[thirdparty/squid.git] / lib / ntlmauth.c

/*
 * $Id$
 *
 * * * * * * * * Legal stuff * * * * * * *
 *
 * (C) 2000 Francesco Chemolli <kinkie@kame.usr.dsi.unimi.it>,
 *   inspired by previous work by Andrew Doran <ad@interlude.eu.org>.
 * This program is free software; you can redistribute it and/or modify
 * it under the terms of the GNU General Public License as published by
 * the Free Software Foundation; either version 2 of the License, or
 * (at your option) any later version.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU General Public License for more details.
 *
 * You should have received a copy of the GNU General Public License
 * along with this program; if not, write to the Free Software
 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111, USA.
 *
 */

#include "config.h"

#if HAVE_STRING_H
#include <string.h>
#endif
#if HAVE_STRINGS_H
#include <strings.h>
#endif

#include "ntlmauth.h"
#include "util.h"		/* for base64-related stuff */

#if UNUSED_CODE
/** Dumps NTLM flags to standard error for debugging purposes */
void
ntlm_dump_ntlmssp_flags(u_int32_t flags)
{
    fprintf(stderr, "flags: %s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s\n",
            (flags & NEGOTIATE_UNICODE ? "Unicode " : ""),
            (flags & NEGOTIATE_ASCII ? "ASCII " : ""),
            (flags & NEGOTIATE_REQUEST_TARGET ? "ReqTgt " : ""),
            (flags & NEGOTIATE_REQUEST_SIGN ? "ReqSign " : ""),
            (flags & NEGOTIATE_REQUEST_SEAL ? "ReqSeal " : ""),
            (flags & NEGOTIATE_DATAGRAM_STYLE ? "Dgram " : ""),
            (flags & NEGOTIATE_USE_LM ? "UseLM " : ""),
            (flags & NEGOTIATE_USE_NETWARE ? "UseNW " : ""),
            (flags & NEGOTIATE_USE_NTLM ? "UseNTLM " : ""),
            (flags & NEGOTIATE_DOMAIN_SUPPLIED ? "HaveDomain " : ""),
            (flags & NEGOTIATE_WORKSTATION_SUPPLIED ? "HaveWKS " : ""),
            (flags & NEGOTIATE_THIS_IS_LOCAL_CALL ? "LocalCall " : ""),
            (flags & NEGOTIATE_ALWAYS_SIGN ? "AlwaysSign " : ""),
            (flags & CHALLENGE_TARGET_IS_DOMAIN ? "Tgt_is_domain" : ""),
            (flags & CHALLENGE_TARGET_IS_SERVER ? "Tgt_is_server " : ""),
            (flags & CHALLENGE_TARGET_IS_SHARE ? "Tgt_is_share " : ""),
            (flags & REQUEST_INIT_RESPONSE ? "Req_init_response " : ""),
            (flags & REQUEST_ACCEPT_RESPONSE ? "Req_accept_response " : ""),
            (flags & REQUEST_NON_NT_SESSION_KEY ? "Req_nonnt_sesskey " : "")
           );
}
#endif

#define lstring_zero(s) s.str=NULL; s.l=-1;

/**
 * Fetches a string from the authentication packet.
 * The lstring data-part points to inside the packet itself.
 * It's up to the user to memcpy() that if the value needs to
 * be used in any way that requires a tailing \0. (can check whether the
 * value is there though, in that case lstring.length == -1).
 */
lstring
ntlm_fetch_string(char *packet, int32_t length, strhdr * str)
{
    int16_t l;			/* length */
    int32_t o;			/* offset */
    lstring rv;

    lstring_zero(rv);

    l = le16toh(str->len);
    o = le32toh(str->offset);
    /* debug("fetch_string(plength=%d,l=%d,o=%d)\n",length,l,o); */

    if (l < 0 || l > MAX_FIELD_LENGTH || o + l > length || o == 0) {
        /* debug("ntlmssp: insane data (l: %d, o: %d)\n", l,o); */
        return rv;
    }
    rv.str = packet + o;
    rv.l = l;

    return rv;
}

/**
 * Adds something to the payload. The caller must guarrantee that
 * there is enough space in the payload string to accommodate the
 * added value.
 * payload_length and hdr will be modified as a side-effect.
 * base_offset is the payload offset from the packet's beginning, and is
 */
void
ntlm_add_to_payload(char *payload, int *payload_length,
                    strhdr * hdr, char *toadd,
                    int toadd_length, int base_offset)
{

    int l = (*payload_length);
    memcpy(payload + l, toadd, toadd_length);

    hdr->len = htole16(toadd_length);
    hdr->maxlen = htole16(toadd_length);
    hdr->offset = htole32(l + base_offset);	/* 48 is the base offset of the payload */
    (*payload_length) += toadd_length;
}


/**
 * Prepares a base64-encode challenge packet to be sent to the client
 * \note domain should be upper_case
 * \note the storage type for the returned value depends on
 *    base64_encode_bin. Currently this means static storage.
 */
const char *
ntlm_make_challenge(char *domain, char *domain_controller,
                    char *challenge_nonce, int challenge_nonce_len)
{
    ntlm_challenge ch;
    int pl = 0;
    const char *encoded;
    memset(&ch, 0, sizeof(ntlm_challenge));	/* reset */
    memcpy(ch.hdr.signature, "NTLMSSP", 8);		/* set the signature */
    ch.hdr.type = htole32(NTLM_CHALLENGE);	/* this is a challenge */
    ntlm_add_to_payload(ch.payload, &pl, &ch.target, domain, strlen(domain),
                        NTLM_CHALLENGE_HEADER_OFFSET);
    ch.flags = htole32(
                   REQUEST_NON_NT_SESSION_KEY |
                   CHALLENGE_TARGET_IS_DOMAIN |
                   NEGOTIATE_ALWAYS_SIGN |
                   NEGOTIATE_USE_NTLM |
                   NEGOTIATE_USE_LM |
                   NEGOTIATE_ASCII |
                   0
               );
    ch.context_low = 0;		/* check this out */
    ch.context_high = 0;
    memcpy(ch.challenge, challenge_nonce, challenge_nonce_len);
    encoded = base64_encode_bin((char *) &ch, NTLM_CHALLENGE_HEADER_OFFSET + pl);
    return encoded;
}
Commit	Line	Data
94439e4e	1	/*
262a0e14	2	* $Id$
94439e4e	3	*
	4	* * * * * * * * Legal stuff * * * * * * *
	5	*
	6	* (C) 2000 Francesco Chemolli <kinkie@kame.usr.dsi.unimi.it>,
5d146f7d	7	* inspired by previous work by Andrew Doran <ad@interlude.eu.org>.
94439e4e	8	* This program is free software; you can redistribute it and/or modify
	9	* it under the terms of the GNU General Public License as published by
	10	* the Free Software Foundation; either version 2 of the License, or
	11	* (at your option) any later version.
26ac0430	12	*
94439e4e	13	* This program is distributed in the hope that it will be useful,
	14	* but WITHOUT ANY WARRANTY; without even the implied warranty of
	15	* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
	16	* GNU General Public License for more details.
26ac0430	17	*
94439e4e	18	* You should have received a copy of the GNU General Public License
	19	* along with this program; if not, write to the Free Software
	20	* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111, USA.
	21	*
	22	*/
	23
d434f297	24	#include "config.h"
94439e4e	25
32d002cb	26	#if HAVE_STRING_H
cf17b739	27	#include <string.h>
cf17b739	28	#endif
32d002cb	29	#if HAVE_STRINGS_H
cf17b739	30	#include <strings.h>
	31	#endif
	32
d434f297	33	#include "ntlmauth.h"
	34	#include "util.h" /* for base64-related stuff */
	35
2d72d4fd	36	#if UNUSED_CODE
dac46b89	37	/** Dumps NTLM flags to standard error for debugging purposes */
94439e4e	38	void
	39	ntlm_dump_ntlmssp_flags(u_int32_t flags)
	40	{
	41	fprintf(stderr, "flags: %s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s\n",
26ac0430 AJ	42	(flags & NEGOTIATE_UNICODE ? "Unicode " : ""),
	43	(flags & NEGOTIATE_ASCII ? "ASCII " : ""),
	44	(flags & NEGOTIATE_REQUEST_TARGET ? "ReqTgt " : ""),
	45	(flags & NEGOTIATE_REQUEST_SIGN ? "ReqSign " : ""),
	46	(flags & NEGOTIATE_REQUEST_SEAL ? "ReqSeal " : ""),
	47	(flags & NEGOTIATE_DATAGRAM_STYLE ? "Dgram " : ""),
	48	(flags & NEGOTIATE_USE_LM ? "UseLM " : ""),
	49	(flags & NEGOTIATE_USE_NETWARE ? "UseNW " : ""),
	50	(flags & NEGOTIATE_USE_NTLM ? "UseNTLM " : ""),
	51	(flags & NEGOTIATE_DOMAIN_SUPPLIED ? "HaveDomain " : ""),
	52	(flags & NEGOTIATE_WORKSTATION_SUPPLIED ? "HaveWKS " : ""),
	53	(flags & NEGOTIATE_THIS_IS_LOCAL_CALL ? "LocalCall " : ""),
	54	(flags & NEGOTIATE_ALWAYS_SIGN ? "AlwaysSign " : ""),
	55	(flags & CHALLENGE_TARGET_IS_DOMAIN ? "Tgt_is_domain" : ""),
	56	(flags & CHALLENGE_TARGET_IS_SERVER ? "Tgt_is_server " : ""),
	57	(flags & CHALLENGE_TARGET_IS_SHARE ? "Tgt_is_share " : ""),
	58	(flags & REQUEST_INIT_RESPONSE ? "Req_init_response " : ""),
	59	(flags & REQUEST_ACCEPT_RESPONSE ? "Req_accept_response " : ""),
	60	(flags & REQUEST_NON_NT_SESSION_KEY ? "Req_nonnt_sesskey " : "")
	61	);
94439e4e	62	}
2d72d4fd	63	#endif
94439e4e	64
	65	#define lstring_zero(s) s.str=NULL; s.l=-1;
	66
dac46b89 AJ	67	/**
dac46b89 AJ	68	* Fetches a string from the authentication packet.
94439e4e	69	* The lstring data-part points to inside the packet itself.
94439e4e	70	* It's up to the user to memcpy() that if the value needs to
dac46b89 AJ	71	* be used in any way that requires a tailing \0. (can check whether the
dac46b89 AJ	72	* value is there though, in that case lstring.length == -1).
94439e4e	73	*/
	74	lstring
	75	ntlm_fetch_string(char packet, int32_t length, strhdr str)
	76	{
	77	int16_t l; /* length */
	78	int32_t o; /* offset */
	79	lstring rv;
	80
	81	lstring_zero(rv);
	82
f9576890	83	l = le16toh(str->len);
f9576890	84	o = le32toh(str->offset);
94439e4e	85	/* debug("fetch_string(plength=%d,l=%d,o=%d)\n",length,l,o); */
	86
	87	if (l < 0 \|\| l > MAX_FIELD_LENGTH \|\| o + l > length \|\| o == 0) {
26ac0430 AJ	88	/* debug("ntlmssp: insane data (l: %d, o: %d)\n", l,o); */
26ac0430 AJ	89	return rv;
94439e4e	90	}
	91	rv.str = packet + o;
	92	rv.l = l;
	93
	94	return rv;
	95	}
	96
dac46b89 AJ	97	/**
dac46b89 AJ	98	* Adds something to the payload. The caller must guarrantee that
94439e4e	99	* there is enough space in the payload string to accommodate the
	100	* added value.
	101	* payload_length and hdr will be modified as a side-effect.
	102	* base_offset is the payload offset from the packet's beginning, and is
	103	*/
	104	void
	105	ntlm_add_to_payload(char payload, int payload_length,
26ac0430 AJ	106	strhdr * hdr, char *toadd,
26ac0430 AJ	107	int toadd_length, int base_offset)
94439e4e	108	{
	109
	110	int l = (*payload_length);
	111	memcpy(payload + l, toadd, toadd_length);
	112
f9576890	113	hdr->len = htole16(toadd_length);
	114	hdr->maxlen = htole16(toadd_length);
	115	hdr->offset = htole32(l + base_offset); /* 48 is the base offset of the payload */
94439e4e	116	(*payload_length) += toadd_length;
	117	}
	118
	119
dac46b89 AJ	120	/**
	121	* Prepares a base64-encode challenge packet to be sent to the client
	122	* \note domain should be upper_case
	123	* \note the storage type for the returned value depends on
94439e4e	124	* base64_encode_bin. Currently this means static storage.
	125	*/
	126	const char *
	127	ntlm_make_challenge(char domain, char domain_controller,
26ac0430	128	char *challenge_nonce, int challenge_nonce_len)
94439e4e	129	{
	130	ntlm_challenge ch;
	131	int pl = 0;
	132	const char *encoded;
	133	memset(&ch, 0, sizeof(ntlm_challenge)); /* reset */
dac46b89 AJ	134	memcpy(ch.hdr.signature, "NTLMSSP", 8); /* set the signature */
dac46b89 AJ	135	ch.hdr.type = htole32(NTLM_CHALLENGE); /* this is a challenge */
94439e4e	136	ntlm_add_to_payload(ch.payload, &pl, &ch.target, domain, strlen(domain),
26ac0430	137	NTLM_CHALLENGE_HEADER_OFFSET);
f9576890	138	ch.flags = htole32(
26ac0430 AJ	139	REQUEST_NON_NT_SESSION_KEY \|
	140	CHALLENGE_TARGET_IS_DOMAIN \|
	141	NEGOTIATE_ALWAYS_SIGN \|
	142	NEGOTIATE_USE_NTLM \|
	143	NEGOTIATE_USE_LM \|
	144	NEGOTIATE_ASCII \|
	145	0
	146	);
94439e4e	147	ch.context_low = 0; /* check this out */
	148	ch.context_high = 0;
	149	memcpy(ch.challenge, challenge_nonce, challenge_nonce_len);
	150	encoded = base64_encode_bin((char *) &ch, NTLM_CHALLENGE_HEADER_OFFSET + pl);
	151	return encoded;
	152	}