2 * Copyright (c) 2006 - 2008 Kungliga Tekniska Högskolan
3 * (Royal Institute of Technology, Stockholm, Sweden).
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
13 * 2. Redistributions in binary form must reproduce the above copyright
14 * notice, this list of conditions and the following disclaimer in the
15 * documentation and/or other materials provided with the distribution.
17 * 3. Neither the name of the Institute nor the names of its contributors
18 * may be used to endorse or promote products derived from this software
19 * without specific prior written permission.
21 * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
22 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
23 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
24 * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
25 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
26 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
27 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
28 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
29 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
30 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
37 from_file(const char *fn
, const char *target_domain
,
38 char **username
, struct ntlm_buf
*key
)
48 while (fgets(buf
, sizeof(buf
), f
) != NULL
) {
50 buf
[strcspn(buf
, "\r\n")] = '\0';
54 d
= strtok_r(buf
, ":", &str
);
55 if (d
&& strcasecmp(target_domain
, d
) != 0)
57 u
= strtok_r(NULL
, ":", &str
);
58 p
= strtok_r(NULL
, ":", &str
);
59 if (u
== NULL
|| p
== NULL
)
62 *username
= strdup(u
);
64 heim_ntlm_nt_key(p
, key
);
66 memset(buf
, 0, sizeof(buf
));
70 memset(buf
, 0, sizeof(buf
));
76 get_user_file(const ntlm_name target_name
,
77 char **username
, struct ntlm_buf
*key
)
84 fn
= getenv("NTLM_USER_FILE");
87 if (from_file(fn
, target_name
->domain
, username
, key
) == 0)
94 * Pick up the ntlm cred from the default krb5 credential cache.
98 get_user_ccache(const ntlm_name name
, char **username
, struct ntlm_buf
*key
)
100 krb5_context context
= NULL
;
101 krb5_principal client
;
102 krb5_ccache id
= NULL
;
109 krb5_data_zero(&data
);
113 ret
= krb5_init_context(&context
);
117 ret
= krb5_cc_default(context
, &id
);
121 ret
= krb5_cc_get_principal(context
, id
, &client
);
125 ret
= krb5_unparse_name_flags(context
, client
,
126 KRB5_PRINCIPAL_UNPARSE_NO_REALM
,
128 krb5_free_principal(context
, client
);
132 aret
= asprintf(&confname
, "ntlm-key-%s", name
->domain
);
134 krb5_clear_error_message(context
);
139 ret
= krb5_cc_get_config(context
, id
, NULL
,
144 key
->data
= malloc(data
.length
);
145 if (key
->data
== NULL
) {
149 key
->length
= data
.length
;
150 memcpy(key
->data
, data
.data
, data
.length
);
153 krb5_data_free(&data
);
155 krb5_cc_close(context
, id
);
157 krb5_free_context(context
);
163 _gss_ntlm_get_user_cred(const ntlm_name target_name
,
169 cred
= calloc(1, sizeof(*cred
));
173 ret
= get_user_file(target_name
, &cred
->username
, &cred
->key
);
175 ret
= get_user_ccache(target_name
, &cred
->username
, &cred
->key
);
181 cred
->domain
= strdup(target_name
->domain
);
188 _gss_copy_cred(ntlm_cred from
, ntlm_cred
*to
)
190 *to
= calloc(1, sizeof(**to
));
193 (*to
)->username
= strdup(from
->username
);
194 if ((*to
)->username
== NULL
) {
198 (*to
)->domain
= strdup(from
->domain
);
199 if ((*to
)->domain
== NULL
) {
200 free((*to
)->username
);
204 (*to
)->key
.data
= malloc(from
->key
.length
);
205 if ((*to
)->key
.data
== NULL
) {
207 free((*to
)->username
);
211 memcpy((*to
)->key
.data
, from
->key
.data
, from
->key
.length
);
212 (*to
)->key
.length
= from
->key
.length
;
217 OM_uint32 GSSAPI_CALLCONV
218 _gss_ntlm_init_sec_context
219 (OM_uint32
* minor_status
,
220 gss_const_cred_id_t initiator_cred_handle
,
221 gss_ctx_id_t
* context_handle
,
222 gss_const_name_t target_name
,
223 const gss_OID mech_type
,
226 const gss_channel_bindings_t input_chan_bindings
,
227 const gss_buffer_t input_token
,
228 gss_OID
* actual_mech_type
,
229 gss_buffer_t output_token
,
230 OM_uint32
* ret_flags
,
235 ntlm_name name
= (ntlm_name
)target_name
;
243 if (actual_mech_type
)
244 *actual_mech_type
= GSS_C_NO_OID
;
246 if (*context_handle
== GSS_C_NO_CONTEXT
) {
247 struct ntlm_type1 type1
;
248 struct ntlm_buf data
;
252 ctx
= calloc(1, sizeof(*ctx
));
254 *minor_status
= EINVAL
;
255 return GSS_S_FAILURE
;
257 *context_handle
= (gss_ctx_id_t
)ctx
;
259 if (initiator_cred_handle
!= GSS_C_NO_CREDENTIAL
) {
260 ntlm_cred cred
= (ntlm_cred
)initiator_cred_handle
;
261 ret
= _gss_copy_cred(cred
, &ctx
->client
);
263 ret
= _gss_ntlm_get_user_cred(name
, &ctx
->client
);
266 _gss_ntlm_delete_sec_context(minor_status
, context_handle
, NULL
);
268 return GSS_S_FAILURE
;
271 if (req_flags
& GSS_C_CONF_FLAG
)
272 flags
|= NTLM_NEG_SEAL
;
273 if (req_flags
& GSS_C_INTEG_FLAG
)
274 flags
|= NTLM_NEG_SIGN
;
276 flags
|= NTLM_NEG_ALWAYS_SIGN
;
278 flags
|= NTLM_NEG_UNICODE
;
279 flags
|= NTLM_NEG_NTLM
;
280 flags
|= NTLM_NEG_NTLM2_SESSION
;
281 flags
|= NTLM_NEG_KEYEX
;
283 memset(&type1
, 0, sizeof(type1
));
286 type1
.domain
= name
->domain
;
287 type1
.hostname
= NULL
;
291 ret
= heim_ntlm_encode_type1(&type1
, &data
);
293 _gss_ntlm_delete_sec_context(minor_status
, context_handle
, NULL
);
295 return GSS_S_FAILURE
;
298 output_token
->value
= data
.data
;
299 output_token
->length
= data
.length
;
301 return GSS_S_CONTINUE_NEEDED
;
304 struct ntlm_type2 type2
;
305 struct ntlm_type3 type3
;
306 struct ntlm_buf data
;
308 ctx
= (ntlm_ctx
)*context_handle
;
310 data
.data
= input_token
->value
;
311 data
.length
= input_token
->length
;
313 ret
= heim_ntlm_decode_type2(&data
, &type2
);
315 _gss_ntlm_delete_sec_context(minor_status
, context_handle
, NULL
);
317 return GSS_S_FAILURE
;
320 ctx
->flags
= type2
.flags
;
322 /* XXX check that type2.targetinfo matches `target_name´ */
323 /* XXX check verify targetinfo buffer */
325 memset(&type3
, 0, sizeof(type3
));
327 type3
.username
= ctx
->client
->username
;
328 type3
.flags
= type2
.flags
;
329 type3
.targetname
= type2
.targetname
;
330 type3
.ws
= rk_UNCONST("workstation");
333 * NTLM Version 1 if no targetinfo buffer.
336 if (1 || type2
.targetinfo
.length
== 0) {
337 struct ntlm_buf sessionkey
;
339 if (type2
.flags
& NTLM_NEG_NTLM2_SESSION
) {
340 unsigned char nonce
[8];
342 if (RAND_bytes(nonce
, sizeof(nonce
)) != 1) {
343 _gss_ntlm_delete_sec_context(minor_status
,
344 context_handle
, NULL
);
345 *minor_status
= EINVAL
;
346 return GSS_S_FAILURE
;
349 ret
= heim_ntlm_calculate_ntlm2_sess(nonce
,
351 ctx
->client
->key
.data
,
355 ret
= heim_ntlm_calculate_ntlm1(ctx
->client
->key
.data
,
356 ctx
->client
->key
.length
,
362 _gss_ntlm_delete_sec_context(minor_status
,context_handle
,NULL
);
364 return GSS_S_FAILURE
;
367 ret
= heim_ntlm_build_ntlm1_master(ctx
->client
->key
.data
,
368 ctx
->client
->key
.length
,
375 free(type3
.ntlm
.data
);
376 _gss_ntlm_delete_sec_context(minor_status
,context_handle
,NULL
);
378 return GSS_S_FAILURE
;
381 ret
= krb5_data_copy(&ctx
->sessionkey
,
382 sessionkey
.data
, sessionkey
.length
);
383 free(sessionkey
.data
);
388 free(type3
.ntlm
.data
);
389 _gss_ntlm_delete_sec_context(minor_status
,context_handle
,NULL
);
391 return GSS_S_FAILURE
;
393 ctx
->status
|= STATUS_SESSIONKEY
;
396 struct ntlm_buf sessionkey
;
397 unsigned char ntlmv2
[16];
398 struct ntlm_targetinfo ti
;
400 /* verify infotarget */
402 ret
= heim_ntlm_decode_targetinfo(&type2
.targetinfo
, 1, &ti
);
404 _gss_ntlm_delete_sec_context(minor_status
,
405 context_handle
, NULL
);
407 return GSS_S_FAILURE
;
410 if (ti
.domainname
&& strcmp(ti
.domainname
, name
->domain
) != 0) {
411 _gss_ntlm_delete_sec_context(minor_status
,
412 context_handle
, NULL
);
413 *minor_status
= EINVAL
;
414 return GSS_S_FAILURE
;
417 ret
= heim_ntlm_calculate_ntlm2(ctx
->client
->key
.data
,
418 ctx
->client
->key
.length
,
419 ctx
->client
->username
,
426 _gss_ntlm_delete_sec_context(minor_status
,
427 context_handle
, NULL
);
429 return GSS_S_FAILURE
;
432 ret
= heim_ntlm_build_ntlm1_master(ntlmv2
, sizeof(ntlmv2
),
435 memset(ntlmv2
, 0, sizeof(ntlmv2
));
437 _gss_ntlm_delete_sec_context(minor_status
,
438 context_handle
, NULL
);
440 return GSS_S_FAILURE
;
443 ctx
->flags
|= NTLM_NEG_NTLM2_SESSION
;
445 ret
= krb5_data_copy(&ctx
->sessionkey
,
446 sessionkey
.data
, sessionkey
.length
);
447 free(sessionkey
.data
);
449 _gss_ntlm_delete_sec_context(minor_status
,
450 context_handle
, NULL
);
452 return GSS_S_FAILURE
;
456 if (ctx
->flags
& NTLM_NEG_NTLM2_SESSION
) {
457 ctx
->status
|= STATUS_SESSIONKEY
;
458 _gss_ntlm_set_key(&ctx
->u
.v2
.send
, 0, (ctx
->flags
& NTLM_NEG_KEYEX
),
459 ctx
->sessionkey
.data
,
460 ctx
->sessionkey
.length
);
461 _gss_ntlm_set_key(&ctx
->u
.v2
.recv
, 1, (ctx
->flags
& NTLM_NEG_KEYEX
),
462 ctx
->sessionkey
.data
,
463 ctx
->sessionkey
.length
);
465 ctx
->status
|= STATUS_SESSIONKEY
;
466 RC4_set_key(&ctx
->u
.v1
.crypto_recv
.key
,
467 ctx
->sessionkey
.length
,
468 ctx
->sessionkey
.data
);
469 RC4_set_key(&ctx
->u
.v1
.crypto_send
.key
,
470 ctx
->sessionkey
.length
,
471 ctx
->sessionkey
.data
);
476 ret
= heim_ntlm_encode_type3(&type3
, &data
, NULL
);
477 free(type3
.sessionkey
.data
);
481 free(type3
.ntlm
.data
);
483 _gss_ntlm_delete_sec_context(minor_status
, context_handle
, NULL
);
485 return GSS_S_FAILURE
;
488 output_token
->length
= data
.length
;
489 output_token
->value
= data
.data
;
491 if (actual_mech_type
)
492 *actual_mech_type
= GSS_NTLM_MECHANISM
;
496 *time_rec
= GSS_C_INDEFINITE
;
498 ctx
->status
|= STATUS_OPEN
;
500 return GSS_S_COMPLETE
;