Commit f8a8ed73 authored by Steve Holme's avatar Steve Holme
Browse files

http_negotiate_sspi: Fixed specific username and password not working 

Bug: http://curl.haxx.se/mail/lib-2014-06/0224.html
Reported-by: Leonardo Rosati
parent f8af8606

lib/http_negotiate_sspi.c

+45 −5
Original line number Diff line number Diff line
@@ -68,8 +68,6 @@ get_gss_name(struct connectdata *conn, bool proxy, 
int Curl_input_negotiate(struct connectdata *conn, bool proxy,

                         const char *header)

{

  struct negotiatedata *neg_ctx = proxy?&conn->data->state.proxyneg:

    &conn->data->state.negotiate;

  BYTE              *input_token = 0;

  SecBufferDesc     out_buff_desc;

  SecBuffer         out_sec_buff;
@@ -82,6 +80,31 @@ int Curl_input_negotiate(struct connectdata *conn, bool proxy, 
  size_t len = 0, input_token_len = 0;

  CURLcode error;



  /* Point to the username and password */

  const char *userp;

  const char *passwdp;



  /* Point to the correct struct with this */

  struct negotiatedata *neg_ctx;



  if(proxy) {

    userp = conn->proxyuser;

    passwdp = conn->proxypasswd;

    neg_ctx = &conn->data->state.proxyneg;

  }

  else {

    userp = conn->user;

    passwdp = conn->passwd;

    neg_ctx = &conn->data->state.negotiate;

  }



  /* Not set means empty */

  if(!userp)

    userp = "";



  if(!passwdp)

    passwdp = "";



  if(neg_ctx->context && neg_ctx->status == SEC_E_OK) {

    /* We finished successfully our part of authentication, but server

     * rejected it (since we're again here). Exit with an error since we
@@ -131,12 +154,26 @@ int Curl_input_negotiate(struct connectdata *conn, bool proxy, 
    if(!neg_ctx->credentials || !neg_ctx->context)

      return -1;



    if(userp && *userp) {

      /* Populate our identity structure */

      error = Curl_create_sspi_identity(userp, passwdp, &neg_ctx->identity);

      if(error)

        return -1;



      /* Allow proper cleanup of the identity structure */

      neg_ctx->p_identity = &neg_ctx->identity;

    }

    else

      /* Use the current Windows user */

      neg_ctx->p_identity = NULL;



    /* Acquire our credientials handle */

    neg_ctx->status =

      s_pSecFn->AcquireCredentialsHandle(NULL,

                                         (TCHAR *) TEXT("Negotiate"),

                                         SECPKG_CRED_OUTBOUND, NULL, NULL,

                                         NULL, NULL, neg_ctx->credentials,

                                         &lifetime);

                                         SECPKG_CRED_OUTBOUND, NULL,

                                         neg_ctx->p_identity, NULL, NULL,

                                         neg_ctx->credentials, &lifetime);

    if(neg_ctx->status != SEC_E_OK)

      return -1;

  }
@@ -260,6 +297,9 @@ static void cleanup(struct negotiatedata *neg_ctx) 
  }



  neg_ctx->max_token_length = 0;



  Curl_sspi_free_identity(neg_ctx->p_identity);

  neg_ctx->p_identity = NULL;

}



void Curl_cleanup_negotiate(struct SessionHandle *data)

lib/urldata.h

+2 −0
Original line number Diff line number Diff line
@@ -459,6 +459,8 @@ struct negotiatedata { 
  DWORD status;

  CtxtHandle *context;

  CredHandle *credentials;

  SEC_WINNT_AUTH_IDENTITY identity;

  SEC_WINNT_AUTH_IDENTITY *p_identity;

  char server_name[1024];

  size_t max_token_length;

  BYTE *output_token;