oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity

Fix ms-chap-v2 mutual response auth code.

Browse Source 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@20143 ec53bebd-3082-4978-b11e-865c3cabbd6b
This commit is contained in:
Love Hörnquist Åstrand
2007-02-02 22:15:52 +00:00
parent cfeb58d7cb
commit e4d855f06d
1 changed files with 75 additions and 63 deletions
Download Patch File Download Diff File Expand all files Collapse all files

138
kdc/digest.c
View File

@@ -137,13 +137,13 @@ fill_targetinfo(krb5_context context,
} }
static const unsigned char ms_chap_v1_magic1[39] = { static const unsigned char ms_chap_v2_magic1[39] = {
0x4D, 0x61, 0x67, 0x69, 0x63, 0x20, 0x73, 0x65, 0x72, 0x76, 0x4D, 0x61, 0x67, 0x69, 0x63, 0x20, 0x73, 0x65, 0x72, 0x76,
0x65, 0x72, 0x20, 0x74, 0x6F, 0x20, 0x63, 0x6C, 0x69, 0x65, 0x65, 0x72, 0x20, 0x74, 0x6F, 0x20, 0x63, 0x6C, 0x69, 0x65,
0x6E, 0x74, 0x20, 0x73, 0x69, 0x67, 0x6E, 0x69, 0x6E, 0x67, 0x6E, 0x74, 0x20, 0x73, 0x69, 0x67, 0x6E, 0x69, 0x6E, 0x67,
0x20, 0x63, 0x6F, 0x6E, 0x73, 0x74, 0x61, 0x6E, 0x74 0x20, 0x63, 0x6F, 0x6E, 0x73, 0x74, 0x61, 0x6E, 0x74
}; };
static const unsigned char ms_chap_v1_magic2[41] = { static const unsigned char ms_chap_v2_magic2[41] = {
0x50, 0x61, 0x64, 0x20, 0x74, 0x6F, 0x20, 0x6D, 0x61, 0x6B, 0x50, 0x61, 0x64, 0x20, 0x74, 0x6F, 0x20, 0x6D, 0x61, 0x6B,
0x65, 0x20, 0x69, 0x74, 0x20, 0x64, 0x6F, 0x20, 0x6D, 0x6F, 0x65, 0x20, 0x69, 0x74, 0x20, 0x64, 0x6F, 0x20, 0x6D, 0x6F,
0x72, 0x65, 0x20, 0x74, 0x68, 0x61, 0x6E, 0x20, 0x6F, 0x6E, 0x72, 0x65, 0x20, 0x74, 0x68, 0x61, 0x6E, 0x20, 0x6F, 0x6E,
@@ -872,66 +872,78 @@ _kdc_do_digest(krb5_context context,
r.u.response.success = FALSE; r.u.response.success = FALSE;
} }
/* GenerateAuthenticatorResponse */ if (r.u.response.success) {
SHA1_Init(&ctx); unsigned char hashhash[MD4_DIGEST_LENGTH];
SHA1_Update(&ctx, key->key.keyvalue.data, key->key.keyvalue.length);
SHA1_Update(&ctx, answer.data, answer.length);
SHA1_Update(&ctx, ms_chap_v1_magic1, sizeof(ms_chap_v1_magic1));
SHA1_Final(md, &ctx);
SHA1_Init(&ctx); /* hashhash */
SHA1_Update(&ctx, md, sizeof(md)); {
SHA1_Update(&ctx, challange, 8); MD4_CTX hctx;
SHA1_Update(&ctx, ms_chap_v1_magic2, sizeof(ms_chap_v1_magic2));
SHA1_Final(md, &ctx); MD4_Init(&hctx);
MD4_Update(&hctx, key->key.keyvalue.data,
key->key.keyvalue.length);
MD4_Final(hashhash, &hctx);
}
/* GenerateAuthenticatorResponse */
SHA1_Init(&ctx);
SHA1_Update(&ctx, hashhash, sizeof(hashhash));
SHA1_Update(&ctx, answer.data, answer.length);
SHA1_Update(&ctx, ms_chap_v2_magic1,sizeof(ms_chap_v2_magic1));
SHA1_Final(md, &ctx);
{
char *foo;
hex_encode(challange, 8, &foo);
kdc_log(context, config, 0,
"MS-CHAP-V2 challange %s", foo);
free(foo);
}
SHA1_Init(&ctx);
SHA1_Update(&ctx, md, sizeof(md));
SHA1_Update(&ctx, challange, 8);
SHA1_Update(&ctx, ms_chap_v2_magic2, sizeof(ms_chap_v2_magic2));
SHA1_Final(md, &ctx);
r.u.response.rsp = calloc(1, sizeof(*r.u.response.rsp));
if (r.u.response.rsp == NULL) {
free(answer.data);
krb5_clear_error_string(context);
ret = ENOMEM;
goto out;
}
hex_encode(md, sizeof(md), r.u.response.rsp);
if (r.u.response.rsp == NULL) {
free(answer.data);
krb5_clear_error_string(context);
ret = ENOMEM;
goto out;
}
/* get_master, rfc 3079 3.4 */
SHA1_Init(&ctx);
SHA1_Update(&ctx, md, 16); /* md4(hash) */
SHA1_Update(&ctx, answer.data, answer.length);
SHA1_Update(&ctx, ms_rfc3079_magic1, sizeof(ms_rfc3079_magic1));
SHA1_Final(md, &ctx);
r.u.response.rsp = calloc(1, sizeof(*r.u.response.rsp));
if (r.u.response.rsp == NULL) {
free(answer.data); free(answer.data);
krb5_clear_error_string(context);
ret = ENOMEM;
goto out;
}
hex_encode(md, sizeof(md), r.u.response.rsp); r.u.response.session_key =
if (r.u.response.rsp == NULL) { calloc(1, sizeof(*r.u.response.session_key));
free(answer.data); if (r.u.response.session_key == NULL) {
krb5_clear_error_string(context); krb5_clear_error_string(context);
ret = ENOMEM; ret = ENOMEM;
goto out; goto out;
} }
/* hash hash */ ret = krb5_data_copy(r.u.response.session_key, md, sizeof(md));
{ if (ret) {
MD4_CTX hctx; krb5_clear_error_string(context);
goto out;
MD4_Init(&hctx); }
MD4_Update(&hctx, key->key.keyvalue.data,
key->key.keyvalue.length);
MD4_Final(md, &hctx);
}
/* get_master, rfc 3079 3.4 */
SHA1_Init(&ctx);
SHA1_Update(&ctx, md, 16); /* md4(hash) */
SHA1_Update(&ctx, answer.data, answer.length);
SHA1_Update(&ctx, ms_rfc3079_magic1, sizeof(ms_rfc3079_magic1));
SHA1_Final(md, &ctx);
free(answer.data);
r.u.response.session_key =
calloc(1, sizeof(*r.u.response.session_key));
if (r.u.response.session_key == NULL) {
krb5_clear_error_string(context);
ret = ENOMEM;
goto out;
}
ret = krb5_data_copy(r.u.response.session_key, md, sizeof(md));
if (ret) {
krb5_clear_error_string(context);
goto out;
} }
} else { } else {
@@ -978,12 +990,12 @@ _kdc_do_digest(krb5_context context,
NTLM_NEG_TARGET_DOMAIN | NTLM_NEG_TARGET_DOMAIN |
NTLM_ENC_128; NTLM_ENC_128;
#define ALL \ #define ALL \
NTLM_NEG_SIGN| \ NTLM_NEG_SIGN| \
NTLM_NEG_SEAL| \ NTLM_NEG_SEAL| \
NTLM_NEG_ALWAYS_SIGN| \ NTLM_NEG_ALWAYS_SIGN| \
NTLM_NEG_NTLM2_SESSION| \ NTLM_NEG_NTLM2_SESSION| \
NTLM_NEG_KEYEX NTLM_NEG_KEYEX
r.u.ntlmInitReply.flags |= (ireq.u.ntlmInit.flags & (ALL)); r.u.ntlmInitReply.flags |= (ireq.u.ntlmInit.flags & (ALL));