Commit Graph

69 Commits

Author SHA1 Message Date
Steve Holme
82fdb87b27 ntlm: Disable NTLM v2 when 64-bit integers are not supported
This fixes compilation issues with compilers that don't support 64-bit
integers through long long or __int64 which was introduced in commit
07b66cbfa4.
2014-12-12 22:34:16 +00:00
Steve Holme
97e90d7b89 ntlm: Allow NTLM2Session messages when USE_NTRESPONSES manually defined
Previously USE_NTLM2SESSION would only be defined automatically when
USE_NTRESPONSES wasn't already defined. Separated the two definitions
so that the user can manually set USE_NTRESPONSES themselves but
USE_NTLM2SESSION is defined automatically if they don't define it.
2014-12-12 22:33:57 +00:00
Steve Holme
bfdef6301c sasl: Reduced the need for two sets of NTLM functions 2014-11-23 16:45:30 +00:00
Steve Holme
33be9e29be ntlm: Moved NSS initialisation to base decode function 2014-11-23 16:07:59 +00:00
Steve Holme
409265a571 ntlm: Fixed static'ness of local decode function 2014-11-23 10:38:54 +00:00
Steve Holme
885119bf50 ntlm: Corrected some parameter names and comments 2014-11-23 10:38:35 +00:00
Steve Holme
30892709d7 ntlm: Moved the SSPI based Type-3 message generation into the SASL module 2014-11-16 14:16:07 +00:00
Steve Holme
a3fead9706 ntlm: Moved the SSPI based Type-2 message decoding into the SASL module 2014-11-16 13:59:11 +00:00
Steve Holme
201d0df50b ntlm: Moved the SSPI based Type-1 message generation into the SASL module 2014-11-16 13:39:13 +00:00
Steve Holme
9dfbcef272 ntlm: Clean-up and standardisation of base64 decoding 2014-11-14 22:02:06 +00:00
Steve Holme
7faaca7118 ntlm: We prefer 'CURLcode result' 2014-11-14 22:00:04 +00:00
Steve Holme
8145f92dcc ntlm: Removed an unnecessary free of native Target Info
Due to commit 40ee1ba0dc the free in Curl_ntlm_decode_type2_target() is
longer required.
2014-11-09 11:54:50 +00:00
Steve Holme
40ee1ba0dc ntlm: Moved the native Target Info clean-up from HTTP specific function 2014-11-09 11:47:40 +00:00
Steve Holme
474442dd56 ntlm: Moved SSPI clean-up code into SASL module 2014-11-09 11:10:34 +00:00
Steve Holme
d62cb0f5d0 sspi: Define authentication package name constants
These were previously hard coded, and whilst defined in security.h,
they may or may not be present in old header files given that these
defines were never used in the original code.

Not only that, but there appears to be some ambiguity between the ANSI
and UNICODE NTLM definition name in security.h.
2014-11-05 11:54:02 +00:00
Steve Holme
f3fc3d021d sspi: Return CURLE_LOGIN_DENIED on AcquireCredentialsHandle() failure
Return a more appropriate error, rather than CURLE_OUT_OF_MEMORY when
acquiring the credentials handle fails. This is then consistent with
the code prior to commit f7e24683c4 when log-in credentials were empty.
2014-10-29 14:26:48 +00:00
Steve Holme
c1c16bea94 sspi: Synchronization of cleanup code between auth mechanisms 2014-10-26 14:51:58 +00:00
Steve Holme
d91d21f05b sspi: Renamed max token length variables
Code cleanup to try and synchronise code between the different SSPI
based authentication mechanisms.
2014-10-26 14:43:02 +00:00
Steve Holme
c2c6805797 sspi: Renamed expiry time stamp variables
Code cleanup to try and synchronise code between the different SSPI
based authentication mechanisms.
2014-10-26 14:34:06 +00:00
Steve Holme
9c613ade7a sspi: Only call CompleteAuthToken() when complete is needed
Don't call CompleteAuthToken() after InitializeSecurityContext() has
returned SEC_I_CONTINUE_NEEDED as this return code only indicates the
function should be called again after receiving a response back from
the server.

This only affected the Digest and NTLM authentication code.
2014-10-26 14:33:19 +00:00
Steve Holme
980f2b7078 ntlm: Return all errors from Curl_ntlm_core_mk_nt_hash()
For consistency with other areas of the NTLM code propagate all errors
from Curl_ntlm_core_mk_nt_hash() up the call stack rather than just
CURLE_OUT_OF_MEMORY.
2014-10-26 09:14:46 +00:00
Steve Holme
3b738a16eb ntlm: Return CURLcode from Curl_ntlm_core_mk_lm_hash() 2014-10-26 09:14:34 +00:00
Steve Holme
28ff8babad ntlm: Changed handles to be dynamic like other SSPI handles
Code cleanup to try and synchronise code between the different SSPI
based authentication mechanisms.
2014-10-25 14:16:06 +01:00
Steve Holme
f9f212fb93 ntlm: Renamed handle variables to match other SSPI structures
Code cleanup to try and synchronise code between the different SSPI
based authentication mechanisms.
2014-10-25 14:15:57 +01:00
Steve Holme
df97ab3e5f ntlm: Renamed SSPI based input token variables
Code cleanup to try and synchronise code between the different SSPI
based authentication mechanisms.
2014-10-25 14:15:48 +01:00
Steve Holme
c18329cef6 ntlm: We prefer 'CURLcode result'
Continuing commit 0eb3d15ccb more return code variable name changes.
2014-10-25 14:06:21 +01:00
Steve Holme
fa9f5ed982 ntlm: Fixed empty type-2 decoded message info text
Updated the info text when the base-64 decode of the type-2 message
returns a null buffer to be more specific.
2014-10-16 20:30:08 +01:00
Steve Holme
72147c62f7 ntlm: Fixed empty/bad base-64 decoded buffer return codes 2014-10-16 20:24:56 +01:00
Steve Holme
7a91296f1d ntlm: Avoid unnecessary buffer allocation for SSPI based type-2 token 2014-10-16 20:19:33 +01:00
Ulrich Telle
8ee182288a ntlm: Fixed HTTP proxy authentication when using Windows SSPI
Removed ISC_REQ_* flags from calls to InitializeSecurityContext to fix
bug in NTLM handshake for HTTP proxy authentication.

NTLM handshake for HTTP proxy authentication failed with error
SEC_E_INVALID_TOKEN from InitializeSecurityContext for certain proxy
servers on generating the NTLM Type-3 message.

The flag ISC_REQ_CONFIDENTIALITY seems to cause the problem according
to the observations and suggestions made in a bug report for the
QT project (https://bugreports.qt-project.org/browse/QTBUG-17322).

Removing all the flags solved the problem.

Bug: http://curl.haxx.se/mail/lib-2014-08/0273.html
Reported-by: Ulrich Telle
Assisted-by: Steve Holme, Daniel Stenberg
2014-09-12 13:05:02 +01:00
Steve Holme
b91e97eabd sspi: Minor code tidy up to standardise coding style
Following the recent changes and in attempt to align the SSPI based
authentication code performed the following:

* Use NULL and SECBUFFVERSION rather than hard coded constants.
* Avoid comparison of zero in if statements.
* Standardised the buf and desc setup code.
2014-08-08 22:43:18 +01:00
Daniel Stenberg
159c3aafd8 curl_ntlm_msgs: make < 80 columns wide 2014-08-08 08:34:51 +02:00
Steve Holme
df739784e5 ntlm: Fixed hard coded buffer for SSPI based auth packet generation
Given the SSPI package info query indicates a token size of 2888 bytes,
and as with the Winbind code and commit 9008f3d56, use a dynamic buffer
for the Type-1 and Type-3 message generation rather than a fixed buffer
of 1024 bytes.
2014-08-08 07:31:03 +01:00
Steve Holme
03d34b683d ntlm: Added support for SSPI package info query
Just as with the SSPI implementations of Digest and Negotiate added a
package info query so that libcurl can a) return a more appropriate
error code when the NTLM package is not supported and b) it can be of
use later to allocate a dynamic buffer for the Type-1 and Type-3
output tokens rather than use a fixed buffer of 1024 bytes.
2014-08-07 20:15:17 +01:00
Daniel Stenberg
e95ca7cec9 NTLM: set a fake entropy for debug builds with CURL_ENTROPY set
Curl_rand() will return a dummy and repatable random value for this
case. Makes it possible to write test cases that verify output.

Also, fake timestamp with CURL_FORCETIME set.

Only when built debug enabled of course.

Curl_ssl_random() was not used anymore so it has been
removed. Curl_rand() is enough.

create_digest_md5_message: generate base64 instead of hex string

curl_sasl: also fix memory leaks in some OOM situations
2014-06-11 23:15:48 +02:00
Steve Holme
ee40136f6c sasl: Post DIGEST-MD5 SSPI code tidy up
* Added comments to SSPI NTLM message generation
* Added comments to native DIGEST-MD5 code
* Removed redundant identity pointer
2014-04-06 13:30:52 +01:00
Steve Holme
c469941293 ntlm: Moved the identity generation into shared SSPI code 2014-04-06 00:35:22 +01:00
Steve Holme
0e11307057 ntlm: Use static client nonce for the test suite 2014-01-30 11:39:08 +00:00
Steve Holme
eb91e1a58f ntlm: Coding style policing dating back to 2011 2014-01-29 20:51:04 +00:00
Prash Dush
86724581b6 ntlm: Added support for NTLMv2 2014-01-29 20:17:11 +00:00
Daniel Stenberg
11e8066ef9 vtls: renamed sslgen.[ch] to vtls.[ch] 2013-12-20 17:12:42 +01:00
Daniel Stenberg
eccf4fb7ee vtls: created subdir, moved sslgen.[ch] there, updated all include lines 2013-12-20 17:12:42 +01:00
Yang Tse
c5eabd48e8 curl_ntlm_msgs.c: revert commit 463082bea4
reverts unreleased invalid memory leak fix
2013-03-25 03:32:46 +01:00
Steve Holme
9a6e580e3a ntlm: Updated comments for the addition of SASL support to IMAP in v7.29 2013-02-11 14:26:18 +00:00
Gisle Vanem
463082bea4 ntlm: fix memory leak
Running tests\libtest\libntlmconnect.exe reveals a 1 byte (!) leak in
./lib/curl_ntlm_msgs.c:

perl ..\memanalyze.pl c:memdebug.curl
Leak detected: memory still allocated: 1 bytes
At 9771e8, there's 1 bytes.
allocated by curl_ntlm_msgs.c:399

Snippet from curl_ntlm_msgs.c:
   /* setup ntlm identity's domain and length */
   dup_domain.tchar_ptr = malloc(sizeof(TCHAR) * (domlen + 1));

(my domlen == 0).

'dup_domain.tbyte_ptr' looks to be freed in Curl_ntlm_sspi_cleanup() via
'ntlm->identity.Domain'. But I see no freeing of 'dup_domain.tchar_ptr'.
2013-02-08 15:51:27 +01:00
Yang Tse
5a053ffe80 build: fix circular header inclusion with other packages
This commit renames lib/setup.h to lib/curl_setup.h and
renames lib/setup_once.h to lib/curl_setup_once.h.

Removes the need and usage of a header inclusion guard foreign
to libcurl. [1]

Removes the need and presence of an alarming notice we carried
in old setup_once.h [2]

----------------------------------------

1 - lib/setup_once.h used __SETUP_ONCE_H macro as header inclusion guard
    up to commit ec691ca3 which changed this to HEADER_CURL_SETUP_ONCE_H,
    this single inclusion guard is enough to ensure that inclusion of
    lib/setup_once.h done from lib/setup.h is only done once.

    Additionally lib/setup.h has always used __SETUP_ONCE_H macro to
    protect inclusion of setup_once.h even after commit ec691ca3, this
    was to avoid a circular header inclusion triggered when building a
    c-ares enabled version with c-ares sources available which also has
    a setup_once.h header. Commit ec691ca3 exposes the real nature of
    __SETUP_ONCE_H usage in lib/setup.h, it is a header inclusion guard
    foreign to libcurl belonging to c-ares's setup_once.h

    The renaming this commit does, fixes the circular header inclusion,
    and as such removes the need and usage of a header inclusion guard
    foreign to libcurl. Macro __SETUP_ONCE_H no longer used in libcurl.

2 - Due to the circular interdependency of old lib/setup_once.h and the
    c-ares setup_once.h header, old file lib/setup_once.h has carried
    back from 2006 up to now days an alarming and prominent notice about
    the need of keeping libcurl's and c-ares's setup_once.h in sync.

    Given that this commit fixes the circular interdependency, the need
    and presence of mentioned notice is removed.

    All mentioned interdependencies come back from now old days when
    the c-ares project lived inside a curl subdirectory. This commit
    removes last traces of such fact.
2013-01-09 00:49:50 +01:00
Yang Tse
4a5aa6682d Revert changes relative to lib/*.[ch] recent renaming
This reverts renaming and usage of lib/*.h header files done
28-12-2012, reverting 2 commits:

  f871de0... build: make use of 76 lib/*.h renamed files
  ffd8e12... build: rename 76 lib/*.h files

This also reverts removal of redundant include guard (redundant thanks
to changes in above commits) done 2-12-2013, reverting 1 commit:

  c087374... curl_setup.h: remove redundant include guard

This also reverts renaming and usage of lib/*.c source files done
3-12-2013, reverting 3 commits:

  13606bb... build: make use of 93 lib/*.c renamed files
  5b6e792... build: rename 93 lib/*.c files
  7d83dff... build: commit 13606bbfde follow-up 1

Start of related discussion thread:

  http://curl.haxx.se/mail/lib-2013-01/0012.html

Asking for confirmation on pushing this revertion commit:

  http://curl.haxx.se/mail/lib-2013-01/0048.html

Confirmation summary:

  http://curl.haxx.se/mail/lib-2013-01/0079.html

NOTICE: The list of 2 files that have been modified by other
intermixed commits, while renamed, and also by at least one
of the 6 commits this one reverts follows below. These 2 files
will exhibit a hole in history unless git's '--follow' option
is used when viewing logs.

  lib/curl_imap.h
  lib/curl_smtp.h
2013-01-06 18:20:27 +01:00
Yang Tse
13606bbfde build: make use of 93 lib/*.c renamed files
93 *.c source files renamed to use our standard naming scheme.

This change affects 77 files in libcurl's source tree.
2013-01-03 05:50:26 +01:00
Yang Tse
f871de0064 build: make use of 76 lib/*.h renamed files
76 private header files renamed to use our standard naming scheme.

This change affects 322 files in libcurl's source tree.
2012-12-28 19:37:11 +01:00
Daniel Stenberg
4ac56b9d9f code police: narrow source to < 80 columns 2012-07-06 00:19:41 +02:00