The Tor Browser / file comparison

comparison: netwerk/test/ReadNTLM.cpp

netwerk/test/ReadNTLM.cpp

changeset 1
ca08bd8f51b2
equal deleted inserted replaced
-1:000000000000 0:457c37a8e664
1 /* vim: set ts=2 sw=2 et cindent: */
2 /* This Source Code Form is subject to the terms of the Mozilla Public
3 * License, v. 2.0. If a copy of the MPL was not distributed with this
4 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
5
6 #include <stdlib.h>
7 #include <stdio.h>
8 #include <ctype.h>
9
10 #include "plbase64.h"
11 #include "nsStringAPI.h"
12 #include "prmem.h"
13
14 /*
15 * ReadNTLM : reads NTLM messages.
16 *
17 * based on http://davenport.sourceforge.net/ntlm.html
18 */
19
20 #define kNegotiateUnicode 0x00000001
21 #define kNegotiateOEM 0x00000002
22 #define kRequestTarget 0x00000004
23 #define kUnknown1 0x00000008
24 #define kNegotiateSign 0x00000010
25 #define kNegotiateSeal 0x00000020
26 #define kNegotiateDatagramStyle 0x00000040
27 #define kNegotiateLanManagerKey 0x00000080
28 #define kNegotiateNetware 0x00000100
29 #define kNegotiateNTLMKey 0x00000200
30 #define kUnknown2 0x00000400
31 #define kUnknown3 0x00000800
32 #define kNegotiateDomainSupplied 0x00001000
33 #define kNegotiateWorkstationSupplied 0x00002000
34 #define kNegotiateLocalCall 0x00004000
35 #define kNegotiateAlwaysSign 0x00008000
36 #define kTargetTypeDomain 0x00010000
37 #define kTargetTypeServer 0x00020000
38 #define kTargetTypeShare 0x00040000
39 #define kNegotiateNTLM2Key 0x00080000
40 #define kRequestInitResponse 0x00100000
41 #define kRequestAcceptResponse 0x00200000
42 #define kRequestNonNTSessionKey 0x00400000
43 #define kNegotiateTargetInfo 0x00800000
44 #define kUnknown4 0x01000000
45 #define kUnknown5 0x02000000
46 #define kUnknown6 0x04000000
47 #define kUnknown7 0x08000000
48 #define kUnknown8 0x10000000
49 #define kNegotiate128 0x20000000
50 #define kNegotiateKeyExchange 0x40000000
51 #define kNegotiate56 0x80000000
52
53 static const char NTLM_SIGNATURE[] = "NTLMSSP";
54 static const char NTLM_TYPE1_MARKER[] = { 0x01, 0x00, 0x00, 0x00 };
55 static const char NTLM_TYPE2_MARKER[] = { 0x02, 0x00, 0x00, 0x00 };
56 static const char NTLM_TYPE3_MARKER[] = { 0x03, 0x00, 0x00, 0x00 };
57
58 #define NTLM_MARKER_LEN 4
59 #define NTLM_TYPE1_HEADER_LEN 32
60 #define NTLM_TYPE2_HEADER_LEN 32
61 #define NTLM_TYPE3_HEADER_LEN 64
62
63 #define LM_HASH_LEN 16
64 #define LM_RESP_LEN 24
65
66 #define NTLM_HASH_LEN 16
67 #define NTLM_RESP_LEN 24
68
69 static void PrintFlags(uint32_t flags)
70 {
71 #define TEST(_flag) \
72 if (flags & k ## _flag) \
73 printf(" 0x%08x (" # _flag ")\n", k ## _flag)
74
75 TEST(NegotiateUnicode);
76 TEST(NegotiateOEM);
77 TEST(RequestTarget);
78 TEST(Unknown1);
79 TEST(NegotiateSign);
80 TEST(NegotiateSeal);
81 TEST(NegotiateDatagramStyle);
82 TEST(NegotiateLanManagerKey);
83 TEST(NegotiateNetware);
84 TEST(NegotiateNTLMKey);
85 TEST(Unknown2);
86 TEST(Unknown3);
87 TEST(NegotiateDomainSupplied);
88 TEST(NegotiateWorkstationSupplied);
89 TEST(NegotiateLocalCall);
90 TEST(NegotiateAlwaysSign);
91 TEST(TargetTypeDomain);
92 TEST(TargetTypeServer);
93 TEST(TargetTypeShare);
94 TEST(NegotiateNTLM2Key);
95 TEST(RequestInitResponse);
96 TEST(RequestAcceptResponse);
97 TEST(RequestNonNTSessionKey);
98 TEST(NegotiateTargetInfo);
99 TEST(Unknown4);
100 TEST(Unknown5);
101 TEST(Unknown6);
102 TEST(Unknown7);
103 TEST(Unknown8);
104 TEST(Negotiate128);
105 TEST(NegotiateKeyExchange);
106 TEST(Negotiate56);
107
108 #undef TEST
109 }
110
111 static void
112 PrintBuf(const char *tag, const uint8_t *buf, uint32_t bufLen)
113 {
114 int i;
115
116 printf("%s =\n", tag);
117 while (bufLen > 0)
118 {
119 int count = bufLen;
120 if (count > 8)
121 count = 8;
122
123 printf(" ");
124 for (i=0; i<count; ++i)
125 {
126 printf("0x%02x ", int(buf[i]));
127 }
128 for (; i<8; ++i)
129 {
130 printf(" ");
131 }
132
133 printf(" ");
134 for (i=0; i<count; ++i)
135 {
136 if (isprint(buf[i]))
137 printf("%c", buf[i]);
138 else
139 printf(".");
140 }
141 printf("\n");
142
143 bufLen -= count;
144 buf += count;
145 }
146 }
147
148 static uint16_t
149 ReadUint16(const uint8_t *&buf)
150 {
151 uint16_t x;
152 #ifdef IS_BIG_ENDIAN
153 x = ((uint16_t) buf[1]) | ((uint16_t) buf[0] << 8);
154 #else
155 x = ((uint16_t) buf[0]) | ((uint16_t) buf[1] << 8);
156 #endif
157 buf += sizeof(x);
158 return x;
159 }
160
161 static uint32_t
162 ReadUint32(const uint8_t *&buf)
163 {
164 uint32_t x;
165 #ifdef IS_BIG_ENDIAN
166 x = ( (uint32_t) buf[3]) |
167 (((uint32_t) buf[2]) << 8) |
168 (((uint32_t) buf[1]) << 16) |
169 (((uint32_t) buf[0]) << 24);
170 #else
171 x = ( (uint32_t) buf[0]) |
172 (((uint32_t) buf[1]) << 8) |
173 (((uint32_t) buf[2]) << 16) |
174 (((uint32_t) buf[3]) << 24);
175 #endif
176 buf += sizeof(x);
177 return x;
178 }
179
180 typedef struct {
181 uint16_t length;
182 uint16_t capacity;
183 uint32_t offset;
184 } SecBuf;
185
186 static void
187 ReadSecBuf(SecBuf *s, const uint8_t *&buf)
188 {
189 s->length = ReadUint16(buf);
190 s->capacity = ReadUint16(buf);
191 s->offset = ReadUint32(buf);
192 }
193
194 static void
195 ReadType1MsgBody(const uint8_t *inBuf, uint32_t start)
196 {
197 const uint8_t *cursor = inBuf + start;
198 uint32_t flags;
199
200 PrintBuf("flags", cursor, 4);
201 // read flags
202 flags = ReadUint32(cursor);
203 PrintFlags(flags);
204
205 // type 1 message may not include trailing security buffers
206 if ((flags & kNegotiateDomainSupplied) |
207 (flags & kNegotiateWorkstationSupplied))
208 {
209 SecBuf secbuf;
210 ReadSecBuf(&secbuf, cursor);
211 PrintBuf("supplied domain", inBuf + secbuf.offset, secbuf.length);
212
213 ReadSecBuf(&secbuf, cursor);
214 PrintBuf("supplied workstation", inBuf + secbuf.offset, secbuf.length);
215 }
216 }
217
218 static void
219 ReadType2MsgBody(const uint8_t *inBuf, uint32_t start)
220 {
221 uint16_t targetLen, offset;
222 uint32_t flags;
223 const uint8_t *target;
224 const uint8_t *cursor = inBuf + start;
225
226 // read target name security buffer
227 targetLen = ReadUint16(cursor);
228 ReadUint16(cursor); // discard next 16-bit value
229 offset = ReadUint32(cursor); // get offset from inBuf
230 target = inBuf + offset;
231
232 PrintBuf("target", target, targetLen);
233
234 PrintBuf("flags", cursor, 4);
235 // read flags
236 flags = ReadUint32(cursor);
237 PrintFlags(flags);
238
239 // read challenge
240 PrintBuf("challenge", cursor, 8);
241 cursor += 8;
242
243 PrintBuf("context", cursor, 8);
244 cursor += 8;
245
246 SecBuf secbuf;
247 ReadSecBuf(&secbuf, cursor);
248 PrintBuf("target information", inBuf + secbuf.offset, secbuf.length);
249 }
250
251 static void
252 ReadType3MsgBody(const uint8_t *inBuf, uint32_t start)
253 {
254 const uint8_t *cursor = inBuf + start;
255
256 SecBuf secbuf;
257
258 ReadSecBuf(&secbuf, cursor); // LM response
259 PrintBuf("LM response", inBuf + secbuf.offset, secbuf.length);
260
261 ReadSecBuf(&secbuf, cursor); // NTLM response
262 PrintBuf("NTLM response", inBuf + secbuf.offset, secbuf.length);
263
264 ReadSecBuf(&secbuf, cursor); // domain name
265 PrintBuf("domain name", inBuf + secbuf.offset, secbuf.length);
266
267 ReadSecBuf(&secbuf, cursor); // user name
268 PrintBuf("user name", inBuf + secbuf.offset, secbuf.length);
269
270 ReadSecBuf(&secbuf, cursor); // workstation name
271 PrintBuf("workstation name", inBuf + secbuf.offset, secbuf.length);
272
273 ReadSecBuf(&secbuf, cursor); // session key
274 PrintBuf("session key", inBuf + secbuf.offset, secbuf.length);
275
276 uint32_t flags = ReadUint32(cursor);
277 PrintBuf("flags", (const uint8_t *) &flags, sizeof(flags));
278 PrintFlags(flags);
279 }
280
281 static void
282 ReadMsg(const char *base64buf, uint32_t bufLen)
283 {
284 uint8_t *inBuf = (uint8_t *) PL_Base64Decode(base64buf, bufLen, nullptr);
285 if (!inBuf)
286 {
287 printf("PL_Base64Decode failed\n");
288 return;
289 }
290
291 const uint8_t *cursor = inBuf;
292
293 PrintBuf("signature", cursor, 8);
294
295 // verify NTLMSSP signature
296 if (memcmp(cursor, NTLM_SIGNATURE, sizeof(NTLM_SIGNATURE)) != 0)
297 {
298 printf("### invalid or corrupt NTLM signature\n");
299 }
300 cursor += sizeof(NTLM_SIGNATURE);
301
302 PrintBuf("message type", cursor, 4);
303
304 if (memcmp(cursor, NTLM_TYPE1_MARKER, sizeof(NTLM_MARKER_LEN)) == 0)
305 ReadType1MsgBody(inBuf, 12);
306 else if (memcmp(cursor, NTLM_TYPE2_MARKER, sizeof(NTLM_MARKER_LEN)) == 0)
307 ReadType2MsgBody(inBuf, 12);
308 else if (memcmp(cursor, NTLM_TYPE3_MARKER, sizeof(NTLM_MARKER_LEN)) == 0)
309 ReadType3MsgBody(inBuf, 12);
310 else
311 printf("### invalid or unknown message type\n");
312
313 PR_Free(inBuf);
314 }
315
316 int main(int argc, char **argv)
317 {
318 if (argc == 1)
319 {
320 printf("usage: ntlmread <msg>\n");
321 return -1;
322 }
323 ReadMsg(argv[1], (uint32_t) strlen(argv[1]));
324 return 0;
325 }

Mercurial Repository: The Tor Browser

Europalab SCM Repository Server

mercurial