moparisthebest/curl
1
0
Fork 0
mirror of https://github.com/moparisthebest/curl synced 2024-12-21 23:58:49 -05:00
Code Issues Releases Wiki Activity

http NTLM: Further tiding up to libcurl standards

Browse Source
This commit is contained in:
Yang Tse 2011-08-09 22:56:17 +02:00
parent 5ed17de326
commit c7fb556f26
3 changed files with 57 additions and 60 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

111
lib/http_ntlm.c
View File

@ -33,9 +33,6 @@
#define DEBUG_ME 0 #define DEBUG_ME 0
#ifdef HAVE_SYS_TYPES_H
#include <sys/types.h>
#endif
#ifdef HAVE_UNISTD_H #ifdef HAVE_UNISTD_H
#include <unistd.h> #include <unistd.h>
#endif #endif
@ -1078,8 +1075,8 @@ CURLcode Curl_output_ntlm(struct connectdata *conn,
ULONG attrs; ULONG attrs;
const char *user; const char *user;
size_t domlen = 0; size_t domlen = 0;
size_t userlen = 0; size_t userlen = 0;
size_t passwdlen = 0; size_t passwdlen = 0;
TimeStamp tsDummy; /* For Windows 9x compatibility of SPPI calls */ TimeStamp tsDummy; /* For Windows 9x compatibility of SPPI calls */
ntlm_sspi_cleanup(ntlm); ntlm_sspi_cleanup(ntlm);
@ -1127,15 +1124,15 @@ CURLcode Curl_output_ntlm(struct connectdata *conn,
ntlm->identity.DomainLength = domlen; ntlm->identity.DomainLength = domlen;
ntlm->identity.Flags = SEC_WINNT_AUTH_IDENTITY_ANSI; ntlm->identity.Flags = SEC_WINNT_AUTH_IDENTITY_ANSI;
} }
else { else
ntlm->p_identity = NULL; ntlm->p_identity = NULL;
}
if(s_pSecFn->AcquireCredentialsHandleA(NULL, (char *)"NTLM", SECPKG_CRED_OUTBOUND, status = s_pSecFn->AcquireCredentialsHandleA(NULL, (char *)"NTLM",
NULL, ntlm->p_identity, NULL, NULL, SECPKG_CRED_OUTBOUND, NULL,
&ntlm->handle, &tsDummy) != SEC_E_OK) { ntlm->p_identity, NULL, NULL,
&ntlm->handle, &tsDummy);
if(status != SEC_E_OK)
return CURLE_OUT_OF_MEMORY; return CURLE_OUT_OF_MEMORY;
}
desc.ulVersion = SECBUFFER_VERSION; desc.ulVersion = SECBUFFER_VERSION;
desc.cBuffers = 1; desc.cBuffers = 1;
@ -1154,9 +1151,9 @@ CURLcode Curl_output_ntlm(struct connectdata *conn,
&ntlm->c_handle, &desc, &ntlm->c_handle, &desc,
&attrs, &tsDummy); &attrs, &tsDummy);
if(status == SEC_I_COMPLETE_AND_CONTINUE || status == SEC_I_CONTINUE_NEEDED) { if(status == SEC_I_COMPLETE_AND_CONTINUE ||
status == SEC_I_CONTINUE_NEEDED)
s_pSecFn->CompleteAuthToken(&ntlm->c_handle, &desc); s_pSecFn->CompleteAuthToken(&ntlm->c_handle, &desc);
}
else if(status != SEC_E_OK) { else if(status != SEC_E_OK) {
s_pSecFn->FreeCredentialsHandle(&ntlm->handle); s_pSecFn->FreeCredentialsHandle(&ntlm->handle);
return CURLE_RECV_ERROR; return CURLE_RECV_ERROR;
@ -1218,7 +1215,7 @@ CURLcode Curl_output_ntlm(struct connectdata *conn,
SHORTPAIR(hostoff), SHORTPAIR(hostoff),
0, 0, 0, 0,
host, /* this is empty */ host, /* this is empty */
domain /* this is empty */); domain /* this is empty */);
/* initial packet length */ /* initial packet length */
size = 32 + hostlen + domlen; size = 32 + hostlen + domlen;
@ -1283,9 +1280,9 @@ CURLcode Curl_output_ntlm(struct connectdata *conn,
{ {
#ifdef USE_WINDOWS_SSPI #ifdef USE_WINDOWS_SSPI
SecBuffer type_2; SecBuffer type_2;
SecBuffer type_3; SecBuffer type_3;
SecBufferDesc type_2_desc; SecBufferDesc type_2_desc;
SecBufferDesc type_3_desc; SecBufferDesc type_3_desc;
SECURITY_STATUS status; SECURITY_STATUS status;
ULONG attrs; ULONG attrs;
TimeStamp tsDummy; /* For Windows 9x compatibility of SPPI calls */ TimeStamp tsDummy; /* For Windows 9x compatibility of SPPI calls */
@ -1313,7 +1310,6 @@ CURLcode Curl_output_ntlm(struct connectdata *conn,
0, &ntlm->c_handle, 0, &ntlm->c_handle,
&type_3_desc, &type_3_desc,
&attrs, &tsDummy); &attrs, &tsDummy);
if(status != SEC_E_OK) if(status != SEC_E_OK)
return CURLE_RECV_ERROR; return CURLE_RECV_ERROR;
@ -1397,7 +1393,7 @@ CURLcode Curl_output_ntlm(struct connectdata *conn,
/* 8 bytes random data as challenge in lmresp */ /* 8 bytes random data as challenge in lmresp */
memcpy(lmresp, entropy, 8); memcpy(lmresp, entropy, 8);
/* Pad with zeros */ /* Pad with zeros */
memset(lmresp + 8, 0, 0x10); memset(lmresp + 8, 0, 0x10);
/* Fill tmp with challenge(nonce?) + entropy */ /* Fill tmp with challenge(nonce?) + entropy */
@ -1463,39 +1459,39 @@ CURLcode Curl_output_ntlm(struct connectdata *conn,
/* Create the big type-3 message binary blob */ /* Create the big type-3 message binary blob */
size = snprintf((char *)ntlmbuf, sizeof(ntlmbuf), size = snprintf((char *)ntlmbuf, sizeof(ntlmbuf),
NTLMSSP_SIGNATURE "%c" NTLMSSP_SIGNATURE "%c"
"\x03%c%c%c" /* 32-bit type = 3 */ "\x03%c%c%c" /* 32-bit type = 3 */
"%c%c" /* LanManager length */ "%c%c" /* LanManager length */
"%c%c" /* LanManager allocated space */ "%c%c" /* LanManager allocated space */
"%c%c" /* LanManager offset */ "%c%c" /* LanManager offset */
"%c%c" /* 2 zeroes */ "%c%c" /* 2 zeroes */
"%c%c" /* NT-response length */ "%c%c" /* NT-response length */
"%c%c" /* NT-response allocated space */ "%c%c" /* NT-response allocated space */
"%c%c" /* NT-response offset */ "%c%c" /* NT-response offset */
"%c%c" /* 2 zeroes */ "%c%c" /* 2 zeroes */
"%c%c" /* domain length */ "%c%c" /* domain length */
"%c%c" /* domain allocated space */ "%c%c" /* domain allocated space */
"%c%c" /* domain name offset */ "%c%c" /* domain name offset */
"%c%c" /* 2 zeroes */ "%c%c" /* 2 zeroes */
"%c%c" /* user length */ "%c%c" /* user length */
"%c%c" /* user allocated space */ "%c%c" /* user allocated space */
"%c%c" /* user offset */ "%c%c" /* user offset */
"%c%c" /* 2 zeroes */ "%c%c" /* 2 zeroes */
"%c%c" /* host length */ "%c%c" /* host length */
"%c%c" /* host allocated space */ "%c%c" /* host allocated space */
"%c%c" /* host offset */ "%c%c" /* host offset */
"%c%c" /* 2 zeroes */ "%c%c" /* 2 zeroes */
"%c%c" /* session key length (unknown purpose) */ "%c%c" /* session key length (unknown purpose) */
"%c%c" /* session key allocated space (unknown purpose) */ "%c%c" /* session key allocated space (unknown purpose) */
"%c%c" /* session key offset (unknown purpose) */ "%c%c" /* session key offset (unknown purpose) */
"%c%c" /* 2 zeroes */ "%c%c" /* 2 zeroes */
"%c%c%c%c", /* flags */ "%c%c%c%c", /* flags */
/* domain string */ /* domain string */
/* user string */ /* user string */
@ -1543,19 +1539,19 @@ CURLcode Curl_output_ntlm(struct connectdata *conn,
0x0, 0x0, 0x0, 0x0,
LONGQUARTET(ntlm->flags)); LONGQUARTET(ntlm->flags));
DEBUGASSERT(size==64);
DEBUGASSERT(size==64);
DEBUGASSERT(size == (size_t)lmrespoff); DEBUGASSERT(size == (size_t)lmrespoff);
/* We append the binary hashes */ /* We append the binary hashes */
if(size < (sizeof(ntlmbuf) - 0x18)) { if(size < (sizeof(ntlmbuf) - 0x18)) {
memcpy(&ntlmbuf[size], lmresp, 0x18); memcpy(&ntlmbuf[size], lmresp, 0x18);
size += 0x18; size += 0x18;
} }
DEBUG_OUT({ DEBUG_OUT({
fprintf(stderr, "**** TYPE3 header lmresp="); fprintf(stderr, "**** TYPE3 header lmresp=");
ntlm_print_hex(stderr, (char *)&ntlmbuf[lmrespoff], 0x18); ntlm_print_hex(stderr, (char *)&ntlmbuf[lmrespoff], 0x18);
}); });
#if USE_NTRESPONSES #if USE_NTRESPONSES
@ -1566,17 +1562,17 @@ CURLcode Curl_output_ntlm(struct connectdata *conn,
} }
DEBUG_OUT({ DEBUG_OUT({
fprintf(stderr, "\n ntresp="); fprintf(stderr, "\n ntresp=");
ntlm_print_hex(stderr, (char *)&ntlmbuf[ntrespoff], 0x18); ntlm_print_hex(stderr, (char *)&ntlmbuf[ntrespoff], 0x18);
}); });
#endif #endif
DEBUG_OUT({ DEBUG_OUT({
fprintf(stderr, "\n flags=0x%02.2x%02.2x%02.2x%02.2x 0x%08.8x ", fprintf(stderr, "\n flags=0x%02.2x%02.2x%02.2x%02.2x 0x%08.8x ",
LONGQUARTET(ntlm->flags), ntlm->flags); LONGQUARTET(ntlm->flags), ntlm->flags);
ntlm_print_flags(stderr, ntlm->flags); ntlm_print_flags(stderr, ntlm->flags);
fprintf(stderr, "\n****\n"); fprintf(stderr, "\n****\n");
}); });
/* Make sure that the domain, user and host strings fit in the target /* Make sure that the domain, user and host strings fit in the target
@ -1656,10 +1652,9 @@ void Curl_http_ntlm_cleanup(struct connectdata *conn)
#ifdef USE_WINDOWS_SSPI #ifdef USE_WINDOWS_SSPI
ntlm_sspi_cleanup(&conn->ntlm); ntlm_sspi_cleanup(&conn->ntlm);
ntlm_sspi_cleanup(&conn->proxyntlm); ntlm_sspi_cleanup(&conn->proxyntlm);
#else #elif defined(WINBIND_NTLM_AUTH_ENABLED)
#ifdef WINBIND_NTLM_AUTH_ENABLED
sso_ntlm_close(conn); sso_ntlm_close(conn);
#endif #else
(void)conn; (void)conn;
#endif #endif
} }

4
lib/http_ntlm.h
View File

@ -44,7 +44,11 @@ CURLcode Curl_output_ntlm(struct connectdata *conn, bool proxy);
CURLcode Curl_output_ntlm_sso(struct connectdata *conn, bool proxy); CURLcode Curl_output_ntlm_sso(struct connectdata *conn, bool proxy);
#endif #endif
#ifdef USE_NTLM
void Curl_http_ntlm_cleanup(struct connectdata *conn); void Curl_http_ntlm_cleanup(struct connectdata *conn);
#else
#define Curl_http_ntlm_cleanup(x)
#endif
/* Flag bits definitions based on http://davenport.sourceforge.net/ntlm.html */ /* Flag bits definitions based on http://davenport.sourceforge.net/ntlm.html */

2
lib/url.c
View File

@ -2617,9 +2617,7 @@ CURLcode Curl_disconnect(struct connectdata *conn, bool dead_connection)
if(has_host_ntlm || has_proxy_ntlm) { if(has_host_ntlm || has_proxy_ntlm) {
data->state.authproblem = FALSE; data->state.authproblem = FALSE;
#ifdef USE_NTLM
Curl_http_ntlm_cleanup(conn); Curl_http_ntlm_cleanup(conn);
#endif
} }
} }