ntlm_sspi.c 11 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338
  1. /***************************************************************************
  2. * _ _ ____ _
  3. * Project ___| | | | _ \| |
  4. * / __| | | | |_) | |
  5. * | (__| |_| | _ <| |___
  6. * \___|\___/|_| \_\_____|
  7. *
  8. * Copyright (C) 1998 - 2017, Daniel Stenberg, <daniel@haxx.se>, et al.
  9. *
  10. * This software is licensed as described in the file COPYING, which
  11. * you should have received as part of this distribution. The terms
  12. * are also available at https://curl.haxx.se/docs/copyright.html.
  13. *
  14. * You may opt to use, copy, modify, merge, publish, distribute and/or sell
  15. * copies of the Software, and permit persons to whom the Software is
  16. * furnished to do so, under the terms of the COPYING file.
  17. *
  18. * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
  19. * KIND, either express or implied.
  20. *
  21. ***************************************************************************/
  22. #include "curl_setup.h"
  23. #if defined(USE_WINDOWS_SSPI) && defined(USE_NTLM)
  24. #include <curl/curl.h>
  25. #include "vauth/vauth.h"
  26. #include "urldata.h"
  27. #include "curl_base64.h"
  28. #include "curl_ntlm_core.h"
  29. #include "warnless.h"
  30. #include "curl_multibyte.h"
  31. #include "sendf.h"
  32. /* The last #include files should be: */
  33. #include "curl_memory.h"
  34. #include "memdebug.h"
  35. /*
  36. * Curl_auth_is_ntlm_supported()
  37. *
  38. * This is used to evaluate if NTLM is supported.
  39. *
  40. * Parameters: None
  41. *
  42. * Returns TRUE if NTLM is supported by Windows SSPI.
  43. */
  44. bool Curl_auth_is_ntlm_supported(void)
  45. {
  46. PSecPkgInfo SecurityPackage;
  47. SECURITY_STATUS status;
  48. /* Query the security package for NTLM */
  49. status = s_pSecFn->QuerySecurityPackageInfo((TCHAR *) TEXT(SP_NAME_NTLM),
  50. &SecurityPackage);
  51. return (status == SEC_E_OK ? TRUE : FALSE);
  52. }
  53. /*
  54. * Curl_auth_create_ntlm_type1_message()
  55. *
  56. * This is used to generate an already encoded NTLM type-1 message ready for
  57. * sending to the recipient.
  58. *
  59. * Parameters:
  60. *
  61. * data [in] - The session handle.
  62. * userp [in] - The user name in the format User or Domain\User.
  63. * passdwp [in] - The user's password.
  64. * ntlm [in/out] - The NTLM data struct being used and modified.
  65. * outptr [in/out] - The address where a pointer to newly allocated memory
  66. * holding the result will be stored upon completion.
  67. * outlen [out] - The length of the output message.
  68. *
  69. * Returns CURLE_OK on success.
  70. */
  71. CURLcode Curl_auth_create_ntlm_type1_message(struct Curl_easy *data,
  72. const char *userp,
  73. const char *passwdp,
  74. struct ntlmdata *ntlm,
  75. char **outptr, size_t *outlen)
  76. {
  77. PSecPkgInfo SecurityPackage;
  78. SecBuffer type_1_buf;
  79. SecBufferDesc type_1_desc;
  80. SECURITY_STATUS status;
  81. unsigned long attrs;
  82. TimeStamp expiry; /* For Windows 9x compatibility of SSPI calls */
  83. /* Clean up any former leftovers and initialise to defaults */
  84. Curl_auth_ntlm_cleanup(ntlm);
  85. /* Query the security package for NTLM */
  86. status = s_pSecFn->QuerySecurityPackageInfo((TCHAR *) TEXT(SP_NAME_NTLM),
  87. &SecurityPackage);
  88. if(status != SEC_E_OK)
  89. return CURLE_NOT_BUILT_IN;
  90. ntlm->token_max = SecurityPackage->cbMaxToken;
  91. /* Release the package buffer as it is not required anymore */
  92. s_pSecFn->FreeContextBuffer(SecurityPackage);
  93. /* Allocate our output buffer */
  94. ntlm->output_token = malloc(ntlm->token_max);
  95. if(!ntlm->output_token)
  96. return CURLE_OUT_OF_MEMORY;
  97. if(userp && *userp) {
  98. CURLcode result;
  99. /* Populate our identity structure */
  100. result = Curl_create_sspi_identity(userp, passwdp, &ntlm->identity);
  101. if(result)
  102. return result;
  103. /* Allow proper cleanup of the identity structure */
  104. ntlm->p_identity = &ntlm->identity;
  105. }
  106. else
  107. /* Use the current Windows user */
  108. ntlm->p_identity = NULL;
  109. /* Allocate our credentials handle */
  110. ntlm->credentials = malloc(sizeof(CredHandle));
  111. if(!ntlm->credentials)
  112. return CURLE_OUT_OF_MEMORY;
  113. memset(ntlm->credentials, 0, sizeof(CredHandle));
  114. /* Acquire our credentials handle */
  115. status = s_pSecFn->AcquireCredentialsHandle(NULL,
  116. (TCHAR *) TEXT(SP_NAME_NTLM),
  117. SECPKG_CRED_OUTBOUND, NULL,
  118. ntlm->p_identity, NULL, NULL,
  119. ntlm->credentials, &expiry);
  120. if(status != SEC_E_OK)
  121. return CURLE_LOGIN_DENIED;
  122. /* Allocate our new context handle */
  123. ntlm->context = malloc(sizeof(CtxtHandle));
  124. if(!ntlm->context)
  125. return CURLE_OUT_OF_MEMORY;
  126. memset(ntlm->context, 0, sizeof(CtxtHandle));
  127. /* Setup the type-1 "output" security buffer */
  128. type_1_desc.ulVersion = SECBUFFER_VERSION;
  129. type_1_desc.cBuffers = 1;
  130. type_1_desc.pBuffers = &type_1_buf;
  131. type_1_buf.BufferType = SECBUFFER_TOKEN;
  132. type_1_buf.pvBuffer = ntlm->output_token;
  133. type_1_buf.cbBuffer = curlx_uztoul(ntlm->token_max);
  134. /* Generate our type-1 message */
  135. status = s_pSecFn->InitializeSecurityContext(ntlm->credentials, NULL,
  136. (TCHAR *) TEXT(""),
  137. 0, 0, SECURITY_NETWORK_DREP,
  138. NULL, 0,
  139. ntlm->context, &type_1_desc,
  140. &attrs, &expiry);
  141. if(status == SEC_I_COMPLETE_NEEDED ||
  142. status == SEC_I_COMPLETE_AND_CONTINUE)
  143. s_pSecFn->CompleteAuthToken(ntlm->context, &type_1_desc);
  144. else if(status != SEC_E_OK && status != SEC_I_CONTINUE_NEEDED)
  145. return CURLE_RECV_ERROR;
  146. /* Base64 encode the response */
  147. return Curl_base64_encode(data, (char *) ntlm->output_token,
  148. type_1_buf.cbBuffer, outptr, outlen);
  149. }
  150. /*
  151. * Curl_auth_decode_ntlm_type2_message()
  152. *
  153. * This is used to decode an already encoded NTLM type-2 message.
  154. *
  155. * Parameters:
  156. *
  157. * data [in] - The session handle.
  158. * type2msg [in] - The base64 encoded type-2 message.
  159. * ntlm [in/out] - The NTLM data struct being used and modified.
  160. *
  161. * Returns CURLE_OK on success.
  162. */
  163. CURLcode Curl_auth_decode_ntlm_type2_message(struct Curl_easy *data,
  164. const char *type2msg,
  165. struct ntlmdata *ntlm)
  166. {
  167. CURLcode result = CURLE_OK;
  168. unsigned char *type2 = NULL;
  169. size_t type2_len = 0;
  170. #if defined(CURL_DISABLE_VERBOSE_STRINGS)
  171. (void) data;
  172. #endif
  173. /* Decode the base-64 encoded type-2 message */
  174. if(strlen(type2msg) && *type2msg != '=') {
  175. result = Curl_base64_decode(type2msg, &type2, &type2_len);
  176. if(result)
  177. return result;
  178. }
  179. /* Ensure we have a valid type-2 message */
  180. if(!type2) {
  181. infof(data, "NTLM handshake failure (empty type-2 message)\n");
  182. return CURLE_BAD_CONTENT_ENCODING;
  183. }
  184. /* Simply store the challenge for use later */
  185. ntlm->input_token = type2;
  186. ntlm->input_token_len = type2_len;
  187. return result;
  188. }
  189. /*
  190. * Curl_auth_create_ntlm_type3_message()
  191. * Curl_auth_create_ntlm_type3_message()
  192. *
  193. * This is used to generate an already encoded NTLM type-3 message ready for
  194. * sending to the recipient.
  195. *
  196. * Parameters:
  197. *
  198. * data [in] - The session handle.
  199. * userp [in] - The user name in the format User or Domain\User.
  200. * passdwp [in] - The user's password.
  201. * ntlm [in/out] - The NTLM data struct being used and modified.
  202. * outptr [in/out] - The address where a pointer to newly allocated memory
  203. * holding the result will be stored upon completion.
  204. * outlen [out] - The length of the output message.
  205. *
  206. * Returns CURLE_OK on success.
  207. */
  208. CURLcode Curl_auth_create_ntlm_type3_message(struct Curl_easy *data,
  209. const char *userp,
  210. const char *passwdp,
  211. struct ntlmdata *ntlm,
  212. char **outptr, size_t *outlen)
  213. {
  214. CURLcode result = CURLE_OK;
  215. SecBuffer type_2_buf;
  216. SecBuffer type_3_buf;
  217. SecBufferDesc type_2_desc;
  218. SecBufferDesc type_3_desc;
  219. SECURITY_STATUS status;
  220. unsigned long attrs;
  221. TimeStamp expiry; /* For Windows 9x compatibility of SSPI calls */
  222. (void) passwdp;
  223. (void) userp;
  224. /* Setup the type-2 "input" security buffer */
  225. type_2_desc.ulVersion = SECBUFFER_VERSION;
  226. type_2_desc.cBuffers = 1;
  227. type_2_desc.pBuffers = &type_2_buf;
  228. type_2_buf.BufferType = SECBUFFER_TOKEN;
  229. type_2_buf.pvBuffer = ntlm->input_token;
  230. type_2_buf.cbBuffer = curlx_uztoul(ntlm->input_token_len);
  231. /* Setup the type-3 "output" security buffer */
  232. type_3_desc.ulVersion = SECBUFFER_VERSION;
  233. type_3_desc.cBuffers = 1;
  234. type_3_desc.pBuffers = &type_3_buf;
  235. type_3_buf.BufferType = SECBUFFER_TOKEN;
  236. type_3_buf.pvBuffer = ntlm->output_token;
  237. type_3_buf.cbBuffer = curlx_uztoul(ntlm->token_max);
  238. /* Generate our type-3 message */
  239. status = s_pSecFn->InitializeSecurityContext(ntlm->credentials,
  240. ntlm->context,
  241. (TCHAR *) TEXT(""),
  242. 0, 0, SECURITY_NETWORK_DREP,
  243. &type_2_desc,
  244. 0, ntlm->context,
  245. &type_3_desc,
  246. &attrs, &expiry);
  247. if(status != SEC_E_OK) {
  248. infof(data, "NTLM handshake failure (type-3 message): Status=%x\n",
  249. status);
  250. return CURLE_RECV_ERROR;
  251. }
  252. /* Base64 encode the response */
  253. result = Curl_base64_encode(data, (char *) ntlm->output_token,
  254. type_3_buf.cbBuffer, outptr, outlen);
  255. Curl_auth_ntlm_cleanup(ntlm);
  256. return result;
  257. }
  258. /*
  259. * Curl_auth_ntlm_cleanup()
  260. *
  261. * This is used to clean up the NTLM specific data.
  262. *
  263. * Parameters:
  264. *
  265. * ntlm [in/out] - The NTLM data struct being cleaned up.
  266. *
  267. */
  268. void Curl_auth_ntlm_cleanup(struct ntlmdata *ntlm)
  269. {
  270. /* Free our security context */
  271. if(ntlm->context) {
  272. s_pSecFn->DeleteSecurityContext(ntlm->context);
  273. free(ntlm->context);
  274. ntlm->context = NULL;
  275. }
  276. /* Free our credentials handle */
  277. if(ntlm->credentials) {
  278. s_pSecFn->FreeCredentialsHandle(ntlm->credentials);
  279. free(ntlm->credentials);
  280. ntlm->credentials = NULL;
  281. }
  282. /* Free our identity */
  283. Curl_sspi_free_identity(ntlm->p_identity);
  284. ntlm->p_identity = NULL;
  285. /* Free the input and output tokens */
  286. Curl_safefree(ntlm->input_token);
  287. Curl_safefree(ntlm->output_token);
  288. /* Reset any variables */
  289. ntlm->token_max = 0;
  290. }
  291. #endif /* USE_WINDOWS_SSPI && USE_NTLM */