moparisthebest/curl
1
0
Fork 0
mirror of https://github.com/moparisthebest/curl synced 2024-08-13 17:03:50 -04:00
Code Issues Releases Wiki Activity

ntlm: Move the winbind data into the NTLM data structure

Browse Source 
To assist with adding winbind support to the SASL NTLM authentication,
move the winbind specific data out of conndata into ntlmdata.
This commit is contained in:
Steve Holme 2019-05-07 23:36:52 +01:00
parent 28b5b1c20a
commit 6ef123522a
3 changed files with 54 additions and 41 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

76
lib/curl_ntlm_wb.c
View File

@ -5,7 +5,7 @@
* | (__| |_| | _ <| |___ * | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____| * \___|\___/|_| \_\_____|
* *
* Copyright (C) 1998 - 2019, Daniel Stenberg, <daniel@haxx.se>, et al. * Copyright (C) 1998 - 2020, Daniel Stenberg, <daniel@haxx.se>, et al.
* *
* This software is licensed as described in the file COPYING, which * This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms * you should have received as part of this distribution. The terms
@ -76,22 +76,22 @@
# define sclose_nolog(x) close((x)) # define sclose_nolog(x) close((x))
#endif #endif
void Curl_http_auth_cleanup_ntlm_wb(struct connectdata *conn) static void ntlm_wb_cleanup(struct ntlmdata *ntlm)
{ {
if(conn->ntlm_auth_hlpr_socket != CURL_SOCKET_BAD) { if(ntlm->ntlm_auth_hlpr_socket != CURL_SOCKET_BAD) {
sclose(conn->ntlm_auth_hlpr_socket); sclose(ntlm->ntlm_auth_hlpr_socket);
conn->ntlm_auth_hlpr_socket = CURL_SOCKET_BAD; ntlm->ntlm_auth_hlpr_socket = CURL_SOCKET_BAD;
} }
if(conn->ntlm_auth_hlpr_pid) { if(ntlm->ntlm_auth_hlpr_pid) {
int i; int i;
for(i = 0; i < 4; i++) { for(i = 0; i < 4; i++) {
pid_t ret = waitpid(conn->ntlm_auth_hlpr_pid, NULL, WNOHANG); pid_t ret = waitpid(ntlm->ntlm_auth_hlpr_pid, NULL, WNOHANG);
if(ret == conn->ntlm_auth_hlpr_pid || errno == ECHILD) if(ret == ntlm->ntlm_auth_hlpr_pid || errno == ECHILD)
break; break;
switch(i) { switch(i) {
case 0: case 0:
kill(conn->ntlm_auth_hlpr_pid, SIGTERM); kill(ntlm->ntlm_auth_hlpr_pid, SIGTERM);
break; break;
case 1: case 1:
/* Give the process another moment to shut down cleanly before /* Give the process another moment to shut down cleanly before
@ -99,20 +99,21 @@ void Curl_http_auth_cleanup_ntlm_wb(struct connectdata *conn)
Curl_wait_ms(1); Curl_wait_ms(1);
break; break;
case 2: case 2:
kill(conn->ntlm_auth_hlpr_pid, SIGKILL); kill(ntlm->ntlm_auth_hlpr_pid, SIGKILL);
break; break;
case 3: case 3:
break; break;
} }
} }
conn->ntlm_auth_hlpr_pid = 0; ntlm->ntlm_auth_hlpr_pid = 0;
} }
Curl_safefree(conn->challenge_header); Curl_safefree(ntlm->challenge_header);
Curl_safefree(conn->response_header); Curl_safefree(ntlm->response_header);
} }
static CURLcode ntlm_wb_init(struct connectdata *conn, const char *userp) static CURLcode ntlm_wb_init(struct connectdata *conn, struct ntlmdata *ntlm,
const char *userp)
{ {
curl_socket_t sockfds[2]; curl_socket_t sockfds[2];
pid_t child_pid; pid_t child_pid;
@ -127,8 +128,8 @@ static CURLcode ntlm_wb_init(struct connectdata *conn, const char *userp)
char buffer[STRERROR_LEN]; char buffer[STRERROR_LEN];
/* Return if communication with ntlm_auth already set up */ /* Return if communication with ntlm_auth already set up */
if(conn->ntlm_auth_hlpr_socket != CURL_SOCKET_BAD || if(ntlm->ntlm_auth_hlpr_socket != CURL_SOCKET_BAD ||
conn->ntlm_auth_hlpr_pid) ntlm->ntlm_auth_hlpr_pid)
return CURLE_OK; return CURLE_OK;
username = userp; username = userp;
@ -238,8 +239,8 @@ static CURLcode ntlm_wb_init(struct connectdata *conn, const char *userp)
} }
sclose(sockfds[1]); sclose(sockfds[1]);
conn->ntlm_auth_hlpr_socket = sockfds[0]; ntlm->ntlm_auth_hlpr_socket = sockfds[0];
conn->ntlm_auth_hlpr_pid = child_pid; ntlm->ntlm_auth_hlpr_pid = child_pid;
free(domain); free(domain);
free(ntlm_auth_alloc); free(ntlm_auth_alloc);
return CURLE_OK; return CURLE_OK;
@ -254,7 +255,8 @@ done:
#define MAX_NTLM_WB_RESPONSE 100000 #define MAX_NTLM_WB_RESPONSE 100000
static CURLcode ntlm_wb_response(struct connectdata *conn, static CURLcode ntlm_wb_response(struct connectdata *conn,
const char *input, curlntlm state) struct ntlmdata *ntlm, const char *input,
curlntlm state)
{ {
char *buf = malloc(NTLM_BUFSIZE); char *buf = malloc(NTLM_BUFSIZE);
size_t len_in = strlen(input), len_out = 0; size_t len_in = strlen(input), len_out = 0;
@ -263,7 +265,7 @@ static CURLcode ntlm_wb_response(struct connectdata *conn,
return CURLE_OUT_OF_MEMORY; return CURLE_OUT_OF_MEMORY;
while(len_in > 0) { while(len_in > 0) {
ssize_t written = swrite(conn->ntlm_auth_hlpr_socket, input, len_in); ssize_t written = swrite(ntlm->ntlm_auth_hlpr_socket, input, len_in);
if(written == -1) { if(written == -1) {
/* Interrupted by a signal, retry it */ /* Interrupted by a signal, retry it */
if(errno == EINTR) if(errno == EINTR)
@ -279,7 +281,7 @@ static CURLcode ntlm_wb_response(struct connectdata *conn,
ssize_t size; ssize_t size;
char *newbuf; char *newbuf;
size = sread(conn->ntlm_auth_hlpr_socket, buf + len_out, NTLM_BUFSIZE); size = sread(ntlm->ntlm_auth_hlpr_socket, buf + len_out, NTLM_BUFSIZE);
if(size == -1) { if(size == -1) {
if(errno == EINTR) if(errno == EINTR)
continue; continue;
@ -323,9 +325,9 @@ static CURLcode ntlm_wb_response(struct connectdata *conn,
(buf[0]!='A' || buf[1]!='F' || buf[2]!=' ')) (buf[0]!='A' || buf[1]!='F' || buf[2]!=' '))
goto done; goto done;
conn->response_header = aprintf("NTLM %.*s", len_out - 4, buf + 3); ntlm->response_header = aprintf("NTLM %.*s", len_out - 4, buf + 3);
free(buf); free(buf);
if(!conn->response_header) if(!ntlm->response_header)
return CURLE_OUT_OF_MEMORY; return CURLE_OUT_OF_MEMORY;
return CURLE_OK; return CURLE_OK;
done: done:
@ -337,6 +339,7 @@ CURLcode Curl_input_ntlm_wb(struct connectdata *conn,
bool proxy, bool proxy,
const char *header) const char *header)
{ {
struct ntlmdata *ntlm = proxy ? &conn->proxyntlm : &conn->ntlm;
curlntlm *state = proxy ? &conn->proxy_ntlm_state : &conn->http_ntlm_state; curlntlm *state = proxy ? &conn->proxy_ntlm_state : &conn->http_ntlm_state;
if(!checkprefix("NTLM", header)) if(!checkprefix("NTLM", header))
@ -347,8 +350,8 @@ CURLcode Curl_input_ntlm_wb(struct connectdata *conn,
header++; header++;
if(*header) { if(*header) {
conn->challenge_header = strdup(header); ntlm->challenge_header = strdup(header);
if(!conn->challenge_header) if(!ntlm->challenge_header)
return CURLE_OUT_OF_MEMORY; return CURLE_OUT_OF_MEMORY;
*state = NTLMSTATE_TYPE2; /* We got a type-2 message */ *state = NTLMSTATE_TYPE2; /* We got a type-2 message */
@ -387,6 +390,7 @@ CURLcode Curl_output_ntlm_wb(struct connectdata *conn,
char **allocuserpwd; char **allocuserpwd;
/* point to the name and password for this */ /* point to the name and password for this */
const char *userp; const char *userp;
struct ntlmdata *ntlm;
curlntlm *state; curlntlm *state;
struct auth *authp; struct auth *authp;
@ -398,12 +402,14 @@ CURLcode Curl_output_ntlm_wb(struct connectdata *conn,
if(proxy) { if(proxy) {
allocuserpwd = &conn->allocptr.proxyuserpwd; allocuserpwd = &conn->allocptr.proxyuserpwd;
userp = conn->http_proxy.user; userp = conn->http_proxy.user;
ntlm = &conn->proxyntlm;
state = &conn->proxy_ntlm_state; state = &conn->proxy_ntlm_state;
authp = &conn->data->state.authproxy; authp = &conn->data->state.authproxy;
} }
else { else {
allocuserpwd = &conn->allocptr.userpwd; allocuserpwd = &conn->allocptr.userpwd;
userp = conn->user; userp = conn->user;
ntlm = &conn->ntlm;
state = &conn->http_ntlm_state; state = &conn->http_ntlm_state;
authp = &conn->data->state.authhost; authp = &conn->data->state.authhost;
} }
@ -429,28 +435,28 @@ CURLcode Curl_output_ntlm_wb(struct connectdata *conn,
* request handling process. * request handling process.
*/ */
/* Create communication with ntlm_auth */ /* Create communication with ntlm_auth */
res = ntlm_wb_init(conn, userp); res = ntlm_wb_init(conn, ntlm, userp);
if(res) if(res)
return res; return res;
res = ntlm_wb_response(conn, "YR\n", *state); res = ntlm_wb_response(conn, ntlm, "YR\n", *state);
if(res) if(res)
return res; return res;
free(*allocuserpwd); free(*allocuserpwd);
*allocuserpwd = aprintf("%sAuthorization: %s\r\n", *allocuserpwd = aprintf("%sAuthorization: %s\r\n",
proxy ? "Proxy-" : "", proxy ? "Proxy-" : "",
conn->response_header); ntlm->response_header);
DEBUG_OUT(fprintf(stderr, "**** Header %s\n ", *allocuserpwd)); DEBUG_OUT(fprintf(stderr, "**** Header %s\n ", *allocuserpwd));
Curl_safefree(conn->response_header); Curl_safefree(ntlm->response_header);
if(!*allocuserpwd) if(!*allocuserpwd)
return CURLE_OUT_OF_MEMORY; return CURLE_OUT_OF_MEMORY;
break; break;
case NTLMSTATE_TYPE2: { case NTLMSTATE_TYPE2: {
char *input = aprintf("TT %s\n", conn->challenge_header); char *input = aprintf("TT %s\n", ntlm->challenge_header);
if(!input) if(!input)
return CURLE_OUT_OF_MEMORY; return CURLE_OUT_OF_MEMORY;
res = ntlm_wb_response(conn, input, *state); res = ntlm_wb_response(conn, ntlm, input, *state);
free(input); free(input);
if(res) if(res)
return res; return res;
@ -458,7 +464,7 @@ CURLcode Curl_output_ntlm_wb(struct connectdata *conn,
free(*allocuserpwd); free(*allocuserpwd);
*allocuserpwd = aprintf("%sAuthorization: %s\r\n", *allocuserpwd = aprintf("%sAuthorization: %s\r\n",
proxy ? "Proxy-" : "", proxy ? "Proxy-" : "",
conn->response_header); ntlm->response_header);
DEBUG_OUT(fprintf(stderr, "**** %s\n ", *allocuserpwd)); DEBUG_OUT(fprintf(stderr, "**** %s\n ", *allocuserpwd));
*state = NTLMSTATE_TYPE3; /* we sent a type-3 */ *state = NTLMSTATE_TYPE3; /* we sent a type-3 */
authp->done = TRUE; authp->done = TRUE;
@ -481,4 +487,10 @@ CURLcode Curl_output_ntlm_wb(struct connectdata *conn,
return CURLE_OK; return CURLE_OK;
} }
void Curl_http_auth_cleanup_ntlm_wb(struct connectdata *conn)
{
ntlm_wb_cleanup(&conn->ntlm);
ntlm_wb_cleanup(&conn->proxyntlm);
}
#endif /* !CURL_DISABLE_HTTP && USE_NTLM && NTLM_WB_ENABLED */ #endif /* !CURL_DISABLE_HTTP && USE_NTLM && NTLM_WB_ENABLED */

3
lib/url.c
View File

@ -1652,7 +1652,8 @@ static struct connectdata *allocate_conn(struct Curl_easy *data)
#if !defined(CURL_DISABLE_HTTP) && defined(USE_NTLM) && \ #if !defined(CURL_DISABLE_HTTP) && defined(USE_NTLM) && \
defined(NTLM_WB_ENABLED) defined(NTLM_WB_ENABLED)
conn->ntlm_auth_hlpr_socket = CURL_SOCKET_BAD; conn->ntlm.ntlm_auth_hlpr_socket = CURL_SOCKET_BAD;
conn->proxyntlm.ntlm_auth_hlpr_socket = CURL_SOCKET_BAD;
#endif #endif
/* Initialize the easy handle list */ /* Initialize the easy handle list */

16
lib/urldata.h
View File

@ -367,6 +367,14 @@ struct ntlmdata {
unsigned char nonce[8]; unsigned char nonce[8];
void *target_info; /* TargetInfo received in the ntlm type-2 message */ void *target_info; /* TargetInfo received in the ntlm type-2 message */
unsigned int target_info_len; unsigned int target_info_len;
#if defined(NTLM_WB_ENABLED)
/* used for communication with Samba's winbind daemon helper ntlm_auth */
curl_socket_t ntlm_auth_hlpr_socket;
pid_t ntlm_auth_hlpr_pid;
char *challenge_header;
char *response_header;
#endif
#endif #endif
}; };
#endif #endif
@ -1010,14 +1018,6 @@ struct connectdata {
because it authenticates connections, not because it authenticates connections, not
single requests! */ single requests! */
struct ntlmdata proxyntlm; /* NTLM data for proxy */ struct ntlmdata proxyntlm; /* NTLM data for proxy */
#if defined(NTLM_WB_ENABLED)
/* used for communication with Samba's winbind daemon helper ntlm_auth */
curl_socket_t ntlm_auth_hlpr_socket;
pid_t ntlm_auth_hlpr_pid;
char *challenge_header;
char *response_header;
#endif
#endif #endif
#ifdef USE_SPNEGO #ifdef USE_SPNEGO