OLD | NEW |
---|---|
(Empty) | |
1 // Copyright 2017 The Chromium Authors. All rights reserved. | |
2 // Use of this source code is governed by a BSD-style license that can be | |
3 // found in the LICENSE file. | |
4 | |
5 #ifndef NET_BASE_NTLM_BUFFER_WRITER_H_ | |
6 #define NET_BASE_NTLM_BUFFER_WRITER_H_ | |
7 | |
8 #include <stddef.h> | |
9 #include <stdint.h> | |
10 | |
11 #include <memory> | |
12 #include <string> | |
13 | |
14 #include "base/strings/string16.h" | |
15 #include "base/strings/string_piece.h" | |
16 #include "net/base/net_export.h" | |
17 #include "net/ntlm/ntlm_constants.h" | |
18 | |
19 namespace net { | |
20 namespace ntlm { | |
21 | |
22 // Supports various bounds checked low level buffer operations required by an | |
23 // NTLM implementation. | |
24 // | |
25 // The class supports sequential write to an internally managed buffer. All | |
26 // writes perform bounds checking to ensure enough space is remaining in the | |
27 // buffer. | |
28 // | |
29 // The internal buffer is allocated in the constructor with size |buffer_len| | |
30 // and owned by the class. Use |ReleaseBufferPtr| to take ownership of the | |
31 // internal buffer. Thereafter all operations on the class will fail. | |
32 // | |
33 // Write* methods write the buffer at the current cursor position and perform | |
34 // any necessary type conversion and provide the data in out params. After a | |
35 // successful write the cursor position is advanced past the written field. | |
36 // | |
37 // Failed writes leave the internal cursor at the same position as before the | |
38 // call. | |
39 // | |
40 // Based on [MS-NLMP]: NT LAN Manager (NTLM) Authentication Protocol | |
41 // Specification version 28.0 [1]. Additional NTLM reference [2]. | |
42 // | |
43 // [1] https://msdn.microsoft.com/en-us/library/cc236621.aspx | |
44 // [2] http://davenport.sourceforge.net/ntlm.html | |
45 class NET_EXPORT_PRIVATE NtlmBufferWriter { | |
46 public: | |
47 explicit NtlmBufferWriter(size_t buffer_len); | |
48 ~NtlmBufferWriter(); | |
49 | |
50 size_t GetLength() const { return buffer_len_; } | |
51 size_t GetCursor() const { return cursor_; } | |
52 bool IsEndOfBuffer() const { return cursor_ >= GetLength(); } | |
53 | |
54 // Releases ownership of the internal buffer. Subsequent writes | |
55 // will all fail. | |
56 std::unique_ptr<uint8_t[]> ReleaseBuffer() { | |
57 buffer_len_ = 0; | |
58 cursor_ = 0; | |
59 return std::move(buffer_); | |
60 } | |
61 | |
62 // Gets a base::StringPiece view over the entire buffer. | |
63 base::StringPiece GetBuffer() const { | |
64 return base::StringPiece(reinterpret_cast<const char*>(buffer_.get()), | |
65 buffer_len_); | |
66 } | |
67 | |
68 // Returns true if there are |len| more bytes between the current cursor | |
69 // position and the end of the buffer. | |
70 bool CanWrite(size_t len) const; | |
71 | |
72 // Writes a 16 bit unsigned value (little endian). If there are not 16 | |
73 // more bits available in the buffer it returns false. | |
Ryan Sleevi
2017/07/10 15:07:57
s/buffer it/buffer, it/
zentaro
2017/07/11 14:00:30
Done.
| |
74 bool WriteUInt16(uint16_t value) WARN_UNUSED_RESULT; | |
75 | |
76 // Writes a 32 bit unsigned value (little endian). If there are not 32 | |
77 // more bits available in the buffer it returns false. | |
Ryan Sleevi
2017/07/10 15:07:57
s/buffer it/buffer, it/
zentaro
2017/07/11 14:00:30
Done.
| |
78 bool WriteUInt32(uint32_t value) WARN_UNUSED_RESULT; | |
79 | |
80 // Writes a 64 bit unsigned value (little endian). If there are not 64 | |
81 // more bits available in the buffer it returns false. | |
Ryan Sleevi
2017/07/10 15:07:57
s/buffer it/buffer, it/
zentaro
2017/07/11 14:00:29
Done.
| |
82 bool WriteUInt64(uint64_t value) WARN_UNUSED_RESULT; | |
83 | |
84 // Writes flags as a 32 bit unsigned value (little endian). | |
85 bool WriteFlags(NegotiateFlags flags) WARN_UNUSED_RESULT; | |
86 | |
87 // Writes |len| bytes from |buffer|. If there are not |len| more bytes in | |
88 // the buffer it returns false. | |
Ryan Sleevi
2017/07/10 15:07:56
s/buffer it/buffer, it/
zentaro
2017/07/11 14:00:30
Done.
| |
89 bool WriteBytes(const uint8_t* buffer, size_t len) WARN_UNUSED_RESULT; | |
90 | |
91 // Writes the bytes from the |base::StringPiece|. If there are not enough | |
92 // bytes in the buffer it returns false. | |
Ryan Sleevi
2017/07/10 15:07:56
s/buffer it/buffer, it/
zentaro
2017/07/11 14:00:29
Done.
| |
93 bool WriteBytes(base::StringPiece bytes) WARN_UNUSED_RESULT; | |
94 | |
95 // Writes |count| bytes of zeros to the buffer. If there are not |count| | |
96 // more bytes in available in the buffer it returns false. | |
Ryan Sleevi
2017/07/10 15:07:57
s/buffer it/buffer, it/
zentaro
2017/07/11 14:00:29
Done.
| |
97 bool WriteZeros(size_t count) WARN_UNUSED_RESULT; | |
98 | |
99 // A security buffer is an 8 byte structure that defines the offset and | |
100 // length of a payload (string, struct, or byte array) that appears after | |
101 // the fixed part of the message. | |
102 // | |
103 // The structure in the NTLM message is (little endian fields): | |
104 // uint16 - |length| Length of payload | |
105 // uint16 - Allocation (ignored and always set to |length|) | |
106 // uint32 - |offset| Offset from start of message | |
107 bool WriteSecurityBuffer(SecurityBuffer sec_buf) WARN_UNUSED_RESULT; | |
108 | |
109 // Writes a string of 8 bit characters to the buffer. | |
110 // | |
111 // When unicode was not negotiated only the hostname string will go through | |
Ryan Sleevi
2017/07/10 15:07:57
s/unicode/Unicode/
zentaro
2017/07/11 14:00:30
Done.
| |
112 // this code path. The 8 bit bytes of the hostname are written to the buffer. | |
113 // The encoding is not relevant. | |
114 bool WriteUtf8String(const std::string& str) WARN_UNUSED_RESULT; | |
115 | |
116 // Converts the 16 bit characters to UTF8 and writes the resulting 8 bit | |
117 // characters. | |
118 // | |
119 // If unicode was not negotiated, username and domain get converted to UTF8 | |
Ryan Sleevi
2017/07/10 15:07:57
s/unicode/Unicode/
s/username and domain/the usern
zentaro
2017/07/11 14:00:29
Done.
| |
120 // in the message. Since they are just treated as additional bytes input to | |
121 // hash the encoding doesn't matter. In practice only a very old or non- | |
Ryan Sleevi
2017/07/10 15:07:57
s/hash the/hash, the/
s/practice only/practice, on
zentaro
2017/07/11 14:00:29
Done.
| |
122 // windows server might trigger this code path since we always attempt to | |
Ryan Sleevi
2017/07/10 15:07:57
s/windows/Windows/
zentaro
2017/07/11 14:00:30
Done.
| |
123 // negotiate unicode and servers are supposed to honor that request. | |
Ryan Sleevi
2017/07/10 15:07:57
s/unicode/Unicode/
zentaro
2017/07/11 14:00:29
Done.
| |
124 bool WriteUtf16AsUtf8String(const base::string16& str) WARN_UNUSED_RESULT; | |
125 | |
126 // Treats |str| as UTF8, converts to UTF-16 and writes it with little-endian | |
127 // byte order to the buffer. | |
128 // | |
129 // Two specific strings go through this code path. | |
130 // | |
131 // One case is the hostname. When the the unicode flag has been set during | |
Ryan Sleevi
2017/07/10 15:07:57
s/unicode/Unicode/
zentaro
2017/07/11 14:00:30
Done.
| |
132 // negotiation the hostname needs to appear in the message with 16 bit | |
Ryan Sleevi
2017/07/10 15:07:57
s/negotiation the/negotiation, the/
s/16 bit/16-bi
zentaro
2017/07/11 14:00:29
Done.
| |
133 // chars. The high byte of each char is just set to 0. | |
Ryan Sleevi
2017/07/10 15:07:57
s/chars/characters/ ? This one is iffy.
zentaro
2017/07/11 14:00:29
Done. The comment about high bytes set to 0 was st
| |
134 // | |
135 // The other case is the spn. With EPA enabled it appears in the target info | |
Ryan Sleevi
2017/07/10 15:07:57
s/spn/Service Principal Name/ ?
s/EPA/Extended Pro
| |
136 // inside an AV Pair where strings always have 16 bit chars. | |
Ryan Sleevi
2017/07/10 15:07:57
s/Pair where/Pair, where/
s/16 bit/16-bit/
zentaro
2017/07/11 14:00:30
Done.
| |
137 bool WriteUtf8AsUtf16String(const std::string& str) WARN_UNUSED_RESULT; | |
138 | |
139 // Writes UTF-16 LE characters to the buffer. For these strings such as | |
Ryan Sleevi
2017/07/10 15:07:56
s/strings such/strings, such/
zentaro
2017/07/11 14:00:29
Done.
| |
140 // username and domain the actual encoding isn't really important. They are | |
Ryan Sleevi
2017/07/10 15:07:57
s/domain the/domain, the/
s/really//
s/important.
zentaro
2017/07/11 14:00:29
Done.
| |
141 // just treated as additional bytes of input to the hash. | |
142 bool WriteUtf16String(const base::string16& str) WARN_UNUSED_RESULT; | |
143 | |
144 // Writes the 8 byte NTLM signature "NTLMSSP\0" into the buffer. | |
145 bool WriteSignature() WARN_UNUSED_RESULT; | |
146 | |
147 // There are 3 message types Negotiate (sent by client), Challenge (sent by | |
148 // server), and Authenticate (sent by client). | |
149 // | |
150 // This writes |message_type| as a uint32_t into the buffer. | |
151 bool WriteMessageType(MessageType message_type) WARN_UNUSED_RESULT; | |
152 | |
153 // Performs |WriteSignature| then |WriteMessageType|. | |
154 bool WriteMessageHeader(MessageType message_type) WARN_UNUSED_RESULT; | |
155 | |
156 private: | |
157 // Writes |sizeof(T)| bytes little-endian of an integer type to the buffer. | |
158 template <typename T> | |
159 bool WriteUInt(T value); | |
160 | |
161 // Sets the cursor position. Will return false if outside the buffer. | |
162 void SetCursor(size_t cursor); | |
163 | |
164 // Advances the cursor by |count|. The caller is responsible for checking | |
165 // that the target location is within the buffer. | |
166 void AdvanceCursor(size_t count) { SetCursor(GetCursor() + count); } | |
167 | |
168 // Returns a pointer to the start of the buffer. | |
169 uint8_t* GetBufferPtr() const { return buffer_.get(); } | |
170 | |
171 // Returns pointer into the buffer at the current cursor location. | |
172 uint8_t* GetBufferPtrAtCursor() const { return buffer_.get() + GetCursor(); } | |
173 | |
174 std::unique_ptr<uint8_t[]> buffer_; | |
175 size_t buffer_len_; | |
176 size_t cursor_; | |
177 | |
178 DISALLOW_COPY_AND_ASSIGN(NtlmBufferWriter); | |
179 }; | |
180 | |
181 } // namespace ntlm | |
182 } // namespace net | |
183 | |
184 #endif // NET_BASE_NTLM_BUFFER_WRITER_H_ | |
OLD | NEW |