X-Git-Url: http://sjero.net/git/?p=wget;a=blobdiff_plain;f=src%2Fhttp-ntlm.c;h=d9b688450618b796ef6c0b8d5469b1fdd5922a24;hp=5e45c0dba0ce0d2ebb61aa4bc57ee94f98f38072;hb=38a7829dcb4eb5dba28dbf0f05c6a80fea9217f8;hpb=5d4ff69084c1e4d8fc002bcae499e653a8fa7a8f
diff --git a/src/http-ntlm.c b/src/http-ntlm.c
index 5e45c0db..d9b68845 100644
--- a/src/http-ntlm.c
+++ b/src/http-ntlm.c
@@ -1,12 +1,13 @@
/* NTLM code.
- Copyright (C) 2005 Free Software Foundation, Inc.
+ Copyright (C) 2005, 2006, 2007, 2008, 2009, 2010, 2011 Free Software
+ Foundation, Inc.
Contributed by Daniel Stenberg.
This file is part of GNU Wget.
GNU Wget is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
-the Free Software Foundation; either version 2 of the License, or
+the Free Software Foundation; either version 3 of the License, or
(at your option) any later version.
GNU Wget is distributed in the hope that it will be useful,
@@ -15,23 +16,23 @@ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
-along with Wget; if not, write to the Free Software Foundation, Inc.,
-51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+along with Wget. If not, see .
-In addition, as a special exception, the Free Software Foundation
-gives permission to link the code of its release of Wget with the
-OpenSSL project's "OpenSSL" library (or with modified versions of it
-that use the same license as the "OpenSSL" library), and distribute
-the linked executables. You must obey the GNU General Public License
-in all respects for all of the code used other than "OpenSSL". If you
-modify this file, you may extend this exception to your version of the
-file, but you are not obligated to do so. If you do not wish to do
-so, delete this exception statement from your version. */
+Additional permission under GNU GPL version 3 section 7
-#include
+If you modify this program, or any covered work, by linking or
+combining it with the OpenSSL project's OpenSSL library (or a
+modified version of that library), containing parts covered by the
+terms of the OpenSSL or SSLeay licenses, the Free Software Foundation
+grants you additional permission to convey the resulting work.
+Corresponding Source for a non-source form of such a combination
+shall include the source code for the parts of OpenSSL used as well
+as that of the covered work. */
+
+#include "wget.h"
/* NTLM details:
-
+
http://davenport.sourceforge.net/ntlm.html
http://www.innovation.ch/java/ntlm.html
@@ -41,67 +42,44 @@ so, delete this exception statement from your version. */
#include
#include
-#include
-#include
-
-#include "wget.h"
#include "utils.h"
#include "http-ntlm.h"
-#if OPENSSL_VERSION_NUMBER < 0x00907001L
-#define DES_key_schedule des_key_schedule
-#define DES_cblock des_cblock
-#define DES_set_odd_parity des_set_odd_parity
-#define DES_set_key des_set_key
-#define DES_ecb_encrypt des_ecb_encrypt
+#ifdef HAVE_NETTLE
+# include
+# include
+#else
+# include
+# include
+# include
+
+# if OPENSSL_VERSION_NUMBER < 0x00907001L
+# define DES_key_schedule des_key_schedule
+# define DES_cblock des_cblock
+# define DES_set_odd_parity des_set_odd_parity
+# define DES_set_key des_set_key
+# define DES_ecb_encrypt des_ecb_encrypt
/* This is how things were done in the old days */
-#define DESKEY(x) x
-#define DESKEYARG(x) x
-#else
+# define DESKEY(x) x
+# define DESKEYARG(x) x
+# else
/* Modern version */
-#define DESKEYARG(x) *x
-#define DESKEY(x) &x
+# define DESKEYARG(x) *x
+# define DESKEY(x) &x
+# endif
+
#endif
/* Define this to make the type-3 message include the NT response message */
#define USE_NTRESPONSES 1
+
/* Flag bits definitions available at on
http://davenport.sourceforge.net/ntlm.html */
-#define NTLMFLAG_NEGOTIATE_UNICODE (1<<0)
#define NTLMFLAG_NEGOTIATE_OEM (1<<1)
-#define NTLMFLAG_REQUEST_TARGET (1<<2)
-/* unknown (1<<3) */
-#define NTLMFLAG_NEGOTIATE_SIGN (1<<4)
-#define NTLMFLAG_NEGOTIATE_SEAL (1<<5)
-#define NTLMFLAG_NEGOTIATE_DATAGRAM_STYLE (1<<6)
-#define NTLMFLAG_NEGOTIATE_LM_KEY (1<<7)
-#define NTLMFLAG_NEGOTIATE_NETWARE (1<<8)
#define NTLMFLAG_NEGOTIATE_NTLM_KEY (1<<9)
-/* unknown (1<<10) */
-/* unknown (1<<11) */
-#define NTLMFLAG_NEGOTIATE_DOMAIN_SUPPLIED (1<<12)
-#define NTLMFLAG_NEGOTIATE_WORKSTATION_SUPPLIED (1<<13)
-#define NTLMFLAG_NEGOTIATE_LOCAL_CALL (1<<14)
-#define NTLMFLAG_NEGOTIATE_ALWAYS_SIGN (1<<15)
-#define NTLMFLAG_TARGET_TYPE_DOMAIN (1<<16)
-#define NTLMFLAG_TARGET_TYPE_SERVER (1<<17)
-#define NTLMFLAG_TARGET_TYPE_SHARE (1<<18)
-#define NTLMFLAG_NEGOTIATE_NTLM2_KEY (1<<19)
-#define NTLMFLAG_REQUEST_INIT_RESPONSE (1<<20)
-#define NTLMFLAG_REQUEST_ACCEPT_RESPONSE (1<<21)
-#define NTLMFLAG_REQUEST_NONNT_SESSION_KEY (1<<22)
-#define NTLMFLAG_NEGOTIATE_TARGET_INFO (1<<23)
-/* unknown (1<24) */
-/* unknown (1<25) */
-/* unknown (1<26) */
-/* unknown (1<27) */
-/* unknown (1<28) */
-#define NTLMFLAG_NEGOTIATE_128 (1<<29)
-#define NTLMFLAG_NEGOTIATE_KEY_EXCHANGE (1<<30)
-#define NTLMFLAG_NEGOTIATE_56 (1<<31)
/*
(*) = A "security buffer" is a triplet consisting of two shorts and one
@@ -121,7 +99,7 @@ ntlm_input (struct ntlmdata *ntlm, const char *header)
return false;
header += 4;
- while (*header && ISSPACE(*header))
+ while (*header && c_isspace(*header))
header++;
if (*header)
@@ -139,14 +117,14 @@ ntlm_input (struct ntlmdata *ntlm, const char *header)
(40) Target Information (optional) security buffer(*)
32 (48) start of data block
*/
- int size;
+ ssize_t size;
char *buffer = (char *) alloca (strlen (header));
DEBUGP (("Received a type-2 NTLM message.\n"));
size = base64_decode (header, buffer);
if (size < 0)
- return false; /* malformed base64 from server */
+ return false; /* malformed base64 from server */
ntlm->state = NTLMSTATE_TYPE2; /* we got a type-2 */
@@ -159,10 +137,10 @@ ntlm_input (struct ntlmdata *ntlm, const char *header)
else
{
if (ntlm->state >= NTLMSTATE_TYPE1)
- {
- DEBUGP (("Unexpected empty NTLM message.\n"));
- return false; /* this is an error */
- }
+ {
+ DEBUGP (("Unexpected empty NTLM message.\n"));
+ return false; /* this is an error */
+ }
DEBUGP (("Empty NTLM message, starting transaction.\n"));
ntlm->state = NTLMSTATE_TYPE1; /* we should sent away a type-1 */
@@ -175,9 +153,28 @@ ntlm_input (struct ntlmdata *ntlm, const char *header)
* Turns a 56 bit key into the 64 bit, odd parity key and sets the key. The
* key schedule ks is also set.
*/
+#ifdef HAVE_NETTLE
+static void
+setup_des_key(unsigned char *key_56,
+ struct des_ctx *des)
+{
+ unsigned char key[8];
+
+ key[0] = key_56[0];
+ key[1] = ((key_56[0] << 7) & 0xFF) | (key_56[1] >> 1);
+ key[2] = ((key_56[1] << 6) & 0xFF) | (key_56[2] >> 2);
+ key[3] = ((key_56[2] << 5) & 0xFF) | (key_56[3] >> 3);
+ key[4] = ((key_56[3] << 4) & 0xFF) | (key_56[4] >> 4);
+ key[5] = ((key_56[4] << 3) & 0xFF) | (key_56[5] >> 5);
+ key[6] = ((key_56[5] << 2) & 0xFF) | (key_56[6] >> 6);
+ key[7] = (key_56[6] << 1) & 0xFF;
+
+ nettle_des_set_key(des, key);
+}
+#else
static void
setup_des_key(unsigned char *key_56,
- DES_key_schedule DESKEYARG(ks))
+ DES_key_schedule DESKEYARG(ks))
{
DES_cblock key;
@@ -193,6 +190,7 @@ setup_des_key(unsigned char *key_56,
DES_set_odd_parity(&key);
DES_set_key(&key, ks);
}
+#endif
/*
* takes a 21 byte array and treats it as 3 56-bit DES keys. The
@@ -202,6 +200,18 @@ setup_des_key(unsigned char *key_56,
static void
calc_resp(unsigned char *keys, unsigned char *plaintext, unsigned char *results)
{
+#ifdef HAVE_NETTLE
+ struct des_ctx des;
+
+ setup_des_key(keys, &des);
+ nettle_des_encrypt(&des, 8, results, plaintext);
+
+ setup_des_key(keys + 7, &des);
+ nettle_des_encrypt(&des, 8, results + 8, plaintext);
+
+ setup_des_key(keys + 14, &des);
+ nettle_des_encrypt(&des, 8, results + 16, plaintext);
+#else
DES_key_schedule ks;
setup_des_key(keys, DESKEY(ks));
@@ -215,6 +225,7 @@ calc_resp(unsigned char *keys, unsigned char *plaintext, unsigned char *results)
setup_des_key(keys+14, DESKEY(ks));
DES_ecb_encrypt((DES_cblock*) plaintext, (DES_cblock*) (results+16),
DESKEY(ks), DES_ENCRYPT);
+#endif
}
/*
@@ -222,8 +233,8 @@ calc_resp(unsigned char *keys, unsigned char *plaintext, unsigned char *results)
*/
static void
mkhash(const char *password,
- unsigned char *nonce, /* 8 bytes */
- unsigned char *lmresp /* must fit 0x18 bytes */
+ unsigned char *nonce, /* 8 bytes */
+ unsigned char *lmresp /* must fit 0x18 bytes */
#ifdef USE_NTRESPONSES
, unsigned char *ntresp /* must fit 0x18 bytes */
#endif
@@ -237,32 +248,41 @@ mkhash(const char *password,
static const unsigned char magic[] = {
0x4B, 0x47, 0x53, 0x21, 0x40, 0x23, 0x24, 0x25
};
- int i;
- int len = strlen(password);
+ size_t i, len = strlen(password);
/* make it fit at least 14 bytes */
pw = (unsigned char *) alloca (len < 7 ? 14 : len * 2);
if (len > 14)
len = 14;
-
+
for (i=0; i> 8)
+#define SHORTPAIR(x) (char) ((x) & 0xff), (char) ((x) >> 8)
#define LONGQUARTET(x) ((x) & 0xff), (((x) >> 8)&0xff), \
(((x) >>16)&0xff), ((x)>>24)
/* this is for creating ntlm header output */
char *
ntlm_output (struct ntlmdata *ntlm, const char *user, const char *passwd,
- bool *ready)
+ bool *ready)
{
- const char *domain=""; /* empty */
- const char *host=""; /* empty */
- int domlen=strlen(domain);
- int hostlen = strlen(host);
- int hostoff; /* host name offset */
- int domoff; /* domain name offset */
- int size;
+ const char *domain = ""; /* empty */
+ const char *host = ""; /* empty */
+ size_t domlen = strlen(domain);
+ size_t hostlen = strlen(host);
+ size_t hostoff; /* host name offset */
+ size_t domoff; /* domain name offset */
+ size_t size;
char *base64;
char ntlmbuf[256]; /* enough, unless the host/domain is very long */
/* point to the address of the pointer that holds the string to sent to the
server, which is for a plain host or for a HTTP proxy */
- char *output;
+ char *output = NULL;
*ready = false;
@@ -323,15 +353,16 @@ ntlm_output (struct ntlmdata *ntlm, const char *user, const char *passwd,
if(!passwd)
passwd="";
-
+
switch(ntlm->state) {
case NTLMSTATE_TYPE1:
- default: /* for the weird cases we (re)start here */
+ case NTLMSTATE_NONE:
+ case NTLMSTATE_LAST:
hostoff = 32;
domoff = hostoff + hostlen;
DEBUGP (("Creating a type-1 NTLM message.\n"));
-
+
/* Create and send a type-1 message:
Index Description Content
@@ -346,35 +377,35 @@ ntlm_output (struct ntlmdata *ntlm, const char *user, const char *passwd,
*/
snprintf (ntlmbuf, sizeof(ntlmbuf), "NTLMSSP%c"
- "\x01%c%c%c" /* 32-bit type = 1 */
- "%c%c%c%c" /* 32-bit NTLM flag field */
- "%c%c" /* domain length */
- "%c%c" /* domain allocated space */
- "%c%c" /* domain name offset */
- "%c%c" /* 2 zeroes */
- "%c%c" /* host length */
- "%c%c" /* host allocated space */
- "%c%c" /* host name offset */
- "%c%c" /* 2 zeroes */
- "%s" /* host name */
- "%s", /* domain string */
- 0, /* trailing zero */
- 0,0,0, /* part of type-1 long */
-
- LONGQUARTET(
- NTLMFLAG_NEGOTIATE_OEM| /* 2 */
- NTLMFLAG_NEGOTIATE_NTLM_KEY /* 200 */
- /* equals 0x0202 */
- ),
- SHORTPAIR(domlen),
- SHORTPAIR(domlen),
- SHORTPAIR(domoff),
- 0,0,
- SHORTPAIR(hostlen),
- SHORTPAIR(hostlen),
- SHORTPAIR(hostoff),
- 0,0,
- host, domain);
+ "\x01%c%c%c" /* 32-bit type = 1 */
+ "%c%c%c%c" /* 32-bit NTLM flag field */
+ "%c%c" /* domain length */
+ "%c%c" /* domain allocated space */
+ "%c%c" /* domain name offset */
+ "%c%c" /* 2 zeroes */
+ "%c%c" /* host length */
+ "%c%c" /* host allocated space */
+ "%c%c" /* host name offset */
+ "%c%c" /* 2 zeroes */
+ "%s" /* host name */
+ "%s", /* domain string */
+ 0, /* trailing zero */
+ 0,0,0, /* part of type-1 long */
+
+ LONGQUARTET(
+ NTLMFLAG_NEGOTIATE_OEM| /* 2 */
+ NTLMFLAG_NEGOTIATE_NTLM_KEY /* 200 */
+ /* equals 0x0202 */
+ ),
+ SHORTPAIR(domlen),
+ SHORTPAIR(domlen),
+ SHORTPAIR(domoff),
+ 0,0,
+ SHORTPAIR(hostlen),
+ SHORTPAIR(hostlen),
+ SHORTPAIR(hostoff),
+ 0,0,
+ host, domain);
/* initial packet length */
size = 32 + hostlen + domlen;
@@ -384,7 +415,7 @@ ntlm_output (struct ntlmdata *ntlm, const char *user, const char *passwd,
output = concat_strings ("NTLM ", base64, (char *) 0);
break;
-
+
case NTLMSTATE_TYPE2:
/* We received the type-2 already, create a type-3 message:
@@ -402,17 +433,17 @@ ntlm_output (struct ntlmdata *ntlm, const char *user, const char *passwd,
52 (64) start of data block
*/
-
+
{
- int lmrespoff;
- int ntrespoff;
- int useroff;
+ size_t lmrespoff;
+ size_t ntrespoff;
+ size_t useroff;
unsigned char lmresp[0x18]; /* fixed-size */
#ifdef USE_NTRESPONSES
unsigned char ntresp[0x18]; /* fixed-size */
#endif
const char *usr;
- int userlen;
+ size_t userlen;
DEBUGP (("Creating a type-3 NTLM message.\n"));
@@ -422,7 +453,7 @@ ntlm_output (struct ntlmdata *ntlm, const char *user, const char *passwd,
if (usr) {
domain = user;
- domlen = usr - domain;
+ domlen = (size_t) (usr - domain);
usr++;
}
else
@@ -443,87 +474,92 @@ ntlm_output (struct ntlmdata *ntlm, const char *user, const char *passwd,
/* Create the big type-3 message binary blob */
- size = snprintf (ntlmbuf, sizeof(ntlmbuf),
- "NTLMSSP%c"
- "\x03%c%c%c" /* type-3, 32 bits */
-
- "%c%c%c%c" /* LanManager length + allocated space */
- "%c%c" /* LanManager offset */
- "%c%c" /* 2 zeroes */
-
- "%c%c" /* NT-response length */
- "%c%c" /* NT-response allocated space */
- "%c%c" /* NT-response offset */
- "%c%c" /* 2 zeroes */
-
- "%c%c" /* domain length */
- "%c%c" /* domain allocated space */
- "%c%c" /* domain name offset */
- "%c%c" /* 2 zeroes */
-
- "%c%c" /* user length */
- "%c%c" /* user allocated space */
- "%c%c" /* user offset */
- "%c%c" /* 2 zeroes */
-
- "%c%c" /* host length */
- "%c%c" /* host allocated space */
- "%c%c" /* host offset */
- "%c%c%c%c%c%c" /* 6 zeroes */
-
- "\xff\xff" /* message length */
- "%c%c" /* 2 zeroes */
-
- "\x01\x82" /* flags */
- "%c%c" /* 2 zeroes */
-
- /* domain string */
- /* user string */
- /* host string */
- /* LanManager response */
- /* NT response */
- ,
- 0, /* zero termination */
- 0,0,0, /* type-3 long, the 24 upper bits */
-
- SHORTPAIR(0x18), /* LanManager response length, twice */
- SHORTPAIR(0x18),
- SHORTPAIR(lmrespoff),
- 0x0, 0x0,
+ size = (size_t) snprintf (ntlmbuf, sizeof(ntlmbuf),
+ "NTLMSSP%c"
+ "\x03%c%c%c" /* type-3, 32 bits */
+
+ "%c%c%c%c" /* LanManager length + allocated space */
+ "%c%c" /* LanManager offset */
+ "%c%c" /* 2 zeroes */
+
+ "%c%c" /* NT-response length */
+ "%c%c" /* NT-response allocated space */
+ "%c%c" /* NT-response offset */
+ "%c%c" /* 2 zeroes */
+
+ "%c%c" /* domain length */
+ "%c%c" /* domain allocated space */
+ "%c%c" /* domain name offset */
+ "%c%c" /* 2 zeroes */
+
+ "%c%c" /* user length */
+ "%c%c" /* user allocated space */
+ "%c%c" /* user offset */
+ "%c%c" /* 2 zeroes */
+
+ "%c%c" /* host length */
+ "%c%c" /* host allocated space */
+ "%c%c" /* host offset */
+ "%c%c%c%c%c%c" /* 6 zeroes */
+
+ "\xff\xff" /* message length */
+ "%c%c" /* 2 zeroes */
+
+ "\x01\x82" /* flags */
+ "%c%c" /* 2 zeroes */
+
+ /* domain string */
+ /* user string */
+ /* host string */
+ /* LanManager response */
+ /* NT response */
+ ,
+ 0, /* zero termination */
+ 0,0,0, /* type-3 long, the 24 upper bits */
+
+ SHORTPAIR(0x18), /* LanManager response length, twice */
+ SHORTPAIR(0x18),
+ SHORTPAIR(lmrespoff),
+ 0x0, 0x0,
#ifdef USE_NTRESPONSES
- SHORTPAIR(0x18), /* NT-response length, twice */
- SHORTPAIR(0x18),
+ SHORTPAIR(0x18), /* NT-response length, twice */
+ SHORTPAIR(0x18),
#else
- 0x0, 0x0,
- 0x0, 0x0,
+ 0x0, 0x0,
+ 0x0, 0x0,
#endif
- SHORTPAIR(ntrespoff),
- 0x0, 0x0,
+ SHORTPAIR(ntrespoff),
+ 0x0, 0x0,
- SHORTPAIR(domlen),
- SHORTPAIR(domlen),
- SHORTPAIR(domoff),
- 0x0, 0x0,
+ SHORTPAIR(domlen),
+ SHORTPAIR(domlen),
+ SHORTPAIR(domoff),
+ 0x0, 0x0,
- SHORTPAIR(userlen),
- SHORTPAIR(userlen),
- SHORTPAIR(useroff),
- 0x0, 0x0,
+ SHORTPAIR(userlen),
+ SHORTPAIR(userlen),
+ SHORTPAIR(useroff),
+ 0x0, 0x0,
- SHORTPAIR(hostlen),
- SHORTPAIR(hostlen),
- SHORTPAIR(hostoff),
- 0x0, 0x0, 0x0, 0x0, 0x0, 0x0,
+ SHORTPAIR(hostlen),
+ SHORTPAIR(hostlen),
+ SHORTPAIR(hostoff),
+ 0x0, 0x0, 0x0, 0x0, 0x0, 0x0,
- 0x0, 0x0,
+ 0x0, 0x0,
- 0x0, 0x0);
+ 0x0, 0x0);
/* size is now 64 */
size=64;
ntlmbuf[62]=ntlmbuf[63]=0;
+ /* Make sure that the user and domain strings fit in the target buffer
+ before we copy them there. */
+ if((size + userlen + domlen) >= sizeof(ntlmbuf))
+ return NULL;
+
memcpy(&ntlmbuf[size], domain, domlen);
size += domlen;
@@ -531,20 +567,20 @@ ntlm_output (struct ntlmdata *ntlm, const char *user, const char *passwd,
size += userlen;
/* we append the binary hashes to the end of the blob */
- if(size < ((int)sizeof(ntlmbuf) - 0x18)) {
+ if(size < (sizeof(ntlmbuf) - 0x18)) {
memcpy(&ntlmbuf[size], lmresp, 0x18);
size += 0x18;
}
#ifdef USE_NTRESPONSES
- if(size < ((int)sizeof(ntlmbuf) - 0x18)) {
+ if(size < (sizeof(ntlmbuf) - 0x18)) {
memcpy(&ntlmbuf[size], ntresp, 0x18);
size += 0x18;
}
#endif
- ntlmbuf[56] = size & 0xff;
- ntlmbuf[57] = size >> 8;
+ ntlmbuf[56] = (char) (size & 0xff);
+ ntlmbuf[57] = (char) (size >> 8);
/* convert the binary blob into base64 */
base64 = (char *) alloca (BASE64_LENGTH (size) + 1);