1
/*
2
 * Copyright (c) 2006 - 2008 Kungliga Tekniska Högskolan
3
 * (Royal Institute of Technology, Stockholm, Sweden).
4
 * All rights reserved.
5
 *
6
 * Redistribution and use in source and binary forms, with or without
7
 * modification, are permitted provided that the following conditions
8
 * are met:
9
 *
10
 * 1. Redistributions of source code must retain the above copyright
11
 *    notice, this list of conditions and the following disclaimer.
12
 *
13
 * 2. Redistributions in binary form must reproduce the above copyright
14
 *    notice, this list of conditions and the following disclaimer in the
15
 *    documentation and/or other materials provided with the distribution.
16
 *
17
 * 3. Neither the name of KTH nor the names of its contributors may be
18
 *    used to endorse or promote products derived from this software without
19
 *    specific prior written permission.
20
 *
21
 * THIS SOFTWARE IS PROVIDED BY KTH AND ITS CONTRIBUTORS ``AS IS'' AND ANY
22
 * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
23
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
24
 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL KTH OR ITS CONTRIBUTORS BE
25
 * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
26
 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
27
 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
28
 * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
29
 * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
30
 * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
31
 * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
32
 */
33

34
#include "config.h"
35

36
#include <roken.h>
37
#include <stdio.h>
38
#include <gssapi.h>
39
#include <err.h>
40
#include <getarg.h>
41
#include "test_common.h"
42

43
#include <krb5.h>
44
#include <heimntlm.h>
45

46
static int
47
test_libntlm_v1(int flags)
48
{
49
    const char *user = "foo",
50
	*domain = "mydomain",
51
	*password = "digestpassword";
52
    OM_uint32 maj_stat, min_stat;
53
    gss_ctx_id_t ctx = GSS_C_NO_CONTEXT;
54
    gss_buffer_desc input, output;
55
    struct ntlm_type1 type1;
56
    struct ntlm_type2 type2;
57
    struct ntlm_type3 type3;
58
    struct ntlm_buf data;
59
    krb5_error_code ret;
60
    gss_name_t src_name = GSS_C_NO_NAME;
61

62
    memset(&type1, 0, sizeof(type1));
63
    memset(&type2, 0, sizeof(type2));
64
    memset(&type3, 0, sizeof(type3));
65

66
    type1.flags = NTLM_NEG_UNICODE|NTLM_NEG_TARGET|NTLM_NEG_NTLM|flags;
67
    type1.domain = strdup(domain);
68
    type1.hostname = NULL;
69
    type1.os[0] = 0;
70
    type1.os[1] = 0;
71

72
    ret = heim_ntlm_encode_type1(&type1, &data);
73
    if (ret)
74
	errx(1, "heim_ntlm_encode_type1");
75

76
    input.value = data.data;
77
    input.length = data.length;
78

79
    output.length = 0;
80
    output.value = NULL;
81

82
    maj_stat = gss_accept_sec_context(&min_stat,
83
				      &ctx,
84
				      GSS_C_NO_CREDENTIAL,
85
				      &input,
86
				      GSS_C_NO_CHANNEL_BINDINGS,
87
				      NULL,
88
				      NULL,
89
				      &output,
90
				      NULL,
91
				      NULL,
92
				      NULL);
93
    free(data.data);
94
    if (GSS_ERROR(maj_stat))
95
	errx(1, "accept_sec_context v1: %s",
96
	     gssapi_err(maj_stat, min_stat, GSS_C_NO_OID));
97

98
    if (output.length == 0)
99
	errx(1, "output.length == 0");
100

101
    data.data = output.value;
102
    data.length = output.length;
103

104
    ret = heim_ntlm_decode_type2(&data, &type2);
105
    if (ret)
106
	errx(1, "heim_ntlm_decode_type2");
107

108
    gss_release_buffer(&min_stat, &output);
109

110
    type3.flags = type2.flags;
111
    type3.username = rk_UNCONST(user);
112
    type3.targetname = type2.targetname;
113
    type3.ws = rk_UNCONST("workstation");
114

115
    {
116
	struct ntlm_buf key;
117

118
	heim_ntlm_nt_key(password, &key);
119

120
	heim_ntlm_calculate_ntlm1(key.data, key.length,
121
				  type2.challenge,
122
				  &type3.ntlm);
123

124
	if (flags & NTLM_NEG_KEYEX) {
125
	    struct ntlm_buf sessionkey;
126
	    heim_ntlm_build_ntlm1_master(key.data, key.length,
127
					 &sessionkey,
128
				     &type3.sessionkey);
129
	    free(sessionkey.data);
130
	}
131
	free(key.data);
132
    }
133

134
    ret = heim_ntlm_encode_type3(&type3, &data);
135
    if (ret)
136
	errx(1, "heim_ntlm_encode_type3");
137

138
    input.length = data.length;
139
    input.value = data.data;
140

141
    maj_stat = gss_accept_sec_context(&min_stat,
142
				      &ctx,
143
				      GSS_C_NO_CREDENTIAL,
144
				      &input,
145
				      GSS_C_NO_CHANNEL_BINDINGS,
146
				      &src_name,
147
				      NULL,
148
				      &output,
149
				      NULL,
150
				      NULL,
151
				      NULL);
152
    free(input.value);
153
    if (maj_stat != GSS_S_COMPLETE)
154
	errx(1, "accept_sec_context v1 2 %s",
155
	     gssapi_err(maj_stat, min_stat, GSS_C_NO_OID));
156

157
    gss_release_buffer(&min_stat, &output);
158
    gss_delete_sec_context(&min_stat, &ctx, NULL);
159

160
    if (src_name == GSS_C_NO_NAME)
161
	errx(1, "no source name!");
162

163
    gss_display_name(&min_stat, src_name, &output, NULL);
164

165
    printf("src_name: %.*s\n", (int)output.length, (char*)output.value);
166

167
    gss_release_name(&min_stat, &src_name);
168
    gss_release_buffer(&min_stat, &output);
169

170
    return 0;
171
}
172

173
static int
174
test_libntlm_v2(int flags)
175
{
176
    const char *user = "foo",
177
	*domain = "mydomain",
178
	*password = "digestpassword";
179
    OM_uint32 maj_stat, min_stat;
180
    gss_ctx_id_t ctx = GSS_C_NO_CONTEXT;
181
    gss_buffer_desc input, output;
182
    struct ntlm_type1 type1;
183
    struct ntlm_type2 type2;
184
    struct ntlm_type3 type3;
185
    struct ntlm_buf data;
186
    krb5_error_code ret;
187

188
    memset(&type1, 0, sizeof(type1));
189
    memset(&type2, 0, sizeof(type2));
190
    memset(&type3, 0, sizeof(type3));
191

192
    type1.flags = NTLM_NEG_UNICODE|NTLM_NEG_NTLM|flags;
193
    type1.domain = strdup(domain);
194
    type1.hostname = NULL;
195
    type1.os[0] = 0;
196
    type1.os[1] = 0;
197

198
    ret = heim_ntlm_encode_type1(&type1, &data);
199
    if (ret)
200
	errx(1, "heim_ntlm_encode_type1");
201

202
    input.value = data.data;
203
    input.length = data.length;
204

205
    output.length = 0;
206
    output.value = NULL;
207

208
    maj_stat = gss_accept_sec_context(&min_stat,
209
				      &ctx,
210
				      GSS_C_NO_CREDENTIAL,
211
				      &input,
212
				      GSS_C_NO_CHANNEL_BINDINGS,
213
				      NULL,
214
				      NULL,
215
				      &output,
216
				      NULL,
217
				      NULL,
218
				      NULL);
219
    free(data.data);
220
    if (GSS_ERROR(maj_stat))
221
	errx(1, "accept_sec_context v2 %s",
222
	     gssapi_err(maj_stat, min_stat, GSS_C_NO_OID));
223

224
    if (output.length == 0)
225
	errx(1, "output.length == 0");
226

227
    data.data = output.value;
228
    data.length = output.length;
229

230
    ret = heim_ntlm_decode_type2(&data, &type2);
231
    if (ret)
232
	errx(1, "heim_ntlm_decode_type2");
233

234
    type3.flags = type2.flags;
235
    type3.username = rk_UNCONST(user);
236
    type3.targetname = type2.targetname;
237
    type3.ws = rk_UNCONST("workstation");
238

239
    {
240
	struct ntlm_buf key;
241
	unsigned char ntlmv2[16];
242

243
	heim_ntlm_nt_key(password, &key);
244

245
	heim_ntlm_calculate_ntlm2(key.data, key.length,
246
				  user,
247
				  type2.targetname,
248
				  type2.challenge,
249
				  &type2.targetinfo,
250
				  ntlmv2,
251
				  &type3.ntlm);
252
	free(key.data);
253

254
	if (flags & NTLM_NEG_KEYEX) {
255
	    struct ntlm_buf sessionkey;
256
	    heim_ntlm_build_ntlm1_master(ntlmv2, sizeof(ntlmv2),
257
					 &sessionkey,
258
					 &type3.sessionkey);
259
	    free(sessionkey.data);
260
	}
261
    }
262

263
    ret = heim_ntlm_encode_type3(&type3, &data);
264
    if (ret)
265
	errx(1, "heim_ntlm_encode_type3");
266

267
    input.length = data.length;
268
    input.value = data.data;
269

270
    maj_stat = gss_accept_sec_context(&min_stat,
271
				      &ctx,
272
				      GSS_C_NO_CREDENTIAL,
273
				      &input,
274
				      GSS_C_NO_CHANNEL_BINDINGS,
275
				      NULL,
276
				      NULL,
277
				      &output,
278
				      NULL,
279
				      NULL,
280
				      NULL);
281
    free(input.value);
282
    if (maj_stat != GSS_S_COMPLETE)
283
	errx(1, "accept_sec_context v2 2 %s",
284
	     gssapi_err(maj_stat, min_stat, GSS_C_NO_OID));
285

286
    gss_delete_sec_context(&min_stat, &ctx, NULL);
287

288
    return 0;
289
}
290

291

292

293
static int version_flag = 0;
294
static int help_flag	= 0;
295

296
static struct getargs args[] = {
297
    {"version",	0,	arg_flag,	&version_flag, "print version", NULL },
298
    {"help",	0,	arg_flag,	&help_flag,  NULL, NULL }
299
};
300

301
static void
302
usage (int ret)
303
{
304
    arg_printusage (args, sizeof(args)/sizeof(*args),
305
		    NULL, "");
306
    exit (ret);
307
}
308

309
int
310
main(int argc, char **argv)
311
{
312
    int ret = 0, optind = 0;
313

314
    setprogname(argv[0]);
315

316
    if(getarg(args, sizeof(args) / sizeof(args[0]), argc, argv, &optind))
317
	usage(1);
318

319
    if (help_flag)
320
	usage (0);
321

322
    if(version_flag){
323
	print_version(NULL);
324
	exit(0);
325
    }
326

327
    argc -= optind;
328
    argv += optind;
329

330
    ret += test_libntlm_v1(0);
331
    ret += test_libntlm_v1(NTLM_NEG_KEYEX);
332

333
    ret += test_libntlm_v2(0);
334
    ret += test_libntlm_v2(NTLM_NEG_KEYEX);
335

336
    return 0;
337
}
338

339