From 6737a8795f20c21bb48d410c2d9266f8c9c11bbc Mon Sep 17 00:00:00 2001
From: Michael Brown
Date: Mon, 19 Feb 2018 11:58:28 +0000
Subject: [http] Allow for domain names within NTLM user names

Allow a NetBIOS domain name to be specified within a URL using a
syntax such as:

  http://domain%5Cusername:password@server/path

Signed-off-by: Michael Brown <mcb30@ipxe.org>
---
 src/net/tcp/httpntlm.c | 25 ++++++++++++++++++++++---
 1 file changed, 22 insertions(+), 3 deletions(-)

(limited to 'src/net')

diff --git a/src/net/tcp/httpntlm.c b/src/net/tcp/httpntlm.c
index 00238e96..25187bd1 100644
--- a/src/net/tcp/httpntlm.c
+++ b/src/net/tcp/httpntlm.c
@@ -35,6 +35,7 @@ FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL );
 #include <ipxe/uri.h>
 #include <ipxe/base64.h>
 #include <ipxe/ntlm.h>
+#include <ipxe/netbios.h>
 #include <ipxe/http.h>
 
 struct http_authentication http_ntlm_auth __http_authentication;
@@ -113,6 +114,8 @@ static int http_ntlm_authenticate ( struct http_transaction *http ) {
 	struct http_request_auth_ntlm *req = &http->request.auth.ntlm;
 	struct http_response_auth_ntlm *rsp = &http->response.auth.ntlm;
 	struct ntlm_key key;
+	const char *domain;
+	char *username;
 	const char *password;
 
 	/* If we have no challenge yet, then just send a Negotiate message */
@@ -130,16 +133,23 @@ static int http_ntlm_authenticate ( struct http_transaction *http ) {
 	req->username = http->uri->user;
 	password = ( http->uri->password ? http->uri->password : "" );
 
+	/* Split NetBIOS [domain\]username */
+	username = ( ( char * ) req->username );
+	domain = netbios_domain ( &username );
+
 	/* Generate key */
-	ntlm_key ( NULL, req->username, password, &key );
+	ntlm_key ( domain, username, password, &key );
 
 	/* Generate responses */
 	ntlm_response ( &rsp->info, &key, NULL, &req->lm, &req->nt );
 
 	/* Calculate Authenticate message length */
-	req->len = ntlm_authenticate_len ( &rsp->info, NULL, req->username,
+	req->len = ntlm_authenticate_len ( &rsp->info, domain, username,
 					   http_ntlm_workstation );
 
+	/* Restore NetBIOS [domain\]username */
+	netbios_domain_undo ( domain, username );
+
 	return 0;
 }
 
@@ -156,6 +166,8 @@ static int http_format_ntlm_auth ( struct http_transaction *http,
 	struct http_request_auth_ntlm *req = &http->request.auth.ntlm;
 	struct http_response_auth_ntlm *rsp = &http->response.auth.ntlm;
 	struct ntlm_authenticate *auth;
+	const char *domain;
+	char *username;
 	size_t check;
 
 	/* If we have no challenge yet, then just send a Negotiate message */
@@ -173,12 +185,19 @@ static int http_format_ntlm_auth ( struct http_transaction *http,
 	if ( ! auth )
 		return -ENOMEM;
 
+	/* Split NetBIOS [domain\]username */
+	username = ( ( char * ) req->username );
+	domain = netbios_domain ( &username );
+
 	/* Construct raw Authenticate message */
-	check = ntlm_authenticate ( &rsp->info, NULL, req->username,
+	check = ntlm_authenticate ( &rsp->info, domain, username,
 				    http_ntlm_workstation, &req->lm,
 				    &req->nt, auth );
 	assert ( check == req->len );
 
+	/* Restore NetBIOS [domain\]username */
+	netbios_domain_undo ( domain, username );
+
 	/* Base64-encode Authenticate message */
 	len = base64_encode ( auth, req->len, buf, len );
 
-- 
cgit v1.2.3-55-g7522