00001
00002
00003
00004
00005
00006
00007
00008
00009
00010
00011
00012
00013
00014
00015
00016
00017
00018
00019
00020
00021
00022
00023 #include "curl_setup.h"
00024
00025 #if defined(USE_WINDOWS_SSPI) && defined(USE_NTLM)
00026
00027 #include <curl/curl.h>
00028
00029 #include "vauth/vauth.h"
00030 #include "urldata.h"
00031 #include "curl_base64.h"
00032 #include "warnless.h"
00033 #include "curl_multibyte.h"
00034 #include "sendf.h"
00035
00036
00037 #include "curl_memory.h"
00038 #include "memdebug.h"
00039
00040
00041
00042
00043
00044
00045
00046
00047
00048
00049 bool Curl_auth_is_ntlm_supported(void)
00050 {
00051 PSecPkgInfo SecurityPackage;
00052 SECURITY_STATUS status;
00053
00054
00055 status = s_pSecFn->QuerySecurityPackageInfo((TCHAR *) TEXT(SP_NAME_NTLM),
00056 &SecurityPackage);
00057
00058 return (status == SEC_E_OK ? TRUE : FALSE);
00059 }
00060
00061
00062
00063
00064
00065
00066
00067
00068
00069
00070
00071
00072
00073
00074
00075
00076
00077
00078 CURLcode Curl_auth_create_ntlm_type1_message(const char *userp,
00079 const char *passwdp,
00080 struct ntlmdata *ntlm,
00081 char **outptr, size_t *outlen)
00082 {
00083 PSecPkgInfo SecurityPackage;
00084 SecBuffer type_1_buf;
00085 SecBufferDesc type_1_desc;
00086 SECURITY_STATUS status;
00087 unsigned long attrs;
00088 TimeStamp expiry;
00089
00090
00091 Curl_auth_ntlm_cleanup(ntlm);
00092
00093
00094 status = s_pSecFn->QuerySecurityPackageInfo((TCHAR *) TEXT(SP_NAME_NTLM),
00095 &SecurityPackage);
00096 if(status != SEC_E_OK)
00097 return CURLE_NOT_BUILT_IN;
00098
00099 ntlm->token_max = SecurityPackage->cbMaxToken;
00100
00101
00102 s_pSecFn->FreeContextBuffer(SecurityPackage);
00103
00104
00105 ntlm->output_token = malloc(ntlm->token_max);
00106 if(!ntlm->output_token)
00107 return CURLE_OUT_OF_MEMORY;
00108
00109 if(userp && *userp) {
00110 CURLcode result;
00111
00112
00113 result = Curl_create_sspi_identity(userp, passwdp, &ntlm->identity);
00114 if(result)
00115 return result;
00116
00117
00118 ntlm->p_identity = &ntlm->identity;
00119 }
00120 else
00121
00122 ntlm->p_identity = NULL;
00123
00124
00125 ntlm->credentials = malloc(sizeof(CredHandle));
00126 if(!ntlm->credentials)
00127 return CURLE_OUT_OF_MEMORY;
00128
00129 memset(ntlm->credentials, 0, sizeof(CredHandle));
00130
00131
00132 status = s_pSecFn->AcquireCredentialsHandle(NULL,
00133 (TCHAR *) TEXT(SP_NAME_NTLM),
00134 SECPKG_CRED_OUTBOUND, NULL,
00135 ntlm->p_identity, NULL, NULL,
00136 ntlm->credentials, &expiry);
00137 if(status != SEC_E_OK)
00138 return CURLE_LOGIN_DENIED;
00139
00140
00141 ntlm->context = malloc(sizeof(CtxtHandle));
00142 if(!ntlm->context)
00143 return CURLE_OUT_OF_MEMORY;
00144
00145 memset(ntlm->context, 0, sizeof(CtxtHandle));
00146
00147
00148 type_1_desc.ulVersion = SECBUFFER_VERSION;
00149 type_1_desc.cBuffers = 1;
00150 type_1_desc.pBuffers = &type_1_buf;
00151 type_1_buf.BufferType = SECBUFFER_TOKEN;
00152 type_1_buf.pvBuffer = ntlm->output_token;
00153 type_1_buf.cbBuffer = curlx_uztoul(ntlm->token_max);
00154
00155
00156 status = s_pSecFn->InitializeSecurityContext(ntlm->credentials, NULL,
00157 (TCHAR *) TEXT(""),
00158 0, 0, SECURITY_NETWORK_DREP,
00159 NULL, 0,
00160 ntlm->context, &type_1_desc,
00161 &attrs, &expiry);
00162 if(status == SEC_I_COMPLETE_NEEDED ||
00163 status == SEC_I_COMPLETE_AND_CONTINUE)
00164 s_pSecFn->CompleteAuthToken(ntlm->context, &type_1_desc);
00165 else if(status != SEC_E_OK && status != SEC_I_CONTINUE_NEEDED)
00166 return CURLE_RECV_ERROR;
00167
00168
00169 return Curl_base64_encode(NULL, (char *) ntlm->output_token,
00170 type_1_buf.cbBuffer, outptr, outlen);
00171 }
00172
00173
00174
00175
00176
00177
00178
00179
00180
00181
00182
00183
00184
00185
00186 CURLcode Curl_auth_decode_ntlm_type2_message(struct Curl_easy *data,
00187 const char *type2msg,
00188 struct ntlmdata *ntlm)
00189 {
00190 CURLcode result = CURLE_OK;
00191 unsigned char *type2 = NULL;
00192 size_t type2_len = 0;
00193
00194 #if defined(CURL_DISABLE_VERBOSE_STRINGS)
00195 (void) data;
00196 #endif
00197
00198
00199 if(strlen(type2msg) && *type2msg != '=') {
00200 result = Curl_base64_decode(type2msg, &type2, &type2_len);
00201 if(result)
00202 return result;
00203 }
00204
00205
00206 if(!type2) {
00207 infof(data, "NTLM handshake failure (empty type-2 message)\n");
00208
00209 return CURLE_BAD_CONTENT_ENCODING;
00210 }
00211
00212
00213 ntlm->input_token = type2;
00214 ntlm->input_token_len = type2_len;
00215
00216 return result;
00217 }
00218
00219
00220
00221
00222
00223
00224
00225
00226
00227
00228
00229
00230
00231
00232
00233
00234
00235
00236
00237
00238 CURLcode Curl_auth_create_ntlm_type3_message(struct Curl_easy *data,
00239 const char *userp,
00240 const char *passwdp,
00241 struct ntlmdata *ntlm,
00242 char **outptr, size_t *outlen)
00243 {
00244 CURLcode result = CURLE_OK;
00245 SecBuffer type_2_buf;
00246 SecBuffer type_3_buf;
00247 SecBufferDesc type_2_desc;
00248 SecBufferDesc type_3_desc;
00249 SECURITY_STATUS status;
00250 unsigned long attrs;
00251 TimeStamp expiry;
00252
00253 (void) passwdp;
00254 (void) userp;
00255
00256
00257 type_2_desc.ulVersion = SECBUFFER_VERSION;
00258 type_2_desc.cBuffers = 1;
00259 type_2_desc.pBuffers = &type_2_buf;
00260 type_2_buf.BufferType = SECBUFFER_TOKEN;
00261 type_2_buf.pvBuffer = ntlm->input_token;
00262 type_2_buf.cbBuffer = curlx_uztoul(ntlm->input_token_len);
00263
00264
00265 type_3_desc.ulVersion = SECBUFFER_VERSION;
00266 type_3_desc.cBuffers = 1;
00267 type_3_desc.pBuffers = &type_3_buf;
00268 type_3_buf.BufferType = SECBUFFER_TOKEN;
00269 type_3_buf.pvBuffer = ntlm->output_token;
00270 type_3_buf.cbBuffer = curlx_uztoul(ntlm->token_max);
00271
00272
00273 status = s_pSecFn->InitializeSecurityContext(ntlm->credentials,
00274 ntlm->context,
00275 (TCHAR *) TEXT(""),
00276 0, 0, SECURITY_NETWORK_DREP,
00277 &type_2_desc,
00278 0, ntlm->context,
00279 &type_3_desc,
00280 &attrs, &expiry);
00281 if(status != SEC_E_OK) {
00282 infof(data, "NTLM handshake failure (type-3 message): Status=%x\n",
00283 status);
00284
00285 return CURLE_RECV_ERROR;
00286 }
00287
00288
00289 result = Curl_base64_encode(data, (char *) ntlm->output_token,
00290 type_3_buf.cbBuffer, outptr, outlen);
00291
00292 Curl_auth_ntlm_cleanup(ntlm);
00293
00294 return result;
00295 }
00296
00297
00298
00299
00300
00301
00302
00303
00304
00305
00306
00307 void Curl_auth_ntlm_cleanup(struct ntlmdata *ntlm)
00308 {
00309
00310 if(ntlm->context) {
00311 s_pSecFn->DeleteSecurityContext(ntlm->context);
00312 free(ntlm->context);
00313 ntlm->context = NULL;
00314 }
00315
00316
00317 if(ntlm->credentials) {
00318 s_pSecFn->FreeCredentialsHandle(ntlm->credentials);
00319 free(ntlm->credentials);
00320 ntlm->credentials = NULL;
00321 }
00322
00323
00324 Curl_sspi_free_identity(ntlm->p_identity);
00325 ntlm->p_identity = NULL;
00326
00327
00328 Curl_safefree(ntlm->input_token);
00329 Curl_safefree(ntlm->output_token);
00330
00331
00332 ntlm->token_max = 0;
00333 }
00334
00335 #endif