--------------------- PatchSet 854 Date: 2000/11/20 05:56:22 Author: rbcollins Branch: auth_rewrite Tag: (none) Log: re-organised the guts. MUUUCH better. Members: ntlm_auth_modules/fakeauth/fakeauth_auth.c:1.1.2.6.2.1->1.1.2.6.2.2 Index: squid/ntlm_auth_modules/fakeauth/fakeauth_auth.c =================================================================== RCS file: /cvsroot/squid-sf//squid/ntlm_auth_modules/fakeauth/Attic/fakeauth_auth.c,v retrieving revision 1.1.2.6.2.1 retrieving revision 1.1.2.6.2.2 diff -u -r1.1.2.6.2.1 -r1.1.2.6.2.2 --- squid/ntlm_auth_modules/fakeauth/fakeauth_auth.c 17 Nov 2000 07:33:39 -0000 1.1.2.6.2.1 +++ squid/ntlm_auth_modules/fakeauth/fakeauth_auth.c 20 Nov 2000 05:56:22 -0000 1.1.2.6.2.2 @@ -47,12 +47,15 @@ /* XXX this is not done cleanly... */ /* makes a null-terminated string lower-case. Changes CONTENTS! */ -static void lc (char *string) { - char *p=string, c; - while ((c=*p)) { - *p=tolower(c); - p++; - } +static void +lc (char *string) +{ + char *p = string, c; + while ((c = *p)) + { + *p = tolower (c); + p++; + } } @@ -61,44 +64,45 @@ * challenge strings can be guarenteed to be poor at best. */ void -ntlmMakeChallenge(struct ntlm_challenge *chal) +ntlmMakeChallenge (struct ntlm_challenge *chal) { #ifndef NTLM_STATIC_CHALLENGE - static unsigned hash; - int r; + static unsigned hash; + int r; #endif - char *d; - int i; + char *d; + int i; - memset(chal, 0, sizeof(*chal)); - memcpy(chal->hdr.signature, "NTLMSSP", 8); - chal->flags = WSWAP(0x00018206); - chal->hdr.type = WSWAP(NTLM_CHALLENGE); - chal->unknown[6] = SSWAP(0x003a); + memset (chal, 0, sizeof (*chal)); + memcpy (chal->hdr.signature, "NTLMSSP", 8); + chal->flags = WSWAP (0x00018206); + chal->hdr.type = WSWAP (NTLM_CHALLENGE); + chal->unknown[6] = SSWAP (0x003a); - d = (char *) chal + 48; - i = 0; + d = (char *) chal + 48; + i = 0; - if (authenticate_ntlm_domain != NULL) - while (authenticate_ntlm_domain[i++]); + if (authenticate_ntlm_domain != NULL) + while (authenticate_ntlm_domain[i++]); - chal->target.offset = WSWAP(48); - chal->target.maxlen = SSWAP(i); - chal->target.len = chal->target.maxlen; + chal->target.offset = WSWAP (48); + chal->target.maxlen = SSWAP (i); + chal->target.len = chal->target.maxlen; #ifdef NTLM_STATIC_CHALLENGE - memcpy(chal->challenge, NTLM_STATIC_CHALLENGE, 8); + memcpy (chal->challenge, NTLM_STATIC_CHALLENGE, 8); #else - r = (int) rand(); - r = (hash ^ r) + r; + r = (int) rand (); + r = (hash ^ r) + r; - for (i = 0; i < 8; i++) { - chal->challenge[i] = r; - r = (r >> 2) ^ r; + for (i = 0; i < 8; i++) + { + chal->challenge[i] = r; + r = (r >> 2) ^ r; } - hash = r; + hash = r; #endif } @@ -106,177 +110,200 @@ * Check the vailidity of a request header. Return -1 on error. */ int -ntlmCheckHeader(struct ntlmhdr *hdr, int type) +ntlmCheckHeader (struct ntlmhdr *hdr, int type) { - /* - * Must be the correct security package and request type. The - * 8 bytes compared includes the ASCII 'NUL'. - */ - if (memcmp(hdr->signature, "NTLMSSP", 8) != 0) { - fprintf(stderr, "ntlmCheckHeader: bad header signature\n"); - return (-1); + /* + * Must be the correct security package and request type. The + * 8 bytes compared includes the ASCII 'NUL'. + */ + if (memcmp (hdr->signature, "NTLMSSP", 8) != 0) + { + fprintf (stderr, "ntlmCheckHeader: bad header signature\n"); + return (-1); } - if (WSWAP(hdr->type) != type) { + if (type == NTLM_ANY) + return 0; + + if (WSWAP (hdr->type) != type) + { /* don't report this error - it's ok as we do a if() around this function */ -// fprintf(stderr, "ntlmCheckHeader: type is %d, wanted %d\n", -// WSWAP(hdr->type), type); - return (-1); +// fprintf(stderr, "ntlmCheckHeader: type is %d, wanted %d\n", +// WSWAP(hdr->type), type); + return (-1); } - return (0); + return (0); } /* * Extract a string from an NTLM request and return as ASCII. */ char * -ntlmGetString(ntlmhdr * hdr, strhdr * str, int flags) +ntlmGetString (ntlmhdr * hdr, strhdr * str, int flags) { - static char buf[512]; - u_short *s, c; - char *d, *sc; - int l, o; - - l = SSWAP(str->len); - o = WSWAP(str->offset); - - /* Sanity checks. XXX values arbitrarialy chosen */ - if (l <= 0 || l >= 32 || o >= 256) { - fprintf(stderr, "ntlmGetString: insane: l:%d o:%d\n", l, o); - return (NULL); - } - - if ((flags & 2) == 0) { - /* UNICODE string */ - s = (u_short *) ((char *) hdr + o); - d = buf; - - for (l >>= 1; l; s++, l--) { - c = SSWAP(*s); - if (c > 254 || c == '\0' || !isprint(c)) { - fprintf(stderr, "ntlmGetString: bad uni: %04x\n", c); - return (NULL); + static char buf[512]; + u_short *s, c; + char *d, *sc; + int l, o; + + l = SSWAP (str->len); + o = WSWAP (str->offset); + + /* Sanity checks. XXX values arbitrarialy chosen */ + if (l <= 0 || l >= 32 || o >= 256) + { + fprintf (stderr, "ntlmGetString: insane: l:%d o:%d\n", l, o); + return (NULL); + } + + if ((flags & 2) == 0) + { + /* UNICODE string */ + s = (u_short *) ((char *) hdr + o); + d = buf; + + for (l >>= 1; l; s++, l--) + { + c = SSWAP (*s); + if (c > 254 || c == '\0' || !isprint (c)) + { + fprintf (stderr, "ntlmGetString: bad uni: %04x\n", c); + return (NULL); } - *d++ = c; - fprintf(stderr, "ntlmGetString: conv: '%c'\n", c); + *d++ = c; + fprintf (stderr, "ntlmGetString: conv: '%c'\n", c); } - *d = 0; - } else { - /* ASCII string */ - sc = (char *) hdr + o; - d = buf; - - for (; l; l--) { - if (*sc == '\0' || !isprint(*sc)) { - fprintf(stderr, "ntlmGetString: bad ascii: %04x\n", c); - return (NULL); + *d = 0; + } + else + { + /* ASCII string */ + sc = (char *) hdr + o; + d = buf; + + for (; l; l--) + { + if (*sc == '\0' || !isprint (*sc)) + { + fprintf (stderr, "ntlmGetString: bad ascii: %04x\n", c); + return (NULL); } - *d++ = *sc++; + *d++ = *sc++; } - *d = 0; + *d = 0; } - return (buf); + return (buf); } /* * Decode the strings in an NTLM authentication request */ int -ntlmDecodeAuth(struct ntlm_authenticate *auth, char *buf, size_t size) +ntlmDecodeAuth (struct ntlm_authenticate *auth, char *buf, size_t size) { - char *p, *origbuf; - int s; + char *p, *origbuf; + int s; - if (!buf) { - return 1; + if (!buf) + { + return 1; } - origbuf = buf; -#ifdef IGNORANCE_IS_BLISS - if (ntlmCheckHeader(&auth->hdr, NTLM_ANY)) { -#else - if (ntlmCheckHeader(&auth->hdr, NTLM_AUTHENTICATE)) { -#endif + origbuf = buf; + if (ntlmCheckHeader (&auth->hdr, NTLM_AUTHENTICATE)) + { - fprintf(stderr, "ntlmDecodeAuth: header check fails\n"); - return -1; + fprintf (stderr, "ntlmDecodeAuth: header check fails\n"); + return -1; } /* only on when you need to debug fprintf(stderr,"ntlmDecodeAuth: size of %d\n", size); fprintf(stderr,"ntlmDecodeAuth: flg %08x\n", auth->flags); fprintf(stderr,"ntlmDecodeAuth: usr o(%d) l(%d)\n", auth->user.offset, auth->user.len); */ - if ((p = ntlmGetString(&auth->hdr, &auth->domain, 2)) == NULL) - p = authenticate_ntlm_domain; + if ((p = ntlmGetString (&auth->hdr, &auth->domain, 2)) == NULL) + p = authenticate_ntlm_domain; // fprintf(stderr,"ntlmDecodeAuth: Domain '%s'.\n",p); - if ((s = strlen(p) + 1) >= size) - return 1; - strcpy(buf, p); + if ((s = strlen (p) + 1) >= size) + return 1; + strcpy (buf, p); // fprintf(stdout,"ntlmDecodeAuth: Domain '%s'.\n",buf); - size -= s; - buf += (s - 1); - *buf++ = '\\'; /* Using \ is more consistent with MS-proxy */ - - p = ntlmGetString(&auth->hdr, &auth->user, 2); - if ((s = strlen(p) + 1) >= size) - return 1; - while (*p) - *buf++ = (*p++); //tolower - *buf++ = '\0'; - size -= s; + size -= s; + buf += (s - 1); + *buf++ = '\\'; /* Using \ is more consistent with MS-proxy */ + + p = ntlmGetString (&auth->hdr, &auth->user, 2); + if ((s = strlen (p) + 1) >= size) + return 1; + while (*p) + *buf++ = (*p++); //tolower + *buf++ = '\0'; + size -= s; // fprintf(stderr, "ntlmDecodeAuth: user: %s%s\n",origbuf, p); - return 0; + return 0; } int -main() +main () { - char buf[256]; - char user[256], *p, *cleartext; - struct ntlm_challenge chal; - int len; - char *fmt = "UNKNOWN", *data = NULL; - - setbuf(stdout, NULL); - while (fgets(buf, 256, stdin) != NULL) { - user[0]='\0'; /*no usercode */ - - if ((p = strchr(buf, '\n')) != NULL) - *p = '\0'; /* strip \n */ - if (strncasecmp(buf, "RESET", 5) == 0) { - printf("RESET OK\n"); - } else { - cleartext = (char *) uudecode(buf); - if (ntlmDecodeAuth((struct ntlm_authenticate *) cleartext, user, - 256)) { -#ifdef IGNORANCE_IS_BLISS - if (!ntlmCheckHeader((struct ntlmhdr *)cleartext, NTLM_ANY)) { -#else - if (!ntlmCheckHeader((struct ntlmhdr *)cleartext, NTLM_NEGOTIATE)) { -#endif - ntlmMakeChallenge(&chal); - fmt = "NTLM %s"; - len = sizeof(chal) - sizeof(chal.pad) + SSWAP(chal.target.maxlen); - data = (char *) base64_encode_bin((char *) &chal, len); - printf("CH %s\n", data); - }else { - lc(user); - printf("ERR %s\n", user); - } - } else { - lc(user); - printf("OK %s\n", user); - } - - } + char buf[256]; + char user[256], *p, *cleartext; + struct ntlm_challenge chal; + int len; + char *fmt = "UNKNOWN", *data = NULL; + + setbuf (stdout, NULL); + while (fgets (buf, 256, stdin) != NULL) + { + user[0] = '\0'; /*no usercode */ + + if ((p = strchr (buf, '\n')) != NULL) + *p = '\0'; /* strip \n */ + if (strncasecmp (buf, "RESET", 5) == 0) + { + printf ("RESET OK\n"); + } + else + { + cleartext = (char *) uudecode (buf); + if (!ntlmCheckHeader ((struct ntlmhdr *) cleartext, NTLM_NEGOTIATE)) + { + ntlmMakeChallenge (&chal); + fmt = "NTLM %s"; + len = + sizeof (chal) - sizeof (chal.pad) + + SSWAP (chal.target.maxlen); + data = (char *) base64_encode_bin ((char *) &chal, len); + printf ("CH %s\n", data); + } + else + if (!ntlmCheckHeader + ((struct ntlmhdr *) cleartext, NTLM_AUTHENTICATE)) + { + if (!ntlmDecodeAuth + ((struct ntlm_authenticate *) cleartext, user, 256)) + { + lc (user); + printf ("OK %s\n", user); + } else + { + lc (user); + printf ("ERR %s\n", user); + } + } + else + { + lc (user); + printf ("ERR %s\n", user); + } } - exit(0); + } + exit (0); } -