moparisthebest
/
curl
mirror of https://github.com/moparisthebest/curl
1
0
Fork 0
Code Issues Releases Wiki Activity

http NTLM: Tidied up http_ntlm prior to splitting the ntlm specific code

This commit is contained in:
Steve Holme 2011-08-09 22:53:48 +02:00 committed by Yang Tse
parent 209cf2df37
commit 5ed17de326
3 changed files with 149 additions and 140 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

88
lib/http_ntlm.c
View File

@ -164,7 +164,7 @@ static unsigned int readint_le(unsigned char *buf) /* must point to a
#if DEBUG_ME
# define DEBUG_OUT(x) x
static void print_flags(FILE *handle, unsigned long flags)
static void ntlm_print_flags(FILE *handle, unsigned long flags)
{
if(flags & NTLMFLAG_NEGOTIATE_UNICODE)
fprintf(handle, "NTLMFLAG_NEGOTIATE_UNICODE ");
@ -232,7 +232,7 @@ static void print_flags(FILE *handle, unsigned long flags)
fprintf(handle, "NTLMFLAG_NEGOTIATE_56 ");
}
static void print_hex(FILE *handle, const char *buf, size_t len)
static void ntlm_print_hex(FILE *handle, const char *buf, size_t len)
{
const char *p = buf;
fprintf(stderr, "0x");
@ -328,9 +328,9 @@ CURLntlm Curl_input_ntlm(struct connectdata *conn,
DEBUG_OUT({
fprintf(stderr, "**** TYPE2 header flags=0x%08.8lx ", ntlm->flags);
print_flags(stderr, ntlm->flags);
ntlm_print_flags(stderr, ntlm->flags);
fprintf(stderr, "\n nonce=");
print_hex(stderr, (char *)ntlm->nonce, 8);
ntlm_print_hex(stderr, (char *)ntlm->nonce, 8);
fprintf(stderr, "\n****\n");
fprintf(stderr, "**** Header %s\n ", header);
});
@ -632,13 +632,11 @@ static CURLcode mk_nt_hash(struct SessionHandle *data,
}
#endif
#endif
#ifdef USE_WINDOWS_SSPI
static void
ntlm_sspi_cleanup(struct ntlmdata *ntlm)
static void ntlm_sspi_cleanup(struct ntlmdata *ntlm)
{
if(ntlm->type_2) {
free(ntlm->type_2);
@ -1007,8 +1005,8 @@ CURLcode Curl_output_ntlm(struct connectdata *conn,
const char *domain = ""; /* empty */
char host[HOSTNAME_MAX + 1] = ""; /* empty */
#ifndef USE_WINDOWS_SSPI
size_t domlen = strlen(domain);
size_t hostlen = strlen(host);
size_t domlen = 0;
size_t hostlen = 0;
size_t hostoff; /* host name offset */
size_t domoff; /* domain name offset */
#endif
@ -1024,6 +1022,7 @@ CURLcode Curl_output_ntlm(struct connectdata *conn,
/* point to the name and password for this */
const char *userp;
const char *passwdp;
/* point to the correct struct with this */
struct ntlmdata *ntlm;
struct auth *authp;
@ -1078,7 +1077,9 @@ CURLcode Curl_output_ntlm(struct connectdata *conn,
SECURITY_STATUS status;
ULONG attrs;
const char *user;
int domlen;
size_t domlen = 0;
size_t userlen = 0;
size_t passwdlen = 0;
TimeStamp tsDummy; /* For Windows 9x compatibility of SPPI calls */
ntlm_sspi_cleanup(ntlm);
@ -1098,7 +1099,13 @@ CURLcode Curl_output_ntlm(struct connectdata *conn,
domlen = 0;
}
if(user && *user) {
if(user)
userlen = strlen(user);
if(passwdp)
passwdlen = strlen(passwdp);
if(userlen > 0) {
/* note: initialize all of this before doing the mallocs so that
* it can be cleaned up later without leaking memory.
*/
@ -1106,12 +1113,15 @@ CURLcode Curl_output_ntlm(struct connectdata *conn,
memset(ntlm->p_identity, 0, sizeof(*ntlm->p_identity));
if((ntlm->identity.User = (unsigned char *)strdup(user)) == NULL)
return CURLE_OUT_OF_MEMORY;
ntlm->identity.UserLength = strlen(user);
ntlm->identity.UserLength = userlen;
if((ntlm->identity.Password = (unsigned char *)strdup(passwdp)) == NULL)
return CURLE_OUT_OF_MEMORY;
ntlm->identity.PasswordLength = strlen(passwdp);
if((ntlm->identity.Domain = malloc(domlen + 1)) == NULL)
return CURLE_OUT_OF_MEMORY;
strncpy((char *)ntlm->identity.Domain, domain, domlen);
ntlm->identity.Domain[domlen] = '\0';
ntlm->identity.DomainLength = domlen;
@ -1121,10 +1131,9 @@ CURLcode Curl_output_ntlm(struct connectdata *conn,
ntlm->p_identity = NULL;
}
if(s_pSecFn->AcquireCredentialsHandleA(
NULL, (char *)"NTLM", SECPKG_CRED_OUTBOUND, NULL, ntlm->p_identity,
NULL, NULL, &ntlm->handle, &tsDummy
) != SEC_E_OK) {
if(s_pSecFn->AcquireCredentialsHandleA(NULL, (char *)"NTLM", SECPKG_CRED_OUTBOUND,
NULL, ntlm->p_identity, NULL, NULL,
&ntlm->handle, &tsDummy) != SEC_E_OK) {
return CURLE_OUT_OF_MEMORY;
}
@ -1145,8 +1154,7 @@ CURLcode Curl_output_ntlm(struct connectdata *conn,
&ntlm->c_handle, &desc,
&attrs, &tsDummy);
if(status == SEC_I_COMPLETE_AND_CONTINUE ||
status == SEC_I_CONTINUE_NEEDED) {
if(status == SEC_I_COMPLETE_AND_CONTINUE || status == SEC_I_CONTINUE_NEEDED) {
s_pSecFn->CompleteAuthToken(&ntlm->c_handle, &desc);
}
else if(status != SEC_E_OK) {
@ -1179,7 +1187,8 @@ CURLcode Curl_output_ntlm(struct connectdata *conn,
#else
#define NTLM2FLAG 0
#endif
snprintf((char *)ntlmbuf, sizeof(ntlmbuf), NTLMSSP_SIGNATURE "%c"
snprintf((char *)ntlmbuf, sizeof(ntlmbuf),
NTLMSSP_SIGNATURE "%c"
"\x01%c%c%c" /* 32-bit type = 1 */
"%c%c%c%c" /* 32-bit NTLM flag field */
"%c%c" /* domain length */
@ -1195,13 +1204,11 @@ CURLcode Curl_output_ntlm(struct connectdata *conn,
0, /* trailing zero */
0, 0, 0, /* part of type-1 long */
LONGQUARTET(
NTLMFLAG_NEGOTIATE_OEM|
LONGQUARTET(NTLMFLAG_NEGOTIATE_OEM |
NTLMFLAG_REQUEST_TARGET |
NTLMFLAG_NEGOTIATE_NTLM_KEY |
NTLM2FLAG |
NTLMFLAG_NEGOTIATE_ALWAYS_SIGN
),
NTLMFLAG_NEGOTIATE_ALWAYS_SIGN),
SHORTPAIR(domlen),
SHORTPAIR(domlen),
SHORTPAIR(domoff),
@ -1210,7 +1217,8 @@ CURLcode Curl_output_ntlm(struct connectdata *conn,
SHORTPAIR(hostlen),
SHORTPAIR(hostoff),
0, 0,
host /* this is empty */, domain /* this is empty */);
host, /* this is empty */
domain /* this is empty */);
/* initial packet length */
size = 32 + hostlen + domlen;
@ -1229,7 +1237,7 @@ CURLcode Curl_output_ntlm(struct connectdata *conn,
NTLMFLAG_NEGOTIATE_NTLM_KEY |
NTLM2FLAG |
NTLMFLAG_NEGOTIATE_ALWAYS_SIGN);
print_flags(stderr,
ntlm_print_flags(stderr,
NTLMFLAG_NEGOTIATE_OEM |
NTLMFLAG_REQUEST_TARGET |
NTLMFLAG_NEGOTIATE_NTLM_KEY |
@ -1274,8 +1282,10 @@ CURLcode Curl_output_ntlm(struct connectdata *conn,
{
#ifdef USE_WINDOWS_SSPI
SecBuffer type_2, type_3;
SecBufferDesc type_2_desc, type_3_desc;
SecBuffer type_2;
SecBuffer type_3;
SecBufferDesc type_2_desc;
SecBufferDesc type_3_desc;
SECURITY_STATUS status;
ULONG attrs;
TimeStamp tsDummy; /* For Windows 9x compatibility of SPPI calls */
@ -1321,7 +1331,7 @@ CURLcode Curl_output_ntlm(struct connectdata *conn,
bool unicode = (ntlm->flags & NTLMFLAG_NEGOTIATE_UNICODE) ? TRUE : FALSE;
size_t useroff;
const char *user;
size_t userlen;
size_t userlen = 0;
CURLcode res;
user = strchr(userp, '\\');
@ -1335,6 +1345,8 @@ CURLcode Curl_output_ntlm(struct connectdata *conn,
}
else
user = userp;
if(user)
userlen = strlen(user);
if(Curl_gethostname(host, HOSTNAME_MAX)) {
@ -1384,6 +1396,7 @@ CURLcode Curl_output_ntlm(struct connectdata *conn,
/* 8 bytes random data as challenge in lmresp */
memcpy(lmresp, entropy, 8);
/* Pad with zeros */
memset(lmresp + 8, 0, 0x10);
@ -1450,7 +1463,7 @@ CURLcode Curl_output_ntlm(struct connectdata *conn,
/* Create the big type-3 message binary blob */
size = snprintf((char *)ntlmbuf, sizeof(ntlmbuf),
NTLMSSP_SIGNATURE "%c"
"\x03%c%c%c" /* type-3, 32 bits */
"\x03%c%c%c" /* 32-bit type = 3 */
"%c%c" /* LanManager length */
"%c%c" /* LanManager allocated space */
@ -1482,14 +1495,14 @@ CURLcode Curl_output_ntlm(struct connectdata *conn,
"%c%c" /* session key offset (unknown purpose) */
"%c%c" /* 2 zeroes */
"%c%c%c%c" /* flags */
"%c%c%c%c", /* flags */
/* domain string */
/* user string */
/* host string */
/* LanManager response */
/* NT response */
,
0, /* zero termination */
0, 0, 0, /* type-3 long, the 24 upper bits */
@ -1533,6 +1546,7 @@ CURLcode Curl_output_ntlm(struct connectdata *conn,
DEBUGASSERT(size==64);
DEBUGASSERT(size == (size_t)lmrespoff);
/* We append the binary hashes */
if(size < (sizeof(ntlmbuf) - 0x18)) {
memcpy(&ntlmbuf[size], lmresp, 0x18);
@ -1541,7 +1555,7 @@ CURLcode Curl_output_ntlm(struct connectdata *conn,
DEBUG_OUT({
fprintf(stderr, "**** TYPE3 header lmresp=");
print_hex(stderr, (char *)&ntlmbuf[lmrespoff], 0x18);
ntlm_print_hex(stderr, (char *)&ntlmbuf[lmrespoff], 0x18);
});
#if USE_NTRESPONSES
@ -1553,7 +1567,7 @@ CURLcode Curl_output_ntlm(struct connectdata *conn,
DEBUG_OUT({
fprintf(stderr, "\n ntresp=");
print_hex(stderr, (char *)&ntlmbuf[ntrespoff], 0x18);
ntlm_print_hex(stderr, (char *)&ntlmbuf[ntrespoff], 0x18);
});
#endif
@ -1561,11 +1575,10 @@ CURLcode Curl_output_ntlm(struct connectdata *conn,
DEBUG_OUT({
fprintf(stderr, "\n flags=0x%02.2x%02.2x%02.2x%02.2x 0x%08.8x ",
LONGQUARTET(ntlm->flags), ntlm->flags);
print_flags(stderr, ntlm->flags);
ntlm_print_flags(stderr, ntlm->flags);
fprintf(stderr, "\n****\n");
});
/* Make sure that the domain, user and host strings fit in the target
buffer before we copy them there. */
if(size + userlen + domlen + hostlen >= sizeof(ntlmbuf)) {
@ -1638,9 +1651,7 @@ CURLcode Curl_output_ntlm(struct connectdata *conn,
return CURLE_OK;
}
void
Curl_ntlm_cleanup(struct connectdata *conn)
void Curl_http_ntlm_cleanup(struct connectdata *conn)
{
#ifdef USE_WINDOWS_SSPI
ntlm_sspi_cleanup(&conn->ntlm);
@ -1653,6 +1664,5 @@ Curl_ntlm_cleanup(struct connectdata *conn)
#endif
}
#endif /* USE_NTLM */
#endif /* !CURL_DISABLE_HTTP */

5
lib/http_ntlm.h
View File

@ -44,10 +44,7 @@ CURLcode Curl_output_ntlm(struct connectdata *conn, bool proxy);
CURLcode Curl_output_ntlm_sso(struct connectdata *conn, bool proxy);
#endif
void Curl_ntlm_cleanup(struct connectdata *conn);
#ifndef USE_NTLM
#define Curl_ntlm_cleanup(x)
#endif
void Curl_http_ntlm_cleanup(struct connectdata *conn);
/* Flag bits definitions based on http://davenport.sourceforge.net/ntlm.html */

4
lib/url.c
View File

@ -2617,7 +2617,9 @@ CURLcode Curl_disconnect(struct connectdata *conn, bool dead_connection)
if(has_host_ntlm || has_proxy_ntlm) {
data->state.authproblem = FALSE;
Curl_ntlm_cleanup(conn);
#ifdef USE_NTLM
Curl_http_ntlm_cleanup(conn);
#endif
}
}