ntlmauth.cc File Reference

#include "squid.h"
#include <cstring>
#include <ctime>
#include <random>
#include "ntlmauth/ntlmauth.h"
#include "util.h"

Include dependency graph for ntlmauth.cc:

Go to the source code of this file.

Functions
void	ntlm_dump_ntlmssp_flags (uint32_t flags)
NtlmError	ntlm_validate_packet (const ntlmhdr *hdr, const int32_t type)
lstring	ntlm_fetch_string (const ntlmhdr *packet, const int32_t packet_size, const strhdr *str, const uint32_t flags)
void	ntlm_add_to_payload (const ntlmhdr *packet_hdr, char *payload, int *payload_length, strhdr *hdr, const char *toadd, const uint16_t toadd_length)
void	ntlm_make_nonce (char *nonce)
void	ntlm_make_challenge (ntlm_challenge *ch, const char *domain, const char *, const char *challenge_nonce, const int challenge_nonce_len, const uint32_t flags)
NtlmError	ntlm_unpack_auth (const ntlm_authenticate *auth, char *user, char *domain, const int32_t size)

Function Documentation

ntlm_add_to_payload()

void ntlm_add_to_payload	(	const ntlmhdr *	packet_hdr,
		char *	payload,
		int *	payload_length,
		strhdr *	hdr,
		const char *	toadd,
		const uint16_t	toadd_length
	)

Adds something to the payload. The caller must guarantee that there is enough space in the payload string to accommodate the added value. payload_length and hdr will be modified as a side-effect.

Definition at line 165 of file ntlmauth.cc.

References htole16, htole32, _strhdr::len, _strhdr::maxlen, and _strhdr::offset.

Referenced by ntlm_make_challenge().

ntlm_dump_ntlmssp_flags()

void ntlm_dump_ntlmssp_flags

(

uint32_t

flags

)

Dumps NTLM flags to standard error for debugging purposes

Definition at line 30 of file ntlmauth.cc.

References NTLM_CHALLENGE_TARGET_IS_DOMAIN, NTLM_CHALLENGE_TARGET_IS_SERVER, NTLM_CHALLENGE_TARGET_IS_SHARE, NTLM_NEGOTIATE_ALWAYS_SIGN, NTLM_NEGOTIATE_ASCII, NTLM_NEGOTIATE_DATAGRAM_STYLE, NTLM_NEGOTIATE_DOMAIN_SUPPLIED, NTLM_NEGOTIATE_REQUEST_SEAL, NTLM_NEGOTIATE_REQUEST_SIGN, NTLM_NEGOTIATE_REQUEST_TARGET, NTLM_NEGOTIATE_THIS_IS_LOCAL_CALL, NTLM_NEGOTIATE_UNICODE, NTLM_NEGOTIATE_USE_LM, NTLM_NEGOTIATE_USE_NETWARE, NTLM_NEGOTIATE_USE_NTLM, NTLM_NEGOTIATE_WORKSTATION_SUPPLIED, NTLM_REQUEST_ACCEPT_RESPONSE, NTLM_REQUEST_INIT_RESPONSE, and NTLM_REQUEST_NON_NT_SESSION_KEY.

ntlm_fetch_string()

lstring ntlm_fetch_string	(	const ntlmhdr *	packet,
		const int32_t	packet_size,
		const strhdr *	str,
		const uint32_t	flags
	)

Fetches a string from the authentication packet. The lstring data-part may point to inside the packet itself or a temporary static buffer. It's up to the user to memcpy() that if the value needs to be used in any way that requires a tailing \0. (can check whether the value is there though, in that case lstring.length == -1).

String may be either ASCII or UNICODE depending on whether flags contains NTLM_NEGOTIATE_ASCII

Definition at line 98 of file ntlmauth.cc.

References debug(), _lstring::l, le16toh, le32toh, _strhdr::len, NTLM_MAX_FIELD_LENGTH, NTLM_NEGOTIATE_ASCII, _strhdr::offset, _lstring::str, and xisprint.

Referenced by ntlm_unpack_auth().

ntlm_make_challenge()

void ntlm_make_challenge	(	ntlm_challenge *	ch,
		const char *	domain,
		const char *	domain_controller,
		const char *	challenge_nonce,
		const int	challenge_nonce_len,
		const uint32_t	flags
	)

Prepares a challenge packet to be sent to the client

Note

domain should be upper_case

Definition at line 210 of file ntlmauth.cc.

References _ntlm_challenge::challenge, _ntlm_challenge::context_high, _ntlm_challenge::context_low, _ntlm_challenge::flags, _ntlm_challenge::hdr, htole32, ntlm_add_to_payload(), NTLM_CHALLENGE, _ntlm_challenge::payload, _ntlmhdr::signature, _ntlm_challenge::target, and _ntlmhdr::type.

Referenced by main().

ntlm_make_nonce()

void ntlm_make_nonce

(

char *

nonce

)

Generate a challenge request nonce.

Definition at line 196 of file ntlmauth.cc.

References NTLM_NONCE_LEN.

Referenced by main().

ntlm_unpack_auth()

NtlmError ntlm_unpack_auth	(	const ntlm_authenticate *	auth,
		char *	user,
		char *	domain,
		const int32_t	size
	)

Unpack the strings in an NTLM authentication response from client. The caller is responsible for initializing the user and domain buffers this function will only insert data if the packet contains any. Otherwise the buffers will be left untouched.

Return values

NtlmError::None	username present, maybe also domain.
NtlmError::ProtocolError	packet type is not an authentication packet.
NtlmError::LoginEror	no username.
NtlmError::BlobError	domain field is apparently larger than the packet.

Definition at line 247 of file ntlmauth.cc.

References BlobError, debug(), _ntlm_authenticate::domain, _ntlm_authenticate::flags, _ntlm_authenticate::hdr, _lstring::l, le32toh, _strhdr::len, _ntlm_authenticate::lmresponse, LoginEror, None, NTLM_AUTHENTICATE, ntlm_fetch_string(), NTLM_MAX_FIELD_LENGTH, ntlm_validate_packet(), _ntlm_authenticate::ntresponse, _strhdr::offset, ProtocolError, _ntlm_authenticate::sessionkey, size, _lstring::str, _ntlm_authenticate::user, and _ntlm_authenticate::workstation.

Referenced by main().

ntlm_validate_packet()

NtlmError ntlm_validate_packet	(	const ntlmhdr *	hdr,
		const int32_t	type
	)

Check the validity of a decoded NTLM packet.

Return values

NtlmError::None	Packet is okay
NtlmError::BlobError	Packet is not even an NTLMSSP packet at all.
NtlmError::ProtocolError	Packet is not the expected type.

Definition at line 67 of file ntlmauth.cc.

References BlobError, debug(), le32toh, None, NTLM_ANY, ProtocolError, _ntlmhdr::signature, and _ntlmhdr::type.

Referenced by main(), and ntlm_unpack_auth().