Lines 275-281
static void load_buffer(u_char *buf, const u_char *str, uint16 len,
Link Here
|
275 |
{ |
275 |
{ |
276 |
if (len) { |
276 |
if (len) { |
277 |
if (unicode) { |
277 |
if (unicode) { |
278 |
to_unicode(base + *offset, str, len); |
278 |
to_unicode(base + *offset, (const char *) str, len); |
279 |
len *= 2; |
279 |
len *= 2; |
280 |
} |
280 |
} |
281 |
else { |
281 |
else { |
Lines 373-382
static unsigned char *P16_lm(unsigned char *P16, sasl_secret_t *passwd,
Link Here
|
373 |
char P14[14]; |
373 |
char P14[14]; |
374 |
unsigned char S8[] = { 0x4b, 0x47, 0x53, 0x21, 0x40, 0x23, 0x24, 0x25 }; |
374 |
unsigned char S8[] = { 0x4b, 0x47, 0x53, 0x21, 0x40, 0x23, 0x24, 0x25 }; |
375 |
|
375 |
|
376 |
strncpy(P14, passwd->data, sizeof(P14)); |
376 |
strncpy(P14, (const char *) passwd->data, sizeof(P14)); |
377 |
ucase(P14, sizeof(P14)); |
377 |
ucase(P14, sizeof(P14)); |
378 |
|
378 |
|
379 |
E(P16, P14, sizeof(P14), S8, sizeof(S8)); |
379 |
E(P16, (unsigned char *) P14, sizeof(P14), S8, sizeof(S8)); |
380 |
*result = SASL_OK; |
380 |
*result = SASL_OK; |
381 |
return P16; |
381 |
return P16; |
382 |
} |
382 |
} |
Lines 390-397
static unsigned char *P16_nt(unsigned char *P16, sasl_secret_t *passwd,
Link Here
|
390 |
*result = SASL_NOMEM; |
390 |
*result = SASL_NOMEM; |
391 |
} |
391 |
} |
392 |
else { |
392 |
else { |
393 |
to_unicode(*buf, passwd->data, passwd->len); |
393 |
to_unicode((unsigned char *) *buf, (const char *) passwd->data, passwd->len); |
394 |
MD4(*buf, 2 * passwd->len, P16); |
394 |
MD4((unsigned char *) *buf, 2 * passwd->len, P16); |
395 |
*result = SASL_OK; |
395 |
*result = SASL_OK; |
396 |
} |
396 |
} |
397 |
return P16; |
397 |
return P16; |
Lines 444-452
static unsigned char *V2(unsigned char *V2, sasl_secret_t *passwd,
Link Here
|
444 |
strcpy(upper, authid); |
444 |
strcpy(upper, authid); |
445 |
if (target) strcat(upper, target); |
445 |
if (target) strcat(upper, target); |
446 |
ucase(upper, len); |
446 |
ucase(upper, len); |
447 |
to_unicode(*buf, upper, len); |
447 |
to_unicode((unsigned char *) *buf, upper, len); |
448 |
|
448 |
|
449 |
HMAC(EVP_md5(), hash, MD4_DIGEST_LENGTH, *buf, 2 * len, hash, &len); |
449 |
HMAC(EVP_md5(), hash, MD4_DIGEST_LENGTH, (unsigned char *) *buf, 2 * len, hash, &len); |
450 |
|
450 |
|
451 |
/* V2 = HMAC-MD5(NTLMv2hash, challenge + blob) + blob */ |
451 |
/* V2 = HMAC-MD5(NTLMv2hash, challenge + blob) + blob */ |
452 |
HMAC_Init(&ctx, hash, len, EVP_md5()); |
452 |
HMAC_Init(&ctx, hash, len, EVP_md5()); |
Lines 768-775
static void make_netbios_name(const char *in, unsigned char out[])
Link Here
|
768 |
*/ |
768 |
*/ |
769 |
n = strcspn(in, "."); |
769 |
n = strcspn(in, "."); |
770 |
if (n > 16) n = 16; |
770 |
if (n > 16) n = 16; |
771 |
strncpy(out+18, in, n); |
771 |
strncpy((char *) out+18, in, n); |
772 |
in = out+18; |
772 |
in = (char *) out+18; |
773 |
ucase(in, n); |
773 |
ucase(in, n); |
774 |
|
774 |
|
775 |
out[j++] = 0x20; |
775 |
out[j++] = 0x20; |
Lines 1033-1039
static int smb_negotiate_protocol(const sasl_utils_t *utils,
Link Here
|
1033 |
"NTLM: error reading NEGPROT response"); |
1033 |
"NTLM: error reading NEGPROT response"); |
1034 |
return SASL_FAIL; |
1034 |
return SASL_FAIL; |
1035 |
} |
1035 |
} |
1036 |
p = text->out_buf; |
1036 |
p = (unsigned char *) text->out_buf; |
1037 |
|
1037 |
|
1038 |
/* parse the header */ |
1038 |
/* parse the header */ |
1039 |
if (len < SMB_HDR_SIZE) { |
1039 |
if (len < SMB_HDR_SIZE) { |
Lines 1115-1121
static int smb_negotiate_protocol(const sasl_utils_t *utils,
Link Here
|
1115 |
return SASL_NOMEM; |
1115 |
return SASL_NOMEM; |
1116 |
} |
1116 |
} |
1117 |
memcpy(*domain, p, len); |
1117 |
memcpy(*domain, p, len); |
1118 |
from_unicode(*domain, *domain, len); |
1118 |
from_unicode(*domain, (unsigned char *) *domain, len); |
1119 |
|
1119 |
|
1120 |
text->flags |= NTLM_TARGET_IS_DOMAIN; |
1120 |
text->flags |= NTLM_TARGET_IS_DOMAIN; |
1121 |
} |
1121 |
} |
Lines 1256-1262
static int smb_session_setup(const sasl_utils_t *utils, server_context_t *text,
Link Here
|
1256 |
"NTLM: error reading SESSIONSETUP response"); |
1256 |
"NTLM: error reading SESSIONSETUP response"); |
1257 |
return SASL_FAIL; |
1257 |
return SASL_FAIL; |
1258 |
} |
1258 |
} |
1259 |
p = text->out_buf; |
1259 |
p = (unsigned char *) text->out_buf; |
1260 |
|
1260 |
|
1261 |
/* parse the header */ |
1261 |
/* parse the header */ |
1262 |
if (len < SMB_HDR_SIZE) { |
1262 |
if (len < SMB_HDR_SIZE) { |
Lines 1343-1354
static int create_challenge(const sasl_utils_t *utils,
Link Here
|
1343 |
return SASL_NOMEM; |
1343 |
return SASL_NOMEM; |
1344 |
} |
1344 |
} |
1345 |
|
1345 |
|
1346 |
base = *buf; |
1346 |
base = (unsigned char *) *buf; |
1347 |
memset(base, 0, *outlen); |
1347 |
memset(base, 0, *outlen); |
1348 |
memcpy(base + NTLM_SIG_OFFSET, NTLM_SIGNATURE, sizeof(NTLM_SIGNATURE)); |
1348 |
memcpy(base + NTLM_SIG_OFFSET, NTLM_SIGNATURE, sizeof(NTLM_SIGNATURE)); |
1349 |
htoil(base + NTLM_TYPE_OFFSET, NTLM_TYPE_CHALLENGE); |
1349 |
htoil(base + NTLM_TYPE_OFFSET, NTLM_TYPE_CHALLENGE); |
1350 |
load_buffer(base + NTLM_TYPE2_TARGET_OFFSET, |
1350 |
load_buffer(base + NTLM_TYPE2_TARGET_OFFSET, |
1351 |
ucase(target, 0), (uint16) xstrlen(target), flags & NTLM_USE_UNICODE, |
1351 |
(const unsigned char *) ucase(target, 0), (uint16) xstrlen(target), flags & NTLM_USE_UNICODE, |
1352 |
base, &offset); |
1352 |
base, &offset); |
1353 |
htoil(base + NTLM_TYPE2_FLAGS_OFFSET, flags); |
1353 |
htoil(base + NTLM_TYPE2_FLAGS_OFFSET, flags); |
1354 |
memcpy(base + NTLM_TYPE2_CHALLENGE_OFFSET, nonce, NTLM_NONCE_LENGTH); |
1354 |
memcpy(base + NTLM_TYPE2_CHALLENGE_OFFSET, nonce, NTLM_NONCE_LENGTH); |
Lines 1500-1525
static int ntlm_server_mech_step2(server_context_t *text,
Link Here
|
1500 |
return SASL_BADPROT; |
1500 |
return SASL_BADPROT; |
1501 |
} |
1501 |
} |
1502 |
|
1502 |
|
1503 |
result = unload_buffer(sparams->utils, clientin + NTLM_TYPE3_LMRESP_OFFSET, |
1503 |
result = unload_buffer(sparams->utils, |
|
|
1504 |
(const unsigned char *) clientin + NTLM_TYPE3_LMRESP_OFFSET, |
1504 |
(u_char **) &lm_resp, &lm_resp_len, 0, |
1505 |
(u_char **) &lm_resp, &lm_resp_len, 0, |
1505 |
clientin, clientinlen); |
1506 |
(const unsigned char *) clientin, clientinlen); |
1506 |
if (result != SASL_OK) goto cleanup; |
1507 |
if (result != SASL_OK) goto cleanup; |
1507 |
|
1508 |
|
1508 |
result = unload_buffer(sparams->utils, clientin + NTLM_TYPE3_NTRESP_OFFSET, |
1509 |
result = unload_buffer(sparams->utils, |
|
|
1510 |
(const unsigned char *) clientin + NTLM_TYPE3_NTRESP_OFFSET, |
1509 |
(u_char **) &nt_resp, &nt_resp_len, 0, |
1511 |
(u_char **) &nt_resp, &nt_resp_len, 0, |
1510 |
clientin, clientinlen); |
1512 |
(const unsigned char *) clientin, clientinlen); |
1511 |
if (result != SASL_OK) goto cleanup; |
1513 |
if (result != SASL_OK) goto cleanup; |
1512 |
|
1514 |
|
1513 |
result = unload_buffer(sparams->utils, clientin + NTLM_TYPE3_DOMAIN_OFFSET, |
1515 |
result = unload_buffer(sparams->utils, |
|
|
1516 |
(const unsigned char *) clientin + NTLM_TYPE3_DOMAIN_OFFSET, |
1514 |
(u_char **) &domain, &domain_len, |
1517 |
(u_char **) &domain, &domain_len, |
1515 |
text->flags & NTLM_USE_UNICODE, |
1518 |
text->flags & NTLM_USE_UNICODE, |
1516 |
clientin, clientinlen); |
1519 |
(const unsigned char *) clientin, clientinlen); |
1517 |
if (result != SASL_OK) goto cleanup; |
1520 |
if (result != SASL_OK) goto cleanup; |
1518 |
|
1521 |
|
1519 |
result = unload_buffer(sparams->utils, clientin + NTLM_TYPE3_USER_OFFSET, |
1522 |
result = unload_buffer(sparams->utils, |
|
|
1523 |
(const unsigned char *) clientin + NTLM_TYPE3_USER_OFFSET, |
1520 |
(u_char **) &authid, &authid_len, |
1524 |
(u_char **) &authid, &authid_len, |
1521 |
text->flags & NTLM_USE_UNICODE, |
1525 |
text->flags & NTLM_USE_UNICODE, |
1522 |
clientin, clientinlen); |
1526 |
(const unsigned char *) clientin, clientinlen); |
1523 |
if (result != SASL_OK) goto cleanup; |
1527 |
if (result != SASL_OK) goto cleanup; |
1524 |
|
1528 |
|
1525 |
/* require at least one response and an authid */ |
1529 |
/* require at least one response and an authid */ |
Lines 1582-1588
static int ntlm_server_mech_step2(server_context_t *text,
Link Here
|
1582 |
} |
1586 |
} |
1583 |
|
1587 |
|
1584 |
password->len = (unsigned) pass_len; |
1588 |
password->len = (unsigned) pass_len; |
1585 |
strncpy(password->data, auxprop_values[0].values[0], pass_len + 1); |
1589 |
strncpy((char *) password->data, auxprop_values[0].values[0], pass_len + 1); |
1586 |
|
1590 |
|
1587 |
/* erase the plaintext password */ |
1591 |
/* erase the plaintext password */ |
1588 |
sparams->utils->prop_erase(sparams->propctx, password_request[0]); |
1592 |
sparams->utils->prop_erase(sparams->propctx, password_request[0]); |
Lines 1805-1819
static int create_request(const sasl_utils_t *utils,
Link Here
|
1805 |
return SASL_NOMEM; |
1809 |
return SASL_NOMEM; |
1806 |
} |
1810 |
} |
1807 |
|
1811 |
|
1808 |
base = *buf; |
1812 |
base = (unsigned char *) *buf; |
1809 |
memset(base, 0, *outlen); |
1813 |
memset(base, 0, *outlen); |
1810 |
memcpy(base + NTLM_SIG_OFFSET, NTLM_SIGNATURE, sizeof(NTLM_SIGNATURE)); |
1814 |
memcpy(base + NTLM_SIG_OFFSET, NTLM_SIGNATURE, sizeof(NTLM_SIGNATURE)); |
1811 |
htoil(base + NTLM_TYPE_OFFSET, NTLM_TYPE_REQUEST); |
1815 |
htoil(base + NTLM_TYPE_OFFSET, NTLM_TYPE_REQUEST); |
1812 |
htoil(base + NTLM_TYPE1_FLAGS_OFFSET, flags); |
1816 |
htoil(base + NTLM_TYPE1_FLAGS_OFFSET, flags); |
1813 |
load_buffer(base + NTLM_TYPE1_DOMAIN_OFFSET, |
1817 |
load_buffer(base + NTLM_TYPE1_DOMAIN_OFFSET, |
1814 |
domain, (uint16) xstrlen(domain), 0, base, &offset); |
1818 |
(const unsigned char *) domain, (uint16) xstrlen(domain), 0, base, &offset); |
1815 |
load_buffer(base + NTLM_TYPE1_WORKSTN_OFFSET, |
1819 |
load_buffer(base + NTLM_TYPE1_WORKSTN_OFFSET, |
1816 |
wkstn, (uint16) xstrlen(wkstn), 0, base, &offset); |
1820 |
(const unsigned char *) wkstn, (uint16) xstrlen(wkstn), 0, base, &offset); |
1817 |
|
1821 |
|
1818 |
return SASL_OK; |
1822 |
return SASL_OK; |
1819 |
} |
1823 |
} |
Lines 1858-1864
static int create_response(const sasl_utils_t *utils,
Link Here
|
1858 |
return SASL_NOMEM; |
1862 |
return SASL_NOMEM; |
1859 |
} |
1863 |
} |
1860 |
|
1864 |
|
1861 |
base = *buf; |
1865 |
base = (unsigned char *) *buf; |
1862 |
memset(base, 0, *outlen); |
1866 |
memset(base, 0, *outlen); |
1863 |
memcpy(base + NTLM_SIG_OFFSET, NTLM_SIGNATURE, sizeof(NTLM_SIGNATURE)); |
1867 |
memcpy(base + NTLM_SIG_OFFSET, NTLM_SIGNATURE, sizeof(NTLM_SIGNATURE)); |
1864 |
htoil(base + NTLM_TYPE_OFFSET, NTLM_TYPE_RESPONSE); |
1868 |
htoil(base + NTLM_TYPE_OFFSET, NTLM_TYPE_RESPONSE); |
Lines 1867-1878
static int create_response(const sasl_utils_t *utils,
Link Here
|
1867 |
load_buffer(base + NTLM_TYPE3_NTRESP_OFFSET, |
1871 |
load_buffer(base + NTLM_TYPE3_NTRESP_OFFSET, |
1868 |
nt_resp, nt_resp ? NTLM_RESP_LENGTH : 0, 0, base, &offset); |
1872 |
nt_resp, nt_resp ? NTLM_RESP_LENGTH : 0, 0, base, &offset); |
1869 |
load_buffer(base + NTLM_TYPE3_DOMAIN_OFFSET, |
1873 |
load_buffer(base + NTLM_TYPE3_DOMAIN_OFFSET, |
1870 |
ucase(domain, 0), (uint16) xstrlen(domain), flags & NTLM_USE_UNICODE, |
1874 |
(const unsigned char *) ucase(domain, 0), (uint16) xstrlen(domain), |
|
|
1875 |
flags & NTLM_USE_UNICODE, |
1871 |
base, &offset); |
1876 |
base, &offset); |
1872 |
load_buffer(base + NTLM_TYPE3_USER_OFFSET, |
1877 |
load_buffer(base + NTLM_TYPE3_USER_OFFSET, |
1873 |
user, (uint16) xstrlen(user), flags & NTLM_USE_UNICODE, base, &offset); |
1878 |
(const unsigned char *) user, (uint16) xstrlen(user), |
|
|
1879 |
flags & NTLM_USE_UNICODE, base, &offset); |
1874 |
load_buffer(base + NTLM_TYPE3_WORKSTN_OFFSET, |
1880 |
load_buffer(base + NTLM_TYPE3_WORKSTN_OFFSET, |
1875 |
ucase(wkstn, 0), (uint16) xstrlen(wkstn), flags & NTLM_USE_UNICODE, |
1881 |
(const unsigned char *) ucase(wkstn, 0), (uint16) xstrlen(wkstn), |
|
|
1882 |
flags & NTLM_USE_UNICODE, |
1876 |
base, &offset); |
1883 |
base, &offset); |
1877 |
load_buffer(base + NTLM_TYPE3_SESSIONKEY_OFFSET, |
1884 |
load_buffer(base + NTLM_TYPE3_SESSIONKEY_OFFSET, |
1878 |
key, key ? NTLM_SESSKEY_LENGTH : 0, 0, base, &offset); |
1885 |
key, key ? NTLM_SESSKEY_LENGTH : 0, 0, base, &offset); |
Lines 2011-2017
static int ntlm_client_mech_step2(client_context_t *text,
Link Here
|
2011 |
|
2018 |
|
2012 |
flags &= NTLM_FLAGS_MASK; /* mask off the bits we don't support */ |
2019 |
flags &= NTLM_FLAGS_MASK; /* mask off the bits we don't support */ |
2013 |
|
2020 |
|
2014 |
result = unload_buffer(params->utils, serverin + NTLM_TYPE2_TARGET_OFFSET, |
2021 |
result = unload_buffer(params->utils, |
|
|
2022 |
(const unsigned char *) serverin + NTLM_TYPE2_TARGET_OFFSET, |
2015 |
(u_char **) &domain, NULL, |
2023 |
(u_char **) &domain, NULL, |
2016 |
flags & NTLM_USE_UNICODE, |
2024 |
flags & NTLM_USE_UNICODE, |
2017 |
(u_char *) serverin, serverinlen); |
2025 |
(u_char *) serverin, serverinlen); |
Lines 2027-2033
static int ntlm_client_mech_step2(client_context_t *text,
Link Here
|
2027 |
(sendv2[0] == 'o' && sendv2[1] == 'n') || sendv2[0] == 't')) { |
2035 |
(sendv2[0] == 'o' && sendv2[1] == 'n') || sendv2[0] == 't')) { |
2028 |
|
2036 |
|
2029 |
/* put the cnonce in place after the LMv2 HMAC */ |
2037 |
/* put the cnonce in place after the LMv2 HMAC */ |
2030 |
char *cnonce = resp + MD5_DIGEST_LENGTH; |
2038 |
char *cnonce = (char *) resp + MD5_DIGEST_LENGTH; |
2031 |
|
2039 |
|
2032 |
params->utils->log(NULL, SASL_LOG_DEBUG, |
2040 |
params->utils->log(NULL, SASL_LOG_DEBUG, |
2033 |
"calculating LMv2 response"); |
2041 |
"calculating LMv2 response"); |
Lines 2035-2041
static int ntlm_client_mech_step2(client_context_t *text,
Link Here
|
2035 |
params->utils->rand(params->utils->rpool, cnonce, NTLM_NONCE_LENGTH); |
2043 |
params->utils->rand(params->utils->rpool, cnonce, NTLM_NONCE_LENGTH); |
2036 |
|
2044 |
|
2037 |
V2(resp, password, oparams->authid, domain, |
2045 |
V2(resp, password, oparams->authid, domain, |
2038 |
serverin + NTLM_TYPE2_CHALLENGE_OFFSET, cnonce, NTLM_NONCE_LENGTH, |
2046 |
(const unsigned char *) serverin + NTLM_TYPE2_CHALLENGE_OFFSET, |
|
|
2047 |
(const unsigned char *) cnonce, NTLM_NONCE_LENGTH, |
2039 |
params->utils, &text->out_buf, &text->out_buf_len, &result); |
2048 |
params->utils, &text->out_buf, &text->out_buf_len, &result); |
2040 |
|
2049 |
|
2041 |
lm_resp = resp; |
2050 |
lm_resp = resp; |