ntlm_sspi: fix authentication using Credential Manager

If you pass empty user/pass asking curl to use Windows Credential Storage (as stated in the docs) and it has valid credentials for the domain, e.g. curl -v -u : --ntlm example.com currently authentication fails. This change fixes it by providing proper SPN string to the SSPI API calls. Fixes https://github.com/curl/curl/issues/1622 Closes https://github.com/curl/curl/pull/1660
author: toughengineer <paul.skeptic@yandex.ru> 2017-07-08 02:10:08 +0200
committer: Marcel Raad <Marcel.Raad@teamviewer.com> 2018-04-16 20:43:21 +0200
commit: bc4b8c9717c8972acf1f8d6383b127b5c8ef3e72 (patch)
tree: 2fd661d5a829e90e76c47727c235ccf9a4d76c0e /lib/curl_sasl.c
parent: 2d4c2152c9eb3dbdf943de46ed8fc11285f1b90b (diff)
1 files changed, 8 insertions, 6 deletions
diff --git a/lib/curl_sasl.c b/lib/curl_sasl.c
index 7052bd913..e54e4875e 100644
--- a/lib/curl_sasl.c
+++ b/lib/curl_sasl.c
@@ -265,7 +265,7 @@ CURLcode Curl_sasl_start(struct SASL *sasl, struct connectdata *conn,
   const char * const hostname = SSL_IS_PROXY() ? conn->http_proxy.host.name :
     conn->host.name;
   const long int port = SSL_IS_PROXY() ? conn->port : conn->remote_port;
-#if defined(USE_KERBEROS5)
+#if defined(USE_KERBEROS5) || defined(USE_NTLM)
   const char *service = data->set.str[STRING_SERVICE_NAME] ?
     data->set.str[STRING_SERVICE_NAME] :
     sasl->params->service;
@@ -333,7 +333,10 @@ CURLcode Curl_sasl_start(struct SASL *sasl, struct connectdata *conn,
       if(force_ir || data->set.sasl_ir)
         result = Curl_auth_create_ntlm_type1_message(data,
                                                      conn->user, conn->passwd,
-                                                     &conn->ntlm, &resp, &len);
+                                                     service,
+                                                     hostname,
+                                                     &conn->ntlm, &resp,
+                                                     &len);
       }
     else
 #endif
@@ -419,13 +422,11 @@ CURLcode Curl_sasl_continue(struct SASL *sasl, struct connectdata *conn,
   char *chlg = NULL;
   size_t chlglen = 0;
 #endif
-#if !defined(CURL_DISABLE_CRYPTO_AUTH) || defined(USE_KERBEROS5)
+#if !defined(CURL_DISABLE_CRYPTO_AUTH) || defined(USE_KERBEROS5) || \
+    defined(USE_NTLM)
   const char *service = data->set.str[STRING_SERVICE_NAME] ?
                         data->set.str[STRING_SERVICE_NAME] :
                         sasl->params->service;
-#endif
-#if !defined(CURL_DISABLE_CRYPTO_AUTH) || defined(USE_KERBEROS5) || \
-    defined(USE_NTLM)
   char *serverdata;
 #endif
   size_t len = 0;
@@ -496,6 +497,7 @@ CURLcode Curl_sasl_continue(struct SASL *sasl, struct connectdata *conn,
     /* Create the type-1 message */
     result = Curl_auth_create_ntlm_type1_message(data,
                                                  conn->user, conn->passwd,
+                                                 service, hostname,
                                                  &conn->ntlm, &resp, &len);
     newstate = SASL_NTLM_TYPE2MSG;
     break;
author	toughengineer <paul.skeptic@yandex.ru>	2017-07-08 02:10:08 +0200
committer	Marcel Raad <Marcel.Raad@teamviewer.com>	2018-04-16 20:43:21 +0200
commit	bc4b8c9717c8972acf1f8d6383b127b5c8ef3e72 (patch)
tree	2fd661d5a829e90e76c47727c235ccf9a4d76c0e /lib/curl_sasl.c
parent	2d4c2152c9eb3dbdf943de46ed8fc11285f1b90b (diff)