separate MSCHAP(v2) and NTLM(v2) authentication
due to linux omiting the final Z(4) in the NTLMv2 reply, and the need for the windom for LMv2 authentication, here is a new AuthNTLM ticket request now with length and dom fields.
This commit is contained in:
cinap_lenrek
parent
40f6e00b9c
commit
6e19d19285
|
|
@ -53,6 +53,7 @@ struct AuthInfo
|
|||
struct Chalstate
|
||||
{
|
||||
char *user;
|
||||
char *dom;
|
||||
char chal[MAXCHLEN];
|
||||
int nchal;
|
||||
void *resp;
|
||||
|
|
@ -71,7 +72,7 @@ struct Chapreply /* for protocol "chap" */
|
|||
char resp[MD5LEN];
|
||||
};
|
||||
|
||||
struct MSchapreply /* for protocol "mschap" */
|
||||
struct MSchapreply /* for protocol "mschap" and "ntlm" */
|
||||
{
|
||||
char LMresp[24]; /* Lan Manager response */
|
||||
char NTresp[24]; /* NT response */
|
||||
|
|
|
|||
|
|
@ -11,6 +11,7 @@ typedef struct Nvrsafe Nvrsafe;
|
|||
typedef struct Passwordreq Passwordreq;
|
||||
typedef struct OChapreply OChapreply;
|
||||
typedef struct OMSchapreply OMSchapreply;
|
||||
typedef struct NTLMreply NTLMreply;
|
||||
|
||||
typedef struct Authkey Authkey;
|
||||
|
||||
|
|
@ -62,6 +63,7 @@ enum
|
|||
AuthVNC=14, /* VNC server login (deprecated) */
|
||||
AuthPAK=19, /* authenticated diffie hellman key agreement */
|
||||
AuthMSchapv2=21,/* MS chap v2 authentication for ppp */
|
||||
AuthNTLM=22, /* NTLM authentication for cifs */
|
||||
AuthTs=64, /* ticket encrypted with server's key */
|
||||
AuthTc, /* ticket encrypted with client's key */
|
||||
AuthAs, /* server generated authenticator */
|
||||
|
|
@ -127,6 +129,16 @@ struct OMSchapreply
|
|||
};
|
||||
#define OMSCHAPREPLYLEN (ANAMELEN+24+24)
|
||||
|
||||
struct NTLMreply
|
||||
{
|
||||
uchar len[2]; /* size of structure (lsb first) */
|
||||
char uid[ANAMELEN];
|
||||
char dom[DOMLEN];
|
||||
char LMresp[24]; /* Lan Manager response */
|
||||
char NTresp[24]; /* NT response (variable length) */
|
||||
};
|
||||
#define NTLMREPLYLEN (2+ANAMELEN+DOMLEN+24+24)
|
||||
|
||||
struct Authkey
|
||||
{
|
||||
char des[DESKEYLEN]; /* DES key from password */
|
||||
|
|
|
|||
|
|
@ -10,6 +10,7 @@
|
|||
* Server protocol:
|
||||
* read challenge: 8 bytes binary (or 16 bytes for mschapv2)
|
||||
* write user: utf8
|
||||
* write dom: utf8 (ntlm)
|
||||
* write response: Chapreply or MSchapreply structure
|
||||
* ... retry another user
|
||||
*/
|
||||
|
|
@ -36,7 +37,7 @@ static int dochal(State *s);
|
|||
static int doreply(State *s, uchar *reply, int nreply);
|
||||
static int dochap(char *passwd, int id, char chal[ChapChallen], uchar *resp, int resplen);
|
||||
static int domschap(char *passwd, uchar chal[MSchallen], uchar *resp, int resplen);
|
||||
static int domschap2(char *passwd, char *user, char *dom, uchar chal[MSchallen], uchar *resp, int resplen);
|
||||
static int dontlmv2(char *passwd, char *user, char *dom, uchar chal[MSchallen], uchar *resp, int resplen);
|
||||
static void nthash(uchar hash[MShashlen], char *passwd);
|
||||
|
||||
struct State
|
||||
|
|
@ -53,6 +54,7 @@ struct State
|
|||
uchar resp[4096];
|
||||
char err[ERRMAX];
|
||||
char user[64];
|
||||
char dom[DOMLEN];
|
||||
uchar secret[16+20]; /* for mschap: MPPE Master secret + authenticator (v2) */
|
||||
int nsecret;
|
||||
};
|
||||
|
|
@ -64,6 +66,7 @@ enum
|
|||
|
||||
SHaveChal,
|
||||
SNeedUser,
|
||||
SNeedDom,
|
||||
SNeedResp,
|
||||
|
||||
Maxphase
|
||||
|
|
@ -76,6 +79,7 @@ static char *phasenames[Maxphase] =
|
|||
|
||||
[SHaveChal] "SHaveChal",
|
||||
[SNeedUser] "SNeedUser",
|
||||
[SNeedDom] "SNeedDom",
|
||||
[SNeedResp] "SNeedResp",
|
||||
};
|
||||
|
||||
|
|
@ -98,14 +102,15 @@ chapinit(Proto *p, Fsstate *fss)
|
|||
if(p == &mschapv2) {
|
||||
s->nchal = MSchallenv2;
|
||||
s->astype = AuthMSchapv2;
|
||||
} else if(p == &mschap){
|
||||
s->nchal = MSchallen;
|
||||
s->astype = AuthMSchap;
|
||||
} else if(p == &ntlm || p == &ntlmv2){
|
||||
s->nchal = MSchallen;
|
||||
s->astype = AuthNTLM;
|
||||
} else {
|
||||
if(p == &mschap || p == &mschap2){
|
||||
s->nchal = MSchallen;
|
||||
s->astype = AuthMSchap;
|
||||
}else {
|
||||
s->nchal = ChapChallen;
|
||||
s->astype = AuthChap;
|
||||
}
|
||||
s->nchal = ChapChallen;
|
||||
s->astype = AuthChap;
|
||||
}
|
||||
if(iscli)
|
||||
fss->phase = CNeedChal;
|
||||
|
|
@ -150,6 +155,7 @@ chapwrite(Fsstate *fss, void *va, uint n)
|
|||
MSchapreply *mcr;
|
||||
OChapreply *ocr;
|
||||
OMSchapreply *omcr;
|
||||
NTLMreply *ntcr;
|
||||
uchar pchal[MSchallenv2];
|
||||
uchar digest[SHA1dlen];
|
||||
uchar reply[4096];
|
||||
|
|
@ -177,20 +183,25 @@ chapwrite(Fsstate *fss, void *va, uint n)
|
|||
memset(s->resp, 0, sizeof(s->resp));
|
||||
setattrs(fss->attr, k->attr);
|
||||
switch(s->astype){
|
||||
case AuthMSchap:
|
||||
case AuthNTLM:
|
||||
if(n < MSchallen)
|
||||
break;
|
||||
if(fss->proto == &mschap2){
|
||||
if(fss->proto == &ntlmv2){
|
||||
user = _strfindattr(fss->attr, "user");
|
||||
if(user == nil)
|
||||
break;
|
||||
dom = _strfindattr(fss->attr, "windom");
|
||||
if(dom == nil)
|
||||
dom = "";
|
||||
s->nresp = domschap2(pass, user, dom, (uchar*)a, s->resp, sizeof(s->resp));
|
||||
s->nresp = dontlmv2(pass, user, dom, (uchar*)a, s->resp, sizeof(s->resp));
|
||||
} else {
|
||||
s->nresp = domschap(pass, (uchar*)a, s->resp, sizeof(s->resp));
|
||||
}
|
||||
break;
|
||||
case AuthMSchap:
|
||||
if(n < MSchallen)
|
||||
break;
|
||||
s->nresp = domschap(pass, (uchar*)a, s->resp, sizeof(s->resp));
|
||||
nthash(digest, pass);
|
||||
md4(digest, 16, digest, nil);
|
||||
ds = sha1(digest, 16, nil, nil);
|
||||
|
|
@ -253,6 +264,14 @@ chapwrite(Fsstate *fss, void *va, uint n)
|
|||
return failure(fss, "user name too long");
|
||||
memmove(s->user, va, n);
|
||||
s->user[n] = '\0';
|
||||
fss->phase = (s->astype == AuthNTLM)? SNeedDom: SNeedResp;
|
||||
return RpcOk;
|
||||
|
||||
case SNeedDom:
|
||||
if(n >= sizeof s->dom)
|
||||
return failure(fss, "domain name too long");
|
||||
memmove(s->dom, va, n);
|
||||
s->dom[n] = '\0';
|
||||
fss->phase = SNeedResp;
|
||||
return RpcOk;
|
||||
|
||||
|
|
@ -275,15 +294,29 @@ chapwrite(Fsstate *fss, void *va, uint n)
|
|||
case AuthMSchapv2:
|
||||
if(n < MSchapreplylen)
|
||||
return failure(fss, "did not get MSchapreply");
|
||||
if(n > sizeof(reply)+MSchapreplylen-OMSCHAPREPLYLEN)
|
||||
return failure(fss, "MSchapreply too long");
|
||||
mcr = (MSchapreply*)va;
|
||||
nreply = n+OMSCHAPREPLYLEN-MSchapreplylen;
|
||||
nreply = OMSCHAPREPLYLEN;
|
||||
memset(reply, 0, nreply);
|
||||
omcr = (OMSchapreply*)reply;
|
||||
strecpy(omcr->uid, omcr->uid+sizeof(omcr->uid), s->user);
|
||||
memmove(omcr->LMresp, mcr->LMresp, sizeof(omcr->LMresp));
|
||||
memmove(omcr->NTresp, mcr->NTresp, n+sizeof(mcr->NTresp)-MSchapreplylen);
|
||||
memmove(omcr->NTresp, mcr->NTresp, sizeof(mcr->NTresp));
|
||||
break;
|
||||
case AuthNTLM:
|
||||
if(n < MSchapreplylen)
|
||||
return failure(fss, "did not get MSchapreply");
|
||||
if(n > sizeof(reply)+MSchapreplylen-NTLMREPLYLEN)
|
||||
return failure(fss, "MSchapreply too long");
|
||||
mcr = (MSchapreply*)va;
|
||||
nreply = n+NTLMREPLYLEN-MSchapreplylen;
|
||||
memset(reply, 0, nreply);
|
||||
ntcr = (NTLMreply*)reply;
|
||||
ntcr->len[0] = nreply;
|
||||
ntcr->len[1] = nreply>>8;
|
||||
strecpy(ntcr->uid, ntcr->uid+sizeof(ntcr->uid), s->user);
|
||||
strecpy(ntcr->dom, ntcr->dom+sizeof(ntcr->dom), s->dom);
|
||||
memmove(ntcr->LMresp, mcr->LMresp, sizeof(ntcr->LMresp));
|
||||
memmove(ntcr->NTresp, mcr->NTresp, n+sizeof(mcr->NTresp)-MSchapreplylen);
|
||||
break;
|
||||
}
|
||||
if(doreply(s, reply, nreply) < 0){
|
||||
|
|
@ -402,12 +435,12 @@ doreply(State *s, uchar *reply, int nreply)
|
|||
werrstr(Easproto);
|
||||
return -1;
|
||||
}
|
||||
s->key->successes++;
|
||||
if(a.num != AuthAc
|
||||
|| tsmemcmp(a.chal, s->tr.chal, sizeof(a.chal)) != 0){
|
||||
werrstr(Easproto);
|
||||
return -1;
|
||||
}
|
||||
s->key->successes++;
|
||||
s->nsecret = 0;
|
||||
if(s->t.form != 0){
|
||||
if(s->astype == AuthMSchap || s->astype == AuthMSchapv2){
|
||||
|
|
@ -457,8 +490,18 @@ Proto mschapv2 = {
|
|||
.keyprompt= "user? !password?"
|
||||
};
|
||||
|
||||
Proto mschap2 = {
|
||||
.name= "mschap2", /* really NTLMv2 */
|
||||
Proto ntlm = {
|
||||
.name= "ntlm",
|
||||
.init= chapinit,
|
||||
.write= chapwrite,
|
||||
.read= chapread,
|
||||
.close= chapclose,
|
||||
.addkey= replacekey,
|
||||
.keyprompt= "user? !password?"
|
||||
};
|
||||
|
||||
Proto ntlmv2 = {
|
||||
.name= "ntlmv2",
|
||||
.init= chapinit,
|
||||
.write= chapwrite,
|
||||
.read= chapread,
|
||||
|
|
@ -582,7 +625,7 @@ domschap(char *passwd, uchar chal[MSchallen], uchar *resp, int resplen)
|
|||
}
|
||||
|
||||
static int
|
||||
domschap2(char *passwd, char *user, char *dom, uchar chal[MSchallen], uchar *resp, int resplen)
|
||||
dontlmv2(char *passwd, char *user, char *dom, uchar chal[MSchallen], uchar *resp, int resplen)
|
||||
{
|
||||
uchar hash[MShashlen], *p, *e;
|
||||
MSchapreply *r;
|
||||
|
|
|
|||
|
|
@ -221,7 +221,7 @@ void writehostowner(char*);
|
|||
/* protocols */
|
||||
extern Proto apop, cram; /* apop.c */
|
||||
extern Proto p9any, p9sk1, dp9ik; /* p9sk.c */
|
||||
extern Proto chap, mschap, mschapv2, mschap2; /* chap.c */
|
||||
extern Proto chap, mschap, mschapv2, ntlm, ntlmv2; /* chap.c */
|
||||
extern Proto p9cr, vnc; /* p9cr.c */
|
||||
extern Proto pass; /* pass.c */
|
||||
extern Proto rsa; /* rsa.c */
|
||||
|
|
|
|||
|
|
@ -32,7 +32,8 @@ prototab[] =
|
|||
&httpdigest,
|
||||
&mschap,
|
||||
&mschapv2,
|
||||
&mschap2,
|
||||
&ntlm,
|
||||
&ntlmv2,
|
||||
&p9any,
|
||||
&p9cr,
|
||||
&p9sk1,
|
||||
|
|
|
|||
|
|
@ -78,8 +78,6 @@ auth_proto(char *proto, char *windom, char *keyp, uchar *chal, int len)
|
|||
|
||||
mcr = (MSchapreply*)resp;
|
||||
nresp = sizeof(resp);
|
||||
if(strcmp(proto, "mschap") == 0)
|
||||
nresp = sizeof(*mcr); /* backwards compatibility with old factotum */
|
||||
nresp = auth_respond(chal, len, user, sizeof user, resp, nresp,
|
||||
auth_getkey, "proto=%s role=client service=cifs windom=%s %s",
|
||||
proto, windom, keyp);
|
||||
|
|
@ -109,7 +107,7 @@ auth_proto(char *proto, char *windom, char *keyp, uchar *chal, int len)
|
|||
static Auth *
|
||||
auth_lm_and_ntlm(char *windom, char *keyp, uchar *chal, int len)
|
||||
{
|
||||
return auth_proto("mschap", windom, keyp, chal, len);
|
||||
return auth_proto("ntlm", windom, keyp, chal, len);
|
||||
}
|
||||
|
||||
/*
|
||||
|
|
@ -136,7 +134,7 @@ auth_ntlm(char *windom, char *keyp, uchar *chal, int len)
|
|||
static Auth *
|
||||
auth_ntlmv2(char *windom, char *keyp, uchar *chal, int len)
|
||||
{
|
||||
return auth_proto("mschap2", windom, keyp, chal, len);
|
||||
return auth_proto("ntlmv2", windom, keyp, chal, len);
|
||||
}
|
||||
|
||||
struct {
|
||||
|
|
|
|||
|
|
@ -46,7 +46,7 @@ err:
|
|||
if(needauth){
|
||||
if(smbcs != nil)
|
||||
auth_freechal(smbcs);
|
||||
if(smbcs = auth_challenge("proto=mschap role=server")){
|
||||
if(smbcs = auth_challenge("proto=ntlm role=server")){
|
||||
c = (uchar*)smbcs->chal;
|
||||
ce = c + smbcs->nchal;
|
||||
mode = NEGOTIATE_USER_SECURITY | NEGOTIATE_ENCRYPT_PASSWORDS;
|
||||
|
|
@ -104,6 +104,7 @@ smbsessionsetupandx(Req *r, uchar *h, uchar *p, uchar *e)
|
|||
if(smbcs == nil || strlen(user) == 0)
|
||||
break;
|
||||
smbcs->user = user;
|
||||
smbcs->dom = dom;
|
||||
smbcs->nresp = (nte - nt)+sizeof(*mcr)-sizeof(mcr->NTresp);
|
||||
if(smbcs->nresp < sizeof(*mcr))
|
||||
smbcs->nresp = sizeof(*mcr);
|
||||
|
|
|
|||
|
|
@ -74,6 +74,15 @@ auth_response(Chalstate *c)
|
|||
goto Out;
|
||||
}
|
||||
}
|
||||
if(c->dom){
|
||||
if(auth_rpc(c->rpc, "write", c->dom, strlen(c->dom)) != ARok){
|
||||
/*
|
||||
* if this fails we're out of phase with factotum.
|
||||
* give up.
|
||||
*/
|
||||
goto Out;
|
||||
}
|
||||
}
|
||||
|
||||
if(auth_rpc(c->rpc, "write", c->resp, c->nresp) != ARok){
|
||||
/*
|
||||
|
|
|
|||
Loading…
Reference in a new issue