xref: /curl/lib/http_ntlm.c (revision bca9c771)
1 /***************************************************************************
2  *                                  _   _ ____  _
3  *  Project                     ___| | | |  _ \| |
4  *                             / __| | | | |_) | |
5  *                            | (__| |_| |  _ <| |___
6  *                             \___|\___/|_| \_\_____|
7  *
8  * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
9  *
10  * This software is licensed as described in the file COPYING, which
11  * you should have received as part of this distribution. The terms
12  * are also available at https://curl.se/docs/copyright.html.
13  *
14  * You may opt to use, copy, modify, merge, publish, distribute and/or sell
15  * copies of the Software, and permit persons to whom the Software is
16  * furnished to do so, under the terms of the COPYING file.
17  *
18  * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
19  * KIND, either express or implied.
20  *
21  * SPDX-License-Identifier: curl
22  *
23  ***************************************************************************/
24 
25 #include "curl_setup.h"
26 
27 #if !defined(CURL_DISABLE_HTTP) && defined(USE_NTLM)
28 
29 /*
30  * NTLM details:
31  *
32  * https://davenport.sourceforge.net/ntlm.html
33  * https://www.innovation.ch/java/ntlm.html
34  */
35 
36 #define DEBUG_ME 0
37 
38 #include "urldata.h"
39 #include "sendf.h"
40 #include "strcase.h"
41 #include "http_ntlm.h"
42 #include "curl_ntlm_core.h"
43 #include "curl_base64.h"
44 #include "vauth/vauth.h"
45 #include "url.h"
46 
47 /* SSL backend-specific #if branches in this file must be kept in the order
48    documented in curl_ntlm_core. */
49 #if defined(USE_WINDOWS_SSPI)
50 #include "curl_sspi.h"
51 #endif
52 
53 /* The last 3 #include files should be in this order */
54 #include "curl_printf.h"
55 #include "curl_memory.h"
56 #include "memdebug.h"
57 
58 #if DEBUG_ME
59 # define DEBUG_OUT(x) x
60 #else
61 # define DEBUG_OUT(x) Curl_nop_stmt
62 #endif
63 
Curl_input_ntlm(struct Curl_easy * data,bool proxy,const char * header)64 CURLcode Curl_input_ntlm(struct Curl_easy *data,
65                          bool proxy,         /* if proxy or not */
66                          const char *header) /* rest of the www-authenticate:
67                                                 header */
68 {
69   /* point to the correct struct with this */
70   struct ntlmdata *ntlm;
71   curlntlm *state;
72   CURLcode result = CURLE_OK;
73   struct connectdata *conn = data->conn;
74 
75   ntlm = proxy ? &conn->proxyntlm : &conn->ntlm;
76   state = proxy ? &conn->proxy_ntlm_state : &conn->http_ntlm_state;
77 
78   if(checkprefix("NTLM", header)) {
79     header += strlen("NTLM");
80 
81     while(*header && ISSPACE(*header))
82       header++;
83 
84     if(*header) {
85       unsigned char *hdr;
86       size_t hdrlen;
87 
88       result = Curl_base64_decode(header, &hdr, &hdrlen);
89       if(!result) {
90         struct bufref hdrbuf;
91 
92         Curl_bufref_init(&hdrbuf);
93         Curl_bufref_set(&hdrbuf, hdr, hdrlen, curl_free);
94         result = Curl_auth_decode_ntlm_type2_message(data, &hdrbuf, ntlm);
95         Curl_bufref_free(&hdrbuf);
96       }
97       if(result)
98         return result;
99 
100       *state = NTLMSTATE_TYPE2; /* We got a type-2 message */
101     }
102     else {
103       if(*state == NTLMSTATE_LAST) {
104         infof(data, "NTLM auth restarted");
105         Curl_http_auth_cleanup_ntlm(conn);
106       }
107       else if(*state == NTLMSTATE_TYPE3) {
108         infof(data, "NTLM handshake rejected");
109         Curl_http_auth_cleanup_ntlm(conn);
110         *state = NTLMSTATE_NONE;
111         return CURLE_REMOTE_ACCESS_DENIED;
112       }
113       else if(*state >= NTLMSTATE_TYPE1) {
114         infof(data, "NTLM handshake failure (internal error)");
115         return CURLE_REMOTE_ACCESS_DENIED;
116       }
117 
118       *state = NTLMSTATE_TYPE1; /* We should send away a type-1 */
119     }
120   }
121 
122   return result;
123 }
124 
125 /*
126  * This is for creating NTLM header output
127  */
Curl_output_ntlm(struct Curl_easy * data,bool proxy)128 CURLcode Curl_output_ntlm(struct Curl_easy *data, bool proxy)
129 {
130   char *base64 = NULL;
131   size_t len = 0;
132   CURLcode result = CURLE_OK;
133   struct bufref ntlmmsg;
134 
135   /* point to the address of the pointer that holds the string to send to the
136      server, which is for a plain host or for an HTTP proxy */
137   char **allocuserpwd;
138 
139   /* point to the username, password, service and host */
140   const char *userp;
141   const char *passwdp;
142   const char *service = NULL;
143   const char *hostname = NULL;
144 
145   /* point to the correct struct with this */
146   struct ntlmdata *ntlm;
147   curlntlm *state;
148   struct auth *authp;
149   struct connectdata *conn = data->conn;
150 
151   DEBUGASSERT(conn);
152   DEBUGASSERT(data);
153 
154   if(proxy) {
155 #ifndef CURL_DISABLE_PROXY
156     allocuserpwd = &data->state.aptr.proxyuserpwd;
157     userp = data->state.aptr.proxyuser;
158     passwdp = data->state.aptr.proxypasswd;
159     service = data->set.str[STRING_PROXY_SERVICE_NAME] ?
160       data->set.str[STRING_PROXY_SERVICE_NAME] : "HTTP";
161     hostname = conn->http_proxy.host.name;
162     ntlm = &conn->proxyntlm;
163     state = &conn->proxy_ntlm_state;
164     authp = &data->state.authproxy;
165 #else
166     return CURLE_NOT_BUILT_IN;
167 #endif
168   }
169   else {
170     allocuserpwd = &data->state.aptr.userpwd;
171     userp = data->state.aptr.user;
172     passwdp = data->state.aptr.passwd;
173     service = data->set.str[STRING_SERVICE_NAME] ?
174       data->set.str[STRING_SERVICE_NAME] : "HTTP";
175     hostname = conn->host.name;
176     ntlm = &conn->ntlm;
177     state = &conn->http_ntlm_state;
178     authp = &data->state.authhost;
179   }
180   authp->done = FALSE;
181 
182   /* not set means empty */
183   if(!userp)
184     userp = "";
185 
186   if(!passwdp)
187     passwdp = "";
188 
189 #ifdef USE_WINDOWS_SSPI
190   if(!Curl_hSecDll) {
191     /* not thread safe and leaks - use curl_global_init() to avoid */
192     CURLcode err = Curl_sspi_global_init();
193     if(!Curl_hSecDll)
194       return err;
195   }
196 #ifdef SECPKG_ATTR_ENDPOINT_BINDINGS
197   ntlm->sslContext = conn->sslContext;
198 #endif
199 #endif
200 
201   Curl_bufref_init(&ntlmmsg);
202 
203   /* connection is already authenticated, do not send a header in future
204    * requests so go directly to NTLMSTATE_LAST */
205   if(*state == NTLMSTATE_TYPE3)
206     *state = NTLMSTATE_LAST;
207 
208   switch(*state) {
209   case NTLMSTATE_TYPE1:
210   default: /* for the weird cases we (re)start here */
211     /* Create a type-1 message */
212     result = Curl_auth_create_ntlm_type1_message(data, userp, passwdp,
213                                                  service, hostname,
214                                                  ntlm, &ntlmmsg);
215     if(!result) {
216       DEBUGASSERT(Curl_bufref_len(&ntlmmsg) != 0);
217       result = Curl_base64_encode((const char *) Curl_bufref_ptr(&ntlmmsg),
218                                   Curl_bufref_len(&ntlmmsg), &base64, &len);
219       if(!result) {
220         free(*allocuserpwd);
221         *allocuserpwd = aprintf("%sAuthorization: NTLM %s\r\n",
222                                 proxy ? "Proxy-" : "",
223                                 base64);
224         free(base64);
225         if(!*allocuserpwd)
226           result = CURLE_OUT_OF_MEMORY;
227       }
228     }
229     break;
230 
231   case NTLMSTATE_TYPE2:
232     /* We already received the type-2 message, create a type-3 message */
233     result = Curl_auth_create_ntlm_type3_message(data, userp, passwdp,
234                                                  ntlm, &ntlmmsg);
235     if(!result && Curl_bufref_len(&ntlmmsg)) {
236       result = Curl_base64_encode((const char *) Curl_bufref_ptr(&ntlmmsg),
237                                   Curl_bufref_len(&ntlmmsg), &base64, &len);
238       if(!result) {
239         free(*allocuserpwd);
240         *allocuserpwd = aprintf("%sAuthorization: NTLM %s\r\n",
241                                 proxy ? "Proxy-" : "",
242                                 base64);
243         free(base64);
244         if(!*allocuserpwd)
245           result = CURLE_OUT_OF_MEMORY;
246         else {
247           *state = NTLMSTATE_TYPE3; /* we send a type-3 */
248           authp->done = TRUE;
249         }
250       }
251     }
252     break;
253 
254   case NTLMSTATE_LAST:
255     Curl_safefree(*allocuserpwd);
256     authp->done = TRUE;
257     break;
258   }
259   Curl_bufref_free(&ntlmmsg);
260 
261   return result;
262 }
263 
Curl_http_auth_cleanup_ntlm(struct connectdata * conn)264 void Curl_http_auth_cleanup_ntlm(struct connectdata *conn)
265 {
266   Curl_auth_cleanup_ntlm(&conn->ntlm);
267   Curl_auth_cleanup_ntlm(&conn->proxyntlm);
268 }
269 
270 #endif /* !CURL_DISABLE_HTTP && USE_NTLM */
271