xref: /aosp_15_r20/external/curl/lib/http_ntlm.c (revision 6236dae45794135f37c4eb022389c904c8b0090d) 
1*6236dae4SAndroid Build Coastguard Worker /***************************************************************************
2*6236dae4SAndroid Build Coastguard Worker  *                                  _   _ ____  _
3*6236dae4SAndroid Build Coastguard Worker  *  Project                     ___| | | |  _ \| |
4*6236dae4SAndroid Build Coastguard Worker  *                             / __| | | | |_) | |
5*6236dae4SAndroid Build Coastguard Worker  *                            | (__| |_| |  _ <| |___
6*6236dae4SAndroid Build Coastguard Worker  *                             \___|\___/|_| \_\_____|
7*6236dae4SAndroid Build Coastguard Worker  *
8*6236dae4SAndroid Build Coastguard Worker  * Copyright (C) Daniel Stenberg, <[email protected]>, et al.
9*6236dae4SAndroid Build Coastguard Worker  *
10*6236dae4SAndroid Build Coastguard Worker  * This software is licensed as described in the file COPYING, which
11*6236dae4SAndroid Build Coastguard Worker  * you should have received as part of this distribution. The terms
12*6236dae4SAndroid Build Coastguard Worker  * are also available at https://curl.se/docs/copyright.html.
13*6236dae4SAndroid Build Coastguard Worker  *
14*6236dae4SAndroid Build Coastguard Worker  * You may opt to use, copy, modify, merge, publish, distribute and/or sell
15*6236dae4SAndroid Build Coastguard Worker  * copies of the Software, and permit persons to whom the Software is
16*6236dae4SAndroid Build Coastguard Worker  * furnished to do so, under the terms of the COPYING file.
17*6236dae4SAndroid Build Coastguard Worker  *
18*6236dae4SAndroid Build Coastguard Worker  * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
19*6236dae4SAndroid Build Coastguard Worker  * KIND, either express or implied.
20*6236dae4SAndroid Build Coastguard Worker  *
21*6236dae4SAndroid Build Coastguard Worker  * SPDX-License-Identifier: curl
22*6236dae4SAndroid Build Coastguard Worker  *
23*6236dae4SAndroid Build Coastguard Worker  ***************************************************************************/
24*6236dae4SAndroid Build Coastguard Worker 
25*6236dae4SAndroid Build Coastguard Worker #include "curl_setup.h"
26*6236dae4SAndroid Build Coastguard Worker 
27*6236dae4SAndroid Build Coastguard Worker #if !defined(CURL_DISABLE_HTTP) && defined(USE_NTLM)
28*6236dae4SAndroid Build Coastguard Worker 
29*6236dae4SAndroid Build Coastguard Worker /*
30*6236dae4SAndroid Build Coastguard Worker  * NTLM details:
31*6236dae4SAndroid Build Coastguard Worker  *
32*6236dae4SAndroid Build Coastguard Worker  * https://davenport.sourceforge.net/ntlm.html
33*6236dae4SAndroid Build Coastguard Worker  * https://www.innovation.ch/java/ntlm.html
34*6236dae4SAndroid Build Coastguard Worker  */
35*6236dae4SAndroid Build Coastguard Worker 
36*6236dae4SAndroid Build Coastguard Worker #define DEBUG_ME 0
37*6236dae4SAndroid Build Coastguard Worker 
38*6236dae4SAndroid Build Coastguard Worker #include "urldata.h"
39*6236dae4SAndroid Build Coastguard Worker #include "sendf.h"
40*6236dae4SAndroid Build Coastguard Worker #include "strcase.h"
41*6236dae4SAndroid Build Coastguard Worker #include "http_ntlm.h"
42*6236dae4SAndroid Build Coastguard Worker #include "curl_ntlm_core.h"
43*6236dae4SAndroid Build Coastguard Worker #include "curl_base64.h"
44*6236dae4SAndroid Build Coastguard Worker #include "vauth/vauth.h"
45*6236dae4SAndroid Build Coastguard Worker #include "url.h"
46*6236dae4SAndroid Build Coastguard Worker 
47*6236dae4SAndroid Build Coastguard Worker /* SSL backend-specific #if branches in this file must be kept in the order
48*6236dae4SAndroid Build Coastguard Worker    documented in curl_ntlm_core. */
49*6236dae4SAndroid Build Coastguard Worker #if defined(USE_WINDOWS_SSPI)
50*6236dae4SAndroid Build Coastguard Worker #include "curl_sspi.h"
51*6236dae4SAndroid Build Coastguard Worker #endif
52*6236dae4SAndroid Build Coastguard Worker 
53*6236dae4SAndroid Build Coastguard Worker /* The last 3 #include files should be in this order */
54*6236dae4SAndroid Build Coastguard Worker #include "curl_printf.h"
55*6236dae4SAndroid Build Coastguard Worker #include "curl_memory.h"
56*6236dae4SAndroid Build Coastguard Worker #include "memdebug.h"
57*6236dae4SAndroid Build Coastguard Worker 
58*6236dae4SAndroid Build Coastguard Worker #if DEBUG_ME
59*6236dae4SAndroid Build Coastguard Worker # define DEBUG_OUT(x) x
60*6236dae4SAndroid Build Coastguard Worker #else
61*6236dae4SAndroid Build Coastguard Worker # define DEBUG_OUT(x) Curl_nop_stmt
62*6236dae4SAndroid Build Coastguard Worker #endif
63*6236dae4SAndroid Build Coastguard Worker 
Curl_input_ntlm(struct Curl_easy * data,bool proxy,const char * header)64*6236dae4SAndroid Build Coastguard Worker CURLcode Curl_input_ntlm(struct Curl_easy *data,
65*6236dae4SAndroid Build Coastguard Worker                          bool proxy,         /* if proxy or not */
66*6236dae4SAndroid Build Coastguard Worker                          const char *header) /* rest of the www-authenticate:
67*6236dae4SAndroid Build Coastguard Worker                                                 header */
68*6236dae4SAndroid Build Coastguard Worker {
69*6236dae4SAndroid Build Coastguard Worker   /* point to the correct struct with this */
70*6236dae4SAndroid Build Coastguard Worker   struct ntlmdata *ntlm;
71*6236dae4SAndroid Build Coastguard Worker   curlntlm *state;
72*6236dae4SAndroid Build Coastguard Worker   CURLcode result = CURLE_OK;
73*6236dae4SAndroid Build Coastguard Worker   struct connectdata *conn = data->conn;
74*6236dae4SAndroid Build Coastguard Worker 
75*6236dae4SAndroid Build Coastguard Worker   ntlm = proxy ? &conn->proxyntlm : &conn->ntlm;
76*6236dae4SAndroid Build Coastguard Worker   state = proxy ? &conn->proxy_ntlm_state : &conn->http_ntlm_state;
77*6236dae4SAndroid Build Coastguard Worker 
78*6236dae4SAndroid Build Coastguard Worker   if(checkprefix("NTLM", header)) {
79*6236dae4SAndroid Build Coastguard Worker     header += strlen("NTLM");
80*6236dae4SAndroid Build Coastguard Worker 
81*6236dae4SAndroid Build Coastguard Worker     while(*header && ISSPACE(*header))
82*6236dae4SAndroid Build Coastguard Worker       header++;
83*6236dae4SAndroid Build Coastguard Worker 
84*6236dae4SAndroid Build Coastguard Worker     if(*header) {
85*6236dae4SAndroid Build Coastguard Worker       unsigned char *hdr;
86*6236dae4SAndroid Build Coastguard Worker       size_t hdrlen;
87*6236dae4SAndroid Build Coastguard Worker 
88*6236dae4SAndroid Build Coastguard Worker       result = Curl_base64_decode(header, &hdr, &hdrlen);
89*6236dae4SAndroid Build Coastguard Worker       if(!result) {
90*6236dae4SAndroid Build Coastguard Worker         struct bufref hdrbuf;
91*6236dae4SAndroid Build Coastguard Worker 
92*6236dae4SAndroid Build Coastguard Worker         Curl_bufref_init(&hdrbuf);
93*6236dae4SAndroid Build Coastguard Worker         Curl_bufref_set(&hdrbuf, hdr, hdrlen, curl_free);
94*6236dae4SAndroid Build Coastguard Worker         result = Curl_auth_decode_ntlm_type2_message(data, &hdrbuf, ntlm);
95*6236dae4SAndroid Build Coastguard Worker         Curl_bufref_free(&hdrbuf);
96*6236dae4SAndroid Build Coastguard Worker       }
97*6236dae4SAndroid Build Coastguard Worker       if(result)
98*6236dae4SAndroid Build Coastguard Worker         return result;
99*6236dae4SAndroid Build Coastguard Worker 
100*6236dae4SAndroid Build Coastguard Worker       *state = NTLMSTATE_TYPE2; /* We got a type-2 message */
101*6236dae4SAndroid Build Coastguard Worker     }
102*6236dae4SAndroid Build Coastguard Worker     else {
103*6236dae4SAndroid Build Coastguard Worker       if(*state == NTLMSTATE_LAST) {
104*6236dae4SAndroid Build Coastguard Worker         infof(data, "NTLM auth restarted");
105*6236dae4SAndroid Build Coastguard Worker         Curl_http_auth_cleanup_ntlm(conn);
106*6236dae4SAndroid Build Coastguard Worker       }
107*6236dae4SAndroid Build Coastguard Worker       else if(*state == NTLMSTATE_TYPE3) {
108*6236dae4SAndroid Build Coastguard Worker         infof(data, "NTLM handshake rejected");
109*6236dae4SAndroid Build Coastguard Worker         Curl_http_auth_cleanup_ntlm(conn);
110*6236dae4SAndroid Build Coastguard Worker         *state = NTLMSTATE_NONE;
111*6236dae4SAndroid Build Coastguard Worker         return CURLE_REMOTE_ACCESS_DENIED;
112*6236dae4SAndroid Build Coastguard Worker       }
113*6236dae4SAndroid Build Coastguard Worker       else if(*state >= NTLMSTATE_TYPE1) {
114*6236dae4SAndroid Build Coastguard Worker         infof(data, "NTLM handshake failure (internal error)");
115*6236dae4SAndroid Build Coastguard Worker         return CURLE_REMOTE_ACCESS_DENIED;
116*6236dae4SAndroid Build Coastguard Worker       }
117*6236dae4SAndroid Build Coastguard Worker 
118*6236dae4SAndroid Build Coastguard Worker       *state = NTLMSTATE_TYPE1; /* We should send away a type-1 */
119*6236dae4SAndroid Build Coastguard Worker     }
120*6236dae4SAndroid Build Coastguard Worker   }
121*6236dae4SAndroid Build Coastguard Worker 
122*6236dae4SAndroid Build Coastguard Worker   return result;
123*6236dae4SAndroid Build Coastguard Worker }
124*6236dae4SAndroid Build Coastguard Worker 
125*6236dae4SAndroid Build Coastguard Worker /*
126*6236dae4SAndroid Build Coastguard Worker  * This is for creating NTLM header output
127*6236dae4SAndroid Build Coastguard Worker  */
Curl_output_ntlm(struct Curl_easy * data,bool proxy)128*6236dae4SAndroid Build Coastguard Worker CURLcode Curl_output_ntlm(struct Curl_easy *data, bool proxy)
129*6236dae4SAndroid Build Coastguard Worker {
130*6236dae4SAndroid Build Coastguard Worker   char *base64 = NULL;
131*6236dae4SAndroid Build Coastguard Worker   size_t len = 0;
132*6236dae4SAndroid Build Coastguard Worker   CURLcode result = CURLE_OK;
133*6236dae4SAndroid Build Coastguard Worker   struct bufref ntlmmsg;
134*6236dae4SAndroid Build Coastguard Worker 
135*6236dae4SAndroid Build Coastguard Worker   /* point to the address of the pointer that holds the string to send to the
136*6236dae4SAndroid Build Coastguard Worker      server, which is for a plain host or for an HTTP proxy */
137*6236dae4SAndroid Build Coastguard Worker   char **allocuserpwd;
138*6236dae4SAndroid Build Coastguard Worker 
139*6236dae4SAndroid Build Coastguard Worker   /* point to the username, password, service and host */
140*6236dae4SAndroid Build Coastguard Worker   const char *userp;
141*6236dae4SAndroid Build Coastguard Worker   const char *passwdp;
142*6236dae4SAndroid Build Coastguard Worker   const char *service = NULL;
143*6236dae4SAndroid Build Coastguard Worker   const char *hostname = NULL;
144*6236dae4SAndroid Build Coastguard Worker 
145*6236dae4SAndroid Build Coastguard Worker   /* point to the correct struct with this */
146*6236dae4SAndroid Build Coastguard Worker   struct ntlmdata *ntlm;
147*6236dae4SAndroid Build Coastguard Worker   curlntlm *state;
148*6236dae4SAndroid Build Coastguard Worker   struct auth *authp;
149*6236dae4SAndroid Build Coastguard Worker   struct connectdata *conn = data->conn;
150*6236dae4SAndroid Build Coastguard Worker 
151*6236dae4SAndroid Build Coastguard Worker   DEBUGASSERT(conn);
152*6236dae4SAndroid Build Coastguard Worker   DEBUGASSERT(data);
153*6236dae4SAndroid Build Coastguard Worker 
154*6236dae4SAndroid Build Coastguard Worker   if(proxy) {
155*6236dae4SAndroid Build Coastguard Worker #ifndef CURL_DISABLE_PROXY
156*6236dae4SAndroid Build Coastguard Worker     allocuserpwd = &data->state.aptr.proxyuserpwd;
157*6236dae4SAndroid Build Coastguard Worker     userp = data->state.aptr.proxyuser;
158*6236dae4SAndroid Build Coastguard Worker     passwdp = data->state.aptr.proxypasswd;
159*6236dae4SAndroid Build Coastguard Worker     service = data->set.str[STRING_PROXY_SERVICE_NAME] ?
160*6236dae4SAndroid Build Coastguard Worker       data->set.str[STRING_PROXY_SERVICE_NAME] : "HTTP";
161*6236dae4SAndroid Build Coastguard Worker     hostname = conn->http_proxy.host.name;
162*6236dae4SAndroid Build Coastguard Worker     ntlm = &conn->proxyntlm;
163*6236dae4SAndroid Build Coastguard Worker     state = &conn->proxy_ntlm_state;
164*6236dae4SAndroid Build Coastguard Worker     authp = &data->state.authproxy;
165*6236dae4SAndroid Build Coastguard Worker #else
166*6236dae4SAndroid Build Coastguard Worker     return CURLE_NOT_BUILT_IN;
167*6236dae4SAndroid Build Coastguard Worker #endif
168*6236dae4SAndroid Build Coastguard Worker   }
169*6236dae4SAndroid Build Coastguard Worker   else {
170*6236dae4SAndroid Build Coastguard Worker     allocuserpwd = &data->state.aptr.userpwd;
171*6236dae4SAndroid Build Coastguard Worker     userp = data->state.aptr.user;
172*6236dae4SAndroid Build Coastguard Worker     passwdp = data->state.aptr.passwd;
173*6236dae4SAndroid Build Coastguard Worker     service = data->set.str[STRING_SERVICE_NAME] ?
174*6236dae4SAndroid Build Coastguard Worker       data->set.str[STRING_SERVICE_NAME] : "HTTP";
175*6236dae4SAndroid Build Coastguard Worker     hostname = conn->host.name;
176*6236dae4SAndroid Build Coastguard Worker     ntlm = &conn->ntlm;
177*6236dae4SAndroid Build Coastguard Worker     state = &conn->http_ntlm_state;
178*6236dae4SAndroid Build Coastguard Worker     authp = &data->state.authhost;
179*6236dae4SAndroid Build Coastguard Worker   }
180*6236dae4SAndroid Build Coastguard Worker   authp->done = FALSE;
181*6236dae4SAndroid Build Coastguard Worker 
182*6236dae4SAndroid Build Coastguard Worker   /* not set means empty */
183*6236dae4SAndroid Build Coastguard Worker   if(!userp)
184*6236dae4SAndroid Build Coastguard Worker     userp = "";
185*6236dae4SAndroid Build Coastguard Worker 
186*6236dae4SAndroid Build Coastguard Worker   if(!passwdp)
187*6236dae4SAndroid Build Coastguard Worker     passwdp = "";
188*6236dae4SAndroid Build Coastguard Worker 
189*6236dae4SAndroid Build Coastguard Worker #ifdef USE_WINDOWS_SSPI
190*6236dae4SAndroid Build Coastguard Worker   if(!Curl_hSecDll) {
191*6236dae4SAndroid Build Coastguard Worker     /* not thread safe and leaks - use curl_global_init() to avoid */
192*6236dae4SAndroid Build Coastguard Worker     CURLcode err = Curl_sspi_global_init();
193*6236dae4SAndroid Build Coastguard Worker     if(!Curl_hSecDll)
194*6236dae4SAndroid Build Coastguard Worker       return err;
195*6236dae4SAndroid Build Coastguard Worker   }
196*6236dae4SAndroid Build Coastguard Worker #ifdef SECPKG_ATTR_ENDPOINT_BINDINGS
197*6236dae4SAndroid Build Coastguard Worker   ntlm->sslContext = conn->sslContext;
198*6236dae4SAndroid Build Coastguard Worker #endif
199*6236dae4SAndroid Build Coastguard Worker #endif
200*6236dae4SAndroid Build Coastguard Worker 
201*6236dae4SAndroid Build Coastguard Worker   Curl_bufref_init(&ntlmmsg);
202*6236dae4SAndroid Build Coastguard Worker 
203*6236dae4SAndroid Build Coastguard Worker   /* connection is already authenticated, do not send a header in future
204*6236dae4SAndroid Build Coastguard Worker    * requests so go directly to NTLMSTATE_LAST */
205*6236dae4SAndroid Build Coastguard Worker   if(*state == NTLMSTATE_TYPE3)
206*6236dae4SAndroid Build Coastguard Worker     *state = NTLMSTATE_LAST;
207*6236dae4SAndroid Build Coastguard Worker 
208*6236dae4SAndroid Build Coastguard Worker   switch(*state) {
209*6236dae4SAndroid Build Coastguard Worker   case NTLMSTATE_TYPE1:
210*6236dae4SAndroid Build Coastguard Worker   default: /* for the weird cases we (re)start here */
211*6236dae4SAndroid Build Coastguard Worker     /* Create a type-1 message */
212*6236dae4SAndroid Build Coastguard Worker     result = Curl_auth_create_ntlm_type1_message(data, userp, passwdp,
213*6236dae4SAndroid Build Coastguard Worker                                                  service, hostname,
214*6236dae4SAndroid Build Coastguard Worker                                                  ntlm, &ntlmmsg);
215*6236dae4SAndroid Build Coastguard Worker     if(!result) {
216*6236dae4SAndroid Build Coastguard Worker       DEBUGASSERT(Curl_bufref_len(&ntlmmsg) != 0);
217*6236dae4SAndroid Build Coastguard Worker       result = Curl_base64_encode((const char *) Curl_bufref_ptr(&ntlmmsg),
218*6236dae4SAndroid Build Coastguard Worker                                   Curl_bufref_len(&ntlmmsg), &base64, &len);
219*6236dae4SAndroid Build Coastguard Worker       if(!result) {
220*6236dae4SAndroid Build Coastguard Worker         free(*allocuserpwd);
221*6236dae4SAndroid Build Coastguard Worker         *allocuserpwd = aprintf("%sAuthorization: NTLM %s\r\n",
222*6236dae4SAndroid Build Coastguard Worker                                 proxy ? "Proxy-" : "",
223*6236dae4SAndroid Build Coastguard Worker                                 base64);
224*6236dae4SAndroid Build Coastguard Worker         free(base64);
225*6236dae4SAndroid Build Coastguard Worker         if(!*allocuserpwd)
226*6236dae4SAndroid Build Coastguard Worker           result = CURLE_OUT_OF_MEMORY;
227*6236dae4SAndroid Build Coastguard Worker       }
228*6236dae4SAndroid Build Coastguard Worker     }
229*6236dae4SAndroid Build Coastguard Worker     break;
230*6236dae4SAndroid Build Coastguard Worker 
231*6236dae4SAndroid Build Coastguard Worker   case NTLMSTATE_TYPE2:
232*6236dae4SAndroid Build Coastguard Worker     /* We already received the type-2 message, create a type-3 message */
233*6236dae4SAndroid Build Coastguard Worker     result = Curl_auth_create_ntlm_type3_message(data, userp, passwdp,
234*6236dae4SAndroid Build Coastguard Worker                                                  ntlm, &ntlmmsg);
235*6236dae4SAndroid Build Coastguard Worker     if(!result && Curl_bufref_len(&ntlmmsg)) {
236*6236dae4SAndroid Build Coastguard Worker       result = Curl_base64_encode((const char *) Curl_bufref_ptr(&ntlmmsg),
237*6236dae4SAndroid Build Coastguard Worker                                   Curl_bufref_len(&ntlmmsg), &base64, &len);
238*6236dae4SAndroid Build Coastguard Worker       if(!result) {
239*6236dae4SAndroid Build Coastguard Worker         free(*allocuserpwd);
240*6236dae4SAndroid Build Coastguard Worker         *allocuserpwd = aprintf("%sAuthorization: NTLM %s\r\n",
241*6236dae4SAndroid Build Coastguard Worker                                 proxy ? "Proxy-" : "",
242*6236dae4SAndroid Build Coastguard Worker                                 base64);
243*6236dae4SAndroid Build Coastguard Worker         free(base64);
244*6236dae4SAndroid Build Coastguard Worker         if(!*allocuserpwd)
245*6236dae4SAndroid Build Coastguard Worker           result = CURLE_OUT_OF_MEMORY;
246*6236dae4SAndroid Build Coastguard Worker         else {
247*6236dae4SAndroid Build Coastguard Worker           *state = NTLMSTATE_TYPE3; /* we send a type-3 */
248*6236dae4SAndroid Build Coastguard Worker           authp->done = TRUE;
249*6236dae4SAndroid Build Coastguard Worker         }
250*6236dae4SAndroid Build Coastguard Worker       }
251*6236dae4SAndroid Build Coastguard Worker     }
252*6236dae4SAndroid Build Coastguard Worker     break;
253*6236dae4SAndroid Build Coastguard Worker 
254*6236dae4SAndroid Build Coastguard Worker   case NTLMSTATE_LAST:
255*6236dae4SAndroid Build Coastguard Worker     Curl_safefree(*allocuserpwd);
256*6236dae4SAndroid Build Coastguard Worker     authp->done = TRUE;
257*6236dae4SAndroid Build Coastguard Worker     break;
258*6236dae4SAndroid Build Coastguard Worker   }
259*6236dae4SAndroid Build Coastguard Worker   Curl_bufref_free(&ntlmmsg);
260*6236dae4SAndroid Build Coastguard Worker 
261*6236dae4SAndroid Build Coastguard Worker   return result;
262*6236dae4SAndroid Build Coastguard Worker }
263*6236dae4SAndroid Build Coastguard Worker 
Curl_http_auth_cleanup_ntlm(struct connectdata * conn)264*6236dae4SAndroid Build Coastguard Worker void Curl_http_auth_cleanup_ntlm(struct connectdata *conn)
265*6236dae4SAndroid Build Coastguard Worker {
266*6236dae4SAndroid Build Coastguard Worker   Curl_auth_cleanup_ntlm(&conn->ntlm);
267*6236dae4SAndroid Build Coastguard Worker   Curl_auth_cleanup_ntlm(&conn->proxyntlm);
268*6236dae4SAndroid Build Coastguard Worker }
269*6236dae4SAndroid Build Coastguard Worker 
270*6236dae4SAndroid Build Coastguard Worker #endif /* !CURL_DISABLE_HTTP && USE_NTLM */
271