From 1d2fcf87bcc73e697198fb07493174df550d71c5 Mon Sep 17 00:00:00 2001 From: damitha Date: Tue, 31 May 2011 09:05:26 +0000 Subject: Initial commit of ntlm authentication code git-svn-id: http://svn.apache.org/repos/asf/axis/axis2/c/core/trunk@1129578 13f79535-47bb-0310-9956-ffa450edef68 --- .../transport/http/sender/ntlm/heimdal/Makefile.am | 29 ++ .../sender/ntlm/heimdal/heimdal_ntlm_wrapper.c | 378 +++++++++++++++++++++ 2 files changed, 407 insertions(+) create mode 100644 src/core/transport/http/sender/ntlm/heimdal/Makefile.am create mode 100644 src/core/transport/http/sender/ntlm/heimdal/heimdal_ntlm_wrapper.c (limited to 'src/core/transport/http/sender/ntlm/heimdal') diff --git a/src/core/transport/http/sender/ntlm/heimdal/Makefile.am b/src/core/transport/http/sender/ntlm/heimdal/Makefile.am new file mode 100644 index 0000000..05c6239 --- /dev/null +++ b/src/core/transport/http/sender/ntlm/heimdal/Makefile.am @@ -0,0 +1,29 @@ +# Licensed to the Apache Software Foundation (ASF) under one or more +# contributor license agreements. See the NOTICE file distributed with +# this work for additional information regarding copyright ownership. +# The ASF licenses this file to You under the Apache License, Version 2.0 +# (the "License"); you may not use this file except in compliance with +# the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +lib_LTLIBRARIES = libaxis2_ntlm.la + + +libaxis2_ntlm_la_SOURCES = ../ntlm.c \ + heimdal_ntlm_wrapper.c + +libaxis2_ntlm_la_LIBADD = @NTLM_LDFLAGS@ \ + $(top_builddir)/util/src/libaxutil.la + +#libaxis2_ntlm_la_LDFLAGS = -version-info $(VERSION_NO) + + +INCLUDES = -I$(top_builddir)/include \ + -I$(top_builddir)/util/include \ + @NTLM_CFLAGS@ diff --git a/src/core/transport/http/sender/ntlm/heimdal/heimdal_ntlm_wrapper.c b/src/core/transport/http/sender/ntlm/heimdal/heimdal_ntlm_wrapper.c new file mode 100644 index 0000000..eb66927 --- /dev/null +++ b/src/core/transport/http/sender/ntlm/heimdal/heimdal_ntlm_wrapper.c @@ -0,0 +1,378 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include +#include +#include +#include +#include + +#include +#include /* or */ +#include + +void AXIS2_CALL +heimdal_ntlm_wrapper_free( + axis2_ntlm_t * ntlm, + const axutil_env_t * env); + +axis2_status_t AXIS2_CALL +heimdal_ntlm_wrapper_create_type1_message( + axis2_ntlm_t * ntlm, + const axutil_env_t * env, + axis2_char_t **encoded_message, + int *encoded_len, + const axis2_char_t *uname, + const axis2_char_t *passwd, + const int flags, + const axis2_char_t *domain); + +axis2_status_t AXIS2_CALL +heimdal_ntlm_wrapper_create_type3_message( + axis2_ntlm_t * ntlm, + const axutil_env_t * env, + axis2_char_t *header_value, + axis2_char_t **encoded_message, + int *encoded_len, + const axis2_char_t *uname, + const axis2_char_t *passwd, + const axis2_char_t *domain, + const axis2_char_t *workstation); + +typedef struct heimdal_ntlm_wrapper_impl_t +{ + axis2_ntlm_t ntlm; +} heimdal_ntlm_wrapper_impl_t; + +#define AXIS2_INTF_TO_IMPL(p) ((heimdal_ntlm_wrapper_impl_t*)p) +#define AXIS2_IMPL_TO_INTF(p) &(p->ntlm) + +static const axis2_ntlm_ops_t axis2_ntlm_ops_var = { + heimdal_ntlm_wrapper_free, + heimdal_ntlm_wrapper_create_type1_message, + heimdal_ntlm_wrapper_create_type3_message }; + +AXIS2_EXTERN axis2_ntlm_t *AXIS2_CALL +axis2_ntlm_create( + const axutil_env_t *env) +{ + heimdal_ntlm_wrapper_impl_t *wrapper_impl = NULL; + wrapper_impl = (heimdal_ntlm_wrapper_impl_t *)AXIS2_MALLOC(env->allocator, + sizeof(heimdal_ntlm_wrapper_impl_t)); + + if(!wrapper_impl) + { + AXIS2_ERROR_SET(env->error, AXIS2_ERROR_NO_MEMORY, AXIS2_FAILURE); + AXIS2_LOG_ERROR(env->log, AXIS2_LOG_SI, "No memory. Cannot create heimdal ntlm wrapper"); + return NULL; + } + memset(wrapper_impl, 0, sizeof(heimdal_ntlm_wrapper_impl_t)); + wrapper_impl->ntlm.ops = &axis2_ntlm_ops_var; + return &(wrapper_impl->ntlm); +} + +/** + */ +void AXIS2_CALL +heimdal_ntlm_wrapper_free( + axis2_ntlm_t * ntlm, + const axutil_env_t * env) +{ + heimdal_ntlm_wrapper_impl_t *ntlm_impl = NULL; + ntlm_impl = AXIS2_INTF_TO_IMPL(ntlm); + + AXIS2_FREE(env->allocator, AXIS2_INTF_TO_IMPL(ntlm)); + return; +} + +axis2_status_t AXIS2_CALL +heimdal_ntlm_wrapper_create_type1_message( + axis2_ntlm_t * ntlm, + const axutil_env_t * env, + axis2_char_t **encoded_message, + int *encoded_len, + const axis2_char_t *user, + const axis2_char_t *password, + const int flags, + const axis2_char_t *domain) +{ + heimdal_ntlm_wrapper_impl_t *ntlm_impl = NULL; + AXIS2_ENV_CHECK(env, AXIS2_FAILURE); + ntlm_impl = AXIS2_INTF_TO_IMPL(ntlm); + + struct ntlm_type1 type1; + struct ntlm_buf data; + int ret; + memset(&type1, 0, sizeof(type1)); + + if(flags != 0) + { + type1.flags = NTLM_NEG_UNICODE|NTLM_NEG_TARGET|NTLM_NEG_NTLM|flags; + } + else + { + type1.flags = NTLM_NEG_UNICODE|NTLM_NEG_TARGET|NTLM_NEG_NTLM; + } + if(domain) + { + type1.domain = rk_UNCONST(domain); + } + else + { + type1.domain = NULL; + } + type1.hostname = NULL; + type1.os[0] = 0; + type1.os[1] = 0; + + ret = heim_ntlm_encode_type1(&type1, &data); + if (ret) + { + AXIS2_LOG_ERROR(env->log, AXIS2_LOG_SI, + "[heimdal_wrapper] heim_ntlm_encode_type1 call failed"); + return AXIS2_FAILURE; + } + + *encoded_message = AXIS2_MALLOC(env->allocator, (2 * data.length)); + if(!*encoded_message) + { + AXIS2_LOG_ERROR(env->log, AXIS2_LOG_SI, + "[heimdal_wrapper] Memory allocation for encoded message failed"); + return AXIS2_FAILURE; + } + *encoded_len = axutil_base64_encode_binary(*encoded_message, data.data, data.length); + + if(data.data) + { + free(data.data); + } + + return AXIS2_SUCCESS; +} + +axis2_status_t AXIS2_CALL +heimdal_ntlm_wrapper_create_type3_message( + axis2_ntlm_t * ntlm, + const axutil_env_t * env, + axis2_char_t *header_value, + axis2_char_t **encoded_message, + int *encoded_len, + const axis2_char_t *user, + const axis2_char_t *password, + const axis2_char_t *domain, + const axis2_char_t *workstation) +{ + heimdal_ntlm_wrapper_impl_t *ntlm_impl = NULL; + AXIS2_ENV_CHECK(env, AXIS2_FAILURE); + ntlm_impl = AXIS2_INTF_TO_IMPL(ntlm); + + struct ntlm_type3 type3; + struct ntlm_type2 type2; + struct ntlm_buf data; + int ret; + + memset(&type2, 0, sizeof(type2)); + + int len = axutil_strlen(header_value); + len = 2 * len + 1; + char temp_value[len]; + data.data = temp_value; + data.length = axutil_base64_decode_binary(data.data, header_value); + ret = heim_ntlm_decode_type2(&data, &type2); + data.data = NULL; + if (ret) + { + AXIS2_LOG_ERROR(env->log, AXIS2_LOG_SI, + "[heimdal_wrapper] heim_ntlm_decode_type2 call failed"); + return AXIS2_FAILURE; + } + + memset(&type3, 0, sizeof(type3)); + + type3.flags = type2.flags; + type3.username = rk_UNCONST(user); + type3.targetname = rk_UNCONST(type2.targetname); + if(workstation) + { + type3.ws = rk_UNCONST(workstation); + } + else + { + type3.ws = NULL; + } + AXIS2_LOG_DEBUG(env->log, AXIS2_LOG_SI, "type3.flags:***%d***", type3.flags); + AXIS2_LOG_DEBUG(env->log, AXIS2_LOG_SI, "type3.username:***%s***", type3.username); + AXIS2_LOG_DEBUG(env->log, AXIS2_LOG_SI, "type3.targetname:***%s***", type3.targetname); + AXIS2_LOG_DEBUG(env->log, AXIS2_LOG_SI, "type3.ws:***%s***", type3.ws); + + { + struct ntlm_buf key; + heim_ntlm_nt_key(password, &key); + + /* NTLM Version 1 if no targetinfo buffer.*/ + + if (1 || type2.targetinfo.length == 0) + { + + if (type2.flags & NTLM_NEG_NTLM2_SESSION) + { + AXIS2_LOG_DEBUG(env->log, AXIS2_LOG_SI, "[heimdal_wrapper] ntlm2 session"); + unsigned char nonce[8]; + + if (RAND_bytes(nonce, sizeof(nonce)) != 1) + { + AXIS2_LOG_ERROR(env->log, AXIS2_LOG_SI, + "[heimdal_wrapper] RAND_bytes function call failed"); + return AXIS2_FAILURE; + } + + AXIS2_LOG_DEBUG(env->log, AXIS2_LOG_SI, "[heimdal_wrapper] calculate_ntlm2_sess"); + ret = heim_ntlm_calculate_ntlm2_sess(nonce, + type2.challange, + key.data, + &type3.lm, + &type3.ntlm); + } + else + { + AXIS2_LOG_DEBUG(env->log, AXIS2_LOG_SI, "[heimdal_wrapper] calculate_ntlm1"); + ret = heim_ntlm_calculate_ntlm1(key.data, + key.length, + type2.challange, + &type3.ntlm); + + } + if (ret) + { + AXIS2_LOG_ERROR(env->log, AXIS2_LOG_SI, + "[heimdal_wrapper] heim_ntlm_calculate_ntlm1 function call failed"); + return AXIS2_FAILURE; + } + + if (type2.flags & NTLM_NEG_KEYEX) + { + struct ntlm_buf sessionkey; + + AXIS2_LOG_DEBUG(env->log, AXIS2_LOG_SI, "[heimdal_wrapper] build_ntlm1_master"); + ret = heim_ntlm_build_ntlm1_master(key.data, + key.length, + &sessionkey, + &type3.sessionkey); + if (ret) + { + if (type3.lm.data) + { + free(type3.lm.data); + } + AXIS2_LOG_ERROR(env->log, AXIS2_LOG_SI, + "[heimdal_wrapper] heim_ntlm_build_ntlm1_master function call failed"); + return AXIS2_FAILURE; + } + + free(sessionkey.data); + } + + } + else + { + unsigned char ntlmv2[16]; + struct ntlm_targetinfo ti; + + /* verify infotarget */ + + ret = heim_ntlm_decode_targetinfo(&type2.targetinfo, 1, &ti); + if(ret) + { + AXIS2_LOG_ERROR(env->log, AXIS2_LOG_SI, + "[heimdal_wrapper] heim_ntlm_decode_targetinfo function call failed"); + return AXIS2_FAILURE; + } + + if (ti.domainname && domain && strcmp(ti.domainname, domain) != 0) + { + AXIS2_LOG_ERROR(env->log, AXIS2_LOG_SI, + "[heimdal_wrapper] heim_ntlm_decode_targetinfo function returned wrong data"); + return AXIS2_FAILURE; + } + + AXIS2_LOG_DEBUG(env->log, AXIS2_LOG_SI, "[heimdal_wrapper] calculate_ntlm2"); + ret = heim_ntlm_calculate_ntlm2(key.data, + key.length, + user, + domain, + type2.challange, + &type2.targetinfo, + ntlmv2, + &type3.ntlm); + if (ret) + { + AXIS2_LOG_ERROR(env->log, AXIS2_LOG_SI, + "[heimdal_wrapper] heim_ntlm_calculate_ntlm2 function call failed"); + return AXIS2_FAILURE; + } + + if (type2.flags & NTLM_NEG_KEYEX) + { + struct ntlm_buf sessionkey; + AXIS2_LOG_DEBUG(env->log, AXIS2_LOG_SI, "[heimdal_wrapper] build_ntlm1_master"); + ret = heim_ntlm_build_ntlm1_master(ntlmv2, sizeof(ntlmv2), + &sessionkey, + &type3.sessionkey); + memset(ntlmv2, 0, sizeof(ntlmv2)); + if (ret) + { + AXIS2_LOG_ERROR(env->log, AXIS2_LOG_SI, + "[heimdal_wrapper] heim_ntlm_build_ntlm1_master function call failed"); + return AXIS2_FAILURE; + } + + free(sessionkey.data); + } + } + + if(key.data) + { + free(key.data); + } + } + + ret = heim_ntlm_encode_type3(&type3, &data); + if (ret) + { + heim_ntlm_free_type2(&type2); + AXIS2_LOG_ERROR(env->log, AXIS2_LOG_SI, + "[heimdal_wrapper] heim_ntlm_encode_type3 call failed"); + return AXIS2_FAILURE; + } + + *encoded_message = AXIS2_MALLOC(env->allocator, (2 * data.length)); + if(!*encoded_message) + { + heim_ntlm_free_type2(&type2); + free(type3.ntlm.data); + AXIS2_LOG_ERROR(env->log, AXIS2_LOG_SI, + "[heimdal_wrapper] Memory allocation for encoded message failed"); + return AXIS2_FAILURE; + } + *encoded_len = axutil_base64_encode_binary(*encoded_message, data.data, data.length); + heim_ntlm_free_type2(&type2); + free(type3.ntlm.data); + + return AXIS2_SUCCESS; +} + + -- cgit v1.1-32-gdbae