2 * Copyright (c) 2006 Kungliga Tekniska Högskolan
3 * (Royal Institute of Technology, Stockholm, Sweden).
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
13 * 2. Redistributions in binary form must reproduce the above copyright
14 * notice, this list of conditions and the following disclaimer in the
15 * documentation and/or other materials provided with the distribution.
17 * 3. Neither the name of the Institute nor the names of its contributors
18 * may be used to endorse or promote products derived from this software
19 * without specific prior written permission.
21 * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
22 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
23 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
24 * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
25 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
26 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
27 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
28 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
29 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
30 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
37 RCSID("$Id: digest.c,v 1.19 2006/12/28 17:03:51 lha Exp $");
40 #define DIGEST_MD5 0x08
42 #define NTLM_V1_SESSION 0x02
45 const struct units _kdc_digestunits[] = {
46 {"chap-md5", 1U << 4},
47 {"digest-md5", 1U << 3},
49 {"ntlm-v1-session", 1U << 1},
55 static krb5_error_code
56 get_digest_key(krb5_context context,
57 krb5_kdc_configuration *config,
65 ret = _kdc_get_preferred_key(context,
73 return krb5_crypto_init(context, &key->key, 0, crypto);
81 get_ntlm_targetname(krb5_context context,
86 targetname = strdup(krb5_principal_get_realm(context,
87 client->entry.principal));
88 if (targetname == NULL)
91 p = strchr(targetname, '.');
99 static krb5_error_code
100 fill_targetinfo(krb5_context context,
102 hdb_entry_ex *client,
105 struct ntlm_targetinfo ti;
111 memset(&ti, 0, sizeof(ti));
113 ti.domainname = targetname;
114 p = client->entry.principal;
115 str = krb5_principal_get_comp_string(context, p, 0);
117 (strcmp("host", str) == 0 ||
118 strcmp("ftp", str) == 0 ||
119 strcmp("imap", str) == 0 ||
120 strcmp("pop", str) == 0 ||
121 strcmp("smtp", str)))
123 str = krb5_principal_get_comp_string(context, p, 1);
124 ti.dnsservername = rk_UNCONST(str);
127 ret = heim_ntlm_encode_targetinfo(&ti, 1, &d);
132 data->length = d.length;
143 _kdc_do_digest(krb5_context context,
144 krb5_kdc_configuration *config,
145 const DigestREQ *req, krb5_data *reply,
146 const char *from, struct sockaddr *addr)
148 krb5_error_code ret = 0;
149 krb5_ticket *ticket = NULL;
150 krb5_auth_context ac = NULL;
151 krb5_keytab id = NULL;
152 krb5_crypto crypto = NULL;
156 krb5_flags ap_req_options;
159 krb5_storage *sp = NULL;
161 hdb_entry_ex *server = NULL, *user = NULL;
162 hdb_entry_ex *client = NULL;
163 char *client_name = NULL, *password = NULL;
164 krb5_data serverNonce;
166 if(!config->enable_digest) {
167 kdc_log(context, config, 0,
168 "Rejected digest request (disabled) from %s", from);
169 return KRB5KDC_ERR_POLICY;
172 krb5_data_zero(&buf);
173 krb5_data_zero(reply);
174 krb5_data_zero(&serverNonce);
175 memset(&ireq, 0, sizeof(ireq));
176 memset(&r, 0, sizeof(r));
177 memset(&rep, 0, sizeof(rep));
179 kdc_log(context, config, 0, "Digest request from %s", from);
181 ret = krb5_kt_resolve(context, "HDB:", &id);
183 kdc_log(context, config, 0, "Can't open database for digest");
187 ret = krb5_rd_req(context,
197 /* check the server principal in the ticket matches digest/R@R */
199 krb5_principal principal = NULL;
202 ret = krb5_ticket_get_server(context, ticket, &principal);
207 krb5_set_error_string(context, "Wrong digest server principal used");
208 p = krb5_principal_get_comp_string(context, principal, 0);
210 krb5_free_principal(context, principal);
213 if (strcmp(p, KRB5_DIGEST_NAME) != 0) {
214 krb5_free_principal(context, principal);
218 p = krb5_principal_get_comp_string(context, principal, 1);
220 krb5_free_principal(context, principal);
223 r = krb5_principal_get_realm(context, principal);
225 krb5_free_principal(context, principal);
228 if (strcmp(p, r) != 0) {
229 krb5_free_principal(context, principal);
232 krb5_clear_error_string(context);
234 ret = _kdc_db_fetch(context, config, principal,
235 HDB_F_GET_SERVER, NULL, &server);
239 krb5_free_principal(context, principal);
242 /* check the client is allowed to do digest auth */
244 krb5_principal principal = NULL;
246 ret = krb5_ticket_get_client(context, ticket, &principal);
250 ret = krb5_unparse_name(context, principal, &client_name);
252 krb5_free_principal(context, principal);
256 ret = _kdc_db_fetch(context, config, principal,
257 HDB_F_GET_CLIENT, NULL, &client);
258 krb5_free_principal(context, principal);
262 if (client->entry.flags.allow_digest == 0) {
263 kdc_log(context, config, 0,
264 "Client %s tried to use digest "
265 "but is not allowed to",
267 krb5_set_error_string(context,
268 "Client is not permitted to use digest");
269 ret = KRB5KDC_ERR_POLICY;
278 ret = krb5_auth_con_getremotesubkey(context, ac, &key);
282 krb5_set_error_string(context, "digest: remote subkey not found");
287 ret = krb5_crypto_init(context, key, 0, &crypto);
288 krb5_free_keyblock (context, key);
293 ret = krb5_decrypt_EncryptedData(context, crypto, KRB5_KU_DIGEST_ENCRYPT,
294 &req->innerReq, &buf);
295 krb5_crypto_destroy(context, crypto);
300 ret = decode_DigestReqInner(buf.data, buf.length, &ireq, NULL);
301 krb5_data_free(&buf);
303 krb5_set_error_string(context, "Failed to decode digest inner request");
307 kdc_log(context, config, 0, "Valid digest request from %s (%s)",
311 * Process the inner request
314 switch (ireq.element) {
315 case choice_DigestReqInner_init: {
316 unsigned char server_nonce[16], identifier;
318 RAND_pseudo_bytes(&identifier, sizeof(identifier));
319 RAND_pseudo_bytes(server_nonce, sizeof(server_nonce));
321 server_nonce[0] = kdc_time & 0xff;
322 server_nonce[1] = (kdc_time >> 8) & 0xff;
323 server_nonce[2] = (kdc_time >> 16) & 0xff;
324 server_nonce[3] = (kdc_time >> 24) & 0xff;
326 r.element = choice_DigestRepInner_initReply;
328 hex_encode(server_nonce, sizeof(server_nonce), &r.u.initReply.nonce);
329 if (r.u.initReply.nonce == NULL) {
330 krb5_set_error_string(context, "Failed to decode server nonce");
335 sp = krb5_storage_emem();
338 krb5_set_error_string(context, "out of memory");
341 ret = krb5_store_stringz(sp, ireq.u.init.type);
343 krb5_clear_error_string(context);
347 if (ireq.u.init.channel) {
350 asprintf(&s, "%s-%s:%s", r.u.initReply.nonce,
351 ireq.u.init.channel->cb_type,
352 ireq.u.init.channel->cb_binding);
354 krb5_set_error_string(context, "Failed to allocate "
359 free(r.u.initReply.nonce);
360 r.u.initReply.nonce = s;
363 ret = krb5_store_stringz(sp, r.u.initReply.nonce);
365 krb5_clear_error_string(context);
369 if (strcasecmp(ireq.u.init.type, "CHAP") == 0) {
370 r.u.initReply.identifier =
371 malloc(sizeof(*r.u.initReply.identifier));
372 if (r.u.initReply.identifier == NULL) {
373 krb5_set_error_string(context, "out of memory");
378 asprintf(r.u.initReply.identifier, "%02X", identifier & 0xff);
379 if (*r.u.initReply.identifier == NULL) {
380 krb5_set_error_string(context, "out of memory");
385 ret = krb5_store_stringz(sp, *r.u.initReply.identifier);
387 krb5_clear_error_string(context);
391 r.u.initReply.identifier = NULL;
393 if (ireq.u.init.hostname) {
394 ret = krb5_store_stringz(sp, *ireq.u.init.hostname);
396 krb5_clear_error_string(context);
401 ret = krb5_storage_to_data(sp, &buf);
403 krb5_clear_error_string(context);
407 ret = get_digest_key(context, config, server, &crypto);
411 ret = krb5_create_checksum(context,
413 KRB5_KU_DIGEST_OPAQUE,
418 krb5_crypto_destroy(context, crypto);
420 krb5_data_free(&buf);
424 ASN1_MALLOC_ENCODE(Checksum, buf.data, buf.length, &res, &size, ret);
427 krb5_set_error_string(context, "Failed to encode "
428 "checksum in digest request");
431 if (size != buf.length)
432 krb5_abortx(context, "ASN1 internal error");
434 hex_encode(buf.data, buf.length, &r.u.initReply.opaque);
436 if (r.u.initReply.opaque == NULL) {
437 krb5_clear_error_string(context);
442 kdc_log(context, config, 0, "Digest %s init request successful from %s",
443 ireq.u.init.type, from);
447 case choice_DigestReqInner_digestRequest: {
448 krb5_principal clientprincipal;
451 sp = krb5_storage_emem();
454 krb5_set_error_string(context, "out of memory");
457 ret = krb5_store_stringz(sp, ireq.u.digestRequest.type);
459 krb5_clear_error_string(context);
463 krb5_store_stringz(sp, ireq.u.digestRequest.serverNonce);
464 if (ireq.u.digestRequest.identifier) {
465 ret = krb5_store_stringz(sp, *ireq.u.digestRequest.identifier);
467 krb5_clear_error_string(context);
471 if (ireq.u.digestRequest.hostname) {
472 ret = krb5_store_stringz(sp, *ireq.u.digestRequest.hostname);
474 krb5_clear_error_string(context);
479 buf.length = strlen(ireq.u.digestRequest.opaque);
480 buf.data = malloc(buf.length);
481 if (buf.data == NULL) {
482 krb5_set_error_string(context, "out of memory");
487 ret = hex_decode(ireq.u.digestRequest.opaque, buf.data, buf.length);
489 krb5_set_error_string(context, "Failed to decode opaque");
495 ret = decode_Checksum(buf.data, buf.length, &res, NULL);
498 krb5_set_error_string(context, "Failed to decode digest Checksum");
502 ret = krb5_storage_to_data(sp, &buf);
504 krb5_clear_error_string(context);
508 serverNonce.length = strlen(ireq.u.digestRequest.serverNonce);
509 serverNonce.data = malloc(serverNonce.length);
510 if (serverNonce.data == NULL) {
511 krb5_set_error_string(context, "out of memory");
517 * CHAP does the checksum of the raw nonce, but do it for all
518 * types, since we need to check the timestamp.
523 ssize = hex_decode(ireq.u.digestRequest.serverNonce,
524 serverNonce.data, serverNonce.length);
526 krb5_set_error_string(context, "Failed to decode serverNonce");
530 serverNonce.length = ssize;
533 ret = get_digest_key(context, config, server, &crypto);
537 ret = krb5_verify_checksum(context, crypto,
538 KRB5_KU_DIGEST_OPAQUE,
539 buf.data, buf.length, &res);
540 krb5_crypto_destroy(context, crypto);
547 unsigned char *p = serverNonce.data;
550 if (serverNonce.length < 4) {
551 krb5_set_error_string(context, "server nonce too short");
555 t = p[0] | (p[1] << 8) | (p[2] << 16) | (p[3] << 24);
557 if (abs((kdc_time & 0xffffffff) - t) > context->max_skew) {
558 krb5_set_error_string(context, "time screw in server nonce ");
565 ret = krb5_parse_name(context,
566 ireq.u.digestRequest.username,
571 ret = _kdc_db_fetch(context, config, clientprincipal,
572 HDB_F_GET_CLIENT, &db, &user);
574 krb5_free_principal(context, clientprincipal);
578 ret = hdb_entry_get_password(context, db, &user->entry, &password);
579 if (ret || password == NULL) {
582 krb5_set_error_string(context, "password missing");
587 if (strcasecmp(ireq.u.digestRequest.type, "CHAP") == 0) {
589 unsigned char md[MD5_DIGEST_LENGTH];
592 if ((config->digests_allowed & CHAP_MD5) == 0) {
593 kdc_log(context, config, 0, "Digest CHAP MD5 not allowed");
597 if (ireq.u.digestRequest.identifier == NULL) {
598 krb5_set_error_string(context, "Identifier missing "
599 "from CHAP request");
604 if (hex_decode(*ireq.u.digestRequest.identifier, &id, 1) != 1) {
605 krb5_set_error_string(context, "failed to decode identifier");
611 MD5_Update(&ctx, &id, 1);
612 MD5_Update(&ctx, password, strlen(password));
613 MD5_Update(&ctx, serverNonce.data, serverNonce.length);
616 r.element = choice_DigestRepInner_response;
617 hex_encode(md, sizeof(md), &r.u.response.responseData);
618 if (r.u.response.responseData == NULL) {
619 krb5_clear_error_string(context);
623 } else if (strcasecmp(ireq.u.digestRequest.type, "SASL-DIGEST-MD5") == 0) {
625 unsigned char md[MD5_DIGEST_LENGTH];
628 if ((config->digests_allowed & DIGEST_MD5) == 0) {
629 kdc_log(context, config, 0, "Digest SASL MD5 not allowed");
633 if (ireq.u.digestRequest.nonceCount == NULL)
635 if (ireq.u.digestRequest.clientNonce == NULL)
637 if (ireq.u.digestRequest.qop == NULL)
639 if (ireq.u.digestRequest.realm == NULL)
643 MD5_Update(&ctx, ireq.u.digestRequest.username,
644 strlen(ireq.u.digestRequest.username));
645 MD5_Update(&ctx, ":", 1);
646 MD5_Update(&ctx, *ireq.u.digestRequest.realm,
647 strlen(*ireq.u.digestRequest.realm));
648 MD5_Update(&ctx, ":", 1);
649 MD5_Update(&ctx, password, strlen(password));
653 MD5_Update(&ctx, md, sizeof(md));
654 MD5_Update(&ctx, ":", 1);
655 MD5_Update(&ctx, ireq.u.digestRequest.serverNonce,
656 strlen(ireq.u.digestRequest.serverNonce));
657 MD5_Update(&ctx, ":", 1);
658 MD5_Update(&ctx, *ireq.u.digestRequest.nonceCount,
659 strlen(*ireq.u.digestRequest.nonceCount));
660 if (ireq.u.digestRequest.authid) {
661 MD5_Update(&ctx, ":", 1);
662 MD5_Update(&ctx, *ireq.u.digestRequest.authid,
663 strlen(*ireq.u.digestRequest.authid));
666 hex_encode(md, sizeof(md), &A1);
668 krb5_set_error_string(context, "out of memory");
674 MD5_Update(&ctx, "AUTHENTICATE:", sizeof("AUTHENTICATE:") - 1);
675 MD5_Update(&ctx, *ireq.u.digestRequest.uri,
676 strlen(*ireq.u.digestRequest.uri));
679 if (strcmp(ireq.u.digestRequest.digest, "clear") != 0) {
680 static char conf_zeros[] = ":00000000000000000000000000000000";
681 MD5_Update(&ctx, conf_zeros, sizeof(conf_zeros) - 1);
685 hex_encode(md, sizeof(md), &A2);
687 krb5_set_error_string(context, "out of memory");
694 MD5_Update(&ctx, A1, strlen(A2));
695 MD5_Update(&ctx, ":", 1);
696 MD5_Update(&ctx, ireq.u.digestRequest.serverNonce,
697 strlen(ireq.u.digestRequest.serverNonce));
698 MD5_Update(&ctx, ":", 1);
699 MD5_Update(&ctx, *ireq.u.digestRequest.nonceCount,
700 strlen(*ireq.u.digestRequest.nonceCount));
701 MD5_Update(&ctx, ":", 1);
702 MD5_Update(&ctx, *ireq.u.digestRequest.clientNonce,
703 strlen(*ireq.u.digestRequest.clientNonce));
704 MD5_Update(&ctx, ":", 1);
705 MD5_Update(&ctx, *ireq.u.digestRequest.qop,
706 strlen(*ireq.u.digestRequest.qop));
707 MD5_Update(&ctx, ":", 1);
708 MD5_Update(&ctx, A2, strlen(A2));
712 r.element = choice_DigestRepInner_response;
713 hex_encode(md, sizeof(md), &r.u.response.responseData);
718 if (r.u.response.responseData == NULL) {
719 krb5_set_error_string(context, "out of memory");
725 r.element = choice_DigestRepInner_error;
726 asprintf(&r.u.error.reason, "unsupported digest type %s",
727 ireq.u.digestRequest.type);
728 if (r.u.error.reason == NULL) {
729 krb5_set_error_string(context, "out of memory");
733 r.u.error.code = EINVAL;
736 kdc_log(context, config, 0, "Digest %s request successful %s",
737 ireq.u.digestRequest.type, from);
741 case choice_DigestReqInner_ntlmInit:
743 if ((config->digests_allowed & (NTLM_V1|NTLM_V1_SESSION|NTLM_V2)) == 0) {
744 kdc_log(context, config, 0, "NTLM not allowed");
749 r.element = choice_DigestRepInner_ntlmInitReply;
751 r.u.ntlmInitReply.flags = NTLM_NEG_UNICODE;
753 if ((ireq.u.ntlmInit.flags & NTLM_NEG_UNICODE) == 0) {
754 kdc_log(context, config, 0, "NTLM client have no unicode");
758 if (ireq.u.ntlmInit.flags & NTLM_NEG_NTLM)
759 r.u.ntlmInitReply.flags |= NTLM_NEG_NTLM;
761 kdc_log(context, config, 0, "NTLM client doesn't support NTLM");
765 r.u.ntlmInitReply.flags |=
766 NTLM_NEG_TARGET_DOMAIN |
772 NTLM_NEG_ALWAYS_SIGN| \
773 NTLM_NEG_NTLM2_SESSION| \
776 r.u.ntlmInitReply.flags |= (ireq.u.ntlmInit.flags & (ALL));
780 r.u.ntlmInitReply.targetname =
781 get_ntlm_targetname(context, client);
782 if (r.u.ntlmInitReply.targetname == NULL) {
783 krb5_set_error_string(context, "out of memory");
787 r.u.ntlmInitReply.challange.data = malloc(8);
788 if (r.u.ntlmInitReply.challange.data == NULL) {
789 krb5_set_error_string(context, "out of memory");
793 r.u.ntlmInitReply.challange.length = 8;
794 if (RAND_bytes(r.u.ntlmInitReply.challange.data,
795 r.u.ntlmInitReply.challange.length) != 1)
797 krb5_set_error_string(context, "out of random error");
801 /* XXX fix targetinfo */
802 ALLOC(r.u.ntlmInitReply.targetinfo);
803 if (r.u.ntlmInitReply.targetinfo == NULL) {
804 krb5_set_error_string(context, "out of memory");
809 ret = fill_targetinfo(context,
810 r.u.ntlmInitReply.targetname,
812 r.u.ntlmInitReply.targetinfo);
814 krb5_set_error_string(context, "out of memory");
820 * Save data encryted in opaque for the second part of the
821 * ntlm authentication
823 sp = krb5_storage_emem();
826 krb5_set_error_string(context, "out of memory");
830 ret = krb5_storage_write(sp, r.u.ntlmInitReply.challange.data, 8);
833 krb5_set_error_string(context, "storage write challange");
836 ret = krb5_store_uint32(sp, r.u.ntlmInitReply.flags);
838 krb5_clear_error_string(context);
842 ret = krb5_storage_to_data(sp, &buf);
844 krb5_clear_error_string(context);
848 ret = get_digest_key(context, config, server, &crypto);
852 ret = krb5_encrypt(context, crypto, KRB5_KU_DIGEST_OPAQUE,
853 buf.data, buf.length, &r.u.ntlmInitReply.opaque);
854 krb5_data_free(&buf);
855 krb5_crypto_destroy(context, crypto);
860 kdc_log(context, config, 0, "NTLM init from %s", from);
864 case choice_DigestReqInner_ntlmRequest: {
865 krb5_principal clientprincipal;
866 unsigned char sessionkey[16];
867 unsigned char challange[8];
872 r.element = choice_DigestRepInner_ntlmResponse;
873 r.u.ntlmResponse.success = 0;
874 r.u.ntlmResponse.flags = 0;
875 r.u.ntlmResponse.sessionkey = NULL;
876 r.u.ntlmResponse.tickets = NULL;
879 ret = krb5_parse_name(context,
880 ireq.u.ntlmRequest.username,
885 ret = _kdc_db_fetch(context, config, clientprincipal,
886 HDB_F_GET_CLIENT, NULL, &user);
887 krb5_free_principal(context, clientprincipal);
889 krb5_set_error_string(context, "NTLM user %s not in database",
890 ireq.u.ntlmRequest.username);
894 ret = get_digest_key(context, config, server, &crypto);
898 ret = krb5_decrypt(context, crypto, KRB5_KU_DIGEST_OPAQUE,
899 ireq.u.ntlmRequest.opaque.data,
900 ireq.u.ntlmRequest.opaque.length, &buf);
901 krb5_crypto_destroy(context, crypto);
906 sp = krb5_storage_from_data(&buf);
909 krb5_set_error_string(context, "out of memory");
913 ret = krb5_storage_read(sp, challange, sizeof(challange));
914 if (ret != sizeof(challange)) {
915 krb5_set_error_string(context, "NTLM storage read challange");
919 ret = krb5_ret_uint32(sp, &flags);
921 krb5_set_error_string(context, "NTLM storage read flags");
924 krb5_data_free(&buf);
926 if ((flags & NTLM_NEG_NTLM) == 0) {
928 krb5_set_error_string(context, "NTLM not negotiated");
932 ret = hdb_enctype2key(context, &user->entry,
933 ETYPE_ARCFOUR_HMAC_MD5, &key);
935 krb5_set_error_string(context, "NTLM missing arcfour key");
939 /* check if this is NTLMv2 */
940 if (ireq.u.ntlmRequest.ntlm.length != 24) {
941 struct ntlm_buf infotarget, answer;
944 if ((config->digests_allowed & NTLM_V2) == 0) {
945 kdc_log(context, config, 0, "NTLM v2 not allowed");
951 targetname = get_ntlm_targetname(context, client);
952 if (targetname == NULL) {
953 krb5_set_error_string(context, "out of memory");
958 answer.length = ireq.u.ntlmRequest.ntlm.length;
959 answer.data = ireq.u.ntlmRequest.ntlm.data;
961 ret = heim_ntlm_verify_ntlm2(key->key.keyvalue.data,
962 key->key.keyvalue.length,
963 ireq.u.ntlmRequest.username,
972 krb5_set_error_string(context, "NTLM v2 verify failed");
976 /* XXX verify infotarget matches client (checksum ?) */
978 free(infotarget.data);
982 struct ntlm_buf answer;
986 if (flags & NTLM_NEG_NTLM2_SESSION) {
987 char sessionhash[MD5_DIGEST_LENGTH];
990 if ((config->digests_allowed & NTLM_V1_SESSION) == 0) {
991 kdc_log(context, config, 0, "NTLM v1-session not allowed");
995 if (ireq.u.ntlmRequest.lm.length != 24) {
996 krb5_set_error_string(context, "LM hash have wrong length "
997 "for NTLM session key");
1003 MD5_Update(&md5ctx, challange, sizeof(challange));
1004 MD5_Update(&md5ctx, ireq.u.ntlmRequest.lm.data, 8);
1005 MD5_Final(sessionhash, &md5ctx);
1006 memcpy(challange, sessionhash, sizeof(challange));
1008 if ((config->digests_allowed & NTLM_V1) == 0) {
1009 kdc_log(context, config, 0, "NTLM v1 not allowed");
1014 ret = heim_ntlm_calculate_ntlm1(key->key.keyvalue.data,
1015 key->key.keyvalue.length,
1016 challange, &answer);
1018 krb5_set_error_string(context, "NTLM missing arcfour key");
1022 if (ireq.u.ntlmRequest.ntlm.length != answer.length ||
1023 memcmp(ireq.u.ntlmRequest.ntlm.data, answer.data, answer.length) != 0)
1027 krb5_set_error_string(context, "NTLM hash mismatch");
1037 key->key.keyvalue.data, key->key.keyvalue.length);
1038 MD4_Final(sessionkey, &ctx);
1042 if (ireq.u.ntlmRequest.sessionkey) {
1043 unsigned char masterkey[MD4_DIGEST_LENGTH];
1047 if ((flags & NTLM_NEG_KEYEX) == 0) {
1048 krb5_set_error_string(context,
1049 "NTLM client failed to neg key "
1050 "exchange but still sent key");
1054 len = ireq.u.ntlmRequest.sessionkey->length;
1055 if (len != sizeof(masterkey)){
1056 krb5_set_error_string(context,
1057 "NTLM master key wrong length: %lu",
1058 (unsigned long)len);
1062 RC4_set_key(&rc4, sizeof(sessionkey), sessionkey);
1064 RC4(&rc4, sizeof(masterkey),
1065 ireq.u.ntlmRequest.sessionkey->data,
1067 memset(&rc4, 0, sizeof(rc4));
1069 r.u.ntlmResponse.sessionkey =
1070 malloc(sizeof(*r.u.ntlmResponse.sessionkey));
1071 if (r.u.ntlmResponse.sessionkey == NULL) {
1072 krb5_set_error_string(context, "out of memory");
1076 ret = krb5_data_copy(r.u.ntlmResponse.sessionkey,
1077 masterkey, sizeof(masterkey));
1079 krb5_set_error_string(context, "out of memory");
1084 r.u.ntlmResponse.success = 1;
1085 kdc_log(context, config, 0, "NTLM version %d successful for %s",
1086 version, ireq.u.ntlmRequest.username);
1091 r.element = choice_DigestRepInner_error;
1092 r.u.error.reason = strdup("unknown operation");
1093 if (r.u.error.reason == NULL) {
1094 krb5_set_error_string(context, "out of memory");
1098 r.u.error.code = EINVAL;
1102 ASN1_MALLOC_ENCODE(DigestRepInner, buf.data, buf.length, &r, &size, ret);
1104 krb5_set_error_string(context, "Failed to encode inner digest reply");
1107 if (size != buf.length)
1108 krb5_abortx(context, "ASN1 internal error");
1110 krb5_auth_con_addflags(context, ac, KRB5_AUTH_CONTEXT_USE_SUBKEY, NULL);
1112 ret = krb5_mk_rep (context, ac, &rep.apRep);
1119 ret = krb5_auth_con_getlocalsubkey(context, ac, &key);
1123 ret = krb5_crypto_init(context, key, 0, &crypto);
1124 krb5_free_keyblock (context, key);
1129 ret = krb5_encrypt_EncryptedData(context, crypto, KRB5_KU_DIGEST_ENCRYPT,
1130 buf.data, buf.length, 0,
1133 ASN1_MALLOC_ENCODE(DigestREP, reply->data, reply->length, &rep, &size, ret);
1135 krb5_set_error_string(context, "Failed to encode digest reply");
1138 if (size != reply->length)
1139 krb5_abortx(context, "ASN1 internal error");
1144 krb5_auth_con_free(context, ac);
1146 krb5_warn(context, ret, "Digest request from %s failed", from);
1148 krb5_free_ticket(context, ticket);
1150 krb5_kt_close(context, id);
1152 krb5_crypto_destroy(context, crypto);
1154 krb5_storage_free(sp);
1156 _kdc_free_ent (context, user);
1158 _kdc_free_ent (context, server);
1160 _kdc_free_ent (context, client);
1162 memset(password, 0, strlen(password));
1167 krb5_data_free(&buf);
1168 krb5_data_free(&serverNonce);
1169 free_DigestREP(&rep);
1170 free_DigestRepInner(&r);
1171 free_DigestReqInner(&ireq);