Christopher R. Palmer made it possible to build libcurl with the

                                  Changelog

Daniel (11 March 2005)

- Christopher R. Palmer made it possible to build libcurl with the

  USE_WINDOWS_SSPI on Windows, and then libcurl will be built to use the

  native way to do NTLM. SSPI also allows libcurl to pass on the current user

  and its password in the request.

Daniel (9 March 2005)

- Dan F improved the SSL lib setup in configure.

ZLIB_PATH  = ../../zlib-1.2.1

!ENDIF

# Use the high resolution time by default.  Comment this out to use low

# USE_WINDOWS_SSPI uses windows libraries to allow NTLM authentication

# without an openssl installation and offers the ability to authenticate

# using the "current logged in user".  It does however require that the

# Windows SDK be installed.

#

# If, for some reason the Windows SDK is installed but not installed

# in the default location, you can specify WINDOWS_SDK_PATH.

# It can be downloaded from:

# http://www.microsoft.com/msdownload/platformsdk/sdkupdate/

# USE_WINDOWS_SSPI = 1

!IFDEF WINDOWS_SSPI

!IFNDEF WINDOWS_SDK_PATH

WINDOWS_SDK_PATH = "C:\Program Files\Microsoft SDK"

!ENDIF

!ENDIF

Use the high resolution time by default.  Comment this out to use low

# resolution time and not require winmm.lib

USEMM_LIBS = YES

#  RSAglue.lib was formerly needed in the SSLLIBS

CFGSET     = FALSE

!IFDEF WINDOWS_SSPI

CFLAGS = $(CFLAGS) /DUSE_WINDOWS_SSPI /I$(WINDOWS_SDK_PATH)\include

LFLAGS = $(LFLAGS) $(WINDOWS_SDK_PATH)\lib\secur32.lib

!ENDIF

######################

# release

  /* Send proxy authentication header if needed */

  if (conn->bits.httpproxy &&

      (conn->bits.tunnel_proxy == proxytunnel)) {

#ifdef USE_SSLEAY

#if defined(USE_SSLEAY) || defined(USE_WINDOWS_SSPI)

    if(authproxy->want == CURLAUTH_NTLM) {

      auth=(char *)"NTLM";

      result = Curl_output_ntlm(conn, TRUE);

      }

      else

#endif

#ifdef USE_SSLEAY

#if defined(USE_SSLEAY) || defined(USE_WINDOWS_SSPI)

      if(authhost->picked == CURLAUTH_NTLM) {

        auth=(char *)"NTLM";

        result = Curl_output_ntlm(conn, FALSE);

  }

  else

#endif

#ifdef USE_SSLEAY

#if defined(USE_SSLEAY) || defined(USE_WINDOWS_SSPI)

    /* NTLM support requires the SSL crypto libs */

    if(checkprefix("NTLM", start)) {

      *availp |= CURLAUTH_NTLM;

 *                            | (__| |_| |  _ <| |___

 *                             \___|\___/|_| \_\_____|

 *

 * Copyright (C) 1998 - 2004, Daniel Stenberg, <daniel@haxx.se>, et al.

 * Copyright (C) 1998 - 2005, Daniel Stenberg, <daniel@haxx.se>, et al.

 *

 * This software is licensed as described in the file COPYING, which

 * you should have received as part of this distribution. The terms

*/

#ifndef CURL_DISABLE_HTTP

#ifdef USE_SSLEAY

#if defined(USE_SSLEAY) || defined(USE_WINDOWS_SSPI)

/* We need OpenSSL for the crypto lib to provide us with MD4 and DES */

/* -- WIN32 approved -- */

#define _MPRINTF_REPLACE /* use our functions only */

#include <curl/mprintf.h>

#ifndef USE_WINDOWS_SSPI

#include <openssl/des.h>

#include <openssl/md4.h>

#include <openssl/ssl.h>

#define DESKEY(x) &x

#endif

#else

#include <rpc.h>

#endif

/* The last #include file should be: */

#include "memdebug.h"

      ntlm->state = NTLMSTATE_TYPE2; /* we got a type-2 */

#ifdef USE_WINDOWS_SSPI

      if ((ntlm->type_2 = malloc(size+1)) == NULL) {

        free(buffer);

        return CURLE_OUT_OF_MEMORY;

      }

      ntlm->n_type_2 = size;

      memcpy(ntlm->type_2, buffer, size);

#else

      if(size >= 48)

        /* the nonce of interest is index [24 .. 31], 8 bytes */

        memcpy(ntlm->nonce, &buffer[24], 8);

      /* at index decimal 20, there's a 32bit NTLM flag field */

      free(buffer);

#endif

    }

    else {

      if(ntlm->state >= NTLMSTATE_TYPE1)

  return CURLNTLM_FINE;

}

#ifndef USE_WINDOWS_SSPI

/*

 * Turns a 56 bit key into the 64 bit, odd parity key and sets the key.  The

 * key schedule ks is also set.

  free(pw);

}

#endif

#ifdef USE_WINDOWS_SSPI

static void

ntlm_sspi_cleanup(struct ntlmdata *ntlm)

{

  if (ntlm->type_2) {

    free(ntlm->type_2);

    ntlm->type_2 = NULL;

  }

  if (ntlm->has_handles) {

    DeleteSecurityContext(&ntlm->c_handle);

    FreeCredentialsHandle(&ntlm->handle);

    ntlm->has_handles = 0;

  }

  if (ntlm->p_identity) {

    if (ntlm->identity.User) free(ntlm->identity.User);

    if (ntlm->identity.Password) free(ntlm->identity.Password);

    if (ntlm->identity.Domain) free(ntlm->identity.Domain);

    ntlm->p_identity = NULL;

  }

}

#endif

#define SHORTPAIR(x) ((x) & 0xff), ((x) >> 8)

#define LONGQUARTET(x) ((x) & 0xff), (((x) >> 8)&0xff), \

  (((x) >>16)&0xff), ((x)>>24)

  switch(ntlm->state) {

  case NTLMSTATE_TYPE1:

  default: /* for the weird cases we (re)start here */

#ifdef USE_WINDOWS_SSPI

  {

    SecBuffer buf;

    SecBufferDesc desc;

    SECURITY_STATUS status;

    ULONG attrs;

    const char *user;

    int domlen;

    ntlm_sspi_cleanup(ntlm);

    user = strchr(userp, '\\');

    if (!user)

      user = strchr(userp, '/');

    if (user) {

      domain = userp;

      domlen = user - userp;

      user++;

    }

    else {

      user = userp;

      domain = "";

      domlen = 0;

    }

    if (user && *user) {

      /* note: initialize all of this before doing the mallocs so that

       * it can be cleaned up later without leaking memory.

       */

      ntlm->p_identity = &ntlm->identity;

      memset(ntlm->p_identity, 0, sizeof(*ntlm->p_identity));

      if ((ntlm->identity.User = strdup(user)) == NULL)

        return CURLE_OUT_OF_MEMORY;

      ntlm->identity.UserLength = strlen(user);

      if ((ntlm->identity.Password = strdup(passwdp)) == NULL)

        return CURLE_OUT_OF_MEMORY;

      ntlm->identity.PasswordLength = strlen(passwdp);

      if ((ntlm->identity.Domain = malloc(domlen+1)) == NULL)

        return CURLE_OUT_OF_MEMORY;

      strncpy(ntlm->identity.Domain, domain, domlen);

      ntlm->identity.Domain[domlen] = '\0';

      ntlm->identity.DomainLength = domlen;

      ntlm->identity.Flags = SEC_WINNT_AUTH_IDENTITY_ANSI;

    }

    else {

      ntlm->p_identity = NULL;

    }

    if (AcquireCredentialsHandle(

          NULL, "NTLM", SECPKG_CRED_OUTBOUND, NULL, ntlm->p_identity,

          NULL, NULL, &ntlm->handle, NULL

        ) != SEC_E_OK) {

      return CURLE_OUT_OF_MEMORY;

    }

    desc.ulVersion = SECBUFFER_VERSION;

    desc.cBuffers  = 1;

    desc.pBuffers  = &buf;

    buf.cbBuffer   = sizeof(ntlmbuf);

    buf.BufferType = SECBUFFER_TOKEN;

    buf.pvBuffer   = ntlmbuf;

    status = InitializeSecurityContext(&ntlm->handle, NULL, (char *) host,

                                       ISC_REQ_CONFIDENTIALITY |

                                       ISC_REQ_REPLAY_DETECT |

                                       ISC_REQ_CONNECTION,

                                       0, SECURITY_NETWORK_DREP, NULL, 0,

                                       &ntlm->c_handle, &desc, &attrs, NULL

                                      );

    if (status == SEC_I_COMPLETE_AND_CONTINUE ||

        status == SEC_I_CONTINUE_NEEDED) {

      CompleteAuthToken(&ntlm->c_handle, &desc);

    }

    else if (status != SEC_E_OK) {

      FreeCredentialsHandle(&ntlm->handle);

      return CURLE_RECV_ERROR;

    }

    ntlm->has_handles = 1;

    size = buf.cbBuffer;

  }

#else

    hostoff = 32;

    domoff = hostoff + hostlen;

    /* initial packet length */

    size = 32 + hostlen + domlen;

#endif

    /* now keeper of the base64 encoded package size */

    size = Curl_base64_encode((char *)ntlmbuf, size, &base64);

    */

  {

#ifdef USE_WINDOWS_SSPI

    SecBuffer type_2, type_3;

    SecBufferDesc type_2_desc, type_3_desc;

    SECURITY_STATUS status;

    ULONG attrs;

    type_2_desc.ulVersion  = type_3_desc.ulVersion  = SECBUFFER_VERSION;

    type_2_desc.cBuffers   = type_3_desc.cBuffers   = 1;

    type_2_desc.pBuffers   = &type_2;

    type_3_desc.pBuffers   = &type_3;

    type_2.BufferType = SECBUFFER_TOKEN;

    type_2.pvBuffer   = ntlm->type_2;

    type_2.cbBuffer   = ntlm->n_type_2;

    type_3.BufferType = SECBUFFER_TOKEN;

    type_3.pvBuffer   = ntlmbuf;

    type_3.cbBuffer   = sizeof(ntlmbuf);

    status = InitializeSecurityContext(&ntlm->handle, &ntlm->c_handle,

                                       (char *) host,

                                       ISC_REQ_CONFIDENTIALITY |

                                       ISC_REQ_REPLAY_DETECT |

                                       ISC_REQ_CONNECTION,

                                       0, SECURITY_NETWORK_DREP, &type_2_desc,

                                       0, &ntlm->c_handle, &type_3_desc,

                                       &attrs, NULL);

    if (status != SEC_E_OK)

      return CURLE_RECV_ERROR;

    size = type_3.cbBuffer;

    ntlm_sspi_cleanup(ntlm);

#else

    int lmrespoff;

    int ntrespoff;

    int useroff;

    ntlmbuf[56] = (unsigned char)(size & 0xff);

    ntlmbuf[57] = (unsigned char)(size >> 8);

#endif

    /* convert the binary blob into base64 */

    size = Curl_base64_encode((char *)ntlmbuf, size, &base64);

  return CURLE_OK;

}

void

Curl_ntlm_cleanup(struct connectdata *conn)

{

#ifdef USE_WINDOWS_SSPI

  ntlm_sspi_cleanup(&conn->ntlm);

  ntlm_sspi_cleanup(&conn->proxyntlm);

#endif

}

#endif /* USE_SSLEAY */

#endif /* !CURL_DISABLE_HTTP */

 *                            | (__| |_| |  _ <| |___

 *                             \___|\___/|_| \_\_____|

 *

 * Copyright (C) 1998 - 2004, Daniel Stenberg, <daniel@haxx.se>, et al.

 * Copyright (C) 1998 - 2005, Daniel Stenberg, <daniel@haxx.se>, et al.

 *

 * This software is licensed as described in the file COPYING, which

 * you should have received as part of this distribution. The terms

/* this is for creating ntlm header output */

CURLcode Curl_output_ntlm(struct connectdata *conn, bool proxy);

void Curl_ntlm_cleanup(struct SessionHandle *data);

void Curl_ntlm_cleanup(struct connectdata *conn);

/* Flag bits definitions based on http://davenport.sourceforge.net/ntlm.html */