shithub: riscv

Download patch

ref: e69cde312084f383a346f98f9d7edd42b27e2aef
parent: 87617ea25eecdb3a0e0834786ac5b9dc20f1d59d
author: cinap_lenrek <[email protected]>
date: Sun May 20 18:59:24 EDT 2018

authsrv: implement AuthNTLM

--- a/sys/src/cmd/auth/authsrv.c
+++ b/sys/src/cmd/auth/authsrv.c
@@ -9,7 +9,7 @@
 
 Ndb *db;
 char raddr[128];
-uchar zeros[16];
+uchar zeros[32];
 
 typedef struct Keyslot Keyslot;
 struct Keyslot
@@ -36,6 +36,7 @@
 void	changepasswd(Ticketreq*);
 void	apop(Ticketreq*, int);
 void	chap(Ticketreq*);
+void	ntlm(Ticketreq*);
 void	mschap(Ticketreq*, int);
 void	vnc(Ticketreq*);
 int	speaksfor(char*, char*);
@@ -106,6 +107,9 @@
 		case AuthMSchapv2:
 			mschap(&tr, MSchallenv2);
 			break;
+		case AuthNTLM:
+			ntlm(&tr);
+			break;
 		case AuthCram:
 			apop(&tr, AuthCram);
 			break;
@@ -638,61 +642,19 @@
 	exits(0);
 }
 
-enum {
-	MsvAvEOL = 0,
-	MsvAvNbComputerName,
-	MsvAvNbDomainName,
-	MsvAvDnsComputerName,
-	MsvAvDnsomainName,
-};
-
-char*
-getname(int id, uchar *ntblob, int ntbloblen, char *buf, int nbuf)
-{
-	int aid, alen, i;
-	uchar *p, *e;
-	char *d;
-	Rune r;
-
-	d = buf;
-	p = ntblob+8+8+8+4;	/* AvPair offset */
-	e = ntblob+ntbloblen;
-	while(p+4 <= e){
-		aid = *p++;
-		aid |= *p++ << 8;
-		alen = *p++;
-		alen |= *p++ << 8;
-
-		if(p+alen > e)
-			break;
-		if(aid == id){
-			for(i=0; i+1 < alen && d-buf < nbuf-(UTFmax+1); i+=2){
-				r = p[i] | p[i+1]<<8;
-				d += runetochar(d, &r);
-			}
-			break;
-		}
-		p += alen;
-	}
-	*d = '\0';
-	return buf;
-}
-
 static uchar ntblobsig[] = {0x01, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00};
 
 void
-mschap(Ticketreq *tr, int nchal)
+ntlm(Ticketreq *tr)
 {
 	char *secret;
-	char sbuf[SECRETLEN], windom[128];
-	uchar chal[16], ntblob[1024];
+	char sbuf[SECRETLEN], windom[DOMLEN];
+	uchar chal[MSchallen], ntblob[1024];
 	uchar hash[MShashlen];
 	uchar resp[MSresplen];
-	OMSchapreply reply;
+	NTLMreply reply;
 	int dupe, lmok, ntok, ntbloblen;
-	uchar phash[SHA1dlen], chash[SHA1dlen], ahash[SHA1dlen];
 	DigestState *s;
-	long timeout;
 	int tries;
 
 	/*
@@ -699,7 +661,7 @@
 	 *  Create a challenge and send it.
 	 */
 	genrandom(chal, sizeof(chal));
-	if(write(1, chal, nchal) != nchal)
+	if(write(1, chal, MSchallen) != MSchallen)
 		exits(0);
 
 	tries = 5;
@@ -708,58 +670,21 @@
 		exits(0);
 
 	/*
-	 *  get chap reply
+	 *  get NTLM reply
 	 */
-	if(readn(0, &reply, OMSCHAPREPLYLEN) < 0)
+	if(readn(0, &reply, NTLMREPLYLEN) < 0)
 		exits(0);
 
-	/*
-	 * CIFS/NTLMv2 uses variable length NT response.
-	 */
 	ntbloblen = 0;
-	if(nchal == MSchallen && memcmp(reply.NTresp+16, ntblobsig, sizeof(ntblobsig)) == 0){
-		/* Version[1], HiVision[1], Z[6] */
-		ntbloblen += 1+1+6;
-		memmove(ntblob, reply.NTresp+16, ntbloblen);
-
-		/* Time[8], CC[8], Z[4] */
-		if(readn(0, ntblob+ntbloblen, 8+8+4) < 0)
+	if(memcmp(reply.NTresp+16, ntblobsig, sizeof(ntblobsig)) == 0){
+		ntbloblen = reply.len[0] | reply.len[1]<<8;
+		ntbloblen -= NTLMREPLYLEN;
+		if(ntbloblen < 0 || ntbloblen > sizeof(ntblob)-8)
 			exits(0);
-		ntbloblen += 8+8+4;
-
-		/* variable AvPairs */
-		for(;;){
-			int len, id;
-
-			if(ntbloblen > sizeof(ntblob)-4)
-				exits(0);
-			/* AvId[2], AvLen[2], Vairable[AvLen] */
-			if(readn(0, ntblob+ntbloblen, 4) < 0)
-				exits(0);
-			id = ntblob[ntbloblen+0] | ntblob[ntbloblen+1]<<8;
-			len = ntblob[ntbloblen+2] | ntblob[ntbloblen+3]<<8;
-			ntbloblen += 4;
-
-			if(ntbloblen+len > sizeof(ntblob))
-				exits(0);
-			if(readn(0, ntblob+ntbloblen, len) < 0)
-				exits(0);
-			ntbloblen += len;
-			if(id == MsvAvEOL)
-				break;
-		}
-
-		/* Z[4] */
-		if(ntbloblen > sizeof(ntblob)-4)
+		if(readn(0, ntblob+8, ntbloblen) < 0)
 			exits(0);
-
-		/* LINUX omits the final Z(4), so read with short timeout */
-		notify(catch);
-		timeout = alarm(50);
-		if(readn(0, ntblob+ntbloblen, 4) == 4)
-			ntbloblen += 4;
-		alarm(timeout);
-		notify(nil);
+		memmove(ntblob, reply.NTresp+16, 8);
+		ntbloblen += 8;
 	}
 
 	safecpy(tr->uid, reply.uid, sizeof(tr->uid));
@@ -766,47 +691,142 @@
 	if(tr->uid[0] == 0)
 		exits(0);
 
+	safecpy(windom, reply.dom, sizeof(windom));
+
 	/*
 	 * lookup
 	 */
 	secret = findsecret(KEYDB, tr->uid, sbuf);
 	if(!getkey(tr->hostid, &hkey) || secret == nil){
-		replyerror("mschap-fail bad response %s/%s(%s)", tr->uid, tr->hostid, raddr);
+		replyerror("ntlm-fail bad response %s@%s/%s(%s)", tr->uid, windom, tr->hostid, raddr);
 		goto Retry;
 	}
 
 	if(ntbloblen > 0){
-		getname(MsvAvNbDomainName, ntblob, ntbloblen, windom, sizeof(windom));
-		for(;;){
-			ntv2hash(hash, secret, tr->uid, windom);
+		/* NTLMv2 */
+		ntv2hash(hash, secret, tr->uid, windom);
 
-			/*
-			 * LmResponse = Cat(HMAC_MD5(LmHash, Cat(SC, CC)), CC)
-			 */
-			s = hmac_md5(chal, nchal, hash, MShashlen, nil, nil);
-			hmac_md5((uchar*)reply.LMresp+16, nchal, hash, MShashlen, resp, s);
-			lmok = tsmemcmp(resp, reply.LMresp, 16) == 0;
+		/*
+		 * LmResponse = Cat(HMAC_MD5(LmHash, Cat(SC, CC)), CC)
+		 */
+		s = hmac_md5(chal, MSchallen, hash, MShashlen, nil, nil);
+		hmac_md5((uchar*)reply.LMresp+16, MSchallen, hash, MShashlen, resp, s);
+		lmok = tsmemcmp(resp, reply.LMresp, 16) == 0;
 
-			/*
-			 * NtResponse = Cat(HMAC_MD5(NtHash, Cat(SC, NtBlob)), NtBlob)
-			 */
-			s = hmac_md5(chal, nchal, hash, MShashlen, nil, nil);
-			hmac_md5(ntblob, ntbloblen, hash, MShashlen, resp, s);
-			ntok = tsmemcmp(resp, reply.NTresp, 16) == 0;
+		/*
+		 * NtResponse = Cat(HMAC_MD5(NtHash, Cat(SC, NtBlob)), NtBlob)
+		 */
+		s = hmac_md5(chal, MSchallen, hash, MShashlen, nil, nil);
+		hmac_md5(ntblob, ntbloblen, hash, MShashlen, resp, s);
+		ntok = tsmemcmp(resp, reply.NTresp, 16) == 0;
 
-			/*
-			 * LM response can be all zeros or signature key,
-			 * so make it valid when the NT respone matches.
-			 */
-			lmok |= ntok;
+		/*
+		 * LM response can be all zeros or signature key,
+		 * so make it valid when the NT respone matches.
+		 */
+		lmok |= ntok;
+		dupe = 0;
+	} else if(memcmp(reply.NTresp, zeros, MSresplen) == 0){
+		/* LMv2 */
+		ntv2hash(hash, secret, tr->uid, windom);
 
-			if(lmok || windom[0] == '\0')
-				break;
-
-			windom[0] = '\0';	/* try NIL domain */
-		}
+		/*
+		 * LmResponse = Cat(HMAC_MD5(LmHash, Cat(SC, CC)), CC)
+		 */
+		s = hmac_md5(chal, MSchallen, hash, MShashlen, nil, nil);
+		hmac_md5((uchar*)reply.LMresp+16, MSchallen, hash, MShashlen, resp, s);
+		lmok = ntok = tsmemcmp(resp, reply.LMresp, 16) == 0;
 		dupe = 0;
-	} else if(nchal == MSchallenv2){
+	} else {
+		/* LM+NTLM */
+		lmhash(hash, secret);
+		mschalresp(resp, hash, chal);
+		lmok = tsmemcmp(resp, reply.LMresp, MSresplen) == 0;
+
+		nthash(hash, secret);
+		mschalresp(resp, hash, chal);
+		ntok = tsmemcmp(resp, reply.NTresp, MSresplen) == 0;
+		dupe = tsmemcmp(reply.LMresp, reply.NTresp, MSresplen) == 0;
+	}
+
+	/*
+	 * It is valid to send the same response in both the LM and NTLM 
+	 * fields provided one of them is correct, if neither matches,
+	 * or the two fields are different and either fails to match, 
+	 * the whole sha-bang fails.
+	 *
+	 * This is an improvement in security as it allows clients who
+	 * wish to do NTLM auth (which is insecure) not to send
+	 * LM tokens (which is very insecure).
+	 *
+	 * Windows servers supports clients doing this also though
+	 * windows clients don't seem to use the feature.
+	 */
+	if((!ntok && !lmok) || ((!ntok || !lmok) && !dupe)){
+		replyerror("ntlm-fail bad response %s@%s/%s(%s)", tr->uid, windom, tr->hostid, raddr);
+		logfail(tr->uid);
+		goto Retry;
+	}
+
+	succeed(tr->uid);
+
+	/*
+	 *  reply with ticket & authenticator
+	 */
+	tickauthreply(tr, &hkey);
+
+	syslog(0, AUTHLOG, "ntlm-ok %s@%s/%s(%s)", tr->uid, windom, tr->hostid, raddr);
+
+	exits(0);
+}
+
+void
+mschap(Ticketreq *tr, int nchal)
+{
+	char *secret;
+	char sbuf[SECRETLEN];
+	uchar chal[16];
+	uchar hash[MShashlen];
+	uchar resp[MSresplen];
+	OMSchapreply reply;
+	int dupe, lmok, ntok;
+	uchar phash[SHA1dlen], chash[SHA1dlen], ahash[SHA1dlen];
+	DigestState *s;
+	int tries;
+
+	/*
+	 *  Create a challenge and send it.
+	 */
+	genrandom(chal, sizeof(chal));
+	if(write(1, chal, nchal) != nchal)
+		exits(0);
+
+	tries = 5;
+Retry:
+	if(--tries < 0)
+		exits(0);
+
+	/*
+	 *  get chap reply
+	 */
+	if(readn(0, &reply, OMSCHAPREPLYLEN) < 0)
+		exits(0);
+
+	safecpy(tr->uid, reply.uid, sizeof(tr->uid));
+	if(tr->uid[0] == 0)
+		exits(0);
+
+	/*
+	 * lookup
+	 */
+	secret = findsecret(KEYDB, tr->uid, sbuf);
+	if(!getkey(tr->hostid, &hkey) || secret == nil){
+		replyerror("mschap-fail bad response %s/%s(%s)", tr->uid, tr->hostid, raddr);
+		goto Retry;
+	}
+
+	if(nchal == MSchallenv2){
+		/* MSCHAPv2 */
 		s = sha1((uchar*)reply.LMresp, nchal, nil, nil);
 		s = sha1(chal, nchal, nil, s);
 		sha1((uchar*)tr->uid, strlen(tr->uid), chash, s);
@@ -816,6 +836,7 @@
 		ntok = lmok = tsmemcmp(resp, reply.NTresp, MSresplen) == 0;
 		dupe = 0;
 	} else {
+		/* MSCHAP (LM+NTLM) */
 		lmhash(hash, secret);
 		mschalresp(resp, hash, chal);
 		lmok = tsmemcmp(resp, reply.LMresp, MSresplen) == 0;