2
* $Id: ntlmauth.c,v 1.1 2001/01/07 23:36:36 hno Exp $
4
* * * * * * * * Legal stuff * * * * * * *
6
* (C) 2000 Francesco Chemolli <kinkie@kame.usr.dsi.unimi.it>,
7
* inspired by previous work by Andy Doran.
8
* This program is free software; you can redistribute it and/or modify
9
* it under the terms of the GNU General Public License as published by
10
* the Free Software Foundation; either version 2 of the License, or
11
* (at your option) any later version.
13
* This program is distributed in the hope that it will be useful,
14
* but WITHOUT ANY WARRANTY; without even the implied warranty of
15
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16
* GNU General Public License for more details.
18
* You should have received a copy of the GNU General Public License
19
* along with this program; if not, write to the Free Software
20
* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111, USA.
25
#include "util.h" /* for base64-related stuff */
27
/* Dumps NTLM flags to standard error for debugging purposes */
29
ntlm_dump_ntlmssp_flags(u_int32_t flags)
31
fprintf(stderr, "flags: %s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s\n",
32
(flags & NEGOTIATE_UNICODE ? "Unicode " : ""),
33
(flags & NEGOTIATE_ASCII ? "ASCII " : ""),
34
(flags & NEGOTIATE_REQUEST_TARGET ? "ReqTgt " : ""),
35
(flags & NEGOTIATE_REQUEST_SIGN ? "ReqSign " : ""),
36
(flags & NEGOTIATE_REQUEST_SEAL ? "ReqSeal " : ""),
37
(flags & NEGOTIATE_DATAGRAM_STYLE ? "Dgram " : ""),
38
(flags & NEGOTIATE_USE_LM ? "UseLM " : ""),
39
(flags & NEGOTIATE_USE_NETWARE ? "UseNW " : ""),
40
(flags & NEGOTIATE_USE_NTLM ? "UseNTLM " : ""),
41
(flags & NEGOTIATE_DOMAIN_SUPPLIED ? "HaveDomain " : ""),
42
(flags & NEGOTIATE_WORKSTATION_SUPPLIED ? "HaveWKS " : ""),
43
(flags & NEGOTIATE_THIS_IS_LOCAL_CALL ? "LocalCall " : ""),
44
(flags & NEGOTIATE_ALWAYS_SIGN ? "AlwaysSign " : ""),
45
(flags & CHALLENGE_TARGET_IS_DOMAIN ? "Tgt_is_domain" : ""),
46
(flags & CHALLENGE_TARGET_IS_SERVER ? "Tgt_is_server " : ""),
47
(flags & CHALLENGE_TARGET_IS_SHARE ? "Tgt_is_share " : ""),
48
(flags & REQUEST_INIT_RESPONSE ? "Req_init_response " : ""),
49
(flags & REQUEST_ACCEPT_RESPONSE ? "Req_accept_response " : ""),
50
(flags & REQUEST_NON_NT_SESSION_KEY ? "Req_nonnt_sesskey " : "")
54
#define lstring_zero(s) s.str=NULL; s.l=-1;
56
/* fetches a string from the authentication packet.
57
* The lstring data-part points to inside the packet itself.
58
* It's up to the user to memcpy() that if the value needs to
59
* be used in any way that requires a tailing \0. (he can check whether the
60
* value is there though, in that case lstring.length==-1).
63
ntlm_fetch_string(char *packet, int32_t length, strhdr * str)
65
int16_t l; /* length */
66
int32_t o; /* offset */
72
o = WSWAP(str->offset);
73
/* debug("fetch_string(plength=%d,l=%d,o=%d)\n",length,l,o); */
75
if (l < 0 || l > MAX_FIELD_LENGTH || o + l > length || o == 0) {
76
/* debug("ntlmssp: insane data (l: %d, o: %d)\n", l,o); */
85
/* Adds something to the payload. The caller must guarrantee that
86
* there is enough space in the payload string to accommodate the
88
* payload_length and hdr will be modified as a side-effect.
89
* base_offset is the payload offset from the packet's beginning, and is
92
ntlm_add_to_payload(char *payload, int *payload_length,
93
strhdr * hdr, char *toadd,
94
int toadd_length, int base_offset)
97
int l = (*payload_length);
98
memcpy(payload + l, toadd, toadd_length);
100
hdr->len = toadd_length;
101
hdr->maxlen = toadd_length;
102
hdr->offset = l + base_offset; /* 48 is the base offset of the payload */
103
(*payload_length) += toadd_length;
107
/* prepares a base64-encode challenge packet to be sent to the client
108
* note: domain should be upper_case
109
* note: the storage type for the returned value depends on
110
* base64_encode_bin. Currently this means static storage.
113
ntlm_make_challenge(char *domain, char *domain_controller,
114
char *challenge_nonce, int challenge_nonce_len)
119
memset(&ch, 0, sizeof(ntlm_challenge)); /* reset */
120
memcpy(ch.signature, "NTLMSSP", 8); /* set the signature */
121
ch.type = WSWAP(NTLM_CHALLENGE); /* this is a challenge */
122
ntlm_add_to_payload(ch.payload, &pl, &ch.target, domain, strlen(domain),
123
NTLM_CHALLENGE_HEADER_OFFSET);
125
REQUEST_NON_NT_SESSION_KEY |
126
CHALLENGE_TARGET_IS_DOMAIN |
127
NEGOTIATE_ALWAYS_SIGN |
133
ch.context_low = 0; /* check this out */
135
memcpy(ch.challenge, challenge_nonce, challenge_nonce_len);
136
encoded = base64_encode_bin((char *) &ch, NTLM_CHALLENGE_HEADER_OFFSET + pl);