mirror of https://github.com/moparisthebest/curl
http_ntlm: Move the NTLM state out of the ntlmdata structure
Given that this member variable is not used by the SASL based protocols there is no need to have it here.
This commit is contained in:
Steve Holme
parent
0c73adfad3
commit
85bef18ca1
|
|
@ -345,8 +345,7 @@ CURLcode Curl_output_ntlm_wb(struct connectdata *conn,
|
|||
char **allocuserpwd;
|
||||
/* point to the name and password for this */
|
||||
const char *userp;
|
||||
/* point to the correct struct with this */
|
||||
struct ntlmdata *ntlm;
|
||||
curlntlm *state;
|
||||
struct auth *authp;
|
||||
|
||||
CURLcode res = CURLE_OK;
|
||||
|
|
@ -358,13 +357,13 @@ CURLcode Curl_output_ntlm_wb(struct connectdata *conn,
|
|||
if(proxy) {
|
||||
allocuserpwd = &conn->allocptr.proxyuserpwd;
|
||||
userp = conn->http_proxy.user;
|
||||
ntlm = &conn->proxyntlm;
|
||||
state = &conn->proxy_ntlm_state;
|
||||
authp = &conn->data->state.authproxy;
|
||||
}
|
||||
else {
|
||||
allocuserpwd = &conn->allocptr.userpwd;
|
||||
userp = conn->user;
|
||||
ntlm = &conn->ntlm;
|
||||
state = &conn->http_ntlm_state;
|
||||
authp = &conn->data->state.authhost;
|
||||
}
|
||||
authp->done = FALSE;
|
||||
|
|
@ -373,7 +372,7 @@ CURLcode Curl_output_ntlm_wb(struct connectdata *conn,
|
|||
if(!userp)
|
||||
userp = "";
|
||||
|
||||
switch(ntlm->state) {
|
||||
switch(*state) {
|
||||
case NTLMSTATE_TYPE1:
|
||||
default:
|
||||
/* Use Samba's 'winbind' daemon to support NTLM authentication,
|
||||
|
|
@ -392,7 +391,7 @@ CURLcode Curl_output_ntlm_wb(struct connectdata *conn,
|
|||
res = ntlm_wb_init(conn, userp);
|
||||
if(res)
|
||||
return res;
|
||||
res = ntlm_wb_response(conn, "YR\n", ntlm->state);
|
||||
res = ntlm_wb_response(conn, "YR\n", *state);
|
||||
if(res)
|
||||
return res;
|
||||
|
||||
|
|
@ -410,7 +409,7 @@ CURLcode Curl_output_ntlm_wb(struct connectdata *conn,
|
|||
input = aprintf("TT %s\n", conn->challenge_header);
|
||||
if(!input)
|
||||
return CURLE_OUT_OF_MEMORY;
|
||||
res = ntlm_wb_response(conn, input, ntlm->state);
|
||||
res = ntlm_wb_response(conn, input, *state);
|
||||
free(input);
|
||||
input = NULL;
|
||||
if(res)
|
||||
|
|
@ -421,7 +420,7 @@ CURLcode Curl_output_ntlm_wb(struct connectdata *conn,
|
|||
proxy ? "Proxy-" : "",
|
||||
conn->response_header);
|
||||
DEBUG_OUT(fprintf(stderr, "**** %s\n ", *allocuserpwd));
|
||||
ntlm->state = NTLMSTATE_TYPE3; /* we sent a type-3 */
|
||||
*state = NTLMSTATE_TYPE3; /* we sent a type-3 */
|
||||
authp->done = TRUE;
|
||||
Curl_http_auth_cleanup_ntlm_wb(conn);
|
||||
if(!*allocuserpwd)
|
||||
|
|
|
|||
|
|
@ -466,8 +466,8 @@ static CURLcode http_perhapsrewind(struct connectdata *conn)
|
|||
(data->state.authproxy.picked == CURLAUTH_NTLM_WB) ||
|
||||
(data->state.authhost.picked == CURLAUTH_NTLM_WB)) {
|
||||
if(((expectsend - bytessent) < 2000) ||
|
||||
(conn->ntlm.state != NTLMSTATE_NONE) ||
|
||||
(conn->proxyntlm.state != NTLMSTATE_NONE)) {
|
||||
(conn->http_ntlm_state != NTLMSTATE_NONE) ||
|
||||
(conn->proxy_ntlm_state != NTLMSTATE_NONE)) {
|
||||
/* The NTLM-negotiation has started *OR* there is just a little (<2K)
|
||||
data left to send, keep on sending. */
|
||||
|
||||
|
|
@ -3422,9 +3422,9 @@ CURLcode Curl_http_readwrite_headers(struct Curl_easy *data,
|
|||
#if defined(USE_NTLM)
|
||||
if(conn->bits.close &&
|
||||
(((data->req.httpcode == 401) &&
|
||||
(conn->ntlm.state == NTLMSTATE_TYPE2)) ||
|
||||
(conn->http_ntlm_state == NTLMSTATE_TYPE2)) ||
|
||||
((data->req.httpcode == 407) &&
|
||||
(conn->proxyntlm.state == NTLMSTATE_TYPE2)))) {
|
||||
(conn->proxy_ntlm_state == NTLMSTATE_TYPE2)))) {
|
||||
infof(data, "Connection closure while negotiating auth (HTTP 1.0?)\n");
|
||||
data->state.authproblem = TRUE;
|
||||
}
|
||||
|
|
|
|||
|
|
@ -68,9 +68,11 @@ CURLcode Curl_input_ntlm(struct connectdata *conn,
|
|||
{
|
||||
/* point to the correct struct with this */
|
||||
struct ntlmdata *ntlm;
|
||||
curlntlm *state;
|
||||
CURLcode result = CURLE_OK;
|
||||
|
||||
ntlm = proxy ? &conn->proxyntlm : &conn->ntlm;
|
||||
state = proxy ? &conn->proxy_ntlm_state : &conn->http_ntlm_state;
|
||||
|
||||
if(checkprefix("NTLM", header)) {
|
||||
header += strlen("NTLM");
|
||||
|
|
@ -83,25 +85,25 @@ CURLcode Curl_input_ntlm(struct connectdata *conn,
|
|||
if(result)
|
||||
return result;
|
||||
|
||||
ntlm->state = NTLMSTATE_TYPE2; /* We got a type-2 message */
|
||||
*state = NTLMSTATE_TYPE2; /* We got a type-2 message */
|
||||
}
|
||||
else {
|
||||
if(ntlm->state == NTLMSTATE_LAST) {
|
||||
if(*state == NTLMSTATE_LAST) {
|
||||
infof(conn->data, "NTLM auth restarted\n");
|
||||
Curl_http_auth_cleanup_ntlm(conn);
|
||||
}
|
||||
else if(ntlm->state == NTLMSTATE_TYPE3) {
|
||||
else if(*state == NTLMSTATE_TYPE3) {
|
||||
infof(conn->data, "NTLM handshake rejected\n");
|
||||
Curl_http_auth_cleanup_ntlm(conn);
|
||||
ntlm->state = NTLMSTATE_NONE;
|
||||
*state = NTLMSTATE_NONE;
|
||||
return CURLE_REMOTE_ACCESS_DENIED;
|
||||
}
|
||||
else if(ntlm->state >= NTLMSTATE_TYPE1) {
|
||||
else if(*state >= NTLMSTATE_TYPE1) {
|
||||
infof(conn->data, "NTLM handshake failure (internal error)\n");
|
||||
return CURLE_REMOTE_ACCESS_DENIED;
|
||||
}
|
||||
|
||||
ntlm->state = NTLMSTATE_TYPE1; /* We should send away a type-1 */
|
||||
*state = NTLMSTATE_TYPE1; /* We should send away a type-1 */
|
||||
}
|
||||
}
|
||||
|
||||
|
|
@ -129,6 +131,7 @@ CURLcode Curl_output_ntlm(struct connectdata *conn, bool proxy)
|
|||
|
||||
/* point to the correct struct with this */
|
||||
struct ntlmdata *ntlm;
|
||||
curlntlm *state;
|
||||
struct auth *authp;
|
||||
|
||||
DEBUGASSERT(conn);
|
||||
|
|
@ -147,6 +150,7 @@ CURLcode Curl_output_ntlm(struct connectdata *conn, bool proxy)
|
|||
conn->data->set.str[STRING_PROXY_SERVICE_NAME] : "HTTP";
|
||||
hostname = conn->http_proxy.host.name;
|
||||
ntlm = &conn->proxyntlm;
|
||||
state = &conn->proxy_ntlm_state;
|
||||
authp = &conn->data->state.authproxy;
|
||||
}
|
||||
else {
|
||||
|
|
@ -157,6 +161,7 @@ CURLcode Curl_output_ntlm(struct connectdata *conn, bool proxy)
|
|||
conn->data->set.str[STRING_SERVICE_NAME] : "HTTP";
|
||||
hostname = conn->host.name;
|
||||
ntlm = &conn->ntlm;
|
||||
state = &conn->http_ntlm_state;
|
||||
authp = &conn->data->state.authhost;
|
||||
}
|
||||
authp->done = FALSE;
|
||||
|
|
@ -180,7 +185,7 @@ CURLcode Curl_output_ntlm(struct connectdata *conn, bool proxy)
|
|||
#endif
|
||||
#endif
|
||||
|
||||
switch(ntlm->state) {
|
||||
switch(*state) {
|
||||
case NTLMSTATE_TYPE1:
|
||||
default: /* for the weird cases we (re)start here */
|
||||
/* Create a type-1 message */
|
||||
|
|
@ -222,7 +227,7 @@ CURLcode Curl_output_ntlm(struct connectdata *conn, bool proxy)
|
|||
|
||||
DEBUG_OUT(fprintf(stderr, "**** %s\n ", *allocuserpwd));
|
||||
|
||||
ntlm->state = NTLMSTATE_TYPE3; /* we send a type-3 */
|
||||
*state = NTLMSTATE_TYPE3; /* we send a type-3 */
|
||||
authp->done = TRUE;
|
||||
}
|
||||
break;
|
||||
|
|
@ -230,7 +235,7 @@ CURLcode Curl_output_ntlm(struct connectdata *conn, bool proxy)
|
|||
case NTLMSTATE_TYPE3:
|
||||
/* connection is already authenticated,
|
||||
* don't send a header in future requests */
|
||||
ntlm->state = NTLMSTATE_LAST;
|
||||
*state = NTLMSTATE_LAST;
|
||||
/* FALLTHROUGH */
|
||||
case NTLMSTATE_LAST:
|
||||
Curl_safefree(*allocuserpwd);
|
||||
|
|
|
|||
|
|
@ -588,8 +588,8 @@ static CURLcode multi_done(struct Curl_easy *data,
|
|||
|
||||
if((data->set.reuse_forbid
|
||||
#if defined(USE_NTLM)
|
||||
&& !(conn->ntlm.state == NTLMSTATE_TYPE2 ||
|
||||
conn->proxyntlm.state == NTLMSTATE_TYPE2)
|
||||
&& !(conn->http_ntlm_state == NTLMSTATE_TYPE2 ||
|
||||
conn->proxy_ntlm_state == NTLMSTATE_TYPE2)
|
||||
#endif
|
||||
#if defined(USE_SPNEGO)
|
||||
&& !(conn->negotiate.state == GSS_AUTHRECV ||
|
||||
|
|
|
|||
|
|
@ -1278,7 +1278,7 @@ ConnectionExists(struct Curl_easy *data,
|
|||
strcmp(needle->passwd, check->passwd))
|
||||
continue;
|
||||
}
|
||||
else if(check->ntlm.state != NTLMSTATE_NONE) {
|
||||
else if(check->http_ntlm_state != NTLMSTATE_NONE) {
|
||||
/* Connection is using NTLM auth but we don't want NTLM */
|
||||
continue;
|
||||
}
|
||||
|
|
@ -1294,7 +1294,7 @@ ConnectionExists(struct Curl_easy *data,
|
|||
strcmp(needle->http_proxy.passwd, check->http_proxy.passwd))
|
||||
continue;
|
||||
}
|
||||
else if(check->proxyntlm.state != NTLMSTATE_NONE) {
|
||||
else if(check->proxy_ntlm_state != NTLMSTATE_NONE) {
|
||||
/* Proxy connection is using NTLM auth but we don't want NTLM */
|
||||
continue;
|
||||
}
|
||||
|
|
@ -1304,9 +1304,9 @@ ConnectionExists(struct Curl_easy *data,
|
|||
chosen = check;
|
||||
|
||||
if((wantNTLMhttp &&
|
||||
(check->ntlm.state != NTLMSTATE_NONE)) ||
|
||||
(check->http_ntlm_state != NTLMSTATE_NONE)) ||
|
||||
(wantProxyNTLMhttp &&
|
||||
(check->proxyntlm.state != NTLMSTATE_NONE))) {
|
||||
(check->proxy_ntlm_state != NTLMSTATE_NONE))) {
|
||||
/* We must use this connection, no other */
|
||||
*force_reuse = TRUE;
|
||||
break;
|
||||
|
|
|
|||
|
|
@ -336,7 +336,6 @@ struct kerberos5data {
|
|||
/* Struct used for NTLM challenge-response authentication */
|
||||
#if defined(USE_NTLM)
|
||||
struct ntlmdata {
|
||||
curlntlm state;
|
||||
#ifdef USE_WINDOWS_SSPI
|
||||
/* The sslContext is used for the Schannel bindings. The
|
||||
* api is available on the Windows 7 SDK and later.
|
||||
|
|
@ -968,6 +967,9 @@ struct connectdata {
|
|||
#endif
|
||||
|
||||
#if defined(USE_NTLM)
|
||||
curlntlm http_ntlm_state;
|
||||
curlntlm proxy_ntlm_state;
|
||||
|
||||
struct ntlmdata ntlm; /* NTLM differs from other authentication schemes
|
||||
because it authenticates connections, not
|
||||
single requests! */
|
||||
|
|
|
|||
Loading…
Reference in New Issue