1/* 2 * ntlm proxy support for OpenVPN 3 * 4 * Copyright (C) 2004 William Preston 5 * 6 * *NTLMv2 support and domain name parsing by Miroslav Zajic, Nextsoft s.r.o.* 7 * 8 * This program is free software; you can redistribute it and/or modify 9 * it under the terms of the GNU General Public License as published by 10 * the Free Software Foundation; either version 2 of the License, or 11 * (at your option) any later version. 12 * 13 * This program is distributed in the hope that it will be useful, 14 * but WITHOUT ANY WARRANTY; without even the implied warranty of 15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 16 * GNU General Public License for more details. 17 * 18 * You should have received a copy of the GNU General Public License 19 * along with this program (see the file COPYING included with this 20 * distribution); if not, write to the Free Software Foundation, Inc., 21 * 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA 22 */ 23 24#ifdef HAVE_CONFIG_H 25#include "config.h" 26#elif defined(_MSC_VER) 27#include "config-msvc.h" 28#endif 29 30#include "syshead.h" 31 32#if NTLM 33 34#include "common.h" 35#include "buffer.h" 36#include "misc.h" 37#include "socket.h" 38#include "fdmisc.h" 39#include "proxy.h" 40#include "ntlm.h" 41#include "base64.h" 42#include "crypto.h" 43 44#include "memdbg.h" 45 46 47/* 64bit datatype macros */ 48#ifdef _MSC_VER 49 /* MS compilers */ 50# define UINTEGER64 __int64 51# define UINT64(c) c ## Ui64 52#else 53 /* Non MS compilers */ 54# define UINTEGER64 unsigned long long 55# define UINT64(c) c ## LL 56#endif 57 58 59 60 61static void 62create_des_keys(const unsigned char *hash, unsigned char *key) 63{ 64 key[0] = hash[0]; 65 key[1] = ((hash[0]&1)<<7)|(hash[1]>>1); 66 key[2] = ((hash[1]&3)<<6)|(hash[2]>>2); 67 key[3] = ((hash[2]&7)<<5)|(hash[3]>>3); 68 key[4] = ((hash[3]&15)<<4)|(hash[4]>>4); 69 key[5] = ((hash[4]&31)<<3)|(hash[5]>>5); 70 key[6] = ((hash[5]&63)<<2)|(hash[6]>>6); 71 key[7] = ((hash[6]&127)<<1); 72 key_des_fixup(key, 8, 1); 73} 74 75static void 76gen_md4_hash (const char* data, int data_len, char *result) 77{ 78 /* result is 16 byte md4 hash */ 79 const md_kt_t *md4_kt = md_kt_get("MD4"); 80 char md[MD4_DIGEST_LENGTH]; 81 82 md_full(md4_kt, data, data_len, md); 83 memcpy (result, md, MD4_DIGEST_LENGTH); 84} 85 86static void 87gen_hmac_md5 (const char* data, int data_len, const char* key, int key_len,char *result) 88{ 89 const md_kt_t *md5_kt = md_kt_get("MD5"); 90 hmac_ctx_t hmac_ctx; 91 CLEAR(hmac_ctx); 92 93 hmac_ctx_init(&hmac_ctx, key, key_len, md5_kt); 94 hmac_ctx_update(&hmac_ctx, (const unsigned char *)data, data_len); 95 hmac_ctx_final(&hmac_ctx, (unsigned char *)result); 96 hmac_ctx_cleanup(&hmac_ctx); 97} 98 99static void 100gen_timestamp (unsigned char *timestamp) 101{ 102 /* Copies 8 bytes long timestamp into "timestamp" buffer. 103 * Timestamp is Little-endian, 64-bit signed value representing the number of tenths of a microsecond since January 1, 1601. 104 */ 105 106 UINTEGER64 timestamp_ull; 107 108 timestamp_ull = openvpn_time(NULL); 109 timestamp_ull = (timestamp_ull + UINT64(11644473600)) * UINT64(10000000); 110 111 /* store little endian value */ 112 timestamp[0]= timestamp_ull & UINT64(0xFF); 113 timestamp[1]= (timestamp_ull >> 8) & UINT64(0xFF); 114 timestamp[2]= (timestamp_ull >> 16) & UINT64(0xFF); 115 timestamp[3]= (timestamp_ull >> 24) & UINT64(0xFF); 116 timestamp[4]= (timestamp_ull >> 32) & UINT64(0xFF); 117 timestamp[5]= (timestamp_ull >> 40) & UINT64(0xFF); 118 timestamp[6]= (timestamp_ull >> 48) & UINT64(0xFF); 119 timestamp[7]= (timestamp_ull >> 56) & UINT64(0xFF); 120} 121 122static void 123gen_nonce (unsigned char *nonce) 124{ 125 /* Generates 8 random bytes to be used as client nonce */ 126 int i; 127 128 for(i=0;i<8;i++){ 129 nonce[i] = (unsigned char)get_random(); 130 } 131} 132 133unsigned char *my_strupr(unsigned char *str) 134{ 135 /* converts string to uppercase in place */ 136 unsigned char *tmp = str;; 137 138 do *str = toupper(*str); while (*(++str)); 139 return tmp; 140} 141 142static int 143unicodize (char *dst, const char *src) 144{ 145 /* not really unicode... */ 146 int i = 0; 147 do 148 { 149 dst[i++] = *src; 150 dst[i++] = 0; 151 } 152 while (*src++); 153 154 return i; 155} 156 157static void 158add_security_buffer(int sb_offset, void *data, int length, unsigned char *msg_buf, int *msg_bufpos) 159{ 160 /* Adds security buffer data to a message and sets security buffer's offset and length */ 161 msg_buf[sb_offset] = (unsigned char)length; 162 msg_buf[sb_offset + 2] = msg_buf[sb_offset]; 163 msg_buf[sb_offset + 4] = (unsigned char)(*msg_bufpos & 0xff); 164 msg_buf[sb_offset + 5] = (unsigned char)((*msg_bufpos >> 8) & 0xff); 165 memcpy(&msg_buf[*msg_bufpos], data, msg_buf[sb_offset]); 166 *msg_bufpos += length; 167} 168 169const char * 170ntlm_phase_1 (const struct http_proxy_info *p, struct gc_arena *gc) 171{ 172 struct buffer out = alloc_buf_gc (96, gc); 173 /* try a minimal NTLM handshake 174 * 175 * http://davenport.sourceforge.net/ntlm.html 176 * 177 * This message contains only the NTLMSSP signature, 178 * the NTLM message type, 179 * and the minimal set of flags (Negotiate NTLM and Negotiate OEM). 180 * 181 */ 182 buf_printf (&out, "%s", "TlRMTVNTUAABAAAAAgIAAA=="); 183 return (BSTR (&out)); 184} 185 186const char * 187ntlm_phase_3 (const struct http_proxy_info *p, const char *phase_2, struct gc_arena *gc) 188{ 189 /* NTLM handshake 190 * 191 * http://davenport.sourceforge.net/ntlm.html 192 * 193 */ 194 195 char pwbuf[sizeof (p->up.password) * 2]; /* for unicode password */ 196 char buf2[128]; /* decoded reply from proxy */ 197 unsigned char phase3[464]; 198 199 char md4_hash[MD4_DIGEST_LENGTH+5]; 200 char challenge[8], ntlm_response[24]; 201 int i, ret_val; 202 203 char ntlmv2_response[144]; 204 char userdomain_u[256]; /* for uppercase unicode username and domain */ 205 char userdomain[128]; /* the same as previous but ascii */ 206 char ntlmv2_hash[MD5_DIGEST_LENGTH]; 207 char ntlmv2_hmacmd5[16]; 208 char *ntlmv2_blob = ntlmv2_response + 16; /* inside ntlmv2_response, length: 128 */ 209 int ntlmv2_blob_size=0; 210 int phase3_bufpos = 0x40; /* offset to next security buffer data to be added */ 211 size_t len; 212 213 char domain[128]; 214 char username[128]; 215 char *separator; 216 217 bool ntlmv2_enabled = (p->auth_method == HTTP_AUTH_NTLM2); 218 219 CLEAR (buf2); 220 221 ASSERT (strlen (p->up.username) > 0); 222 ASSERT (strlen (p->up.password) > 0); 223 224 /* username parsing */ 225 separator = strchr(p->up.username, '\\'); 226 if (separator == NULL) { 227 strncpy(username, p->up.username, sizeof(username)-1); 228 username[sizeof(username)-1]=0; 229 domain[0]=0; 230 } else { 231 strncpy(username, separator+1, sizeof(username)-1); 232 username[sizeof(username)-1]=0; 233 len = separator - p->up.username; 234 if (len > sizeof(domain) - 1) len = sizeof(domain) - 1; 235 strncpy(domain, p->up.username, len); 236 domain[len]=0; 237 } 238 239 240 /* fill 1st 16 bytes with md4 hash, disregard terminating null */ 241 gen_md4_hash (pwbuf, unicodize (pwbuf, p->up.password) - 2, md4_hash); 242 243 /* pad to 21 bytes */ 244 memset(md4_hash + MD4_DIGEST_LENGTH, 0, 5); 245 246 ret_val = openvpn_base64_decode( phase_2, (void *)buf2, -1); 247 if (ret_val < 0) 248 return NULL; 249 250 /* we can be sure that phase_2 is less than 128 251 * therefore buf2 needs to be (3/4 * 128) */ 252 253 /* extract the challenge from bytes 24-31 */ 254 for (i=0; i<8; i++) 255 { 256 challenge[i] = buf2[i+24]; 257 } 258 259 if (ntlmv2_enabled){ /* Generate NTLMv2 response */ 260 int tib_len; 261 262 /* NTLMv2 hash */ 263 my_strupr((unsigned char *)strcpy(userdomain, username)); 264 if (strlen(username) + strlen(domain) < sizeof(userdomain)) 265 strcat(userdomain, domain); 266 else 267 msg (M_INFO, "Warning: Username or domain too long"); 268 unicodize (userdomain_u, userdomain); 269 gen_hmac_md5(userdomain_u, 2 * strlen(userdomain), md4_hash, MD5_DIGEST_LENGTH, ntlmv2_hash); 270 271 /* NTLMv2 Blob */ 272 memset(ntlmv2_blob, 0, 128); /* Clear blob buffer */ 273 ntlmv2_blob[0x00]=1; /* Signature */ 274 ntlmv2_blob[0x01]=1; /* Signature */ 275 ntlmv2_blob[0x04]=0; /* Reserved */ 276 gen_timestamp((unsigned char *)&ntlmv2_blob[0x08]); /* 64-bit Timestamp */ 277 gen_nonce((unsigned char *)&ntlmv2_blob[0x10]); /* 64-bit Client Nonce */ 278 ntlmv2_blob[0x18]=0; /* Unknown, zero should work */ 279 280 /* Add target information block to the blob */ 281 if (( *((long *)&buf2[0x14]) & 0x00800000) == 0x00800000){ /* Check for Target Information block */ 282 tib_len = buf2[0x28];/* Get Target Information block size */ 283 if (tib_len > 96) tib_len = 96; 284 { 285 char *tib_ptr = buf2 + buf2[0x2c]; /* Get Target Information block pointer */ 286 memcpy(&ntlmv2_blob[0x1c], tib_ptr, tib_len); /* Copy Target Information block into the blob */ 287 } 288 } else { 289 tib_len = 0; 290 } 291 292 ntlmv2_blob[0x1c + tib_len] = 0; /* Unknown, zero works */ 293 294 /* Get blob length */ 295 ntlmv2_blob_size = 0x20 + tib_len; 296 297 /* Add challenge from message 2 */ 298 memcpy(&ntlmv2_response[8], challenge, 8); 299 300 /* hmac-md5 */ 301 gen_hmac_md5(&ntlmv2_response[8], ntlmv2_blob_size + 8, ntlmv2_hash, MD5_DIGEST_LENGTH, ntlmv2_hmacmd5); 302 303 /* Add hmac-md5 result to the blob */ 304 memcpy(ntlmv2_response, ntlmv2_hmacmd5, MD5_DIGEST_LENGTH); /* Note: This overwrites challenge previously written at ntlmv2_response[8..15] */ 305 306 } else { /* Generate NTLM response */ 307 unsigned char key1[DES_KEY_LENGTH], key2[DES_KEY_LENGTH], key3[DES_KEY_LENGTH]; 308 309 create_des_keys ((unsigned char *)md4_hash, key1); 310 cipher_des_encrypt_ecb (key1, challenge, ntlm_response); 311 312 create_des_keys ((unsigned char *)&(md4_hash[DES_KEY_LENGTH-1]), key2); 313 cipher_des_encrypt_ecb (key2, challenge, &ntlm_response[DES_KEY_LENGTH]); 314 315 create_des_keys ((unsigned char *)&(md4_hash[2*(DES_KEY_LENGTH-1)]), key3); 316 cipher_des_encrypt_ecb (key3, challenge, &ntlm_response[DES_KEY_LENGTH*2]); 317 } 318 319 320 memset (phase3, 0, sizeof (phase3)); /* clear reply */ 321 322 strcpy ((char *)phase3, "NTLMSSP\0"); /* signature */ 323 phase3[8] = 3; /* type 3 */ 324 325 if (ntlmv2_enabled){ /* NTLMv2 response */ 326 add_security_buffer(0x14, ntlmv2_response, ntlmv2_blob_size + 16, phase3, &phase3_bufpos); 327 }else{ /* NTLM response */ 328 add_security_buffer(0x14, ntlm_response, 24, phase3, &phase3_bufpos); 329 } 330 331 /* username in ascii */ 332 add_security_buffer(0x24, username, strlen (username), phase3, &phase3_bufpos); 333 334 /* Set domain. If <domain> is empty, default domain will be used (i.e. proxy's domain) */ 335 add_security_buffer(0x1c, domain, strlen (domain), phase3, &phase3_bufpos); 336 337 338 /* other security buffers will be empty */ 339 phase3[0x10] = phase3_bufpos; /* lm not used */ 340 phase3[0x30] = phase3_bufpos; /* no workstation name supplied */ 341 phase3[0x38] = phase3_bufpos; /* no session key */ 342 343 /* flags */ 344 phase3[0x3c] = 0x02; /* negotiate oem */ 345 phase3[0x3d] = 0x02; /* negotiate ntlm */ 346 347 return ((const char *)make_base64_string2 ((unsigned char *)phase3, phase3_bufpos, gc)); 348} 349 350#else 351static void dummy(void) {} 352#endif 353