mirror/curl
2
0
Fork 0
mirror of https://github.com/curl/curl.git synced 2024-12-21 06:50:10 +08:00
Code Issues Packages Projects Releases Wiki Activity
78ed473dbc
curl/lib/http_ntlm.c

Ignoring revisions in .git-blame-ignore-revs. Click here to bypass and see the normal blame view.

271 lines
7.7 KiB
C
Raw Normal View History

http NTLM: split http_ntlm.[ch] between http_ntlm.[ch] and curl_ntlm.[ch] For modularity purposes, huge chunks of NTLM existing code is transformed into functions to allow future internal code reuse. Resulting three new libcurl private functions: - Curl_ntlm_create_type1_message() - Curl_ntlm_create_type3_message() - Curl_ntlm_decode_type2_message() Changing static ntlm_sspi_cleanup() into non-static Curl_ntlm_sspi_cleanup() This 'refactoring' has been prepared by previous commits to allow that this specific one does not introduce any change to existing code. All existing goodness and badness previous to this commit should remain the same once it is applied, the only difference should be that existing code is moved into functions. Given the quite big portions of code being moved around, and the importance of change traceability, this commit has been done in such a way that it is possible to perform a three-way diff from initial http_ntlm.[ch] to resulting http_ntlm.[ch] and curl_ntlm.[ch] to actually verify that no functional change is introduced here. Notice that Steve Holme has provided several patches, but these included this refactoring along with 'extra' fixes. I really wanted this 'clean' refactoring done first, in order to allow discussion or committing of 'extra' fixes on a case by case basis, so, I had to bite the bullet ;-) Comments, line adjustments, compiler warning fixes, whatever, may follow afterwards.
2011-08-14 21:45:19 +08:00
/***************************************************************************
* _ _ ____ _
* Project ___| | | | _ \| |
* / __| | | | |_) | |
* | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____|
*
copyright: update all copyright lines and remove year ranges - they are mostly pointless in all major jurisdictions - many big corporations and projects already don't use them - saves us from pointless churn - git keeps history for us - the year range is kept in COPYING checksrc is updated to allow non-year using copyright statements Closes #10205
2023-01-02 20:51:48 +08:00
* Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
http NTLM: split http_ntlm.[ch] between http_ntlm.[ch] and curl_ntlm.[ch] For modularity purposes, huge chunks of NTLM existing code is transformed into functions to allow future internal code reuse. Resulting three new libcurl private functions: - Curl_ntlm_create_type1_message() - Curl_ntlm_create_type3_message() - Curl_ntlm_decode_type2_message() Changing static ntlm_sspi_cleanup() into non-static Curl_ntlm_sspi_cleanup() This 'refactoring' has been prepared by previous commits to allow that this specific one does not introduce any change to existing code. All existing goodness and badness previous to this commit should remain the same once it is applied, the only difference should be that existing code is moved into functions. Given the quite big portions of code being moved around, and the importance of change traceability, this commit has been done in such a way that it is possible to perform a three-way diff from initial http_ntlm.[ch] to resulting http_ntlm.[ch] and curl_ntlm.[ch] to actually verify that no functional change is introduced here. Notice that Steve Holme has provided several patches, but these included this refactoring along with 'extra' fixes. I really wanted this 'clean' refactoring done first, in order to allow discussion or committing of 'extra' fixes on a case by case basis, so, I had to bite the bullet ;-) Comments, line adjustments, compiler warning fixes, whatever, may follow afterwards.
2011-08-14 21:45:19 +08:00
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
curl.se: new home Closes #6172
2020-11-04 21:02:01 +08:00
* are also available at https://curl.se/docs/copyright.html.
http NTLM: split http_ntlm.[ch] between http_ntlm.[ch] and curl_ntlm.[ch] For modularity purposes, huge chunks of NTLM existing code is transformed into functions to allow future internal code reuse. Resulting three new libcurl private functions: - Curl_ntlm_create_type1_message() - Curl_ntlm_create_type3_message() - Curl_ntlm_decode_type2_message() Changing static ntlm_sspi_cleanup() into non-static Curl_ntlm_sspi_cleanup() This 'refactoring' has been prepared by previous commits to allow that this specific one does not introduce any change to existing code. All existing goodness and badness previous to this commit should remain the same once it is applied, the only difference should be that existing code is moved into functions. Given the quite big portions of code being moved around, and the importance of change traceability, this commit has been done in such a way that it is possible to perform a three-way diff from initial http_ntlm.[ch] to resulting http_ntlm.[ch] and curl_ntlm.[ch] to actually verify that no functional change is introduced here. Notice that Steve Holme has provided several patches, but these included this refactoring along with 'extra' fixes. I really wanted this 'clean' refactoring done first, in order to allow discussion or committing of 'extra' fixes on a case by case basis, so, I had to bite the bullet ;-) Comments, line adjustments, compiler warning fixes, whatever, may follow afterwards.
2011-08-14 21:45:19 +08:00
*
* You may opt to use, copy, modify, merge, publish, distribute and/or sell
* copies of the Software, and permit persons to whom the Software is
* furnished to do so, under the terms of the COPYING file.
*
* This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
* KIND, either express or implied.
*
* SPDX-License-Identifier: curl
copyright: make repository REUSE compliant Add licensing and copyright information for all files in this repository. This either happens in the file itself as a comment header or in the file `.reuse/dep5`. This commit also adds a Github workflow to check pull requests and adapts copyright.pl to the changes. Closes #8869
2022-05-17 17:16:50 +08:00
*
http NTLM: split http_ntlm.[ch] between http_ntlm.[ch] and curl_ntlm.[ch] For modularity purposes, huge chunks of NTLM existing code is transformed into functions to allow future internal code reuse. Resulting three new libcurl private functions: - Curl_ntlm_create_type1_message() - Curl_ntlm_create_type3_message() - Curl_ntlm_decode_type2_message() Changing static ntlm_sspi_cleanup() into non-static Curl_ntlm_sspi_cleanup() This 'refactoring' has been prepared by previous commits to allow that this specific one does not introduce any change to existing code. All existing goodness and badness previous to this commit should remain the same once it is applied, the only difference should be that existing code is moved into functions. Given the quite big portions of code being moved around, and the importance of change traceability, this commit has been done in such a way that it is possible to perform a three-way diff from initial http_ntlm.[ch] to resulting http_ntlm.[ch] and curl_ntlm.[ch] to actually verify that no functional change is introduced here. Notice that Steve Holme has provided several patches, but these included this refactoring along with 'extra' fixes. I really wanted this 'clean' refactoring done first, in order to allow discussion or committing of 'extra' fixes on a case by case basis, so, I had to bite the bullet ;-) Comments, line adjustments, compiler warning fixes, whatever, may follow afterwards.
2011-08-14 21:45:19 +08:00
***************************************************************************/
build: fix circular header inclusion with other packages This commit renames lib/setup.h to lib/curl_setup.h and renames lib/setup_once.h to lib/curl_setup_once.h. Removes the need and usage of a header inclusion guard foreign to libcurl. [1] Removes the need and presence of an alarming notice we carried in old setup_once.h [2] ---------------------------------------- 1 - lib/setup_once.h used __SETUP_ONCE_H macro as header inclusion guard up to commit ec691ca3 which changed this to HEADER_CURL_SETUP_ONCE_H, this single inclusion guard is enough to ensure that inclusion of lib/setup_once.h done from lib/setup.h is only done once. Additionally lib/setup.h has always used __SETUP_ONCE_H macro to protect inclusion of setup_once.h even after commit ec691ca3, this was to avoid a circular header inclusion triggered when building a c-ares enabled version with c-ares sources available which also has a setup_once.h header. Commit ec691ca3 exposes the real nature of __SETUP_ONCE_H usage in lib/setup.h, it is a header inclusion guard foreign to libcurl belonging to c-ares's setup_once.h The renaming this commit does, fixes the circular header inclusion, and as such removes the need and usage of a header inclusion guard foreign to libcurl. Macro __SETUP_ONCE_H no longer used in libcurl. 2 - Due to the circular interdependency of old lib/setup_once.h and the c-ares setup_once.h header, old file lib/setup_once.h has carried back from 2006 up to now days an alarming and prominent notice about the need of keeping libcurl's and c-ares's setup_once.h in sync. Given that this commit fixes the circular interdependency, the need and presence of mentioned notice is removed. All mentioned interdependencies come back from now old days when the c-ares project lived inside a curl subdirectory. This commit removes last traces of such fact.
2013-01-07 02:06:49 +08:00
#include "curl_setup.h"
http NTLM: split http_ntlm.[ch] between http_ntlm.[ch] and curl_ntlm.[ch] For modularity purposes, huge chunks of NTLM existing code is transformed into functions to allow future internal code reuse. Resulting three new libcurl private functions: - Curl_ntlm_create_type1_message() - Curl_ntlm_create_type3_message() - Curl_ntlm_decode_type2_message() Changing static ntlm_sspi_cleanup() into non-static Curl_ntlm_sspi_cleanup() This 'refactoring' has been prepared by previous commits to allow that this specific one does not introduce any change to existing code. All existing goodness and badness previous to this commit should remain the same once it is applied, the only difference should be that existing code is moved into functions. Given the quite big portions of code being moved around, and the importance of change traceability, this commit has been done in such a way that it is possible to perform a three-way diff from initial http_ntlm.[ch] to resulting http_ntlm.[ch] and curl_ntlm.[ch] to actually verify that no functional change is introduced here. Notice that Steve Holme has provided several patches, but these included this refactoring along with 'extra' fixes. I really wanted this 'clean' refactoring done first, in order to allow discussion or committing of 'extra' fixes on a case by case basis, so, I had to bite the bullet ;-) Comments, line adjustments, compiler warning fixes, whatever, may follow afterwards.
2011-08-14 21:45:19 +08:00
build: Fixed no NTLM support for email when CURL_DISABLE_HTTP is defined USE_NTLM would only be defined if: HTTP support was enabled, NTLM and cryptography weren't disabled, and either a supporting cryptography library or Windows SSPI was being compiled against. This means it was not possible to build libcurl without HTTP support and use NTLM for other protocols such as IMAP, POP3 and SMTP. Rather than introduce a new SASL pre-processor definition, removed the HTTP prerequisite just like USE_SPNEGO and USE_KRB5. Note: Winbind support still needs to be dependent on CURL_DISABLE_HTTP as it is only available to HTTP at present. This bug dates back to August 2011 when I started to add support for NTLM to SMTP.
2014-11-09 20:46:00 +08:00
#if !defined(CURL_DISABLE_HTTP) && defined(USE_NTLM)
http NTLM: split http_ntlm.[ch] between http_ntlm.[ch] and curl_ntlm.[ch] For modularity purposes, huge chunks of NTLM existing code is transformed into functions to allow future internal code reuse. Resulting three new libcurl private functions: - Curl_ntlm_create_type1_message() - Curl_ntlm_create_type3_message() - Curl_ntlm_decode_type2_message() Changing static ntlm_sspi_cleanup() into non-static Curl_ntlm_sspi_cleanup() This 'refactoring' has been prepared by previous commits to allow that this specific one does not introduce any change to existing code. All existing goodness and badness previous to this commit should remain the same once it is applied, the only difference should be that existing code is moved into functions. Given the quite big portions of code being moved around, and the importance of change traceability, this commit has been done in such a way that it is possible to perform a three-way diff from initial http_ntlm.[ch] to resulting http_ntlm.[ch] and curl_ntlm.[ch] to actually verify that no functional change is introduced here. Notice that Steve Holme has provided several patches, but these included this refactoring along with 'extra' fixes. I really wanted this 'clean' refactoring done first, in order to allow discussion or committing of 'extra' fixes on a case by case basis, so, I had to bite the bullet ;-) Comments, line adjustments, compiler warning fixes, whatever, may follow afterwards.
2011-08-14 21:45:19 +08:00
NTLM: header inclusion cleanup
2011-08-28 13:15:46 +08:00
/*
* NTLM details:
*
docs: update sourceforge project links [ci skip] SourceForge projects can now choose between two hostnames, with .io and .net ending. Both support HTTPS by default now. Opening the other variant will perm-redirected to the one chosen by the project. The .io -> .net redirection is done insecurely. Let's update the URLs to point to the current canonical endpoints to avoid any redirects. Closes #9630
2022-10-02 02:23:09 +08:00
* https://davenport.sourceforge.net/ntlm.html
URLs: change http to https in many places Closes #754
2016-04-06 17:57:48 +08:00
* https://www.innovation.ch/java/ntlm.html
NTLM: header inclusion cleanup
2011-08-28 13:15:46 +08:00
*/
http NTLM: split http_ntlm.[ch] between http_ntlm.[ch] and curl_ntlm.[ch] For modularity purposes, huge chunks of NTLM existing code is transformed into functions to allow future internal code reuse. Resulting three new libcurl private functions: - Curl_ntlm_create_type1_message() - Curl_ntlm_create_type3_message() - Curl_ntlm_decode_type2_message() Changing static ntlm_sspi_cleanup() into non-static Curl_ntlm_sspi_cleanup() This 'refactoring' has been prepared by previous commits to allow that this specific one does not introduce any change to existing code. All existing goodness and badness previous to this commit should remain the same once it is applied, the only difference should be that existing code is moved into functions. Given the quite big portions of code being moved around, and the importance of change traceability, this commit has been done in such a way that it is possible to perform a three-way diff from initial http_ntlm.[ch] to resulting http_ntlm.[ch] and curl_ntlm.[ch] to actually verify that no functional change is introduced here. Notice that Steve Holme has provided several patches, but these included this refactoring along with 'extra' fixes. I really wanted this 'clean' refactoring done first, in order to allow discussion or committing of 'extra' fixes on a case by case basis, so, I had to bite the bullet ;-) Comments, line adjustments, compiler warning fixes, whatever, may follow afterwards.
2011-08-14 21:45:19 +08:00
NTLM: header inclusion cleanup
2011-08-28 13:15:46 +08:00
#define DEBUG_ME 0
http NTLM: split http_ntlm.[ch] between http_ntlm.[ch] and curl_ntlm.[ch] For modularity purposes, huge chunks of NTLM existing code is transformed into functions to allow future internal code reuse. Resulting three new libcurl private functions: - Curl_ntlm_create_type1_message() - Curl_ntlm_create_type3_message() - Curl_ntlm_decode_type2_message() Changing static ntlm_sspi_cleanup() into non-static Curl_ntlm_sspi_cleanup() This 'refactoring' has been prepared by previous commits to allow that this specific one does not introduce any change to existing code. All existing goodness and badness previous to this commit should remain the same once it is applied, the only difference should be that existing code is moved into functions. Given the quite big portions of code being moved around, and the importance of change traceability, this commit has been done in such a way that it is possible to perform a three-way diff from initial http_ntlm.[ch] to resulting http_ntlm.[ch] and curl_ntlm.[ch] to actually verify that no functional change is introduced here. Notice that Steve Holme has provided several patches, but these included this refactoring along with 'extra' fixes. I really wanted this 'clean' refactoring done first, in order to allow discussion or committing of 'extra' fixes on a case by case basis, so, I had to bite the bullet ;-) Comments, line adjustments, compiler warning fixes, whatever, may follow afterwards.
2011-08-14 21:45:19 +08:00
Revert changes relative to lib/*.[ch] recent renaming This reverts renaming and usage of lib/*.h header files done 28-12-2012, reverting 2 commits: f871de0... build: make use of 76 lib/*.h renamed files ffd8e12... build: rename 76 lib/*.h files This also reverts removal of redundant include guard (redundant thanks to changes in above commits) done 2-12-2013, reverting 1 commit: c087374... curl_setup.h: remove redundant include guard This also reverts renaming and usage of lib/*.c source files done 3-12-2013, reverting 3 commits: 13606bb... build: make use of 93 lib/*.c renamed files 5b6e792... build: rename 93 lib/*.c files 7d83dff... build: commit 13606bbfde follow-up 1 Start of related discussion thread: http://curl.haxx.se/mail/lib-2013-01/0012.html Asking for confirmation on pushing this revertion commit: http://curl.haxx.se/mail/lib-2013-01/0048.html Confirmation summary: http://curl.haxx.se/mail/lib-2013-01/0079.html NOTICE: The list of 2 files that have been modified by other intermixed commits, while renamed, and also by at least one of the 6 commits this one reverts follows below. These 2 files will exhibit a hole in history unless git's '--follow' option is used when viewing logs. lib/curl_imap.h lib/curl_smtp.h
2013-01-04 09:50:28 +08:00
#include "urldata.h"
#include "sendf.h"
strcasecompare: all case insensitive string compares ignore locale now We had some confusions on when each function was used. We should not act differently on different locales anyway.
2016-10-01 00:54:02 +08:00
#include "strcase.h"
http_ntlm: Renamed from curl_ntlm.[c|h] Renamed the header and source files for this module as they are HTTP specific and as such, they should use the naming convention as other HTTP authentication source files do - this revert commit 260ee6b7bf. Note: We could also rename curl_ntlm_wb.[c|h], however, the Winbind code needs separating from the HTTP protocol and migrating into the vauth directory, thus adding support for Winbind to the SASL based protocols such as IMAP, POP3 and SMTP.
2016-03-28 00:58:50 +08:00
#include "http_ntlm.h"
ntlm: move NTLM_NEEDS_NSS_INIT define into core NTLM header .. and include the core NTLM header in all NTLM-related source files. Follow up to 6f86022. Since then http_ntlm checks NTLM_NEEDS_NSS_INIT but did not include vtls.h where it was defined. Closes https://github.com/curl/curl/pull/1911
2017-09-23 03:47:14 +08:00
#include "curl_ntlm_core.h"
vauth: factor base64 conversions out of authentication procedures Input challenges and returned messages are now in binary. Conversions from/to base64 are performed by callers (currently curl_sasl.c and http_ntlm.c). Closes #6654
2021-03-18 03:09:55 +08:00
#include "curl_base64.h"
vauth: Moved the NTLM authentication code to the new vauth directory
2015-09-12 21:50:02 +08:00
#include "vauth/vauth.h"
Revert changes relative to lib/*.[ch] recent renaming This reverts renaming and usage of lib/*.h header files done 28-12-2012, reverting 2 commits: f871de0... build: make use of 76 lib/*.h renamed files ffd8e12... build: rename 76 lib/*.h files This also reverts removal of redundant include guard (redundant thanks to changes in above commits) done 2-12-2013, reverting 1 commit: c087374... curl_setup.h: remove redundant include guard This also reverts renaming and usage of lib/*.c source files done 3-12-2013, reverting 3 commits: 13606bb... build: make use of 93 lib/*.c renamed files 5b6e792... build: rename 93 lib/*.c files 7d83dff... build: commit 13606bbfde follow-up 1 Start of related discussion thread: http://curl.haxx.se/mail/lib-2013-01/0012.html Asking for confirmation on pushing this revertion commit: http://curl.haxx.se/mail/lib-2013-01/0048.html Confirmation summary: http://curl.haxx.se/mail/lib-2013-01/0079.html NOTICE: The list of 2 files that have been modified by other intermixed commits, while renamed, and also by at least one of the 6 commits this one reverts follows below. These 2 files will exhibit a hole in history unless git's '--follow' option is used when viewing logs. lib/curl_imap.h lib/curl_smtp.h
2013-01-04 09:50:28 +08:00
#include "url.h"
http NTLM: split http_ntlm.[ch] between http_ntlm.[ch] and curl_ntlm.[ch] For modularity purposes, huge chunks of NTLM existing code is transformed into functions to allow future internal code reuse. Resulting three new libcurl private functions: - Curl_ntlm_create_type1_message() - Curl_ntlm_create_type3_message() - Curl_ntlm_decode_type2_message() Changing static ntlm_sspi_cleanup() into non-static Curl_ntlm_sspi_cleanup() This 'refactoring' has been prepared by previous commits to allow that this specific one does not introduce any change to existing code. All existing goodness and badness previous to this commit should remain the same once it is applied, the only difference should be that existing code is moved into functions. Given the quite big portions of code being moved around, and the importance of change traceability, this commit has been done in such a way that it is possible to perform a three-way diff from initial http_ntlm.[ch] to resulting http_ntlm.[ch] and curl_ntlm.[ch] to actually verify that no functional change is introduced here. Notice that Steve Holme has provided several patches, but these included this refactoring along with 'extra' fixes. I really wanted this 'clean' refactoring done first, in order to allow discussion or committing of 'extra' fixes on a case by case basis, so, I had to bite the bullet ;-) Comments, line adjustments, compiler warning fixes, whatever, may follow afterwards.
2011-08-14 21:45:19 +08:00
ntlm: use strict order for SSL backend #if branches With the recently introduced MultiSSL support multiple SSL backends can be compiled into cURL That means that now the order of the SSL One option would be to use the same SSL backend as was configured via `curl_global_sslset()`, however, NTLMv2 support would appear to be available only with some SSL backends. For example, when eb88d778e (ntlm: Use Windows Crypt API, 2014-12-02) introduced support for NTLMv1 using Windows' Crypt API, it specifically did *not* introduce NTLMv2 support using Crypt API at the same time. So let's select one specific SSL backend for NTLM support when compiled with multiple SSL backends, using a priority order such that we support NTLMv2 even if only one compiled-in SSL backend can be used for that. Ref: https://github.com/curl/curl/pull/1848
2017-08-31 05:10:38 +08:00
/* SSL backend-specific #if branches in this file must be kept in the order
documented in curl_ntlm_core. */
http_ntlm: Remove duplicate NSS initialisation Given that this is performed by the NTLM code there is no need to perform the initialisation in the HTTP layer. This also keeps the initialisation the same as the SASL based protocols and also fixes a possible compilation issue if both NSS and SSPI were to be used as multiple SSL backends. Reviewed-by: Kamil Dudka Closes #3935
2019-05-08 21:40:16 +08:00
#if defined(USE_WINDOWS_SSPI)
http NTLM: split http_ntlm.[ch] between http_ntlm.[ch] and curl_ntlm.[ch] For modularity purposes, huge chunks of NTLM existing code is transformed into functions to allow future internal code reuse. Resulting three new libcurl private functions: - Curl_ntlm_create_type1_message() - Curl_ntlm_create_type3_message() - Curl_ntlm_decode_type2_message() Changing static ntlm_sspi_cleanup() into non-static Curl_ntlm_sspi_cleanup() This 'refactoring' has been prepared by previous commits to allow that this specific one does not introduce any change to existing code. All existing goodness and badness previous to this commit should remain the same once it is applied, the only difference should be that existing code is moved into functions. Given the quite big portions of code being moved around, and the importance of change traceability, this commit has been done in such a way that it is possible to perform a three-way diff from initial http_ntlm.[ch] to resulting http_ntlm.[ch] and curl_ntlm.[ch] to actually verify that no functional change is introduced here. Notice that Steve Holme has provided several patches, but these included this refactoring along with 'extra' fixes. I really wanted this 'clean' refactoring done first, in order to allow discussion or committing of 'extra' fixes on a case by case basis, so, I had to bite the bullet ;-) Comments, line adjustments, compiler warning fixes, whatever, may follow afterwards.
2011-08-14 21:45:19 +08:00
#include "curl_sspi.h"
#endif
lib: include curl_printf.h as one of the last headers curl_printf.h defines printf to curl_mprintf, etc. This can cause problems with external headers which may use __attribute__((format(printf, ...))) markers etc. To avoid that they cause problems with system includes, we include curl_printf.h after any system headers. That makes the three last headers to always be, and we keep them in this order: curl_printf.h curl_memory.h memdebug.h None of them include system headers, they all do funny #defines. Reported-by: David Benjamin Fixes #743
2016-04-29 21:46:40 +08:00
/* The last 3 #include files should be in this order */
#include "curl_printf.h"
curl_memory: make curl_memory.h the second-last header file loaded This header file must be included after all header files except memdebug.h, as it does similar memory function redefinitions and can be similarly affected by conflicting definitions in system or dependent library headers.
2015-03-25 06:12:03 +08:00
#include "curl_memory.h"
Revert changes relative to lib/*.[ch] recent renaming This reverts renaming and usage of lib/*.h header files done 28-12-2012, reverting 2 commits: f871de0... build: make use of 76 lib/*.h renamed files ffd8e12... build: rename 76 lib/*.h files This also reverts removal of redundant include guard (redundant thanks to changes in above commits) done 2-12-2013, reverting 1 commit: c087374... curl_setup.h: remove redundant include guard This also reverts renaming and usage of lib/*.c source files done 3-12-2013, reverting 3 commits: 13606bb... build: make use of 93 lib/*.c renamed files 5b6e792... build: rename 93 lib/*.c files 7d83dff... build: commit 13606bbfde follow-up 1 Start of related discussion thread: http://curl.haxx.se/mail/lib-2013-01/0012.html Asking for confirmation on pushing this revertion commit: http://curl.haxx.se/mail/lib-2013-01/0048.html Confirmation summary: http://curl.haxx.se/mail/lib-2013-01/0079.html NOTICE: The list of 2 files that have been modified by other intermixed commits, while renamed, and also by at least one of the 6 commits this one reverts follows below. These 2 files will exhibit a hole in history unless git's '--follow' option is used when viewing logs. lib/curl_imap.h lib/curl_smtp.h
2013-01-04 09:50:28 +08:00
#include "memdebug.h"
NTLM: move NTLM core specifics into curl_ntlm_core.[ch]
2011-08-28 07:19:08 +08:00
http NTLM: split http_ntlm.[ch] between http_ntlm.[ch] and curl_ntlm.[ch] For modularity purposes, huge chunks of NTLM existing code is transformed into functions to allow future internal code reuse. Resulting three new libcurl private functions: - Curl_ntlm_create_type1_message() - Curl_ntlm_create_type3_message() - Curl_ntlm_decode_type2_message() Changing static ntlm_sspi_cleanup() into non-static Curl_ntlm_sspi_cleanup() This 'refactoring' has been prepared by previous commits to allow that this specific one does not introduce any change to existing code. All existing goodness and badness previous to this commit should remain the same once it is applied, the only difference should be that existing code is moved into functions. Given the quite big portions of code being moved around, and the importance of change traceability, this commit has been done in such a way that it is possible to perform a three-way diff from initial http_ntlm.[ch] to resulting http_ntlm.[ch] and curl_ntlm.[ch] to actually verify that no functional change is introduced here. Notice that Steve Holme has provided several patches, but these included this refactoring along with 'extra' fixes. I really wanted this 'clean' refactoring done first, in order to allow discussion or committing of 'extra' fixes on a case by case basis, so, I had to bite the bullet ;-) Comments, line adjustments, compiler warning fixes, whatever, may follow afterwards.
2011-08-14 21:45:19 +08:00
#if DEBUG_ME
# define DEBUG_OUT(x) x
#else
fix a bunch of MSVC compiler warnings
2011-09-03 22:06:10 +08:00
# define DEBUG_OUT(x) Curl_nop_stmt
http NTLM: split http_ntlm.[ch] between http_ntlm.[ch] and curl_ntlm.[ch] For modularity purposes, huge chunks of NTLM existing code is transformed into functions to allow future internal code reuse. Resulting three new libcurl private functions: - Curl_ntlm_create_type1_message() - Curl_ntlm_create_type3_message() - Curl_ntlm_decode_type2_message() Changing static ntlm_sspi_cleanup() into non-static Curl_ntlm_sspi_cleanup() This 'refactoring' has been prepared by previous commits to allow that this specific one does not introduce any change to existing code. All existing goodness and badness previous to this commit should remain the same once it is applied, the only difference should be that existing code is moved into functions. Given the quite big portions of code being moved around, and the importance of change traceability, this commit has been done in such a way that it is possible to perform a three-way diff from initial http_ntlm.[ch] to resulting http_ntlm.[ch] and curl_ntlm.[ch] to actually verify that no functional change is introduced here. Notice that Steve Holme has provided several patches, but these included this refactoring along with 'extra' fixes. I really wanted this 'clean' refactoring done first, in order to allow discussion or committing of 'extra' fixes on a case by case basis, so, I had to bite the bullet ;-) Comments, line adjustments, compiler warning fixes, whatever, may follow afterwards.
2011-08-14 21:45:19 +08:00
#endif
lib: more conn->data cleanups Closes #6479
2021-01-18 18:56:50 +08:00
CURLcode Curl_input_ntlm(struct Curl_easy *data,
NTLM: END of refactoring/splitting/moving First: File curl_ntlm.h renamed curl_ntlm_msgs.h File curl_ntlm.c renamed curl_ntlm_msgs.c Afterwards: File http_ntlm.c renamed curl_ntlm.c File http_ntlm.h renamed curl_ntlm.h
2011-08-28 08:00:02 +08:00
bool proxy, /* if proxy or not */
const char *header) /* rest of the www-authenticate:
header */
http NTLM: split http_ntlm.[ch] between http_ntlm.[ch] and curl_ntlm.[ch] For modularity purposes, huge chunks of NTLM existing code is transformed into functions to allow future internal code reuse. Resulting three new libcurl private functions: - Curl_ntlm_create_type1_message() - Curl_ntlm_create_type3_message() - Curl_ntlm_decode_type2_message() Changing static ntlm_sspi_cleanup() into non-static Curl_ntlm_sspi_cleanup() This 'refactoring' has been prepared by previous commits to allow that this specific one does not introduce any change to existing code. All existing goodness and badness previous to this commit should remain the same once it is applied, the only difference should be that existing code is moved into functions. Given the quite big portions of code being moved around, and the importance of change traceability, this commit has been done in such a way that it is possible to perform a three-way diff from initial http_ntlm.[ch] to resulting http_ntlm.[ch] and curl_ntlm.[ch] to actually verify that no functional change is introduced here. Notice that Steve Holme has provided several patches, but these included this refactoring along with 'extra' fixes. I really wanted this 'clean' refactoring done first, in order to allow discussion or committing of 'extra' fixes on a case by case basis, so, I had to bite the bullet ;-) Comments, line adjustments, compiler warning fixes, whatever, may follow afterwards.
2011-08-14 21:45:19 +08:00
{
NTLM: END of refactoring/splitting/moving First: File curl_ntlm.h renamed curl_ntlm_msgs.h File curl_ntlm.c renamed curl_ntlm_msgs.c Afterwards: File http_ntlm.c renamed curl_ntlm.c File http_ntlm.h renamed curl_ntlm.h
2011-08-28 08:00:02 +08:00
/* point to the correct struct with this */
struct ntlmdata *ntlm;
http_ntlm: Move the NTLM state out of the ntlmdata structure Given that this member variable is not used by the SASL based protocols there is no need to have it here.
2019-05-14 03:58:39 +08:00
curlntlm *state;
NTLM: END of refactoring/splitting/moving First: File curl_ntlm.h renamed curl_ntlm_msgs.h File curl_ntlm.c renamed curl_ntlm_msgs.c Afterwards: File http_ntlm.c renamed curl_ntlm.c File http_ntlm.h renamed curl_ntlm.h
2011-08-28 08:00:02 +08:00
CURLcode result = CURLE_OK;
lib: more conn->data cleanups Closes #6479
2021-01-18 18:56:50 +08:00
struct connectdata *conn = data->conn;
http NTLM: split http_ntlm.[ch] between http_ntlm.[ch] and curl_ntlm.[ch] For modularity purposes, huge chunks of NTLM existing code is transformed into functions to allow future internal code reuse. Resulting three new libcurl private functions: - Curl_ntlm_create_type1_message() - Curl_ntlm_create_type3_message() - Curl_ntlm_decode_type2_message() Changing static ntlm_sspi_cleanup() into non-static Curl_ntlm_sspi_cleanup() This 'refactoring' has been prepared by previous commits to allow that this specific one does not introduce any change to existing code. All existing goodness and badness previous to this commit should remain the same once it is applied, the only difference should be that existing code is moved into functions. Given the quite big portions of code being moved around, and the importance of change traceability, this commit has been done in such a way that it is possible to perform a three-way diff from initial http_ntlm.[ch] to resulting http_ntlm.[ch] and curl_ntlm.[ch] to actually verify that no functional change is introduced here. Notice that Steve Holme has provided several patches, but these included this refactoring along with 'extra' fixes. I really wanted this 'clean' refactoring done first, in order to allow discussion or committing of 'extra' fixes on a case by case basis, so, I had to bite the bullet ;-) Comments, line adjustments, compiler warning fixes, whatever, may follow afterwards.
2011-08-14 21:45:19 +08:00
NTLM: END of refactoring/splitting/moving First: File curl_ntlm.h renamed curl_ntlm_msgs.h File curl_ntlm.c renamed curl_ntlm_msgs.c Afterwards: File http_ntlm.c renamed curl_ntlm.c File http_ntlm.h renamed curl_ntlm.h
2011-08-28 08:00:02 +08:00
ntlm = proxy ? &conn->proxyntlm : &conn->ntlm;
http_ntlm: Move the NTLM state out of the ntlmdata structure Given that this member variable is not used by the SASL based protocols there is no need to have it here.
2019-05-14 03:58:39 +08:00
state = proxy ? &conn->proxy_ntlm_state : &conn->http_ntlm_state;
http NTLM: split http_ntlm.[ch] between http_ntlm.[ch] and curl_ntlm.[ch] For modularity purposes, huge chunks of NTLM existing code is transformed into functions to allow future internal code reuse. Resulting three new libcurl private functions: - Curl_ntlm_create_type1_message() - Curl_ntlm_create_type3_message() - Curl_ntlm_decode_type2_message() Changing static ntlm_sspi_cleanup() into non-static Curl_ntlm_sspi_cleanup() This 'refactoring' has been prepared by previous commits to allow that this specific one does not introduce any change to existing code. All existing goodness and badness previous to this commit should remain the same once it is applied, the only difference should be that existing code is moved into functions. Given the quite big portions of code being moved around, and the importance of change traceability, this commit has been done in such a way that it is possible to perform a three-way diff from initial http_ntlm.[ch] to resulting http_ntlm.[ch] and curl_ntlm.[ch] to actually verify that no functional change is introduced here. Notice that Steve Holme has provided several patches, but these included this refactoring along with 'extra' fixes. I really wanted this 'clean' refactoring done first, in order to allow discussion or committing of 'extra' fixes on a case by case basis, so, I had to bite the bullet ;-) Comments, line adjustments, compiler warning fixes, whatever, may follow afterwards.
2011-08-14 21:45:19 +08:00
NTLM: END of refactoring/splitting/moving First: File curl_ntlm.h renamed curl_ntlm_msgs.h File curl_ntlm.c renamed curl_ntlm_msgs.c Afterwards: File http_ntlm.c renamed curl_ntlm.c File http_ntlm.h renamed curl_ntlm.h
2011-08-28 08:00:02 +08:00
if(checkprefix("NTLM", header)) {
header += strlen("NTLM");
base64: fix Curl_base64_encode and Curl_base64_decode interfaces Previous interfaces for these libcurl internal functions did not allow to tell apart a legitimate zero size result from an error condition. These functions now return a CURLcode indicating function success or otherwise specific error. Output size is returned using a pointer argument. All usage of these two functions, and others closely related, has been adapted to the new interfaces. Relative error and OOM handling adapted or added where missing. Unit test 1302 also adapted.
2011-08-24 14:07:36 +08:00
NTLM: END of refactoring/splitting/moving First: File curl_ntlm.h renamed curl_ntlm_msgs.h File curl_ntlm.c renamed curl_ntlm_msgs.c Afterwards: File http_ntlm.c renamed curl_ntlm.c File http_ntlm.h renamed curl_ntlm.h
2011-08-28 08:00:02 +08:00
while(*header && ISSPACE(*header))
header++;
http NTLM: split http_ntlm.[ch] between http_ntlm.[ch] and curl_ntlm.[ch] For modularity purposes, huge chunks of NTLM existing code is transformed into functions to allow future internal code reuse. Resulting three new libcurl private functions: - Curl_ntlm_create_type1_message() - Curl_ntlm_create_type3_message() - Curl_ntlm_decode_type2_message() Changing static ntlm_sspi_cleanup() into non-static Curl_ntlm_sspi_cleanup() This 'refactoring' has been prepared by previous commits to allow that this specific one does not introduce any change to existing code. All existing goodness and badness previous to this commit should remain the same once it is applied, the only difference should be that existing code is moved into functions. Given the quite big portions of code being moved around, and the importance of change traceability, this commit has been done in such a way that it is possible to perform a three-way diff from initial http_ntlm.[ch] to resulting http_ntlm.[ch] and curl_ntlm.[ch] to actually verify that no functional change is introduced here. Notice that Steve Holme has provided several patches, but these included this refactoring along with 'extra' fixes. I really wanted this 'clean' refactoring done first, in order to allow discussion or committing of 'extra' fixes on a case by case basis, so, I had to bite the bullet ;-) Comments, line adjustments, compiler warning fixes, whatever, may follow afterwards.
2011-08-14 21:45:19 +08:00
NTLM: END of refactoring/splitting/moving First: File curl_ntlm.h renamed curl_ntlm_msgs.h File curl_ntlm.c renamed curl_ntlm_msgs.c Afterwards: File http_ntlm.c renamed curl_ntlm.c File http_ntlm.h renamed curl_ntlm.h
2011-08-28 08:00:02 +08:00
if(*header) {
vauth: factor base64 conversions out of authentication procedures Input challenges and returned messages are now in binary. Conversions from/to base64 are performed by callers (currently curl_sasl.c and http_ntlm.c). Closes #6654
2021-03-18 03:09:55 +08:00
unsigned char *hdr;
size_t hdrlen;
result = Curl_base64_decode(header, &hdr, &hdrlen);
if(!result) {
struct bufref hdrbuf;
Curl_bufref_init(&hdrbuf);
Curl_bufref_set(&hdrbuf, hdr, hdrlen, curl_free);
result = Curl_auth_decode_ntlm_type2_message(data, &hdrbuf, ntlm);
Curl_bufref_free(&hdrbuf);
}
ntlm: We prefer 'CURLcode result' Continuing commit 0eb3d15ccb more return code variable name changes.
2014-10-27 05:27:31 +08:00
if(result)
NTLM: END of refactoring/splitting/moving First: File curl_ntlm.h renamed curl_ntlm_msgs.h File curl_ntlm.c renamed curl_ntlm_msgs.c Afterwards: File http_ntlm.c renamed curl_ntlm.c File http_ntlm.h renamed curl_ntlm.h
2011-08-28 08:00:02 +08:00
return result;
http NTLM: split http_ntlm.[ch] between http_ntlm.[ch] and curl_ntlm.[ch] For modularity purposes, huge chunks of NTLM existing code is transformed into functions to allow future internal code reuse. Resulting three new libcurl private functions: - Curl_ntlm_create_type1_message() - Curl_ntlm_create_type3_message() - Curl_ntlm_decode_type2_message() Changing static ntlm_sspi_cleanup() into non-static Curl_ntlm_sspi_cleanup() This 'refactoring' has been prepared by previous commits to allow that this specific one does not introduce any change to existing code. All existing goodness and badness previous to this commit should remain the same once it is applied, the only difference should be that existing code is moved into functions. Given the quite big portions of code being moved around, and the importance of change traceability, this commit has been done in such a way that it is possible to perform a three-way diff from initial http_ntlm.[ch] to resulting http_ntlm.[ch] and curl_ntlm.[ch] to actually verify that no functional change is introduced here. Notice that Steve Holme has provided several patches, but these included this refactoring along with 'extra' fixes. I really wanted this 'clean' refactoring done first, in order to allow discussion or committing of 'extra' fixes on a case by case basis, so, I had to bite the bullet ;-) Comments, line adjustments, compiler warning fixes, whatever, may follow afterwards.
2011-08-14 21:45:19 +08:00
http_ntlm: Move the NTLM state out of the ntlmdata structure Given that this member variable is not used by the SASL based protocols there is no need to have it here.
2019-05-14 03:58:39 +08:00
*state = NTLMSTATE_TYPE2; /* We got a type-2 message */
NTLM: END of refactoring/splitting/moving First: File curl_ntlm.h renamed curl_ntlm_msgs.h File curl_ntlm.c renamed curl_ntlm_msgs.c Afterwards: File http_ntlm.c renamed curl_ntlm.c File http_ntlm.h renamed curl_ntlm.h
2011-08-28 08:00:02 +08:00
}
else {
http_ntlm: Move the NTLM state out of the ntlmdata structure Given that this member variable is not used by the SASL based protocols there is no need to have it here.
2019-05-14 03:58:39 +08:00
if(*state == NTLMSTATE_LAST) {
infof: remove newline from format strings, always append it - the data needs to be "line-based" anyway since it's also passed to the debug callback/application - it makes infof() work like failf() and consistency is good - there's an assert that triggers on newlines in the format string - Also removes a few instances of "..." - Removes the code that would append "..." to the end of the data *iff* it was truncated in infof() Closes #7357
2021-07-06 23:05:17 +08:00
infof(data, "NTLM auth restarted");
auth: Rename the various authentication clean up functions For consistency and to a avoid confusion. Closes #3869
2019-05-11 19:57:42 +08:00
Curl_http_auth_cleanup_ntlm(conn);
NTLM: handle auth for only a single request Currently when the server responds with 401 on NTLM authenticated connection (re-used) we consider it to have failed. However this is legitimate and may happen when for example IIS is set configured to 'authPersistSingleRequest' or when the request goes thru a proxy (with 'via' header). Implemented by imploying an additional state once a connection is re-used to indicate that if we receive 401 we need to restart authentication. Closes #363
2015-08-04 07:20:23 +08:00
}
http_ntlm: Move the NTLM state out of the ntlmdata structure Given that this member variable is not used by the SASL based protocols there is no need to have it here.
2019-05-14 03:58:39 +08:00
else if(*state == NTLMSTATE_TYPE3) {
infof: remove newline from format strings, always append it - the data needs to be "line-based" anyway since it's also passed to the debug callback/application - it makes infof() work like failf() and consistency is good - there's an assert that triggers on newlines in the format string - Also removes a few instances of "..." - Removes the code that would append "..." to the end of the data *iff* it was truncated in infof() Closes #7357
2021-07-06 23:05:17 +08:00
infof(data, "NTLM handshake rejected");
auth: Rename the various authentication clean up functions For consistency and to a avoid confusion. Closes #3869
2019-05-11 19:57:42 +08:00
Curl_http_auth_cleanup_ntlm(conn);
http_ntlm: Move the NTLM state out of the ntlmdata structure Given that this member variable is not used by the SASL based protocols there is no need to have it here.
2019-05-14 03:58:39 +08:00
*state = NTLMSTATE_NONE;
Cleanup handshake after clean NTLM failure
2012-08-04 00:37:52 +08:00
return CURLE_REMOTE_ACCESS_DENIED;
}
http_ntlm: Move the NTLM state out of the ntlmdata structure Given that this member variable is not used by the SASL based protocols there is no need to have it here.
2019-05-14 03:58:39 +08:00
else if(*state >= NTLMSTATE_TYPE1) {
infof: remove newline from format strings, always append it - the data needs to be "line-based" anyway since it's also passed to the debug callback/application - it makes infof() work like failf() and consistency is good - there's an assert that triggers on newlines in the format string - Also removes a few instances of "..." - Removes the code that would append "..." to the end of the data *iff* it was truncated in infof() Closes #7357
2021-07-06 23:05:17 +08:00
infof(data, "NTLM handshake failure (internal error)");
NTLM: END of refactoring/splitting/moving First: File curl_ntlm.h renamed curl_ntlm_msgs.h File curl_ntlm.c renamed curl_ntlm_msgs.c Afterwards: File http_ntlm.c renamed curl_ntlm.c File http_ntlm.h renamed curl_ntlm.h
2011-08-28 08:00:02 +08:00
return CURLE_REMOTE_ACCESS_DENIED;
}
http NTLM: split http_ntlm.[ch] between http_ntlm.[ch] and curl_ntlm.[ch] For modularity purposes, huge chunks of NTLM existing code is transformed into functions to allow future internal code reuse. Resulting three new libcurl private functions: - Curl_ntlm_create_type1_message() - Curl_ntlm_create_type3_message() - Curl_ntlm_decode_type2_message() Changing static ntlm_sspi_cleanup() into non-static Curl_ntlm_sspi_cleanup() This 'refactoring' has been prepared by previous commits to allow that this specific one does not introduce any change to existing code. All existing goodness and badness previous to this commit should remain the same once it is applied, the only difference should be that existing code is moved into functions. Given the quite big portions of code being moved around, and the importance of change traceability, this commit has been done in such a way that it is possible to perform a three-way diff from initial http_ntlm.[ch] to resulting http_ntlm.[ch] and curl_ntlm.[ch] to actually verify that no functional change is introduced here. Notice that Steve Holme has provided several patches, but these included this refactoring along with 'extra' fixes. I really wanted this 'clean' refactoring done first, in order to allow discussion or committing of 'extra' fixes on a case by case basis, so, I had to bite the bullet ;-) Comments, line adjustments, compiler warning fixes, whatever, may follow afterwards.
2011-08-14 21:45:19 +08:00
http_ntlm: Move the NTLM state out of the ntlmdata structure Given that this member variable is not used by the SASL based protocols there is no need to have it here.
2019-05-14 03:58:39 +08:00
*state = NTLMSTATE_TYPE1; /* We should send away a type-1 */
NTLM: END of refactoring/splitting/moving First: File curl_ntlm.h renamed curl_ntlm_msgs.h File curl_ntlm.c renamed curl_ntlm_msgs.c Afterwards: File http_ntlm.c renamed curl_ntlm.c File http_ntlm.h renamed curl_ntlm.h
2011-08-28 08:00:02 +08:00
}
http NTLM: split http_ntlm.[ch] between http_ntlm.[ch] and curl_ntlm.[ch] For modularity purposes, huge chunks of NTLM existing code is transformed into functions to allow future internal code reuse. Resulting three new libcurl private functions: - Curl_ntlm_create_type1_message() - Curl_ntlm_create_type3_message() - Curl_ntlm_decode_type2_message() Changing static ntlm_sspi_cleanup() into non-static Curl_ntlm_sspi_cleanup() This 'refactoring' has been prepared by previous commits to allow that this specific one does not introduce any change to existing code. All existing goodness and badness previous to this commit should remain the same once it is applied, the only difference should be that existing code is moved into functions. Given the quite big portions of code being moved around, and the importance of change traceability, this commit has been done in such a way that it is possible to perform a three-way diff from initial http_ntlm.[ch] to resulting http_ntlm.[ch] and curl_ntlm.[ch] to actually verify that no functional change is introduced here. Notice that Steve Holme has provided several patches, but these included this refactoring along with 'extra' fixes. I really wanted this 'clean' refactoring done first, in order to allow discussion or committing of 'extra' fixes on a case by case basis, so, I had to bite the bullet ;-) Comments, line adjustments, compiler warning fixes, whatever, may follow afterwards.
2011-08-14 21:45:19 +08:00
}
NTLM: END of refactoring/splitting/moving First: File curl_ntlm.h renamed curl_ntlm_msgs.h File curl_ntlm.c renamed curl_ntlm_msgs.c Afterwards: File http_ntlm.c renamed curl_ntlm.c File http_ntlm.h renamed curl_ntlm.h
2011-08-28 08:00:02 +08:00
return result;
http NTLM: split http_ntlm.[ch] between http_ntlm.[ch] and curl_ntlm.[ch] For modularity purposes, huge chunks of NTLM existing code is transformed into functions to allow future internal code reuse. Resulting three new libcurl private functions: - Curl_ntlm_create_type1_message() - Curl_ntlm_create_type3_message() - Curl_ntlm_decode_type2_message() Changing static ntlm_sspi_cleanup() into non-static Curl_ntlm_sspi_cleanup() This 'refactoring' has been prepared by previous commits to allow that this specific one does not introduce any change to existing code. All existing goodness and badness previous to this commit should remain the same once it is applied, the only difference should be that existing code is moved into functions. Given the quite big portions of code being moved around, and the importance of change traceability, this commit has been done in such a way that it is possible to perform a three-way diff from initial http_ntlm.[ch] to resulting http_ntlm.[ch] and curl_ntlm.[ch] to actually verify that no functional change is introduced here. Notice that Steve Holme has provided several patches, but these included this refactoring along with 'extra' fixes. I really wanted this 'clean' refactoring done first, in order to allow discussion or committing of 'extra' fixes on a case by case basis, so, I had to bite the bullet ;-) Comments, line adjustments, compiler warning fixes, whatever, may follow afterwards.
2011-08-14 21:45:19 +08:00
}
http NTLM: remaining bits from 0001-Moved-ntlm-[...]-curl_ntlm-mod_3.patch * Added function comments: - Curl_ntlm_decode_type2_message - Curl_ntlm_create_type1_message - Curl_ntlm_create_type3_message * Modification of ntlm processing state to NTLMSTATE_TYPE2 is now done only when Curl_ntlm_decode_type2_message() has fully succeeded.
2011-08-22 22:42:59 +08:00
/*
tidy-up: OS names Use these words and casing more consistently across text, comments and one curl tool output: AIX, ALPN, ANSI, BSD, Cygwin, Darwin, FreeBSD, GitHub, HP-UX, Linux, macOS, MS-DOS, MSYS, MinGW, NTLM, POSIX, Solaris, UNIX, Unix, Unicode, WINE, WebDAV, Win32, winbind, WinIDN, Windows, Windows CE, Winsock. Mostly OS names and a few more. Also a couple of other minor text fixups. Closes #14360
2024-08-03 07:09:57 +08:00
* This is for creating NTLM header output
http NTLM: remaining bits from 0001-Moved-ntlm-[...]-curl_ntlm-mod_3.patch * Added function comments: - Curl_ntlm_decode_type2_message - Curl_ntlm_create_type1_message - Curl_ntlm_create_type3_message * Modification of ntlm processing state to NTLMSTATE_TYPE2 is now done only when Curl_ntlm_decode_type2_message() has fully succeeded.
2011-08-22 22:42:59 +08:00
*/
lib: more conn->data cleanups Closes #6479
2021-01-18 18:56:50 +08:00
CURLcode Curl_output_ntlm(struct Curl_easy *data, bool proxy)
http NTLM: split http_ntlm.[ch] between http_ntlm.[ch] and curl_ntlm.[ch] For modularity purposes, huge chunks of NTLM existing code is transformed into functions to allow future internal code reuse. Resulting three new libcurl private functions: - Curl_ntlm_create_type1_message() - Curl_ntlm_create_type3_message() - Curl_ntlm_decode_type2_message() Changing static ntlm_sspi_cleanup() into non-static Curl_ntlm_sspi_cleanup() This 'refactoring' has been prepared by previous commits to allow that this specific one does not introduce any change to existing code. All existing goodness and badness previous to this commit should remain the same once it is applied, the only difference should be that existing code is moved into functions. Given the quite big portions of code being moved around, and the importance of change traceability, this commit has been done in such a way that it is possible to perform a three-way diff from initial http_ntlm.[ch] to resulting http_ntlm.[ch] and curl_ntlm.[ch] to actually verify that no functional change is introduced here. Notice that Steve Holme has provided several patches, but these included this refactoring along with 'extra' fixes. I really wanted this 'clean' refactoring done first, in order to allow discussion or committing of 'extra' fixes on a case by case basis, so, I had to bite the bullet ;-) Comments, line adjustments, compiler warning fixes, whatever, may follow afterwards.
2011-08-14 21:45:19 +08:00
{
NTLM: END of refactoring/splitting/moving First: File curl_ntlm.h renamed curl_ntlm_msgs.h File curl_ntlm.c renamed curl_ntlm_msgs.c Afterwards: File http_ntlm.c renamed curl_ntlm.c File http_ntlm.h renamed curl_ntlm.h
2011-08-28 08:00:02 +08:00
char *base64 = NULL;
Curl_ntlm_create_typeX_message: Added the outlen parameter Added the output message length as a parameter to both Curl_ntlm_create_type1_message() and Curl_ntlm_create_type3_message() for use by future functions that require it. Updated curl_ntlm.c to cater for the extra parameter on these two functions.
2011-10-01 20:03:40 +08:00
size_t len = 0;
vauth: factor base64 conversions out of authentication procedures Input challenges and returned messages are now in binary. Conversions from/to base64 are performed by callers (currently curl_sasl.c and http_ntlm.c). Closes #6654
2021-03-18 03:09:55 +08:00
CURLcode result = CURLE_OK;
struct bufref ntlmmsg;
http NTLM: split http_ntlm.[ch] between http_ntlm.[ch] and curl_ntlm.[ch] For modularity purposes, huge chunks of NTLM existing code is transformed into functions to allow future internal code reuse. Resulting three new libcurl private functions: - Curl_ntlm_create_type1_message() - Curl_ntlm_create_type3_message() - Curl_ntlm_decode_type2_message() Changing static ntlm_sspi_cleanup() into non-static Curl_ntlm_sspi_cleanup() This 'refactoring' has been prepared by previous commits to allow that this specific one does not introduce any change to existing code. All existing goodness and badness previous to this commit should remain the same once it is applied, the only difference should be that existing code is moved into functions. Given the quite big portions of code being moved around, and the importance of change traceability, this commit has been done in such a way that it is possible to perform a three-way diff from initial http_ntlm.[ch] to resulting http_ntlm.[ch] and curl_ntlm.[ch] to actually verify that no functional change is introduced here. Notice that Steve Holme has provided several patches, but these included this refactoring along with 'extra' fixes. I really wanted this 'clean' refactoring done first, in order to allow discussion or committing of 'extra' fixes on a case by case basis, so, I had to bite the bullet ;-) Comments, line adjustments, compiler warning fixes, whatever, may follow afterwards.
2011-08-14 21:45:19 +08:00
NTLM: END of refactoring/splitting/moving First: File curl_ntlm.h renamed curl_ntlm_msgs.h File curl_ntlm.c renamed curl_ntlm_msgs.c Afterwards: File http_ntlm.c renamed curl_ntlm.c File http_ntlm.h renamed curl_ntlm.h
2011-08-28 08:00:02 +08:00
/* point to the address of the pointer that holds the string to send to the
misc: typo and grammar fixes - Replace `Github` with `GitHub`. - Replace `windows` with `Windows` - Replace `advice` with `advise` where a verb is used. - A few fixes on removing repeated words. - Replace `a HTTP` with `an HTTP` Closes #9802
2022-10-26 14:59:35 +08:00
server, which is for a plain host or for an HTTP proxy */
NTLM: END of refactoring/splitting/moving First: File curl_ntlm.h renamed curl_ntlm_msgs.h File curl_ntlm.c renamed curl_ntlm_msgs.c Afterwards: File http_ntlm.c renamed curl_ntlm.c File http_ntlm.h renamed curl_ntlm.h
2011-08-28 08:00:02 +08:00
char **allocuserpwd;
http NTLM: split http_ntlm.[ch] between http_ntlm.[ch] and curl_ntlm.[ch] For modularity purposes, huge chunks of NTLM existing code is transformed into functions to allow future internal code reuse. Resulting three new libcurl private functions: - Curl_ntlm_create_type1_message() - Curl_ntlm_create_type3_message() - Curl_ntlm_decode_type2_message() Changing static ntlm_sspi_cleanup() into non-static Curl_ntlm_sspi_cleanup() This 'refactoring' has been prepared by previous commits to allow that this specific one does not introduce any change to existing code. All existing goodness and badness previous to this commit should remain the same once it is applied, the only difference should be that existing code is moved into functions. Given the quite big portions of code being moved around, and the importance of change traceability, this commit has been done in such a way that it is possible to perform a three-way diff from initial http_ntlm.[ch] to resulting http_ntlm.[ch] and curl_ntlm.[ch] to actually verify that no functional change is introduced here. Notice that Steve Holme has provided several patches, but these included this refactoring along with 'extra' fixes. I really wanted this 'clean' refactoring done first, in order to allow discussion or committing of 'extra' fixes on a case by case basis, so, I had to bite the bullet ;-) Comments, line adjustments, compiler warning fixes, whatever, may follow afterwards.
2011-08-14 21:45:19 +08:00
ntlm_sspi: fix authentication using Credential Manager If you pass empty user/pass asking curl to use Windows Credential Storage (as stated in the docs) and it has valid credentials for the domain, e.g. curl -v -u : --ntlm example.com currently authentication fails. This change fixes it by providing proper SPN string to the SSPI API calls. Fixes https://github.com/curl/curl/issues/1622 Closes https://github.com/curl/curl/pull/1660
2017-07-08 08:10:08 +08:00
/* point to the username, password, service and host */
NTLM: END of refactoring/splitting/moving First: File curl_ntlm.h renamed curl_ntlm_msgs.h File curl_ntlm.c renamed curl_ntlm_msgs.c Afterwards: File http_ntlm.c renamed curl_ntlm.c File http_ntlm.h renamed curl_ntlm.h
2011-08-28 08:00:02 +08:00
const char *userp;
const char *passwdp;
ntlm_sspi: fix authentication using Credential Manager If you pass empty user/pass asking curl to use Windows Credential Storage (as stated in the docs) and it has valid credentials for the domain, e.g. curl -v -u : --ntlm example.com currently authentication fails. This change fixes it by providing proper SPN string to the SSPI API calls. Fixes https://github.com/curl/curl/issues/1622 Closes https://github.com/curl/curl/pull/1660
2017-07-08 08:10:08 +08:00
const char *service = NULL;
const char *hostname = NULL;
http NTLM: split http_ntlm.[ch] between http_ntlm.[ch] and curl_ntlm.[ch] For modularity purposes, huge chunks of NTLM existing code is transformed into functions to allow future internal code reuse. Resulting three new libcurl private functions: - Curl_ntlm_create_type1_message() - Curl_ntlm_create_type3_message() - Curl_ntlm_decode_type2_message() Changing static ntlm_sspi_cleanup() into non-static Curl_ntlm_sspi_cleanup() This 'refactoring' has been prepared by previous commits to allow that this specific one does not introduce any change to existing code. All existing goodness and badness previous to this commit should remain the same once it is applied, the only difference should be that existing code is moved into functions. Given the quite big portions of code being moved around, and the importance of change traceability, this commit has been done in such a way that it is possible to perform a three-way diff from initial http_ntlm.[ch] to resulting http_ntlm.[ch] and curl_ntlm.[ch] to actually verify that no functional change is introduced here. Notice that Steve Holme has provided several patches, but these included this refactoring along with 'extra' fixes. I really wanted this 'clean' refactoring done first, in order to allow discussion or committing of 'extra' fixes on a case by case basis, so, I had to bite the bullet ;-) Comments, line adjustments, compiler warning fixes, whatever, may follow afterwards.
2011-08-14 21:45:19 +08:00
NTLM: END of refactoring/splitting/moving First: File curl_ntlm.h renamed curl_ntlm_msgs.h File curl_ntlm.c renamed curl_ntlm_msgs.c Afterwards: File http_ntlm.c renamed curl_ntlm.c File http_ntlm.h renamed curl_ntlm.h
2011-08-28 08:00:02 +08:00
/* point to the correct struct with this */
struct ntlmdata *ntlm;
http_ntlm: Move the NTLM state out of the ntlmdata structure Given that this member variable is not used by the SASL based protocols there is no need to have it here.
2019-05-14 03:58:39 +08:00
curlntlm *state;
NTLM: END of refactoring/splitting/moving First: File curl_ntlm.h renamed curl_ntlm_msgs.h File curl_ntlm.c renamed curl_ntlm_msgs.c Afterwards: File http_ntlm.c renamed curl_ntlm.c File http_ntlm.h renamed curl_ntlm.h
2011-08-28 08:00:02 +08:00
struct auth *authp;
lib: more conn->data cleanups Closes #6479
2021-01-18 18:56:50 +08:00
struct connectdata *conn = data->conn;
http NTLM: split http_ntlm.[ch] between http_ntlm.[ch] and curl_ntlm.[ch] For modularity purposes, huge chunks of NTLM existing code is transformed into functions to allow future internal code reuse. Resulting three new libcurl private functions: - Curl_ntlm_create_type1_message() - Curl_ntlm_create_type3_message() - Curl_ntlm_decode_type2_message() Changing static ntlm_sspi_cleanup() into non-static Curl_ntlm_sspi_cleanup() This 'refactoring' has been prepared by previous commits to allow that this specific one does not introduce any change to existing code. All existing goodness and badness previous to this commit should remain the same once it is applied, the only difference should be that existing code is moved into functions. Given the quite big portions of code being moved around, and the importance of change traceability, this commit has been done in such a way that it is possible to perform a three-way diff from initial http_ntlm.[ch] to resulting http_ntlm.[ch] and curl_ntlm.[ch] to actually verify that no functional change is introduced here. Notice that Steve Holme has provided several patches, but these included this refactoring along with 'extra' fixes. I really wanted this 'clean' refactoring done first, in order to allow discussion or committing of 'extra' fixes on a case by case basis, so, I had to bite the bullet ;-) Comments, line adjustments, compiler warning fixes, whatever, may follow afterwards.
2011-08-14 21:45:19 +08:00
NTLM: END of refactoring/splitting/moving First: File curl_ntlm.h renamed curl_ntlm_msgs.h File curl_ntlm.c renamed curl_ntlm_msgs.c Afterwards: File http_ntlm.c renamed curl_ntlm.c File http_ntlm.h renamed curl_ntlm.h
2011-08-28 08:00:02 +08:00
DEBUGASSERT(conn);
http: move header storage to Curl_easy from connectdata Since the connection can be used by many independent requests (using HTTP/2 or HTTP/3), things like user-agent and other transfer-specific data MUST NOT be kept connection oriented as it could lead to requests getting the wrong string for their requests. This struct data was lingering like this due to old HTTP1 legacy thinking where it didn't mattered.. Fixes #5566 Closes #5567
2020-06-15 17:28:17 +08:00
DEBUGASSERT(data);
http NTLM: split http_ntlm.[ch] between http_ntlm.[ch] and curl_ntlm.[ch] For modularity purposes, huge chunks of NTLM existing code is transformed into functions to allow future internal code reuse. Resulting three new libcurl private functions: - Curl_ntlm_create_type1_message() - Curl_ntlm_create_type3_message() - Curl_ntlm_decode_type2_message() Changing static ntlm_sspi_cleanup() into non-static Curl_ntlm_sspi_cleanup() This 'refactoring' has been prepared by previous commits to allow that this specific one does not introduce any change to existing code. All existing goodness and badness previous to this commit should remain the same once it is applied, the only difference should be that existing code is moved into functions. Given the quite big portions of code being moved around, and the importance of change traceability, this commit has been done in such a way that it is possible to perform a three-way diff from initial http_ntlm.[ch] to resulting http_ntlm.[ch] and curl_ntlm.[ch] to actually verify that no functional change is introduced here. Notice that Steve Holme has provided several patches, but these included this refactoring along with 'extra' fixes. I really wanted this 'clean' refactoring done first, in order to allow discussion or committing of 'extra' fixes on a case by case basis, so, I had to bite the bullet ;-) Comments, line adjustments, compiler warning fixes, whatever, may follow afterwards.
2011-08-14 21:45:19 +08:00
NTLM: END of refactoring/splitting/moving First: File curl_ntlm.h renamed curl_ntlm_msgs.h File curl_ntlm.c renamed curl_ntlm_msgs.c Afterwards: File http_ntlm.c renamed curl_ntlm.c File http_ntlm.h renamed curl_ntlm.h
2011-08-28 08:00:02 +08:00
if(proxy) {
build: disable more code/data when built without proxy support Added build to travis to verify Closes #5466
2020-05-27 17:51:34 +08:00
#ifndef CURL_DISABLE_PROXY
http: move header storage to Curl_easy from connectdata Since the connection can be used by many independent requests (using HTTP/2 or HTTP/3), things like user-agent and other transfer-specific data MUST NOT be kept connection oriented as it could lead to requests getting the wrong string for their requests. This struct data was lingering like this due to old HTTP1 legacy thinking where it didn't mattered.. Fixes #5566 Closes #5567
2020-06-15 17:28:17 +08:00
allocuserpwd = &data->state.aptr.proxyuserpwd;
http: use credentials from transfer, not connection HTTP auth "accidentally" worked before this cleanup since the code would always overwrite the connection credentials with the credentials from the most recent transfer and since HTTP auth is typically done first thing, this has not been an issue. It was still wrong and subject to possible race conditions or future breakage if the sequence of functions would change. The data.set.str[] strings MUST remain unmodified exactly as set by the user, and the credentials to use internally are instead set/updated in state.aptr.* Added test 675 to verify different credentials used in two requests done over a reused HTTP connection, which previously behaved wrongly. Fixes #6542 Closes #6545
2021-02-12 17:27:42 +08:00
userp = data->state.aptr.proxyuser;
passwdp = data->state.aptr.proxypasswd;
lib: more conn->data cleanups Closes #6479
2021-01-18 18:56:50 +08:00
service = data->set.str[STRING_PROXY_SERVICE_NAME] ?
http: use credentials from transfer, not connection HTTP auth "accidentally" worked before this cleanup since the code would always overwrite the connection credentials with the credentials from the most recent transfer and since HTTP auth is typically done first thing, this has not been an issue. It was still wrong and subject to possible race conditions or future breakage if the sequence of functions would change. The data.set.str[] strings MUST remain unmodified exactly as set by the user, and the credentials to use internally are instead set/updated in state.aptr.* Added test 675 to verify different credentials used in two requests done over a reused HTTP connection, which previously behaved wrongly. Fixes #6542 Closes #6545
2021-02-12 17:27:42 +08:00
data->set.str[STRING_PROXY_SERVICE_NAME] : "HTTP";
ntlm_sspi: fix authentication using Credential Manager If you pass empty user/pass asking curl to use Windows Credential Storage (as stated in the docs) and it has valid credentials for the domain, e.g. curl -v -u : --ntlm example.com currently authentication fails. This change fixes it by providing proper SPN string to the SSPI API calls. Fixes https://github.com/curl/curl/issues/1622 Closes https://github.com/curl/curl/pull/1660
2017-07-08 08:10:08 +08:00
hostname = conn->http_proxy.host.name;
NTLM: END of refactoring/splitting/moving First: File curl_ntlm.h renamed curl_ntlm_msgs.h File curl_ntlm.c renamed curl_ntlm_msgs.c Afterwards: File http_ntlm.c renamed curl_ntlm.c File http_ntlm.h renamed curl_ntlm.h
2011-08-28 08:00:02 +08:00
ntlm = &conn->proxyntlm;
http_ntlm: Move the NTLM state out of the ntlmdata structure Given that this member variable is not used by the SASL based protocols there is no need to have it here.
2019-05-14 03:58:39 +08:00
state = &conn->proxy_ntlm_state;
lib: more conn->data cleanups Closes #6479
2021-01-18 18:56:50 +08:00
authp = &data->state.authproxy;
build: disable more code/data when built without proxy support Added build to travis to verify Closes #5466
2020-05-27 17:51:34 +08:00
#else
return CURLE_NOT_BUILT_IN;
#endif
http NTLM: split http_ntlm.[ch] between http_ntlm.[ch] and curl_ntlm.[ch] For modularity purposes, huge chunks of NTLM existing code is transformed into functions to allow future internal code reuse. Resulting three new libcurl private functions: - Curl_ntlm_create_type1_message() - Curl_ntlm_create_type3_message() - Curl_ntlm_decode_type2_message() Changing static ntlm_sspi_cleanup() into non-static Curl_ntlm_sspi_cleanup() This 'refactoring' has been prepared by previous commits to allow that this specific one does not introduce any change to existing code. All existing goodness and badness previous to this commit should remain the same once it is applied, the only difference should be that existing code is moved into functions. Given the quite big portions of code being moved around, and the importance of change traceability, this commit has been done in such a way that it is possible to perform a three-way diff from initial http_ntlm.[ch] to resulting http_ntlm.[ch] and curl_ntlm.[ch] to actually verify that no functional change is introduced here. Notice that Steve Holme has provided several patches, but these included this refactoring along with 'extra' fixes. I really wanted this 'clean' refactoring done first, in order to allow discussion or committing of 'extra' fixes on a case by case basis, so, I had to bite the bullet ;-) Comments, line adjustments, compiler warning fixes, whatever, may follow afterwards.
2011-08-14 21:45:19 +08:00
}
else {
http: move header storage to Curl_easy from connectdata Since the connection can be used by many independent requests (using HTTP/2 or HTTP/3), things like user-agent and other transfer-specific data MUST NOT be kept connection oriented as it could lead to requests getting the wrong string for their requests. This struct data was lingering like this due to old HTTP1 legacy thinking where it didn't mattered.. Fixes #5566 Closes #5567
2020-06-15 17:28:17 +08:00
allocuserpwd = &data->state.aptr.userpwd;
http: use credentials from transfer, not connection HTTP auth "accidentally" worked before this cleanup since the code would always overwrite the connection credentials with the credentials from the most recent transfer and since HTTP auth is typically done first thing, this has not been an issue. It was still wrong and subject to possible race conditions or future breakage if the sequence of functions would change. The data.set.str[] strings MUST remain unmodified exactly as set by the user, and the credentials to use internally are instead set/updated in state.aptr.* Added test 675 to verify different credentials used in two requests done over a reused HTTP connection, which previously behaved wrongly. Fixes #6542 Closes #6545
2021-02-12 17:27:42 +08:00
userp = data->state.aptr.user;
passwdp = data->state.aptr.passwd;
lib: more conn->data cleanups Closes #6479
2021-01-18 18:56:50 +08:00
service = data->set.str[STRING_SERVICE_NAME] ?
http: use credentials from transfer, not connection HTTP auth "accidentally" worked before this cleanup since the code would always overwrite the connection credentials with the credentials from the most recent transfer and since HTTP auth is typically done first thing, this has not been an issue. It was still wrong and subject to possible race conditions or future breakage if the sequence of functions would change. The data.set.str[] strings MUST remain unmodified exactly as set by the user, and the credentials to use internally are instead set/updated in state.aptr.* Added test 675 to verify different credentials used in two requests done over a reused HTTP connection, which previously behaved wrongly. Fixes #6542 Closes #6545
2021-02-12 17:27:42 +08:00
data->set.str[STRING_SERVICE_NAME] : "HTTP";
ntlm_sspi: fix authentication using Credential Manager If you pass empty user/pass asking curl to use Windows Credential Storage (as stated in the docs) and it has valid credentials for the domain, e.g. curl -v -u : --ntlm example.com currently authentication fails. This change fixes it by providing proper SPN string to the SSPI API calls. Fixes https://github.com/curl/curl/issues/1622 Closes https://github.com/curl/curl/pull/1660
2017-07-08 08:10:08 +08:00
hostname = conn->host.name;
NTLM: END of refactoring/splitting/moving First: File curl_ntlm.h renamed curl_ntlm_msgs.h File curl_ntlm.c renamed curl_ntlm_msgs.c Afterwards: File http_ntlm.c renamed curl_ntlm.c File http_ntlm.h renamed curl_ntlm.h
2011-08-28 08:00:02 +08:00
ntlm = &conn->ntlm;
http_ntlm: Move the NTLM state out of the ntlmdata structure Given that this member variable is not used by the SASL based protocols there is no need to have it here.
2019-05-14 03:58:39 +08:00
state = &conn->http_ntlm_state;
lib: more conn->data cleanups Closes #6479
2021-01-18 18:56:50 +08:00
authp = &data->state.authhost;
http NTLM: split http_ntlm.[ch] between http_ntlm.[ch] and curl_ntlm.[ch] For modularity purposes, huge chunks of NTLM existing code is transformed into functions to allow future internal code reuse. Resulting three new libcurl private functions: - Curl_ntlm_create_type1_message() - Curl_ntlm_create_type3_message() - Curl_ntlm_decode_type2_message() Changing static ntlm_sspi_cleanup() into non-static Curl_ntlm_sspi_cleanup() This 'refactoring' has been prepared by previous commits to allow that this specific one does not introduce any change to existing code. All existing goodness and badness previous to this commit should remain the same once it is applied, the only difference should be that existing code is moved into functions. Given the quite big portions of code being moved around, and the importance of change traceability, this commit has been done in such a way that it is possible to perform a three-way diff from initial http_ntlm.[ch] to resulting http_ntlm.[ch] and curl_ntlm.[ch] to actually verify that no functional change is introduced here. Notice that Steve Holme has provided several patches, but these included this refactoring along with 'extra' fixes. I really wanted this 'clean' refactoring done first, in order to allow discussion or committing of 'extra' fixes on a case by case basis, so, I had to bite the bullet ;-) Comments, line adjustments, compiler warning fixes, whatever, may follow afterwards.
2011-08-14 21:45:19 +08:00
}
NTLM: END of refactoring/splitting/moving First: File curl_ntlm.h renamed curl_ntlm_msgs.h File curl_ntlm.c renamed curl_ntlm_msgs.c Afterwards: File http_ntlm.c renamed curl_ntlm.c File http_ntlm.h renamed curl_ntlm.h
2011-08-28 08:00:02 +08:00
authp->done = FALSE;
http NTLM: split http_ntlm.[ch] between http_ntlm.[ch] and curl_ntlm.[ch] For modularity purposes, huge chunks of NTLM existing code is transformed into functions to allow future internal code reuse. Resulting three new libcurl private functions: - Curl_ntlm_create_type1_message() - Curl_ntlm_create_type3_message() - Curl_ntlm_decode_type2_message() Changing static ntlm_sspi_cleanup() into non-static Curl_ntlm_sspi_cleanup() This 'refactoring' has been prepared by previous commits to allow that this specific one does not introduce any change to existing code. All existing goodness and badness previous to this commit should remain the same once it is applied, the only difference should be that existing code is moved into functions. Given the quite big portions of code being moved around, and the importance of change traceability, this commit has been done in such a way that it is possible to perform a three-way diff from initial http_ntlm.[ch] to resulting http_ntlm.[ch] and curl_ntlm.[ch] to actually verify that no functional change is introduced here. Notice that Steve Holme has provided several patches, but these included this refactoring along with 'extra' fixes. I really wanted this 'clean' refactoring done first, in order to allow discussion or committing of 'extra' fixes on a case by case basis, so, I had to bite the bullet ;-) Comments, line adjustments, compiler warning fixes, whatever, may follow afterwards.
2011-08-14 21:45:19 +08:00
NTLM: END of refactoring/splitting/moving First: File curl_ntlm.h renamed curl_ntlm_msgs.h File curl_ntlm.c renamed curl_ntlm_msgs.c Afterwards: File http_ntlm.c renamed curl_ntlm.c File http_ntlm.h renamed curl_ntlm.h
2011-08-28 08:00:02 +08:00
/* not set means empty */
if(!userp)
userp = "";
http NTLM: split http_ntlm.[ch] between http_ntlm.[ch] and curl_ntlm.[ch] For modularity purposes, huge chunks of NTLM existing code is transformed into functions to allow future internal code reuse. Resulting three new libcurl private functions: - Curl_ntlm_create_type1_message() - Curl_ntlm_create_type3_message() - Curl_ntlm_decode_type2_message() Changing static ntlm_sspi_cleanup() into non-static Curl_ntlm_sspi_cleanup() This 'refactoring' has been prepared by previous commits to allow that this specific one does not introduce any change to existing code. All existing goodness and badness previous to this commit should remain the same once it is applied, the only difference should be that existing code is moved into functions. Given the quite big portions of code being moved around, and the importance of change traceability, this commit has been done in such a way that it is possible to perform a three-way diff from initial http_ntlm.[ch] to resulting http_ntlm.[ch] and curl_ntlm.[ch] to actually verify that no functional change is introduced here. Notice that Steve Holme has provided several patches, but these included this refactoring along with 'extra' fixes. I really wanted this 'clean' refactoring done first, in order to allow discussion or committing of 'extra' fixes on a case by case basis, so, I had to bite the bullet ;-) Comments, line adjustments, compiler warning fixes, whatever, may follow afterwards.
2011-08-14 21:45:19 +08:00
NTLM: END of refactoring/splitting/moving First: File curl_ntlm.h renamed curl_ntlm_msgs.h File curl_ntlm.c renamed curl_ntlm_msgs.c Afterwards: File http_ntlm.c renamed curl_ntlm.c File http_ntlm.h renamed curl_ntlm.h
2011-08-28 08:00:02 +08:00
if(!passwdp)
passwdp = "";
http NTLM: split http_ntlm.[ch] between http_ntlm.[ch] and curl_ntlm.[ch] For modularity purposes, huge chunks of NTLM existing code is transformed into functions to allow future internal code reuse. Resulting three new libcurl private functions: - Curl_ntlm_create_type1_message() - Curl_ntlm_create_type3_message() - Curl_ntlm_decode_type2_message() Changing static ntlm_sspi_cleanup() into non-static Curl_ntlm_sspi_cleanup() This 'refactoring' has been prepared by previous commits to allow that this specific one does not introduce any change to existing code. All existing goodness and badness previous to this commit should remain the same once it is applied, the only difference should be that existing code is moved into functions. Given the quite big portions of code being moved around, and the importance of change traceability, this commit has been done in such a way that it is possible to perform a three-way diff from initial http_ntlm.[ch] to resulting http_ntlm.[ch] and curl_ntlm.[ch] to actually verify that no functional change is introduced here. Notice that Steve Holme has provided several patches, but these included this refactoring along with 'extra' fixes. I really wanted this 'clean' refactoring done first, in order to allow discussion or committing of 'extra' fixes on a case by case basis, so, I had to bite the bullet ;-) Comments, line adjustments, compiler warning fixes, whatever, may follow afterwards.
2011-08-14 21:45:19 +08:00
NTLM: END of refactoring/splitting/moving First: File curl_ntlm.h renamed curl_ntlm_msgs.h File curl_ntlm.c renamed curl_ntlm_msgs.c Afterwards: File http_ntlm.c renamed curl_ntlm.c File http_ntlm.h renamed curl_ntlm.h
2011-08-28 08:00:02 +08:00
#ifdef USE_WINDOWS_SSPI
lib: make SSPI global symbols use Curl_ prefix Do not pollute the namespace. Closes #14776
2024-09-04 16:24:23 +08:00
if(!Curl_hSecDll) {
NTLM: END of refactoring/splitting/moving First: File curl_ntlm.h renamed curl_ntlm_msgs.h File curl_ntlm.c renamed curl_ntlm_msgs.c Afterwards: File http_ntlm.c renamed curl_ntlm.c File http_ntlm.h renamed curl_ntlm.h
2011-08-28 08:00:02 +08:00
/* not thread safe and leaks - use curl_global_init() to avoid */
CURLcode err = Curl_sspi_global_init();
lib: make SSPI global symbols use Curl_ prefix Do not pollute the namespace. Closes #14776
2024-09-04 16:24:23 +08:00
if(!Curl_hSecDll)
NTLM: END of refactoring/splitting/moving First: File curl_ntlm.h renamed curl_ntlm_msgs.h File curl_ntlm.c renamed curl_ntlm_msgs.c Afterwards: File http_ntlm.c renamed curl_ntlm.c File http_ntlm.h renamed curl_ntlm.h
2011-08-28 08:00:02 +08:00
return err;
}
spnego_sspi: add support for channel binding Attempt to add support for Secure Channel binding when negotiate authentication is used. The problem to solve is that by default IIS accepts channel binding and curl doesn't utilise them. The result was a 401 response. Scope affects only the Schannel(winssl)-SSPI combination. Fixes https://github.com/curl/curl/issues/3503 Closes https://github.com/curl/curl/pull/3509
2019-01-30 01:26:31 +08:00
#ifdef SECPKG_ATTR_ENDPOINT_BINDINGS
ntlm->sslContext = conn->sslContext;
#endif
NTLM: END of refactoring/splitting/moving First: File curl_ntlm.h renamed curl_ntlm_msgs.h File curl_ntlm.c renamed curl_ntlm_msgs.c Afterwards: File http_ntlm.c renamed curl_ntlm.c File http_ntlm.h renamed curl_ntlm.h
2011-08-28 08:00:02 +08:00
#endif
vauth: factor base64 conversions out of authentication procedures Input challenges and returned messages are now in binary. Conversions from/to base64 are performed by callers (currently curl_sasl.c and http_ntlm.c). Closes #6654
2021-03-18 03:09:55 +08:00
Curl_bufref_init(&ntlmmsg);
lib: avoid fallthrough cases in switch statements Commit b5a434f7f0ee4d64857f8592eced5b9007d83620 inhibits the warning on implicit fallthrough cases, since the current coding of indicating fallthrough with comments is falling out of fashion with new compilers. This attempts to make the issue smaller by rewriting fallthroughs to no longer fallthrough, via either breaking the cases or turning switch statements into if statements. lib/content_encoding.c: the fallthrough codepath is simply copied into the case as it's a single line. lib/http_ntlm.c: the fallthrough case skips a state in the state- machine and fast-forwards to NTLMSTATE_LAST. Do this before the switch statement instead to set up the states that we actually want. lib/http_proxy.c: the fallthrough is just falling into exiting the switch statement which can be done easily enough in the case. lib/mime.c: switch statement rewritten as if statement. lib/pop3.c: the fallthrough case skips to the next state in the statemachine, do this explicitly instead. lib/urlapi.c: switch statement rewritten as if statement. lib/vssh/wolfssh.c: the fallthrough cases fast-forwards the state machine, do this by running another iteration of the switch statement instead. lib/vtls/gtls.c: switch statement rewritten as if statement. lib/vtls/nss.c: the fallthrough codepath is simply copied into the case as it's a single line. Also twiddle a comment to not be inside a non-brace if statement. Closes: #7322 See-also: #7295 Reviewed-by: Daniel Stenberg <daniel@haxx.se>
2021-09-29 16:00:52 +08:00
code: language cleanup in comments Based on the standards and guidelines we use for our documentation. - expand contractions (they're => they are etc) - host name = > hostname - file name => filename - user name = username - man page => manpage - run-time => runtime - set-up => setup - back-end => backend - a HTTP => an HTTP - Two spaces after a period => one space after period Closes #14073
2024-07-01 22:47:21 +08:00
/* connection is already authenticated, do not send a header in future
lib: avoid fallthrough cases in switch statements Commit b5a434f7f0ee4d64857f8592eced5b9007d83620 inhibits the warning on implicit fallthrough cases, since the current coding of indicating fallthrough with comments is falling out of fashion with new compilers. This attempts to make the issue smaller by rewriting fallthroughs to no longer fallthrough, via either breaking the cases or turning switch statements into if statements. lib/content_encoding.c: the fallthrough codepath is simply copied into the case as it's a single line. lib/http_ntlm.c: the fallthrough case skips a state in the state- machine and fast-forwards to NTLMSTATE_LAST. Do this before the switch statement instead to set up the states that we actually want. lib/http_proxy.c: the fallthrough is just falling into exiting the switch statement which can be done easily enough in the case. lib/mime.c: switch statement rewritten as if statement. lib/pop3.c: the fallthrough case skips to the next state in the statemachine, do this explicitly instead. lib/urlapi.c: switch statement rewritten as if statement. lib/vssh/wolfssh.c: the fallthrough cases fast-forwards the state machine, do this by running another iteration of the switch statement instead. lib/vtls/gtls.c: switch statement rewritten as if statement. lib/vtls/nss.c: the fallthrough codepath is simply copied into the case as it's a single line. Also twiddle a comment to not be inside a non-brace if statement. Closes: #7322 See-also: #7295 Reviewed-by: Daniel Stenberg <daniel@haxx.se>
2021-09-29 16:00:52 +08:00
* requests so go directly to NTLMSTATE_LAST */
if(*state == NTLMSTATE_TYPE3)
*state = NTLMSTATE_LAST;
http_ntlm: Move the NTLM state out of the ntlmdata structure Given that this member variable is not used by the SASL based protocols there is no need to have it here.
2019-05-14 03:58:39 +08:00
switch(*state) {
NTLM: END of refactoring/splitting/moving First: File curl_ntlm.h renamed curl_ntlm_msgs.h File curl_ntlm.c renamed curl_ntlm_msgs.c Afterwards: File http_ntlm.c renamed curl_ntlm.c File http_ntlm.h renamed curl_ntlm.h
2011-08-28 08:00:02 +08:00
case NTLMSTATE_TYPE1:
default: /* for the weird cases we (re)start here */
/* Create a type-1 message */
lib: more conn->data cleanups Closes #6479
2021-01-18 18:56:50 +08:00
result = Curl_auth_create_ntlm_type1_message(data, userp, passwdp,
ntlm_sspi: fix authentication using Credential Manager If you pass empty user/pass asking curl to use Windows Credential Storage (as stated in the docs) and it has valid credentials for the domain, e.g. curl -v -u : --ntlm example.com currently authentication fails. This change fixes it by providing proper SPN string to the SSPI API calls. Fixes https://github.com/curl/curl/issues/1622 Closes https://github.com/curl/curl/pull/1660
2017-07-08 08:10:08 +08:00
service, hostname,
vauth: factor base64 conversions out of authentication procedures Input challenges and returned messages are now in binary. Conversions from/to base64 are performed by callers (currently curl_sasl.c and http_ntlm.c). Closes #6654
2021-03-18 03:09:55 +08:00
ntlm, &ntlmmsg);
if(!result) {
DEBUGASSERT(Curl_bufref_len(&ntlmmsg) != 0);
lib: remove support for CURL_DOES_CONVERSIONS TPF was the only user and support for that was dropped. Closes #8378
2022-02-03 20:04:30 +08:00
result = Curl_base64_encode((const char *) Curl_bufref_ptr(&ntlmmsg),
vauth: factor base64 conversions out of authentication procedures Input challenges and returned messages are now in binary. Conversions from/to base64 are performed by callers (currently curl_sasl.c and http_ntlm.c). Closes #6654
2021-03-18 03:09:55 +08:00
Curl_bufref_len(&ntlmmsg), &base64, &len);
if(!result) {
free(*allocuserpwd);
*allocuserpwd = aprintf("%sAuthorization: NTLM %s\r\n",
proxy ? "Proxy-" : "",
base64);
free(base64);
if(!*allocuserpwd)
result = CURLE_OUT_OF_MEMORY;
}
NTLM: END of refactoring/splitting/moving First: File curl_ntlm.h renamed curl_ntlm_msgs.h File curl_ntlm.c renamed curl_ntlm_msgs.c Afterwards: File http_ntlm.c renamed curl_ntlm.c File http_ntlm.h renamed curl_ntlm.h
2011-08-28 08:00:02 +08:00
}
break;
case NTLMSTATE_TYPE2:
/* We already received the type-2 message, create a type-3 message */
lib: more conn->data cleanups Closes #6479
2021-01-18 18:56:50 +08:00
result = Curl_auth_create_ntlm_type3_message(data, userp, passwdp,
vauth: factor base64 conversions out of authentication procedures Input challenges and returned messages are now in binary. Conversions from/to base64 are performed by callers (currently curl_sasl.c and http_ntlm.c). Closes #6654
2021-03-18 03:09:55 +08:00
ntlm, &ntlmmsg);
if(!result && Curl_bufref_len(&ntlmmsg)) {
lib: remove support for CURL_DOES_CONVERSIONS TPF was the only user and support for that was dropped. Closes #8378
2022-02-03 20:04:30 +08:00
result = Curl_base64_encode((const char *) Curl_bufref_ptr(&ntlmmsg),
vauth: factor base64 conversions out of authentication procedures Input challenges and returned messages are now in binary. Conversions from/to base64 are performed by callers (currently curl_sasl.c and http_ntlm.c). Closes #6654
2021-03-18 03:09:55 +08:00
Curl_bufref_len(&ntlmmsg), &base64, &len);
if(!result) {
free(*allocuserpwd);
*allocuserpwd = aprintf("%sAuthorization: NTLM %s\r\n",
proxy ? "Proxy-" : "",
base64);
free(base64);
if(!*allocuserpwd)
result = CURLE_OUT_OF_MEMORY;
else {
*state = NTLMSTATE_TYPE3; /* we send a type-3 */
authp->done = TRUE;
}
}
NTLM: END of refactoring/splitting/moving First: File curl_ntlm.h renamed curl_ntlm_msgs.h File curl_ntlm.c renamed curl_ntlm_msgs.c Afterwards: File http_ntlm.c renamed curl_ntlm.c File http_ntlm.h renamed curl_ntlm.h
2011-08-28 08:00:02 +08:00
}
break;
NTLM: handle auth for only a single request Currently when the server responds with 401 on NTLM authenticated connection (re-used) we consider it to have failed. However this is legitimate and may happen when for example IIS is set configured to 'authPersistSingleRequest' or when the request goes thru a proxy (with 'via' header). Implemented by imploying an additional state once a connection is re-used to indicate that if we receive 401 we need to restart authentication. Closes #363
2015-08-04 07:20:23 +08:00
case NTLMSTATE_LAST:
NTLM: fix several NTLM code paths memory leaks
2013-03-24 11:47:57 +08:00
Curl_safefree(*allocuserpwd);
NTLM: END of refactoring/splitting/moving First: File curl_ntlm.h renamed curl_ntlm_msgs.h File curl_ntlm.c renamed curl_ntlm_msgs.c Afterwards: File http_ntlm.c renamed curl_ntlm.c File http_ntlm.h renamed curl_ntlm.h
2011-08-28 08:00:02 +08:00
authp->done = TRUE;
break;
http NTLM: split http_ntlm.[ch] between http_ntlm.[ch] and curl_ntlm.[ch] For modularity purposes, huge chunks of NTLM existing code is transformed into functions to allow future internal code reuse. Resulting three new libcurl private functions: - Curl_ntlm_create_type1_message() - Curl_ntlm_create_type3_message() - Curl_ntlm_decode_type2_message() Changing static ntlm_sspi_cleanup() into non-static Curl_ntlm_sspi_cleanup() This 'refactoring' has been prepared by previous commits to allow that this specific one does not introduce any change to existing code. All existing goodness and badness previous to this commit should remain the same once it is applied, the only difference should be that existing code is moved into functions. Given the quite big portions of code being moved around, and the importance of change traceability, this commit has been done in such a way that it is possible to perform a three-way diff from initial http_ntlm.[ch] to resulting http_ntlm.[ch] and curl_ntlm.[ch] to actually verify that no functional change is introduced here. Notice that Steve Holme has provided several patches, but these included this refactoring along with 'extra' fixes. I really wanted this 'clean' refactoring done first, in order to allow discussion or committing of 'extra' fixes on a case by case basis, so, I had to bite the bullet ;-) Comments, line adjustments, compiler warning fixes, whatever, may follow afterwards.
2011-08-14 21:45:19 +08:00
}
vauth: factor base64 conversions out of authentication procedures Input challenges and returned messages are now in binary. Conversions from/to base64 are performed by callers (currently curl_sasl.c and http_ntlm.c). Closes #6654
2021-03-18 03:09:55 +08:00
Curl_bufref_free(&ntlmmsg);
http NTLM: split http_ntlm.[ch] between http_ntlm.[ch] and curl_ntlm.[ch] For modularity purposes, huge chunks of NTLM existing code is transformed into functions to allow future internal code reuse. Resulting three new libcurl private functions: - Curl_ntlm_create_type1_message() - Curl_ntlm_create_type3_message() - Curl_ntlm_decode_type2_message() Changing static ntlm_sspi_cleanup() into non-static Curl_ntlm_sspi_cleanup() This 'refactoring' has been prepared by previous commits to allow that this specific one does not introduce any change to existing code. All existing goodness and badness previous to this commit should remain the same once it is applied, the only difference should be that existing code is moved into functions. Given the quite big portions of code being moved around, and the importance of change traceability, this commit has been done in such a way that it is possible to perform a three-way diff from initial http_ntlm.[ch] to resulting http_ntlm.[ch] and curl_ntlm.[ch] to actually verify that no functional change is introduced here. Notice that Steve Holme has provided several patches, but these included this refactoring along with 'extra' fixes. I really wanted this 'clean' refactoring done first, in order to allow discussion or committing of 'extra' fixes on a case by case basis, so, I had to bite the bullet ;-) Comments, line adjustments, compiler warning fixes, whatever, may follow afterwards.
2011-08-14 21:45:19 +08:00
vauth: factor base64 conversions out of authentication procedures Input challenges and returned messages are now in binary. Conversions from/to base64 are performed by callers (currently curl_sasl.c and http_ntlm.c). Closes #6654
2021-03-18 03:09:55 +08:00
return result;
NTLM: END of refactoring/splitting/moving First: File curl_ntlm.h renamed curl_ntlm_msgs.h File curl_ntlm.c renamed curl_ntlm_msgs.c Afterwards: File http_ntlm.c renamed curl_ntlm.c File http_ntlm.h renamed curl_ntlm.h
2011-08-28 08:00:02 +08:00
}
http NTLM: split http_ntlm.[ch] between http_ntlm.[ch] and curl_ntlm.[ch] For modularity purposes, huge chunks of NTLM existing code is transformed into functions to allow future internal code reuse. Resulting three new libcurl private functions: - Curl_ntlm_create_type1_message() - Curl_ntlm_create_type3_message() - Curl_ntlm_decode_type2_message() Changing static ntlm_sspi_cleanup() into non-static Curl_ntlm_sspi_cleanup() This 'refactoring' has been prepared by previous commits to allow that this specific one does not introduce any change to existing code. All existing goodness and badness previous to this commit should remain the same once it is applied, the only difference should be that existing code is moved into functions. Given the quite big portions of code being moved around, and the importance of change traceability, this commit has been done in such a way that it is possible to perform a three-way diff from initial http_ntlm.[ch] to resulting http_ntlm.[ch] and curl_ntlm.[ch] to actually verify that no functional change is introduced here. Notice that Steve Holme has provided several patches, but these included this refactoring along with 'extra' fixes. I really wanted this 'clean' refactoring done first, in order to allow discussion or committing of 'extra' fixes on a case by case basis, so, I had to bite the bullet ;-) Comments, line adjustments, compiler warning fixes, whatever, may follow afterwards.
2011-08-14 21:45:19 +08:00
auth: Rename the various authentication clean up functions For consistency and to a avoid confusion. Closes #3869
2019-05-11 19:57:42 +08:00
void Curl_http_auth_cleanup_ntlm(struct connectdata *conn)
NTLM: END of refactoring/splitting/moving First: File curl_ntlm.h renamed curl_ntlm_msgs.h File curl_ntlm.c renamed curl_ntlm_msgs.c Afterwards: File http_ntlm.c renamed curl_ntlm.c File http_ntlm.h renamed curl_ntlm.h
2011-08-28 08:00:02 +08:00
{
auth: Rename the various authentication clean up functions For consistency and to a avoid confusion. Closes #3869
2019-05-11 19:57:42 +08:00
Curl_auth_cleanup_ntlm(&conn->ntlm);
Curl_auth_cleanup_ntlm(&conn->proxyntlm);
http NTLM: split http_ntlm.[ch] between http_ntlm.[ch] and curl_ntlm.[ch] For modularity purposes, huge chunks of NTLM existing code is transformed into functions to allow future internal code reuse. Resulting three new libcurl private functions: - Curl_ntlm_create_type1_message() - Curl_ntlm_create_type3_message() - Curl_ntlm_decode_type2_message() Changing static ntlm_sspi_cleanup() into non-static Curl_ntlm_sspi_cleanup() This 'refactoring' has been prepared by previous commits to allow that this specific one does not introduce any change to existing code. All existing goodness and badness previous to this commit should remain the same once it is applied, the only difference should be that existing code is moved into functions. Given the quite big portions of code being moved around, and the importance of change traceability, this commit has been done in such a way that it is possible to perform a three-way diff from initial http_ntlm.[ch] to resulting http_ntlm.[ch] and curl_ntlm.[ch] to actually verify that no functional change is introduced here. Notice that Steve Holme has provided several patches, but these included this refactoring along with 'extra' fixes. I really wanted this 'clean' refactoring done first, in order to allow discussion or committing of 'extra' fixes on a case by case basis, so, I had to bite the bullet ;-) Comments, line adjustments, compiler warning fixes, whatever, may follow afterwards.
2011-08-14 21:45:19 +08:00
}
build: Fixed no NTLM support for email when CURL_DISABLE_HTTP is defined USE_NTLM would only be defined if: HTTP support was enabled, NTLM and cryptography weren't disabled, and either a supporting cryptography library or Windows SSPI was being compiled against. This means it was not possible to build libcurl without HTTP support and use NTLM for other protocols such as IMAP, POP3 and SMTP. Rather than introduce a new SASL pre-processor definition, removed the HTTP prerequisite just like USE_SPNEGO and USE_KRB5. Note: Winbind support still needs to be dependent on CURL_DISABLE_HTTP as it is only available to HTTP at present. This bug dates back to August 2011 when I started to add support for NTLM to SMTP.
2014-11-09 20:46:00 +08:00
#endif /* !CURL_DISABLE_HTTP && USE_NTLM */
Reference in New Issue Copy Permalink