oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity

bump libheimntlm to the version from OSX 10.9 Mavericks

Browse Source
This commit is contained in:
Love Hörnquist Åstrand
2013-11-17 13:15:55 +01:00
parent 22a5077835
commit cde59c543d
8 changed files with 1436 additions and 348 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
lib/ntlm/apop.c
View File

@@ -55,7 +55,7 @@ heim_generate_challenge(const char *hostname)
hostname = host;
}
t = time(NULL);
t = (uint32_t)time(NULL);
num = rk_random();
asprintf(&str, "<%lu%lu@%s>", (unsigned long)t,
@@ -72,8 +72,8 @@ heim_apop_create(const char *challenge, const char *password)
CC_MD5_CTX ctx;
CC_MD5_Init(&ctx);
CC_MD5_Update(&ctx, challenge, strlen(challenge));
CC_MD5_Update(&ctx, password, strlen(password));
CC_MD5_Update(&ctx, challenge, (CC_LONG)strlen(challenge));
CC_MD5_Update(&ctx, password, (CC_LONG)strlen(password));
CC_MD5_Final(hash, &ctx);
@@ -102,7 +102,7 @@ heim_apop_verify(const char *challenge, const char *password, const char *respon
return 0;
}
struct heim_cram_md5 {
struct heim_cram_md5_data {
CC_MD5_CTX ipad;
CC_MD5_CTX opad;
};
@@ -114,13 +114,13 @@ heim_cram_md5_export(const char *password, heim_CRAM_MD5_STATE *state)
size_t keylen = strlen(password);
uint8_t key[CC_MD5_BLOCK_BYTES];
uint8_t pad[CC_MD5_BLOCK_BYTES];
struct heim_cram_md5 ctx;
struct heim_cram_md5_data ctx;
size_t n;
memset(&ctx, 0, sizeof(ctx));
if (keylen > CC_MD5_BLOCK_BYTES) {
CC_MD5(password, keylen, key);
CC_MD5(password, (CC_LONG)keylen, key);
keylen = sizeof(keylen);
} else {
memcpy(key, password, keylen);
@@ -163,7 +163,6 @@ heim_cram_md5_import(void *data, size_t len)
{
heim_CRAM_MD5_STATE state;
heim_cram_md5 ctx;
unsigned n;
if (len != sizeof(state))
return NULL;
@@ -198,7 +197,7 @@ heim_cram_md5_verify_ctx(heim_cram_md5 ctx, const char *challenge, const char *r
char *str = NULL;
int res;
CC_MD5_Update(&ctx->ipad, challenge, strlen(challenge));
CC_MD5_Update(&ctx->ipad, challenge, (CC_LONG)strlen(challenge));
CC_MD5_Final(hash, &ctx->ipad);
CC_MD5_Update(&ctx->opad, hash, sizeof(hash));

599
lib/ntlm/digest.c
View File

@@ -45,7 +45,11 @@
#include "ntlm_err.h"
struct heim_digest_desc {
int server;
#define F_SERVER 1
#define F_HAVE_HASH 2
#define F_HAVE_HA1 4
#define F_USE_PREFIX 8
int flags;
int type;
char *password;
uint8_t SecretHash[CC_MD5_DIGEST_LENGTH];
@@ -53,6 +57,8 @@ struct heim_digest_desc {
char *serverRealm;
char *serverQOP;
char *serverMethod;
char *serverMaxbuf;
char *serverOpaque;
char *clientUsername;
char *clientResponse;
char *clientURI;
@@ -62,20 +68,30 @@ struct heim_digest_desc {
char *clientNC;
char *serverAlgorithm;
char *auth_id;
/* internally allocated objects returned to caller */
char *serverChallenge;
char *clientReply;
char *serverReply;
};
#define FREE_AND_CLEAR(x) do { if ((x)) { free((x)); (x) = NULL; } } while(0)
#define MEMSET_FREE_AND_CLEAR(x) do { if ((x)) { memset(x, 0, strlen(x)); free((x)); (x) = NULL; } } while(0)
static const char digest_prefix[] = "Digest ";
static void
clear_context(heim_digest_t context)
{
MEMSET_FREE_AND_CLEAR(context->password);
memset(context->SecretHash, 0, sizeof(context->SecretHash));
context->flags &= ~(F_HAVE_HASH);
FREE_AND_CLEAR(context->serverNonce);
FREE_AND_CLEAR(context->serverRealm);
FREE_AND_CLEAR(context->serverQOP);
FREE_AND_CLEAR(context->serverMethod);
FREE_AND_CLEAR(context->serverMaxbuf);
FREE_AND_CLEAR(context->serverOpaque);
FREE_AND_CLEAR(context->clientUsername);
FREE_AND_CLEAR(context->clientResponse);
FREE_AND_CLEAR(context->clientURI);
@@ -85,40 +101,66 @@ clear_context(heim_digest_t context)
FREE_AND_CLEAR(context->clientNC);
FREE_AND_CLEAR(context->serverAlgorithm);
FREE_AND_CLEAR(context->auth_id);
FREE_AND_CLEAR(context->serverChallenge);
FREE_AND_CLEAR(context->clientReply);
FREE_AND_CLEAR(context->serverReply);
}
static void
digest_userhash(const char *user, const char *realm, const char *password,
unsigned char md[CC_MD5_DIGEST_LENGTH])
{
CC_MD5_CTX ctx;
CC_MD5_Init(&ctx);
CC_MD5_Update(&ctx, user, (CC_LONG)strlen(user));
CC_MD5_Update(&ctx, ":", 1);
CC_MD5_Update(&ctx, realm, (CC_LONG)strlen(realm));
CC_MD5_Update(&ctx, ":", 1);
CC_MD5_Update(&ctx, password, (CC_LONG)strlen(password));
CC_MD5_Final(md, &ctx);
}
static char *
build_A1_hash(int type,
const char *username, const char *password,
const char *realm, const char *serverNonce,
const char *clientNonce,
const char *auth_id)
build_A1_hash(heim_digest_t context)
{
unsigned char md[CC_MD5_DIGEST_LENGTH];
CC_MD5_CTX ctx;
char *A1;
CC_MD5_Init(&ctx);
CC_MD5_Update(&ctx, username, strlen(username));
CC_MD5_Update(&ctx, ":", 1);
CC_MD5_Update(&ctx, realm, strlen(realm));
CC_MD5_Update(&ctx, ":", 1);
CC_MD5_Update(&ctx, password, strlen(password));
CC_MD5_Final(md, &ctx);
if (context->flags & F_HAVE_HA1) {
memcpy(md, context->SecretHash, sizeof(md));
} else if (context->flags & F_HAVE_HASH) {
memcpy(md, context->SecretHash, sizeof(md));
} else if (context->password) {
if (context->clientUsername == NULL)
return NULL;
if (context->serverRealm == NULL)
return NULL;
digest_userhash(context->clientUsername,
context->serverRealm,
context->password,
md);
} else
return NULL;
if ((context->type == HEIM_DIGEST_TYPE_RFC2617_MD5_SESS || context->type == HEIM_DIGEST_TYPE_RFC2831) && (context->flags & F_HAVE_HA1) == 0) {
if (context->serverNonce == NULL)
return NULL;
if (type != HEIM_DIGEST_TYPE_RFC2069) {
CC_MD5_Init(&ctx);
CC_MD5_Update(&ctx, md, sizeof(md));
memset(md, 0, sizeof(md));
CC_MD5_Update(&ctx, ":", 1);
CC_MD5_Update(&ctx, serverNonce, strlen(serverNonce));
if (clientNonce) {
CC_MD5_Update(&ctx, context->serverNonce, (CC_LONG)strlen(context->serverNonce));
if (context->clientNonce) {
CC_MD5_Update(&ctx, ":", 1);
CC_MD5_Update(&ctx, clientNonce, strlen(clientNonce));
CC_MD5_Update(&ctx, context->clientNonce, (CC_LONG)strlen(context->clientNonce));
}
if (auth_id) {
if (context->type == HEIM_DIGEST_TYPE_RFC2831 && context->auth_id) {
CC_MD5_Update(&ctx, ":", 1);
CC_MD5_Update(&ctx, auth_id, strlen(auth_id));
CC_MD5_Update(&ctx, context->auth_id, (CC_LONG)strlen(context->auth_id));
}
CC_MD5_Final(md, &ctx);
}
@@ -138,19 +180,21 @@ build_A2_hash(heim_digest_t context, const char *method)
CC_MD5_Init(&ctx);
if (method)
CC_MD5_Update(&ctx, method, strlen(method));
CC_MD5_Update(&ctx, method, (CC_LONG)strlen(method));
CC_MD5_Update(&ctx, ":", 1);
CC_MD5_Update(&ctx, context->clientURI, strlen(context->clientURI));
CC_MD5_Update(&ctx, context->clientURI, (CC_LONG)strlen(context->clientURI));
/* conf|int */
if (context->type != HEIM_DIGEST_TYPE_RFC2069) {
if (strcmp(context->clientQOP, "auth") != 0) {
if (context->type == HEIM_DIGEST_TYPE_RFC2831) {
if (strcasecmp(context->clientQOP, "auth-int") == 0 || strcasecmp(context->clientQOP, "auth-conf") == 0) {
/* XXX if we have a body hash, use that */
static char conf_zeros[] = ":00000000000000000000000000000000";
CC_MD5_Update(&ctx, conf_zeros, sizeof(conf_zeros) - 1);
}
} else {
/* support auth-int ? */
if (context->clientQOP && strcasecmp(context->clientQOP, "auth") != 0)
return NULL;
}
CC_MD5_Final(md, &ctx);
@@ -194,7 +238,7 @@ free_values(struct md5_value *val)
static char *
values_find(struct md5_value **val, const char *v)
{
struct md5_value *cur = *val;
struct md5_value *cur;
char *str;
while (*val != NULL) {
@@ -325,6 +369,24 @@ parse_values(const char *string, struct md5_value **val)
return ENOMEM;
}
/*
*
*/
static const char *
check_prefix(heim_digest_t context, const char *challenge)
{
if (strncasecmp(digest_prefix, challenge, sizeof(digest_prefix) - 1) == 0) {
challenge += sizeof(digest_prefix) - 1;
while (*challenge == 0x20) /* remove extra space */
challenge++;
context->flags |= F_USE_PREFIX;
}
return challenge;
}
/*
*
*/
@@ -337,16 +399,89 @@ heim_digest_create(int server, int type)
context = calloc(1, sizeof(*context));
if (context == NULL)
return NULL;
context->server = server;
context->flags |= F_SERVER;
context->type = type;
return context;
}
static char *
generate_nonce(void)
{
uint8_t rand[8];
char *nonce;
if (CCRandomCopyBytes(kCCRandomDefault, rand, sizeof(rand)) != kCCSuccess)
return NULL;
if (rk_hex_encode(rand, sizeof(rand), &nonce) < 0)
return NULL;
return nonce;
}
/**
* Generate a challange, needs to set serverRealm before calling this function.
*
* If type is set to HEIM_DIGEST_TYPE_AUTO, the HEIM_DIGEST_TYPE_RFC2831 will be used instead.
*
* For RFC2617 and RFC2831 QOP is required, so if any qop other then "auth" is requested, it need to be set with heim_diest_set_key().
*
* @return returns the challenge or NULL on error or failure to build the string. the lifetime
* of the string is manage by heim_digest and last until the the context is
* freed or until next call to heim_digest_generate_challenge().
*/
const char *
heim_digest_generate_challenge(heim_digest_t context)
{
char *challenge = NULL;
if (context->serverRealm == NULL)
return NULL;
if (context->serverNonce == NULL) {
if ((context->serverNonce = generate_nonce()) == NULL)
return NULL;
}
if (context->serverQOP == NULL) {
if ((context->serverQOP = strdup("auth")) == NULL)
return NULL;
}
if (context->serverMaxbuf == NULL) {
if ((context->serverMaxbuf = strdup("65536")) == NULL)
return NULL;
}
switch(context->type) {
case HEIM_DIGEST_TYPE_RFC2617_MD5:
asprintf(&challenge, "realm=\"%s\",nonce=\"%s\",algorithm=md5,qop=\"%s\"",
context->serverRealm, context->serverNonce,
context->serverQOP);
break;
case HEIM_DIGEST_TYPE_RFC2617_MD5_SESS:
asprintf(&challenge, "realm=\"%s\",nonce=\"%s\",algorithm=md5-sess,qop=\"%s\"",
context->serverRealm, context->serverNonce, context->serverQOP);
break;
case HEIM_DIGEST_TYPE_RFC2069:
asprintf(&challenge, "realm=\"%s\",nonce=\"%s\"",
context->serverRealm, context->serverNonce);
break;
case HEIM_DIGEST_TYPE_AUTO:
context->type = HEIM_DIGEST_TYPE_RFC2831;
/* FALL THOUGH */
case HEIM_DIGEST_TYPE_RFC2831:
asprintf(&challenge, "realm=\"%s\",nonce=\"%s\",qop=\"%s\",algorithm=md5-sess,charset=utf-8,maxbuf=%s",
context->serverRealm, context->serverNonce, context->serverQOP, context->serverMaxbuf);
break;
}
FREE_AND_CLEAR(context->serverChallenge);
context->serverChallenge = challenge;
return challenge;
}
int
@@ -355,6 +490,8 @@ heim_digest_parse_challenge(heim_digest_t context, const char *challenge)
struct md5_value *val = NULL;
int ret, type;
challenge = check_prefix(context, challenge);
ret = parse_values(challenge, &val);
if (ret)
goto out;
@@ -367,29 +504,28 @@ heim_digest_parse_challenge(heim_digest_t context, const char *challenge)
context->serverRealm = values_find(&val, "realm");
if (context->serverRealm == NULL) goto out;
context->serverQOP = values_find(&val, "qop");
if (context->serverQOP == NULL)
context->serverQOP = strdup("auth");
if (context->serverQOP == NULL) goto out;
/* check alg */
context->serverAlgorithm = values_find(&val, "algorithm");
if (context->serverAlgorithm == NULL || strcasecmp(context->serverAlgorithm, "md5") == 0) {
type = HEIM_DIGEST_TYPE_RFC2069;
type = HEIM_DIGEST_TYPE_RFC2617_MD5;
} else if (strcasecmp(context->serverAlgorithm, "md5-sess") == 0) {
type = HEIM_DIGEST_TYPE_MD5_SESS;
type = HEIM_DIGEST_TYPE_RFC2617_OR_RFC2831;
} else {
goto out;
}
if (context->type != HEIM_DIGEST_TYPE_AUTO && context->type != type)
context->serverQOP = values_find(&val, "qop");
if (context->serverQOP == NULL)
type = HEIM_DIGEST_TYPE_RFC2069;
context->serverOpaque = values_find(&val, "opaque");
if (context->type != HEIM_DIGEST_TYPE_AUTO && (context->type & type) == 0)
goto out;
else
else if (context->type == HEIM_DIGEST_TYPE_AUTO)
context->type = type;
ret = 0;
out:
free_values(val);
@@ -398,6 +534,19 @@ heim_digest_parse_challenge(heim_digest_t context, const char *challenge)
return ret;
}
static void
set_auth_method(heim_digest_t context)
{
if (context->serverMethod == NULL) {
if (context->type == HEIM_DIGEST_TYPE_RFC2831)
context->serverMethod = strdup("AUTHENTICATE");
else
context->serverMethod = strdup("GET");
}
}
int
heim_digest_parse_response(heim_digest_t context, const char *response)
{
@@ -405,19 +554,40 @@ heim_digest_parse_response(heim_digest_t context, const char *response)
char *nonce;
int ret;
response = check_prefix(context, response);
ret = parse_values(response, &val);
if (ret)
goto out;
ret = 1;
if (context->type == HEIM_DIGEST_TYPE_AUTO)
if (context->type == HEIM_DIGEST_TYPE_AUTO) {
goto out;
} else if (context->type == HEIM_DIGEST_TYPE_RFC2617_OR_RFC2831) {
context->clientURI = values_find(&val, "uri");
if (context->clientURI) {
context->type = HEIM_DIGEST_TYPE_RFC2617_MD5_SESS;
} else {
context->clientURI = values_find(&val, "digest-uri");
context->type = HEIM_DIGEST_TYPE_RFC2831;
}
} else if (context->type == HEIM_DIGEST_TYPE_RFC2831) {
context->clientURI = values_find(&val, "digest-uri");
} else {
context->clientURI = values_find(&val, "uri");
}
if (context->clientURI == NULL)
goto out;
context->clientUsername = values_find(&val, "username");
if (context->clientUsername == NULL) goto out;
/* if client sent realm, make sure its the same of serverRealm if its set */
context->clientRealm = values_find(&val, "realm");
if (context->clientRealm && context->serverRealm && strcmp(context->clientRealm, context->serverRealm) != 0)
goto out;
context->clientResponse = values_find(&val, "response");
if (context->clientResponse == NULL) goto out;
@@ -431,13 +601,38 @@ heim_digest_parse_response(heim_digest_t context, const char *response)
}
free(nonce);
if (context->type != HEIM_DIGEST_TYPE_RFC2069) {
context->clientQOP = values_find(&val, "qop");
if (context->clientQOP == NULL)
context->clientQOP = strdup("auth");
if (context->clientQOP == NULL) goto out;
/*
* If we have serverQOP, lets check that clientQOP exists
* in the list of server entries.
*/
if (context->serverQOP) {
Boolean found = false;
char *b, *e;
size_t len, clen = strlen(context->clientQOP);
b = context->serverQOP;
while (b && !found) {
e = strchr(b, ',');
if (e == NULL)
len = strlen(b);
else {
len = e - b;
e += 1;
}
if (clen == len && strncmp(b, context->clientQOP, len) == 0)
found = true;
b = e;
}
if (!found)
goto out;
}
if (context->type != HEIM_DIGEST_TYPE_RFC2069) {
context->clientNC = values_find(&val, "nc");
if (context->clientNC == NULL) goto out;
@@ -445,11 +640,7 @@ heim_digest_parse_response(heim_digest_t context, const char *response)
if (context->clientNonce == NULL) goto out;
}
if (context->type == HEIM_DIGEST_TYPE_RFC2069)
context->clientURI = values_find(&val, "uri");
else
context->clientURI = values_find(&val, "digest-uri");
if (context->clientURI == NULL) goto out;
set_auth_method(context);
ret = 0;
out:
@@ -457,33 +648,18 @@ heim_digest_parse_response(heim_digest_t context, const char *response)
return ret;
}
const char *
heim_digest_get_key(heim_digest_t context, const char *key)
char *
heim_digest_userhash(const char *user, const char *realm, const char *password)
{
if (strcmp(key, "username") == 0) {
return context->clientUsername;
} else if (strcmp(key, "realm") == 0) {
return context->clientRealm;
} else {
return NULL;
}
}
unsigned char md[CC_MD5_DIGEST_LENGTH];
char *str = NULL;
int
heim_digest_set_key(heim_digest_t context, const char *key, const char *value)
{
if (strcmp(key, "password") == 0) {
FREE_AND_CLEAR(context->password);
if ((context->password = strdup(value)) == NULL)
return ENOMEM;
} else if (strcmp(key, "method") == 0) {
FREE_AND_CLEAR(context->serverMethod);
if ((context->serverMethod = strdup(value)) != NULL)
return ENOMEM;
} else {
return EINVAL;
}
return 0;
digest_userhash(user, realm, password, md);
hex_encode(md, sizeof(md), &str);
if (str)
strlwr(str);
return str;
}
static char *
@@ -498,19 +674,19 @@ build_digest(heim_digest_t context, const char *a1, const char *method)
return NULL;
CC_MD5_Init(&ctx);
CC_MD5_Update(&ctx, a1, strlen(a1));
CC_MD5_Update(&ctx, a1, (CC_LONG)strlen(a1));
CC_MD5_Update(&ctx, ":", 1);
CC_MD5_Update(&ctx, context->serverNonce, strlen(context->serverNonce));
CC_MD5_Update(&ctx, context->serverNonce, (CC_LONG)strlen(context->serverNonce));
if (context->type != HEIM_DIGEST_TYPE_RFC2069) {
CC_MD5_Update(&ctx, ":", 1);
CC_MD5_Update(&ctx, context->clientNC, strlen(context->clientNC));
CC_MD5_Update(&ctx, context->clientNC, (CC_LONG)strlen(context->clientNC));
CC_MD5_Update(&ctx, ":", 1);
CC_MD5_Update(&ctx, context->clientNonce, strlen(context->clientNonce));
CC_MD5_Update(&ctx, context->clientNonce, (CC_LONG)strlen(context->clientNonce));
CC_MD5_Update(&ctx, ":", 1);
CC_MD5_Update(&ctx, context->clientQOP, strlen(context->clientQOP));
CC_MD5_Update(&ctx, context->clientQOP, (CC_LONG)strlen(context->clientQOP));
}
CC_MD5_Update(&ctx, ":", 1);
CC_MD5_Update(&ctx, a2, strlen(a2));
CC_MD5_Update(&ctx, a2, (CC_LONG)strlen(a2));
CC_MD5_Final(md, &ctx);
free(a2);
@@ -522,35 +698,146 @@ build_digest(heim_digest_t context, const char *a1, const char *method)
return str;
}
const char *
heim_digest_create_response(heim_digest_t context)
static void
build_server_response(heim_digest_t context, char *a1, char **response)
{
char *str;
str = build_digest(context, a1, NULL);
if (str == NULL)
return;
FREE_AND_CLEAR(context->serverReply);
asprintf(&context->serverReply, "%srspauth=%s",
(context->flags & F_USE_PREFIX) ? digest_prefix : "",
str);
free(str);
if (response)
*response = context->serverReply;
}
/**
* Create response from server to client to server, server verification is in response.
* clientUsername and clientURI have to be given.
* If realm is not set, its used from server.
*/
const char *
heim_digest_create_response(heim_digest_t context, char **response)
{
char *a1, *str, *cnonce = NULL, *opaque = NULL, *uri = NULL, *nc = NULL;
if (response)
*response = NULL;
if (context->clientUsername == NULL || context->clientURI == NULL)
return NULL;
if (context->clientRealm == NULL) {
if (context->serverRealm == NULL)
return NULL;
if ((context->clientRealm = strdup(context->serverRealm)) == NULL)
return NULL;
}
if (context->type != HEIM_DIGEST_TYPE_RFC2069) {
if (context->clientNC == NULL) {
if ((context->clientNC = strdup("00000001")) == NULL)
return NULL;
}
if (context->clientNonce == NULL) {
if ((context->clientNonce = generate_nonce()) == NULL)
return NULL;
}
/**
* If using non RFC2069, appropriate QOP should be set.
*
* Pick QOP from server if not given, if its a list, pick the first entry
*/
if (context->clientQOP == NULL) {
char *r;
if (context->serverQOP == NULL)
return NULL;
r = strchr(context->serverQOP, ',');
if (r == NULL) {
if ((context->clientQOP = strdup(context->serverQOP)) == NULL)
return NULL;
} else {
size_t len = (r - context->serverQOP) + 1;
if ((context->clientQOP = malloc(len)) == NULL)
return NULL;
strlcpy(context->clientQOP, context->serverQOP, len);
}
}
}
set_auth_method(context);
a1 = build_A1_hash(context);
if (a1 == NULL)
return NULL;
str = build_digest(context, a1, context->serverMethod);
if (str == NULL) {
MEMSET_FREE_AND_CLEAR(a1);
return NULL;
}
MEMSET_FREE_AND_CLEAR(context->clientResponse);
context->clientResponse = str;
if (context->clientURI) {
const char *name = "digest-uri";
if (context->type != HEIM_DIGEST_TYPE_RFC2831)
name = "uri";
asprintf(&uri, ",%s=\"%s\"", name, context->clientURI);
}
if (context->serverOpaque)
asprintf(&opaque, ",opaque=\"%s\"", context->serverOpaque);
if (context->clientNonce)
asprintf(&cnonce, ",cnonce=\"%s\"", context->clientNonce);
if (context->clientNC)
asprintf(&nc, ",nc=%s", context->clientNC);
asprintf(&context->clientReply,
"username=%s,realm=%s,nonce=\"%s\",qop=\"%s\"%s%s%s,response=\"%s\"%s",
context->clientUsername, context->clientRealm,
context->serverNonce,
context->clientQOP,
uri ? uri : "",
cnonce ? cnonce : "",
nc ? nc : "",
context->clientResponse,
opaque ? opaque : "");
build_server_response(context, a1, response);
MEMSET_FREE_AND_CLEAR(a1);
FREE_AND_CLEAR(uri);
FREE_AND_CLEAR(opaque);
FREE_AND_CLEAR(cnonce);
FREE_AND_CLEAR(nc);
return context->clientReply;
}
int
heim_digest_verify(heim_digest_t context, char **response)
{
CC_MD5_CTX ctx;
char *a1, *a2;
uint8_t md[CC_MD5_DIGEST_LENGTH];
char *a1;
char *str;
int res;
if (response)
*response = NULL;
if (context->serverMethod == NULL) {
if (context->type != HEIM_DIGEST_TYPE_RFC2069)
context->serverMethod = strdup("AUTHENTICATE");
else
context->serverMethod = strdup("GET");
}
set_auth_method(context);
a1 = build_A1_hash(context->type,
context->clientUsername, context->password,
context->serverRealm, context->serverNonce,
context->clientNonce, context->auth_id);
a1 = build_A1_hash(context);
if (a1 == NULL)
return ENOMEM;
@@ -568,21 +855,42 @@ heim_digest_verify(heim_digest_t context, char **response)
}
/* build server_response */
if (response) {
str = build_digest(context, a1, NULL);
if (str == NULL) {
MEMSET_FREE_AND_CLEAR(a1);
return ENOMEM;
}
asprintf(response, "rspauth=%s", str);
free(str);
}
build_server_response(context, a1, response);
MEMSET_FREE_AND_CLEAR(a1);
/* XXX break ABI and return internally allocated string instead */
if (response)
*response = strdup(*response);
return 0;
}
/**
* Create a rspauth= response.
* Assumes that the A1hash/password serverNonce, clientNC, clientNonce, clientQOP is set.
*
* @return the rspauth string (including rspauth), return key are stored in serverReply and will be invalid after another call to heim_digest_*
*/
const char *
heim_digest_server_response(heim_digest_t context)
{
char *a1;
if (context->serverNonce == NULL)
return NULL;
if (context->clientURI == NULL)
return NULL;
a1 = build_A1_hash(context);
if (a1 == NULL)
return NULL;
build_server_response(context, a1, NULL);
MEMSET_FREE_AND_CLEAR(a1);
return context->serverReply;
}
void
heim_digest_get_session_key(heim_digest_t context, void **key, size_t *keySize)
{
@@ -595,3 +903,92 @@ heim_digest_release(heim_digest_t context)
free(context);
}
struct {
char *name;
size_t offset;
} keys[] = {
#define KVN(value) { #value, offsetof(struct heim_digest_desc, value) }
KVN(serverNonce),
KVN(serverRealm),
KVN(serverQOP),
KVN(serverMethod),
{ "method", offsetof(struct heim_digest_desc, serverMethod) },
KVN(serverMaxbuf),
KVN(clientUsername),
{ "username", offsetof(struct heim_digest_desc, clientUsername) },
KVN(clientResponse),
KVN(clientURI),
{ "uri", offsetof(struct heim_digest_desc, clientURI) },
KVN(clientRealm),
{ "realm", offsetof(struct heim_digest_desc, clientRealm) },
KVN(clientNonce),
KVN(clientQOP),
KVN(clientNC),
KVN(serverAlgorithm),
KVN(auth_id)
#undef KVN
};
const char *
heim_digest_get_key(heim_digest_t context, const char *key)
{
size_t n;
for (n = 0; n < sizeof(keys) / sizeof(keys[0]); n++) {
if (strcasecmp(key, keys[n].name) == 0) {
char **ptr = (char **)((((char *)context) + keys[n].offset));
return *ptr;
}
}
return NULL;
}
int
heim_digest_set_key(heim_digest_t context, const char *key, const char *value)
{
if (strcmp(key, "password") == 0) {
FREE_AND_CLEAR(context->password);
if ((context->password = strdup(value)) == NULL)
return ENOMEM;
context->flags &= ~(F_HAVE_HASH|F_HAVE_HA1);
} else if (strcmp(key, "userhash") == 0) {
ssize_t ret;
FREE_AND_CLEAR(context->password);
ret = hex_decode(value, context->SecretHash, sizeof(context->SecretHash));
if (ret != sizeof(context->SecretHash))
return EINVAL;
context->flags &= ~F_HAVE_HA1;
context->flags |= F_HAVE_HASH;
} else if (strcmp(key, "H(A1)") == 0) {
ssize_t ret;
FREE_AND_CLEAR(context->password);
ret = hex_decode(value, context->SecretHash, sizeof(context->SecretHash));
if (ret != sizeof(context->SecretHash))
return EINVAL;
context->flags &= ~F_HAVE_HASH;
context->flags |= F_HAVE_HA1;
} else if (strcmp(key, "method") == 0) {
FREE_AND_CLEAR(context->serverMethod);
if ((context->serverMethod = strdup(value)) == NULL)
return ENOMEM;
} else {
size_t n;
for (n = 0; n < sizeof(keys) / sizeof(keys[0]); n++) {
if (strcasecmp(key, keys[n].name) == 0) {
char **ptr = (char **)((((char *)context) + keys[n].offset));
FREE_AND_CLEAR(*ptr);
if (((*ptr) = strdup(value)) == NULL)
return ENOMEM;
break;
}
}
if (n == sizeof(keys) / sizeof(keys[0]))
return ENOENT;
}
return 0;
}

29
lib/ntlm/heim-auth.h
View File

@@ -1,3 +1,8 @@
#ifdef __cplusplus
extern "C" {
#endif
/*
* Generate challange for APOP and CRAM-MD5
*/
@@ -24,7 +29,7 @@ typedef struct heim_HMAC_MD5_STATE_s {
uint32_t ostate[4];
} heim_CRAM_MD5_STATE;
typedef struct heim_cram_md5 *heim_cram_md5;
typedef struct heim_cram_md5_data *heim_cram_md5;
char *
heim_cram_md5_create(const char *challenge, const char *password);
@@ -56,7 +61,6 @@ heim_cram_md5_free(heim_cram_md5 ctx);
* response = read_from_client();
*
* heim_digest_parse_response(d, response);
*
* const char *user = heim_digest_get_key(d, "username");
* heim_digest_set_key(d, "password", "sommar17");
*
@@ -74,8 +78,15 @@ heim_digest_create(int server, int type);
#define HEIM_DIGEST_TYPE_AUTO 0
#define HEIM_DIGEST_TYPE_RFC2069 1
#define HEIM_DIGEST_TYPE_RFC2617_MD5 2
#define HEIM_DIGEST_TYPE_RFC2617_MD5_SESS 4
#define HEIM_DIGEST_TYPE_RFC2831 8
#define HEIM_DIGEST_TYPE_RFC2617_OR_RFC2831 12
/* old deprecated names, use the two above instead */
#define HEIM_DIGEST_TYPE_MD5 2
#define HEIM_DIGEST_TYPE_MD5_SESS 3
#define HEIM_DIGEST_TYPE_MD5_SESS 4
void
heim_digest_init_set_key(heim_digest_t context, const char *key, const char *value);
@@ -105,10 +116,20 @@ int
heim_digest_verify(heim_digest_t context, char **response);
const char *
heim_digest_create_response(heim_digest_t context);
heim_digest_create_response(heim_digest_t context, char **response);
void
heim_digest_get_session_key(heim_digest_t context, void **key, size_t *keySize);
void
heim_digest_release(heim_digest_t context);
char *
heim_digest_userhash(const char *user, const char *realm, const char *password);
const char *
heim_digest_server_response(heim_digest_t context);
#ifdef __cplusplus
}
#endif

13
lib/ntlm/heimntlm.h
View File

@@ -70,8 +70,8 @@ struct ntlm_buf {
#define NTLM_TARGET_DOMAIN 0x00010000
#define NTLM_TARGET_SERVER 0x00020000
#define NTLM_TARGET_SHARE 0x00040000
#define NTLM_NEG_NTLM2_SESSION 0x00080000
#define NTLM_TARGET_SHARE 0x00040000 /* mbz */
#define NTLM_NEG_NTLM2_SESSION 0x00080000 /* EXTENDED_SESSIONSECURITY */
#define NTLM_NEG_NTLM2 0x00080000
#define NTLM_NEG_IDENTIFY 0x00100000
@@ -95,7 +95,9 @@ struct ntlm_buf {
* heim_ntlm_free_targetinfo().
*/
/* avflags */
#define NTLM_TI_AV_FLAG_GUEST 0x00000001
#define NTLM_TI_AV_FLAG_MIC 0x00000002
struct ntlm_targetinfo {
char *servername; /**< */
@@ -104,6 +106,9 @@ struct ntlm_targetinfo {
char *dnsservername; /**< */
char *dnstreename; /**< */
uint32_t avflags; /**< */
char *targetname;
struct ntlm_buf channel_bindings;
uint64_t timestamp;
};
/**
@@ -149,8 +154,12 @@ struct ntlm_type3 {
struct ntlm_buf sessionkey; /**< */
char *ws; /**< */
uint32_t os[2]; /**< */
size_t mic_offset;
uint8_t mic[16];
};
extern time_t heim_ntlm_time_skew;
#include <ntlm_err.h>
#include <heimntlm-protos.h>

538
lib/ntlm/ntlm.c
View File

@@ -44,9 +44,12 @@
#include <limits.h>
#include <roken.h>
#include <wind.h>
#include <parse_units.h>
#include <krb5.h>
#define HC_DEPRECATED_CRYPTO
#include "krb5-types.h"
@@ -103,6 +106,8 @@ struct sec_buffer {
static const unsigned char ntlmsigature[8] = "NTLMSSP\x00";
time_t heim_ntlm_time_skew = 300;
/*
*
*/
@@ -116,6 +121,25 @@ static const unsigned char ntlmsigature[8] = "NTLMSSP\x00";
} \
} while(/*CONSTCOND*/0)
#define CHECK_SIZE(f, e) \
do { \
ssize_t sret = f; \
if (sret != (ssize_t)(e)) { \
ret = HNTLM_ERR_DECODE; \
goto out; \
} \
} while(/*CONSTCOND*/0)
#define CHECK_OFFSET(f, e) \
do { \
off_t sret = f; \
if (sret != (e)) { \
ret = HNTLM_ERR_DECODE; \
goto out; \
} \
} while(/*CONSTCOND*/0)
static struct units ntlm_flag_units[] = {
#define ntlm_flag(x) { #x, NTLM_##x }
ntlm_flag(ENC_56),
@@ -182,32 +206,57 @@ heim_ntlm_free_buf(struct ntlm_buf *p)
static int
ascii2ucs2le(const char *string, int up, struct ntlm_buf *buf)
{
unsigned char *p;
size_t len, i;
uint16_t *data;
size_t len, n;
uint8_t *p;
int ret;
len = strlen(string);
if (len / 2 > UINT_MAX)
ret = wind_utf8ucs2_length(string, &len);
if (ret)
return ret;
if (len > UINT_MAX / sizeof(data[0]))
return ERANGE;
data = malloc(len * sizeof(data[0]));
if (data == NULL)
return ENOMEM;
ret = wind_utf8ucs2(string, data, &len);
if (ret) {
free(data);
return ret;
}
if (len == 0) {
free(data);
buf->data = NULL;
buf->length = 0;
return 0;
}
/* uppercase string, only handle ascii right now */
if (up) {
for (n = 0; n < len ; n++) {
if (data[n] < 128)
data[n] = toupper((int)data[n]);
}
}
buf->length = len * 2;
buf->data = malloc(buf->length);
p = buf->data = malloc(buf->length);
if (buf->data == NULL && len != 0) {
free(data);
heim_ntlm_free_buf(buf);
return ENOMEM;
}
p = buf->data;
for (i = 0; i < len; i++) {
unsigned char t = (unsigned char)string[i];
if (t & 0x80) {
heim_ntlm_free_buf(buf);
return EINVAL;
}
if (up)
t = toupper(t);
p[(i * 2) + 0] = t;
p[(i * 2) + 1] = 0;
for (n = 0; n < len ; n++) {
p[(n * 2) + 0] = (data[n] ) & 0xff;
p[(n * 2) + 1] = (data[n] >> 8) & 0xff;
}
memset(data, 0, sizeof(data[0]) * len);
free(data);
return 0;
}
@@ -242,13 +291,20 @@ out:
* wire, but using utf8 in memory.
*/
static krb5_error_code
static size_t
len_string(int ucs2, const char *s)
{
size_t len = strlen(s);
if (ucs2)
len *= 2;
return len;
if (ucs2) {
size_t len;
int ret;
ret = wind_utf8ucs2_length(s, &len);
if (ret == 0)
return len * 2;
return strlen(s) * 5 * 2;
} else {
return strlen(s);
}
}
/*
@@ -259,28 +315,50 @@ static krb5_error_code
ret_string(krb5_storage *sp, int ucs2, size_t len, char **s)
{
krb5_error_code ret;
uint16_t *data = NULL;
*s = malloc(len + 1);
if (*s == NULL)
return ENOMEM;
CHECK(krb5_storage_read(sp, *s, len), len);
CHECK_SIZE(krb5_storage_read(sp, *s, len), len);
(*s)[len] = '\0';
if (ucs2) {
size_t i;
for (i = 0; i < len / 2; i++) {
(*s)[i] = (*s)[i * 2];
if ((*s)[i * 2 + 1]) {
free(*s);
*s = NULL;
return EINVAL;
unsigned int flags = WIND_RW_LE;
size_t utf16len = len / 2;
size_t utf8len;
data = malloc(utf16len * sizeof(data[0]));
if (data == NULL) {
free(*s); *s = NULL;
ret = ENOMEM;
goto out;
}
ret = wind_ucs2read(*s, len, &flags, data, &utf16len);
free(*s); *s = NULL;
if (ret) {
goto out;
}
(*s)[i] = '\0';
CHECK(wind_ucs2utf8_length(data, utf16len, &utf8len), 0);
utf8len += 1;
*s = malloc(utf8len);
if (s == NULL) {
ret = ENOMEM;
goto out;
}
CHECK(wind_ucs2utf8(data, utf16len, *s, &utf8len), 0);
}
ret = 0;
out:
if (data)
free(data);
return ret;
}
@@ -290,7 +368,7 @@ static krb5_error_code
ret_sec_string(krb5_storage *sp, int ucs2, struct sec_buffer *desc, char **s)
{
krb5_error_code ret = 0;
CHECK(krb5_storage_seek(sp, desc->offset, SEEK_SET), desc->offset);
CHECK_OFFSET(krb5_storage_seek(sp, desc->offset, SEEK_SET), desc->offset);
CHECK(ret_string(sp, ucs2, desc->length, s), 0);
out:
return ret;
@@ -311,7 +389,7 @@ put_string(krb5_storage *sp, int ucs2, const char *s)
buf.length = strlen(s);
}
CHECK(krb5_storage_write(sp, buf.data, buf.length), buf.length);
CHECK_SIZE(krb5_storage_write(sp, buf.data, buf.length), buf.length);
if (ucs2)
heim_ntlm_free_buf(&buf);
ret = 0;
@@ -330,8 +408,8 @@ ret_buf(krb5_storage *sp, struct sec_buffer *desc, struct ntlm_buf *buf)
buf->data = malloc(desc->length);
buf->length = desc->length;
CHECK(krb5_storage_seek(sp, desc->offset, SEEK_SET), desc->offset);
CHECK(krb5_storage_read(sp, buf->data, buf->length), buf->length);
CHECK_OFFSET(krb5_storage_seek(sp, desc->offset, SEEK_SET), desc->offset);
CHECK_SIZE(krb5_storage_read(sp, buf->data, buf->length), buf->length);
ret = 0;
out:
return ret;
@@ -341,7 +419,7 @@ static krb5_error_code
put_buf(krb5_storage *sp, const struct ntlm_buf *buf)
{
krb5_error_code ret;
CHECK(krb5_storage_write(sp, buf->data, buf->length), buf->length);
CHECK_SIZE(krb5_storage_write(sp, buf->data, buf->length), buf->length);
ret = 0;
out:
return ret;
@@ -363,6 +441,8 @@ heim_ntlm_free_targetinfo(struct ntlm_targetinfo *ti)
free(ti->dnsdomainname);
free(ti->dnsservername);
free(ti->dnstreename);
free(ti->targetname);
heim_ntlm_free_buf(&ti->channel_bindings);
memset(ti, 0, sizeof(*ti));
}
@@ -423,6 +503,20 @@ heim_ntlm_encode_targetinfo(const struct ntlm_targetinfo *ti,
CHECK(krb5_store_uint16(out, 4), 0);
CHECK(krb5_store_uint32(out, ti->avflags), 0);
}
if (ti->timestamp) {
CHECK(krb5_store_uint16(out, 7), 0);
CHECK(krb5_store_uint16(out, 8), 0);
CHECK(krb5_store_uint32(out, ti->timestamp & 0xffffffff), 0);
CHECK(krb5_store_uint32(out, (ti->timestamp >> 32) & 0xffffffff), 0);
}
if (ti->targetname) {
CHECK(encode_ti_string(out, 9, ucs2, ti->targetname), 0);
}
if (ti->channel_bindings.length) {
CHECK(krb5_store_uint16(out, 10), 0);
CHECK(krb5_store_uint16(out, ti->channel_bindings.length), 0);
CHECK_SIZE(krb5_storage_write(out, ti->channel_bindings.data, ti->channel_bindings.length), ti->channel_bindings.length);
}
/* end tag */
CHECK(krb5_store_int16(out, 0), 0);
@@ -497,6 +591,26 @@ heim_ntlm_decode_targetinfo(const struct ntlm_buf *data,
case 6:
CHECK(krb5_ret_uint32(in, &ti->avflags), 0);
break;
case 7: {
uint32_t tmp;
CHECK(krb5_ret_uint32(in, &tmp), 0);
ti->timestamp = tmp;
CHECK(krb5_ret_uint32(in, &tmp), 0);
ti->timestamp |= ((uint64_t)tmp) << 32;
break;
}
case 9:
CHECK(ret_string(in, 1, len, &ti->targetname), 0);
break;
case 10:
ti->channel_bindings.data = malloc(len);
if (ti->channel_bindings.data == NULL) {
ret = ENOMEM;
goto out;
}
ti->channel_bindings.length = len;
CHECK_SIZE(krb5_storage_read(in, ti->channel_bindings.data, len), len);
break;
default:
krb5_storage_seek(in, len, SEEK_CUR);
break;
@@ -508,6 +622,21 @@ heim_ntlm_decode_targetinfo(const struct ntlm_buf *data,
return ret;
}
static krb5_error_code
encode_os_version(krb5_storage *out)
{
krb5_error_code ret;
CHECK(krb5_store_uint8(out, 0x06), 0);
CHECK(krb5_store_uint8(out, 0x01), 0);
CHECK(krb5_store_uint16(out, 0x1db0), 0);
CHECK(krb5_store_uint8(out, 0x0f), 0); /* ntlm version 15 */
CHECK(krb5_store_uint8(out, 0x00), 0);
CHECK(krb5_store_uint8(out, 0x00), 0);
CHECK(krb5_store_uint8(out, 0x00), 0);
out:
return ret;
}
/**
* Frees the ntlm_type1 message
*
@@ -544,7 +673,7 @@ heim_ntlm_decode_type1(const struct ntlm_buf *buf, struct ntlm_type1 *data)
}
krb5_storage_set_byteorder(in, KRB5_STORAGE_BYTEORDER_LE);
CHECK(krb5_storage_read(in, sig, sizeof(sig)), sizeof(sig));
CHECK_SIZE(krb5_storage_read(in, sig, sizeof(sig)), sizeof(sig));
CHECK(memcmp(ntlmsigature, sig, sizeof(ntlmsigature)), 0);
CHECK(krb5_ret_uint32(in, &type), 0);
CHECK(type, 1);
@@ -605,8 +734,8 @@ heim_ntlm_encode_type1(const struct ntlm_type1 *type1, struct ntlm_buf *data)
base += 8;
flags |= NTLM_OEM_SUPPLIED_WORKSTATION;
}
if (type1->os[0])
base += 8;
if (flags & NTLM_NEG_VERSION)
base += 8; /* os */
domain.offset = base;
if (type1->domain) {
@@ -631,17 +760,16 @@ heim_ntlm_encode_type1(const struct ntlm_type1 *type1, struct ntlm_buf *data)
return ENOMEM;
krb5_storage_set_byteorder(out, KRB5_STORAGE_BYTEORDER_LE);
CHECK(krb5_storage_write(out, ntlmsigature, sizeof(ntlmsigature)),
CHECK_SIZE(krb5_storage_write(out, ntlmsigature, sizeof(ntlmsigature)),
sizeof(ntlmsigature));
CHECK(krb5_store_uint32(out, 1), 0);
CHECK(krb5_store_uint32(out, flags), 0);
CHECK(store_sec_buffer(out, &domain), 0);
CHECK(store_sec_buffer(out, &hostname), 0);
#if 0
CHECK(krb5_store_uint32(out, type1->os[0]), 0);
CHECK(krb5_store_uint32(out, type1->os[1]), 0);
#endif
if (flags & NTLM_NEG_VERSION) {
CHECK(encode_os_version(out), 0);
}
if (type1->domain)
CHECK(put_string(out, 0, type1->domain), 0);
if (type1->hostname)
@@ -695,7 +823,7 @@ heim_ntlm_decode_type2(const struct ntlm_buf *buf, struct ntlm_type2 *type2)
}
krb5_storage_set_byteorder(in, KRB5_STORAGE_BYTEORDER_LE);
CHECK(krb5_storage_read(in, sig, sizeof(sig)), sizeof(sig));
CHECK_SIZE(krb5_storage_read(in, sig, sizeof(sig)), sizeof(sig));
CHECK(memcmp(ntlmsigature, sig, sizeof(ntlmsigature)), 0);
CHECK(krb5_ret_uint32(in, &type), 0);
CHECK(type, 2);
@@ -704,7 +832,7 @@ heim_ntlm_decode_type2(const struct ntlm_buf *buf, struct ntlm_type2 *type2)
CHECK(krb5_ret_uint32(in, &type2->flags), 0);
if (type2->flags & NTLM_NEG_UNICODE)
ucs2 = 1;
CHECK(krb5_storage_read(in, type2->challenge, sizeof(type2->challenge)),
CHECK_SIZE(krb5_storage_read(in, type2->challenge, sizeof(type2->challenge)),
sizeof(type2->challenge));
CHECK(krb5_ret_uint32(in, &ctx[0]), 0); /* context */
CHECK(krb5_ret_uint32(in, &ctx[1]), 0);
@@ -771,23 +899,22 @@ heim_ntlm_encode_type2(const struct ntlm_type2 *type2, struct ntlm_buf *data)
return ENOMEM;
krb5_storage_set_byteorder(out, KRB5_STORAGE_BYTEORDER_LE);
CHECK(krb5_storage_write(out, ntlmsigature, sizeof(ntlmsigature)),
CHECK_SIZE(krb5_storage_write(out, ntlmsigature, sizeof(ntlmsigature)),
sizeof(ntlmsigature));
CHECK(krb5_store_uint32(out, 2), 0);
CHECK(store_sec_buffer(out, &targetname), 0);
CHECK(krb5_store_uint32(out, type2->flags), 0);
CHECK(krb5_storage_write(out, type2->challenge, sizeof(type2->challenge)),
CHECK_SIZE(krb5_storage_write(out, type2->challenge, sizeof(type2->challenge)),
sizeof(type2->challenge));
CHECK(krb5_store_uint32(out, 0), 0); /* context */
CHECK(krb5_store_uint32(out, 0), 0);
CHECK(store_sec_buffer(out, &targetinfo), 0);
/* os version */
if (type2->flags & NTLM_NEG_VERSION) {
CHECK(krb5_store_uint32(out, type2->os[0]), 0);
CHECK(krb5_store_uint32(out, type2->os[1]), 0);
CHECK(encode_os_version(out), 0);
}
CHECK(put_string(out, ucs2, type2->targetname), 0);
CHECK(krb5_storage_write(out, type2->targetinfo.data,
CHECK_SIZE(krb5_storage_write(out, type2->targetinfo.data,
type2->targetinfo.length),
type2->targetinfo.length);
@@ -841,7 +968,7 @@ heim_ntlm_decode_type3(const struct ntlm_buf *buf,
uint32_t type;
krb5_storage *in;
struct sec_buffer lm, ntlm, target, username, sessionkey, ws;
uint32_t min_offset = 72;
uint32_t min_offset = 0xffffffff;
memset(type3, 0, sizeof(*type3));
memset(&sessionkey, 0, sizeof(sessionkey));
@@ -853,35 +980,38 @@ heim_ntlm_decode_type3(const struct ntlm_buf *buf,
}
krb5_storage_set_byteorder(in, KRB5_STORAGE_BYTEORDER_LE);
CHECK(krb5_storage_read(in, sig, sizeof(sig)), sizeof(sig));
CHECK_SIZE(krb5_storage_read(in, sig, sizeof(sig)), sizeof(sig));
CHECK(memcmp(ntlmsigature, sig, sizeof(ntlmsigature)), 0);
CHECK(krb5_ret_uint32(in, &type), 0);
CHECK(type, 3);
CHECK(ret_sec_buffer(in, &lm), 0);
if (lm.allocated)
min_offset = min(min_offset, lm.offset);
min_offset = MIN(min_offset, lm.offset);
CHECK(ret_sec_buffer(in, &ntlm), 0);
if (ntlm.allocated)
min_offset = min(min_offset, ntlm.offset);
min_offset = MIN(min_offset, ntlm.offset);
CHECK(ret_sec_buffer(in, &target), 0);
if (target.allocated)
min_offset = min(min_offset, target.offset);
min_offset = MIN(min_offset, target.offset);
CHECK(ret_sec_buffer(in, &username), 0);
if (username.allocated)
min_offset = min(min_offset, username.offset);
min_offset = MIN(min_offset, username.offset);
CHECK(ret_sec_buffer(in, &ws), 0);
if (ws.allocated)
min_offset = min(min_offset, ws.offset);
min_offset = MIN(min_offset, ws.offset);
if (min_offset > 52) {
if (min_offset >= 52) {
CHECK(ret_sec_buffer(in, &sessionkey), 0);
min_offset = max(min_offset, sessionkey.offset);
min_offset = MIN(min_offset, sessionkey.offset);
CHECK(krb5_ret_uint32(in, &type3->flags), 0);
}
if (min_offset > 52 + 8 + 4 + 8) {
if (min_offset >= 52 + 8 + 4 + 8) {
CHECK(krb5_ret_uint32(in, &type3->os[0]), 0);
CHECK(krb5_ret_uint32(in, &type3->os[1]), 0);
}
if (min_offset >= 52 + 8 + 4 + 8 + 16) {
type3->mic_offset = 52 + 8 + 4 + 8;
CHECK_SIZE(krb5_storage_read(in, type3->mic, sizeof(type3->mic)), sizeof(type3->mic));
} else
type3->mic_offset = 0;
CHECK(ret_buf(in, &lm, &type3->lm), 0);
CHECK(ret_buf(in, &ntlm, &type3->ntlm), 0);
CHECK(ret_sec_string(in, ucs2, &target, &type3->targetname), 0);
@@ -913,7 +1043,7 @@ out:
*/
int
heim_ntlm_encode_type3(const struct ntlm_type3 *type3, struct ntlm_buf *data)
heim_ntlm_encode_type3(const struct ntlm_type3 *type3, struct ntlm_buf *data, size_t *mic_offset)
{
struct sec_buffer lm, ntlm, target, username, sessionkey, ws;
krb5_error_code ret;
@@ -932,9 +1062,12 @@ heim_ntlm_encode_type3(const struct ntlm_type3 *type3, struct ntlm_buf *data)
base += 8; /* sessionkey sec buf */
base += 4; /* flags */
if (type3->flags & NTLM_NEG_VERSION)
base += 8; /* os flags */
if (type3->os[0]) {
base += 8;
if (mic_offset) {
*mic_offset = base;
base += 16;
}
if (type3->flags & NTLM_NEG_UNICODE)
@@ -969,7 +1102,7 @@ heim_ntlm_encode_type3(const struct ntlm_type3 *type3, struct ntlm_buf *data)
return ENOMEM;
krb5_storage_set_byteorder(out, KRB5_STORAGE_BYTEORDER_LE);
CHECK(krb5_storage_write(out, ntlmsigature, sizeof(ntlmsigature)),
CHECK_SIZE(krb5_storage_write(out, ntlmsigature, sizeof(ntlmsigature)),
sizeof(ntlmsigature));
CHECK(krb5_store_uint32(out, 3), 0);
@@ -981,10 +1114,15 @@ heim_ntlm_encode_type3(const struct ntlm_type3 *type3, struct ntlm_buf *data)
CHECK(store_sec_buffer(out, &sessionkey), 0);
CHECK(krb5_store_uint32(out, type3->flags), 0);
#if 0
CHECK(krb5_store_uint32(out, 0), 0); /* os0 */
CHECK(krb5_store_uint32(out, 0), 0); /* os1 */
#endif
/* os version */
if (type3->flags & NTLM_NEG_VERSION) {
CHECK(encode_os_version(out), 0);
}
if (mic_offset) {
static const uint8_t buf[16] = { 0 };
CHECK_SIZE(krb5_storage_write(out, buf, sizeof(buf)), sizeof(buf));
}
CHECK(put_string(out, ucs2, type3->targetname), 0);
CHECK(put_string(out, ucs2, type3->username), 0);
@@ -1055,10 +1193,10 @@ heim_ntlm_nt_key(const char *password, struct ntlm_buf *key)
EVP_MD_CTX *m;
int ret;
key->data = malloc(MD5_DIGEST_LENGTH);
key->data = malloc(MD4_DIGEST_LENGTH);
if (key->data == NULL)
return ENOMEM;
key->length = MD5_DIGEST_LENGTH;
key->length = MD4_DIGEST_LENGTH;
ret = ascii2ucs2le(password, 0, &buf);
if (ret) {
@@ -1182,6 +1320,9 @@ heim_ntlm_keyex_wrap(struct ntlm_buf *base_session,
EVP_CIPHER_CTX c;
int ret;
if (base_session->length != MD4_DIGEST_LENGTH)
return HNTLM_ERR_INVALID_LENGTH;
session->length = MD4_DIGEST_LENGTH;
session->data = malloc(session->length);
if (session->data == NULL) {
@@ -1222,8 +1363,6 @@ heim_ntlm_keyex_wrap(struct ntlm_buf *base_session,
}
/**
* Generates an NTLMv1 session random with assosited session master key.
*
@@ -1313,6 +1452,8 @@ heim_ntlm_keyex_unwrap(struct ntlm_buf *baseKey,
memset(session, 0, sizeof(*session));
if (encryptedSession->length != MD4_DIGEST_LENGTH)
return HNTLM_ERR_INVALID_LENGTH;
if (baseKey->length != MD4_DIGEST_LENGTH)
return HNTLM_ERR_INVALID_LENGTH;
@@ -1344,6 +1485,7 @@ heim_ntlm_keyex_unwrap(struct ntlm_buf *baseKey,
* @param len length of key
* @param username name of the user, as sent in the message, assumed to be in UTF8.
* @param target the name of the target, assumed to be in UTF8.
* @param upper_case_target upper case the target, should not be used only for legacy systems
* @param ntlmv2 the ntlmv2 session key
*
* @return 0 on success, or an error code on failure.
@@ -1355,6 +1497,7 @@ int
heim_ntlm_ntlmv2_key(const void *key, size_t len,
const char *username,
const char *target,
int upper_case_target,
unsigned char ntlmv2[16])
{
int ret;
@@ -1371,8 +1514,8 @@ heim_ntlm_ntlmv2_key(const void *key, size_t len,
goto out;
HMAC_Update(&c, buf.data, buf.length);
free(buf.data);
/* uppercase target and turn into ucs2-le */
ret = ascii2ucs2le(target, 1, &buf);
/* turn target into ucs2-le */
ret = ascii2ucs2le(target, upper_case_target, &buf);
if (ret)
goto out;
HMAC_Update(&c, buf.data, buf.length);
@@ -1381,6 +1524,7 @@ heim_ntlm_ntlmv2_key(const void *key, size_t len,
HMAC_Final(&c, ntlmv2, &hmaclen);
out:
HMAC_CTX_cleanup(&c);
memset(&c, 0, sizeof(c));
return ret;
}
@@ -1391,16 +1535,16 @@ heim_ntlm_ntlmv2_key(const void *key, size_t len,
#define NTTIME_EPOCH 0x019DB1DED53E8000LL
static uint64_t
unix2nttime(time_t unix_time)
uint64_t
heim_ntlm_unix2ts_time(time_t unix_time)
{
long long wt;
wt = unix_time * (uint64_t)10000000 + (uint64_t)NTTIME_EPOCH;
return wt;
}
static time_t
nt2unixtime(uint64_t t)
time_t
heim_ntlm_ts2unixtime(uint64_t t)
{
t = ((t - (uint64_t)NTTIME_EPOCH) / (uint64_t)10000000);
if (t > (((uint64_t)(time_t)(~(uint64_t)0)) >> 1))
@@ -1416,6 +1560,7 @@ nt2unixtime(uint64_t t)
* @param username name of the user, as sent in the message, assumed to be in UTF8.
* @param target the name of the target, assumed to be in UTF8.
* @param serverchallenge challenge as sent by the server in the type2 message.
* @param infotarget infotarget as sent by the server in the type2 message.
* @param ntlmv2 calculated session key
* @param answer ntlm response answer, should be freed with heim_ntlm_free_buf().
*
@@ -1440,7 +1585,7 @@ heim_ntlm_calculate_lm2(const void *key, size_t len,
/* calculate ntlmv2 key */
heim_ntlm_ntlmv2_key(key, len, username, target, ntlmv2);
heim_ntlm_ntlmv2_key(key, len, username, target, 0, ntlmv2);
answer->data = malloc(24);
if (answer->data == NULL)
@@ -1450,7 +1595,7 @@ heim_ntlm_calculate_lm2(const void *key, size_t len,
heim_ntlm_derive_ntlm2_sess(ntlmv2, clientchallenge, 8,
serverchallenge, answer->data);
memcpy(((uint8_t *)answer->data) + 16, clientchallenge, 8);
memcpy(((unsigned char *)answer->data) + 16, clientchallenge, 8);
return 0;
}
@@ -1490,14 +1635,14 @@ heim_ntlm_calculate_ntlm2(const void *key, size_t len,
unsigned char clientchallenge[8];
uint64_t t;
t = unix2nttime(time(NULL));
t = heim_ntlm_unix2ts_time(time(NULL));
if (RAND_bytes(clientchallenge, sizeof(clientchallenge)) != 1)
return HNTLM_ERR_RAND;
/* calculate ntlmv2 key */
heim_ntlm_ntlmv2_key(key, len, username, target, ntlmv2);
heim_ntlm_ntlmv2_key(key, len, username, target, 0, ntlmv2);
/* calculate and build ntlmv2 answer */
@@ -1512,12 +1657,19 @@ heim_ntlm_calculate_ntlm2(const void *key, size_t len,
CHECK(krb5_store_uint32(sp, t & 0xffffffff), 0);
CHECK(krb5_store_uint32(sp, t >> 32), 0);
CHECK(krb5_storage_write(sp, clientchallenge, 8), 8);
CHECK_SIZE(krb5_storage_write(sp, clientchallenge, 8), 8);
CHECK(krb5_store_uint32(sp, 0), 0); /* unknown but zero will work */
CHECK(krb5_storage_write(sp, infotarget->data, infotarget->length),
CHECK(krb5_store_uint32(sp, 0), 0); /* Z(4) */
CHECK_SIZE(krb5_storage_write(sp, infotarget->data, infotarget->length),
infotarget->length);
CHECK(krb5_store_uint32(sp, 0), 0); /* unknown but zero will work */
/*
* These last 4 bytes(Z(4)) are not documented by MicroSoft and
* SnowLeopard doesn't send them, Lion expected them to be there,
* so we have to continue to send them. That is ok, since everyone
* else (except Snow) seems to do that too.
*/
CHECK(krb5_store_uint32(sp, 0), 0); /* Z(4) */
CHECK(krb5_storage_to_data(sp, &data), 0);
krb5_storage_free(sp);
@@ -1531,8 +1683,8 @@ heim_ntlm_calculate_ntlm2(const void *key, size_t len,
return ENOMEM;
}
CHECK(krb5_storage_write(sp, ntlmv2answer, 16), 16);
CHECK(krb5_storage_write(sp, data.data, data.length), data.length);
CHECK_SIZE(krb5_storage_write(sp, ntlmv2answer, 16), 16);
CHECK_SIZE(krb5_storage_write(sp, data.data, data.length), data.length);
krb5_data_free(&data);
CHECK(krb5_storage_to_data(sp, &data), 0);
@@ -1551,6 +1703,110 @@ out:
static const int authtimediff = 3600 * 2; /* 2 hours */
static int
verify_ntlm2(const void *key, size_t len,
const char *username,
const char *target,
int upper_case_target,
time_t now,
const unsigned char serverchallenge[8],
const struct ntlm_buf *answer,
struct ntlm_buf *infotarget,
unsigned char ntlmv2[16])
{
krb5_error_code ret;
unsigned char clientanswer[16];
unsigned char clientnonce[8];
unsigned char serveranswer[16];
krb5_storage *sp;
uint64_t t;
time_t authtime;
uint32_t temp;
infotarget->length = 0;
infotarget->data = NULL;
if (answer->length < 16)
return HNTLM_ERR_INVALID_LENGTH;
if (now == 0)
now = time(NULL);
/* calculate ntlmv2 key */
heim_ntlm_ntlmv2_key(key, len, username, target, upper_case_target, ntlmv2);
/* calculate and build ntlmv2 answer */
sp = krb5_storage_from_readonly_mem(answer->data, answer->length);
if (sp == NULL)
return ENOMEM;
krb5_storage_set_flags(sp, KRB5_STORAGE_BYTEORDER_LE);
CHECK_SIZE(krb5_storage_read(sp, clientanswer, 16), 16);
CHECK(krb5_ret_uint32(sp, &temp), 0);
CHECK(temp, 0x00000101);
CHECK(krb5_ret_uint32(sp, &temp), 0);
CHECK(temp, 0);
/* timestamp le 64 bit ts */
CHECK(krb5_ret_uint32(sp, &temp), 0);
t = temp;
CHECK(krb5_ret_uint32(sp, &temp), 0);
t |= ((uint64_t)temp)<< 32;
authtime = heim_ntlm_ts2unixtime(t);
if (abs((int)(authtime - now)) > authtimediff) {
ret = HNTLM_ERR_TIME_SKEW;
goto out;
}
/* client challenge */
CHECK_SIZE(krb5_storage_read(sp, clientnonce, 8), 8);
CHECK(krb5_ret_uint32(sp, &temp), 0); /* Z(4) */
/* let pick up targetinfo */
infotarget->length = answer->length - (size_t)krb5_storage_seek(sp, 0, SEEK_CUR);
if (infotarget->length < 4) {
ret = HNTLM_ERR_INVALID_LENGTH;
goto out;
}
infotarget->data = malloc(infotarget->length);
if (infotarget->data == NULL) {
ret = ENOMEM;
goto out;
}
CHECK_SIZE(krb5_storage_read(sp, infotarget->data, infotarget->length),
infotarget->length);
krb5_storage_free(sp);
sp = NULL;
if (answer->length < 16) {
ret = HNTLM_ERR_INVALID_LENGTH;
goto out;
}
heim_ntlm_derive_ntlm2_sess(ntlmv2,
((unsigned char *)answer->data) + 16, answer->length - 16,
serverchallenge,
serveranswer);
if (memcmp(serveranswer, clientanswer, 16) != 0) {
heim_ntlm_free_buf(infotarget);
return HNTLM_ERR_AUTH;
}
return 0;
out:
heim_ntlm_free_buf(infotarget);
if (sp)
krb5_storage_free(sp);
return ret;
}
/**
* Verify NTLMv2 response.
*
@@ -1580,96 +1836,32 @@ heim_ntlm_verify_ntlm2(const void *key, size_t len,
struct ntlm_buf *infotarget,
unsigned char ntlmv2[16])
{
krb5_error_code ret;
unsigned char clientanswer[16];
unsigned char clientnonce[8];
unsigned char serveranswer[16];
krb5_storage *sp;
time_t authtime;
uint32_t temp;
uint64_t t;
int ret;
infotarget->length = 0;
infotarget->data = NULL;
/**
* First check with the domain as the client passed it to the function.
*/
if (answer->length < 16)
return HNTLM_ERR_INVALID_LENGTH;
ret = verify_ntlm2(key, len, username, target, 0, now,
serverchallenge, answer, infotarget, ntlmv2);
if (now == 0)
now = time(NULL);
/**
* Second check with domain uppercased.
*/
/* calculate ntlmv2 key */
if (ret)
ret = verify_ntlm2(key, len, username, target, 1, now,
serverchallenge, answer, infotarget, ntlmv2);
heim_ntlm_ntlmv2_key(key, len, username, target, ntlmv2);
/* calculate and build ntlmv2 answer */
sp = krb5_storage_from_readonly_mem(answer->data, answer->length);
if (sp == NULL)
return ENOMEM;
krb5_storage_set_flags(sp, KRB5_STORAGE_BYTEORDER_LE);
CHECK(krb5_storage_read(sp, clientanswer, 16), 16);
CHECK(krb5_ret_uint32(sp, &temp), 0);
CHECK(temp, 0x00000101);
CHECK(krb5_ret_uint32(sp, &temp), 0);
CHECK(temp, 0);
/* timestamp le 64 bit ts */
CHECK(krb5_ret_uint32(sp, &temp), 0);
t = temp;
CHECK(krb5_ret_uint32(sp, &temp), 0);
t |= ((uint64_t)temp)<< 32;
authtime = nt2unixtime(t);
if (abs((int)(authtime - now)) > authtimediff) {
ret = HNTLM_ERR_TIME_SKEW;
goto out;
}
/* client challenge */
CHECK(krb5_storage_read(sp, clientnonce, 8), 8);
CHECK(krb5_ret_uint32(sp, &temp), 0); /* unknown */
/* should really unparse the infotarget, but lets pick up everything */
infotarget->length = answer->length - krb5_storage_seek(sp, 0, SEEK_CUR);
infotarget->data = malloc(infotarget->length);
if (infotarget->data == NULL) {
ret = ENOMEM;
goto out;
}
CHECK(krb5_storage_read(sp, infotarget->data, infotarget->length),
infotarget->length);
/* XXX remove the unknown ?? */
krb5_storage_free(sp);
sp = NULL;
if (answer->length < 16) {
ret = HNTLM_ERR_INVALID_LENGTH;
goto out;
}
heim_ntlm_derive_ntlm2_sess(ntlmv2,
((unsigned char *)answer->data) + 16, answer->length - 16,
serverchallenge,
serveranswer);
if (memcmp(serveranswer, clientanswer, 16) != 0) {
heim_ntlm_free_buf(infotarget);
return HNTLM_ERR_AUTH;
}
return 0;
out:
heim_ntlm_free_buf(infotarget);
if (sp)
krb5_storage_free(sp);
/**
* Third check with empty domain.
*/
if (ret)
ret = verify_ntlm2(key, len, username, "", 0, now,
serverchallenge, answer, infotarget, ntlmv2);
return ret;
}
/*
* Calculate the NTLM2 Session Response
*
@@ -1799,5 +1991,5 @@ heim_ntlm_derive_ntlm2_sess(const unsigned char sessionkey[16],
HMAC_Update(&c, clnt_nonce, clnt_nonce_length);
HMAC_Final(&c, derivedkey, &hmaclen);
HMAC_CTX_cleanup(&c);
memset(&c, 0, sizeof(c));
}

38
lib/ntlm/ntlm_err.et
View File

@@ -14,11 +14,47 @@ error_code RAND, "Random generator failed"
error_code AUTH, "NTLM authentication failed"
error_code TIME_SKEW, "Client time skewed to server"
error_code OEM, "Client set OEM string"
error_code MISSING_NAME_SEPARATOR, "missing @ or \\\\ in name"
error_code MISSING_NAME_SEPARATOR, "missing @ or \ in name"
error_code MISSING_BUFFER, "missing expected buffer"
error_code INVALID_APOP, "Invalid APOP response"
error_code INVALID_CRAM_MD5, "Invalid CRAM-MD5 response"
error_code INVALID_DIGEST_MD5, "Invalid DIGEST-MD5 response"
error_code INVALID_DIGEST_MD5_RSPAUTH, "Invalid DIGEST-MD5 rspauth"
error_code INVALID_CHANNEL_BINDINGS, "Invalid channel bindings"
error_code INVALID_MIC, "Invalid MIC"
error_code INVALID_SESSIONKEY, "Invalid session key"
#
# NTLM/GSS error codes
#
index 64
error_code NOT_CONFIGURED, "NTLM not configured"
error_code INVALID_CHALLANGE, "Invalid client challenge"
error_code INVALID_LMv1_RESPONSE, "Invalid client LMv1 response"
error_code INVALID_NT_RESPONSE, "Invalid client NT response"
error_code INVALID_LMv2_RESPONSE, "Invalid client LMv2 response"
error_code INVALID_NTv1_RESPONSE, "Invalid client NTv1 response"
error_code INVALID_NTv2_RESPONSE, "Invalid client NTv2 response"
error_code INVALID_NTv1_ANSWER, "Invalid client NTv1 answer"
error_code INVALID_NTv2_ANSWER, "Invalid client NTv2 answer"
error_code INVALID_SESSION_KEY, "Invalid session key"
error_code INVALID_NO_GUEST, "Invalid guest login request"
error_code NO_NETR_CONFIGURED, "No NETR configured"
#
# Scram errors
#
prefix HSCRAM_ERR
index 128
error_code INVALID_MESSAGE, "Invalid SCRAM message"
error_code INVALID_PROOF, "Invalid SCRAM proof"
error_code INVALID_ROLE, "Invalid SCRAM role"
end

223
lib/ntlm/test_commonauth.c
View File

@@ -37,13 +37,14 @@
#include <stdlib.h>
#include <unistd.h>
#include <roken.h>
#include <err.h>
#include "heim-auth.h"
static int
test_sasl_digest_md5(void)
{
heim_digest_t ctx;
const char *user;
const char *user, *challenge, *resp;
char *r;
if ((ctx = heim_digest_create(1, HEIM_DIGEST_TYPE_AUTO)) == NULL)
@@ -51,6 +52,12 @@ test_sasl_digest_md5(void)
if (heim_digest_parse_challenge(ctx, "realm=\"elwood.innosoft.com\",nonce=\"OA6MG9tEQGm2hh\",qop=\"auth\",algorithm=md5-sess,charset=utf-8"))
abort();
/* check that server detects changing QOP */
if (!heim_digest_parse_response(ctx, "charset=utf-8,username=\"chris\",realm=\"elwood.innosoft.com\",nonce=\"OA6MG9tEQGm2hh\",nc=00000001,cnonce=\"OA6MHXh6VqTrRk\",digest-uri=\"imap/elwood.innosoft.com\",response=d388dad90d4bbd760a152321f2143af7,qop=auth-int"))
errx(1, "don't detect changing qop");
/* should pass */
if (heim_digest_parse_response(ctx, "charset=utf-8,username=\"chris\",realm=\"elwood.innosoft.com\",nonce=\"OA6MG9tEQGm2hh\",nc=00000001,cnonce=\"OA6MHXh6VqTrRk\",digest-uri=\"imap/elwood.innosoft.com\",response=d388dad90d4bbd760a152321f2143af7,qop=auth"))
abort();
@@ -59,6 +66,83 @@ test_sasl_digest_md5(void)
if (strcmp(user, "chris") != 0)
abort();
/*
* check password
*/
heim_digest_set_key(ctx, "password", "secret");
if (heim_digest_verify(ctx, &r))
abort();
if (strcmp(r, "rspauth=ea40f60335c427b5527b84dbabcdfffd") != 0)
abort();
free(r);
/*
* Also check userhash
*/
r = heim_digest_userhash("chris", "elwood.innosoft.com", "secret");
if (strcmp(r, "eb5a750053e4d2c34aa84bbc9b0b6ee7") != 0)
abort();
heim_digest_set_key(ctx, "userhash", r);
free(r);
if (heim_digest_verify(ctx, &r))
abort();
if (strcmp(r, "rspauth=ea40f60335c427b5527b84dbabcdfffd") != 0)
abort();
free(r);
/* check that it failes */
heim_digest_set_key(ctx, "username", "notright");
heim_digest_set_key(ctx, "password", "secret");
if (heim_digest_verify(ctx, &r) == 0)
abort();
if ((user = heim_digest_get_key(ctx, "username")) == NULL)
abort();
if (strcmp(user, "notright") != 0)
abort();
/* Done */
heim_digest_release(ctx);
/*
* Check heim_digest_generate_challenge()
*/
if ((ctx = heim_digest_create(1, HEIM_DIGEST_TYPE_RFC2831)) == NULL)
abort();
heim_digest_set_key(ctx, "serverRealm", "elwood.innosoft.com");
heim_digest_set_key(ctx, "serverNonce", "OA6MG9tEQGm2hh");
heim_digest_set_key(ctx, "serverQOP", "auth,auth-int");
challenge = heim_digest_generate_challenge(ctx);
if (challenge == NULL)
abort();
if (heim_digest_parse_challenge(ctx, challenge))
abort();
/* check that server detects changing QOP */
if (!heim_digest_parse_response(ctx, "charset=utf-8,username=\"chris\",realm=\"elwood.innosoft.com\",nonce=\"OA6MG9tEQGm2hh\",nc=00000001,cnonce=\"OA6MHXh6VqTrRk\",digest-uri=\"imap/elwood.innosoft.com\",response=d388dad90d4bbd760a152321f2143af7,qop=auth-conf"))
abort();
if (heim_digest_parse_response(ctx, "charset=utf-8,username=\"chris\",realm=\"elwood.innosoft.com\",nonce=\"OA6MG9tEQGm2hh\",nc=00000001,cnonce=\"OA6MHXh6VqTrRk\",digest-uri=\"imap/elwood.innosoft.com\",response=d388dad90d4bbd760a152321f2143af7,qop=auth"))
abort();
heim_digest_set_key(ctx, "password", "secret");
if (heim_digest_verify(ctx, &r))
@@ -71,14 +155,58 @@ test_sasl_digest_md5(void)
heim_digest_release(ctx);
/*
* Validate heim_digest_service_response()
*/
if ((ctx = heim_digest_create(1, HEIM_DIGEST_TYPE_RFC2831)) == NULL)
abort();
heim_digest_set_key(ctx, "clientNonce", "OA6MHXh6VqTrRk");
heim_digest_set_key(ctx, "clientQOP", "auth");
heim_digest_set_key(ctx, "clientNC", "00000001");
heim_digest_set_key(ctx, "serverNonce", "OA6MG9tEQGm2hh");
heim_digest_set_key(ctx, "clientURI", "imap/elwood.innosoft.com");
heim_digest_set_key(ctx, "serverRealm", "elwood.innosoft.com");
heim_digest_set_key(ctx, "serverNonce", "OA6MG9tEQGm2hh");
heim_digest_set_key(ctx, "H(A1)", "a2549853149b0536f01f0b850c643c57");
resp = heim_digest_server_response(ctx);
if (resp == NULL || strcmp(resp, "rspauth=ea40f60335c427b5527b84dbabcdfffd") != 0)
abort();
heim_digest_release(ctx);
if ((ctx = heim_digest_create(1, HEIM_DIGEST_TYPE_RFC2831)) == NULL)
abort();
heim_digest_set_key(ctx, "clientNonce", "OA6MHXh6VqTrRk");
heim_digest_set_key(ctx, "clientQOP", "auth");
heim_digest_set_key(ctx, "clientNC", "00000001");
heim_digest_set_key(ctx, "serverNonce", "OA6MG9tEQGm2hh");
heim_digest_set_key(ctx, "clientURI", "imap/elwood.innosoft.com");
heim_digest_set_key(ctx, "serverRealm", "elwood.innosoft.com");
heim_digest_set_key(ctx, "serverNonce", "OA6MG9tEQGm2hh");
heim_digest_set_key(ctx, "password", "secret");
heim_digest_set_key(ctx, "username", "chris");
resp = heim_digest_server_response(ctx);
if (resp == NULL || strcmp(resp, "rspauth=ea40f60335c427b5527b84dbabcdfffd") != 0)
abort();
heim_digest_release(ctx);
return 0;
}
static int
test_http_digest_md5(void)
{
heim_digest_t ctx;
const char *user;
heim_digest_t ctx, ctx2;
const char *user, *chal, *resp;
char *serverresp, *serverresp2;
if ((ctx = heim_digest_create(1, HEIM_DIGEST_TYPE_AUTO)) == NULL)
abort();
@@ -101,11 +229,96 @@ test_http_digest_md5(void)
if (strcmp(user, "Mufasa") != 0)
abort();
if ((user = heim_digest_get_key(ctx, "clientUsername")) == NULL)
abort();
if (strcmp(user, "Mufasa") != 0)
abort();
heim_digest_set_key(ctx, "password", "CircleOfLife");
if (heim_digest_verify(ctx, NULL))
abort();
/* Verify failure */
heim_digest_set_key(ctx, "username", "Oskar");
if (heim_digest_verify(ctx, NULL) == 0)
abort();
heim_digest_release(ctx);
/*
* Check myself
*/
/* server */
if ((ctx = heim_digest_create(1, HEIM_DIGEST_TYPE_RFC2831)) == NULL)
abort();
heim_digest_set_key(ctx, "serverRealm", "myrealmhahaha");
heim_digest_set_key(ctx, "serverQOP", "auth,auth-int");
chal = heim_digest_generate_challenge(ctx);
if (chal == NULL)
abort();
/* client */
if ((ctx2 = heim_digest_create(1, HEIM_DIGEST_TYPE_RFC2831)) == NULL)
abort();
if (heim_digest_parse_challenge(ctx2, chal))
abort();
heim_digest_set_key(ctx2, "username", "lha");
heim_digest_set_key(ctx2, "password", "passw0rd");
heim_digest_set_key(ctx2, "uri", "/uri");
resp = heim_digest_create_response(ctx2, &serverresp);
if (resp == NULL)
abort();
/* server */
if (heim_digest_parse_response(ctx, resp))
abort();
heim_digest_set_key(ctx, "password", "passw0rd");
heim_digest_verify(ctx, &serverresp2);
/* client */
if (strcmp(serverresp, serverresp2) != 0)
abort();
heim_digest_release(ctx);
heim_digest_release(ctx2);
/*
* check prefix
*/
if ((ctx = heim_digest_create(1, HEIM_DIGEST_TYPE_AUTO)) == NULL)
abort();
if (heim_digest_parse_challenge(ctx, "Digest realm=\"testrealm@host.com\","
"nonce=\"dcd98b7102dd2f0e8b11d0f600bfb0c093\","
"opaque=\"5ccc069c403ebaf9f0171e9517f40e41\""))
abort();
heim_digest_release(ctx);
/*
* check prefix
*/
if ((ctx = heim_digest_create(1, HEIM_DIGEST_TYPE_AUTO)) == NULL)
abort();
if (heim_digest_parse_challenge(ctx, "Digest realm=\"testrealm@host.com\","
"nonce=\"dcd98b7102dd2f0e8b11d0f600bfb0c093\","
"opaque=\"5ccc069c403ebaf9f0171e9517f40e41\""))
abort();
heim_digest_release(ctx);
return 0;
@@ -158,7 +371,6 @@ test_cram_md5(void)
abort();
heim_cram_md5_export(secret, &state);
/* here you can store the memcpy-ed version of state somewhere else */
ctx = heim_cram_md5_import(&state, sizeof(state));
@@ -183,7 +395,6 @@ test_apop(void)
const char *resp = "c4c9334bac560ecc979e58001b3e22fb";
char *t;
t = heim_apop_create(chal, secret);
if (t == NULL)
abort();
@@ -210,7 +421,5 @@ main(int argc, char **argv)
ret |= test_cram_md5();
ret |= test_apop();
system("bash");
return ret;
}

237
lib/ntlm/test_ntlm.c
View File

@@ -41,6 +41,8 @@
#include <krb5-types.h> /* or <inttypes.h> */
#include <heimntlm.h>
#ifdef ENABLE_NTLM
static int
test_parse(void)
{
@@ -56,7 +58,7 @@ test_parse(void)
memset(&type1, 0, sizeof(type1));
type1.flags = NTLM_NEG_UNICODE|NTLM_NEG_TARGET|NTLM_NEG_NTLM;
type1.flags = NTLM_NEG_UNICODE|NTLM_NEG_TARGET|NTLM_NEG_NTLM|NTLM_NEG_VERSION;
type1.domain = rk_UNCONST(domain);
type1.hostname = NULL;
type1.os[0] = 0;
@@ -123,7 +125,7 @@ test_parse(void)
free(key.data);
}
ret = heim_ntlm_encode_type3(&type3, &data);
ret = heim_ntlm_encode_type3(&type3, &data, NULL);
if (ret)
errx(1, "heim_ntlm_encode_type3");
@@ -288,18 +290,107 @@ test_ntlm2_session_resp(void)
return 0;
}
static int
test_ntlmv2(void)
{
unsigned char type3[413] =
"\x4e\x54\x4c\x4d\x53\x53\x50\x00\x03\x00\x00\x00\x18\x00\x18\x00"
"\x80\x00\x00\x00\x9e\x00\x9e\x00\x98\x00\x00\x00\x14\x00\x14\x00"
"\x48\x00\x00\x00\x10\x00\x10\x00\x5c\x00\x00\x00\x14\x00\x14\x00"
"\x6c\x00\x00\x00\x00\x00\x00\x00\x36\x01\x00\x00\x05\x82\x88\xa2"
"\x05\x01\x28\x0a\x00\x00\x00\x0f\x43\x00\x4f\x00\x4c\x00\x4c\x00"
"\x45\x00\x59\x00\x2d\x00\x58\x00\x50\x00\x34\x00\x54\x00\x45\x00"
"\x53\x00\x54\x00\x55\x00\x53\x00\x45\x00\x52\x00\x43\x00\x4f\x00"
"\x4c\x00\x4c\x00\x45\x00\x59\x00\x2d\x00\x58\x00\x50\x00\x34\x00"
"\x2f\x96\xec\x0a\xf7\x9f\x2e\x24\xba\x09\x48\x10\xa5\x22\xd4\xe1"
"\x16\x6a\xca\x58\x74\x9a\xc1\x4f\x54\x6f\xee\x40\x96\xce\x43\x6e"
"\xdf\x99\x20\x71\x6c\x9a\xda\x2a\x01\x01\x00\x00\x00\x00\x00\x00"
"\x8d\xc0\x57\xc9\x79\x5e\xcb\x01\x16\x6a\xca\x58\x74\x9a\xc1\x4f"
"\x00\x00\x00\x00\x02\x00\x14\x00\x4e\x00\x55\x00\x54\x00\x43\x00"
"\x52\x00\x41\x00\x43\x00\x4b\x00\x45\x00\x52\x00\x01\x00\x14\x00"
"\x4e\x00\x55\x00\x54\x00\x43\x00\x52\x00\x41\x00\x43\x00\x4b\x00"
"\x45\x00\x52\x00\x04\x00\x12\x00\x61\x00\x70\x00\x70\x00\x6c\x00"
"\x65\x00\x2e\x00\x63\x00\x6f\x00\x6d\x00\x03\x00\x20\x00\x68\x00"
"\x75\x00\x6d\x00\x6d\x00\x65\x00\x6c\x00\x2e\x00\x61\x00\x70\x00"
"\x70\x00\x6c\x00\x65\x00\x2e\x00\x63\x00\x6f\x00\x6d\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x57\x00\x69\x00\x6e\x00\x64\x00\x6f"
"\x00\x77\x00\x73\x00\x20\x00\x32\x00\x30\x00\x30\x00\x32\x00\x20"
"\x00\x53\x00\x65\x00\x72\x00\x76\x00\x69\x00\x63\x00\x65\x00\x20"
"\x00\x50\x00\x61\x00\x63\x00\x6b\x00\x20\x00\x33\x00\x20\x00\x32"
"\x00\x36\x00\x30\x00\x30\x00\x00\x00\x57\x00\x69\x00\x6e\x00\x64"
"\x00\x6f\x00\x77\x00\x73\x00\x20\x00\x32\x00\x30\x00\x30\x00\x32"
"\x00\x20\x00\x35\x00\x2e\x00\x31\x00\x00\x00\x00\x00";
const unsigned char challenge[8] =
"\xe4\x9c\x6a\x12\xe1\xbd\xde\x6a";
unsigned char sessionkey[16];
const char key[16] = "\xD1\x83\x98\x3E\xAE\xA7\xBE\x99\x59\xC8\xF4\xC1\x98\xED\x0E\x68";
struct ntlm_buf data;
struct ntlm_type3 t3;
int ret;
struct ntlm_targetinfo ti;
unsigned char timsg[114] =
"\002\000\024\000N\000U\000T\000C\000R\000A\000C\000K\000E\000R\000\001\000\024\000N\000U\000T\000C\000R\000A\000C\000K\000E\000R\000\004\000\022\000a\000p\000p\000l\000e\000.\000c\000o\000m\000\003\000 \000h\000u\000m\000m\000e\000l\000.\000a\000p\000p\000l\000e\000.\000c\000o\000m\000\000\000\000\000\000\000\000";
data.data = type3;
data.length = sizeof(type3);
ret = heim_ntlm_decode_type3(&data, 1, &t3);
if (ret)
errx(1, "heim_ntlm_decode_type3");
memset(&ti, 0, sizeof(ti));
data.data = timsg;
data.length = sizeof(timsg);
ret = heim_ntlm_decode_targetinfo(&data, 1, &ti);
if (ret)
return ret;
ret = heim_ntlm_verify_ntlm2(key, sizeof(key),
t3.username,
t3.targetname,
1285615547,
challenge,
&t3.ntlm,
&data,
sessionkey);
if (ret)
errx(1, "verify_ntlmv2");
if (sizeof(timsg) != data.length || memcmp(timsg, data.data, sizeof(timsg)) != 0)
errx(1, "target info wrong: %d != %d",
(int)sizeof(timsg), (int)data.length);
heim_ntlm_free_type3(&t3);
heim_ntlm_free_targetinfo(&ti);
return 0;
}
static int
test_targetinfo(void)
{
struct ntlm_targetinfo ti;
struct ntlm_buf buf;
const char *dnsservername = "dnsservername";
const char *targetname = "targetname";
const char z16[16] = { 0 };
int ret;
memset(&ti, 0, sizeof(ti));
ti.dnsservername = rk_UNCONST(dnsservername);
ti.avflags = 1;
ti.targetname = rk_UNCONST(targetname);
ti.channel_bindings.data = rk_UNCONST(z16);
ti.channel_bindings.length = sizeof(z16);
ret = heim_ntlm_encode_targetinfo(&ti, 1, &buf);
if (ret)
return ret;
@@ -315,12 +406,134 @@ test_targetinfo(void)
errx(1, "ti.dnshostname != %s", dnsservername);
if (ti.avflags != 1)
errx(1, "ti.avflags != 1");
if (ti.targetname == NULL ||
strcmp(ti.targetname, targetname) != 0)
errx(1, "ti.targetname != %s", targetname);
if (ti.channel_bindings.length != sizeof(z16) ||
memcmp(ti.channel_bindings.data, z16, sizeof(z16)) != 0)
errx(1, "ti.channel_bindings != Z(16)");
heim_ntlm_free_targetinfo(&ti);
return 0;
}
static int
test_string2key(void)
{
const char *pw = "山田";
struct ntlm_buf buf;
unsigned char key[16] = {
0xc6, 0x5d, 0xc7, 0x61, 0xa1, 0x34, 0x17, 0xa1,
0x17, 0x08, 0x9c, 0x1b, 0xb0, 0x0d, 0x0f, 0x19
};
if (heim_ntlm_nt_key(pw, &buf) != 0)
errx(1, "heim_ntlmv_nt_key(jp)");
if (buf.length != 16 || memcmp(buf.data, key, 16) != 0)
errx(1, "compare failed");
heim_ntlm_free_buf(&buf);
return 0;
}
static int
test_jp(void)
{
char buf2[220] =
"\x4e\x54\x4c\x4d\x53\x53\x50\x00\x02\x00\x00\x00\x06\x00\x06\x00"
"\x38\x00\x00\x00\x05\x02\x89\x62\x62\x94\xb1\xf3\x56\x80\xb0\xf9"
"\x00\x00\x00\x00\x00\x00\x00\x00\x9e\x00\x9e\x00\x3e\x00\x00\x00"
"\x06\x01\xb0\x1d\x00\x00\x00\x0f\x43\x00\x4f\x00\x53\x00\x02\x00"
"\x06\x00\x43\x00\x4f\x00\x53\x00\x01\x00\x12\x00\x43\x00\x4f\x00"
"\x53\x00\x57\x00\x49\x00\x4e\x00\x37\x00\x4a\x00\x50\x00\x04\x00"
"\x1a\x00\x63\x00\x6f\x00\x73\x00\x2e\x00\x61\x00\x70\x00\x70\x00"
"\x6c\x00\x65\x00\x2e\x00\x63\x00\x6f\x00\x6d\x00\x03\x00\x2e\x00"
"\x63\x00\x6f\x00\x73\x00\x77\x00\x69\x00\x6e\x00\x37\x00\x6a\x00"
"\x70\x00\x2e\x00\x63\x00\x6f\x00\x73\x00\x2e\x00\x61\x00\x70\x00"
"\x70\x00\x6c\x00\x65\x00\x2e\x00\x63\x00\x6f\x00\x6d\x00\x05\x00"
"\x1a\x00\x63\x00\x6f\x00\x73\x00\x2e\x00\x61\x00\x70\x00\x70\x00"
"\x6c\x00\x65\x00\x2e\x00\x63\x00\x6f\x00\x6d\x00\x07\x00\x08\x00"
"\x94\x51\xf0\xbd\xdc\x61\xcb\x01\x00\x00\x00\x00";
char buf3[362] =
"\x4e\x54\x4c\x4d\x53\x53\x50\x00\x03\x00\x00\x00\x18\x00\x18\x00"
"\x74\x00\x00\x00\xce\x00\xce\x00\x8c\x00\x00\x00\x1a\x00\x1a\x00"
"\x40\x00\x00\x00\x04\x00\x04\x00\x5a\x00\x00\x00\x16\x00\x16\x00"
"\x5e\x00\x00\x00\x10\x00\x10\x00\x5a\x01\x00\x00\x05\x02\x89\x62"
"\x31\x00\x37\x00\x2e\x00\x32\x00\x30\x00\x31\x00\x2e\x00\x35\x00"
"\x37\x00\x2e\x00\x31\x00\x32\x00\x31\x00\x71\x5c\x30\x75\x77\x00"
"\x6f\x00\x72\x00\x6b\x00\x73\x00\x74\x00\x61\x00\x74\x00\x69\x00"
"\x6f\x00\x6e\x00\xab\xad\xeb\x72\x01\xd4\x5f\xdf\x59\x07\x5f\xa9"
"\xfd\x54\x98\x2d\xfa\x17\xbb\xf1\x3c\x8f\xf5\x20\xe6\x8f\xd7\x0a"
"\xc9\x19\x3e\x94\x61\x31\xdb\x0f\x55\xe8\xe2\x53\x01\x01\x00\x00"
"\x00\x00\x00\x00\x00\x06\x3e\x30\xe4\x61\xcb\x01\x71\x98\x10\x6b"
"\x4c\x82\xec\xb3\x00\x00\x00\x00\x02\x00\x06\x00\x43\x00\x4f\x00"
"\x53\x00\x01\x00\x12\x00\x43\x00\x4f\x00\x53\x00\x57\x00\x49\x00"
"\x4e\x00\x37\x00\x4a\x00\x50\x00\x04\x00\x1a\x00\x63\x00\x6f\x00"
"\x73\x00\x2e\x00\x61\x00\x70\x00\x70\x00\x6c\x00\x65\x00\x2e\x00"
"\x63\x00\x6f\x00\x6d\x00\x03\x00\x2e\x00\x63\x00\x6f\x00\x73\x00"
"\x77\x00\x69\x00\x6e\x00\x37\x00\x6a\x00\x70\x00\x2e\x00\x63\x00"
"\x6f\x00\x73\x00\x2e\x00\x61\x00\x70\x00\x70\x00\x6c\x00\x65\x00"
"\x2e\x00\x63\x00\x6f\x00\x6d\x00\x05\x00\x1a\x00\x63\x00\x6f\x00"
"\x73\x00\x2e\x00\x61\x00\x70\x00\x70\x00\x6c\x00\x65\x00\x2e\x00"
"\x63\x00\x6f\x00\x6d\x00\x07\x00\x08\x00\xab\xec\xcc\x30\xe4\x61"
"\xcb\x01\x00\x00\x00\x00\x00\x00\x00\x00\xbc\x2e\xba\x3f\xd1\xb1"
"\xa7\x70\x00\x9d\x55\xa0\x59\x74\x2b\x78";
struct ntlm_type2 type2;
struct ntlm_type3 type3;
struct ntlm_buf data;
int ret;
data.length = sizeof(buf2);
data.data = buf2;
memset(&type2, 0, sizeof(type2));
ret = heim_ntlm_decode_type2(&data, &type2);
if (ret)
errx(1, "heim_ntlm_decode_type2(jp): %d", ret);
data.data = NULL;
data.length = 0;
ret = heim_ntlm_encode_type2(&type2, &data);
if (ret)
errx(1, "heim_ntlm_encode_type2(jp): %d", ret);
heim_ntlm_free_type2(&type2);
heim_ntlm_free_buf(&data);
data.length = sizeof(buf3);
data.data = buf3;
memset(&type3, 0, sizeof(type3));
ret = heim_ntlm_decode_type3(&data, 1, &type3);
if (ret)
errx(1, "heim_ntlm_decode_type2(jp): %d", ret);
data.data = NULL;
data.length = 0;
ret = heim_ntlm_encode_type3(&type3, &data, NULL);
if (ret)
errx(1, "heim_ntlm_decode_type2(jp): %d", ret);
heim_ntlm_free_type3(&type3);
heim_ntlm_free_buf(&data);
return 0;
}
#endif
static int verbose_flag = 0;
static int version_flag = 0;
static int help_flag = 0;
@@ -357,17 +570,16 @@ main(int argc, char **argv)
exit(0);
}
argc -= optidx;
argv += optidx;
#ifdef ENABLE_NTLM
if (verbose_flag)
printf("test_parse\n");
ret += test_parse();
if (verbose_flag)
printf("test_keys\n");
ret += test_keys();
if (verbose_flag)
printf("test_ntlm2_session_resp\n");
ret += test_ntlm2_session_resp();
@@ -376,5 +588,18 @@ main(int argc, char **argv)
printf("test_targetinfo\n");
ret += test_targetinfo();
if (verbose_flag)
printf("test_ntlmv2\n");
ret += test_ntlmv2();
if (verbose_flag)
printf("test_string2key\n");
ret += test_string2key();
if (verbose_flag)
printf("test_jp\n");
ret += test_jp();
#endif
return ret;
}