/src/curl/lib/http_ntlm.c
Line | Count | Source (jump to first uncovered line) |
1 | | /*************************************************************************** |
2 | | * _ _ ____ _ |
3 | | * Project ___| | | | _ \| | |
4 | | * / __| | | | |_) | | |
5 | | * | (__| |_| | _ <| |___ |
6 | | * \___|\___/|_| \_\_____| |
7 | | * |
8 | | * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al. |
9 | | * |
10 | | * This software is licensed as described in the file COPYING, which |
11 | | * you should have received as part of this distribution. The terms |
12 | | * are also available at https://curl.se/docs/copyright.html. |
13 | | * |
14 | | * You may opt to use, copy, modify, merge, publish, distribute and/or sell |
15 | | * copies of the Software, and permit persons to whom the Software is |
16 | | * furnished to do so, under the terms of the COPYING file. |
17 | | * |
18 | | * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY |
19 | | * KIND, either express or implied. |
20 | | * |
21 | | * SPDX-License-Identifier: curl |
22 | | * |
23 | | ***************************************************************************/ |
24 | | |
25 | | #include "curl_setup.h" |
26 | | |
27 | | #if !defined(CURL_DISABLE_HTTP) && defined(USE_NTLM) |
28 | | |
29 | | /* |
30 | | * NTLM details: |
31 | | * |
32 | | * https://davenport.sourceforge.net/ntlm.html |
33 | | * https://www.innovation.ch/java/ntlm.html |
34 | | */ |
35 | | |
36 | | #define DEBUG_ME 0 |
37 | | |
38 | | #include "urldata.h" |
39 | | #include "sendf.h" |
40 | | #include "strcase.h" |
41 | | #include "http_ntlm.h" |
42 | | #include "curl_ntlm_core.h" |
43 | | #include "curl_ntlm_wb.h" |
44 | | #include "curl_base64.h" |
45 | | #include "vauth/vauth.h" |
46 | | #include "url.h" |
47 | | |
48 | | /* SSL backend-specific #if branches in this file must be kept in the order |
49 | | documented in curl_ntlm_core. */ |
50 | | #if defined(USE_WINDOWS_SSPI) |
51 | | #include "curl_sspi.h" |
52 | | #endif |
53 | | |
54 | | /* The last 3 #include files should be in this order */ |
55 | | #include "curl_printf.h" |
56 | | #include "curl_memory.h" |
57 | | #include "memdebug.h" |
58 | | |
59 | | #if DEBUG_ME |
60 | | # define DEBUG_OUT(x) x |
61 | | #else |
62 | | # define DEBUG_OUT(x) Curl_nop_stmt |
63 | | #endif |
64 | | |
65 | | CURLcode Curl_input_ntlm(struct Curl_easy *data, |
66 | | bool proxy, /* if proxy or not */ |
67 | | const char *header) /* rest of the www-authenticate: |
68 | | header */ |
69 | 3.52k | { |
70 | | /* point to the correct struct with this */ |
71 | 3.52k | struct ntlmdata *ntlm; |
72 | 3.52k | curlntlm *state; |
73 | 3.52k | CURLcode result = CURLE_OK; |
74 | 3.52k | struct connectdata *conn = data->conn; |
75 | | |
76 | 3.52k | ntlm = proxy ? &conn->proxyntlm : &conn->ntlm; |
77 | 3.52k | state = proxy ? &conn->proxy_ntlm_state : &conn->http_ntlm_state; |
78 | | |
79 | 3.52k | if(checkprefix("NTLM", header)) { |
80 | 3.52k | header += strlen("NTLM"); |
81 | | |
82 | 7.77k | while(*header && ISSPACE(*header)) |
83 | 4.24k | header++; |
84 | | |
85 | 3.52k | if(*header) { |
86 | 3.26k | unsigned char *hdr; |
87 | 3.26k | size_t hdrlen; |
88 | | |
89 | 3.26k | result = Curl_base64_decode(header, &hdr, &hdrlen); |
90 | 3.26k | if(!result) { |
91 | 618 | struct bufref hdrbuf; |
92 | | |
93 | 618 | Curl_bufref_init(&hdrbuf); |
94 | 618 | Curl_bufref_set(&hdrbuf, hdr, hdrlen, curl_free); |
95 | 618 | result = Curl_auth_decode_ntlm_type2_message(data, &hdrbuf, ntlm); |
96 | 618 | Curl_bufref_free(&hdrbuf); |
97 | 618 | } |
98 | 3.26k | if(result) |
99 | 3.15k | return result; |
100 | | |
101 | 104 | *state = NTLMSTATE_TYPE2; /* We got a type-2 message */ |
102 | 104 | } |
103 | 267 | else { |
104 | 267 | if(*state == NTLMSTATE_LAST) { |
105 | 0 | infof(data, "NTLM auth restarted"); |
106 | 0 | Curl_http_auth_cleanup_ntlm(conn); |
107 | 0 | } |
108 | 267 | else if(*state == NTLMSTATE_TYPE3) { |
109 | 0 | infof(data, "NTLM handshake rejected"); |
110 | 0 | Curl_http_auth_cleanup_ntlm(conn); |
111 | 0 | *state = NTLMSTATE_NONE; |
112 | 0 | return CURLE_REMOTE_ACCESS_DENIED; |
113 | 0 | } |
114 | 267 | else if(*state >= NTLMSTATE_TYPE1) { |
115 | 231 | infof(data, "NTLM handshake failure (internal error)"); |
116 | 231 | return CURLE_REMOTE_ACCESS_DENIED; |
117 | 231 | } |
118 | | |
119 | 36 | *state = NTLMSTATE_TYPE1; /* We should send away a type-1 */ |
120 | 36 | } |
121 | 3.52k | } |
122 | | |
123 | 140 | return result; |
124 | 3.52k | } |
125 | | |
126 | | /* |
127 | | * This is for creating ntlm header output |
128 | | */ |
129 | | CURLcode Curl_output_ntlm(struct Curl_easy *data, bool proxy) |
130 | 500 | { |
131 | 500 | char *base64 = NULL; |
132 | 500 | size_t len = 0; |
133 | 500 | CURLcode result = CURLE_OK; |
134 | 500 | struct bufref ntlmmsg; |
135 | | |
136 | | /* point to the address of the pointer that holds the string to send to the |
137 | | server, which is for a plain host or for a HTTP proxy */ |
138 | 500 | char **allocuserpwd; |
139 | | |
140 | | /* point to the username, password, service and host */ |
141 | 500 | const char *userp; |
142 | 500 | const char *passwdp; |
143 | 500 | const char *service = NULL; |
144 | 500 | const char *hostname = NULL; |
145 | | |
146 | | /* point to the correct struct with this */ |
147 | 500 | struct ntlmdata *ntlm; |
148 | 500 | curlntlm *state; |
149 | 500 | struct auth *authp; |
150 | 500 | struct connectdata *conn = data->conn; |
151 | | |
152 | 500 | DEBUGASSERT(conn); |
153 | 500 | DEBUGASSERT(data); |
154 | | |
155 | 500 | if(proxy) { |
156 | 0 | #ifndef CURL_DISABLE_PROXY |
157 | 0 | allocuserpwd = &data->state.aptr.proxyuserpwd; |
158 | 0 | userp = data->state.aptr.proxyuser; |
159 | 0 | passwdp = data->state.aptr.proxypasswd; |
160 | 0 | service = data->set.str[STRING_PROXY_SERVICE_NAME] ? |
161 | 0 | data->set.str[STRING_PROXY_SERVICE_NAME] : "HTTP"; |
162 | 0 | hostname = conn->http_proxy.host.name; |
163 | 0 | ntlm = &conn->proxyntlm; |
164 | 0 | state = &conn->proxy_ntlm_state; |
165 | 0 | authp = &data->state.authproxy; |
166 | | #else |
167 | | return CURLE_NOT_BUILT_IN; |
168 | | #endif |
169 | 0 | } |
170 | 500 | else { |
171 | 500 | allocuserpwd = &data->state.aptr.userpwd; |
172 | 500 | userp = data->state.aptr.user; |
173 | 500 | passwdp = data->state.aptr.passwd; |
174 | 500 | service = data->set.str[STRING_SERVICE_NAME] ? |
175 | 500 | data->set.str[STRING_SERVICE_NAME] : "HTTP"; |
176 | 500 | hostname = conn->host.name; |
177 | 500 | ntlm = &conn->ntlm; |
178 | 500 | state = &conn->http_ntlm_state; |
179 | 500 | authp = &data->state.authhost; |
180 | 500 | } |
181 | 500 | authp->done = FALSE; |
182 | | |
183 | | /* not set means empty */ |
184 | 500 | if(!userp) |
185 | 0 | userp = ""; |
186 | | |
187 | 500 | if(!passwdp) |
188 | 287 | passwdp = ""; |
189 | | |
190 | | #ifdef USE_WINDOWS_SSPI |
191 | | if(!s_hSecDll) { |
192 | | /* not thread safe and leaks - use curl_global_init() to avoid */ |
193 | | CURLcode err = Curl_sspi_global_init(); |
194 | | if(!s_hSecDll) |
195 | | return err; |
196 | | } |
197 | | #ifdef SECPKG_ATTR_ENDPOINT_BINDINGS |
198 | | ntlm->sslContext = conn->sslContext; |
199 | | #endif |
200 | | #endif |
201 | | |
202 | 500 | Curl_bufref_init(&ntlmmsg); |
203 | | |
204 | | /* connection is already authenticated, don't send a header in future |
205 | | * requests so go directly to NTLMSTATE_LAST */ |
206 | 500 | if(*state == NTLMSTATE_TYPE3) |
207 | 0 | *state = NTLMSTATE_LAST; |
208 | | |
209 | 500 | switch(*state) { |
210 | 0 | case NTLMSTATE_TYPE1: |
211 | 500 | default: /* for the weird cases we (re)start here */ |
212 | | /* Create a type-1 message */ |
213 | 500 | result = Curl_auth_create_ntlm_type1_message(data, userp, passwdp, |
214 | 500 | service, hostname, |
215 | 500 | ntlm, &ntlmmsg); |
216 | 500 | if(!result) { |
217 | 500 | DEBUGASSERT(Curl_bufref_len(&ntlmmsg) != 0); |
218 | 500 | result = Curl_base64_encode((const char *) Curl_bufref_ptr(&ntlmmsg), |
219 | 500 | Curl_bufref_len(&ntlmmsg), &base64, &len); |
220 | 500 | if(!result) { |
221 | 500 | free(*allocuserpwd); |
222 | 500 | *allocuserpwd = aprintf("%sAuthorization: NTLM %s\r\n", |
223 | 500 | proxy ? "Proxy-" : "", |
224 | 500 | base64); |
225 | 500 | free(base64); |
226 | 500 | if(!*allocuserpwd) |
227 | 0 | result = CURLE_OUT_OF_MEMORY; |
228 | 500 | } |
229 | 500 | } |
230 | 500 | break; |
231 | | |
232 | 500 | case NTLMSTATE_TYPE2: |
233 | | /* We already received the type-2 message, create a type-3 message */ |
234 | 0 | result = Curl_auth_create_ntlm_type3_message(data, userp, passwdp, |
235 | 0 | ntlm, &ntlmmsg); |
236 | 0 | if(!result && Curl_bufref_len(&ntlmmsg)) { |
237 | 0 | result = Curl_base64_encode((const char *) Curl_bufref_ptr(&ntlmmsg), |
238 | 0 | Curl_bufref_len(&ntlmmsg), &base64, &len); |
239 | 0 | if(!result) { |
240 | 0 | free(*allocuserpwd); |
241 | 0 | *allocuserpwd = aprintf("%sAuthorization: NTLM %s\r\n", |
242 | 0 | proxy ? "Proxy-" : "", |
243 | 0 | base64); |
244 | 0 | free(base64); |
245 | 0 | if(!*allocuserpwd) |
246 | 0 | result = CURLE_OUT_OF_MEMORY; |
247 | 0 | else { |
248 | 0 | *state = NTLMSTATE_TYPE3; /* we send a type-3 */ |
249 | 0 | authp->done = TRUE; |
250 | 0 | } |
251 | 0 | } |
252 | 0 | } |
253 | 0 | break; |
254 | | |
255 | 0 | case NTLMSTATE_LAST: |
256 | 0 | Curl_safefree(*allocuserpwd); |
257 | 0 | authp->done = TRUE; |
258 | 0 | break; |
259 | 500 | } |
260 | 500 | Curl_bufref_free(&ntlmmsg); |
261 | | |
262 | 500 | return result; |
263 | 500 | } |
264 | | |
265 | | void Curl_http_auth_cleanup_ntlm(struct connectdata *conn) |
266 | 90.5k | { |
267 | 90.5k | Curl_auth_cleanup_ntlm(&conn->ntlm); |
268 | 90.5k | Curl_auth_cleanup_ntlm(&conn->proxyntlm); |
269 | | |
270 | 90.5k | #if defined(NTLM_WB_ENABLED) |
271 | 90.5k | Curl_http_auth_cleanup_ntlm_wb(conn); |
272 | 90.5k | #endif |
273 | 90.5k | } |
274 | | |
275 | | #endif /* !CURL_DISABLE_HTTP && USE_NTLM */ |