diff options
| author | Michael Brown <mcb30@ipxe.org> | 2018-02-19 11:58:28 +0000 |
|---|---|---|
| committer | Michael Brown <mcb30@ipxe.org> | 2018-02-19 11:58:28 +0000 |
| commit | 6737a8795f20c21bb48d410c2d9266f8c9c11bbc (patch) | |
| tree | d9a80f5df3fa916b6db65a01453acc921888dd8a /src/net/tcp | |
| parent | 546dd51de8459d4d09958891f426fa2c73ff090d (diff) | |
| download | ipxe-6737a8795f20c21bb48d410c2d9266f8c9c11bbc.tar.gz | |
[http] Allow for domain names within NTLM user names
Allow a NetBIOS domain name to be specified within a URL using a
syntax such as:
http://domain%5Cusername:password@server/path
Signed-off-by: Michael Brown <mcb30@ipxe.org>
Diffstat (limited to 'src/net/tcp')
| -rw-r--r-- | src/net/tcp/httpntlm.c | 25 |
1 files changed, 22 insertions, 3 deletions
diff --git a/src/net/tcp/httpntlm.c b/src/net/tcp/httpntlm.c index 00238e96c..25187bd19 100644 --- a/src/net/tcp/httpntlm.c +++ b/src/net/tcp/httpntlm.c @@ -35,6 +35,7 @@ FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL ); #include <ipxe/uri.h> #include <ipxe/base64.h> #include <ipxe/ntlm.h> +#include <ipxe/netbios.h> #include <ipxe/http.h> struct http_authentication http_ntlm_auth __http_authentication; @@ -113,6 +114,8 @@ static int http_ntlm_authenticate ( struct http_transaction *http ) { struct http_request_auth_ntlm *req = &http->request.auth.ntlm; struct http_response_auth_ntlm *rsp = &http->response.auth.ntlm; struct ntlm_key key; + const char *domain; + char *username; const char *password; /* If we have no challenge yet, then just send a Negotiate message */ @@ -130,16 +133,23 @@ static int http_ntlm_authenticate ( struct http_transaction *http ) { req->username = http->uri->user; password = ( http->uri->password ? http->uri->password : "" ); + /* Split NetBIOS [domain\]username */ + username = ( ( char * ) req->username ); + domain = netbios_domain ( &username ); + /* Generate key */ - ntlm_key ( NULL, req->username, password, &key ); + ntlm_key ( domain, username, password, &key ); /* Generate responses */ ntlm_response ( &rsp->info, &key, NULL, &req->lm, &req->nt ); /* Calculate Authenticate message length */ - req->len = ntlm_authenticate_len ( &rsp->info, NULL, req->username, + req->len = ntlm_authenticate_len ( &rsp->info, domain, username, http_ntlm_workstation ); + /* Restore NetBIOS [domain\]username */ + netbios_domain_undo ( domain, username ); + return 0; } @@ -156,6 +166,8 @@ static int http_format_ntlm_auth ( struct http_transaction *http, struct http_request_auth_ntlm *req = &http->request.auth.ntlm; struct http_response_auth_ntlm *rsp = &http->response.auth.ntlm; struct ntlm_authenticate *auth; + const char *domain; + char *username; size_t check; /* If we have no challenge yet, then just send a Negotiate message */ @@ -173,12 +185,19 @@ static int http_format_ntlm_auth ( struct http_transaction *http, if ( ! auth ) return -ENOMEM; + /* Split NetBIOS [domain\]username */ + username = ( ( char * ) req->username ); + domain = netbios_domain ( &username ); + /* Construct raw Authenticate message */ - check = ntlm_authenticate ( &rsp->info, NULL, req->username, + check = ntlm_authenticate ( &rsp->info, domain, username, http_ntlm_workstation, &req->lm, &req->nt, auth ); assert ( check == req->len ); + /* Restore NetBIOS [domain\]username */ + netbios_domain_undo ( domain, username ); + /* Base64-encode Authenticate message */ len = base64_encode ( auth, req->len, buf, len ); |