📄 http-ntlm.c
字号:
/* NTLM code. Copyright (C) 2005, 2006, 2007, 2008 Free Software Foundation, Inc. Contributed by Daniel Stenberg.This file is part of GNU Wget.GNU Wget is free software; you can redistribute it and/or modifyit under the terms of the GNU General Public License as published bythe Free Software Foundation; either version 3 of the License, or (at your option) any later version.GNU Wget is distributed in the hope that it will be useful,but WITHOUT ANY WARRANTY; without even the implied warranty ofMERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See theGNU General Public License for more details.You should have received a copy of the GNU General Public Licensealong with Wget. If not, see <http://www.gnu.org/licenses/>.Additional permission under GNU GPL version 3 section 7If you modify this program, or any covered work, by linking orcombining it with the OpenSSL project's OpenSSL library (or amodified version of that library), containing parts covered by theterms of the OpenSSL or SSLeay licenses, the Free Software Foundationgrants you additional permission to convey the resulting work.Corresponding Source for a non-source form of such a combinationshall include the source code for the parts of OpenSSL used as wellas that of the covered work. */#include <config.h>/* NTLM details: http://davenport.sourceforge.net/ntlm.html http://www.innovation.ch/java/ntlm.html*/#include <stdio.h>#include <string.h>#include <stdlib.h>#include <openssl/des.h>#include <openssl/md4.h>#include <openssl/opensslv.h>#include "wget.h"#include "utils.h"#include "http-ntlm.h"#if OPENSSL_VERSION_NUMBER < 0x00907001L#define DES_key_schedule des_key_schedule#define DES_cblock des_cblock#define DES_set_odd_parity des_set_odd_parity#define DES_set_key des_set_key#define DES_ecb_encrypt des_ecb_encrypt/* This is how things were done in the old days */#define DESKEY(x) x#define DESKEYARG(x) x#else/* Modern version */#define DESKEYARG(x) *x#define DESKEY(x) &x#endif/* Define this to make the type-3 message include the NT response message */#define USE_NTRESPONSES 1
/* Flag bits definitions available at on http://davenport.sourceforge.net/ntlm.html */#define NTLMFLAG_NEGOTIATE_UNICODE (1<<0)#define NTLMFLAG_NEGOTIATE_OEM (1<<1)#define NTLMFLAG_REQUEST_TARGET (1<<2)/* unknown (1<<3) */#define NTLMFLAG_NEGOTIATE_SIGN (1<<4)#define NTLMFLAG_NEGOTIATE_SEAL (1<<5)#define NTLMFLAG_NEGOTIATE_DATAGRAM_STYLE (1<<6)#define NTLMFLAG_NEGOTIATE_LM_KEY (1<<7)#define NTLMFLAG_NEGOTIATE_NETWARE (1<<8)#define NTLMFLAG_NEGOTIATE_NTLM_KEY (1<<9)/* unknown (1<<10) *//* unknown (1<<11) */#define NTLMFLAG_NEGOTIATE_DOMAIN_SUPPLIED (1<<12)#define NTLMFLAG_NEGOTIATE_WORKSTATION_SUPPLIED (1<<13)#define NTLMFLAG_NEGOTIATE_LOCAL_CALL (1<<14)#define NTLMFLAG_NEGOTIATE_ALWAYS_SIGN (1<<15)#define NTLMFLAG_TARGET_TYPE_DOMAIN (1<<16)#define NTLMFLAG_TARGET_TYPE_SERVER (1<<17)#define NTLMFLAG_TARGET_TYPE_SHARE (1<<18)#define NTLMFLAG_NEGOTIATE_NTLM2_KEY (1<<19)#define NTLMFLAG_REQUEST_INIT_RESPONSE (1<<20)#define NTLMFLAG_REQUEST_ACCEPT_RESPONSE (1<<21)#define NTLMFLAG_REQUEST_NONNT_SESSION_KEY (1<<22)#define NTLMFLAG_NEGOTIATE_TARGET_INFO (1<<23)/* unknown (1<24) *//* unknown (1<25) *//* unknown (1<26) *//* unknown (1<27) *//* unknown (1<28) */#define NTLMFLAG_NEGOTIATE_128 (1<<29)#define NTLMFLAG_NEGOTIATE_KEY_EXCHANGE (1<<30)#define NTLMFLAG_NEGOTIATE_56 (1<<31)
/* (*) = A "security buffer" is a triplet consisting of two shorts and one long: 1. a 'short' containing the length of the buffer in bytes 2. a 'short' containing the allocated space for the buffer in bytes 3. a 'long' containing the offset to the start of the buffer from the beginning of the NTLM message, in bytes.*//* return true on success, false otherwise */boolntlm_input (struct ntlmdata *ntlm, const char *header){ if (0 != strncmp (header, "NTLM", 4)) return false; header += 4; while (*header && ISSPACE(*header)) header++; if (*header) { /* We got a type-2 message here: Index Description Content 0 NTLMSSP Signature Null-terminated ASCII "NTLMSSP" (0x4e544c4d53535000) 8 NTLM Message Type long (0x02000000) 12 Target Name security buffer(*) 20 Flags long 24 Challenge 8 bytes (32) Context (optional) 8 bytes (two consecutive longs) (40) Target Information (optional) security buffer(*) 32 (48) start of data block */ int size; char *buffer = (char *) alloca (strlen (header)); DEBUGP (("Received a type-2 NTLM message.\n")); size = base64_decode (header, buffer); if (size < 0) return false; /* malformed base64 from server */ ntlm->state = NTLMSTATE_TYPE2; /* we got a type-2 */ if (size >= 48) /* the nonce of interest is index [24 .. 31], 8 bytes */ memcpy (ntlm->nonce, &buffer[24], 8); /* at index decimal 20, there's a 32bit NTLM flag field */ } else { if (ntlm->state >= NTLMSTATE_TYPE1) { DEBUGP (("Unexpected empty NTLM message.\n")); return false; /* this is an error */ } DEBUGP (("Empty NTLM message, starting transaction.\n")); ntlm->state = NTLMSTATE_TYPE1; /* we should sent away a type-1 */ } return true;}/* * Turns a 56 bit key into the 64 bit, odd parity key and sets the key. The * key schedule ks is also set. */static voidsetup_des_key(unsigned char *key_56, DES_key_schedule DESKEYARG(ks)){ DES_cblock key; key[0] = key_56[0]; key[1] = ((key_56[0] << 7) & 0xFF) | (key_56[1] >> 1); key[2] = ((key_56[1] << 6) & 0xFF) | (key_56[2] >> 2); key[3] = ((key_56[2] << 5) & 0xFF) | (key_56[3] >> 3); key[4] = ((key_56[3] << 4) & 0xFF) | (key_56[4] >> 4); key[5] = ((key_56[4] << 3) & 0xFF) | (key_56[5] >> 5); key[6] = ((key_56[5] << 2) & 0xFF) | (key_56[6] >> 6); key[7] = (key_56[6] << 1) & 0xFF; DES_set_odd_parity(&key); DES_set_key(&key, ks);} /* * takes a 21 byte array and treats it as 3 56-bit DES keys. The * 8 byte plaintext is encrypted with each key and the resulting 24 * bytes are stored in the results array. */static voidcalc_resp(unsigned char *keys, unsigned char *plaintext, unsigned char *results){ DES_key_schedule ks; setup_des_key(keys, DESKEY(ks)); DES_ecb_encrypt((DES_cblock*) plaintext, (DES_cblock*) results, DESKEY(ks), DES_ENCRYPT); setup_des_key(keys+7, DESKEY(ks)); DES_ecb_encrypt((DES_cblock*) plaintext, (DES_cblock*) (results+8), DESKEY(ks), DES_ENCRYPT); setup_des_key(keys+14, DESKEY(ks)); DES_ecb_encrypt((DES_cblock*) plaintext, (DES_cblock*) (results+16), DESKEY(ks), DES_ENCRYPT);}/* * Set up lanmanager and nt hashed passwords */static voidmkhash(const char *password, unsigned char *nonce, /* 8 bytes */ unsigned char *lmresp /* must fit 0x18 bytes */#ifdef USE_NTRESPONSES , unsigned char *ntresp /* must fit 0x18 bytes */#endif ){ unsigned char lmbuffer[21];#ifdef USE_NTRESPONSES unsigned char ntbuffer[21];#endif unsigned char *pw; static const unsigned char magic[] = { 0x4B, 0x47, 0x53, 0x21, 0x40, 0x23, 0x24, 0x25 }; int i; int len = strlen(password); /* make it fit at least 14 bytes */ pw = (unsigned char *) alloca (len < 7 ? 14 : len * 2); if (len > 14) len = 14; for (i=0; i<len; i++) pw[i] = TOUPPER (password[i]); for (; i<14; i++) pw[i] = 0; { /* create LanManager hashed password */ DES_key_schedule ks; setup_des_key(pw, DESKEY(ks)); DES_ecb_encrypt((DES_cblock *)magic, (DES_cblock *)lmbuffer, DESKEY(ks), DES_ENCRYPT); setup_des_key(pw+7, DESKEY(ks)); DES_ecb_encrypt((DES_cblock *)magic, (DES_cblock *)(lmbuffer+8), DESKEY(ks), DES_ENCRYPT); memset(lmbuffer+16, 0, 5); } /* create LM responses */ calc_resp(lmbuffer, nonce, lmresp);#ifdef USE_NTRESPONSES { /* create NT hashed password */ MD4_CTX MD4; len = strlen(password); for (i=0; i<len; i++) { pw[2*i] = password[i]; pw[2*i+1] = 0; } MD4_Init(&MD4); MD4_Update(&MD4, pw, 2*len); MD4_Final(ntbuffer, &MD4);⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -