search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Fix for bug #2834758: First NTLM signature check after startup fails
[siplcs.git] / src / core / sip-sec-ntlm.c
blobece3ebb76a0c0df7a63460ed9cab15b4c222e688
1 /**
2 * @file sip-sec-ntlm.c
3 *
4 * pidgin-sipe
5 *
6 * Copyright (C) 2010 SIPE Project <http://sipe.sourceforge.net/>
7 * Copyright (C) 2009, 2010 pier11 <pier11@operamail.com>
8 * Copyright (C) 2008 Novell, Inc.
9 * Modify 2007, Anibal Avelar <avelar@gmail.com>
10 * Copyright (C) 2005, Thomas Butter <butter@uni-mannheim.de>
11 *
12 * Implemented with reference to the follow documentation:
13 * - http://davenport.sourceforge.net/ntlm.html
14 * - MS-NLMP: http://msdn.microsoft.com/en-us/library/cc207842.aspx
15 * - MS-SIP : http://msdn.microsoft.com/en-us/library/cc246115.aspx
16 *
17 * This program is free software; you can redistribute it and/or modify
18 * it under the terms of the GNU General Public License as published by
19 * the Free Software Foundation; either version 2 of the License, or
20 * (at your option) any later version.
21 *
22 * This program is distributed in the hope that it will be useful,
23 * but WITHOUT ANY WARRANTY; without even the implied warranty of
24 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
25 * GNU General Public License for more details.
26 *
27 * You should have received a copy of the GNU General Public License
28 * along with this program; if not, write to the Free Software
29 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
30 */
31
32 /*
33 * Byte order policy:
34 *
35 * - NTLM messages (byte streams) should be in LE (Little-Endian) byte order.
36 * - internal int16, int32, int64 should contain proper values.
37 * For example: 01 00 00 00 LE should be translated to (int32)1
38 * - When reading/writing from/to NTLM message appropriate conversion should
39 * be taken to properly present integer values. glib's "Byte Order Macros"
40 * should be used for that, for example GUINT32_FROM_LE
41 *
42 * NOTE: The Byte Order Macros can have side effects!
43 * Do *NOT* make any calculations inside the macros!
44 *
45 * - All calculations should be made in dedicated local variables (system-endian),
46 * not in NTLM (LE) structures.
47 */
48
49 #include <stdlib.h>
50 #include <string.h>
51 #include <time.h>
52
53 #include <glib.h>
54
55 #ifdef HAVE_LANGINFO_CODESET
56 #include <langinfo.h>
57 #endif /* HAVE_LANGINFO_CODESET */
58
59 #include "sipe-common.h"
60 #include "sip-sec.h"
61 #include "sip-sec-mech.h"
62 #include "sip-sec-ntlm.h"
63 #include "sipe-backend.h"
64 #include "sipe-crypt.h"
65 #include "sipe-digest.h"
66 #include "sipe-utils.h"
67
68 /* [MS-NLMP] */
69 #define NTLMSSP_NEGOTIATE_UNICODE 0x00000001 /* A */
70 #define NTLMSSP_NEGOTIATE_OEM 0x00000002 /* B */
71 #define NTLMSSP_REQUEST_TARGET 0x00000004 /* C */
72 #define r9 0x00000008 /* r9 */
73 #define NTLMSSP_NEGOTIATE_SIGN 0x00000010 /* D */
74 #define NTLMSSP_NEGOTIATE_SEAL 0x00000020 /* E */
75 #define NTLMSSP_NEGOTIATE_DATAGRAM 0x00000040 /* F */
76 #define NTLMSSP_NEGOTIATE_LM_KEY 0x00000080 /* G */
77 #define r8 0x00000100 /* r8 */
78 #define NTLMSSP_NEGOTIATE_NTLM 0x00000200 /* H */
79 #define NTLMSSP_NEGOTIATE_NT_ONLY 0x00000400 /* I */
80 #define anonymous 0x00000800 /* J */
81 #define NTLMSSP_NEGOTIATE_OEM_DOMAIN_SUPPLIED 0x00001000 /* K */
82 #define NTLMSSP_NEGOTIATE_OEM_WORKSTATION_SUPPLIED 0x00002000 /* L */
83 #define r7 0x00004000 /* r7 */
84 #define NTLMSSP_NEGOTIATE_ALWAYS_SIGN 0x00008000 /* M */
85 #define NTLMSSP_TARGET_TYPE_DOMAIN 0x00010000 /* N */
86 #define NTLMSSP_TARGET_TYPE_SERVER 0x00020000 /* O */
87 #define r6 0x00040000 /* r6 */
88 #define NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY 0x00080000 /* P */
89 #define NTLMSSP_NEGOTIATE_IDENTIFY 0x00100000 /* Q */
90 #define r5 0x00200000 /* r5 */
91 #define NTLMSSP_REQUEST_NON_NT_SESSION_KEY 0x00400000 /* R */
92 #define NTLMSSP_NEGOTIATE_TARGET_INFO 0x00800000 /* S */
93 #define r4 0x01000000 /* r4 */
94 #define NTLMSSP_NEGOTIATE_VERSION 0x02000000 /* T */
95 #define r3 0x04000000 /* r3 */
96 #define r2 0x08000000 /* r2 */
97 #define r1 0x10000000 /* r1 */
98 #define NTLMSSP_NEGOTIATE_128 0x20000000 /* U */
99 #define NTLMSSP_NEGOTIATE_KEY_EXCH 0x40000000 /* V */
100 #define NTLMSSP_NEGOTIATE_56 0x80000000 /* W */
101
102 /* AvId */
103 #define MsvAvEOL 0
104 #define MsvAvNbComputerName 1
105 #define MsvAvNbDomainName 2
106 #define MsvAvDnsComputerName 3
107 #define MsvAvDnsDomainName 4
108 /** @since Windows XP */
109 #define MsvAvDnsTreeName 5
110 /** @since Windows XP */
111 #define MsvAvFlags 6
112 /** @since Windows Vista */
113 #define MsvAvTimestamp 7
114 /** @since Windows Vista */
115 #define MsAvRestrictions 8
116 /** @since Windows 7 */
117 #define MsvAvTargetName 9
118 /** @since Windows 7 */
119 #define MsvChannelBindings 10
120
121 /* time_t <-> (guint64) time_val conversion */
122 #define TIME_VAL_FACTOR 10000000
123 #define TIME_VAL_OFFSET 116444736000000000LL
124 #define TIME_T_TO_VAL(time_t) (((guint64)(time_t)) * TIME_VAL_FACTOR + TIME_VAL_OFFSET)
125 #define TIME_VAL_TO_T(time_val) ((time_t)((GUINT64_FROM_LE((time_val)) - TIME_VAL_OFFSET) / TIME_VAL_FACTOR))
126
127 /* 8 bytes */
128 /* LE (Little Endian) byte order */
129 struct version {
130 guint8 product_major_version;
131 guint8 product_minor_version;
132 guint16 product_build;
133 guint8 zero2[3];
134 guint8 ntlm_revision_current;
135 };
136
137 /*
138 * NTLMv1 is no longer used except in tests. R.I.P.
139 *
140 * It remains in this file only for documentary purposes
141 */
142 #ifdef _SIPE_COMPILING_TESTS
143 static gboolean use_ntlm_v2 = FALSE;
144
145 guint64 test_time_val = 0; /* actual time in implementation */
146 guchar test_client_challenge [8]; /* random in implementation */
147 guchar test_random_session_key[16]; /* random in implementation */
148 struct version test_version; /* hard-coded in implementation */
149 #endif
150
151 /* Minimum set of common features we need to work. */
152 /* we operate in NTLMv2 mode */
153 #define NEGOTIATE_FLAGS_COMMON_MIN \
154 ( NTLMSSP_NEGOTIATE_UNICODE | \
155 NTLMSSP_NEGOTIATE_NTLM | \
156 NTLMSSP_NEGOTIATE_ALWAYS_SIGN | \
157 NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY | \
158 NTLMSSP_NEGOTIATE_TARGET_INFO \
159 )
160
161 /* Negotiate flags for connection-based mode. Nice to have but optional. */
162 #define NEGOTIATE_FLAGS_CONN \
163 ( NEGOTIATE_FLAGS_COMMON_MIN | \
164 NTLMSSP_NEGOTIATE_VERSION | \
165 NTLMSSP_NEGOTIATE_128 | \
166 NTLMSSP_NEGOTIATE_56 | \
167 NTLMSSP_REQUEST_TARGET \
168 )
169
170 /* Extra negotiate flags required in connectionless NTLM */
171 #define NEGOTIATE_FLAGS_CONNLESS_EXTRA \
172 ( NTLMSSP_NEGOTIATE_SIGN | \
173 NTLMSSP_NEGOTIATE_DATAGRAM | \
174 NTLMSSP_NEGOTIATE_IDENTIFY | \
175 NTLMSSP_NEGOTIATE_KEY_EXCH \
176 )
177
178 /* Negotiate flags required in connectionless NTLM */
179 #define NEGOTIATE_FLAGS_CONNLESS \
180 ( NEGOTIATE_FLAGS_CONN | \
181 NEGOTIATE_FLAGS_CONNLESS_EXTRA \
182 )
183
184 #define NTLMSSP_LN_OR_NT_KEY_LEN 16
185 #define NTLMSSP_LM_RESP_LEN 24
186 #define NTLMSSP_SESSION_KEY_LEN 16
187
188 #define IS_FLAG(flags, flag) (((flags) & (flag)) == (flag))
189
190 /* 4 bytes */
191 /* LE (Little Endian) byte order */
192 struct av_pair {
193 guint16 av_id;
194 guint16 av_len;
195 /* value */
196 };
197
198 /* to meet sparc's alignment requirement */
199 #define ALIGN_AV \
200 memcpy(&av_aligned, av, sizeof(av_aligned)); \
201 av_id = GUINT16_FROM_LE(av_aligned.av_id); \
202 av_len = GUINT16_FROM_LE(av_aligned.av_len)
203 #define ALIGN_AV_LOOP_START \
204 struct av_pair av_aligned; \
205 guint16 av_id; \
206 guint16 av_len; \
207 ALIGN_AV; \
208 while (av_id != MsvAvEOL) { \
209 gchar *av_value = ((gchar *)av) + \
210 sizeof(struct av_pair); \
211 switch (av_id)
212 #define ALIGN_AV_LOOP_END \
213 av = av_value + av_len; \
214 ALIGN_AV; \
215 }
216
217 /* 8 bytes */
218 /* LE (Little Endian) byte order */
219 struct smb_header {
220 guint16 len;
221 guint16 maxlen;
222 guint32 offset;
223 };
224
225 /* LE (Little Endian) byte order */
226 struct ntlm_message {
227 guint8 protocol[8]; /* 'N', 'T', 'L', 'M', 'S', 'S', 'P', '\0'*/
228 guint32 type; /* 0x00000003 */
229 };
230
231 /* LE (Little Endian) byte order */
232 struct negotiate_message {
233 guint8 protocol[8]; /* 'N', 'T', 'L', 'M', 'S', 'S', 'P', '\0' */
234 guint32 type; /* 0x00000001 */
235 guint32 flags; /* 0xb203 */
236 struct smb_header domain;
237 struct smb_header host;
238 struct version ver;
239 /* payload
240 * - DomainName (always ASCII)
241 * - WorkstationName (always ASCII)
242 */
243 };
244
245 /* LE (Little Endian) byte order */
246 struct challenge_message {
247 guint8 protocol[8]; /* 'N', 'T', 'L', 'M', 'S', 'S', 'P', '\0'*/
248 guint32 type; /* 0x00000002 */
249 struct smb_header target_name;
250 guint32 flags; /* 0x8201 */
251 guint8 nonce[8];
252 guint8 zero1[8];
253 struct smb_header target_info;
254 struct version ver;
255 /* payload
256 * - TargetName (negotiated encoding)
257 * - TargetInfo (a sequence of AV_PAIR structures) (always Unicode)
258 */
259 };
260
261 /* LE (Little Endian) byte order */
262 struct authenticate_message {
263 guint8 protocol[8]; /* 'N', 'T', 'L', 'M', 'S', 'S', 'P', '\0'*/
264 guint32 type; /* 0x00000003 */
265 /** LmChallengeResponseFields */
266 struct smb_header lm_resp;
267 /** NtChallengeResponseFields */
268 struct smb_header nt_resp;
269 /** DomainNameFields */
270 struct smb_header domain;
271 /** UserNameFields */
272 struct smb_header user;
273 /** WorkstationFields */
274 struct smb_header host;
275 /** EncryptedRandomSessionKeyFields */
276 struct smb_header session_key;
277 guint32 flags;
278 struct version ver;
279 //guint8 mic[16];
280 /* payload
281 * - LmChallengeResponse
282 * - NtChallengeResponse
283 * - DomainName (negotiated encoding)
284 * - UserName (negotiated encoding)
285 * - Workstation (negotiated encoding)
286 * - EncryptedRandomSessionKey
287 */
288 };
289
290 #ifndef HAVE_LANGINFO_CODESET
291 static char SIPE_DEFAULT_CODESET[] = "ANSI_X3.4-1968";
292 #endif
293
294 /* Private Methods */
295
296 /* Utility Functions */
297 static GIConv convert_from_utf16le = (GIConv)-1;
298 static GIConv convert_to_utf16le = (GIConv)-1;
299
300 static gsize
301 unicode_strconvcopy(gchar *dest, const gchar *source, gsize remlen)
302 {
303 gsize inbytes = strlen(source);
304 gsize outbytes = remlen;
305 g_iconv(convert_to_utf16le, (gchar **)&source, &inbytes, &dest, &outbytes);
306 return(remlen - outbytes);
307 }
308
309 /* UTF-16LE to native encoding
310 * Must be g_free'd after use */
311 static gchar *
312 unicode_strconvcopy_back(const gchar *source, gsize len)
313 {
314 gsize outbytes = 2 * len;
315 gchar *dest = g_new0(gchar, outbytes + 1);
316 gchar *outbuf = dest;
317 g_iconv(convert_from_utf16le, (gchar **)&source, &len, &outbuf, &outbytes);
318 return dest;
319 }
320
321 /* crc32 source copy from gg's common.c */
322 static guint32 crc32_table[256];
323 static int crc32_initialized = 0;
324
325 static void crc32_make_table()
326 {
327 guint32 h = 1;
328 unsigned int i, j;
329
330 memset(crc32_table, 0, sizeof(crc32_table));
331
332 for (i = 128; i; i >>= 1) {
333 h = (h >> 1) ^ ((h & 1) ? 0xedb88320L : 0);
334
335 for (j = 0; j < 256; j += 2 * i)
336 crc32_table[i + j] = crc32_table[j] ^ h;
337 }
338
339 crc32_initialized = 1;
340 }
341
342 static guint32 crc32(guint32 crc, const guint8 *buf, int len)
343 {
344 if (!crc32_initialized)
345 crc32_make_table();
346
347 if (!buf || len < 0)
348 return crc;
349
350 crc ^= 0xffffffffL;
351
352 while (len--)
353 crc = (crc >> 8) ^ crc32_table[(crc ^ *buf++) & 0xff];
354
355 return crc ^ 0xffffffffL;
356 }
357
358 static guint32
359 CRC32 (const char *msg, int len)
360 {
361 guint32 crc = 0L;
362 crc = crc32(crc, (guint8 *) msg, len);
363 return crc;
364 }
365
366 /* Cyphers */
367
368 #ifdef _SIPE_COMPILING_TESTS
369 static void setup_des_key(const unsigned char key_56[], unsigned char *key)
370 {
371 key[0] = key_56[0];
372 key[1] = ((key_56[0] << 7) & 0xFF) | (key_56[1] >> 1);
373 key[2] = ((key_56[1] << 6) & 0xFF) | (key_56[2] >> 2);
374 key[3] = ((key_56[2] << 5) & 0xFF) | (key_56[3] >> 3);
375 key[4] = ((key_56[3] << 4) & 0xFF) | (key_56[4] >> 4);
376 key[5] = ((key_56[4] << 3) & 0xFF) | (key_56[5] >> 5);
377 key[6] = ((key_56[5] << 2) & 0xFF) | (key_56[6] >> 6);
378 key[7] = (key_56[6] << 1) & 0xFF;
379 }
380
381 /* (k = 7 byte key, d = 8 byte data) returns 8 bytes in results */
382 static void
383 DES (const unsigned char *k, const unsigned char *d, unsigned char * results)
384 {
385 unsigned char key[8];
386 setup_des_key(k, key);
387 sipe_crypt_des(key, d, 8, results);
388 }
389
390 /* (K = 21 byte key, D = 8 bytes of data) returns 24 bytes in results: */
391 static void
392 DESL (const unsigned char *k, const unsigned char *d, unsigned char * results)
393 {
394 unsigned char keys[21];
395
396 /* Copy the first 16 bytes */
397 memcpy(keys, k, 16);
398
399 /* Zero out the last 5 bytes of the key */
400 memset(keys + 16, 0, 5);
401
402 DES(keys, d, results);
403 DES(keys + 7, d, results + 8);
404 DES(keys + 14, d, results + 16);
405 }
406 #endif
407
408 #define RC4K(key, key_len, plain, plain_len, encrypted) \
409 sipe_crypt_rc4((key), (key_len), (plain), (plain_len), (encrypted))
410
411 /* out 16 bytes */
412 #define MD4(d, len, result) sipe_digest_md4((d), (len), (result))
413
414 /* out 16 bytes */
415 #define MD5(d, len, result) sipe_digest_md5((d), (len), (result))
416
417 /* out 16 bytes */
418 /*
419 static void
420 HMACT64 (const unsigned char *key, int key_len, const unsigned char *data, int data_len, unsigned char *result)
421 {
422 int i;
423 unsigned char ibuff[64 + data_len];
424 unsigned char obuff[64 + 16];
425
426 if (key_len > 64)
427 key_len = 64;
428
429 for (i = 0; i < key_len; i++) {
430 ibuff[i] = key[i] ^ 0x36;
431 obuff[i] = key[i] ^ 0x5c;
432 }
433 for (i = key_len; i < 64; i++) {
434 ibuff[i] = 0x36;
435 obuff[i] = 0x5c;
436 }
437
438 memcpy(ibuff+64, data, data_len);
439
440 MD5 (ibuff, 64 + data_len, obuff+64);
441 MD5 (obuff, 64 + 16, result);
442 }
443 #define HMAC_MD5 HMACT64
444 */
445
446 /* out 16 bytes */
447 #define HMAC_MD5(key, key_len, data, data_len, result) \
448 sipe_digest_hmac_md5((key), (key_len), (data), (data_len), (result))
449
450 /* NTLM Core Methods */
451
452 static void
453 NONCE(unsigned char *buffer, int num)
454 {
455 int i;
456 for (i = 0; i < num; i++) {
457 buffer[i] = (rand() & 0xff);
458 }
459 }
460
461 #ifdef _SIPE_COMPILING_TESTS
462 static void
463 Z(unsigned char *buffer, int num)
464 {
465 memset(buffer, 0, num);
466 }
467
468 static void
469 LMOWFv1 (const char *password, SIPE_UNUSED_PARAMETER const char *user, SIPE_UNUSED_PARAMETER const char *domain, unsigned char *result)
470 {
471 /* "KGS!@#$%" */
472 unsigned char magic[] = { 0x4B, 0x47, 0x53, 0x21, 0x40, 0x23, 0x24, 0x25 };
473 unsigned char uppercase_password[14];
474 int i;
475
476 int len = strlen(password);
477 if (len > 14) {
478 len = 14;
479 }
480
481 // Uppercase password
482 for (i = 0; i < len; i++) {
483 uppercase_password[i] = g_ascii_toupper(password[i]);
484 }
485
486 // Zero the rest
487 for (; i < 14; i++) {
488 uppercase_password[i] = 0;
489 }
490
491 DES (uppercase_password, magic, result);
492 DES (uppercase_password + 7, magic, result + 8);
493 }
494 #endif
495
496 /*
497 Define NTOWFv1(Passwd, User, UserDom) as
498 MD4(UNICODE(Passwd))
499 EndDefine
500 */
501 /* out 16 bytes */
502 static void
503 NTOWFv1 (const char* password, SIPE_UNUSED_PARAMETER const char *user, SIPE_UNUSED_PARAMETER const char *domain, unsigned char *result)
504 {
505 int len_u = 2 * strlen(password); // utf16 should not be more
506 unsigned char *unicode_password = g_malloc(len_u);
507
508 len_u = unicode_strconvcopy((gchar *)unicode_password, password, len_u);
509 MD4 (unicode_password, len_u, result);
510 g_free(unicode_password);
511 }
512
513 /*
514 Define NTOWFv2(Passwd, User, UserDom) as
515 HMAC_MD5( MD4(UNICODE(Passwd)), ConcatenationOf( Uppercase(User), UserDom ) )
516 EndDefine
517 */
518 /* out 16 bytes */
519 void
520 NTOWFv2 (const char* password, const char *user, const char *domain, unsigned char *result)
521 {
522 unsigned char response_key_nt_v1 [16];
523 int len_user = user ? strlen(user) : 0;
524 int len_domain = domain ? strlen(domain) : 0;
525 int len_user_u = 2 * len_user; // utf16 should not be more
526 int len_domain_u = 2 * len_domain; // utf16 should not be more
527 unsigned char *user_upper = g_malloc(len_user + 1);
528 unsigned char *buff = g_malloc((len_user + len_domain)*2);
529 int i;
530
531 /* Uppercase user */
532 for (i = 0; i < len_user; i++) {
533 user_upper[i] = g_ascii_toupper(user[i]);
534 }
535 user_upper[len_user] = 0;
536
537 len_user_u = unicode_strconvcopy((gchar *)buff, (gchar *)user_upper, len_user_u);
538 len_domain_u = unicode_strconvcopy((gchar *)(buff+len_user_u), domain ? (gchar *)domain : "", len_domain_u);
539
540 NTOWFv1(password, user, domain, response_key_nt_v1);
541
542 HMAC_MD5(response_key_nt_v1, 16, buff, len_user_u + len_domain_u, result);
543
544 g_free(buff);
545 g_free(user_upper);
546 }
547
548 static void
549 compute_response(const guint32 neg_flags,
550 const unsigned char *response_key_nt,
551 const unsigned char *response_key_lm,
552 const guint8 *server_challenge,
553 const guint8 *client_challenge,
554 const guint64 time_val,
555 const guint8 *target_info,
556 int target_info_len,
557 unsigned char *lm_challenge_response,
558 unsigned char *nt_challenge_response,
559 unsigned char *session_base_key)
560 {
561 #ifdef _SIPE_COMPILING_TESTS
562 if (use_ntlm_v2)
563 {
564 #endif
565 /*
566 Responserversion - The 1-byte response version. Currently set to 1.
567 HiResponserversion - The 1-byte highest response version understood by the client. Currently set to 1.
568 Time - The 8-byte little-endian time in GMT.
569 ServerName - The TargetInfo field structure of the CHALLENGE_MESSAGE payload.
570 ClientChallenge - The 8-byte challenge message generated by the client.
571 CHALLENGE_MESSAGE.ServerChallenge - The 8-byte challenge message generated by the server.
572
573 Define ComputeResponse(NegFlg, ResponseKeyNT, ResponseKeyLM, CHALLENGE_MESSAGE.ServerChallenge, ClientChallenge, Time, ServerName) as
574 Set temp to ConcatenationOf(Responserversion, HiResponserversion, Z(6), //8bytes - 0
575 Time, //8bytes - 8
576 ClientChallenge, //8bytes - 16
577 Z(4), //4bytes - 24
578 ServerName, //variable - 28
579 Z(4)) //4bytes - 28+target_info_len
580 Set NTProofStr to HMAC_MD5(ResponseKeyNT, ConcatenationOf(CHALLENGE_MESSAGE.ServerChallenge,temp))
581 Set NtChallengeResponse to ConcatenationOf(NTProofStr, temp)
582 Set LmChallengeResponse to ConcatenationOf(
583 HMAC_MD5(ResponseKeyLM, ConcatenationOf(CHALLENGE_MESSAGE.ServerChallenge, ClientChallenge)),
584 ClientChallenge )
585 Set SessionBaseKey to HMAC_MD5(ResponseKeyNT, NTProofStr)
586 EndDefine
587 */
588 guint8 tmp [16];
589 guint8 nt_proof_str [16];
590
591 /* client_challenge (8) & temp (temp_len) buff */
592 int temp_len = 8+8+8+4+target_info_len+4;
593 guint8 *temp2 = g_malloc(8 + temp_len);
594 memset(temp2, 0, 8 + temp_len); /* init to 0 */
595 temp2[8+0] = 1;
596 temp2[8+1] = 1;
597 *((guint64 *)(temp2+8+8)) = GUINT64_TO_LE(time_val); /* should be int64 aligned: OK for sparc */
598 memcpy(temp2+8+16, client_challenge, 8);
599 memcpy(temp2+8+28, target_info, target_info_len);
600
601 /* NTProofStr */
602 //Set NTProofStr to HMAC_MD5(ResponseKeyNT, ConcatenationOf(CHALLENGE_MESSAGE.ServerChallenge,temp))
603 memcpy(temp2, server_challenge, 8);
604 HMAC_MD5(response_key_nt, 16, temp2, 8+temp_len, nt_proof_str);
605
606 /* NtChallengeResponse */
607 //Set NtChallengeResponse to ConcatenationOf(NTProofStr, temp)
608 memcpy(nt_challenge_response, nt_proof_str, 16);
609 memcpy(nt_challenge_response+16, temp2+8, temp_len);
610
611 /* SessionBaseKey */
612 //SessionBaseKey to HMAC_MD5(ResponseKeyNT, NTProofStr)
613 HMAC_MD5(response_key_nt, 16, nt_proof_str, 16, session_base_key);
614
615 /* lm_challenge_response */
616 memcpy(tmp, server_challenge, 8);
617 memcpy(tmp+8, client_challenge, 8);
618 HMAC_MD5(response_key_lm, 16, tmp, 16, lm_challenge_response);
619 memcpy(lm_challenge_response+16, client_challenge, 8);
620
621 g_free(temp2);
622
623 #ifndef _SIPE_COMPILING_TESTS
624 /* Not used in NTLMv2 */
625 (void)neg_flags;
626 #else
627 }
628 else
629 {
630 if (IS_FLAG(neg_flags, NTLMSSP_NEGOTIATE_LM_KEY)) {
631 // @TODO do not even reference nt_challenge_response
632 Z (nt_challenge_response, NTLMSSP_LM_RESP_LEN);
633 DESL (response_key_lm, server_challenge, lm_challenge_response);
634 } else if (IS_FLAG(neg_flags, NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY)) {
635 unsigned char prehash [16];
636 unsigned char hash [16];
637
638 /* nt_challenge_response */
639 memcpy(prehash, server_challenge, 8);
640 memcpy(prehash + 8, client_challenge, 8);
641 MD5 (prehash, 16, hash);
642 DESL (response_key_nt, hash, nt_challenge_response);
643
644 /* lm_challenge_response */
645 memcpy(lm_challenge_response, client_challenge, 8);
646 Z (lm_challenge_response+8, 16);
647 } else {
648 DESL (response_key_nt, server_challenge, nt_challenge_response);
649 if (IS_FLAG(neg_flags, NTLMSSP_NEGOTIATE_NT_ONLY)) {
650 memcpy(lm_challenge_response, nt_challenge_response, NTLMSSP_LM_RESP_LEN);
651 } else {
652 DESL (response_key_lm, server_challenge, lm_challenge_response);
653 }
654 }
655
656 /* Session Key */
657 MD4(response_key_nt, 16, session_base_key); // "User Session Key" -> "master key"
658 }
659 #endif
660 }
661
662 static void
663 KXKEY ( guint32 flags,
664 const unsigned char * session_base_key,
665 const unsigned char * lm_challenge_resonse,
666 const guint8 * server_challenge, /* 8-bytes, nonce */
667 unsigned char * key_exchange_key)
668 {
669 #ifdef _SIPE_COMPILING_TESTS
670 if (use_ntlm_v2)
671 {
672 #else
673 /* Not used in NTLMv2 */
674 (void)flags;
675 (void)lm_challenge_resonse;
676 (void)server_challenge;
677 #endif
678 memcpy(key_exchange_key, session_base_key, 16);
679 #ifdef _SIPE_COMPILING_TESTS
680 }
681 else
682 {
683 if (IS_FLAG(flags, NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY)) {
684 /* Define KXKEY(SessionBaseKey, LmChallengeResponse, ServerChallenge) as
685 Set KeyExchangeKey to HMAC_MD5(SessionBaseKey, ConcatenationOf(ServerChallenge, LmChallengeResponse [0..7]))
686 EndDefine
687 */
688 guint8 tmp[16];
689 memcpy(tmp, server_challenge, 8);
690 memcpy(tmp+8, lm_challenge_resonse, 8);
691 HMAC_MD5(session_base_key, 16, tmp, 16, key_exchange_key);
692 } else {
693 /* Assume v1 and NTLMSSP_REQUEST_NON_NT_SESSION_KEY not set */
694 memcpy(key_exchange_key, session_base_key, 16);
695 }
696 }
697 #endif
698 }
699
700 /*
701 If (Mode equals "Client")
702 Set SignKey to MD5(ConcatenationOf(RandomSessionKey,
703 "session key to client-to-server signing key magic constant"))
704 Else
705 Set SignKey to MD5(ConcatenationOf(RandomSessionKey,
706 "session key to server-to-client signing key magic constant"))
707 Endif
708 */
709 static void
710 SIGNKEY (const unsigned char * random_session_key, gboolean client, unsigned char * result)
711 {
712 char * magic = client
713 ? "session key to client-to-server signing key magic constant"
714 : "session key to server-to-client signing key magic constant";
715
716 int len = strlen(magic) + 1;
717 unsigned char *md5_input = g_malloc(16 + len);
718 memcpy(md5_input, random_session_key, 16);
719 memcpy(md5_input + 16, magic, len);
720
721 MD5 (md5_input, len + 16, result);
722 g_free(md5_input);
723 }
724
725 /*
726 Define SEALKEY(NegotiateFlags, RandomSessionKey, Mode) as
727 If (NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY flag is set in NegFlg)
728 If ( NTLMSSP_NEGOTIATE_128 is set in NegFlg)
729 Set SealKey to RandomSessionKey
730 ElseIf ( NTLMSSP_NEGOTIATE_56 flag is set in NegFlg)
731 Set SealKey to RandomSessionKey[0..6]
732 Else
733 Set SealKey to RandomSessionKey[0..4]
734 Endif
735
736 If (Mode equals "Client")
737 Set SealKey to MD5(ConcatenationOf(SealKey, "session key to client-to-server sealing key magic constant"))
738 Else
739 Set SealKey to MD5(ConcatenationOf(SealKey, "session key to server-to-client sealing key magic constant"))
740 Endif
741
742 ElseIf (NTLMSSP_NEGOTIATE_56 flag is set in NegFlg)
743 Set SealKey to ConcatenationOf(RandomSessionKey[0..6], 0xA0)
744 Else
745 Set SealKey to ConcatenationOf(RandomSessionKey[0..4], 0xE5, 0x38, 0xB0)
746 Endif
747 EndDefine
748 */
749 /* out 16 bytes or 8 bytes depending if Ext.Sess.Sec is negotiated */
750 static void
751 SEALKEY (guint32 flags, const unsigned char * random_session_key, gboolean client, unsigned char * result)
752 {
753 if (IS_FLAG(flags, NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY))
754 {
755 char * magic = client
756 ? "session key to client-to-server sealing key magic constant"
757 : "session key to server-to-client sealing key magic constant";
758
759 int len = strlen(magic) + 1;
760 unsigned char *md5_input = g_malloc(16 + len);
761 int key_len;
762
763 if (IS_FLAG(flags, NTLMSSP_NEGOTIATE_128)) {
764 SIPE_DEBUG_INFO_NOFORMAT("NTLM SEALKEY(): 128-bit key (Extended session security)");
765 key_len = 16;
766 } else if (IS_FLAG(flags, NTLMSSP_NEGOTIATE_56)) {
767 SIPE_DEBUG_INFO_NOFORMAT("NTLM SEALKEY(): 56-bit key (Extended session security)");
768 key_len = 7;
769 } else {
770 SIPE_DEBUG_INFO_NOFORMAT("NTLM SEALKEY(): 40-bit key (Extended session security)");
771 key_len = 5;
772 }
773
774 memcpy(md5_input, random_session_key, key_len);
775 memcpy(md5_input + key_len, magic, len);
776
777 MD5 (md5_input, key_len + len, result);
778 g_free(md5_input);
779 }
780 else if (IS_FLAG(flags, NTLMSSP_NEGOTIATE_LM_KEY)) /* http://davenport.sourceforge.net/ntlm.html#ntlm1KeyWeakening */
781 {
782 if (IS_FLAG(flags, NTLMSSP_NEGOTIATE_56)) {
783 SIPE_DEBUG_INFO_NOFORMAT("NTLM SEALKEY(): 56-bit key");
784 memcpy(result, random_session_key, 7);
785 result[7] = 0xA0;
786 } else {
787 SIPE_DEBUG_INFO_NOFORMAT("NTLM SEALKEY(): 40-bit key");
788 memcpy(result, random_session_key, 5);
789 result[5] = 0xE5;
790 result[6] = 0x38;
791 result[7] = 0xB0;
792 }
793 }
794 else
795 {
796 SIPE_DEBUG_INFO_NOFORMAT("NTLM SEALKEY(): 128-bit key");
797 memcpy(result, random_session_key, 16);
798 }
799 }
800
801 /*
802 = for Extended Session Security =
803 Version (4 bytes): A 32-bit unsigned integer that contains the signature version. This field MUST be 0x00000001.
804 Checksum (8 bytes): An 8-byte array that contains the checksum for the message.
805 SeqNum (4 bytes): A 32-bit unsigned integer that contains the NTLM sequence number for this application message.
806
807 = if Extended Session Security is NOT negotiated =
808 Version (4 bytes): A 32-bit unsigned integer that contains the signature version. This field MUST be 0x00000001.
809 RandomPad (4 bytes): A 4-byte array that contains the random pad for the message.
810 Checksum (4 bytes): A 4-byte array that contains the checksum for the message.
811 SeqNum (4 bytes): A 32-bit unsigned integer that contains the NTLM sequence number for this application message.
812 ---
813 0x00000001, RC4K(RandomPad), RC4K(CRC32(Message)), RC4K(0x00000000) XOR (application supplied SeqNum) -- RC4(X) xor X xor Y = RC4(Y)
814
815 Version(4), Checksum(8), SeqNum(4) -- for ext.sess.sec.
816 Version(4), RandomPad(4), Checksum(4), SeqNum(4)
817 */
818 /** MAC(Handle, SigningKey, SeqNum, Message) */
819 /* out 16 bytes */
820 static void
821 MAC (guint32 flags,
822 const char *buf,
823 int buf_len,
824 unsigned char *sign_key,
825 unsigned long sign_key_len,
826 unsigned char *seal_key,
827 unsigned long seal_key_len,
828 guint32 random_pad,
829 guint32 sequence,
830 unsigned char *result)
831 {
832 guint32 *res_ptr;
833
834 if (IS_FLAG(flags, NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY)) {
835 /*
836 Define MAC(Handle, SigningKey, SeqNum, Message) as
837 Set NTLMSSP_MESSAGE_SIGNATURE.Version to 0x00000001
838 Set NTLMSSP_MESSAGE_SIGNATURE.Checksum to
839 HMAC_MD5(SigningKey, ConcatenationOf(SeqNum, Message))[0..7]
840 Set NTLMSSP_MESSAGE_SIGNATURE.SeqNum to SeqNum
841 Set SeqNum to SeqNum + 1
842 EndDefine
843 */
844 /* If a key exchange key is negotiated
845 Define MAC(Handle, SigningKey, SeqNum, Message) as
846 Set NTLMSSP_MESSAGE_SIGNATURE.Version to 0x00000001
847 Set NTLMSSP_MESSAGE_SIGNATURE.Checksum to RC4(Handle,
848 HMAC_MD5(SigningKey, ConcatenationOf(SeqNum, Message))[0..7])
849 Set NTLMSSP_MESSAGE_SIGNATURE.SeqNum to SeqNum
850 Set SeqNum to SeqNum + 1
851 EndDefine
852 */
853
854 unsigned char seal_key_ [16];
855 guchar hmac[16];
856 guchar *tmp = g_malloc(4 + buf_len);
857
858 /* SealingKey' = MD5(ConcatenationOf(SealingKey, SequenceNumber))
859 RC4Init(Handle, SealingKey')
860 */
861 if (IS_FLAG(flags, NTLMSSP_NEGOTIATE_DATAGRAM)) {
862 unsigned char tmp2 [16+4];
863
864 memcpy(tmp2, seal_key, seal_key_len);
865 *((guint32 *)(tmp2+16)) = GUINT32_TO_LE(sequence);
866 MD5 (tmp2, 16+4, seal_key_);
867 } else {
868 memcpy(seal_key_, seal_key, seal_key_len);
869 }
870
871 SIPE_DEBUG_INFO_NOFORMAT("NTLM MAC(): Extented Session Security");
872
873 res_ptr = (guint32 *)result;
874 res_ptr[0] = GUINT32_TO_LE(1); // 4 bytes
875 res_ptr[3] = GUINT32_TO_LE(sequence);
876
877 res_ptr = (guint32 *)tmp;
878 res_ptr[0] = GUINT32_TO_LE(sequence);
879 memcpy(tmp+4, buf, buf_len);
880
881 HMAC_MD5(sign_key, sign_key_len, tmp, 4 + buf_len, hmac);
882
883 if (IS_FLAG(flags, NTLMSSP_NEGOTIATE_KEY_EXCH)) {
884 SIPE_DEBUG_INFO_NOFORMAT("NTLM MAC(): Key Exchange");
885 RC4K(seal_key_, seal_key_len, hmac, 8, result+4);
886 } else {
887 SIPE_DEBUG_INFO_NOFORMAT("NTLM MAC(): *NO* Key Exchange");
888 memcpy(result+4, hmac, 8);
889 }
890 g_free(tmp);
891 } else {
892 /* The content of the first 4 bytes is irrelevant */
893 guint32 crc = CRC32(buf, strlen(buf));
894 guint32 plaintext [] = {
895 GUINT32_TO_LE(0),
896 GUINT32_TO_LE(crc),
897 GUINT32_TO_LE(sequence)
898 }; // 4, 4, 4 bytes
899
900 SIPE_DEBUG_INFO_NOFORMAT("NTLM MAC(): *NO* Extented Session Security");
901
902 RC4K(seal_key, seal_key_len, (const guchar *)plaintext, 12, result+4);
903
904 res_ptr = (guint32 *)result;
905 // Highest four bytes are the Version
906 res_ptr[0] = GUINT32_TO_LE(0x00000001); // 4 bytes
907
908 // Replace the first four bytes of the ciphertext with the random_pad
909 res_ptr[1] = GUINT32_TO_LE(random_pad); // 4 bytes
910 }
911 }
912
913 /* End Core NTLM Methods */
914
915 /**
916 * @param flags (out) flags received from server
917 * @param server_challenge must be g_free()'d after use if requested
918 * @param target_info must be g_free()'d after use if requested
919 */
920 static void
921 sip_sec_ntlm_parse_challenge(SipSecBuffer in_buff,
922 guint32 *flags,
923 guchar **server_challenge, /* 8 bytes */
924 guint64 *time_val,
925 guchar **target_info,
926 int *target_info_len)
927 {
928 struct challenge_message *cmsg = (struct challenge_message*)in_buff.value;
929 guint32 host_flags = GUINT32_FROM_LE(cmsg->flags);
930
931 /* server challenge (nonce) */
932 if (server_challenge) {
933 *server_challenge = g_memdup(cmsg->nonce, 8);
934 }
935
936 /* flags */
937 if (flags) {
938 *flags = host_flags;
939 }
940
941 /* target_info */
942 if (cmsg->target_info.len && cmsg->target_info.offset) {
943 void *content = (gchar *)cmsg + GUINT32_FROM_LE(cmsg->target_info.offset);
944 void *av = content;
945 guint16 len = GUINT16_FROM_LE(cmsg->target_info.len);
946
947 ALIGN_AV_LOOP_START
948 {
949 /* @since Vista */
950 case MsvAvTimestamp:
951 if (time_val) {
952 guint64 tmp;
953
954 /* to meet sparc's alignment requirement */
955 memcpy(&tmp, av_value, sizeof(tmp));
956 *time_val = GUINT64_FROM_LE(tmp);
957 }
958 break;
959 }
960 ALIGN_AV_LOOP_END;
961
962 if (target_info_len) {
963 *target_info_len = len;
964 }
965 if (target_info) {
966 *target_info = g_memdup(content, len);
967 }
968 }
969 }
970
971 /**
972 * @param client_sign_key (out) must be g_free()'d after use
973 * @param server_sign_key (out) must be g_free()'d after use
974 * @param client_seal_key (out) must be g_free()'d after use
975 * @param server_seal_key (out) must be g_free()'d after use
976 * @param flags (in, out) negotiated flags
977 */
978 static sip_uint32
979 sip_sec_ntlm_gen_authenticate(guchar **client_sign_key,
980 guchar **server_sign_key,
981 guchar **client_seal_key,
982 guchar **server_seal_key,
983 const gchar *user,
984 const gchar *password,
985 const gchar *hostname,
986 const gchar *domain,
987 const guint8 *server_challenge, /* nonce */
988 const guint64 time_val,
989 const guint8 *target_info,
990 int target_info_len,
991 gboolean is_connection_based,
992 SipSecBuffer *out_buff,
993 guint32 *flags)
994 {
995 guint32 orig_flags = is_connection_based ? NEGOTIATE_FLAGS_CONN : NEGOTIATE_FLAGS_CONNLESS;
996 guint32 neg_flags = (*flags & orig_flags) | NTLMSSP_REQUEST_TARGET;
997 int ntlmssp_nt_resp_len =
998 #ifdef _SIPE_COMPILING_TESTS
999 use_ntlm_v2 ?
1000 #endif
1001 (16 + (32+target_info_len))
1002 #ifdef _SIPE_COMPILING_TESTS
1003 : NTLMSSP_LM_RESP_LEN
1004 #endif
1005 ;
1006 gsize msglen = sizeof(struct authenticate_message)
1007 + 2*(strlen(domain) + strlen(user)+ strlen(hostname))
1008 + NTLMSSP_LM_RESP_LEN + ntlmssp_nt_resp_len
1009 + (IS_FLAG(neg_flags, NTLMSSP_NEGOTIATE_KEY_EXCH) ? NTLMSSP_SESSION_KEY_LEN : 0);
1010 struct authenticate_message *tmsg;
1011 char *tmp;
1012 guint32 offset;
1013 guint16 len;
1014 unsigned char response_key_lm [NTLMSSP_LN_OR_NT_KEY_LEN]; /* 16 */
1015 unsigned char response_key_nt [NTLMSSP_LN_OR_NT_KEY_LEN]; /* 16 */
1016 unsigned char lm_challenge_response [NTLMSSP_LM_RESP_LEN]; /* 24 */
1017 unsigned char *nt_challenge_response = g_malloc(ntlmssp_nt_resp_len); /* variable or 24 */
1018 unsigned char session_base_key [16];
1019 unsigned char key_exchange_key [16];
1020 unsigned char exported_session_key[16];
1021 unsigned char encrypted_random_session_key [16];
1022 unsigned char key [16];
1023 unsigned char client_challenge [8];
1024 guint64 time_vl = time_val ? time_val : TIME_T_TO_VAL(time(NULL));
1025
1026 if (!IS_FLAG(*flags, NEGOTIATE_FLAGS_COMMON_MIN) ||
1027 !(is_connection_based || IS_FLAG(*flags, NEGOTIATE_FLAGS_CONNLESS_EXTRA)))
1028 {
1029 SIPE_DEBUG_INFO_NOFORMAT("sip_sec_ntlm_gen_authenticate: received incompatible NTLM NegotiateFlags, exiting.");
1030 return SIP_SEC_E_INTERNAL_ERROR;
1031 }
1032
1033 if (IS_FLAG(neg_flags, NTLMSSP_NEGOTIATE_128)) {
1034 neg_flags = neg_flags & ~NTLMSSP_NEGOTIATE_56;
1035 }
1036
1037 tmsg = g_malloc0(msglen);
1038
1039 NONCE (client_challenge, 8);
1040
1041 #ifdef _SIPE_COMPILING_TESTS
1042 memcpy(client_challenge, test_client_challenge, 8);
1043 time_vl = test_time_val ? test_time_val : time_vl;
1044
1045 if (use_ntlm_v2) {
1046
1047 #endif
1048 NTOWFv2 (password, user, domain, response_key_nt);
1049 memcpy(response_key_lm, response_key_nt, NTLMSSP_LN_OR_NT_KEY_LEN);
1050 #ifdef _SIPE_COMPILING_TESTS
1051 } else {
1052 NTOWFv1 (password, user, domain, response_key_nt);
1053 LMOWFv1 (password, user, domain, response_key_lm);
1054 }
1055 #endif
1056
1057 compute_response(neg_flags,
1058 response_key_nt,
1059 response_key_lm,
1060 server_challenge,
1061 client_challenge,
1062 time_vl,
1063 target_info,
1064 target_info_len,
1065 lm_challenge_response, /* out */
1066 nt_challenge_response, /* out */
1067 session_base_key); /* out */
1068
1069 /* same as session_base_key for
1070 * - NTLNv1 w/o Ext.Sess.Sec and
1071 * - NTLMv2
1072 */
1073 KXKEY(neg_flags, session_base_key, lm_challenge_response, server_challenge, key_exchange_key);
1074
1075 if (IS_FLAG(neg_flags, NTLMSSP_NEGOTIATE_KEY_EXCH)) {
1076 NONCE (exported_session_key, 16); // random master key
1077 #ifdef _SIPE_COMPILING_TESTS
1078 memcpy(exported_session_key, test_random_session_key, 16);
1079 #endif
1080 RC4K (key_exchange_key, 16, exported_session_key, 16, encrypted_random_session_key);
1081 } else {
1082 memcpy(exported_session_key, key_exchange_key, 16);
1083 }
1084
1085 tmp = buff_to_hex_str(exported_session_key, 16);
1086 SIPE_DEBUG_INFO("NTLM AUTHENTICATE: exported session key (not encrypted): %s", tmp);
1087 g_free(tmp);
1088
1089 if (IS_FLAG(neg_flags, NTLMSSP_NEGOTIATE_SIGN) ||
1090 IS_FLAG(neg_flags, NTLMSSP_NEGOTIATE_SEAL))
1091 {
1092 /* p.46
1093 Set ClientSigningKey to SIGNKEY(ExportedSessionKey, "Client")
1094 Set ServerSigningKey to SIGNKEY(ExportedSessionKey, "Server")
1095 */
1096 SIGNKEY(exported_session_key, TRUE, key);
1097 *client_sign_key = g_memdup(key, 16);
1098 SIGNKEY(exported_session_key, FALSE, key);
1099 *server_sign_key = g_memdup(key, 16);
1100 SEALKEY(neg_flags, exported_session_key, TRUE, key);
1101 *client_seal_key = g_memdup(key, 16);
1102 SEALKEY(neg_flags, exported_session_key, FALSE, key);
1103 *server_seal_key = g_memdup(key, 16);
1104 }
1105
1106 /* @TODO: */
1107 /* @since Vista
1108 If the CHALLENGE_MESSAGE TargetInfo field (section 2.2.1.2) has an MsvAvTimestamp present,
1109 the client SHOULD provide a MIC:
1110 - If there is an AV_PAIR structure (section 2.2.2.1) with the AvId field set to MsvAvFlags,
1111 - then in the Value field, set bit 0x2 to 1.
1112 - else add an AV_PAIR structure (section 2.2.2.1) and set the AvId field to MsvAvFlags
1113 and the Value field bit 0x2 to 1.
1114 - Populate the MIC field with the MIC.
1115 */
1116
1117 /* Connection-oriented:
1118 Set MIC to HMAC_MD5(ExportedSessionKey,
1119 ConcatenationOf( NEGOTIATE_MESSAGE, CHALLENGE_MESSAGE, AUTHENTICATE_MESSAGE_MIC0));
1120 Connectionless:
1121 Set MIC to HMAC_MD5(ExportedSessionKey,
1122 ConcatenationOf( CHALLENGE_MESSAGE, AUTHENTICATE_MESSAGE))
1123 */
1124
1125 /* on the server-side:
1126 If (NTLMSSP_NEGOTIATE_KEY_EXCH flag is set in NegFlg )
1127 Set ExportedSessionKey to RC4K(KeyExchangeKey, AUTHENTICATE_MESSAGE.EncryptedRandomSessionKey)
1128 Set MIC to HMAC_MD5(ExportedSessionKey,
1129 ConcatenationOf( NEGOTIATE_MESSAGE, CHALLENGE_MESSAGE, AUTHENTICATE_MESSAGE_MIC0))
1130 Else
1131 Set ExportedSessionKey to KeyExchangeKey
1132 Set MIC to HMAC_MD5(KeyExchangeKey,
1133 ConcatenationOf( NEGOTIATE_MESSAGE, CHALLENGE_MESSAGE, AUTHENTICATE_MESSAGE_MIC0)) EndIf
1134 =====
1135 @since Vista
1136 If the AUTHENTICATE_MESSAGE indicates the presence of a MIC field,
1137 then the MIC value computed earlier MUST be compared to the MIC field in the message,
1138 and if the two MIC values are not equal, then an authentication failure MUST be returned.
1139 An AUTHENTICATE_MESSAGE indicates the presence of a MIC field if the TargetInfo field has
1140 an AV_PAIR structure whose two fields:
1141 - AvId == MsvAvFlags
1142 - Value bit 0x2 == 1
1143 @supported NT, 2000, XP
1144 If NTLM v2 authentication is used and the AUTHENTICATE_MESSAGE.NtChallengeResponse.
1145 TimeStamp (section 2.2.2.7) is more than MaxLifetime (section 3.1.1.1) difference from
1146 the server time, then the server SHOULD return a failure.
1147 ===
1148 Connectionless:
1149 Set MIC to HMAC_MD5(ResponseKeyNT,
1150 ConcatenationOf( CHALLENGE_MESSAGE, AUTHENTICATE_MESSAGE_MIC0))
1151 */
1152
1153 /* authenticate message initialization */
1154 memcpy(tmsg->protocol, "NTLMSSP\0", 8);
1155 tmsg->type = GUINT32_TO_LE(3);
1156
1157 /* Initial offset */
1158 offset = sizeof(struct authenticate_message);
1159 tmp = ((char*) tmsg) + offset;
1160
1161 #define _FILL_SMB_HEADER(header) \
1162 tmsg->header.offset = GUINT32_TO_LE(offset); \
1163 tmsg->header.len = tmsg->header.maxlen = GUINT16_TO_LE(len); \
1164 tmp += len; \
1165 offset += len
1166 #define _APPEND_STRING(header, src) \
1167 len = unicode_strconvcopy(tmp, (src), msglen - offset); \
1168 _FILL_SMB_HEADER(header)
1169 #define _APPEND_DATA(header, src, srclen) \
1170 len = (srclen); \
1171 memcpy(tmp, (src), len); \
1172 _FILL_SMB_HEADER(header)
1173
1174 /* Domain */
1175 _APPEND_STRING(domain, domain);
1176
1177 /* User */
1178 _APPEND_STRING(user, user);
1179
1180 /* Host */
1181 _APPEND_STRING(host, hostname);
1182
1183 /* LM */
1184 /* @since Windows 7
1185 If NTLM v2 authentication is used and the CHALLENGE_MESSAGE contains a TargetInfo field,
1186 the client SHOULD NOT send the LmChallengeResponse and SHOULD set the LmChallengeResponseLen
1187 and LmChallengeResponseMaxLen fields in the AUTHENTICATE_MESSAGE to zero.
1188 */
1189 _APPEND_DATA(lm_resp, lm_challenge_response, NTLMSSP_LM_RESP_LEN);
1190
1191 /* NT */
1192 _APPEND_DATA(nt_resp, nt_challenge_response, ntlmssp_nt_resp_len);
1193
1194 /* Session Key */
1195 if (IS_FLAG(neg_flags, NTLMSSP_NEGOTIATE_KEY_EXCH))
1196 {
1197 _APPEND_DATA(session_key, encrypted_random_session_key, NTLMSSP_SESSION_KEY_LEN);
1198 }
1199 else
1200 {
1201 tmsg->session_key.offset = GUINT32_TO_LE(offset);
1202 tmsg->session_key.len = tmsg->session_key.maxlen = 0;
1203 }
1204
1205 /* Version */
1206 #ifdef _SIPE_COMPILING_TESTS
1207 memcpy(&(tmsg->ver), &test_version, sizeof(struct version));
1208 #else
1209 if (IS_FLAG(neg_flags, NTLMSSP_NEGOTIATE_VERSION)) {
1210 tmsg->ver.product_major_version = 5; /* 5.1.2600 (Windows XP SP2) */
1211 tmsg->ver.product_minor_version = 1;
1212 tmsg->ver.product_build = GUINT16_FROM_LE(2600);
1213 tmsg->ver.ntlm_revision_current = 0x0F; /* NTLMSSP_REVISION_W2K3 */
1214 }
1215 #endif
1216
1217 /* Set Negotiate Flags */
1218 tmsg->flags = GUINT32_TO_LE(neg_flags);
1219 *flags = neg_flags;
1220
1221 out_buff->value = (guint8 *)tmsg;
1222 out_buff->length = msglen;
1223
1224 g_free(nt_challenge_response);
1225
1226 return SIP_SEC_E_OK;
1227 }
1228
1229 /**
1230 * Generates Type 1 (Negotiate) message for connection-oriented cases (only)
1231 */
1232 static void
1233 sip_sec_ntlm_gen_negotiate(SipSecBuffer *out_buff)
1234 {
1235 guint32 offset;
1236 guint16 len;
1237 int msglen = sizeof(struct negotiate_message);
1238 struct negotiate_message *tmsg = g_malloc0(msglen);
1239
1240 /* negotiate message initialization */
1241 memcpy(tmsg->protocol, "NTLMSSP\0", 8);
1242 tmsg->type = GUINT32_TO_LE(1);
1243
1244 /* Set Negotiate Flags */
1245 tmsg->flags = GUINT32_TO_LE(NEGOTIATE_FLAGS_CONN);
1246
1247 /* Domain */
1248 offset = sizeof(struct negotiate_message);
1249 tmsg->domain.offset = GUINT32_TO_LE(offset);
1250 tmsg->domain.len = tmsg->domain.maxlen = len = 0;
1251
1252 /* Host */
1253 offset += len;
1254 tmsg->host.offset = GUINT32_TO_LE(offset);
1255 tmsg->host.len = tmsg->host.maxlen = len = 0;
1256
1257 /* Version */
1258 tmsg->ver.product_major_version = 5; /* 5.1.2600 (Windows XP SP2) */
1259 tmsg->ver.product_minor_version = 1;
1260 tmsg->ver.product_build = GUINT16_FROM_LE(2600);
1261 tmsg->ver.ntlm_revision_current = 0x0F; /* NTLMSSP_REVISION_W2K3 */
1262
1263 out_buff->value = (guint8 *)tmsg;
1264 out_buff->length = msglen;
1265 }
1266
1267 static void
1268 sip_sec_ntlm_sipe_signature_make(guint32 flags,
1269 const char *msg,
1270 guint32 random_pad,
1271 unsigned char *sign_key,
1272 unsigned char *seal_key,
1273 unsigned char *result)
1274 {
1275 char *res;
1276
1277 MAC(flags, msg,strlen(msg), sign_key,16, seal_key,16, random_pad, 100, result);
1278
1279 res = buff_to_hex_str(result, 16);
1280 SIPE_DEBUG_INFO("NTLM calculated MAC: %s", res);
1281 g_free(res);
1282 }
1283
1284
1285 /* Describe NTLM messages functions */
1286
1287 #define APPEND_NEG_FLAG(str, flags, flag, desc) \
1288 if ((flags & flag) == flag) g_string_append_printf(str, "\t%s\n", desc);
1289
1290 static gchar *
1291 sip_sec_ntlm_negotiate_flags_describe(guint32 flags)
1292 {
1293 GString* str = g_string_new(NULL);
1294
1295 flags = GUINT32_FROM_LE(flags);
1296
1297 APPEND_NEG_FLAG(str, flags, NTLMSSP_NEGOTIATE_UNICODE, "NTLMSSP_NEGOTIATE_UNICODE");
1298 APPEND_NEG_FLAG(str, flags, NTLMSSP_NEGOTIATE_OEM, "NTLMSSP_NEGOTIATE_OEM");
1299 APPEND_NEG_FLAG(str, flags, NTLMSSP_REQUEST_TARGET, "NTLMSSP_REQUEST_TARGET");
1300 APPEND_NEG_FLAG(str, flags, r9, "r9");
1301 APPEND_NEG_FLAG(str, flags, NTLMSSP_NEGOTIATE_SIGN, "NTLMSSP_NEGOTIATE_SIGN");
1302 APPEND_NEG_FLAG(str, flags, NTLMSSP_NEGOTIATE_SEAL, "NTLMSSP_NEGOTIATE_SEAL");
1303 APPEND_NEG_FLAG(str, flags, NTLMSSP_NEGOTIATE_DATAGRAM, "NTLMSSP_NEGOTIATE_DATAGRAM");
1304 APPEND_NEG_FLAG(str, flags, NTLMSSP_NEGOTIATE_LM_KEY, "NTLMSSP_NEGOTIATE_LM_KEY");
1305 APPEND_NEG_FLAG(str, flags, r8, "r8");
1306 APPEND_NEG_FLAG(str, flags, NTLMSSP_NEGOTIATE_NTLM, "NTLMSSP_NEGOTIATE_NTLM");
1307 APPEND_NEG_FLAG(str, flags, NTLMSSP_NEGOTIATE_NT_ONLY, "NTLMSSP_NEGOTIATE_NT_ONLY");
1308 APPEND_NEG_FLAG(str, flags, anonymous, "anonymous");
1309 APPEND_NEG_FLAG(str, flags, NTLMSSP_NEGOTIATE_OEM_DOMAIN_SUPPLIED, "NTLMSSP_NEGOTIATE_OEM_DOMAIN_SUPPLIED");
1310 APPEND_NEG_FLAG(str, flags, NTLMSSP_NEGOTIATE_OEM_WORKSTATION_SUPPLIED, "NTLMSSP_NEGOTIATE_OEM_WORKSTATION_SUPPLIED");
1311 APPEND_NEG_FLAG(str, flags, r7, "r7");
1312 APPEND_NEG_FLAG(str, flags, NTLMSSP_NEGOTIATE_ALWAYS_SIGN, "NTLMSSP_NEGOTIATE_ALWAYS_SIGN");
1313 APPEND_NEG_FLAG(str, flags, NTLMSSP_TARGET_TYPE_DOMAIN, "NTLMSSP_TARGET_TYPE_DOMAIN");
1314 APPEND_NEG_FLAG(str, flags, NTLMSSP_TARGET_TYPE_SERVER, "NTLMSSP_TARGET_TYPE_SERVER");
1315 APPEND_NEG_FLAG(str, flags, r6, "r6");
1316 APPEND_NEG_FLAG(str, flags, NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY, "NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY");
1317 APPEND_NEG_FLAG(str, flags, NTLMSSP_NEGOTIATE_IDENTIFY, "NTLMSSP_NEGOTIATE_IDENTIFY");
1318 APPEND_NEG_FLAG(str, flags, r5, "r5");
1319 APPEND_NEG_FLAG(str, flags, NTLMSSP_REQUEST_NON_NT_SESSION_KEY, "NTLMSSP_REQUEST_NON_NT_SESSION_KEY");
1320 APPEND_NEG_FLAG(str, flags, NTLMSSP_NEGOTIATE_TARGET_INFO, "NTLMSSP_NEGOTIATE_TARGET_INFO");
1321 APPEND_NEG_FLAG(str, flags, r4, "r4");
1322 APPEND_NEG_FLAG(str, flags, NTLMSSP_NEGOTIATE_VERSION, "NTLMSSP_NEGOTIATE_VERSION");
1323 APPEND_NEG_FLAG(str, flags, r3, "r3");
1324 APPEND_NEG_FLAG(str, flags, r2, "r2");
1325 APPEND_NEG_FLAG(str, flags, r1, "r1");
1326 APPEND_NEG_FLAG(str, flags, NTLMSSP_NEGOTIATE_128, "NTLMSSP_NEGOTIATE_128");
1327 APPEND_NEG_FLAG(str, flags, NTLMSSP_NEGOTIATE_KEY_EXCH, "NTLMSSP_NEGOTIATE_KEY_EXCH");
1328 APPEND_NEG_FLAG(str, flags, NTLMSSP_NEGOTIATE_56, "NTLMSSP_NEGOTIATE_56");
1329
1330 return g_string_free(str, FALSE);
1331 }
1332
1333 static gchar *
1334 sip_sec_ntlm_describe_version(struct version *ver) {
1335 GString* str = g_string_new(NULL);
1336 gchar *ver_desc = "";
1337 gchar *ntlm_revision_desc = "";
1338
1339 if (ver->product_major_version == 6) {
1340 ver_desc = "Windows Vista, Windows Server 2008, Windows 7 or Windows Server 2008 R2";
1341 } else if (ver->product_major_version == 5 && ver->product_minor_version == 2) {
1342 ver_desc = "Windows Server 2003";
1343 } else if (ver->product_major_version == 5 && ver->product_minor_version == 1) {
1344 ver_desc = "Windows XP SP2";
1345 }
1346
1347 if (ver->ntlm_revision_current == 0x0F) {
1348 ntlm_revision_desc = "NTLMSSP_REVISION_W2K3";
1349 } else if (ver->ntlm_revision_current == 0x0A) {
1350 ntlm_revision_desc = "NTLMSSP_REVISION_W2K3_RC1";
1351 }
1352
1353 g_string_append_printf(str, "\tproduct: %d.%d.%d (%s)\n",
1354 ver->product_major_version, ver->product_minor_version, ver->product_build, ver_desc);
1355 g_string_append_printf(str, "\tntlm_revision_current: 0x%02X (%s)\n", ver->ntlm_revision_current, ntlm_revision_desc);
1356
1357 return g_string_free(str, FALSE);
1358 }
1359
1360 static gchar *
1361 sip_sec_ntlm_describe_smb_header(struct smb_header *header,
1362 const char* name)
1363 {
1364 GString* str = g_string_new(NULL);
1365
1366 g_string_append_printf(str, "\t%s.len : %d\n", name, GUINT16_FROM_LE(header->len));
1367 g_string_append_printf(str, "\t%s.maxlen: %d\n", name, GUINT16_FROM_LE(header->maxlen));
1368 g_string_append_printf(str, "\t%s.offset: %d\n", name, GUINT32_FROM_LE(header->offset));
1369
1370 return g_string_free(str, FALSE);
1371 }
1372
1373 static gchar *
1374 sip_sec_ntlm_negotiate_message_describe(struct negotiate_message *cmsg)
1375 {
1376 GString* str = g_string_new(NULL);
1377 char *tmp;
1378
1379 g_string_append(str, (tmp = sip_sec_ntlm_negotiate_flags_describe(cmsg->flags)));
1380 g_free(tmp);
1381
1382 g_string_append(str, (tmp = sip_sec_ntlm_describe_smb_header(&(cmsg->domain), "domain")));
1383 g_free(tmp);
1384
1385 g_string_append(str, (tmp = sip_sec_ntlm_describe_smb_header(&(cmsg->host), "host")));
1386 g_free(tmp);
1387
1388 tmp = sip_sec_ntlm_describe_version(&(cmsg->ver));
1389 g_string_append(str, tmp);
1390 g_free(tmp);
1391
1392 if (cmsg->domain.len && cmsg->domain.offset) {
1393 gchar *domain = g_strndup(((gchar *)cmsg + GUINT32_FROM_LE(cmsg->domain.offset)), GUINT16_FROM_LE(cmsg->domain.len));
1394 g_string_append_printf(str, "\tdomain: %s\n", domain);
1395 g_free(domain);
1396 }
1397
1398 if (cmsg->host.len && cmsg->host.offset) {
1399 gchar *host = g_strndup(((gchar *)cmsg + GUINT32_FROM_LE(cmsg->host.offset)), GUINT16_FROM_LE(cmsg->host.len));
1400 g_string_append_printf(str, "\thost: %s\n", host);
1401 g_free(host);
1402 }
1403
1404 return g_string_free(str, FALSE);
1405 }
1406
1407 static void
1408 describe_av_pairs(GString* str, const void *av)
1409 {
1410 #define AV_DESC(av_name) \
1411 { \
1412 gchar *tmp = unicode_strconvcopy_back(av_value, av_len); \
1413 g_string_append_printf(str, "\t%s: %s\n", av_name, tmp); \
1414 g_free(tmp); \
1415 }
1416
1417 ALIGN_AV_LOOP_START
1418 {
1419 case MsvAvNbComputerName:
1420 AV_DESC("MsvAvNbComputerName");
1421 break;
1422 case MsvAvNbDomainName:
1423 AV_DESC("MsvAvNbDomainName");
1424 break;
1425 case MsvAvDnsComputerName:
1426 AV_DESC("MsvAvDnsComputerName");
1427 break;
1428 case MsvAvDnsDomainName:
1429 AV_DESC("MsvAvDnsDomainName");
1430 break;
1431 case MsvAvDnsTreeName:
1432 AV_DESC("MsvAvDnsTreeName");
1433 break;
1434 case MsvAvFlags:
1435 {
1436 guint32 flags;
1437
1438 /* to meet sparc's alignment requirement */
1439 memcpy(&flags, av_value, sizeof(guint32));
1440 g_string_append_printf(str, "\t%s: %d\n", "MsvAvFlags", GUINT32_FROM_LE(flags));
1441 }
1442 break;
1443 case MsvAvTimestamp:
1444 {
1445 char *tmp;
1446 guint64 time_val;
1447 time_t time_t_val;
1448
1449 /* to meet sparc's alignment requirement */
1450 memcpy(&time_val, av_value, sizeof(time_val));
1451 time_t_val = TIME_VAL_TO_T(time_val);
1452
1453 g_string_append_printf(str, "\t%s: %s - %s", "MsvAvTimestamp", (tmp = buff_to_hex_str((guint8 *) av_value, 8)),
1454 asctime(gmtime(&time_t_val)));
1455 g_free(tmp);
1456 }
1457 break;
1458 case MsAvRestrictions:
1459 g_string_append_printf(str, "\t%s\n", "MsAvRestrictions");
1460 break;
1461 case MsvAvTargetName:
1462 AV_DESC("MsvAvTargetName");
1463 break;
1464 case MsvChannelBindings:
1465 g_string_append_printf(str, "\t%s\n", "MsvChannelBindings");
1466 break;
1467 }
1468 ALIGN_AV_LOOP_END;
1469 }
1470
1471 static gchar *
1472 sip_sec_ntlm_authenticate_message_describe(struct authenticate_message *cmsg)
1473 {
1474 GString* str = g_string_new(NULL);
1475 char *tmp;
1476 gsize value_len;
1477 guint8 *value;
1478
1479 g_string_append(str, (tmp = sip_sec_ntlm_negotiate_flags_describe(cmsg->flags)));
1480 g_free(tmp);
1481
1482 g_string_append(str, (tmp = sip_sec_ntlm_describe_smb_header(&(cmsg->lm_resp), "lm_resp")));
1483 g_free(tmp);
1484
1485 g_string_append(str, (tmp = sip_sec_ntlm_describe_smb_header(&(cmsg->nt_resp), "nt_resp")));
1486 g_free(tmp);
1487
1488 g_string_append(str, (tmp = sip_sec_ntlm_describe_smb_header(&(cmsg->domain), "domain")));
1489 g_free(tmp);
1490
1491 g_string_append(str, (tmp = sip_sec_ntlm_describe_smb_header(&(cmsg->user), "user")));
1492 g_free(tmp);
1493
1494 g_string_append(str, (tmp = sip_sec_ntlm_describe_smb_header(&(cmsg->host), "host")));
1495 g_free(tmp);
1496
1497 g_string_append(str, (tmp = sip_sec_ntlm_describe_smb_header(&(cmsg->session_key), "session_key")));
1498 g_free(tmp);
1499
1500 tmp = sip_sec_ntlm_describe_version(&(cmsg->ver));
1501 g_string_append(str, tmp);
1502 g_free(tmp);
1503
1504 /* mic */
1505 //g_string_append_printf(str, "\t%s: %s\n", "mic", (tmp = buff_to_hex_str(cmsg->mic, 16)));
1506 //g_free(tmp);
1507
1508 if (cmsg->lm_resp.len && cmsg->lm_resp.offset) {
1509 value_len = GUINT16_FROM_LE(cmsg->lm_resp.len);
1510 value = (guint8 *)cmsg + GUINT32_FROM_LE(cmsg->lm_resp.offset);
1511 g_string_append_printf(str, "\t%s: %s\n", "lm_resp", (tmp = buff_to_hex_str(value, value_len)));
1512 g_free(tmp);
1513 }
1514
1515 if (cmsg->nt_resp.len && cmsg->nt_resp.offset) {
1516 guint16 nt_resp_len_full = GUINT16_FROM_LE(cmsg->nt_resp.len);
1517 int nt_resp_len = nt_resp_len_full;
1518
1519 value_len = nt_resp_len_full;
1520 value = (guint8 *)cmsg + GUINT32_FROM_LE(cmsg->nt_resp.offset);
1521 g_string_append_printf(str, "\t%s: %s\n", "nt_resp raw", (tmp = buff_to_hex_str(value, value_len)));
1522 g_free(tmp);
1523
1524 if (nt_resp_len > 24) { /* NTLMv2 */
1525 nt_resp_len = 16;
1526 }
1527
1528 value_len = nt_resp_len;
1529 value = (guint8 *)cmsg + GUINT32_FROM_LE(cmsg->nt_resp.offset);
1530 g_string_append_printf(str, "\t%s: %s\n", "nt_resp", (tmp = buff_to_hex_str(value, value_len)));
1531 g_free(tmp);
1532
1533 if (nt_resp_len_full > 24) { /* NTLMv2 */
1534 /* Work around Debian/x86_64 compiler bug */
1535 /* const guint8 *temp = (guint8 *)cmsg + GUINT32_FROM_LE(cmsg->nt_resp.offset) + 16; */
1536 const guint offset = GUINT32_FROM_LE(cmsg->nt_resp.offset) + 16;
1537 const guint8 *temp = (guint8 *)cmsg + offset;
1538 const guint response_version = temp[0];
1539 const guint hi_response_version = temp[1];
1540 const guint8 *client_challenge = temp + 16;
1541 const guint8 *target_info = temp + 28;
1542 guint16 target_info_len = nt_resp_len_full - 16 - 32;
1543 guint64 time_val;
1544 time_t time_t_val;
1545 char *tmp;
1546
1547 g_string_append_printf(str, "\t%s: %s\n", "target_info raw",
1548 (tmp = buff_to_hex_str((guint8 *)target_info, target_info_len)));
1549 g_free(tmp);
1550
1551 /* This is not int64 aligned on sparc */
1552 memcpy((gchar *)&time_val, temp+8, sizeof(time_val));
1553 time_t_val = TIME_VAL_TO_T(time_val);
1554
1555 g_string_append_printf(str, "\t%s: %d\n", "response_version", response_version);
1556 g_string_append_printf(str, "\t%s: %d\n", "hi_response_version", hi_response_version);
1557
1558 g_string_append_printf(str, "\t%s: %s - %s", "time", (tmp = buff_to_hex_str((guint8 *)&time_val, 8)),
1559 asctime(gmtime(&time_t_val)));
1560 g_free(tmp);
1561
1562 g_string_append_printf(str, "\t%s: %s\n", "client_challenge", (tmp = buff_to_hex_str((guint8 *)client_challenge, 8)));
1563 g_free(tmp);
1564
1565 describe_av_pairs(str, target_info);
1566
1567 g_string_append_printf(str, "\t%s\n", "----------- end of nt_resp v2 -----------");
1568 }
1569 }
1570
1571 if (cmsg->domain.len && cmsg->domain.offset) {
1572 gchar *domain = unicode_strconvcopy_back(((gchar *)cmsg + GUINT32_FROM_LE(cmsg->domain.offset)), GUINT16_FROM_LE(cmsg->domain.len));
1573 g_string_append_printf(str, "\t%s: %s\n", "domain", domain);
1574 g_free(domain);
1575 }
1576
1577 if (cmsg->user.len && cmsg->user.offset) {
1578 gchar *user = unicode_strconvcopy_back(((gchar *)cmsg + GUINT32_FROM_LE(cmsg->user.offset)), GUINT16_FROM_LE(cmsg->user.len));
1579 g_string_append_printf(str, "\t%s: %s\n", "user", user);
1580 g_free(user);
1581 }
1582
1583 if (cmsg->host.len && cmsg->host.offset) {
1584 gchar *host = unicode_strconvcopy_back(((gchar *)cmsg + GUINT32_FROM_LE(cmsg->host.offset)), GUINT16_FROM_LE(cmsg->host.len));
1585 g_string_append_printf(str, "\t%s: %s\n", "host", host);
1586 g_free(host);
1587 }
1588
1589 if (cmsg->session_key.len && cmsg->session_key.offset) {
1590 value_len = GUINT16_FROM_LE(cmsg->session_key.len);
1591 value = (guint8 *)cmsg + GUINT32_FROM_LE(cmsg->session_key.offset);
1592 g_string_append_printf(str, "\t%s: %s\n", "session_key", (tmp = buff_to_hex_str(value, value_len)));
1593 g_free(tmp);
1594 }
1595
1596 return g_string_free(str, FALSE);
1597 }
1598
1599 static gchar *
1600 sip_sec_ntlm_challenge_message_describe(struct challenge_message *cmsg)
1601 {
1602 GString* str = g_string_new(NULL);
1603 char *tmp;
1604
1605 g_string_append(str, (tmp = sip_sec_ntlm_negotiate_flags_describe(cmsg->flags)));
1606 g_free(tmp);
1607
1608 /* nonce (server_challenge) */
1609 g_string_append_printf(str, "\t%s: %s\n", "server_challenge", (tmp = buff_to_hex_str(cmsg->nonce, 8)));
1610 g_free(tmp);
1611
1612 g_string_append(str, (tmp = sip_sec_ntlm_describe_smb_header(&(cmsg->target_name), "target_name")));
1613 g_free(tmp);
1614
1615 g_string_append(str, (tmp = sip_sec_ntlm_describe_smb_header(&(cmsg->target_info), "target_info")));
1616 g_free(tmp);
1617
1618 g_string_append(str, (tmp = sip_sec_ntlm_describe_version(&(cmsg->ver))));
1619 g_free(tmp);
1620
1621 if (cmsg->target_name.len && cmsg->target_name.offset) {
1622 gchar *target_name = unicode_strconvcopy_back(((gchar *)cmsg + GUINT32_FROM_LE(cmsg->target_name.offset)), GUINT16_FROM_LE(cmsg->target_name.len));
1623 g_string_append_printf(str, "\ttarget_name: %s\n", target_name);
1624 g_free(target_name);
1625 }
1626
1627 if (cmsg->target_info.len && cmsg->target_info.offset) {
1628 guint8 *target_info = (guint8 *)cmsg + GUINT32_FROM_LE(cmsg->target_info.offset);
1629 guint16 target_info_len = GUINT16_FROM_LE(cmsg->target_info.len);
1630
1631 g_string_append_printf(str, "\t%s: %s\n", "target_info raw", (tmp = buff_to_hex_str(target_info, target_info_len)));
1632 g_free(tmp);
1633
1634 describe_av_pairs(str, target_info);
1635 }
1636
1637 return g_string_free(str, FALSE);
1638 }
1639
1640 gchar *
1641 sip_sec_ntlm_message_describe(SipSecBuffer buff)
1642 {
1643 struct ntlm_message *msg;
1644 gchar *res = NULL;
1645
1646 if (buff.length == 0 || buff.value == NULL || buff.length < 12) return NULL;
1647
1648 msg = (struct ntlm_message *)buff.value;
1649 if(!sipe_strequal("NTLMSSP", (char*)msg)) return NULL;
1650
1651 switch (GUINT32_FROM_LE(msg->type)) {
1652 case 1: res = sip_sec_ntlm_negotiate_message_describe((struct negotiate_message *)msg);
1653 break;
1654 case 2: res = sip_sec_ntlm_challenge_message_describe((struct challenge_message *)msg);
1655 break;
1656 case 3: res = sip_sec_ntlm_authenticate_message_describe((struct authenticate_message *)msg);
1657 break;
1658 }
1659
1660 return res;
1661 }
1662
1663 /* sip-sec-mech.h API implementation for NTLM */
1664
1665 /* Security context for NTLM */
1666 typedef struct _context_ntlm {
1667 struct sip_sec_context common;
1668 char* domain;
1669 char *username;
1670 char *password;
1671 int step;
1672 guchar *client_sign_key;
1673 guchar *server_sign_key;
1674 guchar *client_seal_key;
1675 guchar *server_seal_key;
1676 guint32 flags;
1677 } *context_ntlm;
1678
1679
1680 static sip_uint32
1681 sip_sec_acquire_cred__ntlm(SipSecContext context,
1682 const char *domain,
1683 const char *username,
1684 const char *password)
1685 {
1686 context_ntlm ctx = (context_ntlm)context;
1687
1688 /* NTLM requires a domain, username & password */
1689 if (!domain || !username || !password)
1690 return SIP_SEC_E_INTERNAL_ERROR;
1691
1692 ctx->domain = g_strdup(domain);
1693 ctx->username = g_strdup(username);
1694 ctx->password = g_strdup(password);
1695
1696 return SIP_SEC_E_OK;
1697 }
1698
1699 static sip_uint32
1700 sip_sec_init_sec_context__ntlm(SipSecContext context,
1701 SipSecBuffer in_buff,
1702 SipSecBuffer *out_buff,
1703 SIPE_UNUSED_PARAMETER const char *service_name)
1704 {
1705 context_ntlm ctx = (context_ntlm) context;
1706
1707 SIPE_DEBUG_INFO_NOFORMAT("sip_sec_init_sec_context__ntlm: in use");
1708
1709 ctx->step++;
1710 if (ctx->step == 1) {
1711 if (!context->is_connection_based) {
1712 out_buff->length = 0;
1713 out_buff->value = NULL;
1714 } else {
1715 sip_sec_ntlm_gen_negotiate(out_buff);
1716 }
1717 return SIP_SEC_I_CONTINUE_NEEDED;
1718
1719 } else {
1720 sip_uint32 res;
1721 guchar *client_sign_key = NULL;
1722 guchar *server_sign_key = NULL;
1723 guchar *client_seal_key = NULL;
1724 guchar *server_seal_key = NULL;
1725 guchar *server_challenge = NULL;
1726 guint64 time_val = 0;
1727 guchar *target_info = NULL;
1728 int target_info_len = 0;
1729 guint32 flags;
1730 gchar *tmp;
1731
1732 if (!in_buff.value || !in_buff.length) {
1733 return SIP_SEC_E_INTERNAL_ERROR;
1734 }
1735
1736 sip_sec_ntlm_parse_challenge(in_buff,
1737 &flags,
1738 &server_challenge, /* 8 bytes */
1739 &time_val,
1740 &target_info,
1741 &target_info_len);
1742
1743 res = sip_sec_ntlm_gen_authenticate(
1744 &client_sign_key,
1745 &server_sign_key,
1746 &client_seal_key,
1747 &server_seal_key,
1748 ctx->username,
1749 ctx->password,
1750 (tmp = g_ascii_strup(g_get_host_name(), -1)),
1751 ctx->domain,
1752 server_challenge,
1753 time_val,
1754 target_info,
1755 target_info_len,
1756 context->is_connection_based,
1757 out_buff,
1758 &flags);
1759 g_free(server_challenge);
1760 g_free(target_info);
1761 g_free(tmp);
1762
1763 if (res != SIP_SEC_E_OK) {
1764 g_free(client_sign_key);
1765 g_free(server_sign_key);
1766 g_free(client_seal_key);
1767 g_free(server_seal_key);
1768 return res;
1769 }
1770
1771 g_free(ctx->client_sign_key);
1772 ctx->client_sign_key = client_sign_key;
1773
1774 g_free(ctx->server_sign_key);
1775 ctx->server_sign_key = server_sign_key;
1776
1777 g_free(ctx->client_seal_key);
1778 ctx->client_seal_key = client_seal_key;
1779
1780 g_free(ctx->server_seal_key);
1781 ctx->server_seal_key = server_seal_key;
1782
1783 ctx->flags = flags;
1784 return SIP_SEC_E_OK;
1785 }
1786 }
1787
1788 /**
1789 * @param message a NULL terminated string to sign
1790 *
1791 */
1792 static sip_uint32
1793 sip_sec_make_signature__ntlm(SipSecContext context,
1794 const char *message,
1795 SipSecBuffer *signature)
1796 {
1797 signature->length = 16;
1798 signature->value = g_malloc0(16);
1799
1800 /* FIXME? We always use a random_pad of 0 */
1801 sip_sec_ntlm_sipe_signature_make(((context_ntlm) context)->flags,
1802 message,
1803 0,
1804 ((context_ntlm) context)->client_sign_key,
1805 ((context_ntlm) context)->client_seal_key,
1806 signature->value);
1807 return SIP_SEC_E_OK;
1808 }
1809
1810 /**
1811 * @param message a NULL terminated string to check signature of
1812 * @return SIP_SEC_E_OK on success
1813 */
1814 static sip_uint32
1815 sip_sec_verify_signature__ntlm(SipSecContext context,
1816 const char *message,
1817 SipSecBuffer signature)
1818 {
1819 guint8 mac[16];
1820 guint32 random_pad = GUINT32_FROM_LE(((guint32 *) signature.value)[1]);
1821
1822 sip_sec_ntlm_sipe_signature_make(((context_ntlm) context)->flags,
1823 message,
1824 random_pad,
1825 ((context_ntlm) context)->server_sign_key,
1826 ((context_ntlm) context)->server_seal_key,
1827 mac);
1828 return(memcmp(signature.value, mac, 16) ?
1829 SIP_SEC_E_INTERNAL_ERROR :
1830 SIP_SEC_E_OK);
1831 }
1832
1833 static void
1834 sip_sec_destroy_sec_context__ntlm(SipSecContext context)
1835 {
1836 context_ntlm ctx = (context_ntlm) context;
1837
1838 g_free(ctx->domain);
1839 g_free(ctx->username);
1840 g_free(ctx->password);
1841 g_free(ctx->client_sign_key);
1842 g_free(ctx->server_sign_key);
1843 g_free(ctx->client_seal_key);
1844 g_free(ctx->server_seal_key);
1845 g_free(ctx);
1846 }
1847
1848 SipSecContext
1849 sip_sec_create_context__ntlm(SIPE_UNUSED_PARAMETER guint type)
1850 {
1851 context_ntlm context = g_malloc0(sizeof(struct _context_ntlm));
1852 if (!context) return(NULL);
1853
1854 context->common.acquire_cred_func = sip_sec_acquire_cred__ntlm;
1855 context->common.init_context_func = sip_sec_init_sec_context__ntlm;
1856 context->common.destroy_context_func = sip_sec_destroy_sec_context__ntlm;
1857 context->common.make_signature_func = sip_sec_make_signature__ntlm;
1858 context->common.verify_signature_func = sip_sec_verify_signature__ntlm;
1859
1860 return((SipSecContext) context);
1861 }
1862
1863 void sip_sec_init__ntlm(void)
1864 {
1865 #ifdef HAVE_LANGINFO_CODESET
1866 const char *sys_cp = nl_langinfo(CODESET);
1867 #else
1868 const char *sys_cp = SIPE_DEFAULT_CODESET;
1869 #endif /* HAVE_LANGINFO_CODESET */
1870
1871 /* fall back to utf-8 */
1872 if (!sys_cp) sys_cp = "UTF-8";
1873
1874 convert_from_utf16le = g_iconv_open(sys_cp, "UTF-16LE");
1875 if (convert_from_utf16le == (GIConv)-1) {
1876 SIPE_DEBUG_ERROR("g_iconv_open from UTF-16LE to %s failed",
1877 sys_cp);
1878 }
1879
1880 convert_to_utf16le = g_iconv_open("UTF-16LE", sys_cp);
1881 if (convert_from_utf16le == (GIConv)-1) {
1882 SIPE_DEBUG_ERROR("g_iconv_open from %s to UTF-16LE failed",
1883 sys_cp);
1884 }
1885 }
1886
1887 void sip_sec_destroy__ntlm(void)
1888 {
1889 g_iconv_close(convert_to_utf16le);
1890 g_iconv_close(convert_from_utf16le);
1891 }
1892
1893 /*
1894 Local Variables:
1895 mode: c
1896 c-file-style: "bsd"
1897 indent-tabs-mode: t
1898 tab-width: 8
1899 End:
1900 */
A third-party Pidgin plugin for Microsoft LCS/OCS