Mercurial > pidgin
annotate src/ntlm.c @ 12663:09a241749828
[gaim-migrate @ 15006]
If we don't get an oscar blist within 30 seconds then request.
I'm hoping this will fix the problem where you come back to your
computer after having been disconnected overnight and your buddy
list is empty.
committer: Tailor Script <tailor@pidgin.im>
author | Mark Doliner <mark@kingant.net> |
---|---|
date | Mon, 26 Dec 2005 08:08:03 +0000 |
parents | 4669e7461968 |
children | 31a3a9af1494 |
rev | line source |
---|---|
11375 | 1 /** |
2 * @file ntlm.c | |
3 * | |
4 * gaim | |
5 * | |
6 * Copyright (C) 2005 Thomas Butter <butter@uni-mannheim.de> | |
7 * | |
8 * hashing done according to description of NTLM on | |
9 * http://www.innovation.ch/java/ntlm.html | |
10 * | |
11 * This program is free software; you can redistribute it and/or modify | |
12 * it under the terms of the GNU General Public License as published by | |
13 * the Free Software Foundation; either version 2 of the License, or | |
14 * (at your option) any later version. | |
15 * | |
16 * This program is distributed in the hope that it will be useful, | |
17 * but WITHOUT ANY WARRANTY; without even the implied warranty of | |
18 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | |
19 * GNU General Public License for more details. | |
20 * | |
21 * You should have received a copy of the GNU General Public License | |
22 * along with this program; if not, write to the Free Software | |
23 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA | |
24 */ | |
25 | |
26 #include <glib.h> | |
27 #include <stdlib.h> | |
28 #include "util.h" | |
29 #include "ntlm.h" | |
30 #include "cipher.h" | |
31 #include <string.h> | |
32 | |
33 struct type1_message { | |
11829
4669e7461968
[gaim-migrate @ 14120]
Richard Laager <rlaager@wiktel.com>
parents:
11586
diff
changeset
|
34 guint8 protocol[8]; /* 'N', 'T', 'L', 'M', 'S', 'S', 'P', '\0' */ |
4669e7461968
[gaim-migrate @ 14120]
Richard Laager <rlaager@wiktel.com>
parents:
11586
diff
changeset
|
35 guint8 type; /* 0x01 */ |
4669e7461968
[gaim-migrate @ 14120]
Richard Laager <rlaager@wiktel.com>
parents:
11586
diff
changeset
|
36 guint8 zero1[3]; |
11375 | 37 short flags; /* 0xb203 */ |
11829
4669e7461968
[gaim-migrate @ 14120]
Richard Laager <rlaager@wiktel.com>
parents:
11586
diff
changeset
|
38 guint8 zero2[2]; |
11375 | 39 |
11829
4669e7461968
[gaim-migrate @ 14120]
Richard Laager <rlaager@wiktel.com>
parents:
11586
diff
changeset
|
40 short dom_len1; /* domain string length */ |
4669e7461968
[gaim-migrate @ 14120]
Richard Laager <rlaager@wiktel.com>
parents:
11586
diff
changeset
|
41 short dom_len2; /* domain string length */ |
11375 | 42 short dom_off; /* domain string offset */ |
11829
4669e7461968
[gaim-migrate @ 14120]
Richard Laager <rlaager@wiktel.com>
parents:
11586
diff
changeset
|
43 guint8 zero3[2]; |
11375 | 44 |
11829
4669e7461968
[gaim-migrate @ 14120]
Richard Laager <rlaager@wiktel.com>
parents:
11586
diff
changeset
|
45 short host_len1; /* host string length */ |
4669e7461968
[gaim-migrate @ 14120]
Richard Laager <rlaager@wiktel.com>
parents:
11586
diff
changeset
|
46 short host_len2; /* host string length */ |
11375 | 47 short host_off; /* host string offset (always 0x20) */ |
11829
4669e7461968
[gaim-migrate @ 14120]
Richard Laager <rlaager@wiktel.com>
parents:
11586
diff
changeset
|
48 guint8 zero4[2]; |
11375 | 49 |
11829
4669e7461968
[gaim-migrate @ 14120]
Richard Laager <rlaager@wiktel.com>
parents:
11586
diff
changeset
|
50 #if 0 |
4669e7461968
[gaim-migrate @ 14120]
Richard Laager <rlaager@wiktel.com>
parents:
11586
diff
changeset
|
51 guint8 host[*]; /* host string (ASCII) */ |
4669e7461968
[gaim-migrate @ 14120]
Richard Laager <rlaager@wiktel.com>
parents:
11586
diff
changeset
|
52 guint8 dom[*]; /* domain string (ASCII) */ |
4669e7461968
[gaim-migrate @ 14120]
Richard Laager <rlaager@wiktel.com>
parents:
11586
diff
changeset
|
53 #endif |
11375 | 54 }; |
55 | |
56 struct type2_message { | |
11829
4669e7461968
[gaim-migrate @ 14120]
Richard Laager <rlaager@wiktel.com>
parents:
11586
diff
changeset
|
57 guint8 protocol[8]; /* 'N', 'T', 'L', 'M', 'S', 'S', 'P', '\0'*/ |
4669e7461968
[gaim-migrate @ 14120]
Richard Laager <rlaager@wiktel.com>
parents:
11586
diff
changeset
|
58 guint8 type; /* 0x02 */ |
4669e7461968
[gaim-migrate @ 14120]
Richard Laager <rlaager@wiktel.com>
parents:
11586
diff
changeset
|
59 guint8 zero1[7]; |
11375 | 60 short msg_len; /* 0x28 */ |
11829
4669e7461968
[gaim-migrate @ 14120]
Richard Laager <rlaager@wiktel.com>
parents:
11586
diff
changeset
|
61 guint8 zero2[2]; |
11375 | 62 short flags; /* 0x8201 */ |
11829
4669e7461968
[gaim-migrate @ 14120]
Richard Laager <rlaager@wiktel.com>
parents:
11586
diff
changeset
|
63 guint8 zero3[2]; |
11375 | 64 |
11829
4669e7461968
[gaim-migrate @ 14120]
Richard Laager <rlaager@wiktel.com>
parents:
11586
diff
changeset
|
65 guint8 nonce[8]; /* nonce */ |
4669e7461968
[gaim-migrate @ 14120]
Richard Laager <rlaager@wiktel.com>
parents:
11586
diff
changeset
|
66 guint8 zero[8]; |
11375 | 67 }; |
68 | |
69 struct type3_message { | |
11829
4669e7461968
[gaim-migrate @ 14120]
Richard Laager <rlaager@wiktel.com>
parents:
11586
diff
changeset
|
70 guint8 protocol[8]; /* 'N', 'T', 'L', 'M', 'S', 'S', 'P', '\0'*/ |
4669e7461968
[gaim-migrate @ 14120]
Richard Laager <rlaager@wiktel.com>
parents:
11586
diff
changeset
|
71 guint8 type; /* 0x03 */ |
4669e7461968
[gaim-migrate @ 14120]
Richard Laager <rlaager@wiktel.com>
parents:
11586
diff
changeset
|
72 guint8 zero1[3]; |
11375 | 73 |
11829
4669e7461968
[gaim-migrate @ 14120]
Richard Laager <rlaager@wiktel.com>
parents:
11586
diff
changeset
|
74 short lm_resp_len1; /* LanManager response length (always 0x18)*/ |
4669e7461968
[gaim-migrate @ 14120]
Richard Laager <rlaager@wiktel.com>
parents:
11586
diff
changeset
|
75 short lm_resp_len2; /* LanManager response length (always 0x18)*/ |
11375 | 76 short lm_resp_off; /* LanManager response offset */ |
11829
4669e7461968
[gaim-migrate @ 14120]
Richard Laager <rlaager@wiktel.com>
parents:
11586
diff
changeset
|
77 guint8 zero2[2]; |
11375 | 78 |
11829
4669e7461968
[gaim-migrate @ 14120]
Richard Laager <rlaager@wiktel.com>
parents:
11586
diff
changeset
|
79 short nt_resp_len1; /* NT response length (always 0x18) */ |
4669e7461968
[gaim-migrate @ 14120]
Richard Laager <rlaager@wiktel.com>
parents:
11586
diff
changeset
|
80 short nt_resp_len2; /* NT response length (always 0x18) */ |
11375 | 81 short nt_resp_off; /* NT response offset */ |
11829
4669e7461968
[gaim-migrate @ 14120]
Richard Laager <rlaager@wiktel.com>
parents:
11586
diff
changeset
|
82 guint8 zero3[2]; |
11375 | 83 |
11829
4669e7461968
[gaim-migrate @ 14120]
Richard Laager <rlaager@wiktel.com>
parents:
11586
diff
changeset
|
84 short dom_len1; /* domain string length */ |
4669e7461968
[gaim-migrate @ 14120]
Richard Laager <rlaager@wiktel.com>
parents:
11586
diff
changeset
|
85 short dom_len2; /* domain string length */ |
11375 | 86 short dom_off; /* domain string offset (always 0x40) */ |
11829
4669e7461968
[gaim-migrate @ 14120]
Richard Laager <rlaager@wiktel.com>
parents:
11586
diff
changeset
|
87 guint8 zero4[2]; |
11375 | 88 |
11829
4669e7461968
[gaim-migrate @ 14120]
Richard Laager <rlaager@wiktel.com>
parents:
11586
diff
changeset
|
89 short user_len1; /* username string length */ |
4669e7461968
[gaim-migrate @ 14120]
Richard Laager <rlaager@wiktel.com>
parents:
11586
diff
changeset
|
90 short user_len2; /* username string length */ |
11375 | 91 short user_off; /* username string offset */ |
11829
4669e7461968
[gaim-migrate @ 14120]
Richard Laager <rlaager@wiktel.com>
parents:
11586
diff
changeset
|
92 guint8 zero5[2]; |
11375 | 93 |
11829
4669e7461968
[gaim-migrate @ 14120]
Richard Laager <rlaager@wiktel.com>
parents:
11586
diff
changeset
|
94 short host_len1; /* host string length */ |
4669e7461968
[gaim-migrate @ 14120]
Richard Laager <rlaager@wiktel.com>
parents:
11586
diff
changeset
|
95 short host_len2; /* host string length */ |
11375 | 96 short host_off; /* host string offset */ |
11829
4669e7461968
[gaim-migrate @ 14120]
Richard Laager <rlaager@wiktel.com>
parents:
11586
diff
changeset
|
97 guint8 zero6[6]; |
11375 | 98 |
99 short msg_len; /* message length */ | |
11829
4669e7461968
[gaim-migrate @ 14120]
Richard Laager <rlaager@wiktel.com>
parents:
11586
diff
changeset
|
100 guint8 zero7[2]; |
11375 | 101 |
102 short flags; /* 0x8201 */ | |
11829
4669e7461968
[gaim-migrate @ 14120]
Richard Laager <rlaager@wiktel.com>
parents:
11586
diff
changeset
|
103 guint8 zero8[2]; |
11375 | 104 |
11829
4669e7461968
[gaim-migrate @ 14120]
Richard Laager <rlaager@wiktel.com>
parents:
11586
diff
changeset
|
105 #if 0 |
4669e7461968
[gaim-migrate @ 14120]
Richard Laager <rlaager@wiktel.com>
parents:
11586
diff
changeset
|
106 guint8 dom[*]; /* domain string (unicode UTF-16LE) */ |
4669e7461968
[gaim-migrate @ 14120]
Richard Laager <rlaager@wiktel.com>
parents:
11586
diff
changeset
|
107 guint8 user[*]; /* username string (unicode UTF-16LE) */ |
4669e7461968
[gaim-migrate @ 14120]
Richard Laager <rlaager@wiktel.com>
parents:
11586
diff
changeset
|
108 guint8 host[*]; /* host string (unicode UTF-16LE) */ |
4669e7461968
[gaim-migrate @ 14120]
Richard Laager <rlaager@wiktel.com>
parents:
11586
diff
changeset
|
109 guint8 lm_resp[*]; /* LanManager response */ |
4669e7461968
[gaim-migrate @ 14120]
Richard Laager <rlaager@wiktel.com>
parents:
11586
diff
changeset
|
110 guint8 nt_resp[*]; /* NT response */ |
4669e7461968
[gaim-migrate @ 14120]
Richard Laager <rlaager@wiktel.com>
parents:
11586
diff
changeset
|
111 #endif |
11375 | 112 }; |
113 | |
114 gchar *gaim_ntlm_gen_type1(gchar *hostname, gchar *domain) { | |
115 char *msg = g_malloc0(sizeof(struct type1_message) + strlen(hostname) + strlen(domain)); | |
116 struct type1_message *tmsg = (struct type1_message*)msg; | |
117 tmsg->protocol[0] = 'N'; | |
118 tmsg->protocol[1] = 'T'; | |
119 tmsg->protocol[2] = 'L'; | |
120 tmsg->protocol[3] = 'M'; | |
121 tmsg->protocol[4] = 'S'; | |
122 tmsg->protocol[5] = 'S'; | |
123 tmsg->protocol[6] = 'P'; | |
124 tmsg->protocol[7] = '\0'; | |
125 tmsg->type= 0x01; | |
126 tmsg->flags = 0xb202; | |
127 tmsg->dom_len1 = tmsg->dom_len2 = strlen(domain); | |
128 tmsg->dom_off = 32+strlen(hostname); | |
129 tmsg->host_len1 = tmsg->host_len2 = strlen(hostname); | |
130 tmsg->host_off= 32; | |
131 memcpy(msg+sizeof(struct type1_message),hostname,strlen(hostname)); | |
132 memcpy(msg+sizeof(struct type1_message)+strlen(hostname),domain,strlen(domain)); | |
133 | |
11427 | 134 return gaim_base64_encode((guchar*)msg, sizeof(struct type1_message) + strlen(hostname) + strlen(domain)); |
11375 | 135 } |
136 | |
137 gchar *gaim_ntlm_parse_type2(gchar *type2) { | |
11586 | 138 gsize retlen; |
11375 | 139 static gchar nonce[8]; |
11427 | 140 struct type2_message *tmsg = (struct type2_message*)gaim_base64_decode((char*)type2, &retlen); |
11375 | 141 memcpy(nonce, tmsg->nonce, 8); |
142 g_free(tmsg); | |
143 return nonce; | |
144 } | |
145 | |
146 static void setup_des_key(unsigned char key_56[], char *key) | |
147 { | |
148 key[0] = key_56[0]; | |
149 key[1] = ((key_56[0] << 7) & 0xFF) | (key_56[1] >> 1); | |
150 key[2] = ((key_56[1] << 6) & 0xFF) | (key_56[2] >> 2); | |
151 key[3] = ((key_56[2] << 5) & 0xFF) | (key_56[3] >> 3); | |
152 key[4] = ((key_56[3] << 4) & 0xFF) | (key_56[4] >> 4); | |
153 key[5] = ((key_56[4] << 3) & 0xFF) | (key_56[5] >> 5); | |
154 key[6] = ((key_56[5] << 2) & 0xFF) | (key_56[6] >> 6); | |
155 key[7] = (key_56[6] << 1) & 0xFF; | |
156 } | |
157 | |
158 /* | |
159 * helper function for gaim cipher.c | |
160 */ | |
161 static void des_ecb_encrypt(char *plaintext, char *result, char *key) { | |
162 GaimCipher *cipher; | |
163 GaimCipherContext *context; | |
11586 | 164 gsize outlen; |
11375 | 165 |
166 cipher = gaim_ciphers_find_cipher("des"); | |
167 context = gaim_cipher_context_new(cipher, NULL); | |
11427 | 168 gaim_cipher_context_set_key(context, (guchar*)key); |
169 gaim_cipher_context_encrypt(context, (guchar*)plaintext, 8, (guchar*)result, &outlen); | |
11375 | 170 gaim_cipher_context_destroy(context); |
171 } | |
172 | |
173 /* | |
174 * takes a 21 byte array and treats it as 3 56-bit DES keys. The | |
175 * 8 byte plaintext is encrypted with each key and the resulting 24 | |
176 * bytes are stored in the results array. | |
177 */ | |
178 static void calc_resp(unsigned char *keys, unsigned char *plaintext, unsigned char *results) | |
179 { | |
11427 | 180 guchar key[8]; |
181 setup_des_key(keys, (char*)key); | |
182 des_ecb_encrypt((char*)plaintext, (char*)results, (char*)key); | |
11375 | 183 |
11427 | 184 setup_des_key(keys+7, (char*)key); |
185 des_ecb_encrypt((char*)plaintext, (char*)(results+8), (char*)key); | |
11375 | 186 |
11427 | 187 setup_des_key(keys+14, (char*)key); |
188 des_ecb_encrypt((char*)plaintext, (char*)(results+16), (char*)key); | |
11375 | 189 } |
190 | |
191 gchar *gaim_ntlm_gen_type3(gchar *username, gchar *passw, gchar *hostname, gchar *domain, gchar *nonce) { | |
192 char lm_pw[14]; | |
193 unsigned char lm_hpw[21]; | |
194 gchar key[8]; | |
195 struct type3_message *tmsg = g_malloc0(sizeof(struct type3_message)+ | |
196 strlen(domain) + strlen(username) + strlen(hostname) + 24 +24); | |
197 int len = strlen(passw); | |
198 unsigned char lm_resp[24], nt_resp[24]; | |
199 unsigned char magic[] = { 0x4B, 0x47, 0x53, 0x21, 0x40, 0x23, 0x24, 0x25 }; | |
200 unsigned char nt_hpw[21]; | |
201 int lennt; | |
202 char nt_pw[128]; | |
203 GaimCipher *cipher; | |
204 GaimCipherContext *context; | |
205 char *tmp = 0; | |
206 int idx = 0; | |
207 | |
208 /* type3 message initialization */ | |
209 tmsg->protocol[0] = 'N'; | |
210 tmsg->protocol[1] = 'T'; | |
211 tmsg->protocol[2] = 'L'; | |
212 tmsg->protocol[3] = 'M'; | |
213 tmsg->protocol[4] = 'S'; | |
214 tmsg->protocol[5] = 'S'; | |
215 tmsg->protocol[6] = 'P'; | |
216 tmsg->type = 0x03; | |
217 tmsg->lm_resp_len1 = tmsg->lm_resp_len2 = 0x18; | |
218 tmsg->lm_resp_off = sizeof(struct type3_message) + strlen(domain) + strlen(username) + strlen(hostname); | |
219 tmsg->nt_resp_len1 = tmsg->nt_resp_len2 = 0x18; | |
220 tmsg->nt_resp_off = sizeof(struct type3_message) + strlen(domain) + strlen(username) + strlen(hostname) + 0x18; | |
221 | |
222 tmsg->dom_len1 = tmsg->dom_len2 = strlen(domain); | |
223 tmsg->dom_off = 0x40; | |
224 | |
225 tmsg->user_len1 = tmsg->user_len2 = strlen(username); | |
226 tmsg->user_off = sizeof(struct type3_message) + strlen(domain); | |
227 | |
228 tmsg->host_len1 = tmsg->host_len2 = strlen(hostname); | |
229 tmsg->host_off = sizeof(struct type3_message) + strlen(domain) + strlen(username); | |
230 | |
231 tmsg->msg_len = sizeof(struct type3_message) + strlen(domain) + strlen(username) + strlen(hostname) + 0x18 + 0x18; | |
232 tmsg->flags = 0x8200; | |
233 | |
234 tmp = ((char*) tmsg) + sizeof(struct type3_message); | |
235 strcpy(tmp, domain); | |
236 tmp += strlen(domain); | |
237 strcpy(tmp, username); | |
238 tmp += strlen(username); | |
239 strcpy(tmp, hostname); | |
240 tmp += strlen(hostname); | |
241 | |
242 if (len > 14) len = 14; | |
243 | |
244 for (idx=0; idx<len; idx++) | |
245 lm_pw[idx] = g_ascii_toupper(passw[idx]); | |
246 for (; idx<14; idx++) | |
247 lm_pw[idx] = 0; | |
248 | |
11427 | 249 setup_des_key((unsigned char*)lm_pw, (char*)key); |
250 des_ecb_encrypt((char*)magic, (char*)lm_hpw, (char*)key); | |
11375 | 251 |
11427 | 252 setup_des_key((unsigned char*)(lm_pw+7), (char*)key); |
253 des_ecb_encrypt((char*)magic, (char*)lm_hpw+8, (char*)key); | |
11375 | 254 |
255 memset(lm_hpw+16, 0, 5); | |
256 | |
257 | |
258 lennt = strlen(passw); | |
259 for (idx=0; idx<lennt; idx++) | |
260 { | |
261 nt_pw[2*idx] = passw[idx]; | |
262 nt_pw[2*idx+1] = 0; | |
263 } | |
264 | |
265 cipher = gaim_ciphers_find_cipher("md4"); | |
266 context = gaim_cipher_context_new(cipher, NULL); | |
11427 | 267 gaim_cipher_context_append(context, (guchar*)nt_pw, 2*lennt); |
268 gaim_cipher_context_digest(context, 21, (guchar*)nt_hpw, NULL); | |
11375 | 269 gaim_cipher_context_destroy(context); |
270 | |
271 memset(nt_hpw+16, 0, 5); | |
272 | |
273 | |
11427 | 274 calc_resp(lm_hpw, (guchar*)nonce, lm_resp); |
275 calc_resp(nt_hpw, (guchar*)nonce, nt_resp); | |
11375 | 276 memcpy(tmp, lm_resp, 0x18); |
277 memcpy(tmp+0x18, nt_resp, 0x18); | |
278 tmp = gaim_base64_encode((guchar*) tmsg, tmsg->msg_len); | |
279 g_free(tmsg); | |
280 return tmp; | |
281 } |