Mercurial > pidgin.yaz

diff libpurple/ntlm.c @ 15374:5fe8042783c1

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Rename gtk/ and libgaim/ to pidgin/ and libpurple/
author Sean Egan <seanegan@gmail.com>
date Sat, 20 Jan 2007 02:32:10 +0000
parents
children 32c366eeeb99
line wrap: on
line diff
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/libpurple/ntlm.c	Sat Jan 20 02:32:10 2007 +0000
@@ -0,0 +1,360 @@
+/**
+ * @file ntlm.c
+ *
+ * gaim
+ *
+ * Copyright (C) 2005 Thomas Butter <butter@uni-mannheim.de>
+ *
+ * hashing done according to description of NTLM on
+ * http://www.innovation.ch/java/ntlm.html
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+ */
+
+#include <glib.h>
+#include <stdlib.h>
+#include "util.h"
+#include "ntlm.h"
+#include "cipher.h"
+#include <string.h>
+
+#define NTLM_NEGOTIATE_NTLM2_KEY 0x00080000
+
+struct type1_message {
+	guint8  protocol[8];     /* 'N', 'T', 'L', 'M', 'S', 'S', 'P', '\0' */
+	guint32 type;            /* 0x00000001 */
+	guint32 flags;           /* 0x0000b203 */
+
+	short   dom_len1;        /* domain string length */
+	short   dom_len2;        /* domain string length */
+	guint32 dom_off;         /* domain string offset */
+
+	short   host_len1;       /* host string length */
+	short   host_len2;       /* host string length */
+	guint32 host_off;        /* host string offset (always 0x00000020) */
+
+#if 0
+	guint8  host[*];         /* host string (ASCII) */
+	guint8  dom[*];          /* domain string (ASCII) */
+#endif
+};
+
+struct type2_message {
+	guint8  protocol[8];     /* 'N', 'T', 'L', 'M', 'S', 'S', 'P', '\0'*/
+	guint32 type;            /* 0x00000002 */
+
+	short   msg_len1;        /* target name length */
+	short   msg_len2;        /* target name length */
+	guint32 msg_off;         /* target name offset (always 0x00000048) */
+
+	guint32 flags;           /* 0x00008201 */
+
+	guint8  nonce[8];        /* nonce */
+	guint8 context[8];
+};
+
+struct type3_message {
+	guint8  protocol[8];     /* 'N', 'T', 'L', 'M', 'S', 'S', 'P', '\0'*/
+	guint32 type;            /* 0x00000003 */
+
+	short   lm_resp_len1;    /* LanManager response length (always 0x18)*/
+	short   lm_resp_len2;    /* LanManager response length (always 0x18)*/
+	guint32 lm_resp_off;     /* LanManager response offset */
+
+	short   nt_resp_len1;    /* NT response length (always 0x18) */
+	short   nt_resp_len2;    /* NT response length (always 0x18) */
+	guint32 nt_resp_off;     /* NT response offset */
+
+	short   dom_len1;        /* domain string length */
+	short   dom_len2;        /* domain string length */
+	guint32 dom_off;         /* domain string offset (always 0x00000040) */
+
+	short   user_len1;       /* username string length */
+	short   user_len2;       /* username string length */
+	guint32 user_off;        /* username string offset */
+
+	short   host_len1;       /* host string length */
+	short   host_len2;       /* host string length */
+	guint32 host_off;        /* host string offset */
+
+	short   sess_len1;
+	short	sess_len2;
+	guint32 sess_off;         /* message length */
+
+	guint32 flags;            /* 0x00008201 */
+	/* guint32 flags2; */     /* unknown, used in windows messenger */
+	/* guint32  flags3; */
+
+#if 0
+	guint8  dom[*];          /* domain string (unicode UTF-16LE) */
+	guint8  user[*];         /* username string (unicode UTF-16LE) */
+	guint8  host[*];         /* host string (unicode UTF-16LE) */
+	guint8  lm_resp[*];      /* LanManager response */
+	guint8  nt_resp[*];      /* NT response */
+#endif
+};
+
+/* TODO: Will this work on both little-endian and big-endian machines? */
+gchar *
+gaim_ntlm_gen_type1(const gchar *hostname, const gchar *domain)
+{
+	int hostnamelen;
+	int domainlen;
+	unsigned char *msg;
+	struct type1_message *tmsg;
+	gchar *tmp;
+
+	hostnamelen = strlen(hostname);
+	domainlen = strlen(domain);
+	msg = g_malloc0(sizeof(struct type1_message) + hostnamelen + domainlen);
+	tmsg = (struct type1_message*)msg;
+	tmsg->protocol[0] = 'N';
+	tmsg->protocol[1] = 'T';
+	tmsg->protocol[2] = 'L';
+	tmsg->protocol[3] = 'M';
+	tmsg->protocol[4] = 'S';
+	tmsg->protocol[5] = 'S';
+	tmsg->protocol[6] = 'P';
+	tmsg->protocol[7] = '\0';
+	tmsg->type      = 0x00000001;
+	tmsg->flags     = 0x0000b202;
+	tmsg->dom_len1  = tmsg->dom_len2 = domainlen;
+	tmsg->dom_off   = sizeof(struct type1_message) + hostnamelen;
+	tmsg->host_len1 = tmsg->host_len2 = hostnamelen;
+	tmsg->host_off  = sizeof(struct type1_message);
+	memcpy(msg + tmsg->host_off, hostname, hostnamelen);
+	memcpy(msg + tmsg->dom_off, domain, domainlen);
+
+	tmp = gaim_base64_encode(msg, sizeof(struct type1_message) + hostnamelen + domainlen);
+	g_free(msg);
+
+	return tmp;
+}
+
+guint8 *
+gaim_ntlm_parse_type2(const gchar *type2, guint32 *flags)
+{
+	gsize retlen;
+	struct type2_message *tmsg;
+	static guint8 nonce[8];
+
+	tmsg = (struct type2_message*)gaim_base64_decode(type2, &retlen);
+	memcpy(nonce, tmsg->nonce, 8);
+	if (flags != NULL)
+		*flags = tmsg->flags;
+	g_free(tmsg);
+
+	return nonce;
+}
+
+/**
+ * Create a 64bit DES key by taking a 56bit key and adding
+ * a parity bit after every 7th bit.
+ */
+static void
+setup_des_key(const guint8 key_56[], guint8 *key)
+{
+	key[0] = key_56[0];
+	key[1] = ((key_56[0] << 7) & 0xFF) | (key_56[1] >> 1);
+	key[2] = ((key_56[1] << 6) & 0xFF) | (key_56[2] >> 2);
+	key[3] = ((key_56[2] << 5) & 0xFF) | (key_56[3] >> 3);
+	key[4] = ((key_56[3] << 4) & 0xFF) | (key_56[4] >> 4);
+	key[5] = ((key_56[4] << 3) & 0xFF) | (key_56[5] >> 5);
+	key[6] = ((key_56[5] << 2) & 0xFF) | (key_56[6] >> 6);
+	key[7] =  (key_56[6] << 1) & 0xFF;
+}
+
+/*
+ * helper function for gaim cipher.c
+ */
+static void
+des_ecb_encrypt(const guint8 *plaintext, guint8 *result, const guint8 *key)
+{
+	GaimCipher *cipher;
+	GaimCipherContext *context;
+	gsize outlen;
+
+	cipher = gaim_ciphers_find_cipher("des");
+	context = gaim_cipher_context_new(cipher, NULL);
+	gaim_cipher_context_set_key(context, key);
+	gaim_cipher_context_encrypt(context, plaintext, 8, result, &outlen);
+	gaim_cipher_context_destroy(context);
+}
+
+/*
+ * takes a 21 byte array and treats it as 3 56-bit DES keys. The
+ * 8 byte plaintext is encrypted with each key and the resulting 24
+ * bytes are stored in the results array.
+ */
+static void
+calc_resp(guint8 *keys, const guint8 *plaintext, unsigned char *results)
+{
+	guint8 key[8];
+	setup_des_key(keys, key);
+	des_ecb_encrypt(plaintext, results, key);
+
+	setup_des_key(keys + 7, key);
+	des_ecb_encrypt(plaintext, results + 8, key);
+
+	setup_des_key(keys + 14, key);
+	des_ecb_encrypt(plaintext, results + 16, key);
+}
+
+static void
+gensesskey(char *buffer, const char *oldkey)
+{
+	int i = 0;
+	if(oldkey == NULL) {
+		for(i=0; i<16; i++) {
+			buffer[i] = (char)(rand() & 0xff);
+		}
+	} else {
+		memcpy(buffer, oldkey, 16);
+	}
+}
+
+gchar *
+gaim_ntlm_gen_type3(const gchar *username, const gchar *passw, const gchar *hostname, const gchar *domain, const guint8 *nonce, guint32 *flags)
+{
+	char lm_pw[14];
+	unsigned char lm_hpw[21];
+	char sesskey[16];
+	guint8 key[8];
+	int domainlen;
+	int usernamelen;
+	int hostnamelen;
+	int msglen;
+	struct type3_message *tmsg;
+	int passwlen, lennt;
+	unsigned char lm_resp[24], nt_resp[24];
+	unsigned char magic[] = { 0x4B, 0x47, 0x53, 0x21, 0x40, 0x23, 0x24, 0x25 };
+	unsigned char nt_hpw[21];
+	char nt_pw[128];
+	GaimCipher *cipher;
+	GaimCipherContext *context;
+	char *tmp;
+	int idx;
+	gchar *ucs2le;
+
+	domainlen = strlen(domain) * 2;
+	usernamelen = strlen(username) * 2;
+	hostnamelen = strlen(hostname) * 2;
+	msglen = sizeof(struct type3_message) + domainlen +
+		usernamelen + hostnamelen + 0x18 + 0x18 + ((flags) ? 0x10 : 0);
+	tmsg = g_malloc0(msglen);
+	passwlen = strlen(passw);
+
+	/* type3 message initialization */
+	tmsg->protocol[0] = 'N';
+	tmsg->protocol[1] = 'T';
+	tmsg->protocol[2] = 'L';
+	tmsg->protocol[3] = 'M';
+	tmsg->protocol[4] = 'S';
+	tmsg->protocol[5] = 'S';
+	tmsg->protocol[6] = 'P';
+	tmsg->type = 0x00000003;
+	tmsg->lm_resp_len1 = tmsg->lm_resp_len2 = 0x18;
+	tmsg->lm_resp_off = sizeof(struct type3_message) + domainlen + usernamelen + hostnamelen;
+	tmsg->nt_resp_len1 = tmsg->nt_resp_len2 = 0x18;
+	tmsg->nt_resp_off = sizeof(struct type3_message) + domainlen + usernamelen + hostnamelen + 0x18;
+
+	tmsg->dom_len1 = tmsg->dom_len2 = domainlen;
+	tmsg->dom_off = sizeof(struct type3_message);
+
+	tmsg->user_len1 = tmsg->user_len2 = usernamelen;
+	tmsg->user_off = sizeof(struct type3_message) + domainlen;
+
+	tmsg->host_len1 = tmsg->host_len2 = hostnamelen;
+	tmsg->host_off = sizeof(struct type3_message) + domainlen + usernamelen;
+
+	if(flags) {
+		tmsg->sess_off = sizeof(struct type3_message) + domainlen + usernamelen + hostnamelen + 0x18 + 0x18;
+		tmsg->sess_len1 = tmsg->sess_len2 = 0x0010;
+	}
+
+	tmsg->flags = 0x00008200;
+
+	tmp = (char *)tmsg + sizeof(struct type3_message);
+
+	ucs2le = g_convert(domain, -1, "UCS-2LE", "UTF-8", NULL, NULL, NULL);
+	memcpy(tmp, ucs2le, domainlen);
+	g_free(ucs2le);
+	tmp += domainlen;
+
+	ucs2le = g_convert(username, -1, "UCS-2LE", "UTF-8", NULL, NULL, NULL);
+	memcpy(tmp, ucs2le, usernamelen);
+	g_free(ucs2le);
+	tmp += usernamelen;
+
+	ucs2le = g_convert(hostname, -1, "UCS-2LE", "UTF-8", NULL, NULL, NULL);
+	memcpy(tmp, ucs2le, hostnamelen);
+	g_free(ucs2le);
+	tmp += hostnamelen;
+
+	/* LM */
+	if (passwlen > 14)
+		passwlen = 14;
+
+	for (idx = 0; idx < passwlen; idx++)
+		lm_pw[idx] = g_ascii_toupper(passw[idx]);
+	for (; idx < 14; idx++)
+		lm_pw[idx] = 0;
+
+	setup_des_key((unsigned char*)lm_pw, key);
+	des_ecb_encrypt(magic, lm_hpw, key);
+
+	setup_des_key((unsigned char*)(lm_pw + 7), key);
+	des_ecb_encrypt(magic, lm_hpw + 8, key);
+
+	memset(lm_hpw + 16, 0, 5);
+	calc_resp(lm_hpw, nonce, lm_resp);
+	memcpy(tmp, lm_resp, 0x18);
+	tmp += 0x18;
+
+	/* NTLM */
+	/* Convert the password to UCS-2LE */
+	lennt = strlen(passw);
+	for (idx = 0; idx < lennt; idx++)
+	{
+		nt_pw[2 * idx]   = passw[idx];
+		nt_pw[2 * idx + 1] = 0;
+	}
+
+	cipher = gaim_ciphers_find_cipher("md4");
+	context = gaim_cipher_context_new(cipher, NULL);
+	gaim_cipher_context_append(context, (guint8 *)nt_pw, 2 * lennt);
+	gaim_cipher_context_digest(context, 21, nt_hpw, NULL);
+	gaim_cipher_context_destroy(context);
+
+	memset(nt_hpw + 16, 0, 5);
+	calc_resp(nt_hpw, nonce, nt_resp);
+	memcpy(tmp, nt_resp, 0x18);
+	tmp += 0x18;
+
+	/* LCS Stuff */
+	if (flags) {
+		tmsg->flags = 0x409082d4;
+		gensesskey(sesskey, NULL);
+		memcpy(tmp, sesskey, 0x10);
+	}
+
+	/*tmsg->flags2 = 0x0a280105;
+	tmsg->flags3 = 0x0f000000;*/
+
+	tmp = gaim_base64_encode((guchar *)tmsg, msglen);
+	g_free(tmsg);
+
+	return tmp;
+}