NTLMAuthentication.h
Go to the documentation of this file.
00001 /***************************************************************************** 00002 * Copyright (C) 2011 by Benjamin Hadorn (b_hadorn@bluewin.ch) 00003 ***************************************************************************** 00004 * Project : Zeus Base Library 00005 * Module : NTLMAuthentication 00006 * Package : Zeus.ZeusBase.Security 00007 * Author : Benjamin Hadorn 00008 * Date : 27.12.2011 00009 * System : Zeus-Framework 00010 ***************************************************************************** 00011 * Licence: * 00012 * This library is free software; you can redistribute it and/or modify * 00013 * it under the terms of the GNU Lesser General Public License as * 00014 * published by the Free Software Foundation; either version * 00015 * 2.1 of the License, or (at your option) any later version. * 00016 * * 00017 * This library is distributed in the hope that it will be useful, * 00018 * but WITHOUT ANY WARRANTY; without even the implied warranty of * 00019 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * 00020 * GNU Lesser General Public License for more details. * 00021 * * 00022 * You should have received a copy of the GNU Lesser General Public * 00023 * License along with this library; if not, write to the Free Software * 00024 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110, USA * 00025 *****************************************************************************/ 00026 00027 /***************************************************************************** 00028 * Changes: 00029 * 27.12.2011 bha: created zeus 2.0 00030 *****************************************************************************/ 00031 00032 #ifndef NTLMAuthenticationH 00033 #define NTLMAuthenticationH 00034 00035 #include <zeusbase/Security/DESCrypter.h> 00036 #include <zeusbase/System/ZObject.h> 00037 00038 /*****************************************************************************/ 00039 /* CODE INFORMATION: 00040 The main code of this class has been taken from the "NTLM authenticaion 00041 Library 0.3.10" published by Grant Edwards. 00042 It can be downloaded at: 00043 http://linux.wareseeker.com/download/ntlm-authentication-library-0.3.10.rar/330784 00044 00045 Other useful information about NTLM you might find here: 00046 http://davenport.sourceforge.net/ntlm.html 00047 http://www.innovation.ch/personal/ronald/ntlm.html 00048 http://msdn.microsoft.com/en-us/library/ms973911 00049 */ 00050 /*****************************************************************************/ 00051 00052 00053 /*****************************************************************************/ 00054 /* Must be multiple of two 00055 We use a statis buffer of 1024 bytes for message 00056 At maximun we but 48 bytes (ntlm responses) and 3 unicode strings so 00057 NTLM_BUFSIZE * 3 + 48 <= 1024 00058 */ 00059 /*****************************************************************************/ 00060 #define NTLM_BUFSIZE 320 00061 00062 BEGIN_NAMESPACE_Zeus 00063 00064 /*****************************************************************************/ 00068 /*****************************************************************************/ 00069 zeusbase_class TNTLMAuthentication 00070 { 00071 public: 00072 inline TNTLMAuthentication() {} 00073 00074 TString getRequestBase64() const; 00075 TString getRequestBase64(const TString& rComputerName, const TString& rDomainName) const; 00076 TString getResponseBase64(const TString& rUserName, const TString& rPassword, const TString& rChallengeMessage) const; 00077 00078 public: 00079 //######################################################################## 00080 // USE THE FOLLOWING METHODS TO DIRECTLY INTERACT WITH NTLM 00081 /*************************************************************************/ 00084 /*************************************************************************/ 00085 struct TypeSmbStrHeader 00086 { 00087 Uint16 len; 00088 Uint16 maxlen; 00089 Uint32 offset; 00090 }; 00091 00092 /*************************************************************************/ 00095 /*************************************************************************/ 00096 struct TypeSmbNtlmAuthRequest 00097 { 00098 char ident[8]; 00099 Uint32 msgType; 00100 Uint32 flags; 00101 TypeSmbStrHeader user; 00102 TypeSmbStrHeader domain; 00103 Uint8 buffer[1024]; 00104 Uint32 bufIndex; 00105 }; 00106 00107 /*************************************************************************/ 00110 /*************************************************************************/ 00111 struct TypeSmbNtlmAuthChallenge 00112 { 00113 char ident[8]; 00114 Uint32 msgType; 00115 TypeSmbStrHeader uDomain; 00116 Uint32 flags; 00117 Uint8 challengeData[8]; 00118 Uint8 reserved[8]; 00119 TypeSmbStrHeader emptyString; 00120 Uint8 buffer[1024]; 00121 Uint32 bufIndex; 00122 }; 00123 00124 00125 /*************************************************************************/ 00128 /*************************************************************************/ 00129 struct TypeSmbNtlmAuthResponse 00130 { 00131 char ident[8]; 00132 Uint32 msgType; 00133 TypeSmbStrHeader lmResponse; 00134 TypeSmbStrHeader ntResponse; 00135 TypeSmbStrHeader uDomain; 00136 TypeSmbStrHeader uUser; 00137 TypeSmbStrHeader uWks; 00138 TypeSmbStrHeader sessionKey; 00139 Uint32 flags; 00140 Uint8 buffer[1024]; 00141 Uint32 bufIndex; 00142 }; 00143 00144 static void buildSmbNtlmAuthRequest(TypeSmbNtlmAuthRequest* request, 00145 const char* computerName, 00146 const char* domain); 00147 00148 static void buildSmbNtlmAuthRequestNoAtSplit(TypeSmbNtlmAuthRequest* request, 00149 const char* computerName, 00150 const char* domain); 00151 00152 static void buildSmbNtlmAuthResponse(const TypeSmbNtlmAuthChallenge* challenge, 00153 TypeSmbNtlmAuthResponse* response, 00154 const char* user, 00155 const char* password); 00156 00157 static void buildSmbNtlmAuthResponseNoAtSplit(const TypeSmbNtlmAuthChallenge* challenge, 00158 TypeSmbNtlmAuthResponse* response, 00159 const char* user, 00160 const char* password); 00161 00162 protected: 00163 00164 private: 00165 static void buildSmbNtlmAuthRequestInternal(TypeSmbNtlmAuthRequest* request, 00166 const char* computerName, 00167 size_t computerName_len, 00168 const char* domain); 00169 00170 static void buildSmbNtlmAuthResponseInternal(const TypeSmbNtlmAuthChallenge* challenge, 00171 TypeSmbNtlmAuthResponse * response, 00172 const char* user, 00173 size_t user_len, 00174 const char* domain, 00175 const char* password); 00176 00177 static unsigned char* strToUnicode(const char* p, 00178 size_t l, 00179 unsigned char* buf); 00180 static char* unicodeToString(const char* p, 00181 size_t len, 00182 char* buf); 00183 static char* getUnicodeString (Uint32 offset, 00184 Uint32 len, 00185 char* structPtr, 00186 size_t buf_start, 00187 size_t buf_len, 00188 char* output); 00189 00190 static void encryptSMB_LM(const char* passwd, 00191 const Uint8* challenge, 00192 Uint8* answer); 00193 static void encryptSMB_NT(const char* passwd, 00194 const Uint8* challenge, 00195 Uint8* answer); 00196 static void encryptAnswer(char* hash, 00197 const char* challenge, 00198 char* answer); 00199 static void convertKey(char* key_56, 00200 TDESCrypter::TypeDES_CTX& rKs); 00201 00202 }; 00203 00204 /*****************************************************************************/ 00207 /*****************************************************************************/ 00208 /*static*/ inline unsigned char* TNTLMAuthentication::strToUnicode(const char* p, 00209 size_t l, 00210 unsigned char* buf) 00211 { 00212 if (l > (NTLM_BUFSIZE / 2)) 00213 { 00214 l = (NTLM_BUFSIZE / 2); 00215 } 00216 00217 int i = 0; 00218 while (l--) 00219 { 00220 buf[i++] = *p++; 00221 buf[i++] = 0; 00222 } 00223 00224 return buf; 00225 } 00226 00227 /*****************************************************************************/ 00230 /*****************************************************************************/ 00231 /*static*/ inline char* TNTLMAuthentication::unicodeToString(const char* p, 00232 size_t len, 00233 char* buf) 00234 { 00235 size_t i; 00236 00237 if (len >= NTLM_BUFSIZE) 00238 { 00239 len = NTLM_BUFSIZE - 1; 00240 } 00241 00242 for (i = 0; i < len; ++i) 00243 { 00244 buf[i] = (char)(*p & 0x7f); 00245 p += 2; 00246 } 00247 00248 buf[i] = '\0'; 00249 return buf; 00250 } 00251 00252 /*****************************************************************************/ 00255 /*****************************************************************************/ 00256 /*static*/ inline char* TNTLMAuthentication::getUnicodeString(Uint32 offset, 00257 Uint32 len, 00258 char* structPtr, 00259 size_t buf_start, 00260 size_t buf_len, 00261 char* output) 00262 { 00263 /* prevent buffer reading overflow */ 00264 if (offset < buf_start || 00265 offset > buf_len + buf_start || 00266 offset + len > buf_len + buf_start) 00267 { 00268 len = 0; 00269 } 00270 return unicodeToString(structPtr + offset, len / 2, output); 00271 } 00272 00273 00274 END_NAMESPACE_Zeus 00275 00276 #endif