static VALUE
ntlm_negotiate(VALUE obj)
{
tSmbNtlmAuthRequest request;
buildSmbNtlmAuthRequest(&request, "Workstation", "Domain");
return rb_str_new((const char *)&request, SmbLength(&request));
}
int ClientAuthenticate(const char *protocol, const char *name, const char *pwd, const char *domain, const char *hostname)
{
tSmbNtlmAuthRequest request;
tSmbNtlmAuthChallenge challenge;
tSmbNtlmAuthResponse response;
short len;
buildSmbNtlmAuthRequest(&request,name?(char*)name:(char*)"",domain?(char*)domain:(char*)"");
len=htons(SmbLength(&request));
if(tcp_write(&len,sizeof(len))<0)
return 0;
if(tcp_write(&request,SmbLength(&request))<0)
return 0;
if(tcp_read(&len,2)!=2)
return 0;
if(!len)
return 0;
if(tcp_read(&challenge,ntohs(len))!=ntohs(len))
return 0;
buildSmbNtlmAuthResponse(&challenge, &response, name?(char*)name:(char*)"", pwd?(char*)pwd:(char*)"");
len=htons(SmbLength(&response));
if(tcp_write(&len,sizeof(len))<0)
return 0;
if(tcp_write(&response, SmbLength(&response))<0)
return 0;
return 1;
}
/* does both calls*/
int
get_ntlm_page (char *url, char *user, char *password, char *domain,
char *responsebuf)
{
tSmbNtlmAuthRequest request;
char buf[15000], *response;
unsigned char buf2[5000];
unsigned long retval;
int notfin;
memset((char*)&request,0,sizeof(request));
memset(buf,0,sizeof(buf));
memset(buf2,0,sizeof(buf2));
memset(&request,0x00,sizeof(request));
/*first we request to authorize via NTLM */
buildSmbNtlmAuthRequest ((tSmbNtlmAuthRequest *) & request, user, domain);
/*go to base64 - need to integrate this into SPIKE proper */
to64frombits (buf, (unsigned char *) &request, SmbLength (&request));
/*throw that in to NTLM Auth: */
send_ntlm_packet (buf, METHOD);
spike_clear ();
memset(buf,0,sizeof(buf));
printf ("reading server response\n");
/*now we should have gotten a valid response from the server */
notfin = 1;
retval = 1;
response=NULL;
while (retval && notfin)
{
memset (buf, 0x00, sizeof (buf));
notfin = s_fd_wait ();
if (!notfin)
break;
retval = read (our_spike->fd, buf, 2500);
if (retval)
{
/*here we look for the string "WWW-Authenticate: NTLM " followed
* by a base64 encoded value which is deliminated by a \r\n" */
if (response == 0)
{
if ((response = s_scan_for_variable (buf,
"WWW-Authenticate: NTLM ",
"\r\n")) != NULL)
{
/*found our string */
printf ("Found our WWW-auth string\n");
//break;
}
/*printf("%s",buffer); */
}
}
else
{
break;
}
} /*end while read loop */
if (response == NULL)
{
printf ("Couldn't find WWW-Authenticate string!\n");
return (0);
}
/*Grab the NTLM AUTH: response */
from64tobits (buf, response);
buildSmbNtlmAuthResponse ((tSmbNtlmAuthChallenge *) buf,
(tSmbNtlmAuthResponse *) buf2, user, password);
to64frombits (buf, buf2, SmbLength ((tSmbNtlmAuthResponse *) buf2));
/*send that out */
send_ntlm_packet (buf, METHOD);
spike_clear ();
/*now we should have gotten a valid response from the server */
/*hopefully this will have 200 Ok */
responsebuf[0] = 0; /*clear this buffer */
notfin = 1;
retval = 1;
while (retval && notfin)
{
memset (buf, 0x00, sizeof (buf));
notfin = s_fd_wait ();
if (!notfin)
break;
retval = read (our_spike->fd, buf, 2500);
buf[2500] = 0;
if (retval)
{
if (strlen(responsebuf)+strlen(buf)>2500)
return 1;
strcat (responsebuf, buf);
}
} /*end while read loop */
return 1;
}
int
_gsasl_ntlm_client_step (Gsasl_session * sctx,
void *mech_data,
const char *input, size_t input_len,
char **output, size_t * output_len)
{
_Gsasl_ntlm_state *state = mech_data;
tSmbNtlmAuthRequest request;
tSmbNtlmAuthChallenge challenge;
tSmbNtlmAuthResponse response;
const char *domain = gsasl_property_get (sctx, GSASL_REALM);
const char *authid = gsasl_property_get (sctx, GSASL_AUTHID);
const char *password;
int res;
if (!authid)
return GSASL_NO_AUTHID;
switch (state->step)
{
case 0:
/* Isn't this just the IMAP continuation char? Not part of SASL mech.
if (input_len != 1 && *input != '+')
return GSASL_MECHANISM_PARSE_ERROR; */
buildSmbNtlmAuthRequest (&request, authid, domain);
*output_len = SmbLength (&request);
*output = malloc (*output_len);
if (!*output)
return GSASL_MALLOC_ERROR;
memcpy (*output, &request, *output_len);
/* dumpSmbNtlmAuthRequest(stdout, &request); */
state->step++;
res = GSASL_NEEDS_MORE;
break;
case 1:
if (input_len > sizeof (challenge))
return GSASL_MECHANISM_PARSE_ERROR;
/* Hand crafted challenge for parser testing:
TlRMTVNTUAAAAAAAAAAAAAAAAAAAAGFiY2RlZmdoMDEyMzQ1Njc4ODY2NDQwMTIz */
memcpy (&challenge, input, input_len);
password = gsasl_property_get (sctx, GSASL_PASSWORD);
if (!password)
return GSASL_NO_PASSWORD;
buildSmbNtlmAuthResponse (&challenge, &response, authid, password);
*output_len = SmbLength (&response);
*output = malloc (*output_len);
if (!*output)
return GSASL_MALLOC_ERROR;
memcpy (*output, &response, *output_len);
/* dumpSmbNtlmAuthResponse(stdout, &response); */
state->step++;
res = GSASL_OK;
break;
default:
res = GSASL_MECHANISM_CALLED_TOO_MANY_TIMES;
break;
}
return res;
}
