mirrors
/
gitea
의 미러 https://github.com/go-gitea/gitea.git
보기 1
좋아요 0
포크 0
코드 이슈 0 릴리즈 210 위키 Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
7969 커밋
17 브랜치
트리: 3f5cdfe359
브랜치 태그
${ item.name }
Create branch ${ searchTerm }
from '3f5cdfe359'
${ noResults }
gitea/vendor/github.com/denisenkom/go-mssqldb/ntlm.go

ntlm.go 8.5KB
Raw Blame 히스토리

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283 
  1. // +build !windows

  2. 

  3. package mssql

  4. 

  5. import (

  6. 	"crypto/des"

  7. 	"crypto/md5"

  8. 	"crypto/rand"

  9. 	"encoding/binary"

  10. 	"errors"

  11. 	"strings"

  12. 	"unicode/utf16"

  13. 

  14. 	"golang.org/x/crypto/md4"

  15. )

  16. 

  17. const (

  18. 	_NEGOTIATE_MESSAGE    = 1

  19. 	_CHALLENGE_MESSAGE    = 2

  20. 	_AUTHENTICATE_MESSAGE = 3

  21. )

  22. 

  23. const (

  24. 	_NEGOTIATE_UNICODE                  = 0x00000001

  25. 	_NEGOTIATE_OEM                      = 0x00000002

  26. 	_NEGOTIATE_TARGET                   = 0x00000004

  27. 	_NEGOTIATE_SIGN                     = 0x00000010

  28. 	_NEGOTIATE_SEAL                     = 0x00000020

  29. 	_NEGOTIATE_DATAGRAM                 = 0x00000040

  30. 	_NEGOTIATE_LMKEY                    = 0x00000080

  31. 	_NEGOTIATE_NTLM                     = 0x00000200

  32. 	_NEGOTIATE_ANONYMOUS                = 0x00000800

  33. 	_NEGOTIATE_OEM_DOMAIN_SUPPLIED      = 0x00001000

  34. 	_NEGOTIATE_OEM_WORKSTATION_SUPPLIED = 0x00002000

  35. 	_NEGOTIATE_ALWAYS_SIGN              = 0x00008000

  36. 	_NEGOTIATE_TARGET_TYPE_DOMAIN       = 0x00010000

  37. 	_NEGOTIATE_TARGET_TYPE_SERVER       = 0x00020000

  38. 	_NEGOTIATE_EXTENDED_SESSIONSECURITY = 0x00080000

  39. 	_NEGOTIATE_IDENTIFY                 = 0x00100000

  40. 	_REQUEST_NON_NT_SESSION_KEY         = 0x00400000

  41. 	_NEGOTIATE_TARGET_INFO              = 0x00800000

  42. 	_NEGOTIATE_VERSION                  = 0x02000000

  43. 	_NEGOTIATE_128                      = 0x20000000

  44. 	_NEGOTIATE_KEY_EXCH                 = 0x40000000

  45. 	_NEGOTIATE_56                       = 0x80000000

  46. )

  47. 

  48. const _NEGOTIATE_FLAGS = _NEGOTIATE_UNICODE |

  49. 	_NEGOTIATE_NTLM |

  50. 	_NEGOTIATE_OEM_DOMAIN_SUPPLIED |

  51. 	_NEGOTIATE_OEM_WORKSTATION_SUPPLIED |

  52. 	_NEGOTIATE_ALWAYS_SIGN |

  53. 	_NEGOTIATE_EXTENDED_SESSIONSECURITY

  54. 

  55. type ntlmAuth struct {

  56. 	Domain      string

  57. 	UserName    string

  58. 	Password    string

  59. 	Workstation string

  60. }

  61. 

  62. func getAuth(user, password, service, workstation string) (auth, bool) {

  63. 	if !strings.ContainsRune(user, '\\') {

  64. 		return nil, false

  65. 	}

  66. 	domain_user := strings.SplitN(user, "\\", 2)

  67. 	return &ntlmAuth{

  68. 		Domain:      domain_user[0],

  69. 		UserName:    domain_user[1],

  70. 		Password:    password,

  71. 		Workstation: workstation,

  72. 	}, true

  73. }

  74. 

  75. func utf16le(val string) []byte {

  76. 	var v []byte

  77. 	for _, r := range val {

  78. 		if utf16.IsSurrogate(r) {

  79. 			r1, r2 := utf16.EncodeRune(r)

  80. 			v = append(v, byte(r1), byte(r1>>8))

  81. 			v = append(v, byte(r2), byte(r2>>8))

  82. 		} else {

  83. 			v = append(v, byte(r), byte(r>>8))

  84. 		}

  85. 	}

  86. 	return v

  87. }

  88. 

  89. func (auth *ntlmAuth) InitialBytes() ([]byte, error) {

  90. 	domain_len := len(auth.Domain)

  91. 	workstation_len := len(auth.Workstation)

  92. 	msg := make([]byte, 40+domain_len+workstation_len)

  93. 	copy(msg, []byte("NTLMSSP\x00"))

  94. 	binary.LittleEndian.PutUint32(msg[8:], _NEGOTIATE_MESSAGE)

  95. 	binary.LittleEndian.PutUint32(msg[12:], _NEGOTIATE_FLAGS)

  96. 	// Domain Name Fields

  97. 	binary.LittleEndian.PutUint16(msg[16:], uint16(domain_len))

  98. 	binary.LittleEndian.PutUint16(msg[18:], uint16(domain_len))

  99. 	binary.LittleEndian.PutUint32(msg[20:], 40)

  100. 	// Workstation Fields

  101. 	binary.LittleEndian.PutUint16(msg[24:], uint16(workstation_len))

  102. 	binary.LittleEndian.PutUint16(msg[26:], uint16(workstation_len))

  103. 	binary.LittleEndian.PutUint32(msg[28:], uint32(40+domain_len))

  104. 	// Version

  105. 	binary.LittleEndian.PutUint32(msg[32:], 0)

  106. 	binary.LittleEndian.PutUint32(msg[36:], 0)

  107. 	// Payload

  108. 	copy(msg[40:], auth.Domain)

  109. 	copy(msg[40+domain_len:], auth.Workstation)

  110. 	return msg, nil

  111. }

  112. 

  113. var errorNTLM = errors.New("NTLM protocol error")

  114. 

  115. func createDesKey(bytes, material []byte) {

  116. 	material[0] = bytes[0]

  117. 	material[1] = (byte)(bytes[0]<<7 | (bytes[1]&0xff)>>1)

  118. 	material[2] = (byte)(bytes[1]<<6 | (bytes[2]&0xff)>>2)

  119. 	material[3] = (byte)(bytes[2]<<5 | (bytes[3]&0xff)>>3)

  120. 	material[4] = (byte)(bytes[3]<<4 | (bytes[4]&0xff)>>4)

  121. 	material[5] = (byte)(bytes[4]<<3 | (bytes[5]&0xff)>>5)

  122. 	material[6] = (byte)(bytes[5]<<2 | (bytes[6]&0xff)>>6)

  123. 	material[7] = (byte)(bytes[6] << 1)

  124. }

  125. 

  126. func oddParity(bytes []byte) {

  127. 	for i := 0; i < len(bytes); i++ {

  128. 		b := bytes[i]

  129. 		needsParity := (((b >> 7) ^ (b >> 6) ^ (b >> 5) ^ (b >> 4) ^ (b >> 3) ^ (b >> 2) ^ (b >> 1)) & 0x01) == 0

  130. 		if needsParity {

  131. 			bytes[i] = bytes[i] | byte(0x01)

  132. 		} else {

  133. 			bytes[i] = bytes[i] & byte(0xfe)

  134. 		}

  135. 	}

  136. }

  137. 

  138. func encryptDes(key []byte, cleartext []byte, ciphertext []byte) {

  139. 	var desKey [8]byte

  140. 	createDesKey(key, desKey[:])

  141. 	cipher, err := des.NewCipher(desKey[:])

  142. 	if err != nil {

  143. 		panic(err)

  144. 	}

  145. 	cipher.Encrypt(ciphertext, cleartext)

  146. }

  147. 

  148. func response(challenge [8]byte, hash [21]byte) (ret [24]byte) {

  149. 	encryptDes(hash[:7], challenge[:], ret[:8])

  150. 	encryptDes(hash[7:14], challenge[:], ret[8:16])

  151. 	encryptDes(hash[14:], challenge[:], ret[16:])

  152. 	return

  153. }

  154. 

  155. func lmHash(password string) (hash [21]byte) {

  156. 	var lmpass [14]byte

  157. 	copy(lmpass[:14], []byte(strings.ToUpper(password)))

  158. 	magic := []byte("KGS!@#$%")

  159. 	encryptDes(lmpass[:7], magic, hash[:8])

  160. 	encryptDes(lmpass[7:], magic, hash[8:])

  161. 	return

  162. }

  163. 

  164. func lmResponse(challenge [8]byte, password string) [24]byte {

  165. 	hash := lmHash(password)

  166. 	return response(challenge, hash)

  167. }

  168. 

  169. func ntlmHash(password string) (hash [21]byte) {

  170. 	h := md4.New()

  171. 	h.Write(utf16le(password))

  172. 	h.Sum(hash[:0])

  173. 	return

  174. }

  175. 

  176. func ntResponse(challenge [8]byte, password string) [24]byte {

  177. 	hash := ntlmHash(password)

  178. 	return response(challenge, hash)

  179. }

  180. 

  181. func clientChallenge() (nonce [8]byte) {

  182. 	_, err := rand.Read(nonce[:])

  183. 	if err != nil {

  184. 		panic(err)

  185. 	}

  186. 	return

  187. }

  188. 

  189. func ntlmSessionResponse(clientNonce [8]byte, serverChallenge [8]byte, password string) [24]byte {

  190. 	var sessionHash [16]byte

  191. 	h := md5.New()

  192. 	h.Write(serverChallenge[:])

  193. 	h.Write(clientNonce[:])

  194. 	h.Sum(sessionHash[:0])

  195. 	var hash [8]byte

  196. 	copy(hash[:], sessionHash[:8])

  197. 	passwordHash := ntlmHash(password)

  198. 	return response(hash, passwordHash)

  199. }

  200. 

  201. func (auth *ntlmAuth) NextBytes(bytes []byte) ([]byte, error) {

  202. 	if string(bytes[0:8]) != "NTLMSSP\x00" {

  203. 		return nil, errorNTLM

  204. 	}

  205. 	if binary.LittleEndian.Uint32(bytes[8:12]) != _CHALLENGE_MESSAGE {

  206. 		return nil, errorNTLM

  207. 	}

  208. 	flags := binary.LittleEndian.Uint32(bytes[20:24])

  209. 	var challenge [8]byte

  210. 	copy(challenge[:], bytes[24:32])

  211. 

  212. 	var lm, nt []byte

  213. 	if (flags & _NEGOTIATE_EXTENDED_SESSIONSECURITY) != 0 {

  214. 		nonce := clientChallenge()

  215. 		var lm_bytes [24]byte

  216. 		copy(lm_bytes[:8], nonce[:])

  217. 		lm = lm_bytes[:]

  218. 		nt_bytes := ntlmSessionResponse(nonce, challenge, auth.Password)

  219. 		nt = nt_bytes[:]

  220. 	} else {

  221. 		lm_bytes := lmResponse(challenge, auth.Password)

  222. 		lm = lm_bytes[:]

  223. 		nt_bytes := ntResponse(challenge, auth.Password)

  224. 		nt = nt_bytes[:]

  225. 	}

  226. 	lm_len := len(lm)

  227. 	nt_len := len(nt)

  228. 

  229. 	domain16 := utf16le(auth.Domain)

  230. 	domain_len := len(domain16)

  231. 	user16 := utf16le(auth.UserName)

  232. 	user_len := len(user16)

  233. 	workstation16 := utf16le(auth.Workstation)

  234. 	workstation_len := len(workstation16)

  235. 

  236. 	msg := make([]byte, 88+lm_len+nt_len+domain_len+user_len+workstation_len)

  237. 	copy(msg, []byte("NTLMSSP\x00"))

  238. 	binary.LittleEndian.PutUint32(msg[8:], _AUTHENTICATE_MESSAGE)

  239. 	// Lm Challenge Response Fields

  240. 	binary.LittleEndian.PutUint16(msg[12:], uint16(lm_len))

  241. 	binary.LittleEndian.PutUint16(msg[14:], uint16(lm_len))

  242. 	binary.LittleEndian.PutUint32(msg[16:], 88)

  243. 	// Nt Challenge Response Fields

  244. 	binary.LittleEndian.PutUint16(msg[20:], uint16(nt_len))

  245. 	binary.LittleEndian.PutUint16(msg[22:], uint16(nt_len))

  246. 	binary.LittleEndian.PutUint32(msg[24:], uint32(88+lm_len))

  247. 	// Domain Name Fields

  248. 	binary.LittleEndian.PutUint16(msg[28:], uint16(domain_len))

  249. 	binary.LittleEndian.PutUint16(msg[30:], uint16(domain_len))

  250. 	binary.LittleEndian.PutUint32(msg[32:], uint32(88+lm_len+nt_len))

  251. 	// User Name Fields

  252. 	binary.LittleEndian.PutUint16(msg[36:], uint16(user_len))

  253. 	binary.LittleEndian.PutUint16(msg[38:], uint16(user_len))

  254. 	binary.LittleEndian.PutUint32(msg[40:], uint32(88+lm_len+nt_len+domain_len))

  255. 	// Workstation Fields

  256. 	binary.LittleEndian.PutUint16(msg[44:], uint16(workstation_len))

  257. 	binary.LittleEndian.PutUint16(msg[46:], uint16(workstation_len))

  258. 	binary.LittleEndian.PutUint32(msg[48:], uint32(88+lm_len+nt_len+domain_len+user_len))

  259. 	// Encrypted Random Session Key Fields

  260. 	binary.LittleEndian.PutUint16(msg[52:], 0)

  261. 	binary.LittleEndian.PutUint16(msg[54:], 0)

  262. 	binary.LittleEndian.PutUint32(msg[56:], uint32(88+lm_len+nt_len+domain_len+user_len+workstation_len))

  263. 	// Negotiate Flags

  264. 	binary.LittleEndian.PutUint32(msg[60:], flags)

  265. 	// Version

  266. 	binary.LittleEndian.PutUint32(msg[64:], 0)

  267. 	binary.LittleEndian.PutUint32(msg[68:], 0)

  268. 	// MIC

  269. 	binary.LittleEndian.PutUint32(msg[72:], 0)

  270. 	binary.LittleEndian.PutUint32(msg[76:], 0)

  271. 	binary.LittleEndian.PutUint32(msg[88:], 0)

  272. 	binary.LittleEndian.PutUint32(msg[84:], 0)

  273. 	// Payload

  274. 	copy(msg[88:], lm)

  275. 	copy(msg[88+lm_len:], nt)

  276. 	copy(msg[88+lm_len+nt_len:], domain16)

  277. 	copy(msg[88+lm_len+nt_len+domain_len:], user16)

  278. 	copy(msg[88+lm_len+nt_len+domain_len+user_len:], workstation16)

  279. 	return msg, nil

  280. }

  281. 

  282. func (auth *ntlmAuth) Free() {

  283. }