diff options
author | Seonah Moon <seonah1.moon@samsung.com> | 2022-01-12 13:27:51 +0900 |
---|---|---|
committer | Seonah Moon <seonah1.moon@samsung.com> | 2022-01-12 13:28:56 +0900 |
commit | 58f7e70ff869dee66c90b1323e0d5c9f324067b8 (patch) | |
tree | 31060230fe108ac26a3258e1b4fb22454c7cf01c /lib/http_ntlm.c | |
parent | b31894b8fe11ff4cfe97bd63eb4e62e14893c749 (diff) | |
download | curl-58f7e70ff869dee66c90b1323e0d5c9f324067b8.tar.gz curl-58f7e70ff869dee66c90b1323e0d5c9f324067b8.tar.bz2 curl-58f7e70ff869dee66c90b1323e0d5c9f324067b8.zip |
Imported Upstream version 7.81.0upstream/7.81.0
Change-Id: Ibe8b1de1691e326fbd2a8133470758ab942cbd97
Diffstat (limited to 'lib/http_ntlm.c')
-rw-r--r-- | lib/http_ntlm.c | 143 |
1 files changed, 80 insertions, 63 deletions
diff --git a/lib/http_ntlm.c b/lib/http_ntlm.c index cab543c75..a6526db9f 100644 --- a/lib/http_ntlm.c +++ b/lib/http_ntlm.c @@ -5,11 +5,11 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 1998 - 2020, Daniel Stenberg, <daniel@haxx.se>, et al. + * Copyright (C) 1998 - 2021, Daniel Stenberg, <daniel@haxx.se>, et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms - * are also available at https://curl.haxx.se/docs/copyright.html. + * are also available at https://curl.se/docs/copyright.html. * * You may opt to use, copy, modify, merge, publish, distribute and/or sell * copies of the Software, and permit persons to whom the Software is @@ -39,6 +39,7 @@ #include "http_ntlm.h" #include "curl_ntlm_core.h" #include "curl_ntlm_wb.h" +#include "curl_base64.h" #include "vauth/vauth.h" #include "url.h" @@ -59,7 +60,7 @@ # define DEBUG_OUT(x) Curl_nop_stmt #endif -CURLcode Curl_input_ntlm(struct connectdata *conn, +CURLcode Curl_input_ntlm(struct Curl_easy *data, bool proxy, /* if proxy or not */ const char *header) /* rest of the www-authenticate: header */ @@ -68,6 +69,7 @@ CURLcode Curl_input_ntlm(struct connectdata *conn, struct ntlmdata *ntlm; curlntlm *state; CURLcode result = CURLE_OK; + struct connectdata *conn = data->conn; ntlm = proxy ? &conn->proxyntlm : &conn->ntlm; state = proxy ? &conn->proxy_ntlm_state : &conn->http_ntlm_state; @@ -79,7 +81,18 @@ CURLcode Curl_input_ntlm(struct connectdata *conn, header++; if(*header) { - result = Curl_auth_decode_ntlm_type2_message(conn->data, header, ntlm); + unsigned char *hdr; + size_t hdrlen; + + result = Curl_base64_decode(header, &hdr, &hdrlen); + if(!result) { + struct bufref hdrbuf; + + Curl_bufref_init(&hdrbuf); + Curl_bufref_set(&hdrbuf, hdr, hdrlen, curl_free); + result = Curl_auth_decode_ntlm_type2_message(data, &hdrbuf, ntlm); + Curl_bufref_free(&hdrbuf); + } if(result) return result; @@ -87,17 +100,17 @@ CURLcode Curl_input_ntlm(struct connectdata *conn, } else { if(*state == NTLMSTATE_LAST) { - infof(conn->data, "NTLM auth restarted\n"); + infof(data, "NTLM auth restarted"); Curl_http_auth_cleanup_ntlm(conn); } else if(*state == NTLMSTATE_TYPE3) { - infof(conn->data, "NTLM handshake rejected\n"); + infof(data, "NTLM handshake rejected"); Curl_http_auth_cleanup_ntlm(conn); *state = NTLMSTATE_NONE; return CURLE_REMOTE_ACCESS_DENIED; } else if(*state >= NTLMSTATE_TYPE1) { - infof(conn->data, "NTLM handshake failure (internal error)\n"); + infof(data, "NTLM handshake failure (internal error)"); return CURLE_REMOTE_ACCESS_DENIED; } @@ -111,11 +124,12 @@ CURLcode Curl_input_ntlm(struct connectdata *conn, /* * This is for creating ntlm header output */ -CURLcode Curl_output_ntlm(struct connectdata *conn, bool proxy) +CURLcode Curl_output_ntlm(struct Curl_easy *data, bool proxy) { char *base64 = NULL; size_t len = 0; - CURLcode result; + CURLcode result = CURLE_OK; + struct bufref ntlmmsg; /* point to the address of the pointer that holds the string to send to the server, which is for a plain host or for a HTTP proxy */ @@ -131,8 +145,7 @@ CURLcode Curl_output_ntlm(struct connectdata *conn, bool proxy) struct ntlmdata *ntlm; curlntlm *state; struct auth *authp; - struct Curl_easy *data = conn->data; - + struct connectdata *conn = data->conn; DEBUGASSERT(conn); DEBUGASSERT(data); @@ -140,28 +153,28 @@ CURLcode Curl_output_ntlm(struct connectdata *conn, bool proxy) if(proxy) { #ifndef CURL_DISABLE_PROXY allocuserpwd = &data->state.aptr.proxyuserpwd; - userp = conn->http_proxy.user; - passwdp = conn->http_proxy.passwd; - service = conn->data->set.str[STRING_PROXY_SERVICE_NAME] ? - conn->data->set.str[STRING_PROXY_SERVICE_NAME] : "HTTP"; + userp = data->state.aptr.proxyuser; + passwdp = data->state.aptr.proxypasswd; + service = data->set.str[STRING_PROXY_SERVICE_NAME] ? + data->set.str[STRING_PROXY_SERVICE_NAME] : "HTTP"; hostname = conn->http_proxy.host.name; ntlm = &conn->proxyntlm; state = &conn->proxy_ntlm_state; - authp = &conn->data->state.authproxy; + authp = &data->state.authproxy; #else return CURLE_NOT_BUILT_IN; #endif } else { allocuserpwd = &data->state.aptr.userpwd; - userp = conn->user; - passwdp = conn->passwd; - service = conn->data->set.str[STRING_SERVICE_NAME] ? - conn->data->set.str[STRING_SERVICE_NAME] : "HTTP"; + userp = data->state.aptr.user; + passwdp = data->state.aptr.passwd; + service = data->set.str[STRING_SERVICE_NAME] ? + data->set.str[STRING_SERVICE_NAME] : "HTTP"; hostname = conn->host.name; ntlm = &conn->ntlm; state = &conn->http_ntlm_state; - authp = &conn->data->state.authhost; + authp = &data->state.authhost; } authp->done = FALSE; @@ -173,10 +186,10 @@ CURLcode Curl_output_ntlm(struct connectdata *conn, bool proxy) passwdp = ""; #ifdef USE_WINDOWS_SSPI - if(s_hSecDll == NULL) { + if(!s_hSecDll) { /* not thread safe and leaks - use curl_global_init() to avoid */ CURLcode err = Curl_sspi_global_init(); - if(s_hSecDll == NULL) + if(!s_hSecDll) return err; } #ifdef SECPKG_ATTR_ENDPOINT_BINDINGS @@ -184,65 +197,69 @@ CURLcode Curl_output_ntlm(struct connectdata *conn, bool proxy) #endif #endif + Curl_bufref_init(&ntlmmsg); + + /* connection is already authenticated, don't send a header in future + * requests so go directly to NTLMSTATE_LAST */ + if(*state == NTLMSTATE_TYPE3) + *state = NTLMSTATE_LAST; + switch(*state) { case NTLMSTATE_TYPE1: default: /* for the weird cases we (re)start here */ /* Create a type-1 message */ - result = Curl_auth_create_ntlm_type1_message(conn->data, userp, passwdp, + result = Curl_auth_create_ntlm_type1_message(data, userp, passwdp, service, hostname, - ntlm, &base64, - &len); - if(result) - return result; - - if(base64) { - free(*allocuserpwd); - *allocuserpwd = aprintf("%sAuthorization: NTLM %s\r\n", - proxy ? "Proxy-" : "", - base64); - free(base64); - if(!*allocuserpwd) - return CURLE_OUT_OF_MEMORY; - - DEBUG_OUT(fprintf(stderr, "**** Header %s\n ", *allocuserpwd)); + ntlm, &ntlmmsg); + if(!result) { + DEBUGASSERT(Curl_bufref_len(&ntlmmsg) != 0); + result = Curl_base64_encode(data, + (const char *) Curl_bufref_ptr(&ntlmmsg), + Curl_bufref_len(&ntlmmsg), &base64, &len); + if(!result) { + free(*allocuserpwd); + *allocuserpwd = aprintf("%sAuthorization: NTLM %s\r\n", + proxy ? "Proxy-" : "", + base64); + free(base64); + if(!*allocuserpwd) + result = CURLE_OUT_OF_MEMORY; + } } break; case NTLMSTATE_TYPE2: /* We already received the type-2 message, create a type-3 message */ - result = Curl_auth_create_ntlm_type3_message(conn->data, userp, passwdp, - ntlm, &base64, &len); - if(result) - return result; - - if(base64) { - free(*allocuserpwd); - *allocuserpwd = aprintf("%sAuthorization: NTLM %s\r\n", - proxy ? "Proxy-" : "", - base64); - free(base64); - if(!*allocuserpwd) - return CURLE_OUT_OF_MEMORY; - - DEBUG_OUT(fprintf(stderr, "**** %s\n ", *allocuserpwd)); - - *state = NTLMSTATE_TYPE3; /* we send a type-3 */ - authp->done = TRUE; + result = Curl_auth_create_ntlm_type3_message(data, userp, passwdp, + ntlm, &ntlmmsg); + if(!result && Curl_bufref_len(&ntlmmsg)) { + result = Curl_base64_encode(data, + (const char *) Curl_bufref_ptr(&ntlmmsg), + Curl_bufref_len(&ntlmmsg), &base64, &len); + if(!result) { + free(*allocuserpwd); + *allocuserpwd = aprintf("%sAuthorization: NTLM %s\r\n", + proxy ? "Proxy-" : "", + base64); + free(base64); + if(!*allocuserpwd) + result = CURLE_OUT_OF_MEMORY; + else { + *state = NTLMSTATE_TYPE3; /* we send a type-3 */ + authp->done = TRUE; + } + } } break; - case NTLMSTATE_TYPE3: - /* connection is already authenticated, - * don't send a header in future requests */ - *state = NTLMSTATE_LAST; - /* FALLTHROUGH */ case NTLMSTATE_LAST: Curl_safefree(*allocuserpwd); authp->done = TRUE; break; } + Curl_bufref_free(&ntlmmsg); - return CURLE_OK; + return result; } void Curl_http_auth_cleanup_ntlm(struct connectdata *conn) |