#include "curl_setup.h"
#if !defined(CURL_DISABLE_HTTP) && defined(USE_NTLM)
#define DEBUG_ME 0
#include "urldata.h"
#include "sendf.h"
#include "strcase.h"
#include "http_ntlm.h"
#include "curl_ntlm_core.h"
#include "curl_ntlm_wb.h"
#include "vauth/vauth.h"
#include "url.h"
#if defined(NTLM_NEEDS_NSS_INIT)
#include "vtls/nssg.h"
#elif defined(USE_WINDOWS_SSPI)
#include "curl_sspi.h"
#endif
#include "curl_printf.h"
#include "curl_memory.h"
#include "memdebug.h"
#if DEBUG_ME
# define DEBUG_OUT(x) x
#else
# define DEBUG_OUT(x) Curl_nop_stmt
#endif
CURLcode Curl_input_ntlm(struct connectdata *conn,
bool proxy,
const char *header)
{
struct ntlmdata *ntlm;
CURLcode result = CURLE_OK;
ntlm = proxy ? &conn->proxyntlm : &conn->ntlm;
if(checkprefix("NTLM", header)) {
header += strlen("NTLM");
while(*header && ISSPACE(*header))
header++;
if(*header) {
result = Curl_auth_decode_ntlm_type2_message(conn->data, header, ntlm);
if(result)
return result;
ntlm->state = NTLMSTATE_TYPE2;
}
else {
if(ntlm->state == NTLMSTATE_LAST) {
infof(conn->data, "NTLM auth restarted\n");
Curl_http_ntlm_cleanup(conn);
}
else if(ntlm->state == NTLMSTATE_TYPE3) {
infof(conn->data, "NTLM handshake rejected\n");
Curl_http_ntlm_cleanup(conn);
ntlm->state = NTLMSTATE_NONE;
return CURLE_REMOTE_ACCESS_DENIED;
}
else if(ntlm->state >= NTLMSTATE_TYPE1) {
infof(conn->data, "NTLM handshake failure (internal error)\n");
return CURLE_REMOTE_ACCESS_DENIED;
}
ntlm->state = NTLMSTATE_TYPE1;
}
}
return result;
}
CURLcode Curl_output_ntlm(struct connectdata *conn, bool proxy)
{
char *base64 = NULL;
size_t len = 0;
CURLcode result;
char **allocuserpwd;
const char *userp;
const char *passwdp;
const char *service = NULL;
const char *hostname = NULL;
struct ntlmdata *ntlm;
struct auth *authp;
DEBUGASSERT(conn);
DEBUGASSERT(conn->data);
#if defined(NTLM_NEEDS_NSS_INIT)
if(CURLE_OK != Curl_nss_force_init(conn->data))
return CURLE_OUT_OF_MEMORY;
#endif
if(proxy) {
allocuserpwd = &conn->allocptr.proxyuserpwd;
userp = conn->http_proxy.user;
passwdp = conn->http_proxy.passwd;
service = conn->data->set.str[STRING_PROXY_SERVICE_NAME] ?
conn->data->set.str[STRING_PROXY_SERVICE_NAME] : "HTTP";
hostname = conn->http_proxy.host.name;
ntlm = &conn->proxyntlm;
authp = &conn->data->state.authproxy;
}
else {
allocuserpwd = &conn->allocptr.userpwd;
userp = conn->user;
passwdp = conn->passwd;
service = conn->data->set.str[STRING_SERVICE_NAME] ?
conn->data->set.str[STRING_SERVICE_NAME] : "HTTP";
hostname = conn->host.name;
ntlm = &conn->ntlm;
authp = &conn->data->state.authhost;
}
authp->done = FALSE;
if(!userp)
userp = "";
if(!passwdp)
passwdp = "";
#ifdef USE_WINDOWS_SSPI
if(s_hSecDll == NULL) {
CURLcode err = Curl_sspi_global_init();
if(s_hSecDll == NULL)
return err;
}
#ifdef SECPKG_ATTR_ENDPOINT_BINDINGS
ntlm->sslContext = conn->sslContext;
#endif
#endif
switch(ntlm->state) {
case NTLMSTATE_TYPE1:
default:
result = Curl_auth_create_ntlm_type1_message(conn->data, userp, passwdp,
service, hostname,
ntlm, &base64,
&len);
if(result)
return result;
if(base64) {
free(*allocuserpwd);
*allocuserpwd = aprintf("%sAuthorization: NTLM %s\r\n",
proxy ? "Proxy-" : "",
base64);
free(base64);
if(!*allocuserpwd)
return CURLE_OUT_OF_MEMORY;
DEBUG_OUT(fprintf(stderr, "**** Header %s\n ", *allocuserpwd));
}
break;
case NTLMSTATE_TYPE2:
result = Curl_auth_create_ntlm_type3_message(conn->data, userp, passwdp,
ntlm, &base64, &len);
if(result)
return result;
if(base64) {
free(*allocuserpwd);
*allocuserpwd = aprintf("%sAuthorization: NTLM %s\r\n",
proxy ? "Proxy-" : "",
base64);
free(base64);
if(!*allocuserpwd)
return CURLE_OUT_OF_MEMORY;
DEBUG_OUT(fprintf(stderr, "**** %s\n ", *allocuserpwd));
ntlm->state = NTLMSTATE_TYPE3;
authp->done = TRUE;
}
break;
case NTLMSTATE_TYPE3:
ntlm->state = NTLMSTATE_LAST;
case NTLMSTATE_LAST:
Curl_safefree(*allocuserpwd);
authp->done = TRUE;
break;
}
return CURLE_OK;
}
void Curl_http_ntlm_cleanup(struct connectdata *conn)
{
Curl_auth_ntlm_cleanup(&conn->ntlm);
Curl_auth_ntlm_cleanup(&conn->proxyntlm);
#if defined(NTLM_WB_ENABLED)
Curl_ntlm_wb_cleanup(conn);
#endif
}
#endif