OLD | NEW |
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "net/http/http_auth_handler_ntlm.h" | 5 #include "net/http/http_auth_handler_ntlm.h" |
6 | 6 |
7 #include <stdlib.h> | 7 #include <stdlib.h> |
8 // For gethostname | 8 // For gethostname |
9 #if defined(OS_POSIX) | 9 #if defined(OS_POSIX) |
10 #include <unistd.h> | 10 #include <unistd.h> |
(...skipping 159 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
170 #define LogFlags(x) ((void) 0) | 170 #define LogFlags(x) ((void) 0) |
171 #define LogBuf(a, b, c) ((void) 0) | 171 #define LogBuf(a, b, c) ((void) 0) |
172 #define LogToken(a, b, c) ((void) 0) | 172 #define LogToken(a, b, c) ((void) 0) |
173 | 173 |
174 //----------------------------------------------------------------------------- | 174 //----------------------------------------------------------------------------- |
175 | 175 |
176 // Byte order swapping. | 176 // Byte order swapping. |
177 #define SWAP16(x) ((((x) & 0xff) << 8) | (((x) >> 8) & 0xff)) | 177 #define SWAP16(x) ((((x) & 0xff) << 8) | (((x) >> 8) & 0xff)) |
178 #define SWAP32(x) ((SWAP16((x) & 0xffff) << 16) | (SWAP16((x) >> 16))) | 178 #define SWAP32(x) ((SWAP16((x) & 0xffff) << 16) | (SWAP16((x) >> 16))) |
179 | 179 |
180 static void* WriteBytes(void* buf, const void* data, uint32 data_len) { | 180 static void* WriteBytes(void* buf, const void* data, uint32_t data_len) { |
181 memcpy(buf, data, data_len); | 181 memcpy(buf, data, data_len); |
182 return static_cast<char*>(buf) + data_len; | 182 return static_cast<char*>(buf) + data_len; |
183 } | 183 } |
184 | 184 |
185 static void* WriteDWORD(void* buf, uint32 dword) { | 185 static void* WriteDWORD(void* buf, uint32_t dword) { |
186 #ifdef IS_BIG_ENDIAN | 186 #ifdef IS_BIG_ENDIAN |
187 // NTLM uses little endian on the wire. | 187 // NTLM uses little endian on the wire. |
188 dword = SWAP32(dword); | 188 dword = SWAP32(dword); |
189 #endif | 189 #endif |
190 return WriteBytes(buf, &dword, sizeof(dword)); | 190 return WriteBytes(buf, &dword, sizeof(dword)); |
191 } | 191 } |
192 | 192 |
193 static void* WriteSecBuf(void* buf, uint16 length, uint32 offset) { | 193 static void* WriteSecBuf(void* buf, uint16_t length, uint32_t offset) { |
194 #ifdef IS_BIG_ENDIAN | 194 #ifdef IS_BIG_ENDIAN |
195 length = SWAP16(length); | 195 length = SWAP16(length); |
196 offset = SWAP32(offset); | 196 offset = SWAP32(offset); |
197 #endif | 197 #endif |
198 // Len: 2 bytes. | 198 // Len: 2 bytes. |
199 buf = WriteBytes(buf, &length, sizeof(length)); | 199 buf = WriteBytes(buf, &length, sizeof(length)); |
200 // MaxLen: 2 bytes. The sender should set it to the value of Len. The | 200 // MaxLen: 2 bytes. The sender should set it to the value of Len. The |
201 // recipient must ignore it. | 201 // recipient must ignore it. |
202 buf = WriteBytes(buf, &length, sizeof(length)); | 202 buf = WriteBytes(buf, &length, sizeof(length)); |
203 // BufferOffset: 4 bytes. | 203 // BufferOffset: 4 bytes. |
204 buf = WriteBytes(buf, &offset, sizeof(offset)); | 204 buf = WriteBytes(buf, &offset, sizeof(offset)); |
205 return buf; | 205 return buf; |
206 } | 206 } |
207 | 207 |
208 #ifdef IS_BIG_ENDIAN | 208 #ifdef IS_BIG_ENDIAN |
209 /** | 209 /** |
210 * WriteUnicodeLE copies a unicode string from one buffer to another. The | 210 * WriteUnicodeLE copies a unicode string from one buffer to another. The |
211 * resulting unicode string is in little-endian format. The input string is | 211 * resulting unicode string is in little-endian format. The input string is |
212 * assumed to be in the native endianness of the local machine. It is safe | 212 * assumed to be in the native endianness of the local machine. It is safe |
213 * to pass the same buffer as both input and output, which is a handy way to | 213 * to pass the same buffer as both input and output, which is a handy way to |
214 * convert the unicode buffer to little-endian on big-endian platforms. | 214 * convert the unicode buffer to little-endian on big-endian platforms. |
215 */ | 215 */ |
216 static void* WriteUnicodeLE( | 216 static void* WriteUnicodeLE(void* buf, |
217 void* buf, const base::char16* str, uint32 str_len) { | 217 const base::char16* str, |
| 218 uint32_t str_len) { |
218 // Convert input string from BE to LE. | 219 // Convert input string from BE to LE. |
219 uint8* cursor = static_cast<uint8*>(buf); | 220 uint8_t* cursor = static_cast<uint8_t*>(buf); |
220 const uint8* input = reinterpret_cast<const uint8*>(str); | 221 const uint8_t* input = reinterpret_cast<const uint8_t*>(str); |
221 for (uint32 i = 0; i < str_len; ++i, input += 2, cursor += 2) { | 222 for (uint32_t i = 0; i < str_len; ++i, input += 2, cursor += 2) { |
222 // Allow for the case where |buf == str|. | 223 // Allow for the case where |buf == str|. |
223 uint8 temp = input[0]; | 224 uint8_t temp = input[0]; |
224 cursor[0] = input[1]; | 225 cursor[0] = input[1]; |
225 cursor[1] = temp; | 226 cursor[1] = temp; |
226 } | 227 } |
227 return buf; | 228 return buf; |
228 } | 229 } |
229 #endif | 230 #endif |
230 | 231 |
231 static uint16 ReadUint16(const uint8*& buf) { | 232 static uint16_t ReadUint16(const uint8_t*& buf) { |
232 uint16 x = (static_cast<uint16>(buf[0])) | | 233 uint16_t x = |
233 (static_cast<uint16>(buf[1]) << 8); | 234 (static_cast<uint16_t>(buf[0])) | (static_cast<uint16_t>(buf[1]) << 8); |
234 buf += sizeof(x); | 235 buf += sizeof(x); |
235 return x; | 236 return x; |
236 } | 237 } |
237 | 238 |
238 static uint32 ReadUint32(const uint8*& buf) { | 239 static uint32_t ReadUint32(const uint8_t*& buf) { |
239 uint32 x = (static_cast<uint32>(buf[0])) | | 240 uint32_t x = (static_cast<uint32_t>(buf[0])) | |
240 (static_cast<uint32>(buf[1]) << 8) | | 241 (static_cast<uint32_t>(buf[1]) << 8) | |
241 (static_cast<uint32>(buf[2]) << 16) | | 242 (static_cast<uint32_t>(buf[2]) << 16) | |
242 (static_cast<uint32>(buf[3]) << 24); | 243 (static_cast<uint32_t>(buf[3]) << 24); |
243 buf += sizeof(x); | 244 buf += sizeof(x); |
244 return x; | 245 return x; |
245 } | 246 } |
246 | 247 |
247 //----------------------------------------------------------------------------- | 248 //----------------------------------------------------------------------------- |
248 | 249 |
249 // LM_Hash computes the LM hash of the given password. | 250 // LM_Hash computes the LM hash of the given password. |
250 // | 251 // |
251 // param password | 252 // param password |
252 // unicode password. | 253 // unicode password. |
253 // param hash | 254 // param hash |
254 // 16-byte result buffer | 255 // 16-byte result buffer |
255 // | 256 // |
256 // Note: This function is not being used because our SendLM() function always | 257 // Note: This function is not being used because our SendLM() function always |
257 // returns false. | 258 // returns false. |
258 static void LM_Hash(const base::string16& password, uint8* hash) { | 259 static void LM_Hash(const base::string16& password, uint8_t* hash) { |
259 static const uint8 LM_MAGIC[] = "KGS!@#$%"; | 260 static const uint8_t LM_MAGIC[] = "KGS!@#$%"; |
260 | 261 |
261 // Convert password to OEM character set. We'll just use the native | 262 // Convert password to OEM character set. We'll just use the native |
262 // filesystem charset. | 263 // filesystem charset. |
263 std::string passbuf = base::SysWideToNativeMB(base::UTF16ToWide(password)); | 264 std::string passbuf = base::SysWideToNativeMB(base::UTF16ToWide(password)); |
264 passbuf = base::ToUpperASCII(passbuf); | 265 passbuf = base::ToUpperASCII(passbuf); |
265 passbuf.resize(14, '\0'); | 266 passbuf.resize(14, '\0'); |
266 | 267 |
267 uint8 k1[8], k2[8]; | 268 uint8_t k1[8], k2[8]; |
268 DESMakeKey(reinterpret_cast<const uint8*>(passbuf.data()) , k1); | 269 DESMakeKey(reinterpret_cast<const uint8_t*>(passbuf.data()), k1); |
269 DESMakeKey(reinterpret_cast<const uint8*>(passbuf.data()) + 7, k2); | 270 DESMakeKey(reinterpret_cast<const uint8_t*>(passbuf.data()) + 7, k2); |
270 ZapString(&passbuf); | 271 ZapString(&passbuf); |
271 | 272 |
272 // Use password keys to hash LM magic string twice. | 273 // Use password keys to hash LM magic string twice. |
273 DESEncrypt(k1, LM_MAGIC, hash); | 274 DESEncrypt(k1, LM_MAGIC, hash); |
274 DESEncrypt(k2, LM_MAGIC, hash + 8); | 275 DESEncrypt(k2, LM_MAGIC, hash + 8); |
275 } | 276 } |
276 | 277 |
277 // NTLM_Hash computes the NTLM hash of the given password. | 278 // NTLM_Hash computes the NTLM hash of the given password. |
278 // | 279 // |
279 // param password | 280 // param password |
280 // null-terminated unicode password. | 281 // null-terminated unicode password. |
281 // param hash | 282 // param hash |
282 // 16-byte result buffer | 283 // 16-byte result buffer |
283 static void NTLM_Hash(const base::string16& password, uint8* hash) { | 284 static void NTLM_Hash(const base::string16& password, uint8_t* hash) { |
284 #ifdef IS_BIG_ENDIAN | 285 #ifdef IS_BIG_ENDIAN |
285 uint32 len = password.length(); | 286 uint32_t len = password.length(); |
286 uint8* passbuf; | 287 uint8_t* passbuf; |
287 | 288 |
288 passbuf = static_cast<uint8*>(malloc(len * 2)); | 289 passbuf = static_cast<uint8_t*>(malloc(len * 2)); |
289 WriteUnicodeLE(passbuf, password.data(), len); | 290 WriteUnicodeLE(passbuf, password.data(), len); |
290 weak_crypto::MD4Sum(passbuf, len * 2, hash); | 291 weak_crypto::MD4Sum(passbuf, len * 2, hash); |
291 | 292 |
292 ZapBuf(passbuf, len * 2); | 293 ZapBuf(passbuf, len * 2); |
293 free(passbuf); | 294 free(passbuf); |
294 #else | 295 #else |
295 weak_crypto::MD4Sum(reinterpret_cast<const uint8*>(password.data()), | 296 weak_crypto::MD4Sum(reinterpret_cast<const uint8_t*>(password.data()), |
296 password.length() * 2, hash); | 297 password.length() * 2, hash); |
297 #endif | 298 #endif |
298 } | 299 } |
299 | 300 |
300 //----------------------------------------------------------------------------- | 301 //----------------------------------------------------------------------------- |
301 | 302 |
302 // LM_Response generates the LM response given a 16-byte password hash and the | 303 // LM_Response generates the LM response given a 16-byte password hash and the |
303 // challenge from the Type-2 message. | 304 // challenge from the Type-2 message. |
304 // | 305 // |
305 // param hash | 306 // param hash |
306 // 16-byte password hash | 307 // 16-byte password hash |
307 // param challenge | 308 // param challenge |
308 // 8-byte challenge from Type-2 message | 309 // 8-byte challenge from Type-2 message |
309 // param response | 310 // param response |
310 // 24-byte buffer to contain the LM response upon return | 311 // 24-byte buffer to contain the LM response upon return |
311 static void LM_Response(const uint8* hash, | 312 static void LM_Response(const uint8_t* hash, |
312 const uint8* challenge, | 313 const uint8_t* challenge, |
313 uint8* response) { | 314 uint8_t* response) { |
314 uint8 keybytes[21], k1[8], k2[8], k3[8]; | 315 uint8_t keybytes[21], k1[8], k2[8], k3[8]; |
315 | 316 |
316 memcpy(keybytes, hash, 16); | 317 memcpy(keybytes, hash, 16); |
317 ZapBuf(keybytes + 16, 5); | 318 ZapBuf(keybytes + 16, 5); |
318 | 319 |
319 DESMakeKey(keybytes , k1); | 320 DESMakeKey(keybytes , k1); |
320 DESMakeKey(keybytes + 7, k2); | 321 DESMakeKey(keybytes + 7, k2); |
321 DESMakeKey(keybytes + 14, k3); | 322 DESMakeKey(keybytes + 14, k3); |
322 | 323 |
323 DESEncrypt(k1, challenge, response); | 324 DESEncrypt(k1, challenge, response); |
324 DESEncrypt(k2, challenge, response + 8); | 325 DESEncrypt(k2, challenge, response + 8); |
325 DESEncrypt(k3, challenge, response + 16); | 326 DESEncrypt(k3, challenge, response + 16); |
326 } | 327 } |
327 | 328 |
328 //----------------------------------------------------------------------------- | 329 //----------------------------------------------------------------------------- |
329 | 330 |
330 // Returns OK or a network error code. | 331 // Returns OK or a network error code. |
331 static int GenerateType1Msg(void** out_buf, uint32* out_len) { | 332 static int GenerateType1Msg(void** out_buf, uint32_t* out_len) { |
332 // | 333 // |
333 // Verify that buf_len is sufficient. | 334 // Verify that buf_len is sufficient. |
334 // | 335 // |
335 *out_len = NTLM_TYPE1_HEADER_LEN; | 336 *out_len = NTLM_TYPE1_HEADER_LEN; |
336 *out_buf = malloc(*out_len); | 337 *out_buf = malloc(*out_len); |
337 if (!*out_buf) | 338 if (!*out_buf) |
338 return ERR_OUT_OF_MEMORY; | 339 return ERR_OUT_OF_MEMORY; |
339 | 340 |
340 // | 341 // |
341 // Write out type 1 message. | 342 // Write out type 1 message. |
(...skipping 20 matching lines...) Expand all Loading... |
362 // 16 : supplied domain security buffer (empty) | 363 // 16 : supplied domain security buffer (empty) |
363 cursor = WriteSecBuf(cursor, 0, 0); | 364 cursor = WriteSecBuf(cursor, 0, 0); |
364 | 365 |
365 // 24 : supplied workstation security buffer (empty) | 366 // 24 : supplied workstation security buffer (empty) |
366 cursor = WriteSecBuf(cursor, 0, 0); | 367 cursor = WriteSecBuf(cursor, 0, 0); |
367 | 368 |
368 return OK; | 369 return OK; |
369 } | 370 } |
370 | 371 |
371 struct Type2Msg { | 372 struct Type2Msg { |
372 uint32 flags; // NTLM_Xxx bitwise combination | 373 uint32_t flags; // NTLM_Xxx bitwise combination |
373 uint8 challenge[8]; // 8 byte challenge | 374 uint8_t challenge[8]; // 8 byte challenge |
374 const void* target; // target string (type depends on flags) | 375 const void* target; // target string (type depends on flags) |
375 uint32 target_len; // target length in bytes | 376 uint32_t target_len; // target length in bytes |
376 }; | 377 }; |
377 | 378 |
378 // Returns OK or a network error code. | 379 // Returns OK or a network error code. |
379 // TODO(wtc): This function returns ERR_UNEXPECTED when the input message is | 380 // TODO(wtc): This function returns ERR_UNEXPECTED when the input message is |
380 // invalid. We should return a better error code. | 381 // invalid. We should return a better error code. |
381 static int ParseType2Msg(const void* in_buf, uint32 in_len, Type2Msg* msg) { | 382 static int ParseType2Msg(const void* in_buf, uint32_t in_len, Type2Msg* msg) { |
382 // Make sure in_buf is long enough to contain a meaningful type2 msg. | 383 // Make sure in_buf is long enough to contain a meaningful type2 msg. |
383 // | 384 // |
384 // 0 NTLMSSP Signature | 385 // 0 NTLMSSP Signature |
385 // 8 NTLM Message Type | 386 // 8 NTLM Message Type |
386 // 12 Target Name | 387 // 12 Target Name |
387 // 20 Flags | 388 // 20 Flags |
388 // 24 Challenge | 389 // 24 Challenge |
389 // 32 end of header, start of optional data blocks | 390 // 32 end of header, start of optional data blocks |
390 // | 391 // |
391 if (in_len < NTLM_TYPE2_HEADER_LEN) | 392 if (in_len < NTLM_TYPE2_HEADER_LEN) |
392 return ERR_UNEXPECTED; | 393 return ERR_UNEXPECTED; |
393 | 394 |
394 const uint8* cursor = (const uint8*) in_buf; | 395 const uint8_t* cursor = (const uint8_t*)in_buf; |
395 | 396 |
396 // verify NTLMSSP signature | 397 // verify NTLMSSP signature |
397 if (memcmp(cursor, NTLM_SIGNATURE, sizeof(NTLM_SIGNATURE)) != 0) | 398 if (memcmp(cursor, NTLM_SIGNATURE, sizeof(NTLM_SIGNATURE)) != 0) |
398 return ERR_UNEXPECTED; | 399 return ERR_UNEXPECTED; |
399 cursor += sizeof(NTLM_SIGNATURE); | 400 cursor += sizeof(NTLM_SIGNATURE); |
400 | 401 |
401 // verify Type-2 marker | 402 // verify Type-2 marker |
402 if (memcmp(cursor, NTLM_TYPE2_MARKER, sizeof(NTLM_TYPE2_MARKER)) != 0) | 403 if (memcmp(cursor, NTLM_TYPE2_MARKER, sizeof(NTLM_TYPE2_MARKER)) != 0) |
403 return ERR_UNEXPECTED; | 404 return ERR_UNEXPECTED; |
404 cursor += sizeof(NTLM_TYPE2_MARKER); | 405 cursor += sizeof(NTLM_TYPE2_MARKER); |
405 | 406 |
406 // read target name security buffer | 407 // read target name security buffer |
407 uint32 target_len = ReadUint16(cursor); | 408 uint32_t target_len = ReadUint16(cursor); |
408 ReadUint16(cursor); // discard next 16-bit value | 409 ReadUint16(cursor); // discard next 16-bit value |
409 uint32 offset = ReadUint32(cursor); // get offset from in_buf | 410 uint32_t offset = ReadUint32(cursor); // get offset from in_buf |
410 msg->target_len = 0; | 411 msg->target_len = 0; |
411 msg->target = NULL; | 412 msg->target = NULL; |
412 // Check the offset / length combo is in range of the input buffer, including | 413 // Check the offset / length combo is in range of the input buffer, including |
413 // integer overflow checking. | 414 // integer overflow checking. |
414 if (offset + target_len > offset && offset + target_len <= in_len) { | 415 if (offset + target_len > offset && offset + target_len <= in_len) { |
415 msg->target_len = target_len; | 416 msg->target_len = target_len; |
416 msg->target = ((const uint8*) in_buf) + offset; | 417 msg->target = ((const uint8_t*)in_buf) + offset; |
417 } | 418 } |
418 | 419 |
419 // read flags | 420 // read flags |
420 msg->flags = ReadUint32(cursor); | 421 msg->flags = ReadUint32(cursor); |
421 | 422 |
422 // read challenge | 423 // read challenge |
423 memcpy(msg->challenge, cursor, sizeof(msg->challenge)); | 424 memcpy(msg->challenge, cursor, sizeof(msg->challenge)); |
424 cursor += sizeof(msg->challenge); | 425 cursor += sizeof(msg->challenge); |
425 | 426 |
426 NTLM_LOG(("NTLM type 2 message:\n")); | 427 NTLM_LOG(("NTLM type 2 message:\n")); |
427 LogBuf("target", (const uint8*) msg->target, msg->target_len); | 428 LogBuf("target", (const uint8_t*)msg->target, msg->target_len); |
428 LogBuf("flags", (const uint8*) &msg->flags, 4); | 429 LogBuf("flags", (const uint8_t*)&msg->flags, 4); |
429 LogFlags(msg->flags); | 430 LogFlags(msg->flags); |
430 LogBuf("challenge", msg->challenge, sizeof(msg->challenge)); | 431 LogBuf("challenge", msg->challenge, sizeof(msg->challenge)); |
431 | 432 |
432 // We currently do not implement LMv2/NTLMv2 or NTLM2 responses, | 433 // We currently do not implement LMv2/NTLMv2 or NTLM2 responses, |
433 // so we can ignore target information. We may want to enable | 434 // so we can ignore target information. We may want to enable |
434 // support for these alternate mechanisms in the future. | 435 // support for these alternate mechanisms in the future. |
435 return OK; | 436 return OK; |
436 } | 437 } |
437 | 438 |
438 static void GenerateRandom(uint8* output, size_t n) { | 439 static void GenerateRandom(uint8_t* output, size_t n) { |
439 for (size_t i = 0; i < n; ++i) | 440 for (size_t i = 0; i < n; ++i) |
440 output[i] = base::RandInt(0, 255); | 441 output[i] = base::RandInt(0, 255); |
441 } | 442 } |
442 | 443 |
443 // Returns OK or a network error code. | 444 // Returns OK or a network error code. |
444 static int GenerateType3Msg(const base::string16& domain, | 445 static int GenerateType3Msg(const base::string16& domain, |
445 const base::string16& username, | 446 const base::string16& username, |
446 const base::string16& password, | 447 const base::string16& password, |
447 const std::string& hostname, | 448 const std::string& hostname, |
448 const void* rand_8_bytes, | 449 const void* rand_8_bytes, |
449 const void* in_buf, | 450 const void* in_buf, |
450 uint32 in_len, | 451 uint32_t in_len, |
451 void** out_buf, | 452 void** out_buf, |
452 uint32* out_len) { | 453 uint32_t* out_len) { |
453 // in_buf contains Type-2 msg (the challenge) from server. | 454 // in_buf contains Type-2 msg (the challenge) from server. |
454 | 455 |
455 int rv; | 456 int rv; |
456 Type2Msg msg; | 457 Type2Msg msg; |
457 | 458 |
458 rv = ParseType2Msg(in_buf, in_len, &msg); | 459 rv = ParseType2Msg(in_buf, in_len, &msg); |
459 if (rv != OK) | 460 if (rv != OK) |
460 return rv; | 461 return rv; |
461 | 462 |
462 bool unicode = (msg.flags & NTLM_NegotiateUnicode) != 0; | 463 bool unicode = (msg.flags & NTLM_NegotiateUnicode) != 0; |
463 | 464 |
464 // Temporary buffers for unicode strings | 465 // Temporary buffers for unicode strings |
465 #ifdef IS_BIG_ENDIAN | 466 #ifdef IS_BIG_ENDIAN |
466 base::string16 ucs_domain_buf, ucs_user_buf; | 467 base::string16 ucs_domain_buf, ucs_user_buf; |
467 #endif | 468 #endif |
468 base::string16 ucs_host_buf; | 469 base::string16 ucs_host_buf; |
469 // Temporary buffers for oem strings | 470 // Temporary buffers for oem strings |
470 std::string oem_domain_buf, oem_user_buf; | 471 std::string oem_domain_buf, oem_user_buf; |
471 // Pointers and lengths for the string buffers; encoding is unicode if | 472 // Pointers and lengths for the string buffers; encoding is unicode if |
472 // the "negotiate unicode" flag was set in the Type-2 message. | 473 // the "negotiate unicode" flag was set in the Type-2 message. |
473 const void* domain_ptr; | 474 const void* domain_ptr; |
474 const void* user_ptr; | 475 const void* user_ptr; |
475 const void* host_ptr; | 476 const void* host_ptr; |
476 uint32 domain_len, user_len, host_len; | 477 uint32_t domain_len, user_len, host_len; |
477 | 478 |
478 // | 479 // |
479 // Get domain name. | 480 // Get domain name. |
480 // | 481 // |
481 if (unicode) { | 482 if (unicode) { |
482 #ifdef IS_BIG_ENDIAN | 483 #ifdef IS_BIG_ENDIAN |
483 ucs_domain_buf = domain; | 484 ucs_domain_buf = domain; |
484 domain_ptr = ucs_domain_buf.data(); | 485 domain_ptr = ucs_domain_buf.data(); |
485 domain_len = ucs_domain_buf.length() * 2; | 486 domain_len = ucs_domain_buf.length() * 2; |
486 WriteUnicodeLE(const_cast<void*>(domain_ptr), | 487 WriteUnicodeLE(const_cast<void*>(domain_ptr), |
(...skipping 51 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
538 // | 539 // |
539 *out_len = NTLM_TYPE3_HEADER_LEN + host_len + domain_len + user_len + | 540 *out_len = NTLM_TYPE3_HEADER_LEN + host_len + domain_len + user_len + |
540 LM_RESP_LEN + NTLM_RESP_LEN; | 541 LM_RESP_LEN + NTLM_RESP_LEN; |
541 *out_buf = malloc(*out_len); | 542 *out_buf = malloc(*out_len); |
542 if (!*out_buf) | 543 if (!*out_buf) |
543 return ERR_OUT_OF_MEMORY; | 544 return ERR_OUT_OF_MEMORY; |
544 | 545 |
545 // | 546 // |
546 // Next, we compute the LM and NTLM responses. | 547 // Next, we compute the LM and NTLM responses. |
547 // | 548 // |
548 uint8 lm_resp[LM_RESP_LEN]; | 549 uint8_t lm_resp[LM_RESP_LEN]; |
549 uint8 ntlm_resp[NTLM_RESP_LEN]; | 550 uint8_t ntlm_resp[NTLM_RESP_LEN]; |
550 uint8 ntlm_hash[NTLM_HASH_LEN]; | 551 uint8_t ntlm_hash[NTLM_HASH_LEN]; |
551 if (msg.flags & NTLM_NegotiateNTLM2Key) { | 552 if (msg.flags & NTLM_NegotiateNTLM2Key) { |
552 // compute NTLM2 session response | 553 // compute NTLM2 session response |
553 base::MD5Digest session_hash; | 554 base::MD5Digest session_hash; |
554 uint8 temp[16]; | 555 uint8_t temp[16]; |
555 | 556 |
556 memcpy(lm_resp, rand_8_bytes, 8); | 557 memcpy(lm_resp, rand_8_bytes, 8); |
557 memset(lm_resp + 8, 0, LM_RESP_LEN - 8); | 558 memset(lm_resp + 8, 0, LM_RESP_LEN - 8); |
558 | 559 |
559 memcpy(temp, msg.challenge, 8); | 560 memcpy(temp, msg.challenge, 8); |
560 memcpy(temp + 8, lm_resp, 8); | 561 memcpy(temp + 8, lm_resp, 8); |
561 base::MD5Sum(temp, 16, &session_hash); | 562 base::MD5Sum(temp, 16, &session_hash); |
562 | 563 |
563 NTLM_Hash(password, ntlm_hash); | 564 NTLM_Hash(password, ntlm_hash); |
564 LM_Response(ntlm_hash, session_hash.a, ntlm_resp); | 565 LM_Response(ntlm_hash, session_hash.a, ntlm_resp); |
565 } else { | 566 } else { |
566 NTLM_Hash(password, ntlm_hash); | 567 NTLM_Hash(password, ntlm_hash); |
567 LM_Response(ntlm_hash, msg.challenge, ntlm_resp); | 568 LM_Response(ntlm_hash, msg.challenge, ntlm_resp); |
568 | 569 |
569 if (SendLM()) { | 570 if (SendLM()) { |
570 uint8 lm_hash[LM_HASH_LEN]; | 571 uint8_t lm_hash[LM_HASH_LEN]; |
571 LM_Hash(password, lm_hash); | 572 LM_Hash(password, lm_hash); |
572 LM_Response(lm_hash, msg.challenge, lm_resp); | 573 LM_Response(lm_hash, msg.challenge, lm_resp); |
573 } else { | 574 } else { |
574 // According to http://davenport.sourceforge.net/ntlm.html#ntlmVersion2, | 575 // According to http://davenport.sourceforge.net/ntlm.html#ntlmVersion2, |
575 // the correct way to not send the LM hash is to send the NTLM hash twice | 576 // the correct way to not send the LM hash is to send the NTLM hash twice |
576 // in both the LM and NTLM response fields. | 577 // in both the LM and NTLM response fields. |
577 LM_Response(ntlm_hash, msg.challenge, lm_resp); | 578 LM_Response(ntlm_hash, msg.challenge, lm_resp); |
578 } | 579 } |
579 } | 580 } |
580 | 581 |
581 // | 582 // |
582 // Finally, we assemble the Type-3 msg :-) | 583 // Finally, we assemble the Type-3 msg :-) |
583 // | 584 // |
584 void* cursor = *out_buf; | 585 void* cursor = *out_buf; |
585 uint32 offset; | 586 uint32_t offset; |
586 | 587 |
587 // 0 : signature | 588 // 0 : signature |
588 cursor = WriteBytes(cursor, NTLM_SIGNATURE, sizeof(NTLM_SIGNATURE)); | 589 cursor = WriteBytes(cursor, NTLM_SIGNATURE, sizeof(NTLM_SIGNATURE)); |
589 | 590 |
590 // 8 : marker | 591 // 8 : marker |
591 cursor = WriteBytes(cursor, NTLM_TYPE3_MARKER, sizeof(NTLM_TYPE3_MARKER)); | 592 cursor = WriteBytes(cursor, NTLM_TYPE3_MARKER, sizeof(NTLM_TYPE3_MARKER)); |
592 | 593 |
593 // 12 : LM response sec buf | 594 // 12 : LM response sec buf |
594 offset = NTLM_TYPE3_HEADER_LEN + domain_len + user_len + host_len; | 595 offset = NTLM_TYPE3_HEADER_LEN + domain_len + user_len + host_len; |
595 cursor = WriteSecBuf(cursor, LM_RESP_LEN, offset); | 596 cursor = WriteSecBuf(cursor, LM_RESP_LEN, offset); |
596 memcpy(static_cast<uint8*>(*out_buf) + offset, lm_resp, LM_RESP_LEN); | 597 memcpy(static_cast<uint8_t*>(*out_buf) + offset, lm_resp, LM_RESP_LEN); |
597 | 598 |
598 // 20 : NTLM response sec buf | 599 // 20 : NTLM response sec buf |
599 offset += LM_RESP_LEN; | 600 offset += LM_RESP_LEN; |
600 cursor = WriteSecBuf(cursor, NTLM_RESP_LEN, offset); | 601 cursor = WriteSecBuf(cursor, NTLM_RESP_LEN, offset); |
601 memcpy(static_cast<uint8*>(*out_buf) + offset, ntlm_resp, NTLM_RESP_LEN); | 602 memcpy(static_cast<uint8_t*>(*out_buf) + offset, ntlm_resp, NTLM_RESP_LEN); |
602 | 603 |
603 // 28 : domain name sec buf | 604 // 28 : domain name sec buf |
604 offset = NTLM_TYPE3_HEADER_LEN; | 605 offset = NTLM_TYPE3_HEADER_LEN; |
605 cursor = WriteSecBuf(cursor, domain_len, offset); | 606 cursor = WriteSecBuf(cursor, domain_len, offset); |
606 memcpy(static_cast<uint8*>(*out_buf) + offset, domain_ptr, domain_len); | 607 memcpy(static_cast<uint8_t*>(*out_buf) + offset, domain_ptr, domain_len); |
607 | 608 |
608 // 36 : user name sec buf | 609 // 36 : user name sec buf |
609 offset += domain_len; | 610 offset += domain_len; |
610 cursor = WriteSecBuf(cursor, user_len, offset); | 611 cursor = WriteSecBuf(cursor, user_len, offset); |
611 memcpy(static_cast<uint8*>(*out_buf) + offset, user_ptr, user_len); | 612 memcpy(static_cast<uint8_t*>(*out_buf) + offset, user_ptr, user_len); |
612 | 613 |
613 // 44 : workstation (host) name sec buf | 614 // 44 : workstation (host) name sec buf |
614 offset += user_len; | 615 offset += user_len; |
615 cursor = WriteSecBuf(cursor, host_len, offset); | 616 cursor = WriteSecBuf(cursor, host_len, offset); |
616 memcpy(static_cast<uint8*>(*out_buf) + offset, host_ptr, host_len); | 617 memcpy(static_cast<uint8_t*>(*out_buf) + offset, host_ptr, host_len); |
617 | 618 |
618 // 52 : session key sec buf (not used) | 619 // 52 : session key sec buf (not used) |
619 cursor = WriteSecBuf(cursor, 0, 0); | 620 cursor = WriteSecBuf(cursor, 0, 0); |
620 | 621 |
621 // 60 : negotiated flags | 622 // 60 : negotiated flags |
622 cursor = WriteDWORD(cursor, msg.flags & NTLM_TYPE1_FLAGS); | 623 cursor = WriteDWORD(cursor, msg.flags & NTLM_TYPE1_FLAGS); |
623 | 624 |
624 return OK; | 625 return OK; |
625 } | 626 } |
626 | 627 |
(...skipping 49 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
676 return old_proc; | 677 return old_proc; |
677 } | 678 } |
678 | 679 |
679 HttpAuthHandlerNTLM::Factory::Factory() { | 680 HttpAuthHandlerNTLM::Factory::Factory() { |
680 } | 681 } |
681 | 682 |
682 HttpAuthHandlerNTLM::Factory::~Factory() { | 683 HttpAuthHandlerNTLM::Factory::~Factory() { |
683 } | 684 } |
684 | 685 |
685 int HttpAuthHandlerNTLM::GetNextToken(const void* in_token, | 686 int HttpAuthHandlerNTLM::GetNextToken(const void* in_token, |
686 uint32 in_token_len, | 687 uint32_t in_token_len, |
687 void** out_token, | 688 void** out_token, |
688 uint32* out_token_len) { | 689 uint32_t* out_token_len) { |
689 int rv = 0; | 690 int rv = 0; |
690 | 691 |
691 // If in_token is non-null, then assume it contains a type 2 message... | 692 // If in_token is non-null, then assume it contains a type 2 message... |
692 if (in_token) { | 693 if (in_token) { |
693 LogToken("in-token", in_token, in_token_len); | 694 LogToken("in-token", in_token, in_token_len); |
694 std::string hostname = get_host_name_proc_(); | 695 std::string hostname = get_host_name_proc_(); |
695 if (hostname.empty()) | 696 if (hostname.empty()) |
696 return ERR_UNEXPECTED; | 697 return ERR_UNEXPECTED; |
697 uint8 rand_buf[8]; | 698 uint8_t rand_buf[8]; |
698 generate_random_proc_(rand_buf, 8); | 699 generate_random_proc_(rand_buf, 8); |
699 rv = GenerateType3Msg(domain_, | 700 rv = GenerateType3Msg(domain_, |
700 credentials_.username(), credentials_.password(), | 701 credentials_.username(), credentials_.password(), |
701 hostname, rand_buf, | 702 hostname, rand_buf, |
702 in_token, in_token_len, out_token, out_token_len); | 703 in_token, in_token_len, out_token, out_token_len); |
703 } else { | 704 } else { |
704 rv = GenerateType1Msg(out_token, out_token_len); | 705 rv = GenerateType1Msg(out_token, out_token_len); |
705 } | 706 } |
706 | 707 |
707 if (rv == OK) | 708 if (rv == OK) |
(...skipping 17 matching lines...) Expand all Loading... |
725 // NOTE: Default credentials are not supported for the portable implementation | 726 // NOTE: Default credentials are not supported for the portable implementation |
726 // of NTLM. | 727 // of NTLM. |
727 scoped_ptr<HttpAuthHandler> tmp_handler(new HttpAuthHandlerNTLM); | 728 scoped_ptr<HttpAuthHandler> tmp_handler(new HttpAuthHandlerNTLM); |
728 if (!tmp_handler->InitFromChallenge(challenge, target, origin, net_log)) | 729 if (!tmp_handler->InitFromChallenge(challenge, target, origin, net_log)) |
729 return ERR_INVALID_RESPONSE; | 730 return ERR_INVALID_RESPONSE; |
730 handler->swap(tmp_handler); | 731 handler->swap(tmp_handler); |
731 return OK; | 732 return OK; |
732 } | 733 } |
733 | 734 |
734 } // namespace net | 735 } // namespace net |
OLD | NEW |