diff options
| -rw-r--r-- | lib/http_ntlm.c | 56 | ||||
| -rw-r--r-- | lib/transfer.c | 12 |
2 files changed, 45 insertions, 23 deletions
diff --git a/lib/http_ntlm.c b/lib/http_ntlm.c index f47adf894..5fec16314 100644 --- a/lib/http_ntlm.c +++ b/lib/http_ntlm.c @@ -77,7 +77,7 @@ CURLntlm Curl_input_ntlm(struct connectdata *conn, header++; if(checkprefix("NTLM", header)) { - char buffer[256]; + unsigned char buffer[256]; header += strlen("NTLM"); while(*header && isspace((int)*header)) @@ -187,7 +187,7 @@ static void mkhash(char *password, unsigned char lmbuffer[21]; unsigned char ntbuffer[21]; - unsigned char lm_pw[14]; + unsigned char pw[256]; /* for maximum 128-letter passwords! */ int len = strlen(password); unsigned char magic[] = { 0x4B, 0x47, 0x53, 0x21, 0x40, 0x23, 0x24, 0x25 }; int i; @@ -196,47 +196,46 @@ static void mkhash(char *password, len = 14; for (i=0; i<len; i++) - lm_pw[i] = toupper(password[i]); + pw[i] = toupper(password[i]); for (; i<14; i++) - lm_pw[i] = 0; + pw[i] = 0; - /* create LanManager hashed password */ { + /* create LanManager hashed password */ + DES_key_schedule ks; - setup_des_key(lm_pw, &ks); + setup_des_key(pw, &ks); DES_ecb_encrypt((DES_cblock *)magic, (DES_cblock *)lmbuffer, &ks, DES_ENCRYPT); - setup_des_key(lm_pw+7, &ks); + setup_des_key(pw+7, &ks); DES_ecb_encrypt((DES_cblock *)magic, (DES_cblock *)lmbuffer+8, &ks, DES_ENCRYPT); memset(lmbuffer+16, 0, 5); - } { /* create NT hashed password */ - int len = strlen(password); - unsigned char nt_pw[256]; MD4_CTX MD4; + len = strlen(password); + for (i=0; i<len; i++) { - nt_pw[2*i] = password[i]; - nt_pw[2*i+1] = 0; + pw[2*i] = password[i]; + pw[2*i+1] = 0; } MD4_Init(&MD4); - MD4_Update(&MD4, nt_pw, 2*len); - MD4_Final(nt_pw, &MD4); + MD4_Update(&MD4, pw, 2*len); + MD4_Final(ntbuffer, &MD4); memset(ntbuffer+16, 0, 5); - } - /* create responses */ + /* create responses */ calc_resp(lmbuffer, nonce, lmresp); calc_resp(ntbuffer, nonce, ntresp); } @@ -290,6 +289,12 @@ CURLcode Curl_output_ntlm(struct connectdata *conn) and sends a longer chunk of data than we do! Interestingly, there's no host or domain either. + We want to send something like this: + +0x00: 4e 54 4c 4d 53 53 50 00 01 00 00 00 03 b2 00 00 | NTLMSSP......... +0x10: 05 00 05 00 2b 00 00 00 0b 00 0b 00 20 00 00 00 | ....+........... +0x20: 4c 49 4c 4c 41 53 59 53 54 45 52 48 45 4d 4d 41 | LILLASYSTERHEMMA + */ snprintf((char *)ntlm, sizeof(ntlm), "NTLMSSP%c" @@ -300,16 +305,18 @@ CURLcode Curl_output_ntlm(struct connectdata *conn) "%c%c" /* domain length */ "%c%c" /* domain length */ "%c%c" /* domain name offset */ + "%c%c" /* 2 zeroes */ "%c%c" /* host length */ "%c%c" /* host length */ "%c%c" /* host name offset */ - "%c%c" + "%c%c" /* 2 zeroes */ "%s" /* host name */ "%s", /* domain string */ 0,0,0,0,0,0, SHORTPAIR(domlen), SHORTPAIR(domlen), SHORTPAIR(domoff), + 0,0, SHORTPAIR(hostlen), SHORTPAIR(hostlen), SHORTPAIR(hostoff), @@ -317,7 +324,7 @@ CURLcode Curl_output_ntlm(struct connectdata *conn) host, domain); /* initial packet length */ - size = 8 + 1 + 3 + 18 + hostlen + domlen; + size = 32 + hostlen + domlen; #if 0 #define CHUNK "\x4e\x54\x4c\x4d\x53\x53\x50\x00\x01\x00\x00\x00\x06\x82\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x30\x00\x00\x00\x00\x00\x00\x00\x30\x00\x00\x00" memcpy(ntlm, CHUNK, sizeof(CHUNK)-1); @@ -357,6 +364,19 @@ CURLcode Curl_output_ntlm(struct connectdata *conn) Note how the domain + username + hostname ARE NOT unicoded in any way. Domain and hostname are uppercase, while username are case sensitive. + We send something like this: + +0x00: 4e 54 4c 4d 53 53 50 00 03 00 00 00 18 00 18 00 | NTLMSSP......... +0x10: 6c 00 00 00 18 00 18 00 84 00 00 00 0a 00 0a 00 | l............... +0x20: 40 00 00 00 0c 00 0c 00 4a 00 00 00 16 00 16 00 | @.......J....... +0x30: 56 00 00 00 00 00 00 00 9c 00 00 00 01 82 00 00 | V............... +0x40: 48 00 45 00 4d 00 4d 00 41 00 64 00 61 00 6e 00 | H.E.M.M.A.d.a.n. +0x50: 69 00 65 00 6c 00 4c 00 49 00 4c 00 4c 00 41 00 | i.e.l.L.I.L.L.A. +0x60: 53 00 59 00 53 00 54 00 45 00 52 00 bc ed 28 c9 | S.Y.S.T.E.R...(. +0x70: 16 c4 1b 16 d7 c9 b4 0e ef ef 02 6d 26 8d c0 ba | ...........m&... +0x80: ac b6 5a c1 26 8d c0 ba ac b6 5a c1 26 8d c0 ba | ..Z.&.....Z.&... +0x90: ac b6 5a c1 26 8d c0 ba ac b6 5a c1 | ..Z.&.....Z. + */ int lmrespoff; diff --git a/lib/transfer.c b/lib/transfer.c index fce597884..8d59653c5 100644 --- a/lib/transfer.c +++ b/lib/transfer.c @@ -744,11 +744,13 @@ CURLcode Curl_readwrite(struct connectdata *conn, (401 == k->httpcode) && data->set.httpntlm /* NTLM authentication is activated */) { - CURLntlm ntlm; - ntlm = Curl_input_ntlm(conn, - k->p+strlen("WWW-Authenticate:")); + CURLntlm ntlm = + Curl_input_ntlm(conn, k->p+strlen("WWW-Authenticate:")); - conn->newurl = strdup(data->change.url); /* clone string */ + if(CURLNTLM_BAD != ntlm) + conn->newurl = strdup(data->change.url); /* clone string */ + else + infof(data, "Authentication problem. Ignoring this.\n"); } #endif else if(checkprefix("WWW-Authenticate:", k->p) && @@ -758,7 +760,7 @@ CURLcode Curl_readwrite(struct connectdata *conn, CURLdigest dig = CURLDIGEST_BAD; if(data->state.digest.nonce) - infof(data, "Authentication problem. Ignoring this."); + infof(data, "Authentication problem. Ignoring this.\n"); else dig = Curl_input_digest(conn, k->p+strlen("WWW-Authenticate:")); |