예제 #1
0
파일: ntlm.c 프로젝트: Aerotune/ruby-ntlm
static VALUE
ntlm_negotiate(VALUE obj)
{
  tSmbNtlmAuthRequest request;
  buildSmbNtlmAuthRequest(&request, "Workstation", "Domain");
  return rb_str_new((const char *)&request, SmbLength(&request));
}
예제 #2
0
파일: sspi_unix.cpp 프로젝트: acml/cvsnt
int ClientAuthenticate(const char *protocol, const char *name, const char *pwd, const char *domain, const char *hostname)
{
	tSmbNtlmAuthRequest request;
	tSmbNtlmAuthChallenge challenge;
	tSmbNtlmAuthResponse response;
	short len;
	
	buildSmbNtlmAuthRequest(&request,name?(char*)name:(char*)"",domain?(char*)domain:(char*)"");
	len=htons(SmbLength(&request));
	if(tcp_write(&len,sizeof(len))<0)
	  return 0;
	if(tcp_write(&request,SmbLength(&request))<0)
	  return 0;
	if(tcp_read(&len,2)!=2)
	  return 0;
	if(!len)
	  return 0;
	if(tcp_read(&challenge,ntohs(len))!=ntohs(len))
	  return 0;
	buildSmbNtlmAuthResponse(&challenge, &response, name?(char*)name:(char*)"", pwd?(char*)pwd:(char*)"");
	len=htons(SmbLength(&response));
	if(tcp_write(&len,sizeof(len))<0)
	  return 0;
	if(tcp_write(&response, SmbLength(&response))<0)
	  return 0;
	return 1;
}
예제 #3
0
/* does both calls*/
int
get_ntlm_page (char *url, char *user, char *password, char *domain,
	       char *responsebuf)
{
  tSmbNtlmAuthRequest request;
  char buf[15000], *response;
  unsigned char buf2[5000];
  unsigned long retval;
  int notfin;
  memset((char*)&request,0,sizeof(request));
  memset(buf,0,sizeof(buf));
  memset(buf2,0,sizeof(buf2));
  memset(&request,0x00,sizeof(request));

  /*first we request to authorize via NTLM */
  buildSmbNtlmAuthRequest ((tSmbNtlmAuthRequest *) & request, user, domain);
  /*go to base64 - need to integrate this into SPIKE proper */
  to64frombits (buf, (unsigned char *) &request, SmbLength (&request));
  /*throw that in to NTLM Auth: */

  send_ntlm_packet (buf, METHOD);
  spike_clear ();
  memset(buf,0,sizeof(buf));

  printf ("reading server response\n");

  /*now we should have gotten a valid response from the server */
  notfin = 1;
  retval = 1;
  response=NULL;
  while (retval && notfin)
    {
      memset (buf, 0x00, sizeof (buf));
      notfin = s_fd_wait ();
      if (!notfin)
	break;
      retval = read (our_spike->fd, buf, 2500);
      if (retval)
	{
	  /*here we look for the string "WWW-Authenticate: NTLM " followed
	     *             by a base64 encoded value which is deliminated by a \r\n" */
	  if (response == 0)
	    {
	      if ((response = s_scan_for_variable (buf,
						   "WWW-Authenticate: NTLM ",
						   "\r\n")) != NULL)
		{
		  /*found our string */
		  printf ("Found our WWW-auth string\n");
		  //break;
		}
	      /*printf("%s",buffer); */
	    }
	}
      else
	{
	  break;
	}
    }				/*end while read loop */
  if (response == NULL)
    {
      printf ("Couldn't find WWW-Authenticate string!\n");
      return (0);

    }

  /*Grab the NTLM AUTH: response */
  from64tobits (buf, response);
  buildSmbNtlmAuthResponse ((tSmbNtlmAuthChallenge *) buf,
			    (tSmbNtlmAuthResponse *) buf2, user, password);
  to64frombits (buf, buf2, SmbLength ((tSmbNtlmAuthResponse *) buf2));
  /*send that out */
  send_ntlm_packet (buf, METHOD);
  spike_clear ();

  /*now we should have gotten a valid response from the server */
  /*hopefully this will have 200 Ok */
  responsebuf[0] = 0;		/*clear this buffer */
  notfin = 1;
  retval = 1;
  while (retval && notfin)
    {
      memset (buf, 0x00, sizeof (buf));
      notfin = s_fd_wait ();
      if (!notfin)
	break;
      retval = read (our_spike->fd, buf, 2500);
      buf[2500] = 0;
      if (retval)
	{
          if (strlen(responsebuf)+strlen(buf)>2500)
		  return 1;
	  strcat (responsebuf, buf);
	}
    }				/*end while read loop */

  return 1;
}
예제 #4
0
int
_gsasl_ntlm_client_step (Gsasl_session * sctx,
                         void *mech_data,
                         const char *input, size_t input_len,
                         char **output, size_t * output_len)
{
    _Gsasl_ntlm_state *state = mech_data;
    tSmbNtlmAuthRequest request;
    tSmbNtlmAuthChallenge challenge;
    tSmbNtlmAuthResponse response;
    const char *domain = gsasl_property_get (sctx, GSASL_REALM);
    const char *authid = gsasl_property_get (sctx, GSASL_AUTHID);
    const char *password;
    int res;

    if (!authid)
        return GSASL_NO_AUTHID;

    switch (state->step)
    {
    case 0:
        /* Isn't this just the IMAP continuation char?  Not part of SASL mech.
           if (input_len != 1 && *input != '+')
           return GSASL_MECHANISM_PARSE_ERROR; */

        buildSmbNtlmAuthRequest (&request, authid, domain);

        *output_len = SmbLength (&request);
        *output = malloc (*output_len);
        if (!*output)
            return GSASL_MALLOC_ERROR;
        memcpy (*output, &request, *output_len);

        /* dumpSmbNtlmAuthRequest(stdout, &request); */

        state->step++;
        res = GSASL_NEEDS_MORE;
        break;

    case 1:
        if (input_len > sizeof (challenge))
            return GSASL_MECHANISM_PARSE_ERROR;

        /* Hand crafted challenge for parser testing:
           TlRMTVNTUAAAAAAAAAAAAAAAAAAAAGFiY2RlZmdoMDEyMzQ1Njc4ODY2NDQwMTIz */

        memcpy (&challenge, input, input_len);

        password = gsasl_property_get (sctx, GSASL_PASSWORD);
        if (!password)
            return GSASL_NO_PASSWORD;

        buildSmbNtlmAuthResponse (&challenge, &response, authid, password);

        *output_len = SmbLength (&response);
        *output = malloc (*output_len);
        if (!*output)
            return GSASL_MALLOC_ERROR;
        memcpy (*output, &response, *output_len);

        /* dumpSmbNtlmAuthResponse(stdout, &response); */

        state->step++;
        res = GSASL_OK;
        break;

    default:
        res = GSASL_MECHANISM_CALLED_TOO_MANY_TIMES;
        break;
    }

    return res;
}