From ee40136f6cd8a4f0c55b132c2d3cb1ea6b0ebc9b Mon Sep 17 00:00:00 2001 From: Steve Holme Date: Sun, 6 Apr 2014 13:29:29 +0100 Subject: [PATCH] sasl: Post DIGEST-MD5 SSPI code tidy up * Added comments to SSPI NTLM message generation * Added comments to native DIGEST-MD5 code * Removed redundant identity pointer --- lib/curl_ntlm_msgs.c | 57 +++++++++++++++++++++++++------------------- lib/curl_sasl.c | 1 + lib/curl_sasl_sspi.c | 18 ++++++-------- 3 files changed, 41 insertions(+), 35 deletions(-) diff --git a/lib/curl_ntlm_msgs.c b/lib/curl_ntlm_msgs.c index e222b73b7..969e6bf78 100644 --- a/lib/curl_ntlm_msgs.c +++ b/lib/curl_ntlm_msgs.c @@ -414,8 +414,8 @@ CURLcode Curl_ntlm_create_type1_message(const char *userp, #ifdef USE_WINDOWS_SSPI - SecBuffer buf; - SecBufferDesc desc; + SecBuffer type_1_buf; + SecBufferDesc type_1_desc; SECURITY_STATUS status; unsigned long attrs; TimeStamp tsDummy; /* For Windows 9x compatibility of SSPI calls */ @@ -434,8 +434,10 @@ CURLcode Curl_ntlm_create_type1_message(const char *userp, ntlm->p_identity = &ntlm->identity; } else + /* Use the current Windows user */ ntlm->p_identity = NULL; + /* Acquire our credientials handle */ status = s_pSecFn->AcquireCredentialsHandle(NULL, (TCHAR *) TEXT("NTLM"), SECPKG_CRED_OUTBOUND, NULL, @@ -444,13 +446,15 @@ CURLcode Curl_ntlm_create_type1_message(const char *userp, if(status != SEC_E_OK) return CURLE_OUT_OF_MEMORY; - desc.ulVersion = SECBUFFER_VERSION; - desc.cBuffers = 1; - desc.pBuffers = &buf; - buf.cbBuffer = NTLM_BUFSIZE; - buf.BufferType = SECBUFFER_TOKEN; - buf.pvBuffer = ntlmbuf; + /* Setup the type-1 "output" security buffer */ + type_1_desc.ulVersion = SECBUFFER_VERSION; + type_1_desc.cBuffers = 1; + type_1_desc.pBuffers = &type_1_buf; + type_1_buf.cbBuffer = NTLM_BUFSIZE; + type_1_buf.BufferType = SECBUFFER_TOKEN; + type_1_buf.pvBuffer = ntlmbuf; + /* Generate our type-1 message */ status = s_pSecFn->InitializeSecurityContext(&ntlm->handle, NULL, (TCHAR *) TEXT(""), ISC_REQ_CONFIDENTIALITY | @@ -458,19 +462,19 @@ CURLcode Curl_ntlm_create_type1_message(const char *userp, ISC_REQ_CONNECTION, 0, SECURITY_NETWORK_DREP, NULL, 0, - &ntlm->c_handle, &desc, + &ntlm->c_handle, &type_1_desc, &attrs, &tsDummy); if(status == SEC_I_COMPLETE_AND_CONTINUE || status == SEC_I_CONTINUE_NEEDED) - s_pSecFn->CompleteAuthToken(&ntlm->c_handle, &desc); + s_pSecFn->CompleteAuthToken(&ntlm->c_handle, &type_1_desc); else if(status != SEC_E_OK) { s_pSecFn->FreeCredentialsHandle(&ntlm->handle); return CURLE_RECV_ERROR; } ntlm->has_handles = 1; - size = buf.cbBuffer; + size = type_1_buf.cbBuffer; #else @@ -602,8 +606,8 @@ CURLcode Curl_ntlm_create_type3_message(struct SessionHandle *data, size_t size; #ifdef USE_WINDOWS_SSPI - SecBuffer type_2; - SecBuffer type_3; + SecBuffer type_2_buf; + SecBuffer type_3_buf; SecBufferDesc type_2_desc; SecBufferDesc type_3_desc; SECURITY_STATUS status; @@ -614,18 +618,23 @@ CURLcode Curl_ntlm_create_type3_message(struct SessionHandle *data, (void)userp; (void)data; - type_2_desc.ulVersion = type_3_desc.ulVersion = SECBUFFER_VERSION; - type_2_desc.cBuffers = type_3_desc.cBuffers = 1; - type_2_desc.pBuffers = &type_2; - type_3_desc.pBuffers = &type_3; + /* Setup the type-2 "input" security buffer */ + type_2_desc.ulVersion = SECBUFFER_VERSION; + type_2_desc.cBuffers = 1; + type_2_desc.pBuffers = &type_2_buf; + type_2_buf.BufferType = SECBUFFER_TOKEN; + type_2_buf.pvBuffer = ntlm->type_2; + type_2_buf.cbBuffer = ntlm->n_type_2; - type_2.BufferType = SECBUFFER_TOKEN; - type_2.pvBuffer = ntlm->type_2; - type_2.cbBuffer = ntlm->n_type_2; - type_3.BufferType = SECBUFFER_TOKEN; - type_3.pvBuffer = ntlmbuf; - type_3.cbBuffer = NTLM_BUFSIZE; + /* Setup the type-3 "output" security buffer */ + type_3_desc.ulVersion = SECBUFFER_VERSION; + type_3_desc.cBuffers = 1; + type_3_desc.pBuffers = &type_3_buf; + type_3_buf.BufferType = SECBUFFER_TOKEN; + type_3_buf.pvBuffer = ntlmbuf; + type_3_buf.cbBuffer = NTLM_BUFSIZE; + /* Generate our type-3 message */ status = s_pSecFn->InitializeSecurityContext(&ntlm->handle, &ntlm->c_handle, (TCHAR *) TEXT(""), @@ -640,7 +649,7 @@ CURLcode Curl_ntlm_create_type3_message(struct SessionHandle *data, if(status != SEC_E_OK) return CURLE_RECV_ERROR; - size = type_3.cbBuffer; + size = type_3_buf.cbBuffer; Curl_ntlm_sspi_cleanup(ntlm); diff --git a/lib/curl_sasl.c b/lib/curl_sasl.c index 842bb727f..1968ccbc7 100644 --- a/lib/curl_sasl.c +++ b/lib/curl_sasl.c @@ -292,6 +292,7 @@ static CURLcode sasl_decode_digest_md5_message(const char *chlg64, size_t chlglen = 0; size_t chlg64len = strlen(chlg64); + /* Decode the base-64 encoded challenge message */ if(chlg64len && *chlg64 != '=') { result = Curl_base64_decode(chlg64, &chlg, &chlglen); if(result) diff --git a/lib/curl_sasl_sspi.c b/lib/curl_sasl_sspi.c index 9b67498e9..d17e08c79 100644 --- a/lib/curl_sasl_sspi.c +++ b/lib/curl_sasl_sspi.c @@ -74,7 +74,6 @@ CURLcode Curl_sasl_create_digest_md5_message(struct SessionHandle *data, CtxtHandle ctx; PSecPkgInfo SecurityPackage; SEC_WINNT_AUTH_IDENTITY identity; - SEC_WINNT_AUTH_IDENTITY *identityp = NULL; SecBuffer chlg_buf; SecBuffer resp_buf; SecBufferDesc chlg_desc; @@ -118,24 +117,21 @@ CURLcode Curl_sasl_create_digest_md5_message(struct SessionHandle *data, return result; } - /* Allow proper cleanup of the identity structure */ - identityp = &identity; - /* Acquire our credientials handle */ status = s_pSecFn->AcquireCredentialsHandle(NULL, (TCHAR *) TEXT("WDigest"), SECPKG_CRED_OUTBOUND, NULL, - identityp, NULL, NULL, + &identity, NULL, NULL, &handle, &tsDummy); if(status != SEC_E_OK) { - Curl_sspi_free_identity(identityp); + Curl_sspi_free_identity(&identity); Curl_safefree(spn); return CURLE_OUT_OF_MEMORY; } - /* Setup the challenge security buffer */ + /* Setup the challenge "input" security buffer */ chlg_desc.ulVersion = SECBUFFER_VERSION; chlg_desc.cBuffers = 1; chlg_desc.pBuffers = &chlg_buf; @@ -143,7 +139,7 @@ CURLcode Curl_sasl_create_digest_md5_message(struct SessionHandle *data, chlg_buf.pvBuffer = chlg; chlg_buf.cbBuffer = curlx_uztoul(chlglen); - /* Setup the response security buffer */ + /* Setup the response "output" security buffer */ resp_desc.ulVersion = SECBUFFER_VERSION; resp_desc.cBuffers = 1; resp_desc.pBuffers = &resp_buf; @@ -151,7 +147,7 @@ CURLcode Curl_sasl_create_digest_md5_message(struct SessionHandle *data, resp_buf.pvBuffer = resp; resp_buf.cbBuffer = sizeof(resp); - /* Generate our challenge-response */ + /* Generate our challenge-response message */ status = s_pSecFn->InitializeSecurityContext(&handle, NULL, (TCHAR *) spn, @@ -166,7 +162,7 @@ CURLcode Curl_sasl_create_digest_md5_message(struct SessionHandle *data, s_pSecFn->CompleteAuthToken(&handle, &resp_desc); else if(status != SEC_E_OK) { s_pSecFn->FreeCredentialsHandle(&handle); - Curl_sspi_free_identity(identityp); + Curl_sspi_free_identity(&identity); Curl_safefree(spn); return CURLE_RECV_ERROR; @@ -181,7 +177,7 @@ CURLcode Curl_sasl_create_digest_md5_message(struct SessionHandle *data, s_pSecFn->FreeCredentialsHandle(&handle); /* Free the identity structure */ - Curl_sspi_free_identity(identityp); + Curl_sspi_free_identity(&identity); /* Free the SPN */ Curl_safefree(spn);