1 /*
2 * Copyright (c) 2006 - 2007 Kungliga Tekniska Högskolan
3 * (Royal Institute of Technology, Stockholm, Sweden).
4 * All rights reserved.
5 *
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions
8 * are met:
9 *
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
12 *
13 * 2. Redistributions in binary form must reproduce the above copyright
14 * notice, this list of conditions and the following disclaimer in the
15 * documentation and/or other materials provided with the distribution.
16 *
17 * 3. Neither the name of KTH nor the names of its contributors may be
18 * used to endorse or promote products derived from this software without
19 * specific prior written permission.
20 *
21 * THIS SOFTWARE IS PROVIDED BY KTH AND ITS CONTRIBUTORS ``AS IS'' AND ANY
22 * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
23 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
24 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL KTH OR ITS CONTRIBUTORS BE
25 * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
26 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
27 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
28 * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
29 * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
30 * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
31 * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
32 */
33
34 #include "config.h"
35
36 #include <stdio.h>
37 #include <err.h>
38 #include <roken.h>
39 #include <getarg.h>
40
41 #include <krb5-types.h> /* or <inttypes.h> */
42 #include <heimntlm.h>
43
44 static int
test_parse(void)45 test_parse(void)
46 {
47 const char *user = "foo",
48 *domain = "mydomain",
49 *password = "digestpassword",
50 *target = "DOMAIN";
51 struct ntlm_type1 type1;
52 struct ntlm_type2 type2;
53 struct ntlm_type3 type3;
54 struct ntlm_buf data;
55 int ret, flags;
56
57 memset(&type1, 0, sizeof(type1));
58
59 type1.flags = NTLM_NEG_UNICODE|NTLM_NEG_TARGET|NTLM_NEG_NTLM;
60 type1.domain = rk_UNCONST(domain);
61 type1.hostname = NULL;
62 type1.os[0] = 0;
63 type1.os[1] = 0;
64
65 ret = heim_ntlm_encode_type1(&type1, &data);
66 if (ret)
67 errx(1, "heim_ntlm_encode_type1");
68
69 memset(&type1, 0, sizeof(type1));
70
71 ret = heim_ntlm_decode_type1(&data, &type1);
72 free(data.data);
73 if (ret)
74 errx(1, "heim_ntlm_encode_type1");
75
76 heim_ntlm_free_type1(&type1);
77
78 /*
79 *
80 */
81
82 memset(&type2, 0, sizeof(type2));
83
84 flags = NTLM_NEG_UNICODE | NTLM_NEG_NTLM | NTLM_TARGET_DOMAIN;
85 type2.flags = flags;
86
87 memset(type2.challenge, 0x7f, sizeof(type2.challenge));
88 type2.targetname = rk_UNCONST(target);
89 type2.targetinfo.data = NULL;
90 type2.targetinfo.length = 0;
91
92 ret = heim_ntlm_encode_type2(&type2, &data);
93 if (ret)
94 errx(1, "heim_ntlm_encode_type2");
95
96 memset(&type2, 0, sizeof(type2));
97
98 ret = heim_ntlm_decode_type2(&data, &type2);
99 free(data.data);
100 if (ret)
101 errx(1, "heim_ntlm_decode_type2");
102
103 heim_ntlm_free_type2(&type2);
104
105 /*
106 *
107 */
108
109 memset(&type3, 0, sizeof(type3));
110
111 type3.flags = flags;
112 type3.username = rk_UNCONST(user);
113 type3.targetname = rk_UNCONST(target);
114 type3.ws = rk_UNCONST("workstation");
115
116 {
117 struct ntlm_buf key;
118 heim_ntlm_nt_key(password, &key);
119
120 heim_ntlm_calculate_ntlm1(key.data, key.length,
121 type2.challenge,
122 &type3.ntlm);
123 free(key.data);
124 }
125
126 ret = heim_ntlm_encode_type3(&type3, &data);
127 if (ret)
128 errx(1, "heim_ntlm_encode_type3");
129
130 free(type3.ntlm.data);
131
132 memset(&type3, 0, sizeof(type3));
133
134 ret = heim_ntlm_decode_type3(&data, 1, &type3);
135 free(data.data);
136 if (ret)
137 errx(1, "heim_ntlm_decode_type3");
138
139 if (strcmp("workstation", type3.ws) != 0)
140 errx(1, "type3 ws wrong");
141
142 if (strcmp(target, type3.targetname) != 0)
143 errx(1, "type3 targetname wrong");
144
145 if (strcmp(user, type3.username) != 0)
146 errx(1, "type3 username wrong");
147
148
149 heim_ntlm_free_type3(&type3);
150
151 /*
152 * NTLMv2
153 */
154
155 memset(&type2, 0, sizeof(type2));
156
157 flags = NTLM_NEG_UNICODE | NTLM_NEG_NTLM | NTLM_TARGET_DOMAIN;
158 type2.flags = flags;
159
160 memset(type2.challenge, 0x7f, sizeof(type2.challenge));
161 type2.targetname = rk_UNCONST(target);
162 type2.targetinfo.data = "\x00\x00";
163 type2.targetinfo.length = 2;
164
165 ret = heim_ntlm_encode_type2(&type2, &data);
166 if (ret)
167 errx(1, "heim_ntlm_encode_type2");
168
169 memset(&type2, 0, sizeof(type2));
170
171 ret = heim_ntlm_decode_type2(&data, &type2);
172 free(data.data);
173 if (ret)
174 errx(1, "heim_ntlm_decode_type2");
175
176 heim_ntlm_free_type2(&type2);
177
178 return 0;
179 }
180
181 static int
test_keys(void)182 test_keys(void)
183 {
184 const char
185 *username = "test",
186 *password = "test1234",
187 *target = "TESTNT";
188 const unsigned char
189 serverchallenge[8] = "\x67\x7f\x1c\x55\x7a\x5e\xe9\x6c";
190 struct ntlm_buf infotarget, infotarget2, answer, key;
191 unsigned char ntlmv2[16], ntlmv2_1[16];
192 int ret;
193
194 infotarget.length = 70;
195 infotarget.data =
196 "\x02\x00\x0c\x00\x54\x00\x45\x00\x53\x00\x54\x00\x4e\x00\x54\x00"
197 "\x01\x00\x0c\x00\x4d\x00\x45\x00\x4d\x00\x42\x00\x45\x00\x52\x00"
198 "\x03\x00\x1e\x00\x6d\x00\x65\x00\x6d\x00\x62\x00\x65\x00\x72\x00"
199 "\x2e\x00\x74\x00\x65\x00\x73\x00\x74\x00\x2e\x00\x63\x00\x6f"
200 "\x00\x6d\x00"
201 "\x00\x00\x00\x00";
202
203 answer.length = 0;
204 answer.data = NULL;
205
206 heim_ntlm_nt_key(password, &key);
207
208 ret = heim_ntlm_calculate_ntlm2(key.data,
209 key.length,
210 username,
211 target,
212 serverchallenge,
213 &infotarget,
214 ntlmv2,
215 &answer);
216 if (ret)
217 errx(1, "heim_ntlm_calculate_ntlm2");
218
219 ret = heim_ntlm_verify_ntlm2(key.data,
220 key.length,
221 username,
222 target,
223 0,
224 serverchallenge,
225 &answer,
226 &infotarget2,
227 ntlmv2_1);
228 if (ret)
229 errx(1, "heim_ntlm_verify_ntlm2");
230
231 if (memcmp(ntlmv2, ntlmv2_1, sizeof(ntlmv2)) != 0)
232 errx(1, "ntlm master key not same");
233
234 if (infotarget.length > infotarget2.length)
235 errx(1, "infotarget length");
236
237 if (memcmp(infotarget.data, infotarget2.data, infotarget.length) != 0)
238 errx(1, "infotarget not the same");
239
240 free(key.data);
241 free(answer.data);
242 free(infotarget2.data);
243
244 return 0;
245 }
246
247 static int
test_ntlm2_session_resp(void)248 test_ntlm2_session_resp(void)
249 {
250 int ret;
251 struct ntlm_buf lm, ntlm;
252
253 const unsigned char lm_resp[24] =
254 "\xff\xff\xff\x00\x11\x22\x33\x44"
255 "\x00\x00\x00\x00\x00\x00\x00\x00"
256 "\x00\x00\x00\x00\x00\x00\x00\x00";
257 const unsigned char ntlm2_sess_resp[24] =
258 "\x10\xd5\x50\x83\x2d\x12\xb2\xcc"
259 "\xb7\x9d\x5a\xd1\xf4\xee\xd3\xdf"
260 "\x82\xac\xa4\xc3\x68\x1d\xd4\x55";
261
262 const unsigned char client_nonce[8] =
263 "\xff\xff\xff\x00\x11\x22\x33\x44";
264 const unsigned char server_challenge[8] =
265 "\x01\x23\x45\x67\x89\xab\xcd\xef";
266
267 const unsigned char ntlm_hash[16] =
268 "\xcd\x06\xca\x7c\x7e\x10\xc9\x9b"
269 "\x1d\x33\xb7\x48\x5a\x2e\xd8\x08";
270
271 ret = heim_ntlm_calculate_ntlm2_sess(client_nonce,
272 server_challenge,
273 ntlm_hash,
274 &lm,
275 &ntlm);
276 if (ret)
277 errx(1, "heim_ntlm_calculate_ntlm2_sess_resp");
278
279 if (lm.length != 24 || memcmp(lm.data, lm_resp, 24) != 0)
280 errx(1, "lm_resp wrong");
281 if (ntlm.length != 24 || memcmp(ntlm.data, ntlm2_sess_resp, 24) != 0)
282 errx(1, "ntlm2_sess_resp wrong");
283
284 free(lm.data);
285 free(ntlm.data);
286
287
288 return 0;
289 }
290
291 static int
test_targetinfo(void)292 test_targetinfo(void)
293 {
294 struct ntlm_targetinfo ti;
295 struct ntlm_buf buf;
296 const char *dnsservername = "dnsservername";
297 int ret;
298
299 memset(&ti, 0, sizeof(ti));
300
301 ti.dnsservername = rk_UNCONST(dnsservername);
302 ti.avflags = 1;
303 ret = heim_ntlm_encode_targetinfo(&ti, 1, &buf);
304 if (ret)
305 return ret;
306
307 memset(&ti, 0, sizeof(ti));
308
309 ret = heim_ntlm_decode_targetinfo(&buf, 1, &ti);
310 if (ret)
311 return ret;
312
313 if (ti.dnsservername == NULL ||
314 strcmp(ti.dnsservername, dnsservername) != 0)
315 errx(1, "ti.dnshostname != %s", dnsservername);
316 if (ti.avflags != 1)
317 errx(1, "ti.avflags != 1");
318
319 heim_ntlm_free_targetinfo(&ti);
320
321 return 0;
322 }
323
324 static int verbose_flag = 0;
325 static int version_flag = 0;
326 static int help_flag = 0;
327
328 static struct getargs args[] = {
329 {"verbose", 0, arg_flag, &verbose_flag, "verbose printing", NULL },
330 {"version", 0, arg_flag, &version_flag, "print version", NULL },
331 {"help", 0, arg_flag, &help_flag, NULL, NULL }
332 };
333
334 static void
usage(int ret)335 usage (int ret)
336 {
337 arg_printusage (args, sizeof(args)/sizeof(*args),
338 NULL, "");
339 exit (ret);
340 }
341
342 int
main(int argc,char ** argv)343 main(int argc, char **argv)
344 {
345 int ret = 0, optind = 0;
346
347 setprogname(argv[0]);
348
349 if(getarg(args, sizeof(args) / sizeof(args[0]), argc, argv, &optind))
350 usage(1);
351
352 if (help_flag)
353 usage (0);
354
355 if(version_flag){
356 print_version(NULL);
357 exit(0);
358 }
359
360 argc -= optind;
361 argv += optind;
362
363 if (verbose_flag)
364 printf("test_parse\n");
365
366 ret += test_parse();
367 if (verbose_flag)
368 printf("test_keys\n");
369
370 ret += test_keys();
371 if (verbose_flag)
372 printf("test_ntlm2_session_resp\n");
373 ret += test_ntlm2_session_resp();
374
375 if (verbose_flag)
376 printf("test_targetinfo\n");
377 ret += test_targetinfo();
378
379 return ret;
380 }
381