source4/lib/http/gensec/ntlm.c

   1 /*
   2    Unix SMB/CIFS implementation.
   3
   4    HTTP library - NTLM authentication mechanism gensec module
   5
   6    Copyright (C) 2014 Samuel Cabrero <samuelcabrero@kernevil.me>
   7
   8    This program is free software; you can redistribute it and/or modify
   9    it under the terms of the GNU General Public License as published by
  10    the Free Software Foundation; either version 3 of the License, or
  11    (at your option) any later version.
  12
  13    This program is distributed in the hope that it will be useful,
  14    but WITHOUT ANY WARRANTY; without even the implied warranty of
  15    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  16    GNU General Public License for more details.
  17
  18    You should have received a copy of the GNU General Public License
  19    along with this program.  If not, see <http://www.gnu.org/licenses/>.
  20 */
  21
  22 #include "includes.h"
  23 #include <tevent.h>
  24 #include "lib/util/tevent_ntstatus.h"
  25 #include "auth/auth.h"
  26 #include "auth/gensec/gensec.h"
  27 #include "auth/gensec/gensec_internal.h"
  28 #include "lib/util/base64.h"
  29
  30 _PUBLIC_ NTSTATUS gensec_http_ntlm_init(TALLOC_CTX *);
  31
  32 struct gensec_http_ntlm_state {
  33         struct gensec_security *sub;
  34 };
  35
  36 static NTSTATUS gensec_http_ntlm_client_start(struct gensec_security *gensec)
  37 {
  38         NTSTATUS status;
  39         struct gensec_http_ntlm_state *state;
  40
  41         state = talloc_zero(gensec, struct gensec_http_ntlm_state);
  42         if (state == NULL) {
  43                 return NT_STATUS_NO_MEMORY;
  44         }
  45         gensec->private_data = state;
  46
  47         status = gensec_subcontext_start(state, gensec, &state->sub);
  48         if (!NT_STATUS_IS_OK(status)) {
  49                 return status;
  50         }
  51
  52         return gensec_start_mech_by_oid(state->sub, GENSEC_OID_NTLMSSP);
  53 }
  54
  55 struct gensec_http_ntlm_update_state {
  56         DATA_BLOB ntlm_in;
  57         NTSTATUS status;
  58         DATA_BLOB out;
  59 };
  60
  61 static void gensec_http_ntlm_update_done(struct tevent_req *subreq);
  62
  63 static struct tevent_req *gensec_http_ntlm_update_send(TALLOC_CTX *mem_ctx,
  64                                                     struct tevent_context *ev,
  65                                                     struct gensec_security *gensec_ctx,
  66                                                     const DATA_BLOB in)
  67 {
  68         struct gensec_http_ntlm_state *http_ntlm =
  69                 talloc_get_type_abort(gensec_ctx->private_data,
  70                                       struct gensec_http_ntlm_state);
  71         struct tevent_req *req = NULL;
  72         struct gensec_http_ntlm_update_state *state = NULL;
  73         struct tevent_req *subreq = NULL;
  74
  75         req = tevent_req_create(mem_ctx, &state,
  76                                 struct gensec_http_ntlm_update_state);
  77         if (req == NULL) {
  78                 return NULL;
  79         }
  80
  81         if (in.length) {
  82                 if (strncasecmp((char *)in.data, "NTLM ", 5) != 0) {
  83                         tevent_req_nterror(req, NT_STATUS_INVALID_PARAMETER);
  84                         return tevent_req_post(req, ev);
  85                 }
  86                 state->ntlm_in = base64_decode_data_blob_talloc(state,
  87                                                         (char *)&in.data[5]);
  88         }
  89
  90         subreq = gensec_update_send(state, ev,
  91                                     http_ntlm->sub,
  92                                     state->ntlm_in);
  93         if (tevent_req_nomem(subreq, req)) {
  94                 return tevent_req_post(req, ev);
  95         }
  96         tevent_req_set_callback(subreq, gensec_http_ntlm_update_done, req);
  97
  98         return req;
  99 }
 100
 101 static void gensec_http_ntlm_update_done(struct tevent_req *subreq)
 102 {
 103         struct tevent_req *req =
 104                 tevent_req_callback_data(subreq,
 105                 struct tevent_req);
 106         struct gensec_http_ntlm_update_state *state =
 107                 tevent_req_data(req,
 108                 struct gensec_http_ntlm_update_state);
 109         NTSTATUS status;
 110         DATA_BLOB ntlm_out;
 111         char *b64 = NULL;
 112         char *str = NULL;
 113
 114         status = gensec_update_recv(subreq, state, &ntlm_out);
 115         TALLOC_FREE(subreq);
 116         state->status = status;
 117         if (NT_STATUS_EQUAL(status, NT_STATUS_MORE_PROCESSING_REQUIRED)) {
 118                 status = NT_STATUS_OK;
 119         }
 120         if (tevent_req_nterror(req, status)) {
 121                 return;
 122         }
 123
 124         b64 = base64_encode_data_blob(state, ntlm_out);
 125         data_blob_free(&ntlm_out);
 126         if (tevent_req_nomem(b64, req)) {
 127                 return;
 128         }
 129
 130         str = talloc_asprintf(state, "NTLM %s", b64);
 131         TALLOC_FREE(b64);
 132         if (tevent_req_nomem(str, req)) {
 133                 return;
 134         }
 135
 136         state->out = data_blob_string_const(str);
 137         return;
 138 }
 139
 140 static NTSTATUS gensec_http_ntlm_update_recv(struct tevent_req *req,
 141                                              TALLOC_CTX *out_mem_ctx,
 142                                              DATA_BLOB *out)
 143 {
 144         struct gensec_http_ntlm_update_state *state =
 145                 tevent_req_data(req,
 146                 struct gensec_http_ntlm_update_state);
 147         NTSTATUS status;
 148
 149         *out = data_blob_null;
 150
 151         if (tevent_req_is_nterror(req, &status)) {
 152                 tevent_req_received(req);
 153                 return status;
 154         }
 155
 156         *out = state->out;
 157         talloc_steal(out_mem_ctx, state->out.data);
 158         status = state->status;
 159         tevent_req_received(req);
 160         return status;
 161 }
 162
 163 static const struct gensec_security_ops gensec_http_ntlm_security_ops = {
 164         .name           = "http_ntlm",
 165         .auth_type      = 0,
 166         .client_start   = gensec_http_ntlm_client_start,
 167         .update_send    = gensec_http_ntlm_update_send,
 168         .update_recv    = gensec_http_ntlm_update_recv,
 169         .enabled        = true,
 170         .priority       = GENSEC_EXTERNAL,
 171 };
 172
 173 _PUBLIC_ NTSTATUS gensec_http_ntlm_init(TALLOC_CTX *ctx)
 174 {
 175         NTSTATUS status;
 176
 177         status = gensec_register(ctx, &gensec_http_ntlm_security_ops);
 178         if (!NT_STATUS_IS_OK(status)) {
 179                 DEBUG(0, ("Failed to register '%s' gensec backend!\n",
 180                                 gensec_http_ntlm_security_ops.name));
 181                 return status;
 182         }
 183
 184         return status;
 185 }