[thirdparty/squid.git] / lib / ntlmauth.c

/*
 * $Id: ntlmauth.c,v 1.1 2001/01/07 23:36:36 hno Exp $
 *
 * * * * * * * * Legal stuff * * * * * * *
 *
 * (C) 2000 Francesco Chemolli <kinkie@kame.usr.dsi.unimi.it>,
 *   inspired by previous work by Andy Doran.
 * This program is free software; you can redistribute it and/or modify
 * it under the terms of the GNU General Public License as published by
 * the Free Software Foundation; either version 2 of the License, or
 * (at your option) any later version.
 *  
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU General Public License for more details.
 * 
 * You should have received a copy of the GNU General Public License
 * along with this program; if not, write to the Free Software
 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111, USA.
 *
 */

#include "ntlmauth.h"
#include "util.h"		/* for base64-related stuff */

/* Dumps NTLM flags to standard error for debugging purposes */
void
ntlm_dump_ntlmssp_flags(u_int32_t flags)
{
    fprintf(stderr, "flags: %s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s\n",
	(flags & NEGOTIATE_UNICODE ? "Unicode " : ""),
	(flags & NEGOTIATE_ASCII ? "ASCII " : ""),
	(flags & NEGOTIATE_REQUEST_TARGET ? "ReqTgt " : ""),
	(flags & NEGOTIATE_REQUEST_SIGN ? "ReqSign " : ""),
	(flags & NEGOTIATE_REQUEST_SEAL ? "ReqSeal " : ""),
	(flags & NEGOTIATE_DATAGRAM_STYLE ? "Dgram " : ""),
	(flags & NEGOTIATE_USE_LM ? "UseLM " : ""),
	(flags & NEGOTIATE_USE_NETWARE ? "UseNW " : ""),
	(flags & NEGOTIATE_USE_NTLM ? "UseNTLM " : ""),
	(flags & NEGOTIATE_DOMAIN_SUPPLIED ? "HaveDomain " : ""),
	(flags & NEGOTIATE_WORKSTATION_SUPPLIED ? "HaveWKS " : ""),
	(flags & NEGOTIATE_THIS_IS_LOCAL_CALL ? "LocalCall " : ""),
	(flags & NEGOTIATE_ALWAYS_SIGN ? "AlwaysSign " : ""),
	(flags & CHALLENGE_TARGET_IS_DOMAIN ? "Tgt_is_domain" : ""),
	(flags & CHALLENGE_TARGET_IS_SERVER ? "Tgt_is_server " : ""),
	(flags & CHALLENGE_TARGET_IS_SHARE ? "Tgt_is_share " : ""),
	(flags & REQUEST_INIT_RESPONSE ? "Req_init_response " : ""),
	(flags & REQUEST_ACCEPT_RESPONSE ? "Req_accept_response " : ""),
	(flags & REQUEST_NON_NT_SESSION_KEY ? "Req_nonnt_sesskey " : "")
	);
}

#define lstring_zero(s) s.str=NULL; s.l=-1;

/* fetches a string from the authentication packet.
 * The lstring data-part points to inside the packet itself.
 * It's up to the user to memcpy() that if the value needs to
 * be used in any way that requires a tailing \0. (he can check whether the
 * value is there though, in that case lstring.length==-1).
 */
lstring
ntlm_fetch_string(char *packet, int32_t length, strhdr * str)
{
    int16_t l;			/* length */
    int32_t o;			/* offset */
    lstring rv;

    lstring_zero(rv);

    l = SSWAP(str->len);
    o = WSWAP(str->offset);
    /* debug("fetch_string(plength=%d,l=%d,o=%d)\n",length,l,o); */

    if (l < 0 || l > MAX_FIELD_LENGTH || o + l > length || o == 0) {
	/* debug("ntlmssp: insane data (l: %d, o: %d)\n", l,o); */
	return rv;
    }
    rv.str = packet + o;
    rv.l = l;

    return rv;
}

/* Adds something to the payload. The caller must guarrantee that
 * there is enough space in the payload string to accommodate the
 * added value.
 * payload_length and hdr will be modified as a side-effect.
 * base_offset is the payload offset from the packet's beginning, and is
 */
void
ntlm_add_to_payload(char *payload, int *payload_length,
    strhdr * hdr, char *toadd,
    int toadd_length, int base_offset)
{

    int l = (*payload_length);
    memcpy(payload + l, toadd, toadd_length);

    hdr->len = toadd_length;
    hdr->maxlen = toadd_length;
    hdr->offset = l + base_offset;	/* 48 is the base offset of the payload */
    (*payload_length) += toadd_length;
}


/* prepares a base64-encode challenge packet to be sent to the client
 * note: domain should be upper_case
 * note: the storage type for the returned value depends on
 *    base64_encode_bin. Currently this means static storage.
 */
const char *
ntlm_make_challenge(char *domain, char *domain_controller,
    char *challenge_nonce, int challenge_nonce_len)
{
    ntlm_challenge ch;
    int pl = 0;
    const char *encoded;
    memset(&ch, 0, sizeof(ntlm_challenge));	/* reset */
    memcpy(ch.signature, "NTLMSSP", 8);		/* set the signature */
    ch.type = WSWAP(NTLM_CHALLENGE);	/* this is a challenge */
    ntlm_add_to_payload(ch.payload, &pl, &ch.target, domain, strlen(domain),
	NTLM_CHALLENGE_HEADER_OFFSET);
    ch.flags = WSWAP(
	REQUEST_NON_NT_SESSION_KEY |
	CHALLENGE_TARGET_IS_DOMAIN |
	NEGOTIATE_ALWAYS_SIGN |
	NEGOTIATE_USE_NTLM |
	NEGOTIATE_USE_LM |
	NEGOTIATE_ASCII |
	0
	);
    ch.context_low = 0;		/* check this out */
    ch.context_high = 0;
    memcpy(ch.challenge, challenge_nonce, challenge_nonce_len);
    encoded = base64_encode_bin((char *) &ch, NTLM_CHALLENGE_HEADER_OFFSET + pl);
    return encoded;
}
Commit	Line	Data
94439e4e	1	/*
	2	* $Id: ntlmauth.c,v 1.1 2001/01/07 23:36:36 hno Exp $
	3	*
	4	* * * * * * * * Legal stuff * * * * * * *
	5	*
	6	* (C) 2000 Francesco Chemolli <kinkie@kame.usr.dsi.unimi.it>,
	7	* inspired by previous work by Andy Doran.
	8	* This program is free software; you can redistribute it and/or modify
	9	* it under the terms of the GNU General Public License as published by
	10	* the Free Software Foundation; either version 2 of the License, or
	11	* (at your option) any later version.
	12	*
	13	* This program is distributed in the hope that it will be useful,
	14	* but WITHOUT ANY WARRANTY; without even the implied warranty of
	15	* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
	16	* GNU General Public License for more details.
	17	*
	18	* You should have received a copy of the GNU General Public License
	19	* along with this program; if not, write to the Free Software
	20	* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111, USA.
	21	*
	22	*/
	23
	24	#include "ntlmauth.h"
	25	#include "util.h" /* for base64-related stuff */
	26
	27	/* Dumps NTLM flags to standard error for debugging purposes */
	28	void
	29	ntlm_dump_ntlmssp_flags(u_int32_t flags)
	30	{
	31	fprintf(stderr, "flags: %s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s\n",
	32	(flags & NEGOTIATE_UNICODE ? "Unicode " : ""),
	33	(flags & NEGOTIATE_ASCII ? "ASCII " : ""),
	34	(flags & NEGOTIATE_REQUEST_TARGET ? "ReqTgt " : ""),
	35	(flags & NEGOTIATE_REQUEST_SIGN ? "ReqSign " : ""),
	36	(flags & NEGOTIATE_REQUEST_SEAL ? "ReqSeal " : ""),
	37	(flags & NEGOTIATE_DATAGRAM_STYLE ? "Dgram " : ""),
	38	(flags & NEGOTIATE_USE_LM ? "UseLM " : ""),
	39	(flags & NEGOTIATE_USE_NETWARE ? "UseNW " : ""),
	40	(flags & NEGOTIATE_USE_NTLM ? "UseNTLM " : ""),
	41	(flags & NEGOTIATE_DOMAIN_SUPPLIED ? "HaveDomain " : ""),
	42	(flags & NEGOTIATE_WORKSTATION_SUPPLIED ? "HaveWKS " : ""),
	43	(flags & NEGOTIATE_THIS_IS_LOCAL_CALL ? "LocalCall " : ""),
	44	(flags & NEGOTIATE_ALWAYS_SIGN ? "AlwaysSign " : ""),
	45	(flags & CHALLENGE_TARGET_IS_DOMAIN ? "Tgt_is_domain" : ""),
	46	(flags & CHALLENGE_TARGET_IS_SERVER ? "Tgt_is_server " : ""),
	47	(flags & CHALLENGE_TARGET_IS_SHARE ? "Tgt_is_share " : ""),
	48	(flags & REQUEST_INIT_RESPONSE ? "Req_init_response " : ""),
	49	(flags & REQUEST_ACCEPT_RESPONSE ? "Req_accept_response " : ""),
	50	(flags & REQUEST_NON_NT_SESSION_KEY ? "Req_nonnt_sesskey " : "")
	51	);
	52	}
	53
	54	#define lstring_zero(s) s.str=NULL; s.l=-1;
	55
	56	/* fetches a string from the authentication packet.
	57	* The lstring data-part points to inside the packet itself.
	58	* It's up to the user to memcpy() that if the value needs to
	59	* be used in any way that requires a tailing \0. (he can check whether the
	60	* value is there though, in that case lstring.length==-1).
	61	*/
	62	lstring
	63	ntlm_fetch_string(char packet, int32_t length, strhdr str)
	64	{
65	int16_t l; /* length */
66	int32_t o; /* offset */
67	lstring rv;
68
69	lstring_zero(rv);
70
71	l = SSWAP(str->len);
72	o = WSWAP(str->offset);
73	/* debug("fetch_string(plength=%d,l=%d,o=%d)\n",length,l,o); */
74
75	if (l < 0 \|\| l > MAX_FIELD_LENGTH \|\| o + l > length \|\| o == 0) {
76	/* debug("ntlmssp: insane data (l: %d, o: %d)\n", l,o); */
77	return rv;
78	}
79	rv.str = packet + o;
80	rv.l = l;
81
82	return rv;
83	}
84
85	/* Adds something to the payload. The caller must guarrantee that
86	* there is enough space in the payload string to accommodate the
87	* added value.
88	* payload_length and hdr will be modified as a side-effect.
89	* base_offset is the payload offset from the packet's beginning, and is
90	*/
91	void
92	ntlm_add_to_payload(char payload, int payload_length,
93	strhdr * hdr, char *toadd,
94	int toadd_length, int base_offset)
95	{
96
97	int l = (*payload_length);
98	memcpy(payload + l, toadd, toadd_length);
99
100	hdr->len = toadd_length;
101	hdr->maxlen = toadd_length;
102	hdr->offset = l + base_offset; /* 48 is the base offset of the payload */
103	(*payload_length) += toadd_length;
104	}
105
106
107	/* prepares a base64-encode challenge packet to be sent to the client
108	* note: domain should be upper_case
109	* note: the storage type for the returned value depends on
110	* base64_encode_bin. Currently this means static storage.
111	*/
112	const char *
113	ntlm_make_challenge(char domain, char domain_controller,
114	char *challenge_nonce, int challenge_nonce_len)
115	{
116	ntlm_challenge ch;
117	int pl = 0;
118	const char *encoded;
119	memset(&ch, 0, sizeof(ntlm_challenge)); /* reset */
120	memcpy(ch.signature, "NTLMSSP", 8); /* set the signature */
121	ch.type = WSWAP(NTLM_CHALLENGE); /* this is a challenge */
122	ntlm_add_to_payload(ch.payload, &pl, &ch.target, domain, strlen(domain),
123	NTLM_CHALLENGE_HEADER_OFFSET);
124	ch.flags = WSWAP(
125	REQUEST_NON_NT_SESSION_KEY \|
126	CHALLENGE_TARGET_IS_DOMAIN \|
127	NEGOTIATE_ALWAYS_SIGN \|
128	NEGOTIATE_USE_NTLM \|
129	NEGOTIATE_USE_LM \|
130	NEGOTIATE_ASCII \|
131	0
132	);
133	ch.context_low = 0; /* check this out */
134	ch.context_high = 0;
135	memcpy(ch.challenge, challenge_nonce, challenge_nonce_len);
136	encoded = base64_encode_bin((char *) &ch, NTLM_CHALLENGE_HEADER_OFFSET + pl);
137	return encoded;
138	}