diff options
author | Steve Holme <steve_holme@hotmail.com> | 2014-07-11 21:45:25 +0100 |
---|---|---|
committer | Steve Holme <steve_holme@hotmail.com> | 2014-08-06 20:31:19 +0100 |
commit | f8a8ed73fe7b130255d335d6b54b6d2e0accd056 (patch) | |
tree | 5175c01a2678da7f57b8c3f30f576a4cac71735d /lib | |
parent | f8af8606a5420e2cfb17f2f32d750b6b2e7b52f9 (diff) |
http_negotiate_sspi: Fixed specific username and password not working
Bug: http://curl.haxx.se/mail/lib-2014-06/0224.html
Reported-by: Leonardo Rosati
Diffstat (limited to 'lib')
-rw-r--r-- | lib/http_negotiate_sspi.c | 50 | ||||
-rw-r--r-- | lib/urldata.h | 2 |
2 files changed, 47 insertions, 5 deletions
diff --git a/lib/http_negotiate_sspi.c b/lib/http_negotiate_sspi.c index 8e6391495..260c78f06 100644 --- a/lib/http_negotiate_sspi.c +++ b/lib/http_negotiate_sspi.c @@ -68,8 +68,6 @@ get_gss_name(struct connectdata *conn, bool proxy, int Curl_input_negotiate(struct connectdata *conn, bool proxy, const char *header) { - struct negotiatedata *neg_ctx = proxy?&conn->data->state.proxyneg: - &conn->data->state.negotiate; BYTE *input_token = 0; SecBufferDesc out_buff_desc; SecBuffer out_sec_buff; @@ -82,6 +80,31 @@ int Curl_input_negotiate(struct connectdata *conn, bool proxy, size_t len = 0, input_token_len = 0; CURLcode error; + /* Point to the username and password */ + const char *userp; + const char *passwdp; + + /* Point to the correct struct with this */ + struct negotiatedata *neg_ctx; + + if(proxy) { + userp = conn->proxyuser; + passwdp = conn->proxypasswd; + neg_ctx = &conn->data->state.proxyneg; + } + else { + userp = conn->user; + passwdp = conn->passwd; + neg_ctx = &conn->data->state.negotiate; + } + + /* Not set means empty */ + if(!userp) + userp = ""; + + if(!passwdp) + passwdp = ""; + if(neg_ctx->context && neg_ctx->status == SEC_E_OK) { /* We finished successfully our part of authentication, but server * rejected it (since we're again here). Exit with an error since we @@ -131,12 +154,26 @@ int Curl_input_negotiate(struct connectdata *conn, bool proxy, if(!neg_ctx->credentials || !neg_ctx->context) return -1; + if(userp && *userp) { + /* Populate our identity structure */ + error = Curl_create_sspi_identity(userp, passwdp, &neg_ctx->identity); + if(error) + return -1; + + /* Allow proper cleanup of the identity structure */ + neg_ctx->p_identity = &neg_ctx->identity; + } + else + /* Use the current Windows user */ + neg_ctx->p_identity = NULL; + + /* Acquire our credientials handle */ neg_ctx->status = s_pSecFn->AcquireCredentialsHandle(NULL, (TCHAR *) TEXT("Negotiate"), - SECPKG_CRED_OUTBOUND, NULL, NULL, - NULL, NULL, neg_ctx->credentials, - &lifetime); + SECPKG_CRED_OUTBOUND, NULL, + neg_ctx->p_identity, NULL, NULL, + neg_ctx->credentials, &lifetime); if(neg_ctx->status != SEC_E_OK) return -1; } @@ -260,6 +297,9 @@ static void cleanup(struct negotiatedata *neg_ctx) } neg_ctx->max_token_length = 0; + + Curl_sspi_free_identity(neg_ctx->p_identity); + neg_ctx->p_identity = NULL; } void Curl_cleanup_negotiate(struct SessionHandle *data) diff --git a/lib/urldata.h b/lib/urldata.h index f32988afa..dcf72dd1d 100644 --- a/lib/urldata.h +++ b/lib/urldata.h @@ -459,6 +459,8 @@ struct negotiatedata { DWORD status; CtxtHandle *context; CredHandle *credentials; + SEC_WINNT_AUTH_IDENTITY identity; + SEC_WINNT_AUTH_IDENTITY *p_identity; char server_name[1024]; size_t max_token_length; BYTE *output_token; |