| /* |
| * ntlm proxy support for OpenVPN |
| * |
| * Copyright (C) 2004 William Preston |
| * |
| * *NTLMv2 support and domain name parsing by Miroslav Zajic, Nextsoft s.r.o.* |
| * |
| * This program is free software; you can redistribute it and/or modify |
| * it under the terms of the GNU General Public License as published by |
| * the Free Software Foundation; either version 2 of the License, or |
| * (at your option) any later version. |
| * |
| * This program is distributed in the hope that it will be useful, |
| * but WITHOUT ANY WARRANTY; without even the implied warranty of |
| * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
| * GNU General Public License for more details. |
| * |
| * You should have received a copy of the GNU General Public License along |
| * with this program; if not, write to the Free Software Foundation, Inc., |
| * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. |
| */ |
| |
| #ifdef HAVE_CONFIG_H |
| #include "config.h" |
| #elif defined(_MSC_VER) |
| #include "config-msvc.h" |
| #endif |
| |
| #include "syshead.h" |
| |
| #if NTLM |
| |
| #include "common.h" |
| #include "buffer.h" |
| #include "misc.h" |
| #include "socket.h" |
| #include "fdmisc.h" |
| #include "proxy.h" |
| #include "ntlm.h" |
| #include "base64.h" |
| #include "crypto.h" |
| |
| #include "memdbg.h" |
| |
| |
| /* 64bit datatype macros */ |
| #ifdef _MSC_VER |
| /* MS compilers */ |
| #define UINTEGER64 __int64 |
| #define UINT64(c) c ## Ui64 |
| #else |
| /* Non MS compilers */ |
| #define UINTEGER64 unsigned long long |
| #define UINT64(c) c ## LL |
| #endif |
| |
| |
| |
| static void |
| create_des_keys(const unsigned char *hash, unsigned char *key) |
| { |
| key[0] = hash[0]; |
| key[1] = ((hash[0] & 1) << 7) | (hash[1] >> 1); |
| key[2] = ((hash[1] & 3) << 6) | (hash[2] >> 2); |
| key[3] = ((hash[2] & 7) << 5) | (hash[3] >> 3); |
| key[4] = ((hash[3] & 15) << 4) | (hash[4] >> 4); |
| key[5] = ((hash[4] & 31) << 3) | (hash[5] >> 5); |
| key[6] = ((hash[5] & 63) << 2) | (hash[6] >> 6); |
| key[7] = ((hash[6] & 127) << 1); |
| key_des_fixup(key, 8, 1); |
| } |
| |
| static void |
| gen_md4_hash(const uint8_t *data, int data_len, uint8_t *result) |
| { |
| /* result is 16 byte md4 hash */ |
| const md_kt_t *md4_kt = md_kt_get("MD4"); |
| uint8_t md[MD4_DIGEST_LENGTH]; |
| |
| md_full(md4_kt, data, data_len, md); |
| memcpy(result, md, MD4_DIGEST_LENGTH); |
| } |
| |
| static void |
| gen_hmac_md5(const uint8_t *data, int data_len, const uint8_t *key, int key_len, |
| uint8_t *result) |
| { |
| const md_kt_t *md5_kt = md_kt_get("MD5"); |
| hmac_ctx_t *hmac_ctx = hmac_ctx_new(); |
| |
| hmac_ctx_init(hmac_ctx, key, key_len, md5_kt); |
| hmac_ctx_update(hmac_ctx, data, data_len); |
| hmac_ctx_final(hmac_ctx, result); |
| hmac_ctx_cleanup(hmac_ctx); |
| hmac_ctx_free(hmac_ctx); |
| } |
| |
| static void |
| gen_timestamp(uint8_t *timestamp) |
| { |
| /* Copies 8 bytes long timestamp into "timestamp" buffer. |
| * Timestamp is Little-endian, 64-bit signed value representing the |
| * number of tenths of a microsecond since January 1, 1601. |
| */ |
| |
| UINTEGER64 timestamp_ull; |
| |
| timestamp_ull = openvpn_time(NULL); |
| timestamp_ull = (timestamp_ull + UINT64(11644473600)) * UINT64(10000000); |
| |
| /* store little endian value */ |
| timestamp[0] = timestamp_ull & UINT64(0xFF); |
| timestamp[1] = (timestamp_ull >> 8) & UINT64(0xFF); |
| timestamp[2] = (timestamp_ull >> 16) & UINT64(0xFF); |
| timestamp[3] = (timestamp_ull >> 24) & UINT64(0xFF); |
| timestamp[4] = (timestamp_ull >> 32) & UINT64(0xFF); |
| timestamp[5] = (timestamp_ull >> 40) & UINT64(0xFF); |
| timestamp[6] = (timestamp_ull >> 48) & UINT64(0xFF); |
| timestamp[7] = (timestamp_ull >> 56) & UINT64(0xFF); |
| } |
| |
| static void |
| gen_nonce(unsigned char *nonce) |
| { |
| /* Generates 8 random bytes to be used as client nonce */ |
| int i; |
| |
| for (i = 0; i<8; i++) |
| { |
| nonce[i] = (unsigned char)get_random(); |
| } |
| } |
| |
| static void |
| my_strupr(char *str) |
| { |
| /* converts string to uppercase in place */ |
| |
| while (*str) |
| { |
| *str = toupper(*str); |
| str++; |
| } |
| } |
| |
| static int |
| unicodize(char *dst, const char *src) |
| { |
| /* not really unicode... */ |
| int i = 0; |
| do |
| { |
| dst[i++] = *src; |
| dst[i++] = 0; |
| } while (*src++); |
| |
| return i; |
| } |
| |
| static void |
| add_security_buffer(int sb_offset, void *data, int length, |
| unsigned char *msg_buf, int *msg_bufpos) |
| { |
| /* Adds security buffer data to a message and sets security buffer's |
| * offset and length */ |
| msg_buf[sb_offset] = (unsigned char)length; |
| msg_buf[sb_offset + 2] = msg_buf[sb_offset]; |
| msg_buf[sb_offset + 4] = (unsigned char)(*msg_bufpos & 0xff); |
| msg_buf[sb_offset + 5] = (unsigned char)((*msg_bufpos >> 8) & 0xff); |
| memcpy(&msg_buf[*msg_bufpos], data, msg_buf[sb_offset]); |
| *msg_bufpos += length; |
| } |
| |
| const char * |
| ntlm_phase_1(const struct http_proxy_info *p, struct gc_arena *gc) |
| { |
| struct buffer out = alloc_buf_gc(96, gc); |
| /* try a minimal NTLM handshake |
| * |
| * http://davenport.sourceforge.net/ntlm.html |
| * |
| * This message contains only the NTLMSSP signature, |
| * the NTLM message type, |
| * and the minimal set of flags (Negotiate NTLM and Negotiate OEM). |
| * |
| */ |
| buf_printf(&out, "%s", "TlRMTVNTUAABAAAAAgIAAA=="); |
| return (BSTR(&out)); |
| } |
| |
| const char * |
| ntlm_phase_3(const struct http_proxy_info *p, const char *phase_2, |
| struct gc_arena *gc) |
| { |
| /* NTLM handshake |
| * |
| * http://davenport.sourceforge.net/ntlm.html |
| * |
| */ |
| |
| char pwbuf[sizeof(p->up.password) * 2]; /* for unicode password */ |
| uint8_t buf2[128]; /* decoded reply from proxy */ |
| uint8_t phase3[464]; |
| |
| uint8_t md4_hash[MD4_DIGEST_LENGTH + 5]; |
| uint8_t challenge[8], ntlm_response[24]; |
| int i, ret_val; |
| |
| uint8_t ntlmv2_response[144]; |
| char userdomain_u[256]; /* for uppercase unicode username and domain */ |
| char userdomain[128]; /* the same as previous but ascii */ |
| uint8_t ntlmv2_hash[MD5_DIGEST_LENGTH]; |
| uint8_t ntlmv2_hmacmd5[16]; |
| uint8_t *ntlmv2_blob = ntlmv2_response + 16; /* inside ntlmv2_response, length: 128 */ |
| int ntlmv2_blob_size = 0; |
| int phase3_bufpos = 0x40; /* offset to next security buffer data to be added */ |
| size_t len; |
| |
| char domain[128]; |
| char username[128]; |
| char *separator; |
| |
| bool ntlmv2_enabled = (p->auth_method == HTTP_AUTH_NTLM2); |
| |
| CLEAR(buf2); |
| |
| ASSERT(strlen(p->up.username) > 0); |
| ASSERT(strlen(p->up.password) > 0); |
| |
| /* username parsing */ |
| separator = strchr(p->up.username, '\\'); |
| if (separator == NULL) |
| { |
| strncpy(username, p->up.username, sizeof(username)-1); |
| username[sizeof(username)-1] = 0; |
| domain[0] = 0; |
| } |
| else |
| { |
| strncpy(username, separator+1, sizeof(username)-1); |
| username[sizeof(username)-1] = 0; |
| len = separator - p->up.username; |
| if (len > sizeof(domain) - 1) |
| { |
| len = sizeof(domain) - 1; |
| } |
| strncpy(domain, p->up.username, len); |
| domain[len] = 0; |
| } |
| |
| |
| /* fill 1st 16 bytes with md4 hash, disregard terminating null */ |
| int unicode_len = unicodize(pwbuf, p->up.password) - 2; |
| gen_md4_hash((uint8_t *)pwbuf, unicode_len, md4_hash); |
| |
| /* pad to 21 bytes */ |
| memset(md4_hash + MD4_DIGEST_LENGTH, 0, 5); |
| |
| ret_val = openvpn_base64_decode(phase_2, buf2, -1); |
| if (ret_val < 0) |
| { |
| return NULL; |
| } |
| |
| /* we can be sure that phase_2 is less than 128 |
| * therefore buf2 needs to be (3/4 * 128) */ |
| |
| /* extract the challenge from bytes 24-31 */ |
| for (i = 0; i<8; i++) |
| { |
| challenge[i] = buf2[i+24]; |
| } |
| |
| if (ntlmv2_enabled) /* Generate NTLMv2 response */ |
| { |
| int tib_len; |
| |
| /* NTLMv2 hash */ |
| strcpy(userdomain, username); |
| my_strupr(userdomain); |
| if (strlen(username) + strlen(domain) < sizeof(userdomain)) |
| { |
| strcat(userdomain, domain); |
| } |
| else |
| { |
| msg(M_INFO, "Warning: Username or domain too long"); |
| } |
| unicodize(userdomain_u, userdomain); |
| gen_hmac_md5((uint8_t *)userdomain_u, 2 * strlen(userdomain), md4_hash, |
| MD5_DIGEST_LENGTH, ntlmv2_hash); |
| |
| /* NTLMv2 Blob */ |
| memset(ntlmv2_blob, 0, 128); /* Clear blob buffer */ |
| ntlmv2_blob[0x00] = 1; /* Signature */ |
| ntlmv2_blob[0x01] = 1; /* Signature */ |
| ntlmv2_blob[0x04] = 0; /* Reserved */ |
| gen_timestamp(&ntlmv2_blob[0x08]); /* 64-bit Timestamp */ |
| gen_nonce(&ntlmv2_blob[0x10]); /* 64-bit Client Nonce */ |
| ntlmv2_blob[0x18] = 0; /* Unknown, zero should work */ |
| |
| /* Add target information block to the blob */ |
| |
| /* Check for Target Information block */ |
| /* The NTLM spec instructs to interpret these 4 consecutive bytes as a |
| * 32bit long integer. However, no endianness is specified. |
| * The code here and that found in other NTLM implementations point |
| * towards the assumption that the byte order on the wire has to |
| * match the order on the sending and receiving hosts. Probably NTLM has |
| * been thought to be always running on x86_64/i386 machine thus |
| * implying Little-Endian everywhere. |
| * |
| * This said, in case of future changes, we should keep in mind that the |
| * byte order on the wire for the NTLM header is LE. |
| */ |
| const size_t hoff = 0x14; |
| unsigned long flags = buf2[hoff] | (buf2[hoff + 1] << 8) | |
| (buf2[hoff + 2] << 16) | (buf2[hoff + 3] << 24); |
| if ((flags & 0x00800000) == 0x00800000) |
| { |
| tib_len = buf2[0x28]; /* Get Target Information block size */ |
| if (tib_len > 96) |
| { |
| tib_len = 96; |
| } |
| |
| { |
| uint8_t *tib_ptr; |
| uint8_t tib_pos = buf2[0x2c]; |
| if (tib_pos + tib_len > sizeof(buf2)) |
| { |
| return NULL; |
| } |
| /* Get Target Information block pointer */ |
| tib_ptr = buf2 + tib_pos; |
| /* Copy Target Information block into the blob */ |
| memcpy(&ntlmv2_blob[0x1c], tib_ptr, tib_len); |
| } |
| } |
| else |
| { |
| tib_len = 0; |
| } |
| |
| /* Unknown, zero works */ |
| ntlmv2_blob[0x1c + tib_len] = 0; |
| |
| /* Get blob length */ |
| ntlmv2_blob_size = 0x20 + tib_len; |
| |
| /* Add challenge from message 2 */ |
| memcpy(&ntlmv2_response[8], challenge, 8); |
| |
| /* hmac-md5 */ |
| gen_hmac_md5(&ntlmv2_response[8], ntlmv2_blob_size + 8, ntlmv2_hash, |
| MD5_DIGEST_LENGTH, ntlmv2_hmacmd5); |
| |
| /* Add hmac-md5 result to the blob. |
| * Note: This overwrites challenge previously written at |
| * ntlmv2_response[8..15] */ |
| memcpy(ntlmv2_response, ntlmv2_hmacmd5, MD5_DIGEST_LENGTH); |
| } |
| else /* Generate NTLM response */ |
| { |
| unsigned char key1[DES_KEY_LENGTH], key2[DES_KEY_LENGTH]; |
| unsigned char key3[DES_KEY_LENGTH]; |
| |
| create_des_keys(md4_hash, key1); |
| cipher_des_encrypt_ecb(key1, challenge, ntlm_response); |
| |
| create_des_keys(&md4_hash[DES_KEY_LENGTH - 1], key2); |
| cipher_des_encrypt_ecb(key2, challenge, &ntlm_response[DES_KEY_LENGTH]); |
| |
| create_des_keys(&md4_hash[2 * (DES_KEY_LENGTH - 1)], key3); |
| cipher_des_encrypt_ecb(key3, challenge, |
| &ntlm_response[DES_KEY_LENGTH * 2]); |
| } |
| |
| |
| memset(phase3, 0, sizeof(phase3)); /* clear reply */ |
| |
| strcpy((char *)phase3, "NTLMSSP\0"); /* signature */ |
| phase3[8] = 3; /* type 3 */ |
| |
| if (ntlmv2_enabled) /* NTLMv2 response */ |
| { |
| add_security_buffer(0x14, ntlmv2_response, ntlmv2_blob_size + 16, |
| phase3, &phase3_bufpos); |
| } |
| else /* NTLM response */ |
| { |
| add_security_buffer(0x14, ntlm_response, 24, phase3, &phase3_bufpos); |
| } |
| |
| /* username in ascii */ |
| add_security_buffer(0x24, username, strlen(username), phase3, |
| &phase3_bufpos); |
| |
| /* Set domain. If <domain> is empty, default domain will be used |
| * (i.e. proxy's domain) */ |
| add_security_buffer(0x1c, domain, strlen(domain), phase3, &phase3_bufpos); |
| |
| /* other security buffers will be empty */ |
| phase3[0x10] = phase3_bufpos; /* lm not used */ |
| phase3[0x30] = phase3_bufpos; /* no workstation name supplied */ |
| phase3[0x38] = phase3_bufpos; /* no session key */ |
| |
| /* flags */ |
| phase3[0x3c] = 0x02; /* negotiate oem */ |
| phase3[0x3d] = 0x02; /* negotiate ntlm */ |
| |
| return ((const char *)make_base64_string2((unsigned char *)phase3, |
| phase3_bufpos, gc)); |
| } |
| |
| #else /* if NTLM */ |
| static void |
| dummy(void) |
| { |
| } |
| #endif /* if NTLM */ |