2 * Copyright (c) 2006 - 2008 Kungliga Tekniska Högskolan
3 * (Royal Institute of Technology, Stockholm, Sweden).
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
13 * 2. Redistributions in binary form must reproduce the above copyright
14 * notice, this list of conditions and the following disclaimer in the
15 * documentation and/or other materials provided with the distribution.
17 * 3. Neither the name of the Institute nor the names of its contributors
18 * may be used to endorse or promote products derived from this software
19 * without specific prior written permission.
21 * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
22 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
23 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
24 * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
25 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
26 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
27 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
28 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
29 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
30 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
37 from_file(const char *fn, const char *target_domain,
38 char **username, struct ntlm_buf *key)
48 while (fgets(buf, sizeof(buf), f) != NULL) {
50 buf[strcspn(buf, "\r\n")] = '\0';
54 d = strtok_r(buf, ":", &str);
55 if (d && strcasecmp(target_domain, d) != 0)
57 u = strtok_r(NULL, ":", &str);
58 p = strtok_r(NULL, ":", &str);
59 if (u == NULL || p == NULL)
62 *username = strdup(u);
64 heim_ntlm_nt_key(p, key);
66 memset(buf, 0, sizeof(buf));
70 memset(buf, 0, sizeof(buf));
76 get_user_file(const ntlm_name target_name,
77 char **username, struct ntlm_buf *key)
84 fn = getenv("NTLM_USER_FILE");
87 if (from_file(fn, target_name->domain, username, key) == 0)
94 * Pick up the ntlm cred from the default krb5 credential cache.
98 get_user_ccache(const ntlm_name name, char **username, struct ntlm_buf *key)
100 krb5_context context = NULL;
101 krb5_principal client;
102 krb5_ccache id = NULL;
108 krb5_data_zero(&data);
112 ret = krb5_init_context(&context);
116 ret = krb5_cc_default(context, &id);
120 ret = krb5_cc_get_principal(context, id, &client);
124 ret = krb5_unparse_name_flags(context, client,
125 KRB5_PRINCIPAL_UNPARSE_NO_REALM,
127 krb5_free_principal(context, client);
131 asprintf(&confname, "ntlm-key-%s", name->domain);
132 if (confname == NULL) {
133 krb5_clear_error_message(context);
138 ret = krb5_cc_get_config(context, id, NULL,
143 key->data = malloc(data.length);
144 if (key->data == NULL) {
148 key->length = data.length;
149 memcpy(key->data, data.data, data.length);
152 krb5_data_free(&data);
154 krb5_cc_close(context, id);
156 krb5_free_context(context);
162 _gss_ntlm_get_user_cred(const ntlm_name target_name,
168 cred = calloc(1, sizeof(*cred));
172 ret = get_user_file(target_name, &cred->username, &cred->key);
174 ret = get_user_ccache(target_name, &cred->username, &cred->key);
180 cred->domain = strdup(target_name->domain);
187 _gss_copy_cred(ntlm_cred from, ntlm_cred *to)
189 *to = calloc(1, sizeof(**to));
192 (*to)->username = strdup(from->username);
193 if ((*to)->username == NULL) {
197 (*to)->domain = strdup(from->domain);
198 if ((*to)->domain == NULL) {
199 free((*to)->username);
203 (*to)->key.data = malloc(from->key.length);
204 if ((*to)->key.data == NULL) {
206 free((*to)->username);
210 memcpy((*to)->key.data, from->key.data, from->key.length);
211 (*to)->key.length = from->key.length;
216 OM_uint32 GSSAPI_CALLCONV
217 _gss_ntlm_init_sec_context
218 (OM_uint32 * minor_status,
219 const gss_cred_id_t initiator_cred_handle,
220 gss_ctx_id_t * context_handle,
221 const gss_name_t target_name,
222 const gss_OID mech_type,
225 const gss_channel_bindings_t input_chan_bindings,
226 const gss_buffer_t input_token,
227 gss_OID * actual_mech_type,
228 gss_buffer_t output_token,
229 OM_uint32 * ret_flags,
234 ntlm_name name = (ntlm_name)target_name;
242 if (actual_mech_type)
243 *actual_mech_type = GSS_C_NO_OID;
245 if (*context_handle == GSS_C_NO_CONTEXT) {
246 struct ntlm_type1 type1;
247 struct ntlm_buf data;
251 ctx = calloc(1, sizeof(*ctx));
253 *minor_status = EINVAL;
254 return GSS_S_FAILURE;
256 *context_handle = (gss_ctx_id_t)ctx;
258 if (initiator_cred_handle != GSS_C_NO_CREDENTIAL) {
259 ntlm_cred cred = (ntlm_cred)initiator_cred_handle;
260 ret = _gss_copy_cred(cred, &ctx->client);
262 ret = _gss_ntlm_get_user_cred(name, &ctx->client);
265 _gss_ntlm_delete_sec_context(minor_status, context_handle, NULL);
267 return GSS_S_FAILURE;
270 if (req_flags & GSS_C_CONF_FLAG)
271 flags |= NTLM_NEG_SEAL;
272 if (req_flags & GSS_C_INTEG_FLAG)
273 flags |= NTLM_NEG_SIGN;
275 flags |= NTLM_NEG_ALWAYS_SIGN;
277 flags |= NTLM_NEG_UNICODE;
278 flags |= NTLM_NEG_NTLM;
279 flags |= NTLM_NEG_NTLM2_SESSION;
280 flags |= NTLM_NEG_KEYEX;
282 memset(&type1, 0, sizeof(type1));
285 type1.domain = name->domain;
286 type1.hostname = NULL;
290 ret = heim_ntlm_encode_type1(&type1, &data);
292 _gss_ntlm_delete_sec_context(minor_status, context_handle, NULL);
294 return GSS_S_FAILURE;
297 output_token->value = data.data;
298 output_token->length = data.length;
300 return GSS_S_CONTINUE_NEEDED;
303 struct ntlm_type2 type2;
304 struct ntlm_type3 type3;
305 struct ntlm_buf data;
307 ctx = (ntlm_ctx)*context_handle;
309 data.data = input_token->value;
310 data.length = input_token->length;
312 ret = heim_ntlm_decode_type2(&data, &type2);
314 _gss_ntlm_delete_sec_context(minor_status, context_handle, NULL);
316 return GSS_S_FAILURE;
319 ctx->flags = type2.flags;
321 /* XXX check that type2.targetinfo matches `target_name´ */
322 /* XXX check verify targetinfo buffer */
324 memset(&type3, 0, sizeof(type3));
326 type3.username = ctx->client->username;
327 type3.flags = type2.flags;
328 type3.targetname = type2.targetname;
329 type3.ws = rk_UNCONST("workstation");
332 * NTLM Version 1 if no targetinfo buffer.
335 if (1 || type2.targetinfo.length == 0) {
336 struct ntlm_buf sessionkey;
338 if (type2.flags & NTLM_NEG_NTLM2_SESSION) {
339 unsigned char nonce[8];
341 if (RAND_bytes(nonce, sizeof(nonce)) != 1) {
342 _gss_ntlm_delete_sec_context(minor_status,
343 context_handle, NULL);
344 *minor_status = EINVAL;
345 return GSS_S_FAILURE;
348 ret = heim_ntlm_calculate_ntlm2_sess(nonce,
350 ctx->client->key.data,
354 ret = heim_ntlm_calculate_ntlm1(ctx->client->key.data,
355 ctx->client->key.length,
361 _gss_ntlm_delete_sec_context(minor_status,context_handle,NULL);
363 return GSS_S_FAILURE;
366 ret = heim_ntlm_build_ntlm1_master(ctx->client->key.data,
367 ctx->client->key.length,
374 free(type3.ntlm.data);
375 _gss_ntlm_delete_sec_context(minor_status,context_handle,NULL);
377 return GSS_S_FAILURE;
380 ret = krb5_data_copy(&ctx->sessionkey,
381 sessionkey.data, sessionkey.length);
382 free(sessionkey.data);
387 free(type3.ntlm.data);
388 _gss_ntlm_delete_sec_context(minor_status,context_handle,NULL);
390 return GSS_S_FAILURE;
392 ctx->status |= STATUS_SESSIONKEY;
395 struct ntlm_buf sessionkey;
396 unsigned char ntlmv2[16];
397 struct ntlm_targetinfo ti;
399 /* verify infotarget */
401 ret = heim_ntlm_decode_targetinfo(&type2.targetinfo, 1, &ti);
403 _gss_ntlm_delete_sec_context(minor_status,
404 context_handle, NULL);
406 return GSS_S_FAILURE;
409 if (ti.domainname && strcmp(ti.domainname, name->domain) != 0) {
410 _gss_ntlm_delete_sec_context(minor_status,
411 context_handle, NULL);
412 *minor_status = EINVAL;
413 return GSS_S_FAILURE;
416 ret = heim_ntlm_calculate_ntlm2(ctx->client->key.data,
417 ctx->client->key.length,
418 ctx->client->username,
425 _gss_ntlm_delete_sec_context(minor_status,
426 context_handle, NULL);
428 return GSS_S_FAILURE;
431 ret = heim_ntlm_build_ntlm1_master(ntlmv2, sizeof(ntlmv2),
434 memset(ntlmv2, 0, sizeof(ntlmv2));
436 _gss_ntlm_delete_sec_context(minor_status,
437 context_handle, NULL);
439 return GSS_S_FAILURE;
442 ctx->flags |= NTLM_NEG_NTLM2_SESSION;
444 ret = krb5_data_copy(&ctx->sessionkey,
445 sessionkey.data, sessionkey.length);
446 free(sessionkey.data);
448 _gss_ntlm_delete_sec_context(minor_status,
449 context_handle, NULL);
451 return GSS_S_FAILURE;
455 if (ctx->flags & NTLM_NEG_NTLM2_SESSION) {
456 ctx->status |= STATUS_SESSIONKEY;
457 _gss_ntlm_set_key(&ctx->u.v2.send, 0, (ctx->flags & NTLM_NEG_KEYEX),
458 ctx->sessionkey.data,
459 ctx->sessionkey.length);
460 _gss_ntlm_set_key(&ctx->u.v2.recv, 1, (ctx->flags & NTLM_NEG_KEYEX),
461 ctx->sessionkey.data,
462 ctx->sessionkey.length);
464 ctx->status |= STATUS_SESSIONKEY;
465 RC4_set_key(&ctx->u.v1.crypto_recv.key,
466 ctx->sessionkey.length,
467 ctx->sessionkey.data);
468 RC4_set_key(&ctx->u.v1.crypto_send.key,
469 ctx->sessionkey.length,
470 ctx->sessionkey.data);
475 ret = heim_ntlm_encode_type3(&type3, &data);
476 free(type3.sessionkey.data);
480 free(type3.ntlm.data);
482 _gss_ntlm_delete_sec_context(minor_status, context_handle, NULL);
484 return GSS_S_FAILURE;
487 output_token->length = data.length;
488 output_token->value = data.data;
490 if (actual_mech_type)
491 *actual_mech_type = GSS_NTLM_MECHANISM;
495 *time_rec = GSS_C_INDEFINITE;
497 ctx->status |= STATUS_OPEN;
499 return GSS_S_COMPLETE;