digest_sspi: Don't reuse context if the user/passwd has changed (0b5665c9) · Commits · CYBER - Cyber Security / TS 103 523 MSP / TLMSP / TLMSP curl

lib/urldata.h

+4 −0

Original line number	Original line	Diff line number	Diff line
	@@ -417,6 +417,10 @@ struct digestdata {
	BYTE *input_token;		BYTE *input_token;
	size_t input_token_len;		size_t input_token_len;
	CtxtHandle *http_context;		CtxtHandle *http_context;
			/* copy of user/passwd used to make the identity for http_context.
			either may be NULL. */
			char *user;
			char *passwd;
	#else		#else
	char *nonce;		char *nonce;
	char *cnonce;		char *cnonce;

lib/vauth/digest_sspi.c

+41 −0

Original line number	Original line	Diff line number	Diff line
	@@ -438,6 +438,20 @@ CURLcode Curl_auth_create_digest_http_message(struct Curl_easy *data,
	return CURLE_OUT_OF_MEMORY;		return CURLE_OUT_OF_MEMORY;
	}		}

			/* If the user/passwd that was used to make the identity for http_context
			has changed then delete that context. */
			if((userp && !digest->user) \|\| (!userp && digest->user) \|\|
			(passwdp && !digest->passwd) \|\| (!passwdp && digest->passwd) \|\|
			(userp && digest->user && strcmp(userp, digest->user)) \|\|
			(passwdp && digest->passwd && strcmp(passwdp, digest->passwd))) {
			if(digest->http_context) {
			s_pSecFn->DeleteSecurityContext(digest->http_context);
			Curl_safefree(digest->http_context);
			}
			Curl_safefree(digest->user);
			Curl_safefree(digest->passwd);
			}

	if(digest->http_context) {		if(digest->http_context) {
	chlg_desc.ulVersion = SECBUFFER_VERSION;		chlg_desc.ulVersion = SECBUFFER_VERSION;
	chlg_desc.cBuffers = 5;		chlg_desc.cBuffers = 5;
	@@ -479,6 +493,10 @@ CURLcode Curl_auth_create_digest_http_message(struct Curl_easy *data,
	TimeStamp expiry; /* For Windows 9x compatibility of SSPI calls */		TimeStamp expiry; /* For Windows 9x compatibility of SSPI calls */
	TCHAR *spn;		TCHAR *spn;

			/* free the copy of user/passwd used to make the previous identity */
			Curl_safefree(digest->user);
			Curl_safefree(digest->passwd);

	if(userp && *userp) {		if(userp && *userp) {
	/* Populate our identity structure */		/* Populate our identity structure */
	if(Curl_create_sspi_identity(userp, passwdp, &identity)) {		if(Curl_create_sspi_identity(userp, passwdp, &identity)) {
	@@ -500,6 +518,25 @@ CURLcode Curl_auth_create_digest_http_message(struct Curl_easy *data,
	/* Use the current Windows user */		/* Use the current Windows user */
	p_identity = NULL;		p_identity = NULL;

			if(userp) {
			digest->user = strdup(userp);

			if(!digest->user) {
			free(output_token);
			return CURLE_OUT_OF_MEMORY;
			}
			}

			if(passwdp) {
			digest->passwd = strdup(passwdp);

			if(!digest->passwd) {
			free(output_token);
			Curl_safefree(digest->user);
			return CURLE_OUT_OF_MEMORY;
			}
			}

	/* Acquire our credentials handle */		/* Acquire our credentials handle */
	status = s_pSecFn->AcquireCredentialsHandle(NULL,		status = s_pSecFn->AcquireCredentialsHandle(NULL,
	(TCHAR *) TEXT(SP_NAME_DIGEST),		(TCHAR *) TEXT(SP_NAME_DIGEST),
	@@ -623,6 +660,10 @@ void Curl_auth_digest_cleanup(struct digestdata *digest)
	s_pSecFn->DeleteSecurityContext(digest->http_context);		s_pSecFn->DeleteSecurityContext(digest->http_context);
	Curl_safefree(digest->http_context);		Curl_safefree(digest->http_context);
	}		}

			/* Free the copy of user/passwd used to make the identity for http_context */
			Curl_safefree(digest->user);
			Curl_safefree(digest->passwd);
	}		}

	#endif /* USE_WINDOWS_SSPI && !CURL_DISABLE_CRYPTO_AUTH */		#endif /* USE_WINDOWS_SSPI && !CURL_DISABLE_CRYPTO_AUTH */