C:/fscan/HTTPCore/Authentication/ntlm.h

Go to the documentation of this file.
00001 #ifndef _NTLMER_H_
00002 #define _NTLMER_H_
00003 /* $Id$
00004    Single file NTLM system to create and parse authentication messages.
00005 
00006    http://www.reversing.org
00007    ilo-- [email protected]  
00008 
00009    I did copy&paste&modify several files to leave independent NTLM code 
00010    that compile in cygwin/linux environment. Most of the code was ripped 
00011    from Samba implementation so I left the Copying statement. Samba core
00012    code was left unmodified from 1.9 version.
00013 
00014    Also libntlm was ripped but rewrote, due to fixed and useless interface.
00015    Copyright and licensing information is in ntlm.c file.
00016 
00017    NTLM Interface, just two functions: 
00018 
00019    void BuildAuthRequest(tSmbNtlmAuthRequest *request, long flags, char *host, char *domain);
00020    if flags is 0 minimun security level is selected, otherwise new value superseeds.
00021    host and domain are optional, they may be NULLed.
00022 
00023    void buildAuthResponse(tSmbNtlmAuthChallenge *challenge, tSmbNtlmAuthResponse *response, long flags, char *user, char *password, char *domain, char *host);
00024    Given a challenge, generates a response for that user/passwd/host/domain.
00025    flags, host, and domain superseeds given by server. Leave 0 and NULL for server authentication
00026 
00027 
00028    This is an usage sample: 
00029 
00030 
00031                 ...
00032                 //beware of fixed sized buffer, asserts may fail, don't use long strings :)
00033                 //Yes, I Know, year 2k6 and still with this shit..
00034                 unsigned char buf[4096];
00035                 unsigned char buf2[4096];
00036 
00037                 //send auth request: let the server send it's own hostname and domainname
00038                 buildAuthRequest((tSmbNtlmAuthRequest*)buf2,0,NULL,NULL);
00039                 to64frombits(buf, buf2, SmbLength((tSmbNtlmAuthResponse*)buf2));
00040                 send_to_server(buf);
00041 
00042                 //receive challenge
00043                 receive_from_server(buf);
00044 
00045                 //build response with hostname and domainname from server
00046                 buildAuthResponse((tSmbNtlmAuthChallenge*)buf,(tSmbNtlmAuthResponse*)buf2,0,"username","password",NULL,NULL);
00047                 to64frombits(buf, buf2, SmbLength((tSmbNtlmAuthResponse*)buf2));
00048                 send_to_server(buf);
00049 
00050                 //get reply and Check if ok
00051                 ...
00052 
00053 
00054    included bonus!!:
00055    Base64 code
00056    int  from64tobits(char *out, const char *in);
00057    void to64frombits(unsigned char *out, const unsigned char *in, int inlen);
00058 
00059 
00060 
00061 
00062    You don't need to read the rest of the file. 
00063 */
00064 
00065 
00066 /* 
00067  * These structures are byte-order dependant, and should not
00068  * be manipulated except by the use of the routines provided
00069  */
00070 typedef unsigned short uint16;
00071 typedef unsigned int   uint32;
00072 typedef unsigned char  uint8;
00073 
00074 typedef struct
00075 {
00076 uint16  len;
00077 uint16  maxlen;
00078 uint32  offset;
00079 }tSmbStrHeader;
00080 
00081 typedef struct
00082 {
00083 char          ident[8];
00084 uint32        msgType;
00085 uint32        flags;
00086 tSmbStrHeader    host;
00087 tSmbStrHeader    domain;
00088 uint8         buffer[1024];
00089 uint32        bufIndex;
00090 }tSmbNtlmAuthRequest;
00091 
00092 typedef struct
00093 {
00094 char          ident[8];
00095 uint32        msgType;
00096 tSmbStrHeader    uDomain;
00097 uint32        flags;
00098 uint8         challengeData[8];
00099 uint8         reserved[8];
00100 tSmbStrHeader    emptyString;
00101 uint8         buffer[1024];
00102 uint32        bufIndex;
00103 }tSmbNtlmAuthChallenge;
00104 
00105 
00106 typedef struct
00107 {
00108 char          ident[8];
00109 uint32        msgType;
00110 tSmbStrHeader    lmResponse;
00111 tSmbStrHeader    ntResponse;
00112 tSmbStrHeader    uDomain;
00113 tSmbStrHeader    uUser;
00114 tSmbStrHeader    uWks;
00115 tSmbStrHeader    sessionKey;
00116 uint32        flags;
00117 uint8         buffer[1024];
00118 uint32        bufIndex;
00119 }tSmbNtlmAuthResponse;
00120 
00121 
00122 /* reversing interface */
00123 /* ntlm functions */
00124 void BuildAuthRequest(tSmbNtlmAuthRequest *request, long flags, char *host, char *domain);
00125 // if flags is 0 minimun security level is selected, otherwise new value superseeds.
00126 // host and domain are optional, they may be NULLed.
00127 
00128 
00129 void buildAuthResponse(tSmbNtlmAuthChallenge *challenge, tSmbNtlmAuthResponse *response, long flags, char *user, char *password, char *domain, char *host);
00130 //Given a challenge, generates a response for that user/passwd/host/domain.
00131 //flags, host, and domain superseeds given by server. Leave 0 and NULL for server authentication
00132 
00133 /* Base64 code*/
00134 int from64tobits(char *out, const char *in);
00135 void to64frombits(unsigned char *out, const unsigned char *in, int inlen);
00136 
00137 // info functions
00138 void dumpAuthRequest(FILE *fp, tSmbNtlmAuthRequest *request);
00139 void dumpAuthChallenge(FILE *fp, tSmbNtlmAuthChallenge *challenge);
00140 void dumpAuthResponse(FILE *fp, tSmbNtlmAuthResponse *response);
00141 
00142 #define SmbLength(ptr) (((ptr)->buffer - (uint8*)(ptr)) + (ptr)->bufIndex)
00143 
00144 
00145 #endif
Generated on Sun Jan 18 00:32:03 2009 for Fast HTTP Vulnerability Scanner by  doxygen 1.5.4