1 /* $NetBSD: test_ntlm.c,v 1.1.1.1 2011/04/13 18:15:39 elric Exp $ */
2
3 /*
4 * Copyright (c) 2006 - 2007 Kungliga Tekniska Högskolan
5 * (Royal Institute of Technology, Stockholm, Sweden).
6 * All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 *
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 *
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in the
17 * documentation and/or other materials provided with the distribution.
18 *
19 * 3. Neither the name of KTH nor the names of its contributors may be
20 * used to endorse or promote products derived from this software without
21 * specific prior written permission.
22 *
23 * THIS SOFTWARE IS PROVIDED BY KTH AND ITS CONTRIBUTORS ``AS IS'' AND ANY
24 * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
25 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
26 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL KTH OR ITS CONTRIBUTORS BE
27 * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
28 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
29 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
30 * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
31 * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
32 * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
33 * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
34 */
35
36 #include "config.h"
37
38 #include <stdio.h>
39 #include <err.h>
40 #include <krb5/roken.h>
41 #include <krb5/getarg.h>
42
43 #include <krb5/krb5-types.h> /* or <inttypes.h> */
44 #include <krb5/heimntlm.h>
45
46 static int
test_parse(void)47 test_parse(void)
48 {
49 const char *user = "foo",
50 *domain = "mydomain",
51 *password = "digestpassword",
52 *target = "DOMAIN";
53 struct ntlm_type1 type1;
54 struct ntlm_type2 type2;
55 struct ntlm_type3 type3;
56 struct ntlm_buf data;
57 int ret, flags;
58
59 memset(&type1, 0, sizeof(type1));
60
61 type1.flags = NTLM_NEG_UNICODE|NTLM_NEG_TARGET|NTLM_NEG_NTLM;
62 type1.domain = rk_UNCONST(domain);
63 type1.hostname = NULL;
64 type1.os[0] = 0;
65 type1.os[1] = 0;
66
67 ret = heim_ntlm_encode_type1(&type1, &data);
68 if (ret)
69 errx(1, "heim_ntlm_encode_type1");
70
71 memset(&type1, 0, sizeof(type1));
72
73 ret = heim_ntlm_decode_type1(&data, &type1);
74 free(data.data);
75 if (ret)
76 errx(1, "heim_ntlm_encode_type1");
77
78 heim_ntlm_free_type1(&type1);
79
80 /*
81 *
82 */
83
84 memset(&type2, 0, sizeof(type2));
85
86 flags = NTLM_NEG_UNICODE | NTLM_NEG_NTLM | NTLM_TARGET_DOMAIN;
87 type2.flags = flags;
88
89 memset(type2.challenge, 0x7f, sizeof(type2.challenge));
90 type2.targetname = rk_UNCONST(target);
91 type2.targetinfo.data = NULL;
92 type2.targetinfo.length = 0;
93
94 ret = heim_ntlm_encode_type2(&type2, &data);
95 if (ret)
96 errx(1, "heim_ntlm_encode_type2");
97
98 memset(&type2, 0, sizeof(type2));
99
100 ret = heim_ntlm_decode_type2(&data, &type2);
101 free(data.data);
102 if (ret)
103 errx(1, "heim_ntlm_decode_type2");
104
105 heim_ntlm_free_type2(&type2);
106
107 /*
108 *
109 */
110
111 memset(&type3, 0, sizeof(type3));
112
113 type3.flags = flags;
114 type3.username = rk_UNCONST(user);
115 type3.targetname = rk_UNCONST(target);
116 type3.ws = rk_UNCONST("workstation");
117
118 {
119 struct ntlm_buf key;
120 heim_ntlm_nt_key(password, &key);
121
122 heim_ntlm_calculate_ntlm1(key.data, key.length,
123 type2.challenge,
124 &type3.ntlm);
125 free(key.data);
126 }
127
128 ret = heim_ntlm_encode_type3(&type3, &data);
129 if (ret)
130 errx(1, "heim_ntlm_encode_type3");
131
132 free(type3.ntlm.data);
133
134 memset(&type3, 0, sizeof(type3));
135
136 ret = heim_ntlm_decode_type3(&data, 1, &type3);
137 free(data.data);
138 if (ret)
139 errx(1, "heim_ntlm_decode_type3");
140
141 if (strcmp("workstation", type3.ws) != 0)
142 errx(1, "type3 ws wrong");
143
144 if (strcmp(target, type3.targetname) != 0)
145 errx(1, "type3 targetname wrong");
146
147 if (strcmp(user, type3.username) != 0)
148 errx(1, "type3 username wrong");
149
150
151 heim_ntlm_free_type3(&type3);
152
153 /*
154 * NTLMv2
155 */
156
157 memset(&type2, 0, sizeof(type2));
158
159 flags = NTLM_NEG_UNICODE | NTLM_NEG_NTLM | NTLM_TARGET_DOMAIN;
160 type2.flags = flags;
161
162 memset(type2.challenge, 0x7f, sizeof(type2.challenge));
163 type2.targetname = rk_UNCONST(target);
164 type2.targetinfo.data = "\x00\x00";
165 type2.targetinfo.length = 2;
166
167 ret = heim_ntlm_encode_type2(&type2, &data);
168 if (ret)
169 errx(1, "heim_ntlm_encode_type2");
170
171 memset(&type2, 0, sizeof(type2));
172
173 ret = heim_ntlm_decode_type2(&data, &type2);
174 free(data.data);
175 if (ret)
176 errx(1, "heim_ntlm_decode_type2");
177
178 heim_ntlm_free_type2(&type2);
179
180 return 0;
181 }
182
183 static int
test_keys(void)184 test_keys(void)
185 {
186 const char
187 *username = "test",
188 *password = "test1234",
189 *target = "TESTNT";
190 const unsigned char
191 serverchallenge[8] = "\x67\x7f\x1c\x55\x7a\x5e\xe9\x6c";
192 struct ntlm_buf infotarget, infotarget2, answer, key;
193 unsigned char ntlmv2[16], ntlmv2_1[16];
194 int ret;
195
196 infotarget.length = 70;
197 infotarget.data =
198 "\x02\x00\x0c\x00\x54\x00\x45\x00\x53\x00\x54\x00\x4e\x00\x54\x00"
199 "\x01\x00\x0c\x00\x4d\x00\x45\x00\x4d\x00\x42\x00\x45\x00\x52\x00"
200 "\x03\x00\x1e\x00\x6d\x00\x65\x00\x6d\x00\x62\x00\x65\x00\x72\x00"
201 "\x2e\x00\x74\x00\x65\x00\x73\x00\x74\x00\x2e\x00\x63\x00\x6f"
202 "\x00\x6d\x00"
203 "\x00\x00\x00\x00";
204
205 answer.length = 0;
206 answer.data = NULL;
207
208 heim_ntlm_nt_key(password, &key);
209
210 ret = heim_ntlm_calculate_ntlm2(key.data,
211 key.length,
212 username,
213 target,
214 serverchallenge,
215 &infotarget,
216 ntlmv2,
217 &answer);
218 if (ret)
219 errx(1, "heim_ntlm_calculate_ntlm2");
220
221 ret = heim_ntlm_verify_ntlm2(key.data,
222 key.length,
223 username,
224 target,
225 0,
226 serverchallenge,
227 &answer,
228 &infotarget2,
229 ntlmv2_1);
230 if (ret)
231 errx(1, "heim_ntlm_verify_ntlm2");
232
233 if (memcmp(ntlmv2, ntlmv2_1, sizeof(ntlmv2)) != 0)
234 errx(1, "ntlm master key not same");
235
236 if (infotarget.length > infotarget2.length)
237 errx(1, "infotarget length");
238
239 if (memcmp(infotarget.data, infotarget2.data, infotarget.length) != 0)
240 errx(1, "infotarget not the same");
241
242 free(key.data);
243 free(answer.data);
244 free(infotarget2.data);
245
246 return 0;
247 }
248
249 static int
test_ntlm2_session_resp(void)250 test_ntlm2_session_resp(void)
251 {
252 int ret;
253 struct ntlm_buf lm, ntlm;
254
255 const unsigned char lm_resp[24] =
256 "\xff\xff\xff\x00\x11\x22\x33\x44"
257 "\x00\x00\x00\x00\x00\x00\x00\x00"
258 "\x00\x00\x00\x00\x00\x00\x00\x00";
259 const unsigned char ntlm2_sess_resp[24] =
260 "\x10\xd5\x50\x83\x2d\x12\xb2\xcc"
261 "\xb7\x9d\x5a\xd1\xf4\xee\xd3\xdf"
262 "\x82\xac\xa4\xc3\x68\x1d\xd4\x55";
263
264 const unsigned char client_nonce[8] =
265 "\xff\xff\xff\x00\x11\x22\x33\x44";
266 const unsigned char server_challenge[8] =
267 "\x01\x23\x45\x67\x89\xab\xcd\xef";
268
269 const unsigned char ntlm_hash[16] =
270 "\xcd\x06\xca\x7c\x7e\x10\xc9\x9b"
271 "\x1d\x33\xb7\x48\x5a\x2e\xd8\x08";
272
273 ret = heim_ntlm_calculate_ntlm2_sess(client_nonce,
274 server_challenge,
275 ntlm_hash,
276 &lm,
277 &ntlm);
278 if (ret)
279 errx(1, "heim_ntlm_calculate_ntlm2_sess_resp");
280
281 if (lm.length != 24 || memcmp(lm.data, lm_resp, 24) != 0)
282 errx(1, "lm_resp wrong");
283 if (ntlm.length != 24 || memcmp(ntlm.data, ntlm2_sess_resp, 24) != 0)
284 errx(1, "ntlm2_sess_resp wrong");
285
286 free(lm.data);
287 free(ntlm.data);
288
289
290 return 0;
291 }
292
293 static int
test_targetinfo(void)294 test_targetinfo(void)
295 {
296 struct ntlm_targetinfo ti;
297 struct ntlm_buf buf;
298 const char *dnsservername = "dnsservername";
299 int ret;
300
301 memset(&ti, 0, sizeof(ti));
302
303 ti.dnsservername = rk_UNCONST(dnsservername);
304 ti.avflags = 1;
305 ret = heim_ntlm_encode_targetinfo(&ti, 1, &buf);
306 if (ret)
307 return ret;
308
309 memset(&ti, 0, sizeof(ti));
310
311 ret = heim_ntlm_decode_targetinfo(&buf, 1, &ti);
312 if (ret)
313 return ret;
314
315 if (ti.dnsservername == NULL ||
316 strcmp(ti.dnsservername, dnsservername) != 0)
317 errx(1, "ti.dnshostname != %s", dnsservername);
318 if (ti.avflags != 1)
319 errx(1, "ti.avflags != 1");
320
321 heim_ntlm_free_targetinfo(&ti);
322
323 return 0;
324 }
325
326 static int verbose_flag = 0;
327 static int version_flag = 0;
328 static int help_flag = 0;
329
330 static struct getargs args[] = {
331 {"verbose", 0, arg_flag, &verbose_flag, "verbose printing", NULL },
332 {"version", 0, arg_flag, &version_flag, "print version", NULL },
333 {"help", 0, arg_flag, &help_flag, NULL, NULL }
334 };
335
336 static void
usage(int ret)337 usage (int ret)
338 {
339 arg_printusage (args, sizeof(args)/sizeof(*args),
340 NULL, "");
341 exit (ret);
342 }
343
344 int
main(int argc,char ** argv)345 main(int argc, char **argv)
346 {
347 int ret = 0, optind = 0;
348
349 setprogname(argv[0]);
350
351 if(getarg(args, sizeof(args) / sizeof(args[0]), argc, argv, &optind))
352 usage(1);
353
354 if (help_flag)
355 usage (0);
356
357 if(version_flag){
358 print_version(NULL);
359 exit(0);
360 }
361
362 argc -= optind;
363 argv += optind;
364
365 if (verbose_flag)
366 printf("test_parse\n");
367
368 ret += test_parse();
369 if (verbose_flag)
370 printf("test_keys\n");
371
372 ret += test_keys();
373 if (verbose_flag)
374 printf("test_ntlm2_session_resp\n");
375 ret += test_ntlm2_session_resp();
376
377 if (verbose_flag)
378 printf("test_targetinfo\n");
379 ret += test_targetinfo();
380
381 return ret;
382 }
383