/src/curl/lib/http_ntlm.c
Line | Count | Source (jump to first uncovered line) |
1 | | /*************************************************************************** |
2 | | * _ _ ____ _ |
3 | | * Project ___| | | | _ \| | |
4 | | * / __| | | | |_) | | |
5 | | * | (__| |_| | _ <| |___ |
6 | | * \___|\___/|_| \_\_____| |
7 | | * |
8 | | * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al. |
9 | | * |
10 | | * This software is licensed as described in the file COPYING, which |
11 | | * you should have received as part of this distribution. The terms |
12 | | * are also available at https://curl.se/docs/copyright.html. |
13 | | * |
14 | | * You may opt to use, copy, modify, merge, publish, distribute and/or sell |
15 | | * copies of the Software, and permit persons to whom the Software is |
16 | | * furnished to do so, under the terms of the COPYING file. |
17 | | * |
18 | | * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY |
19 | | * KIND, either express or implied. |
20 | | * |
21 | | * SPDX-License-Identifier: curl |
22 | | * |
23 | | ***************************************************************************/ |
24 | | |
25 | | #include "curl_setup.h" |
26 | | |
27 | | #if !defined(CURL_DISABLE_HTTP) && defined(USE_NTLM) |
28 | | |
29 | | /* |
30 | | * NTLM details: |
31 | | * |
32 | | * https://davenport.sourceforge.net/ntlm.html |
33 | | * https://www.innovation.ch/java/ntlm.html |
34 | | */ |
35 | | |
36 | | #include "urldata.h" |
37 | | #include "sendf.h" |
38 | | #include "strcase.h" |
39 | | #include "http_ntlm.h" |
40 | | #include "curl_ntlm_core.h" |
41 | | #include "curlx/base64.h" |
42 | | #include "vauth/vauth.h" |
43 | | #include "url.h" |
44 | | #include "curlx/strparse.h" |
45 | | |
46 | | /* SSL backend-specific #if branches in this file must be kept in the order |
47 | | documented in curl_ntlm_core. */ |
48 | | #if defined(USE_WINDOWS_SSPI) |
49 | | #include "curl_sspi.h" |
50 | | #endif |
51 | | |
52 | | /* The last 3 #include files should be in this order */ |
53 | | #include "curl_printf.h" |
54 | | #include "curl_memory.h" |
55 | | #include "memdebug.h" |
56 | | |
57 | | CURLcode Curl_input_ntlm(struct Curl_easy *data, |
58 | | bool proxy, /* if proxy or not */ |
59 | | const char *header) /* rest of the www-authenticate: |
60 | | header */ |
61 | 199 | { |
62 | | /* point to the correct struct with this */ |
63 | 199 | struct ntlmdata *ntlm; |
64 | 199 | curlntlm *state; |
65 | 199 | CURLcode result = CURLE_OK; |
66 | 199 | struct connectdata *conn = data->conn; |
67 | | |
68 | 199 | ntlm = proxy ? &conn->proxyntlm : &conn->ntlm; |
69 | 199 | state = proxy ? &conn->proxy_ntlm_state : &conn->http_ntlm_state; |
70 | | |
71 | 199 | if(checkprefix("NTLM", header)) { |
72 | 199 | header += strlen("NTLM"); |
73 | | |
74 | 199 | curlx_str_passblanks(&header); |
75 | 199 | if(*header) { |
76 | 167 | unsigned char *hdr; |
77 | 167 | size_t hdrlen; |
78 | | |
79 | 167 | result = curlx_base64_decode(header, &hdr, &hdrlen); |
80 | 167 | if(!result) { |
81 | 23 | struct bufref hdrbuf; |
82 | | |
83 | 23 | Curl_bufref_init(&hdrbuf); |
84 | 23 | Curl_bufref_set(&hdrbuf, hdr, hdrlen, curl_free); |
85 | 23 | result = Curl_auth_decode_ntlm_type2_message(data, &hdrbuf, ntlm); |
86 | 23 | Curl_bufref_free(&hdrbuf); |
87 | 23 | } |
88 | 167 | if(result) |
89 | 167 | return result; |
90 | | |
91 | 0 | *state = NTLMSTATE_TYPE2; /* We got a type-2 message */ |
92 | 0 | } |
93 | 32 | else { |
94 | 32 | if(*state == NTLMSTATE_LAST) { |
95 | 0 | infof(data, "NTLM auth restarted"); |
96 | 0 | Curl_http_auth_cleanup_ntlm(conn); |
97 | 0 | } |
98 | 32 | else if(*state == NTLMSTATE_TYPE3) { |
99 | 0 | infof(data, "NTLM handshake rejected"); |
100 | 0 | Curl_http_auth_cleanup_ntlm(conn); |
101 | 0 | *state = NTLMSTATE_NONE; |
102 | 0 | return CURLE_REMOTE_ACCESS_DENIED; |
103 | 0 | } |
104 | 32 | else if(*state >= NTLMSTATE_TYPE1) { |
105 | 10 | infof(data, "NTLM handshake failure (internal error)"); |
106 | 10 | return CURLE_REMOTE_ACCESS_DENIED; |
107 | 10 | } |
108 | | |
109 | 22 | *state = NTLMSTATE_TYPE1; /* We should send away a type-1 */ |
110 | 22 | } |
111 | 199 | } |
112 | | |
113 | 22 | return result; |
114 | 199 | } |
115 | | |
116 | | /* |
117 | | * This is for creating NTLM header output |
118 | | */ |
119 | | CURLcode Curl_output_ntlm(struct Curl_easy *data, bool proxy) |
120 | 308 | { |
121 | 308 | char *base64 = NULL; |
122 | 308 | size_t len = 0; |
123 | 308 | CURLcode result = CURLE_OK; |
124 | 308 | struct bufref ntlmmsg; |
125 | | |
126 | | /* point to the address of the pointer that holds the string to send to the |
127 | | server, which is for a plain host or for an HTTP proxy */ |
128 | 308 | char **allocuserpwd; |
129 | | |
130 | | /* point to the username, password, service and host */ |
131 | 308 | const char *userp; |
132 | 308 | const char *passwdp; |
133 | 308 | const char *service = NULL; |
134 | 308 | const char *hostname = NULL; |
135 | | |
136 | | /* point to the correct struct with this */ |
137 | 308 | struct ntlmdata *ntlm; |
138 | 308 | curlntlm *state; |
139 | 308 | struct auth *authp; |
140 | 308 | struct connectdata *conn = data->conn; |
141 | | |
142 | 308 | DEBUGASSERT(conn); |
143 | 308 | DEBUGASSERT(data); |
144 | | |
145 | 308 | if(proxy) { |
146 | 90 | #ifndef CURL_DISABLE_PROXY |
147 | 90 | allocuserpwd = &data->state.aptr.proxyuserpwd; |
148 | 90 | userp = data->state.aptr.proxyuser; |
149 | 90 | passwdp = data->state.aptr.proxypasswd; |
150 | 90 | service = data->set.str[STRING_PROXY_SERVICE_NAME] ? |
151 | 80 | data->set.str[STRING_PROXY_SERVICE_NAME] : "HTTP"; |
152 | 90 | hostname = conn->http_proxy.host.name; |
153 | 90 | ntlm = &conn->proxyntlm; |
154 | 90 | state = &conn->proxy_ntlm_state; |
155 | 90 | authp = &data->state.authproxy; |
156 | | #else |
157 | | return CURLE_NOT_BUILT_IN; |
158 | | #endif |
159 | 90 | } |
160 | 218 | else { |
161 | 218 | allocuserpwd = &data->state.aptr.userpwd; |
162 | 218 | userp = data->state.aptr.user; |
163 | 218 | passwdp = data->state.aptr.passwd; |
164 | 218 | service = data->set.str[STRING_SERVICE_NAME] ? |
165 | 205 | data->set.str[STRING_SERVICE_NAME] : "HTTP"; |
166 | 218 | hostname = conn->host.name; |
167 | 218 | ntlm = &conn->ntlm; |
168 | 218 | state = &conn->http_ntlm_state; |
169 | 218 | authp = &data->state.authhost; |
170 | 218 | } |
171 | 308 | authp->done = FALSE; |
172 | | |
173 | | /* not set means empty */ |
174 | 308 | if(!userp) |
175 | 40 | userp = ""; |
176 | | |
177 | 308 | if(!passwdp) |
178 | 244 | passwdp = ""; |
179 | | |
180 | | #ifdef USE_WINDOWS_SSPI |
181 | | if(!Curl_hSecDll) { |
182 | | /* not thread safe and leaks - use curl_global_init() to avoid */ |
183 | | CURLcode err = Curl_sspi_global_init(); |
184 | | if(!Curl_hSecDll) |
185 | | return err; |
186 | | } |
187 | | #ifdef SECPKG_ATTR_ENDPOINT_BINDINGS |
188 | | ntlm->sslContext = conn->sslContext; |
189 | | #endif |
190 | | #endif |
191 | | |
192 | 308 | Curl_bufref_init(&ntlmmsg); |
193 | | |
194 | | /* connection is already authenticated, do not send a header in future |
195 | | * requests so go directly to NTLMSTATE_LAST */ |
196 | 308 | if(*state == NTLMSTATE_TYPE3) |
197 | 0 | *state = NTLMSTATE_LAST; |
198 | | |
199 | 308 | switch(*state) { |
200 | 14 | case NTLMSTATE_TYPE1: |
201 | 308 | default: /* for the weird cases we (re)start here */ |
202 | | /* Create a type-1 message */ |
203 | 308 | result = Curl_auth_create_ntlm_type1_message(data, userp, passwdp, |
204 | 308 | service, hostname, |
205 | 308 | ntlm, &ntlmmsg); |
206 | 308 | if(!result) { |
207 | 308 | DEBUGASSERT(Curl_bufref_len(&ntlmmsg) != 0); |
208 | 308 | result = curlx_base64_encode((const char *) Curl_bufref_ptr(&ntlmmsg), |
209 | 308 | Curl_bufref_len(&ntlmmsg), &base64, &len); |
210 | 308 | if(!result) { |
211 | 308 | free(*allocuserpwd); |
212 | 308 | *allocuserpwd = aprintf("%sAuthorization: NTLM %s\r\n", |
213 | 308 | proxy ? "Proxy-" : "", |
214 | 308 | base64); |
215 | 308 | free(base64); |
216 | 308 | if(!*allocuserpwd) |
217 | 0 | result = CURLE_OUT_OF_MEMORY; |
218 | 308 | } |
219 | 308 | } |
220 | 308 | break; |
221 | | |
222 | 308 | case NTLMSTATE_TYPE2: |
223 | | /* We already received the type-2 message, create a type-3 message */ |
224 | 0 | result = Curl_auth_create_ntlm_type3_message(data, userp, passwdp, |
225 | 0 | ntlm, &ntlmmsg); |
226 | 0 | if(!result && Curl_bufref_len(&ntlmmsg)) { |
227 | 0 | result = curlx_base64_encode((const char *) Curl_bufref_ptr(&ntlmmsg), |
228 | 0 | Curl_bufref_len(&ntlmmsg), &base64, &len); |
229 | 0 | if(!result) { |
230 | 0 | free(*allocuserpwd); |
231 | 0 | *allocuserpwd = aprintf("%sAuthorization: NTLM %s\r\n", |
232 | 0 | proxy ? "Proxy-" : "", |
233 | 0 | base64); |
234 | 0 | free(base64); |
235 | 0 | if(!*allocuserpwd) |
236 | 0 | result = CURLE_OUT_OF_MEMORY; |
237 | 0 | else { |
238 | 0 | *state = NTLMSTATE_TYPE3; /* we send a type-3 */ |
239 | 0 | authp->done = TRUE; |
240 | 0 | } |
241 | 0 | } |
242 | 0 | } |
243 | 0 | break; |
244 | | |
245 | 0 | case NTLMSTATE_LAST: |
246 | | /* since this is a little artificial in that this is used without any |
247 | | outgoing auth headers being set, we need to set the bit by force */ |
248 | 0 | if(proxy) |
249 | 0 | data->info.proxyauthpicked = CURLAUTH_NTLM; |
250 | 0 | else |
251 | 0 | data->info.httpauthpicked = CURLAUTH_NTLM; |
252 | 0 | Curl_safefree(*allocuserpwd); |
253 | 0 | authp->done = TRUE; |
254 | 0 | break; |
255 | 308 | } |
256 | 308 | Curl_bufref_free(&ntlmmsg); |
257 | | |
258 | 308 | return result; |
259 | 308 | } |
260 | | |
261 | | void Curl_http_auth_cleanup_ntlm(struct connectdata *conn) |
262 | 18.9k | { |
263 | 18.9k | Curl_auth_cleanup_ntlm(&conn->ntlm); |
264 | 18.9k | Curl_auth_cleanup_ntlm(&conn->proxyntlm); |
265 | 18.9k | } |
266 | | |
267 | | #endif /* !CURL_DISABLE_HTTP && USE_NTLM */ |