sysadmin/ipxe
1
0
Fork 0
mirror of https://github.com/ipxe/ipxe synced 2025-12-14 16:01:38 +03:00
Code Issues Packages Projects Releases Wiki Activity

[http] Allow for domain names within NTLM user names

Browse Source 
Allow a NetBIOS domain name to be specified within a URL using a
syntax such as:

  http://domain%5Cusername:password@server/path

Signed-off-by: Michael Brown <mcb30@ipxe.org>
This commit is contained in:
Michael Brown
2018-02-19 11:58:28 +00:00
parent 546dd51de8
commit 6737a8795f
3 changed files with 112 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

25
src/net/tcp/httpntlm.c
View File

@@ -35,6 +35,7 @@ FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL );
#include <ipxe/uri.h>
#include <ipxe/base64.h>
#include <ipxe/ntlm.h>
#include <ipxe/netbios.h>
#include <ipxe/http.h>
struct http_authentication http_ntlm_auth __http_authentication;
@@ -113,6 +114,8 @@ static int http_ntlm_authenticate ( struct http_transaction *http ) {
struct http_request_auth_ntlm *req = &http->request.auth.ntlm;
struct http_response_auth_ntlm *rsp = &http->response.auth.ntlm;
struct ntlm_key key;
const char *domain;
char *username;
const char *password;
/* If we have no challenge yet, then just send a Negotiate message */
@@ -130,16 +133,23 @@ static int http_ntlm_authenticate ( struct http_transaction *http ) {
req->username = http->uri->user;
password = ( http->uri->password ? http->uri->password : "" );
/* Split NetBIOS [domain\]username */
username = ( ( char * ) req->username );
domain = netbios_domain ( &username );
/* Generate key */
ntlm_key ( NULL, req->username, password, &key );
ntlm_key ( domain, username, password, &key );
/* Generate responses */
ntlm_response ( &rsp->info, &key, NULL, &req->lm, &req->nt );
/* Calculate Authenticate message length */
req->len = ntlm_authenticate_len ( &rsp->info, NULL, req->username,
req->len = ntlm_authenticate_len ( &rsp->info, domain, username,
http_ntlm_workstation );
/* Restore NetBIOS [domain\]username */
netbios_domain_undo ( domain, username );
return 0;
}
@@ -156,6 +166,8 @@ static int http_format_ntlm_auth ( struct http_transaction *http,
struct http_request_auth_ntlm *req = &http->request.auth.ntlm;
struct http_response_auth_ntlm *rsp = &http->response.auth.ntlm;
struct ntlm_authenticate *auth;
const char *domain;
char *username;
size_t check;
/* If we have no challenge yet, then just send a Negotiate message */
@@ -173,12 +185,19 @@ static int http_format_ntlm_auth ( struct http_transaction *http,
if ( ! auth )
return -ENOMEM;
/* Split NetBIOS [domain\]username */
username = ( ( char * ) req->username );
domain = netbios_domain ( &username );
/* Construct raw Authenticate message */
check = ntlm_authenticate ( &rsp->info, NULL, req->username,
check = ntlm_authenticate ( &rsp->info, domain, username,
http_ntlm_workstation, &req->lm,
&req->nt, auth );
assert ( check == req->len );
/* Restore NetBIOS [domain\]username */
netbios_domain_undo ( domain, username );
/* Base64-encode Authenticate message */
len = base64_encode ( auth, req->len, buf, len );