (context->serverNonce == NULL) + return NULL; + if (context->clientURI == NULL) + return NULL; + + a1 = build_A1_hash(context); + if (a1 == NULL) + return NULL; + + build_server_response(context, a1, NULL); + MEMSET_FREE_AND_CLEAR(a1); + + return context->serverReply; +} + void heim_digest_get_session_key(heim_digest_t context, void **key, size_t *keySize) { @@ -595,3 +903,92 @@ heim_digest_release(heim_digest_t context) free(context); } +struct { + char *name; + size_t offset; +} keys[] = { +#define KVN(value) { #value, offsetof(struct heim_digest_desc, value) } + KVN(serverNonce), + KVN(serverRealm), + KVN(serverQOP), + KVN(serverMethod), + { "method", offsetof(struct heim_digest_desc, serverMethod) }, + KVN(serverMaxbuf), + KVN(clientUsername), + { "username", offsetof(struct heim_digest_desc, clientUsername) }, + KVN(clientResponse), + KVN(clientURI), + { "uri", offsetof(struct heim_digest_desc, clientURI) }, + KVN(clientRealm), + { "realm", offsetof(struct heim_digest_desc, clientRealm) }, + KVN(clientNonce), + KVN(clientQOP), + KVN(clientNC), + KVN(serverAlgorithm), + KVN(auth_id) +#undef KVN +}; + +const char * +heim_digest_get_key(heim_digest_t context, const char *key) +{ + size_t n; + + for (n = 0; n < sizeof(keys) / sizeof(keys[0]); n++) { + if (strcasecmp(key, keys[n].name) == 0) { + char **ptr = (char **)((((char *)context) + keys[n].offset)); + return *ptr; + } + } + return NULL; +} + +int +heim_digest_set_key(heim_digest_t context, const char *key, const char *value) +{ + + if (strcmp(key, "password") == 0) { + FREE_AND_CLEAR(context->password); + if ((context->password = strdup(value)) == NULL) + return ENOMEM; + context->flags &= ~(F_HAVE_HASH|F_HAVE_HA1); + } else if (strcmp(key, "userhash") == 0) { + ssize_t ret; + FREE_AND_CLEAR(context->password); + + ret = hex_decode(value, context->SecretHash, sizeof(context->SecretHash)); + if (ret != sizeof(context->SecretHash)) + return EINVAL; + context->flags &= ~F_HAVE_HA1; + context->flags |= F_HAVE_HASH; + } else if (strcmp(key, "H(A1)") == 0) { + ssize_t ret; + FREE_AND_CLEAR(context->password); + + ret = hex_decode(value, context->SecretHash, sizeof(context->SecretHash)); + if (ret != sizeof(context->SecretHash)) + return EINVAL; + context->flags &= ~F_HAVE_HASH; + context->flags |= F_HAVE_HA1; + } else if (strcmp(key, "method") == 0) { + FREE_AND_CLEAR(context->serverMethod); + if ((context->serverMethod = strdup(value)) == NULL) + return ENOMEM; + } else { + size_t n; + + for (n = 0; n < sizeof(keys) / sizeof(keys[0]); n++) { + if (strcasecmp(key, keys[n].name) == 0) { + char **ptr = (char **)((((char *)context) + keys[n].offset)); + FREE_AND_CLEAR(*ptr); + if (((*ptr) = strdup(value)) == NULL) + return ENOMEM; + break; + } + } + if (n == sizeof(keys) / sizeof(keys[0])) + return ENOENT; + } + return 0; +} + diff --git a/lib/ntlm/heim-auth.h b/lib/ntlm/heim-auth.h index 389a1a093..a828de302 100644 --- a/lib/ntlm/heim-auth.h +++ b/lib/ntlm/heim-auth.h @@ -1,3 +1,8 @@ +#ifdef __cplusplus +extern "C" { +#endif + + /* * Generate challange for APOP and CRAM-MD5 */ @@ -24,7 +29,7 @@ typedef struct heim_HMAC_MD5_STATE_s { uint32_t ostate[4]; } heim_CRAM_MD5_STATE; -typedef struct heim_cram_md5 *heim_cram_md5; +typedef struct heim_cram_md5_data *heim_cram_md5; char * heim_cram_md5_create(const char *challenge, const char *password); @@ -56,7 +61,6 @@ heim_cram_md5_free(heim_cram_md5 ctx); * response = read_from_client(); * * heim_digest_parse_response(d, response); - * * const char *user = heim_digest_get_key(d, "username"); * heim_digest_set_key(d, "password", "sommar17"); * @@ -74,8 +78,15 @@ heim_digest_create(int server, int type); #define HEIM_DIGEST_TYPE_AUTO 0 #define HEIM_DIGEST_TYPE_RFC2069 1 +#define HEIM_DIGEST_TYPE_RFC2617_MD5 2 +#define HEIM_DIGEST_TYPE_RFC2617_MD5_SESS 4 +#define HEIM_DIGEST_TYPE_RFC2831 8 + +#define HEIM_DIGEST_TYPE_RFC2617_OR_RFC2831 12 + +/* old deprecated names, use the two above instead */ #define HEIM_DIGEST_TYPE_MD5 2 -#define HEIM_DIGEST_TYPE_MD5_SESS 3 +#define HEIM_DIGEST_TYPE_MD5_SESS 4 void heim_digest_init_set_key(heim_digest_t context, const char *key, const char *value); @@ -105,10 +116,20 @@ int heim_digest_verify(heim_digest_t context, char **response); const char * -heim_digest_create_response(heim_digest_t context); +heim_digest_create_response(heim_digest_t context, char **response); void heim_digest_get_session_key(heim_digest_t context, void **key, size_t *keySize); void heim_digest_release(heim_digest_t context); + +char * +heim_digest_userhash(const char *user, const char *realm, const char *password); + +const char * +heim_digest_server_response(heim_digest_t context); + +#ifdef __cplusplus +} +#endif diff --git a/lib/ntlm/heimntlm.h b/lib/ntlm/heimntlm.h index 22e2142df..6b24649df 100644 --- a/lib/ntlm/heimntlm.h +++ b/lib/ntlm/heimntlm.h @@ -70,8 +70,8 @@ struct ntlm_buf { #define NTLM_TARGET_DOMAIN 0x00010000 #define NTLM_TARGET_SERVER 0x00020000 -#define NTLM_TARGET_SHARE 0x00040000 -#define NTLM_NEG_NTLM2_SESSION 0x00080000 +#define NTLM_TARGET_SHARE 0x00040000 /* mbz */ +#define NTLM_NEG_NTLM2_SESSION 0x00080000 /* EXTENDED_SESSIONSECURITY */ #define NTLM_NEG_NTLM2 0x00080000 #define NTLM_NEG_IDENTIFY 0x00100000 @@ -95,7 +95,9 @@ struct ntlm_buf { * heim_ntlm_free_targetinfo(). */ +/* avflags */ #define NTLM_TI_AV_FLAG_GUEST 0x00000001 +#define NTLM_TI_AV_FLAG_MIC 0x00000002 struct ntlm_targetinfo { char *servername; /**< */ @@ -104,6 +106,9 @@ struct ntlm_targetinfo { char *dnsservername; /**< */ char *dnstreename; /**< */ uint32_t avflags; /**< */ + char *targetname; + struct ntlm_buf channel_bindings; + uint64_t timestamp; }; /** @@ -149,8 +154,12 @@ struct ntlm_type3 { struct ntlm_buf sessionkey; /**< */ char *ws; /**< */ uint32_t os[2]; /**< */ + size_t mic_offset; + uint8_t mic[16]; }; +extern time_t heim_ntlm_time_skew; + #include #include diff --git a/lib/ntlm/ntlm.c b/lib/ntlm/ntlm.c index 7aafc8c0a..6f5860319 100644 --- a/lib/ntlm/ntlm.c +++ b/lib/ntlm/ntlm.c @@ -44,9 +44,12 @@ #include #include + +#include #include #include + #define HC_DEPRECATED_CRYPTO #include "krb5-types.h" @@ -103,6 +106,8 @@ struct sec_buffer { static const unsigned char ntlmsigature[8] = "NTLMSSP\x00"; +time_t heim_ntlm_time_skew = 300; + /* * */ @@ -116,6 +121,25 @@ static const unsigned char ntlmsigature[8] = "NTLMSSP\x00"; } \ } while(/*CONSTCOND*/0) +#define CHECK_SIZE(f, e) \ + do { \ + ssize_t sret = f; \ + if (sret != (ssize_t)(e)) { \ + ret = HNTLM_ERR_DECODE; \ + goto out; \ + } \ + } while(/*CONSTCOND*/0) + +#define CHECK_OFFSET(f, e) \ + do { \ + off_t sret = f; \ + if (sret != (e)) { \ + ret = HNTLM_ERR_DECODE; \ + goto out; \ + } \ + } while(/*CONSTCOND*/0) + + static struct units ntlm_flag_units[] = { #define ntlm_flag(x) { #x, NTLM_##x } ntlm_flag(ENC_56), @@ -182,32 +206,57 @@ heim_ntlm_free_buf(struct ntlm_buf *p) static int ascii2ucs2le(const char *string, int up, struct ntlm_buf *buf) { - unsigned char *p; - size_t len, i; + uint16_t *data; + size_t len, n; + uint8_t *p; + int ret; - len = strlen(string); - if (len / 2 > UINT_MAX) + ret = wind_utf8ucs2_length(string, &len); + if (ret) + return ret; + if (len > UINT_MAX / sizeof(data[0])) return ERANGE; + data = malloc(len * sizeof(data[0])); + if (data == NULL) + return ENOMEM; + + ret = wind_utf8ucs2(string, data, &len); + if (ret) { + free(data); + return ret; + } + + if (len == 0) { + free(data); + buf->data = NULL; + buf->length = 0; + return 0; + } + + /* uppercase string, only handle ascii right now */ + if (up) { + for (n = 0; n < len ; n++) { + if (data[n] < 128) + data[n] = toupper((int)data[n]); + } + } + buf->length = len * 2; - buf->data = malloc(buf->length); + p = buf->data = malloc(buf->length); if (buf->data == NULL && len != 0) { + free(data); heim_ntlm_free_buf(buf); return ENOMEM; } - p = buf->data; - for (i = 0; i < len; i++) { - unsigned char t = (unsigned char)string[i]; - if (t & 0x80) { - heim_ntlm_free_buf(buf); - return EINVAL; - } - if (up) - t = toupper(t); - p[(i * 2) + 0] = t; - p[(i * 2) + 1] = 0; + for (n = 0; n < len ; n++) { + p[(n * 2) + 0] = (data[n] ) & 0xff; + p[(n * 2) + 1] = (data[n] >> 8) & 0xff; } + memset(data, 0, sizeof(data[0]) * len); + free(data); + return 0; } @@ -242,13 +291,20 @@ out: * wire, but using utf8 in memory. */ -static krb5_error_code +static size_t len_string(int ucs2, const char *s) { - size_t len = strlen(s); - if (ucs2) - len *= 2; - return len; + if (ucs2) { + size_t len; + int ret; + + ret = wind_utf8ucs2_length(s, &len); + if (ret == 0) + return len * 2; + return strlen(s) * 5 * 2; + } else { + return strlen(s); + } } /* @@ -259,28 +315,50 @@ static krb5_error_code ret_string(krb5_storage *sp, int ucs2, size_t len, char **s) { krb5_error_code ret; + uint16_t *data = NULL; *s = malloc(len + 1); if (*s == NULL) return ENOMEM; - CHECK(krb5_storage_read(sp, *s, len), len); + CHECK_SIZE(krb5_storage_read(sp, *s, len), len); (*s)[len] = '\0'; if (ucs2) { - size_t i; - for (i = 0; i < len / 2; i++) { - (*s)[i] = (*s)[i * 2]; - if ((*s)[i * 2 + 1]) { - free(*s); - *s = NULL; - return EINVAL; - } + unsigned int flags = WIND_RW_LE; + size_t utf16len = len / 2; + size_t utf8len; + + data = malloc(utf16len * sizeof(data[0])); + if (data == NULL) { + free(*s); *s = NULL; + ret = ENOMEM; + goto out; } - (*s)[i] = '\0'; + + ret = wind_ucs2read(*s, len, &flags, data, &utf16len); + free(*s); *s = NULL; + if (ret) { + goto out; + } + + CHECK(wind_ucs2utf8_length(data, utf16len, &utf8len), 0); + + utf8len += 1; + + *s = malloc(utf8len); + if (s == NULL) { + ret = ENOMEM; + goto out; + } + + CHECK(wind_ucs2utf8(data, utf16len, *s, &utf8len), 0); } ret = 0; out: + if (data) + free(data); + return ret; } @@ -290,10 +368,10 @@ static krb5_error_code ret_sec_string(krb5_storage *sp, int ucs2, struct sec_buffer *desc, char **s) { krb5_error_code ret = 0; - CHECK(krb5_storage_seek(sp, desc->offset, SEEK_SET), desc->offset); + CHECK_OFFSET(krb5_storage_seek(sp, desc->offset, SEEK_SET), desc->offset); CHECK(ret_string(sp, ucs2, desc->length, s), 0); out: - return ret; + return ret; } static krb5_error_code @@ -311,7 +389,7 @@ put_string(krb5_storage *sp, int ucs2, const char *s) buf.length = strlen(s); } - CHECK(krb5_storage_write(sp, buf.data, buf.length), buf.length); + CHECK_SIZE(krb5_storage_write(sp, buf.data, buf.length), buf.length); if (ucs2) heim_ntlm_free_buf(&buf); ret = 0; @@ -330,8 +408,8 @@ ret_buf(krb5_storage *sp, struct sec_buffer *desc, struct ntlm_buf *buf) buf->data = malloc(desc->length); buf->length = desc->length; - CHECK(krb5_storage_seek(sp, desc->offset, SEEK_SET), desc->offset); - CHECK(krb5_storage_read(sp, buf->data, buf->length), buf->length); + CHECK_OFFSET(krb5_storage_seek(sp, desc->offset, SEEK_SET), desc->offset); + CHECK_SIZE(krb5_storage_read(sp, buf->data, buf->length), buf->length); ret = 0; out: return ret; @@ -341,7 +419,7 @@ static krb5_error_code put_buf(krb5_storage *sp, const struct ntlm_buf *buf) { krb5_error_code ret; - CHECK(krb5_storage_write(sp, buf->data, buf->length), buf->length); + CHECK_SIZE(krb5_storage_write(sp, buf->data, buf->length), buf->length); ret = 0; out: return ret; @@ -363,6 +441,8 @@ heim_ntlm_free_targetinfo(struct ntlm_targetinfo *ti) free(ti->dnsdomainname); free(ti->dnsservername); free(ti->dnstreename); + free(ti->targetname); + heim_ntlm_free_buf(&ti->channel_bindings); memset(ti, 0, sizeof(*ti)); } @@ -423,6 +503,20 @@ heim_ntlm_encode_targetinfo(const struct ntlm_targetinfo *ti, CHECK(krb5_store_uint16(out, 4), 0); CHECK(krb5_store_uint32(out, ti->avflags), 0); } + if (ti->timestamp) { + CHECK(krb5_store_uint16(out, 7), 0); + CHECK(krb5_store_uint16(out, 8), 0); + CHECK(krb5_store_uint32(out, ti->timestamp & 0xffffffff), 0); + CHECK(krb5_store_uint32(out, (ti->timestamp >> 32) & 0xffffffff), 0); + } + if (ti->targetname) { + CHECK(encode_ti_string(out, 9, ucs2, ti->targetname), 0); + } + if (ti->channel_bindings.length) { + CHECK(krb5_store_uint16(out, 10), 0); + CHECK(krb5_store_uint16(out, ti->channel_bindings.length), 0); + CHECK_SIZE(krb5_storage_write(out, ti->channel_bindings.data, ti->channel_bindings.length), ti->channel_bindings.length); + } /* end tag */ CHECK(krb5_store_int16(out, 0), 0); @@ -497,6 +591,26 @@ heim_ntlm_decode_targetinfo(const struct ntlm_buf *data, case 6: CHECK(krb5_ret_uint32(in, &ti->avflags), 0); break; + case 7: { + uint32_t tmp; + CHECK(krb5_ret_uint32(in, &tmp), 0); + ti->timestamp = tmp; + CHECK(krb5_ret_uint32(in, &tmp), 0); + ti->timestamp |= ((uint64_t)tmp) << 32; + break; + } + case 9: + CHECK(ret_string(in, 1, len, &ti->targetname), 0); + break; + case 10: + ti->channel_bindings.data = malloc(len); + if (ti->channel_bindings.data == NULL) { + ret = ENOMEM; + goto out; + } + ti->channel_bindings.length = len; + CHECK_SIZE(krb5_storage_read(in, ti->channel_bindings.data, len), len); + break; default: krb5_storage_seek(in, len, SEEK_CUR); break; @@ -508,6 +622,21 @@ heim_ntlm_decode_targetinfo(const struct ntlm_buf *data, return ret; } +static krb5_error_code +encode_os_version(krb5_storage *out) +{ + krb5_error_code ret; + CHECK(krb5_store_uint8(out, 0x06), 0); + CHECK(krb5_store_uint8(out, 0x01), 0); + CHECK(krb5_store_uint16(out, 0x1db0), 0); + CHECK(krb5_store_uint8(out, 0x0f), 0); /* ntlm version 15 */ + CHECK(krb5_store_uint8(out, 0x00), 0); + CHECK(krb5_store_uint8(out, 0x00), 0); + CHECK(krb5_store_uint8(out, 0x00), 0); + out: + return ret; +} + /** * Frees the ntlm_type1 message * @@ -544,7 +673,7 @@ heim_ntlm_decode_type1(const struct ntlm_buf *buf, struct ntlm_type1 *data) } krb5_storage_set_byteorder(in, KRB5_STORAGE_BYTEORDER_LE); - CHECK(krb5_storage_read(in, sig, sizeof(sig)), sizeof(sig)); + CHECK_SIZE(krb5_storage_read(in, sig, sizeof(sig)), sizeof(sig)); CHECK(memcmp(ntlmsigature, sig, sizeof(ntlmsigature)), 0); CHECK(krb5_ret_uint32(in, &type), 0); CHECK(type, 1); @@ -605,8 +734,8 @@ heim_ntlm_encode_type1(const struct ntlm_type1 *type1, struct ntlm_buf *data) base += 8; flags |= NTLM_OEM_SUPPLIED_WORKSTATION; } - if (type1->os[0]) - base += 8; + if (flags & NTLM_NEG_VERSION) + base += 8; /* os */ domain.offset = base; if (type1->domain) { @@ -631,17 +760,16 @@ heim_ntlm_encode_type1(const struct ntlm_type1 *type1, struct ntlm_buf *data) return ENOMEM; krb5_storage_set_byteorder(out, KRB5_STORAGE_BYTEORDER_LE); - CHECK(krb5_storage_write(out, ntlmsigature, sizeof(ntlmsigature)), + CHECK_SIZE(krb5_storage_write(out, ntlmsigature, sizeof(ntlmsigature)), sizeof(ntlmsigature)); CHECK(krb5_store_uint32(out, 1), 0); CHECK(krb5_store_uint32(out, flags), 0); CHECK(store_sec_buffer(out, &domain), 0); CHECK(store_sec_buffer(out, &hostname), 0); -#if 0 - CHECK(krb5_store_uint32(out, type1->os[0]), 0); - CHECK(krb5_store_uint32(out, type1->os[1]), 0); -#endif + if (flags & NTLM_NEG_VERSION) { + CHECK(encode_os_version(out), 0); + } if (type1->domain) CHECK(put_string(out, 0, type1->domain), 0); if (type1->hostname) @@ -695,7 +823,7 @@ heim_ntlm_decode_type2(const struct ntlm_buf *buf, struct ntlm_type2 *type2) } krb5_storage_set_byteorder(in, KRB5_STORAGE_BYTEORDER_LE); - CHECK(krb5_storage_read(in, sig, sizeof(sig)), sizeof(sig)); + CHECK_SIZE(krb5_storage_read(in, sig, sizeof(sig)), sizeof(sig)); CHECK(memcmp(ntlmsigature, sig, sizeof(ntlmsigature)), 0); CHECK(krb5_ret_uint32(in, &type), 0); CHECK(type, 2); @@ -704,7 +832,7 @@ heim_ntlm_decode_type2(const struct ntlm_buf *buf, struct ntlm_type2 *type2) CHECK(krb5_ret_uint32(in, &type2->flags), 0); if (type2->flags & NTLM_NEG_UNICODE) ucs2 = 1; - CHECK(krb5_storage_read(in, type2->challenge, sizeof(type2->challenge)), + CHECK_SIZE(krb5_storage_read(in, type2->challenge, sizeof(type2->challenge)), sizeof(type2->challenge)); CHECK(krb5_ret_uint32(in, &ctx[0]), 0); /* context */ CHECK(krb5_ret_uint32(in, &ctx[1]), 0); @@ -771,23 +899,22 @@ heim_ntlm_encode_type2(const struct ntlm_type2 *type2, struct ntlm_buf *data) return ENOMEM; krb5_storage_set_byteorder(out, KRB5_STORAGE_BYTEORDER_LE); - CHECK(krb5_storage_write(out, ntlmsigature, sizeof(ntlmsigature)), + CHECK_SIZE(krb5_storage_write(out, ntlmsigature, sizeof(ntlmsigature)), sizeof(ntlmsigature)); CHECK(krb5_store_uint32(out, 2), 0); CHECK(store_sec_buffer(out, &targetname), 0); CHECK(krb5_store_uint32(out, type2->flags), 0); - CHECK(krb5_storage_write(out, type2->challenge, sizeof(type2->challenge)), + CHECK_SIZE(krb5_storage_write(out, type2->challenge, sizeof(type2->challenge)), sizeof(type2->challenge)); CHECK(krb5_store_uint32(out, 0), 0); /* context */ CHECK(krb5_store_uint32(out, 0), 0); CHECK(store_sec_buffer(out, &targetinfo), 0); /* os version */ if (type2->flags & NTLM_NEG_VERSION) { - CHECK(krb5_store_uint32(out, type2->os[0]), 0); - CHECK(krb5_store_uint32(out, type2->os[1]), 0); + CHECK(encode_os_version(out), 0); } CHECK(put_string(out, ucs2, type2->targetname), 0); - CHECK(krb5_storage_write(out, type2->targetinfo.data, + CHECK_SIZE(krb5_storage_write(out, type2->targetinfo.data, type2->targetinfo.length), type2->targetinfo.length); @@ -841,7 +968,7 @@ heim_ntlm_decode_type3(const struct ntlm_buf *buf, uint32_t type; krb5_storage *in; struct sec_buffer lm, ntlm, target, username, sessionkey, ws; - uint32_t min_offset = 72; + uint32_t min_offset = 0xffffffff; memset(type3, 0, sizeof(*type3)); memset(&sessionkey, 0, sizeof(sessionkey)); @@ -853,35 +980,38 @@ heim_ntlm_decode_type3(const struct ntlm_buf *buf, } krb5_storage_set_byteorder(in, KRB5_STORAGE_BYTEORDER_LE); - CHECK(krb5_storage_read(in, sig, sizeof(sig)), sizeof(sig)); + CHECK_SIZE(krb5_storage_read(in, sig, sizeof(sig)), sizeof(sig)); CHECK(memcmp(ntlmsigature, sig, sizeof(ntlmsigature)), 0); CHECK(krb5_ret_uint32(in, &type), 0); CHECK(type, 3); CHECK(ret_sec_buffer(in, &lm), 0); if (lm.allocated) - min_offset = min(min_offset, lm.offset); + min_offset = MIN(min_offset, lm.offset); CHECK(ret_sec_buffer(in, &ntlm), 0); if (ntlm.allocated) - min_offset = min(min_offset, ntlm.offset); + min_offset = MIN(min_offset, ntlm.offset); CHECK(ret_sec_buffer(in, &target), 0); - if (target.allocated) - min_offset = min(min_offset, target.offset); + min_offset = MIN(min_offset, target.offset); CHECK(ret_sec_buffer(in, &username), 0); - if (username.allocated) - min_offset = min(min_offset, username.offset); + min_offset = MIN(min_offset, username.offset); CHECK(ret_sec_buffer(in, &ws), 0); if (ws.allocated) - min_offset = min(min_offset, ws.offset); + min_offset = MIN(min_offset, ws.offset); - if (min_offset > 52) { + if (min_offset >= 52) { CHECK(ret_sec_buffer(in, &sessionkey), 0); - min_offset = max(min_offset, sessionkey.offset); + min_offset = MIN(min_offset, sessionkey.offset); CHECK(krb5_ret_uint32(in, &type3->flags), 0); } - if (min_offset > 52 + 8 + 4 + 8) { + if (min_offset >= 52 + 8 + 4 + 8) { CHECK(krb5_ret_uint32(in, &type3->os[0]), 0); CHECK(krb5_ret_uint32(in, &type3->os[1]), 0); } + if (min_offset >= 52 + 8 + 4 + 8 + 16) { + type3->mic_offset = 52 + 8 + 4 + 8; + CHECK_SIZE(krb5_storage_read(in, type3->mic, sizeof(type3->mic)), sizeof(type3->mic)); + } else + type3->mic_offset = 0; CHECK(ret_buf(in, &lm, &type3->lm), 0); CHECK(ret_buf(in, &ntlm, &type3->ntlm), 0); CHECK(ret_sec_string(in, ucs2, &target, &type3->targetname), 0); @@ -913,7 +1043,7 @@ out: */ int -heim_ntlm_encode_type3(const struct ntlm_type3 *type3, struct ntlm_buf *data) +heim_ntlm_encode_type3(const struct ntlm_type3 *type3, struct ntlm_buf *data, size_t *mic_offset) { struct sec_buffer lm, ntlm, target, username, sessionkey, ws; krb5_error_code ret; @@ -932,9 +1062,12 @@ heim_ntlm_encode_type3(const struct ntlm_type3 *type3, struct ntlm_buf *data) base += 8; /* sessionkey sec buf */ base += 4; /* flags */ + if (type3->flags & NTLM_NEG_VERSION) + base += 8; /* os flags */ - if (type3->os[0]) { - base += 8; + if (mic_offset) { + *mic_offset = base; + base += 16; } if (type3->flags & NTLM_NEG_UNICODE) @@ -969,7 +1102,7 @@ heim_ntlm_encode_type3(const struct ntlm_type3 *type3, struct ntlm_buf *data) return ENOMEM; krb5_storage_set_byteorder(out, KRB5_STORAGE_BYTEORDER_LE); - CHECK(krb5_storage_write(out, ntlmsigature, sizeof(ntlmsigature)), + CHECK_SIZE(krb5_storage_write(out, ntlmsigature, sizeof(ntlmsigature)), sizeof(ntlmsigature)); CHECK(krb5_store_uint32(out, 3), 0); @@ -981,10 +1114,15 @@ heim_ntlm_encode_type3(const struct ntlm_type3 *type3, struct ntlm_buf *data) CHECK(store_sec_buffer(out, &sessionkey), 0); CHECK(krb5_store_uint32(out, type3->flags), 0); -#if 0 - CHECK(krb5_store_uint32(out, 0), 0); /* os0 */ - CHECK(krb5_store_uint32(out, 0), 0); /* os1 */ -#endif + /* os version */ + if (type3->flags & NTLM_NEG_VERSION) { + CHECK(encode_os_version(out), 0); + } + + if (mic_offset) { + static const uint8_t buf[16] = { 0 }; + CHECK_SIZE(krb5_storage_write(out, buf, sizeof(buf)), sizeof(buf)); + } CHECK(put_string(out, ucs2, type3->targetname), 0); CHECK(put_string(out, ucs2, type3->username), 0); @@ -1055,10 +1193,10 @@ heim_ntlm_nt_key(const char *password, struct ntlm_buf *key) EVP_MD_CTX *m; int ret; - key->data = malloc(MD5_DIGEST_LENGTH); + key->data = malloc(MD4_DIGEST_LENGTH); if (key->data == NULL) return ENOMEM; - key->length = MD5_DIGEST_LENGTH; + key->length = MD4_DIGEST_LENGTH; ret = ascii2ucs2le(password, 0, &buf); if (ret) { @@ -1133,7 +1271,7 @@ heim_ntlm_v1_base_session(void *key, size_t len, session->length = 0; return ENOMEM; } - + m = EVP_MD_CTX_create(); if (m == NULL) { heim_ntlm_free_buf(session); @@ -1182,6 +1320,9 @@ heim_ntlm_keyex_wrap(struct ntlm_buf *base_session, EVP_CIPHER_CTX c; int ret; + if (base_session->length != MD4_DIGEST_LENGTH) + return HNTLM_ERR_INVALID_LENGTH; + session->length = MD4_DIGEST_LENGTH; session->data = malloc(session->length); if (session->data == NULL) { @@ -1222,8 +1363,6 @@ heim_ntlm_keyex_wrap(struct ntlm_buf *base_session, } - - /** * Generates an NTLMv1 session random with assosited session master key. * @@ -1313,6 +1452,8 @@ heim_ntlm_keyex_unwrap(struct ntlm_buf *baseKey, memset(session, 0, sizeof(*session)); + if (encryptedSession->length != MD4_DIGEST_LENGTH) + return HNTLM_ERR_INVALID_LENGTH; if (baseKey->length != MD4_DIGEST_LENGTH) return HNTLM_ERR_INVALID_LENGTH; @@ -1344,6 +1485,7 @@ heim_ntlm_keyex_unwrap(struct ntlm_buf *baseKey, * @param len length of key * @param username name of the user, as sent in the message, assumed to be in UTF8. * @param target the name of the target, assumed to be in UTF8. + * @param upper_case_target upper case the target, should not be used only for legacy systems * @param ntlmv2 the ntlmv2 session key * * @return 0 on success, or an error code on failure. @@ -1355,6 +1497,7 @@ int heim_ntlm_ntlmv2_key(const void *key, size_t len, const char *username, const char *target, + int upper_case_target, unsigned char ntlmv2[16]) { int ret; @@ -1371,8 +1514,8 @@ heim_ntlm_ntlmv2_key(const void *key, size_t len, goto out; HMAC_Update(&c, buf.data, buf.length); free(buf.data); - /* uppercase target and turn into ucs2-le */ - ret = ascii2ucs2le(target, 1, &buf); + /* turn target into ucs2-le */ + ret = ascii2ucs2le(target, upper_case_target, &buf); if (ret) goto out; HMAC_Update(&c, buf.data, buf.length); @@ -1381,6 +1524,7 @@ heim_ntlm_ntlmv2_key(const void *key, size_t len, HMAC_Final(&c, ntlmv2, &hmaclen); out: HMAC_CTX_cleanup(&c); + memset(&c, 0, sizeof(c)); return ret; } @@ -1391,16 +1535,16 @@ heim_ntlm_ntlmv2_key(const void *key, size_t len, #define NTTIME_EPOCH 0x019DB1DED53E8000LL -static uint64_t -unix2nttime(time_t unix_time) +uint64_t +heim_ntlm_unix2ts_time(time_t unix_time) { long long wt; wt = unix_time * (uint64_t)10000000 + (uint64_t)NTTIME_EPOCH; return wt; } -static time_t -nt2unixtime(uint64_t t) +time_t +heim_ntlm_ts2unixtime(uint64_t t) { t = ((t - (uint64_t)NTTIME_EPOCH) / (uint64_t)10000000); if (t > (((uint64_t)(time_t)(~(uint64_t)0)) >> 1)) @@ -1416,6 +1560,7 @@ nt2unixtime(uint64_t t) * @param username name of the user, as sent in the message, assumed to be in UTF8. * @param target the name of the target, assumed to be in UTF8. * @param serverchallenge challenge as sent by the server in the type2 message. + * @param infotarget infotarget as sent by the server in the type2 message. * @param ntlmv2 calculated session key * @param answer ntlm response answer, should be freed with heim_ntlm_free_buf(). * @@ -1440,7 +1585,7 @@ heim_ntlm_calculate_lm2(const void *key, size_t len, /* calculate ntlmv2 key */ - heim_ntlm_ntlmv2_key(key, len, username, target, ntlmv2); + heim_ntlm_ntlmv2_key(key, len, username, target, 0, ntlmv2); answer->data = malloc(24); if (answer->data == NULL) @@ -1450,7 +1595,7 @@ heim_ntlm_calculate_lm2(const void *key, size_t len, heim_ntlm_derive_ntlm2_sess(ntlmv2, clientchallenge, 8, serverchallenge, answer->data); - memcpy(((uint8_t *)answer->data) + 16, clientchallenge, 8); + memcpy(((unsigned char *)answer->data) + 16, clientchallenge, 8); return 0; } @@ -1490,14 +1635,14 @@ heim_ntlm_calculate_ntlm2(const void *key, size_t len, unsigned char clientchallenge[8]; uint64_t t; - t = unix2nttime(time(NULL)); + t = heim_ntlm_unix2ts_time(time(NULL)); if (RAND_bytes(clientchallenge, sizeof(clientchallenge)) != 1) return HNTLM_ERR_RAND; /* calculate ntlmv2 key */ - heim_ntlm_ntlmv2_key(key, len, username, target, ntlmv2); + heim_ntlm_ntlmv2_key(key, len, username, target, 0, ntlmv2); /* calculate and build ntlmv2 answer */ @@ -1512,12 +1657,19 @@ heim_ntlm_calculate_ntlm2(const void *key, size_t len, CHECK(krb5_store_uint32(sp, t & 0xffffffff), 0); CHECK(krb5_store_uint32(sp, t >> 32), 0); - CHECK(krb5_storage_write(sp, clientchallenge, 8), 8); + CHECK_SIZE(krb5_storage_write(sp, clientchallenge, 8), 8); - CHECK(krb5_store_uint32(sp, 0), 0); /* unknown but zero will work */ - CHECK(krb5_storage_write(sp, infotarget->data, infotarget->length), + CHECK(krb5_store_uint32(sp, 0), 0); /* Z(4) */ + CHECK_SIZE(krb5_storage_write(sp, infotarget->data, infotarget->length), infotarget->length); - CHECK(krb5_store_uint32(sp, 0), 0); /* unknown but zero will work */ + + /* + * These last 4 bytes(Z(4)) are not documented by MicroSoft and + * SnowLeopard doesn't send them, Lion expected them to be there, + * so we have to continue to send them. That is ok, since everyone + * else (except Snow) seems to do that too. + */ + CHECK(krb5_store_uint32(sp, 0), 0); /* Z(4) */ CHECK(krb5_storage_to_data(sp, &data), 0); krb5_storage_free(sp); @@ -1531,8 +1683,8 @@ heim_ntlm_calculate_ntlm2(const void *key, size_t len, return ENOMEM; } - CHECK(krb5_storage_write(sp, ntlmv2answer, 16), 16); - CHECK(krb5_storage_write(sp, data.data, data.length), data.length); + CHECK_SIZE(krb5_storage_write(sp, ntlmv2answer, 16), 16); + CHECK_SIZE(krb5_storage_write(sp, data.data, data.length), data.length); krb5_data_free(&data); CHECK(krb5_storage_to_data(sp, &data), 0); @@ -1551,6 +1703,110 @@ out: static const int authtimediff = 3600 * 2; /* 2 hours */ +static int +verify_ntlm2(const void *key, size_t len, + const char *username, + const char *target, + int upper_case_target, + time_t now, + const unsigned char serverchallenge[8], + const struct ntlm_buf *answer, + struct ntlm_buf *infotarget, + unsigned char ntlmv2[16]) +{ + krb5_error_code ret; + unsigned char clientanswer[16]; + unsigned char clientnonce[8]; + unsigned char serveranswer[16]; + krb5_storage *sp; + uint64_t t; + time_t authtime; + uint32_t temp; + + infotarget->length = 0; + infotarget->data = NULL; + + if (answer->length < 16) + return HNTLM_ERR_INVALID_LENGTH; + + if (now == 0) + now = time(NULL); + + /* calculate ntlmv2 key */ + + heim_ntlm_ntlmv2_key(key, len, username, target, upper_case_target, ntlmv2); + + /* calculate and build ntlmv2 answer */ + + sp = krb5_storage_from_readonly_mem(answer->data, answer->length); + if (sp == NULL) + return ENOMEM; + krb5_storage_set_flags(sp, KRB5_STORAGE_BYTEORDER_LE); + + CHECK_SIZE(krb5_storage_read(sp, clientanswer, 16), 16); + + CHECK(krb5_ret_uint32(sp, &temp), 0); + CHECK(temp, 0x00000101); + CHECK(krb5_ret_uint32(sp, &temp), 0); + CHECK(temp, 0); + /* timestamp le 64 bit ts */ + CHECK(krb5_ret_uint32(sp, &temp), 0); + t = temp; + CHECK(krb5_ret_uint32(sp, &temp), 0); + t |= ((uint64_t)temp)<< 32; + + authtime = heim_ntlm_ts2unixtime(t); + + if (abs((int)(authtime - now)) > authtimediff) { + ret = HNTLM_ERR_TIME_SKEW; + goto out; + } + + /* client challenge */ + CHECK_SIZE(krb5_storage_read(sp, clientnonce, 8), 8); + + CHECK(krb5_ret_uint32(sp, &temp), 0); /* Z(4) */ + + /* let pick up targetinfo */ + infotarget->length = answer->length - (size_t)krb5_storage_seek(sp, 0, SEEK_CUR); + if (infotarget->length < 4) { + ret = HNTLM_ERR_INVALID_LENGTH; + goto out; + } + infotarget->data = malloc(infotarget->length); + if (infotarget->data == NULL) { + ret = ENOMEM; + goto out; + } + CHECK_SIZE(krb5_storage_read(sp, infotarget->data, infotarget->length), + infotarget->length); + + krb5_storage_free(sp); + sp = NULL; + + if (answer->length < 16) { + ret = HNTLM_ERR_INVALID_LENGTH; + goto out; + } + + heim_ntlm_derive_ntlm2_sess(ntlmv2, + ((unsigned char *)answer->data) + 16, answer->length - 16, + serverchallenge, + serveranswer); + + if (memcmp(serveranswer, clientanswer, 16) != 0) { + heim_ntlm_free_buf(infotarget); + return HNTLM_ERR_AUTH; + } + + return 0; +out: + heim_ntlm_free_buf(infotarget); + if (sp) + krb5_storage_free(sp); + return ret; +} + /** * Verify NTLMv2 response. * @@ -1580,96 +1836,32 @@ heim_ntlm_verify_ntlm2(const void *key, size_t len, struct ntlm_buf *infotarget, unsigned char ntlmv2[16]) { - krb5_error_code ret; - unsigned char clientanswer[16]; - unsigned char clientnonce[8]; - unsigned char serveranswer[16]; - krb5_storage *sp; - time_t authtime; - uint32_t temp; - uint64_t t; + int ret; + + /** + * First check with the domain as the client passed it to the function. + */ - infotarget->length = 0; - infotarget->data = NULL; + ret = verify_ntlm2(key, len, username, target, 0, now, + serverchallenge, answer, infotarget, ntlmv2); - if (answer->length < 16) - return HNTLM_ERR_INVALID_LENGTH; + /** + * Second check with domain uppercased. + */ - if (now == 0) - now = time(NULL); + if (ret) + ret = verify_ntlm2(key, len, username, target, 1, now, + serverchallenge, answer, infotarget, ntlmv2); - /* calculate ntlmv2 key */ - - heim_ntlm_ntlmv2_key(key, len, username, target, ntlmv2); - - /* calculate and build ntlmv2 answer */ - - sp = krb5_storage_from_readonly_mem(answer->data, answer->length); - if (sp == NULL) - return ENOMEM; - krb5_storage_set_flags(sp, KRB5_STORAGE_BYTEORDER_LE); - - CHECK(krb5_storage_read(sp, clientanswer, 16), 16); - - CHECK(krb5_ret_uint32(sp, &temp), 0); - CHECK(temp, 0x00000101); - CHECK(krb5_ret_uint32(sp, &temp), 0); - CHECK(temp, 0); - /* timestamp le 64 bit ts */ - CHECK(krb5_ret_uint32(sp, &temp), 0); - t = temp; - CHECK(krb5_ret_uint32(sp, &temp), 0); - t |= ((uint64_t)temp)<< 32; - - authtime = nt2unixtime(t); - - if (abs((int)(authtime - now)) > authtimediff) { - ret = HNTLM_ERR_TIME_SKEW; - goto out; - } - - /* client challenge */ - CHECK(krb5_storage_read(sp, clientnonce, 8), 8); - - CHECK(krb5_ret_uint32(sp, &temp), 0); /* unknown */ - - /* should really unparse the infotarget, but lets pick up everything */ - infotarget->length = answer->length - krb5_storage_seek(sp, 0, SEEK_CUR); - infotarget->data = malloc(infotarget->length); - if (infotarget->data == NULL) { - ret = ENOMEM; - goto out; - } - CHECK(krb5_storage_read(sp, infotarget->data, infotarget->length), - infotarget->length); - /* XXX remove the unknown ?? */ - krb5_storage_free(sp); - sp = NULL; - - if (answer->length < 16) { - ret = HNTLM_ERR_INVALID_LENGTH; - goto out; - } - - heim_ntlm_derive_ntlm2_sess(ntlmv2, - ((unsigned char *)answer->data) + 16, answer->length - 16, - serverchallenge, - serveranswer); - - if (memcmp(serveranswer, clientanswer, 16) != 0) { - heim_ntlm_free_buf(infotarget); - return HNTLM_ERR_AUTH; - } - - return 0; -out: - heim_ntlm_free_buf(infotarget); - if (sp) - krb5_storage_free(sp); + /** + * Third check with empty domain. + */ + if (ret) + ret = verify_ntlm2(key, len, username, "", 0, now, + serverchallenge, answer, infotarget, ntlmv2); return ret; } - /* * Calculate the NTLM2 Session Response * @@ -1799,5 +1991,5 @@ heim_ntlm_derive_ntlm2_sess(const unsigned char sessionkey[16], HMAC_Update(&c, clnt_nonce, clnt_nonce_length); HMAC_Final(&c, derivedkey, &hmaclen); HMAC_CTX_cleanup(&c); + memset(&c, 0, sizeof(c)); } - diff --git a/lib/ntlm/ntlm_err.et b/lib/ntlm/ntlm_err.et index 79f44831c..09216a639 100644 --- a/lib/ntlm/ntlm_err.et +++ b/lib/ntlm/ntlm_err.et @@ -14,11 +14,47 @@ error_code RAND, "Random generator failed" error_code AUTH, "NTLM authentication failed" error_code TIME_SKEW, "Client time skewed to server" error_code OEM, "Client set OEM string" -error_code MISSING_NAME_SEPARATOR, "missing @ or \\\\ in name" +error_code MISSING_NAME_SEPARATOR, "missing @ or \ in name" error_code MISSING_BUFFER, "missing expected buffer" error_code INVALID_APOP, "Invalid APOP response" error_code INVALID_CRAM_MD5, "Invalid CRAM-MD5 response" error_code INVALID_DIGEST_MD5, "Invalid DIGEST-MD5 response" error_code INVALID_DIGEST_MD5_RSPAUTH, "Invalid DIGEST-MD5 rspauth" +error_code INVALID_CHANNEL_BINDINGS, "Invalid channel bindings" +error_code INVALID_MIC, "Invalid MIC" +error_code INVALID_SESSIONKEY, "Invalid session key" + + +# +# NTLM/GSS error codes +# +index 64 +error_code NOT_CONFIGURED, "NTLM not configured" + +error_code INVALID_CHALLANGE, "Invalid client challenge" +error_code INVALID_LMv1_RESPONSE, "Invalid client LMv1 response" +error_code INVALID_NT_RESPONSE, "Invalid client NT response" +error_code INVALID_LMv2_RESPONSE, "Invalid client LMv2 response" +error_code INVALID_NTv1_RESPONSE, "Invalid client NTv1 response" +error_code INVALID_NTv2_RESPONSE, "Invalid client NTv2 response" +error_code INVALID_NTv1_ANSWER, "Invalid client NTv1 answer" +error_code INVALID_NTv2_ANSWER, "Invalid client NTv2 answer" +error_code INVALID_SESSION_KEY, "Invalid session key" + +error_code INVALID_NO_GUEST, "Invalid guest login request" + +error_code NO_NETR_CONFIGURED, "No NETR configured" + + +# +# Scram errors +# +prefix HSCRAM_ERR +index 128 + +error_code INVALID_MESSAGE, "Invalid SCRAM message" +error_code INVALID_PROOF, "Invalid SCRAM proof" +error_code INVALID_ROLE, "Invalid SCRAM role" + end diff --git a/lib/ntlm/test_commonauth.c b/lib/ntlm/test_commonauth.c index e0c1eb0c6..89b8c7e57 100644 --- a/lib/ntlm/test_commonauth.c +++ b/lib/ntlm/test_commonauth.c @@ -37,13 +37,14 @@ #include #include #include +#include #include "heim-auth.h" static int test_sasl_digest_md5(void) { heim_digest_t ctx; - const char *user; + const char *user, *challenge, *resp; char *r; if ((ctx = heim_digest_create(1, HEIM_DIGEST_TYPE_AUTO)) == NULL) @@ -51,16 +52,26 @@ test_sasl_digest_md5(void) if (heim_digest_parse_challenge(ctx, "realm=\"elwood.innosoft.com\",nonce=\"OA6MG9tEQGm2hh\",qop=\"auth\",algorithm=md5-sess,charset=utf-8")) abort(); + + /* check that server detects changing QOP */ + if (!heim_digest_parse_response(ctx, "charset=utf-8,username=\"chris\",realm=\"elwood.innosoft.com\",nonce=\"OA6MG9tEQGm2hh\",nc=00000001,cnonce=\"OA6MHXh6VqTrRk\",digest-uri=\"imap/elwood.innosoft.com\",response=d388dad90d4bbd760a152321f2143af7,qop=auth-int")) + errx(1, "don't detect changing qop"); + + /* should pass */ if (heim_digest_parse_response(ctx, "charset=utf-8,username=\"chris\",realm=\"elwood.innosoft.com\",nonce=\"OA6MG9tEQGm2hh\",nc=00000001,cnonce=\"OA6MHXh6VqTrRk\",digest-uri=\"imap/elwood.innosoft.com\",response=d388dad90d4bbd760a152321f2143af7,qop=auth")) abort(); - + if ((user = heim_digest_get_key(ctx, "username")) == NULL) abort(); if (strcmp(user, "chris") != 0) abort(); - heim_digest_set_key(ctx, "password", "secret"); + /* + * check password + */ + heim_digest_set_key(ctx, "password", "secret"); + if (heim_digest_verify(ctx, &r)) abort(); @@ -69,16 +80,133 @@ test_sasl_digest_md5(void) free(r); + /* + * Also check userhash + */ + + r = heim_digest_userhash("chris", "elwood.innosoft.com", "secret"); + if (strcmp(r, "eb5a750053e4d2c34aa84bbc9b0b6ee7") != 0) + abort(); + + heim_digest_set_key(ctx, "userhash", r); + free(r); + + if (heim_digest_verify(ctx, &r)) + abort(); + + if (strcmp(r, "rspauth=ea40f60335c427b5527b84dbabcdfffd") != 0) + abort(); + + free(r); + + /* check that it failes */ + + heim_digest_set_key(ctx, "username", "notright"); + heim_digest_set_key(ctx, "password", "secret"); + + if (heim_digest_verify(ctx, &r) == 0) + abort(); + + if ((user = heim_digest_get_key(ctx, "username")) == NULL) + abort(); + if (strcmp(user, "notright") != 0) + abort(); + + + /* Done */ + + heim_digest_release(ctx); + + + /* + * Check heim_digest_generate_challenge() + */ + + if ((ctx = heim_digest_create(1, HEIM_DIGEST_TYPE_RFC2831)) == NULL) + abort(); + + heim_digest_set_key(ctx, "serverRealm", "elwood.innosoft.com"); + heim_digest_set_key(ctx, "serverNonce", "OA6MG9tEQGm2hh"); + heim_digest_set_key(ctx, "serverQOP", "auth,auth-int"); + + challenge = heim_digest_generate_challenge(ctx); + if (challenge == NULL) + abort(); + + if (heim_digest_parse_challenge(ctx, challenge)) + abort(); + + /* check that server detects changing QOP */ + if (!heim_digest_parse_response(ctx, "charset=utf-8,username=\"chris\",realm=\"elwood.innosoft.com\",nonce=\"OA6MG9tEQGm2hh\",nc=00000001,cnonce=\"OA6MHXh6VqTrRk\",digest-uri=\"imap/elwood.innosoft.com\",response=d388dad90d4bbd760a152321f2143af7,qop=auth-conf")) + abort(); + + if (heim_digest_parse_response(ctx, "charset=utf-8,username=\"chris\",realm=\"elwood.innosoft.com\",nonce=\"OA6MG9tEQGm2hh\",nc=00000001,cnonce=\"OA6MHXh6VqTrRk\",digest-uri=\"imap/elwood.innosoft.com\",response=d388dad90d4bbd760a152321f2143af7,qop=auth")) + abort(); + + heim_digest_set_key(ctx, "password", "secret"); + + if (heim_digest_verify(ctx, &r)) + abort(); + + if (strcmp(r, "rspauth=ea40f60335c427b5527b84dbabcdfffd") != 0) + abort(); + + free(r); + heim_digest_release(ctx); + /* + * Validate heim_digest_service_response() + */ + + if ((ctx = heim_digest_create(1, HEIM_DIGEST_TYPE_RFC2831)) == NULL) + abort(); + + heim_digest_set_key(ctx, "clientNonce", "OA6MHXh6VqTrRk"); + heim_digest_set_key(ctx, "clientQOP", "auth"); + heim_digest_set_key(ctx, "clientNC", "00000001"); + heim_digest_set_key(ctx, "serverNonce", "OA6MG9tEQGm2hh"); + heim_digest_set_key(ctx, "clientURI", "imap/elwood.innosoft.com"); + heim_digest_set_key(ctx, "serverRealm", "elwood.innosoft.com"); + heim_digest_set_key(ctx, "serverNonce", "OA6MG9tEQGm2hh"); + heim_digest_set_key(ctx, "H(A1)", "a2549853149b0536f01f0b850c643c57"); + + resp = heim_digest_server_response(ctx); + + if (resp == NULL || strcmp(resp, "rspauth=ea40f60335c427b5527b84dbabcdfffd") != 0) + abort(); + + heim_digest_release(ctx); + + if ((ctx = heim_digest_create(1, HEIM_DIGEST_TYPE_RFC2831)) == NULL) + abort(); + + heim_digest_set_key(ctx, "clientNonce", "OA6MHXh6VqTrRk"); + heim_digest_set_key(ctx, "clientQOP", "auth"); + heim_digest_set_key(ctx, "clientNC", "00000001"); + heim_digest_set_key(ctx, "serverNonce", "OA6MG9tEQGm2hh"); + heim_digest_set_key(ctx, "clientURI", "imap/elwood.innosoft.com"); + heim_digest_set_key(ctx, "serverRealm", "elwood.innosoft.com"); + heim_digest_set_key(ctx, "serverNonce", "OA6MG9tEQGm2hh"); + heim_digest_set_key(ctx, "password", "secret"); + heim_digest_set_key(ctx, "username", "chris"); + + resp = heim_digest_server_response(ctx); + + if (resp == NULL || strcmp(resp, "rspauth=ea40f60335c427b5527b84dbabcdfffd") != 0) + abort(); + + heim_digest_release(ctx); + return 0; } static int test_http_digest_md5(void) { - heim_digest_t ctx; - const char *user; + heim_digest_t ctx, ctx2; + const char *user, *chal, *resp; + char *serverresp, *serverresp2; if ((ctx = heim_digest_create(1, HEIM_DIGEST_TYPE_AUTO)) == NULL) abort(); @@ -95,19 +223,104 @@ test_http_digest_md5(void) "response=\"1949323746fe6a43ef61f9606e7febea\"," "opaque=\"5ccc069c403ebaf9f0171e9517f40e41\"")) abort(); - + if ((user = heim_digest_get_key(ctx, "username")) == NULL) abort(); if (strcmp(user, "Mufasa") != 0) abort(); - heim_digest_set_key(ctx, "password", "CircleOfLife"); + if ((user = heim_digest_get_key(ctx, "clientUsername")) == NULL) + abort(); + if (strcmp(user, "Mufasa") != 0) + abort(); + heim_digest_set_key(ctx, "password", "CircleOfLife"); + if (heim_digest_verify(ctx, NULL)) abort(); + /* Verify failure */ + + heim_digest_set_key(ctx, "username", "Oskar"); + + if (heim_digest_verify(ctx, NULL) == 0) + abort(); + + heim_digest_release(ctx); + + /* + * Check myself + */ + + /* server */ + if ((ctx = heim_digest_create(1, HEIM_DIGEST_TYPE_RFC2831)) == NULL) + abort(); + + heim_digest_set_key(ctx, "serverRealm", "myrealmhahaha"); + heim_digest_set_key(ctx, "serverQOP", "auth,auth-int"); + + chal = heim_digest_generate_challenge(ctx); + if (chal == NULL) + abort(); + + /* client */ + if ((ctx2 = heim_digest_create(1, HEIM_DIGEST_TYPE_RFC2831)) == NULL) + abort(); + + if (heim_digest_parse_challenge(ctx2, chal)) + abort(); + + heim_digest_set_key(ctx2, "username", "lha"); + heim_digest_set_key(ctx2, "password", "passw0rd"); + heim_digest_set_key(ctx2, "uri", "/uri"); + + resp = heim_digest_create_response(ctx2, &serverresp); + if (resp == NULL) + abort(); + + /* server */ + if (heim_digest_parse_response(ctx, resp)) + abort(); + + heim_digest_set_key(ctx, "password", "passw0rd"); + heim_digest_verify(ctx, &serverresp2); + + + /* client */ + if (strcmp(serverresp, serverresp2) != 0) + abort(); + + heim_digest_release(ctx); + heim_digest_release(ctx2); + + /* + * check prefix + */ + + if ((ctx = heim_digest_create(1, HEIM_DIGEST_TYPE_AUTO)) == NULL) + abort(); + + if (heim_digest_parse_challenge(ctx, "Digest realm=\"testrealm@host.com\"," + "nonce=\"dcd98b7102dd2f0e8b11d0f600bfb0c093\"," + "opaque=\"5ccc069c403ebaf9f0171e9517f40e41\"")) + abort(); + heim_digest_release(ctx); + /* + * check prefix + */ + + if ((ctx = heim_digest_create(1, HEIM_DIGEST_TYPE_AUTO)) == NULL) + abort(); + + if (heim_digest_parse_challenge(ctx, "Digest realm=\"testrealm@host.com\"," + "nonce=\"dcd98b7102dd2f0e8b11d0f600bfb0c093\"," + "opaque=\"5ccc069c403ebaf9f0171e9517f40e41\"")) + abort(); + + heim_digest_release(ctx); + return 0; } @@ -158,7 +371,6 @@ test_cram_md5(void) abort(); heim_cram_md5_export(secret, &state); - /* here you can store the memcpy-ed version of state somewhere else */ ctx = heim_cram_md5_import(&state, sizeof(state)); @@ -183,7 +395,6 @@ test_apop(void) const char *resp = "c4c9334bac560ecc979e58001b3e22fb"; char *t; - t = heim_apop_create(chal, secret); if (t == NULL) abort(); @@ -210,7 +421,5 @@ main(int argc, char **argv) ret |= test_cram_md5(); ret |= test_apop(); - system("bash"); - return ret; } diff --git a/lib/ntlm/test_ntlm.c b/lib/ntlm/test_ntlm.c index 93fbed7bf..7243bd393 100644 --- a/lib/ntlm/test_ntlm.c +++ b/lib/ntlm/test_ntlm.c @@ -41,6 +41,8 @@ #include /* or */ #include +#ifdef ENABLE_NTLM + static int test_parse(void) { @@ -56,7 +58,7 @@ test_parse(void) memset(&type1, 0, sizeof(type1)); - type1.flags = NTLM_NEG_UNICODE|NTLM_NEG_TARGET|NTLM_NEG_NTLM; + type1.flags = NTLM_NEG_UNICODE|NTLM_NEG_TARGET|NTLM_NEG_NTLM|NTLM_NEG_VERSION; type1.domain = rk_UNCONST(domain); type1.hostname = NULL; type1.os[0] = 0; @@ -123,7 +125,7 @@ test_parse(void) free(key.data); } - ret = heim_ntlm_encode_type3(&type3, &data); + ret = heim_ntlm_encode_type3(&type3, &data, NULL); if (ret) errx(1, "heim_ntlm_encode_type3"); @@ -288,18 +290,107 @@ test_ntlm2_session_resp(void) return 0; } +static int +test_ntlmv2(void) +{ + unsigned char type3[413] = + "\x4e\x54\x4c\x4d\x53\x53\x50\x00\x03\x00\x00\x00\x18\x00\x18\x00" + "\x80\x00\x00\x00\x9e\x00\x9e\x00\x98\x00\x00\x00\x14\x00\x14\x00" + "\x48\x00\x00\x00\x10\x00\x10\x00\x5c\x00\x00\x00\x14\x00\x14\x00" + "\x6c\x00\x00\x00\x00\x00\x00\x00\x36\x01\x00\x00\x05\x82\x88\xa2" + "\x05\x01\x28\x0a\x00\x00\x00\x0f\x43\x00\x4f\x00\x4c\x00\x4c\x00" + "\x45\x00\x59\x00\x2d\x00\x58\x00\x50\x00\x34\x00\x54\x00\x45\x00" + "\x53\x00\x54\x00\x55\x00\x53\x00\x45\x00\x52\x00\x43\x00\x4f\x00" + "\x4c\x00\x4c\x00\x45\x00\x59\x00\x2d\x00\x58\x00\x50\x00\x34\x00" + "\x2f\x96\xec\x0a\xf7\x9f\x2e\x24\xba\x09\x48\x10\xa5\x22\xd4\xe1" + "\x16\x6a\xca\x58\x74\x9a\xc1\x4f\x54\x6f\xee\x40\x96\xce\x43\x6e" + "\xdf\x99\x20\x71\x6c\x9a\xda\x2a\x01\x01\x00\x00\x00\x00\x00\x00" + "\x8d\xc0\x57\xc9\x79\x5e\xcb\x01\x16\x6a\xca\x58\x74\x9a\xc1\x4f" + "\x00\x00\x00\x00\x02\x00\x14\x00\x4e\x00\x55\x00\x54\x00\x43\x00" + "\x52\x00\x41\x00\x43\x00\x4b\x00\x45\x00\x52\x00\x01\x00\x14\x00" + "\x4e\x00\x55\x00\x54\x00\x43\x00\x52\x00\x41\x00\x43\x00\x4b\x00" + "\x45\x00\x52\x00\x04\x00\x12\x00\x61\x00\x70\x00\x70\x00\x6c\x00" + "\x65\x00\x2e\x00\x63\x00\x6f\x00\x6d\x00\x03\x00\x20\x00\x68\x00" + "\x75\x00\x6d\x00\x6d\x00\x65\x00\x6c\x00\x2e\x00\x61\x00\x70\x00" + "\x70\x00\x6c\x00\x65\x00\x2e\x00\x63\x00\x6f\x00\x6d\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x57\x00\x69\x00\x6e\x00\x64\x00\x6f" + "\x00\x77\x00\x73\x00\x20\x00\x32\x00\x30\x00\x30\x00\x32\x00\x20" + "\x00\x53\x00\x65\x00\x72\x00\x76\x00\x69\x00\x63\x00\x65\x00\x20" + "\x00\x50\x00\x61\x00\x63\x00\x6b\x00\x20\x00\x33\x00\x20\x00\x32" + "\x00\x36\x00\x30\x00\x30\x00\x00\x00\x57\x00\x69\x00\x6e\x00\x64" + "\x00\x6f\x00\x77\x00\x73\x00\x20\x00\x32\x00\x30\x00\x30\x00\x32" + "\x00\x20\x00\x35\x00\x2e\x00\x31\x00\x00\x00\x00\x00"; + const unsigned char challenge[8] = + "\xe4\x9c\x6a\x12\xe1\xbd\xde\x6a"; + unsigned char sessionkey[16]; + + const char key[16] = "\xD1\x83\x98\x3E\xAE\xA7\xBE\x99\x59\xC8\xF4\xC1\x98\xED\x0E\x68"; + + struct ntlm_buf data; + struct ntlm_type3 t3; + int ret; + + struct ntlm_targetinfo ti; + + unsigned char timsg[114] = + "\002\000\024\000N\000U\000T\000C\000R\000A\000C\000K\000E\000R\000\001\000\024\000N\000U\000T\000C\000R\000A\000C\000K\000E\000R\000\004\000\022\000a\000p\000p\000l\000e\000.\000c\000o\000m\000\003\000 \000h\000u\000m\000m\000e\000l\000.\000a\000p\000p\000l\000e\000.\000c\000o\000m\000\000\000\000\000\000\000\000"; + + + data.data = type3; + data.length = sizeof(type3); + + ret = heim_ntlm_decode_type3(&data, 1, &t3); + if (ret) + errx(1, "heim_ntlm_decode_type3"); + + memset(&ti, 0, sizeof(ti)); + + data.data = timsg; + data.length = sizeof(timsg); + + ret = heim_ntlm_decode_targetinfo(&data, 1, &ti); + if (ret) + return ret; + + ret = heim_ntlm_verify_ntlm2(key, sizeof(key), + t3.username, + t3.targetname, + 1285615547, + challenge, + &t3.ntlm, + &data, + sessionkey); + if (ret) + errx(1, "verify_ntlmv2"); + + if (sizeof(timsg) != data.length || memcmp(timsg, data.data, sizeof(timsg)) != 0) + errx(1, "target info wrong: %d != %d", + (int)sizeof(timsg), (int)data.length); + + heim_ntlm_free_type3(&t3); + heim_ntlm_free_targetinfo(&ti); + + return 0; +} + static int test_targetinfo(void) { struct ntlm_targetinfo ti; struct ntlm_buf buf; const char *dnsservername = "dnsservername"; + const char *targetname = "targetname"; + const char z16[16] = { 0 }; int ret; memset(&ti, 0, sizeof(ti)); ti.dnsservername = rk_UNCONST(dnsservername); ti.avflags = 1; + ti.targetname = rk_UNCONST(targetname); + ti.channel_bindings.data = rk_UNCONST(z16); + ti.channel_bindings.length = sizeof(z16); + ret = heim_ntlm_encode_targetinfo(&ti, 1, &buf); if (ret) return ret; @@ -315,12 +406,134 @@ test_targetinfo(void) errx(1, "ti.dnshostname != %s", dnsservername); if (ti.avflags != 1) errx(1, "ti.avflags != 1"); + if (ti.targetname == NULL || + strcmp(ti.targetname, targetname) != 0) + errx(1, "ti.targetname != %s", targetname); + + if (ti.channel_bindings.length != sizeof(z16) || + memcmp(ti.channel_bindings.data, z16, sizeof(z16)) != 0) + errx(1, "ti.channel_bindings != Z(16)"); heim_ntlm_free_targetinfo(&ti); return 0; } +static int +test_string2key(void) +{ + const char *pw = "山田"; + struct ntlm_buf buf; + + unsigned char key[16] = { + 0xc6, 0x5d, 0xc7, 0x61, 0xa1, 0x34, 0x17, 0xa1, + 0x17, 0x08, 0x9c, 0x1b, 0xb0, 0x0d, 0x0f, 0x19 + }; + + if (heim_ntlm_nt_key(pw, &buf) != 0) + errx(1, "heim_ntlmv_nt_key(jp)"); + + if (buf.length != 16 || memcmp(buf.data, key, 16) != 0) + errx(1, "compare failed"); + + heim_ntlm_free_buf(&buf); + + return 0; +} + +static int +test_jp(void) +{ + char buf2[220] = + "\x4e\x54\x4c\x4d\x53\x53\x50\x00\x02\x00\x00\x00\x06\x00\x06\x00" + "\x38\x00\x00\x00\x05\x02\x89\x62\x62\x94\xb1\xf3\x56\x80\xb0\xf9" + "\x00\x00\x00\x00\x00\x00\x00\x00\x9e\x00\x9e\x00\x3e\x00\x00\x00" + "\x06\x01\xb0\x1d\x00\x00\x00\x0f\x43\x00\x4f\x00\x53\x00\x02\x00" + "\x06\x00\x43\x00\x4f\x00\x53\x00\x01\x00\x12\x00\x43\x00\x4f\x00" + "\x53\x00\x57\x00\x49\x00\x4e\x00\x37\x00\x4a\x00\x50\x00\x04\x00" + "\x1a\x00\x63\x00\x6f\x00\x73\x00\x2e\x00\x61\x00\x70\x00\x70\x00" + "\x6c\x00\x65\x00\x2e\x00\x63\x00\x6f\x00\x6d\x00\x03\x00\x2e\x00" + "\x63\x00\x6f\x00\x73\x00\x77\x00\x69\x00\x6e\x00\x37\x00\x6a\x00" + "\x70\x00\x2e\x00\x63\x00\x6f\x00\x73\x00\x2e\x00\x61\x00\x70\x00" + "\x70\x00\x6c\x00\x65\x00\x2e\x00\x63\x00\x6f\x00\x6d\x00\x05\x00" + "\x1a\x00\x63\x00\x6f\x00\x73\x00\x2e\x00\x61\x00\x70\x00\x70\x00" + "\x6c\x00\x65\x00\x2e\x00\x63\x00\x6f\x00\x6d\x00\x07\x00\x08\x00" + "\x94\x51\xf0\xbd\xdc\x61\xcb\x01\x00\x00\x00\x00"; + + char buf3[362] = + "\x4e\x54\x4c\x4d\x53\x53\x50\x00\x03\x00\x00\x00\x18\x00\x18\x00" + "\x74\x00\x00\x00\xce\x00\xce\x00\x8c\x00\x00\x00\x1a\x00\x1a\x00" + "\x40\x00\x00\x00\x04\x00\x04\x00\x5a\x00\x00\x00\x16\x00\x16\x00" + "\x5e\x00\x00\x00\x10\x00\x10\x00\x5a\x01\x00\x00\x05\x02\x89\x62" + "\x31\x00\x37\x00\x2e\x00\x32\x00\x30\x00\x31\x00\x2e\x00\x35\x00" + "\x37\x00\x2e\x00\x31\x00\x32\x00\x31\x00\x71\x5c\x30\x75\x77\x00" + "\x6f\x00\x72\x00\x6b\x00\x73\x00\x74\x00\x61\x00\x74\x00\x69\x00" + "\x6f\x00\x6e\x00\xab\xad\xeb\x72\x01\xd4\x5f\xdf\x59\x07\x5f\xa9" + "\xfd\x54\x98\x2d\xfa\x17\xbb\xf1\x3c\x8f\xf5\x20\xe6\x8f\xd7\x0a" + "\xc9\x19\x3e\x94\x61\x31\xdb\x0f\x55\xe8\xe2\x53\x01\x01\x00\x00" + "\x00\x00\x00\x00\x00\x06\x3e\x30\xe4\x61\xcb\x01\x71\x98\x10\x6b" + "\x4c\x82\xec\xb3\x00\x00\x00\x00\x02\x00\x06\x00\x43\x00\x4f\x00" + "\x53\x00\x01\x00\x12\x00\x43\x00\x4f\x00\x53\x00\x57\x00\x49\x00" + "\x4e\x00\x37\x00\x4a\x00\x50\x00\x04\x00\x1a\x00\x63\x00\x6f\x00" + "\x73\x00\x2e\x00\x61\x00\x70\x00\x70\x00\x6c\x00\x65\x00\x2e\x00" + "\x63\x00\x6f\x00\x6d\x00\x03\x00\x2e\x00\x63\x00\x6f\x00\x73\x00" + "\x77\x00\x69\x00\x6e\x00\x37\x00\x6a\x00\x70\x00\x2e\x00\x63\x00" + "\x6f\x00\x73\x00\x2e\x00\x61\x00\x70\x00\x70\x00\x6c\x00\x65\x00" + "\x2e\x00\x63\x00\x6f\x00\x6d\x00\x05\x00\x1a\x00\x63\x00\x6f\x00" + "\x73\x00\x2e\x00\x61\x00\x70\x00\x70\x00\x6c\x00\x65\x00\x2e\x00" + "\x63\x00\x6f\x00\x6d\x00\x07\x00\x08\x00\xab\xec\xcc\x30\xe4\x61" + "\xcb\x01\x00\x00\x00\x00\x00\x00\x00\x00\xbc\x2e\xba\x3f\xd1\xb1" + "\xa7\x70\x00\x9d\x55\xa0\x59\x74\x2b\x78"; + + + struct ntlm_type2 type2; + struct ntlm_type3 type3; + struct ntlm_buf data; + int ret; + + data.length = sizeof(buf2); + data.data = buf2; + + memset(&type2, 0, sizeof(type2)); + + ret = heim_ntlm_decode_type2(&data, &type2); + if (ret) + errx(1, "heim_ntlm_decode_type2(jp): %d", ret); + + data.data = NULL; + data.length = 0; + + ret = heim_ntlm_encode_type2(&type2, &data); + if (ret) + errx(1, "heim_ntlm_encode_type2(jp): %d", ret); + + heim_ntlm_free_type2(&type2); + heim_ntlm_free_buf(&data); + + data.length = sizeof(buf3); + data.data = buf3; + + memset(&type3, 0, sizeof(type3)); + + ret = heim_ntlm_decode_type3(&data, 1, &type3); + if (ret) + errx(1, "heim_ntlm_decode_type2(jp): %d", ret); + + data.data = NULL; + data.length = 0; + + ret = heim_ntlm_encode_type3(&type3, &data, NULL); + if (ret) + errx(1, "heim_ntlm_decode_type2(jp): %d", ret); + + heim_ntlm_free_type3(&type3); + heim_ntlm_free_buf(&data); + + return 0; +} + +#endif + static int verbose_flag = 0; static int version_flag = 0; static int help_flag = 0; @@ -357,17 +570,16 @@ main(int argc, char **argv) exit(0); } - argc -= optidx; - argv += optidx; +#ifdef ENABLE_NTLM if (verbose_flag) printf("test_parse\n"); - ret += test_parse(); + if (verbose_flag) printf("test_keys\n"); - ret += test_keys(); + if (verbose_flag) printf("test_ntlm2_session_resp\n"); ret += test_ntlm2_session_resp(); @@ -375,6 +587,19 @@ main(int argc, char **argv) if (verbose_flag) printf("test_targetinfo\n"); ret += test_targetinfo(); + + if (verbose_flag) + printf("test_ntlmv2\n"); + ret += test_ntlmv2(); + if (verbose_flag) + printf("test_string2key\n"); + ret += test_string2key(); + + if (verbose_flag) + printf("test_jp\n"); + ret += test_jp(); + +#endif return ret; }