From 201d0df50bb32b1d22539a43d511ebd98d52f575 Mon Sep 17 00:00:00 2001
From: Steve Holme <steve_holme@hotmail.com>
Date: Sun, 16 Nov 2014 12:45:30 +0000
Subject: [PATCH] ntlm: Moved the SSPI based Type-1 message generation into the
SASL module
---
lib/curl_ntlm_msgs.c | 99 --------------------------------------------
lib/curl_sasl_sspi.c | 89 ++++++++++++++++++++++++++++++++++++++-
2 files changed, 88 insertions(+), 100 deletions(-)
diff --git a/lib/curl_ntlm_msgs.c b/lib/curl_ntlm_msgs.c
index c8ab9ffbd7..e874f32653 100644
--- a/lib/curl_ntlm_msgs.c
+++ b/lib/curl_ntlm_msgs.c
@@ -392,98 +392,6 @@ CURLcode Curl_ntlm_create_type1_message(const char *userp,
size_t size;
-#ifdef USE_WINDOWS_SSPI
-
- PSecPkgInfo SecurityPackage;
- SecBuffer type_1_buf;
- SecBufferDesc type_1_desc;
- SECURITY_STATUS status;
- unsigned long attrs;
- TimeStamp expiry; /* For Windows 9x compatibility of SSPI calls */
-
- /* Clean up any former leftovers and initialise to defaults */
- Curl_sasl_ntlm_cleanup(ntlm);
-
- /* Query the security package for NTLM */
- status = s_pSecFn->QuerySecurityPackageInfo((TCHAR *) TEXT(SP_NAME_NTLM),
- &SecurityPackage);
- if(status != SEC_E_OK)
- return CURLE_NOT_BUILT_IN;
-
- ntlm->token_max = SecurityPackage->cbMaxToken;
-
- /* Release the package buffer as it is not required anymore */
- s_pSecFn->FreeContextBuffer(SecurityPackage);
-
- /* Allocate our output buffer */
- ntlm->output_token = malloc(ntlm->token_max);
- if(!ntlm->output_token)
- return CURLE_OUT_OF_MEMORY;
-
- if(userp && *userp) {
- CURLcode result;
-
- /* Populate our identity structure */
- result = Curl_create_sspi_identity(userp, passwdp, &ntlm->identity);
- if(result)
- return result;
-
- /* Allow proper cleanup of the identity structure */
- ntlm->p_identity = &ntlm->identity;
- }
- else
- /* Use the current Windows user */
- ntlm->p_identity = NULL;
-
- /* Allocate our credentials handle */
- ntlm->credentials = malloc(sizeof(CredHandle));
- if(!ntlm->credentials)
- return CURLE_OUT_OF_MEMORY;
-
- memset(ntlm->credentials, 0, sizeof(CredHandle));
-
- /* Acquire our credentials handle */
- status = s_pSecFn->AcquireCredentialsHandle(NULL,
- (TCHAR *) TEXT(SP_NAME_NTLM),
- SECPKG_CRED_OUTBOUND, NULL,
- ntlm->p_identity, NULL, NULL,
- ntlm->credentials, &expiry);
- if(status != SEC_E_OK)
- return CURLE_LOGIN_DENIED;
-
- /* Allocate our new context handle */
- ntlm->context = malloc(sizeof(CtxtHandle));
- if(!ntlm->context)
- return CURLE_OUT_OF_MEMORY;
-
- memset(ntlm->context, 0, sizeof(CtxtHandle));
-
- /* Setup the type-1 "output" security buffer */
- type_1_desc.ulVersion = SECBUFFER_VERSION;
- type_1_desc.cBuffers = 1;
- type_1_desc.pBuffers = &type_1_buf;
- type_1_buf.BufferType = SECBUFFER_TOKEN;
- type_1_buf.pvBuffer = ntlm->output_token;
- type_1_buf.cbBuffer = curlx_uztoul(ntlm->token_max);
-
- /* Generate our type-1 message */
- status = s_pSecFn->InitializeSecurityContext(ntlm->credentials, NULL,
- (TCHAR *) TEXT(""),
- 0, 0, SECURITY_NETWORK_DREP,
- NULL, 0,
- ntlm->context, &type_1_desc,
- &attrs, &expiry);
-
- if(status == SEC_I_COMPLETE_NEEDED ||
- status == SEC_I_COMPLETE_AND_CONTINUE)
- s_pSecFn->CompleteAuthToken(ntlm->context, &type_1_desc);
- else if(status != SEC_E_OK && status != SEC_I_CONTINUE_NEEDED)
- return CURLE_RECV_ERROR;
-
- size = type_1_buf.cbBuffer;
-
-#else
-
unsigned char ntlmbuf[NTLM_BUFSIZE];
const char *host = ""; /* empty */
const char *domain = ""; /* empty */
@@ -539,8 +447,6 @@ CURLcode Curl_ntlm_create_type1_message(const char *userp,
/* Initial packet length */
size = 32 + hostlen + domlen;
-#endif
-
DEBUG_OUT({
fprintf(stderr, "* TYPE1 header flags=0x%02.2x%02.2x%02.2x%02.2x "
"0x%08.8x ",
@@ -564,12 +470,7 @@ CURLcode Curl_ntlm_create_type1_message(const char *userp,
});
/* Return with binary blob encoded into base64 */
-#ifdef USE_WINDOWS_SSPI
- return Curl_base64_encode(NULL, (char *)ntlm->output_token, size,
- outptr, outlen);
-#else
return Curl_base64_encode(NULL, (char *)ntlmbuf, size, outptr, outlen);
-#endif
}
/*
diff --git a/lib/curl_sasl_sspi.c b/lib/curl_sasl_sspi.c
index b3fb96c3cd..0665cf2959 100644
--- a/lib/curl_sasl_sspi.c
+++ b/lib/curl_sasl_sspi.c
@@ -509,7 +509,94 @@ CURLcode Curl_sasl_create_ntlm_type1_message(const char *userp,
struct ntlmdata *ntlm,
char **outptr, size_t *outlen)
{
- return Curl_ntlm_create_type1_message(userp, passwdp, ntlm, outptr, outlen);
+ PSecPkgInfo SecurityPackage;
+ SecBuffer type_1_buf;
+ SecBufferDesc type_1_desc;
+ SECURITY_STATUS status;
+ unsigned long attrs;
+ TimeStamp expiry; /* For Windows 9x compatibility of SSPI calls */
+
+ /* Clean up any former leftovers and initialise to defaults */
+ Curl_sasl_ntlm_cleanup(ntlm);
+
+ /* Query the security package for NTLM */
+ status = s_pSecFn->QuerySecurityPackageInfo((TCHAR *) TEXT(SP_NAME_NTLM),
+ &SecurityPackage);
+ if(status != SEC_E_OK)
+ return CURLE_NOT_BUILT_IN;
+
+ ntlm->token_max = SecurityPackage->cbMaxToken;
+
+ /* Release the package buffer as it is not required anymore */
+ s_pSecFn->FreeContextBuffer(SecurityPackage);
+
+ /* Allocate our output buffer */
+ ntlm->output_token = malloc(ntlm->token_max);
+ if(!ntlm->output_token)
+ return CURLE_OUT_OF_MEMORY;
+
+ if(userp && *userp) {
+ CURLcode result;
+
+ /* Populate our identity structure */
+ result = Curl_create_sspi_identity(userp, passwdp, &ntlm->identity);
+ if(result)
+ return result;
+
+ /* Allow proper cleanup of the identity structure */
+ ntlm->p_identity = &ntlm->identity;
+ }
+ else
+ /* Use the current Windows user */
+ ntlm->p_identity = NULL;
+
+ /* Allocate our credentials handle */
+ ntlm->credentials = malloc(sizeof(CredHandle));
+ if(!ntlm->credentials)
+ return CURLE_OUT_OF_MEMORY;
+
+ memset(ntlm->credentials, 0, sizeof(CredHandle));
+
+ /* Acquire our credentials handle */
+ status = s_pSecFn->AcquireCredentialsHandle(NULL,
+ (TCHAR *) TEXT(SP_NAME_NTLM),
+ SECPKG_CRED_OUTBOUND, NULL,
+ ntlm->p_identity, NULL, NULL,
+ ntlm->credentials, &expiry);
+ if(status != SEC_E_OK)
+ return CURLE_LOGIN_DENIED;
+
+ /* Allocate our new context handle */
+ ntlm->context = malloc(sizeof(CtxtHandle));
+ if(!ntlm->context)
+ return CURLE_OUT_OF_MEMORY;
+
+ memset(ntlm->context, 0, sizeof(CtxtHandle));
+
+ /* Setup the type-1 "output" security buffer */
+ type_1_desc.ulVersion = SECBUFFER_VERSION;
+ type_1_desc.cBuffers = 1;
+ type_1_desc.pBuffers = &type_1_buf;
+ type_1_buf.BufferType = SECBUFFER_TOKEN;
+ type_1_buf.pvBuffer = ntlm->output_token;
+ type_1_buf.cbBuffer = curlx_uztoul(ntlm->token_max);
+
+ /* Generate our type-1 message */
+ status = s_pSecFn->InitializeSecurityContext(ntlm->credentials, NULL,
+ (TCHAR *) TEXT(""),
+ 0, 0, SECURITY_NETWORK_DREP,
+ NULL, 0,
+ ntlm->context, &type_1_desc,
+ &attrs, &expiry);
+ if(status == SEC_I_COMPLETE_NEEDED ||
+ status == SEC_I_COMPLETE_AND_CONTINUE)
+ s_pSecFn->CompleteAuthToken(ntlm->context, &type_1_desc);
+ else if(status != SEC_E_OK && status != SEC_I_CONTINUE_NEEDED)
+ return CURLE_RECV_ERROR;
+
+ /* Base64 encode the response */
+ return Curl_base64_encode(NULL, (char *) ntlm->output_token,
+ type_1_buf.cbBuffer, outptr, outlen);
}
/*
--
GitLab