aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorSteve Holme <steve_holme@hotmail.com>2019-05-13 20:58:39 +0100
committerSteve Holme <steve_holme@hotmail.com>2019-05-15 00:31:45 +0100
commit85bef18ca1afc356df3bb28e27ac74e4332affa1 (patch)
tree7d16e10766c905e0f5a67bede4292d936ab9cf4d
parent0c73adfad3ef9ea2fe2a0ebf7eb0a78b5abb877c (diff)
http_ntlm: Move the NTLM state out of the ntlmdata structure
Given that this member variable is not used by the SASL based protocols there is no need to have it here.
-rw-r--r--lib/curl_ntlm_wb.c15
-rw-r--r--lib/http.c8
-rw-r--r--lib/http_ntlm.c23
-rw-r--r--lib/multi.c4
-rw-r--r--lib/url.c8
-rw-r--r--lib/urldata.h4
6 files changed, 34 insertions, 28 deletions
diff --git a/lib/curl_ntlm_wb.c b/lib/curl_ntlm_wb.c
index 20dde057d..865f1396b 100644
--- a/lib/curl_ntlm_wb.c
+++ b/lib/curl_ntlm_wb.c
@@ -345,8 +345,7 @@ CURLcode Curl_output_ntlm_wb(struct connectdata *conn,
char **allocuserpwd;
/* point to the name and password for this */
const char *userp;
- /* point to the correct struct with this */
- struct ntlmdata *ntlm;
+ curlntlm *state;
struct auth *authp;
CURLcode res = CURLE_OK;
@@ -358,13 +357,13 @@ CURLcode Curl_output_ntlm_wb(struct connectdata *conn,
if(proxy) {
allocuserpwd = &conn->allocptr.proxyuserpwd;
userp = conn->http_proxy.user;
- ntlm = &conn->proxyntlm;
+ state = &conn->proxy_ntlm_state;
authp = &conn->data->state.authproxy;
}
else {
allocuserpwd = &conn->allocptr.userpwd;
userp = conn->user;
- ntlm = &conn->ntlm;
+ state = &conn->http_ntlm_state;
authp = &conn->data->state.authhost;
}
authp->done = FALSE;
@@ -373,7 +372,7 @@ CURLcode Curl_output_ntlm_wb(struct connectdata *conn,
if(!userp)
userp = "";
- switch(ntlm->state) {
+ switch(*state) {
case NTLMSTATE_TYPE1:
default:
/* Use Samba's 'winbind' daemon to support NTLM authentication,
@@ -392,7 +391,7 @@ CURLcode Curl_output_ntlm_wb(struct connectdata *conn,
res = ntlm_wb_init(conn, userp);
if(res)
return res;
- res = ntlm_wb_response(conn, "YR\n", ntlm->state);
+ res = ntlm_wb_response(conn, "YR\n", *state);
if(res)
return res;
@@ -410,7 +409,7 @@ CURLcode Curl_output_ntlm_wb(struct connectdata *conn,
input = aprintf("TT %s\n", conn->challenge_header);
if(!input)
return CURLE_OUT_OF_MEMORY;
- res = ntlm_wb_response(conn, input, ntlm->state);
+ res = ntlm_wb_response(conn, input, *state);
free(input);
input = NULL;
if(res)
@@ -421,7 +420,7 @@ CURLcode Curl_output_ntlm_wb(struct connectdata *conn,
proxy ? "Proxy-" : "",
conn->response_header);
DEBUG_OUT(fprintf(stderr, "**** %s\n ", *allocuserpwd));
- ntlm->state = NTLMSTATE_TYPE3; /* we sent a type-3 */
+ *state = NTLMSTATE_TYPE3; /* we sent a type-3 */
authp->done = TRUE;
Curl_http_auth_cleanup_ntlm_wb(conn);
if(!*allocuserpwd)
diff --git a/lib/http.c b/lib/http.c
index 11c2fa12c..75d59ca90 100644
--- a/lib/http.c
+++ b/lib/http.c
@@ -466,8 +466,8 @@ static CURLcode http_perhapsrewind(struct connectdata *conn)
(data->state.authproxy.picked == CURLAUTH_NTLM_WB) ||
(data->state.authhost.picked == CURLAUTH_NTLM_WB)) {
if(((expectsend - bytessent) < 2000) ||
- (conn->ntlm.state != NTLMSTATE_NONE) ||
- (conn->proxyntlm.state != NTLMSTATE_NONE)) {
+ (conn->http_ntlm_state != NTLMSTATE_NONE) ||
+ (conn->proxy_ntlm_state != NTLMSTATE_NONE)) {
/* The NTLM-negotiation has started *OR* there is just a little (<2K)
data left to send, keep on sending. */
@@ -3422,9 +3422,9 @@ CURLcode Curl_http_readwrite_headers(struct Curl_easy *data,
#if defined(USE_NTLM)
if(conn->bits.close &&
(((data->req.httpcode == 401) &&
- (conn->ntlm.state == NTLMSTATE_TYPE2)) ||
+ (conn->http_ntlm_state == NTLMSTATE_TYPE2)) ||
((data->req.httpcode == 407) &&
- (conn->proxyntlm.state == NTLMSTATE_TYPE2)))) {
+ (conn->proxy_ntlm_state == NTLMSTATE_TYPE2)))) {
infof(data, "Connection closure while negotiating auth (HTTP 1.0?)\n");
data->state.authproblem = TRUE;
}
diff --git a/lib/http_ntlm.c b/lib/http_ntlm.c
index afc7f75d3..e4a4fe05d 100644
--- a/lib/http_ntlm.c
+++ b/lib/http_ntlm.c
@@ -68,9 +68,11 @@ CURLcode Curl_input_ntlm(struct connectdata *conn,
{
/* point to the correct struct with this */
struct ntlmdata *ntlm;
+ curlntlm *state;
CURLcode result = CURLE_OK;
ntlm = proxy ? &conn->proxyntlm : &conn->ntlm;
+ state = proxy ? &conn->proxy_ntlm_state : &conn->http_ntlm_state;
if(checkprefix("NTLM", header)) {
header += strlen("NTLM");
@@ -83,25 +85,25 @@ CURLcode Curl_input_ntlm(struct connectdata *conn,
if(result)
return result;
- ntlm->state = NTLMSTATE_TYPE2; /* We got a type-2 message */
+ *state = NTLMSTATE_TYPE2; /* We got a type-2 message */
}
else {
- if(ntlm->state == NTLMSTATE_LAST) {
+ if(*state == NTLMSTATE_LAST) {
infof(conn->data, "NTLM auth restarted\n");
Curl_http_auth_cleanup_ntlm(conn);
}
- else if(ntlm->state == NTLMSTATE_TYPE3) {
+ else if(*state == NTLMSTATE_TYPE3) {
infof(conn->data, "NTLM handshake rejected\n");
Curl_http_auth_cleanup_ntlm(conn);
- ntlm->state = NTLMSTATE_NONE;
+ *state = NTLMSTATE_NONE;
return CURLE_REMOTE_ACCESS_DENIED;
}
- else if(ntlm->state >= NTLMSTATE_TYPE1) {
+ else if(*state >= NTLMSTATE_TYPE1) {
infof(conn->data, "NTLM handshake failure (internal error)\n");
return CURLE_REMOTE_ACCESS_DENIED;
}
- ntlm->state = NTLMSTATE_TYPE1; /* We should send away a type-1 */
+ *state = NTLMSTATE_TYPE1; /* We should send away a type-1 */
}
}
@@ -129,6 +131,7 @@ CURLcode Curl_output_ntlm(struct connectdata *conn, bool proxy)
/* point to the correct struct with this */
struct ntlmdata *ntlm;
+ curlntlm *state;
struct auth *authp;
DEBUGASSERT(conn);
@@ -147,6 +150,7 @@ CURLcode Curl_output_ntlm(struct connectdata *conn, bool proxy)
conn->data->set.str[STRING_PROXY_SERVICE_NAME] : "HTTP";
hostname = conn->http_proxy.host.name;
ntlm = &conn->proxyntlm;
+ state = &conn->proxy_ntlm_state;
authp = &conn->data->state.authproxy;
}
else {
@@ -157,6 +161,7 @@ CURLcode Curl_output_ntlm(struct connectdata *conn, bool proxy)
conn->data->set.str[STRING_SERVICE_NAME] : "HTTP";
hostname = conn->host.name;
ntlm = &conn->ntlm;
+ state = &conn->http_ntlm_state;
authp = &conn->data->state.authhost;
}
authp->done = FALSE;
@@ -180,7 +185,7 @@ CURLcode Curl_output_ntlm(struct connectdata *conn, bool proxy)
#endif
#endif
- switch(ntlm->state) {
+ switch(*state) {
case NTLMSTATE_TYPE1:
default: /* for the weird cases we (re)start here */
/* Create a type-1 message */
@@ -222,7 +227,7 @@ CURLcode Curl_output_ntlm(struct connectdata *conn, bool proxy)
DEBUG_OUT(fprintf(stderr, "**** %s\n ", *allocuserpwd));
- ntlm->state = NTLMSTATE_TYPE3; /* we send a type-3 */
+ *state = NTLMSTATE_TYPE3; /* we send a type-3 */
authp->done = TRUE;
}
break;
@@ -230,7 +235,7 @@ CURLcode Curl_output_ntlm(struct connectdata *conn, bool proxy)
case NTLMSTATE_TYPE3:
/* connection is already authenticated,
* don't send a header in future requests */
- ntlm->state = NTLMSTATE_LAST;
+ *state = NTLMSTATE_LAST;
/* FALLTHROUGH */
case NTLMSTATE_LAST:
Curl_safefree(*allocuserpwd);
diff --git a/lib/multi.c b/lib/multi.c
index 09e4830c6..39e521afd 100644
--- a/lib/multi.c
+++ b/lib/multi.c
@@ -588,8 +588,8 @@ static CURLcode multi_done(struct Curl_easy *data,
if((data->set.reuse_forbid
#if defined(USE_NTLM)
- && !(conn->ntlm.state == NTLMSTATE_TYPE2 ||
- conn->proxyntlm.state == NTLMSTATE_TYPE2)
+ && !(conn->http_ntlm_state == NTLMSTATE_TYPE2 ||
+ conn->proxy_ntlm_state == NTLMSTATE_TYPE2)
#endif
#if defined(USE_SPNEGO)
&& !(conn->negotiate.state == GSS_AUTHRECV ||
diff --git a/lib/url.c b/lib/url.c
index 163037283..c2691e6c9 100644
--- a/lib/url.c
+++ b/lib/url.c
@@ -1278,7 +1278,7 @@ ConnectionExists(struct Curl_easy *data,
strcmp(needle->passwd, check->passwd))
continue;
}
- else if(check->ntlm.state != NTLMSTATE_NONE) {
+ else if(check->http_ntlm_state != NTLMSTATE_NONE) {
/* Connection is using NTLM auth but we don't want NTLM */
continue;
}
@@ -1294,7 +1294,7 @@ ConnectionExists(struct Curl_easy *data,
strcmp(needle->http_proxy.passwd, check->http_proxy.passwd))
continue;
}
- else if(check->proxyntlm.state != NTLMSTATE_NONE) {
+ else if(check->proxy_ntlm_state != NTLMSTATE_NONE) {
/* Proxy connection is using NTLM auth but we don't want NTLM */
continue;
}
@@ -1304,9 +1304,9 @@ ConnectionExists(struct Curl_easy *data,
chosen = check;
if((wantNTLMhttp &&
- (check->ntlm.state != NTLMSTATE_NONE)) ||
+ (check->http_ntlm_state != NTLMSTATE_NONE)) ||
(wantProxyNTLMhttp &&
- (check->proxyntlm.state != NTLMSTATE_NONE))) {
+ (check->proxy_ntlm_state != NTLMSTATE_NONE))) {
/* We must use this connection, no other */
*force_reuse = TRUE;
break;
diff --git a/lib/urldata.h b/lib/urldata.h
index c7944c546..fe54651b1 100644
--- a/lib/urldata.h
+++ b/lib/urldata.h
@@ -336,7 +336,6 @@ struct kerberos5data {
/* Struct used for NTLM challenge-response authentication */
#if defined(USE_NTLM)
struct ntlmdata {
- curlntlm state;
#ifdef USE_WINDOWS_SSPI
/* The sslContext is used for the Schannel bindings. The
* api is available on the Windows 7 SDK and later.
@@ -968,6 +967,9 @@ struct connectdata {
#endif
#if defined(USE_NTLM)
+ curlntlm http_ntlm_state;
+ curlntlm proxy_ntlm_state;
+
struct ntlmdata ntlm; /* NTLM differs from other authentication schemes
because it authenticates connections, not
single requests! */