1: /***************************************************************************
2: * _ _ ____ _
3: * Project ___| | | | _ \| |
4: * / __| | | | |_) | |
5: * | (__| |_| | _ <| |___
6: * \___|\___/|_| \_\_____|
7: *
8: * Copyright (C) 1998 - 2019, Daniel Stenberg, <daniel@haxx.se>, et al.
9: *
10: * This software is licensed as described in the file COPYING, which
11: * you should have received as part of this distribution. The terms
12: * are also available at https://curl.haxx.se/docs/copyright.html.
13: *
14: * You may opt to use, copy, modify, merge, publish, distribute and/or sell
15: * copies of the Software, and permit persons to whom the Software is
16: * furnished to do so, under the terms of the COPYING file.
17: *
18: * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
19: * KIND, either express or implied.
20: *
21: ***************************************************************************/
22:
23: #include "curl_setup.h"
24:
25: #if !defined(CURL_DISABLE_HTTP) && defined(USE_NTLM)
26:
27: /*
28: * NTLM details:
29: *
30: * https://davenport.sourceforge.io/ntlm.html
31: * https://www.innovation.ch/java/ntlm.html
32: */
33:
34: #define DEBUG_ME 0
35:
36: #include "urldata.h"
37: #include "sendf.h"
38: #include "strcase.h"
39: #include "http_ntlm.h"
40: #include "curl_ntlm_core.h"
41: #include "curl_ntlm_wb.h"
42: #include "vauth/vauth.h"
43: #include "url.h"
44:
45: /* SSL backend-specific #if branches in this file must be kept in the order
46: documented in curl_ntlm_core. */
47: #if defined(USE_WINDOWS_SSPI)
48: #include "curl_sspi.h"
49: #endif
50:
51: /* The last 3 #include files should be in this order */
52: #include "curl_printf.h"
53: #include "curl_memory.h"
54: #include "memdebug.h"
55:
56: #if DEBUG_ME
57: # define DEBUG_OUT(x) x
58: #else
59: # define DEBUG_OUT(x) Curl_nop_stmt
60: #endif
61:
62: CURLcode Curl_input_ntlm(struct connectdata *conn,
63: bool proxy, /* if proxy or not */
64: const char *header) /* rest of the www-authenticate:
65: header */
66: {
67: /* point to the correct struct with this */
68: struct ntlmdata *ntlm;
69: curlntlm *state;
70: CURLcode result = CURLE_OK;
71:
72: ntlm = proxy ? &conn->proxyntlm : &conn->ntlm;
73: state = proxy ? &conn->proxy_ntlm_state : &conn->http_ntlm_state;
74:
75: if(checkprefix("NTLM", header)) {
76: header += strlen("NTLM");
77:
78: while(*header && ISSPACE(*header))
79: header++;
80:
81: if(*header) {
82: result = Curl_auth_decode_ntlm_type2_message(conn->data, header, ntlm);
83: if(result)
84: return result;
85:
86: *state = NTLMSTATE_TYPE2; /* We got a type-2 message */
87: }
88: else {
89: if(*state == NTLMSTATE_LAST) {
90: infof(conn->data, "NTLM auth restarted\n");
91: Curl_http_auth_cleanup_ntlm(conn);
92: }
93: else if(*state == NTLMSTATE_TYPE3) {
94: infof(conn->data, "NTLM handshake rejected\n");
95: Curl_http_auth_cleanup_ntlm(conn);
96: *state = NTLMSTATE_NONE;
97: return CURLE_REMOTE_ACCESS_DENIED;
98: }
99: else if(*state >= NTLMSTATE_TYPE1) {
100: infof(conn->data, "NTLM handshake failure (internal error)\n");
101: return CURLE_REMOTE_ACCESS_DENIED;
102: }
103:
104: *state = NTLMSTATE_TYPE1; /* We should send away a type-1 */
105: }
106: }
107:
108: return result;
109: }
110:
111: /*
112: * This is for creating ntlm header output
113: */
114: CURLcode Curl_output_ntlm(struct connectdata *conn, bool proxy)
115: {
116: char *base64 = NULL;
117: size_t len = 0;
118: CURLcode result;
119:
120: /* point to the address of the pointer that holds the string to send to the
121: server, which is for a plain host or for a HTTP proxy */
122: char **allocuserpwd;
123:
124: /* point to the username, password, service and host */
125: const char *userp;
126: const char *passwdp;
127: const char *service = NULL;
128: const char *hostname = NULL;
129:
130: /* point to the correct struct with this */
131: struct ntlmdata *ntlm;
132: curlntlm *state;
133: struct auth *authp;
134:
135: DEBUGASSERT(conn);
136: DEBUGASSERT(conn->data);
137:
138: if(proxy) {
139: allocuserpwd = &conn->allocptr.proxyuserpwd;
140: userp = conn->http_proxy.user;
141: passwdp = conn->http_proxy.passwd;
142: service = conn->data->set.str[STRING_PROXY_SERVICE_NAME] ?
143: conn->data->set.str[STRING_PROXY_SERVICE_NAME] : "HTTP";
144: hostname = conn->http_proxy.host.name;
145: ntlm = &conn->proxyntlm;
146: state = &conn->proxy_ntlm_state;
147: authp = &conn->data->state.authproxy;
148: }
149: else {
150: allocuserpwd = &conn->allocptr.userpwd;
151: userp = conn->user;
152: passwdp = conn->passwd;
153: service = conn->data->set.str[STRING_SERVICE_NAME] ?
154: conn->data->set.str[STRING_SERVICE_NAME] : "HTTP";
155: hostname = conn->host.name;
156: ntlm = &conn->ntlm;
157: state = &conn->http_ntlm_state;
158: authp = &conn->data->state.authhost;
159: }
160: authp->done = FALSE;
161:
162: /* not set means empty */
163: if(!userp)
164: userp = "";
165:
166: if(!passwdp)
167: passwdp = "";
168:
169: #ifdef USE_WINDOWS_SSPI
170: if(s_hSecDll == NULL) {
171: /* not thread safe and leaks - use curl_global_init() to avoid */
172: CURLcode err = Curl_sspi_global_init();
173: if(s_hSecDll == NULL)
174: return err;
175: }
176: #ifdef SECPKG_ATTR_ENDPOINT_BINDINGS
177: ntlm->sslContext = conn->sslContext;
178: #endif
179: #endif
180:
181: switch(*state) {
182: case NTLMSTATE_TYPE1:
183: default: /* for the weird cases we (re)start here */
184: /* Create a type-1 message */
185: result = Curl_auth_create_ntlm_type1_message(conn->data, userp, passwdp,
186: service, hostname,
187: ntlm, &base64,
188: &len);
189: if(result)
190: return result;
191:
192: if(base64) {
193: free(*allocuserpwd);
194: *allocuserpwd = aprintf("%sAuthorization: NTLM %s\r\n",
195: proxy ? "Proxy-" : "",
196: base64);
197: free(base64);
198: if(!*allocuserpwd)
199: return CURLE_OUT_OF_MEMORY;
200:
201: DEBUG_OUT(fprintf(stderr, "**** Header %s\n ", *allocuserpwd));
202: }
203: break;
204:
205: case NTLMSTATE_TYPE2:
206: /* We already received the type-2 message, create a type-3 message */
207: result = Curl_auth_create_ntlm_type3_message(conn->data, userp, passwdp,
208: ntlm, &base64, &len);
209: if(result)
210: return result;
211:
212: if(base64) {
213: free(*allocuserpwd);
214: *allocuserpwd = aprintf("%sAuthorization: NTLM %s\r\n",
215: proxy ? "Proxy-" : "",
216: base64);
217: free(base64);
218: if(!*allocuserpwd)
219: return CURLE_OUT_OF_MEMORY;
220:
221: DEBUG_OUT(fprintf(stderr, "**** %s\n ", *allocuserpwd));
222:
223: *state = NTLMSTATE_TYPE3; /* we send a type-3 */
224: authp->done = TRUE;
225: }
226: break;
227:
228: case NTLMSTATE_TYPE3:
229: /* connection is already authenticated,
230: * don't send a header in future requests */
231: *state = NTLMSTATE_LAST;
232: /* FALLTHROUGH */
233: case NTLMSTATE_LAST:
234: Curl_safefree(*allocuserpwd);
235: authp->done = TRUE;
236: break;
237: }
238:
239: return CURLE_OK;
240: }
241:
242: void Curl_http_auth_cleanup_ntlm(struct connectdata *conn)
243: {
244: Curl_auth_cleanup_ntlm(&conn->ntlm);
245: Curl_auth_cleanup_ntlm(&conn->proxyntlm);
246:
247: #if defined(NTLM_WB_ENABLED)
248: Curl_http_auth_cleanup_ntlm_wb(conn);
249: #endif
250: }
251:
252: #endif /* !CURL_DISABLE_HTTP && USE_NTLM */
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>
![[BACK]](/icons/cvsweb/back.gif){kind=icon}
Return to http_ntlm.c CVS log ![[TXT]](/icons/cvsweb/text.gif){kind=icon}
![[DIR]](/icons/cvsweb/dir.gif){kind=icon}
Up to [ELWIX - Embedded LightWeight unIX -] / embedaddon / curl / lib