2 * Copyright (c) 2006 - 2008 Kungliga Tekniska Högskolan
3 * (Royal Institute of Technology, Stockholm, Sweden).
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
13 * 2. Redistributions in binary form must reproduce the above copyright
14 * notice, this list of conditions and the following disclaimer in the
15 * documentation and/or other materials provided with the distribution.
17 * 3. Neither the name of the Institute nor the names of its contributors
18 * may be used to endorse or promote products derived from this software
19 * without specific prior written permission.
21 * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
22 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
23 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
24 * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
25 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
26 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
27 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
28 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
29 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
30 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
37 from_file(const char *fn
, const char *target_domain
,
38 char **username
, struct ntlm_buf
*key
)
48 while (fgets(buf
, sizeof(buf
), f
) != NULL
) {
50 buf
[strcspn(buf
, "\r\n")] = '\0';
54 d
= strtok_r(buf
, ":", &str
);
55 if (d
&& strcasecmp(target_domain
, d
) != 0)
57 u
= strtok_r(NULL
, ":", &str
);
58 p
= strtok_r(NULL
, ":", &str
);
59 if (u
== NULL
|| p
== NULL
)
62 *username
= strdup(u
);
64 heim_ntlm_nt_key(p
, key
);
66 memset(buf
, 0, sizeof(buf
));
70 memset(buf
, 0, sizeof(buf
));
76 get_user_file(const ntlm_name target_name
,
77 char **username
, struct ntlm_buf
*key
)
84 fn
= getenv("NTLM_USER_FILE");
87 if (from_file(fn
, target_name
->domain
, username
, key
) == 0)
94 * Pick up the ntlm cred from the default krb5 credential cache.
98 get_user_ccache(const ntlm_name name
, char **username
, struct ntlm_buf
*key
)
100 krb5_context context
= NULL
;
101 krb5_principal client
;
102 krb5_ccache id
= NULL
;
108 krb5_data_zero(&data
);
112 ret
= krb5_init_context(&context
);
116 ret
= krb5_cc_default(context
, &id
);
120 ret
= krb5_cc_get_principal(context
, id
, &client
);
124 ret
= krb5_unparse_name_flags(context
, client
,
125 KRB5_PRINCIPAL_UNPARSE_NO_REALM
,
127 krb5_free_principal(context
, client
);
131 asprintf(&confname
, "ntlm-key-%s", name
->domain
);
132 if (confname
== NULL
) {
133 krb5_clear_error_message(context
);
138 ret
= krb5_cc_get_config(context
, id
, NULL
,
143 key
->data
= malloc(data
.length
);
144 if (key
->data
== NULL
) {
148 key
->length
= data
.length
;
149 memcpy(key
->data
, data
.data
, data
.length
);
152 krb5_data_free(&data
);
154 krb5_cc_close(context
, id
);
156 krb5_free_context(context
);
162 _gss_ntlm_get_user_cred(const ntlm_name target_name
,
168 cred
= calloc(1, sizeof(*cred
));
172 ret
= get_user_file(target_name
, &cred
->username
, &cred
->key
);
174 ret
= get_user_ccache(target_name
, &cred
->username
, &cred
->key
);
180 cred
->domain
= strdup(target_name
->domain
);
187 _gss_copy_cred(ntlm_cred from
, ntlm_cred
*to
)
189 *to
= calloc(1, sizeof(**to
));
192 (*to
)->username
= strdup(from
->username
);
193 if ((*to
)->username
== NULL
) {
197 (*to
)->domain
= strdup(from
->domain
);
198 if ((*to
)->domain
== NULL
) {
199 free((*to
)->username
);
203 (*to
)->key
.data
= malloc(from
->key
.length
);
204 if ((*to
)->key
.data
== NULL
) {
206 free((*to
)->username
);
210 memcpy((*to
)->key
.data
, from
->key
.data
, from
->key
.length
);
211 (*to
)->key
.length
= from
->key
.length
;
216 OM_uint32 GSSAPI_CALLCONV
217 _gss_ntlm_init_sec_context
218 (OM_uint32
* minor_status
,
219 const gss_cred_id_t initiator_cred_handle
,
220 gss_ctx_id_t
* context_handle
,
221 const gss_name_t target_name
,
222 const gss_OID mech_type
,
225 const gss_channel_bindings_t input_chan_bindings
,
226 const gss_buffer_t input_token
,
227 gss_OID
* actual_mech_type
,
228 gss_buffer_t output_token
,
229 OM_uint32
* ret_flags
,
234 ntlm_name name
= (ntlm_name
)target_name
;
242 if (actual_mech_type
)
243 *actual_mech_type
= GSS_C_NO_OID
;
245 if (*context_handle
== GSS_C_NO_CONTEXT
) {
246 struct ntlm_type1 type1
;
247 struct ntlm_buf data
;
251 ctx
= calloc(1, sizeof(*ctx
));
253 *minor_status
= EINVAL
;
254 return GSS_S_FAILURE
;
256 *context_handle
= (gss_ctx_id_t
)ctx
;
258 if (initiator_cred_handle
!= GSS_C_NO_CREDENTIAL
) {
259 ntlm_cred cred
= (ntlm_cred
)initiator_cred_handle
;
260 ret
= _gss_copy_cred(cred
, &ctx
->client
);
262 ret
= _gss_ntlm_get_user_cred(name
, &ctx
->client
);
265 _gss_ntlm_delete_sec_context(minor_status
, context_handle
, NULL
);
267 return GSS_S_FAILURE
;
270 if (req_flags
& GSS_C_CONF_FLAG
)
271 flags
|= NTLM_NEG_SEAL
;
272 if (req_flags
& GSS_C_INTEG_FLAG
)
273 flags
|= NTLM_NEG_SIGN
;
275 flags
|= NTLM_NEG_ALWAYS_SIGN
;
277 flags
|= NTLM_NEG_UNICODE
;
278 flags
|= NTLM_NEG_NTLM
;
279 flags
|= NTLM_NEG_NTLM2_SESSION
;
280 flags
|= NTLM_NEG_KEYEX
;
282 memset(&type1
, 0, sizeof(type1
));
285 type1
.domain
= name
->domain
;
286 type1
.hostname
= NULL
;
290 ret
= heim_ntlm_encode_type1(&type1
, &data
);
292 _gss_ntlm_delete_sec_context(minor_status
, context_handle
, NULL
);
294 return GSS_S_FAILURE
;
297 output_token
->value
= data
.data
;
298 output_token
->length
= data
.length
;
300 return GSS_S_CONTINUE_NEEDED
;
303 struct ntlm_type2 type2
;
304 struct ntlm_type3 type3
;
305 struct ntlm_buf data
;
307 ctx
= (ntlm_ctx
)*context_handle
;
309 data
.data
= input_token
->value
;
310 data
.length
= input_token
->length
;
312 ret
= heim_ntlm_decode_type2(&data
, &type2
);
314 _gss_ntlm_delete_sec_context(minor_status
, context_handle
, NULL
);
316 return GSS_S_FAILURE
;
319 ctx
->flags
= type2
.flags
;
321 /* XXX check that type2.targetinfo matches `target_name´ */
322 /* XXX check verify targetinfo buffer */
324 memset(&type3
, 0, sizeof(type3
));
326 type3
.username
= ctx
->client
->username
;
327 type3
.flags
= type2
.flags
;
328 type3
.targetname
= type2
.targetname
;
329 type3
.ws
= rk_UNCONST("workstation");
332 * NTLM Version 1 if no targetinfo buffer.
335 if (1 || type2
.targetinfo
.length
== 0) {
336 struct ntlm_buf sessionkey
;
338 if (type2
.flags
& NTLM_NEG_NTLM2_SESSION
) {
339 unsigned char nonce
[8];
341 if (RAND_bytes(nonce
, sizeof(nonce
)) != 1) {
342 _gss_ntlm_delete_sec_context(minor_status
,
343 context_handle
, NULL
);
344 *minor_status
= EINVAL
;
345 return GSS_S_FAILURE
;
348 ret
= heim_ntlm_calculate_ntlm2_sess(nonce
,
350 ctx
->client
->key
.data
,
354 ret
= heim_ntlm_calculate_ntlm1(ctx
->client
->key
.data
,
355 ctx
->client
->key
.length
,
361 _gss_ntlm_delete_sec_context(minor_status
,context_handle
,NULL
);
363 return GSS_S_FAILURE
;
366 ret
= heim_ntlm_build_ntlm1_master(ctx
->client
->key
.data
,
367 ctx
->client
->key
.length
,
374 free(type3
.ntlm
.data
);
375 _gss_ntlm_delete_sec_context(minor_status
,context_handle
,NULL
);
377 return GSS_S_FAILURE
;
380 ret
= krb5_data_copy(&ctx
->sessionkey
,
381 sessionkey
.data
, sessionkey
.length
);
382 free(sessionkey
.data
);
387 free(type3
.ntlm
.data
);
388 _gss_ntlm_delete_sec_context(minor_status
,context_handle
,NULL
);
390 return GSS_S_FAILURE
;
392 ctx
->status
|= STATUS_SESSIONKEY
;
395 struct ntlm_buf sessionkey
;
396 unsigned char ntlmv2
[16];
397 struct ntlm_targetinfo ti
;
399 /* verify infotarget */
401 ret
= heim_ntlm_decode_targetinfo(&type2
.targetinfo
, 1, &ti
);
403 _gss_ntlm_delete_sec_context(minor_status
,
404 context_handle
, NULL
);
406 return GSS_S_FAILURE
;
409 if (ti
.domainname
&& strcmp(ti
.domainname
, name
->domain
) != 0) {
410 _gss_ntlm_delete_sec_context(minor_status
,
411 context_handle
, NULL
);
412 *minor_status
= EINVAL
;
413 return GSS_S_FAILURE
;
416 ret
= heim_ntlm_calculate_ntlm2(ctx
->client
->key
.data
,
417 ctx
->client
->key
.length
,
418 ctx
->client
->username
,
425 _gss_ntlm_delete_sec_context(minor_status
,
426 context_handle
, NULL
);
428 return GSS_S_FAILURE
;
431 ret
= heim_ntlm_build_ntlm1_master(ntlmv2
, sizeof(ntlmv2
),
434 memset(ntlmv2
, 0, sizeof(ntlmv2
));
436 _gss_ntlm_delete_sec_context(minor_status
,
437 context_handle
, NULL
);
439 return GSS_S_FAILURE
;
442 ctx
->flags
|= NTLM_NEG_NTLM2_SESSION
;
444 ret
= krb5_data_copy(&ctx
->sessionkey
,
445 sessionkey
.data
, sessionkey
.length
);
446 free(sessionkey
.data
);
448 _gss_ntlm_delete_sec_context(minor_status
,
449 context_handle
, NULL
);
451 return GSS_S_FAILURE
;
455 if (ctx
->flags
& NTLM_NEG_NTLM2_SESSION
) {
456 ctx
->status
|= STATUS_SESSIONKEY
;
457 _gss_ntlm_set_key(&ctx
->u
.v2
.send
, 0, (ctx
->flags
& NTLM_NEG_KEYEX
),
458 ctx
->sessionkey
.data
,
459 ctx
->sessionkey
.length
);
460 _gss_ntlm_set_key(&ctx
->u
.v2
.recv
, 1, (ctx
->flags
& NTLM_NEG_KEYEX
),
461 ctx
->sessionkey
.data
,
462 ctx
->sessionkey
.length
);
464 ctx
->status
|= STATUS_SESSIONKEY
;
465 RC4_set_key(&ctx
->u
.v1
.crypto_recv
.key
,
466 ctx
->sessionkey
.length
,
467 ctx
->sessionkey
.data
);
468 RC4_set_key(&ctx
->u
.v1
.crypto_send
.key
,
469 ctx
->sessionkey
.length
,
470 ctx
->sessionkey
.data
);
475 ret
= heim_ntlm_encode_type3(&type3
, &data
);
476 free(type3
.sessionkey
.data
);
480 free(type3
.ntlm
.data
);
482 _gss_ntlm_delete_sec_context(minor_status
, context_handle
, NULL
);
484 return GSS_S_FAILURE
;
487 output_token
->length
= data
.length
;
488 output_token
->value
= data
.data
;
490 if (actual_mech_type
)
491 *actual_mech_type
= GSS_NTLM_MECHANISM
;
495 *time_rec
= GSS_C_INDEFINITE
;
497 ctx
->status
|= STATUS_OPEN
;
499 return GSS_S_COMPLETE
;