aboutsummaryrefslogtreecommitdiff
path: root/lib
diff options
context:
space:
mode:
authorSteve Holme <steve_holme@hotmail.com>2019-05-13 20:58:39 +0100
committerSteve Holme <steve_holme@hotmail.com>2019-05-15 00:31:45 +0100
commit85bef18ca1afc356df3bb28e27ac74e4332affa1 (patch)
tree7d16e10766c905e0f5a67bede4292d936ab9cf4d /lib
parent0c73adfad3ef9ea2fe2a0ebf7eb0a78b5abb877c (diff)
http_ntlm: Move the NTLM state out of the ntlmdata structure
Given that this member variable is not used by the SASL based protocols there is no need to have it here.
Diffstat (limited to 'lib')
-rw-r--r--lib/curl_ntlm_wb.c15
-rw-r--r--lib/http.c8
-rw-r--r--lib/http_ntlm.c23
-rw-r--r--lib/multi.c4
-rw-r--r--lib/url.c8
-rw-r--r--lib/urldata.h4
6 files changed, 34 insertions, 28 deletions
diff --git a/lib/curl_ntlm_wb.c b/lib/curl_ntlm_wb.c
index 20dde057d..865f1396b 100644
--- a/lib/curl_ntlm_wb.c
+++ b/lib/curl_ntlm_wb.c
@@ -345,8 +345,7 @@ CURLcode Curl_output_ntlm_wb(struct connectdata *conn,
char **allocuserpwd;
/* point to the name and password for this */
const char *userp;
- /* point to the correct struct with this */
- struct ntlmdata *ntlm;
+ curlntlm *state;
struct auth *authp;
CURLcode res = CURLE_OK;
@@ -358,13 +357,13 @@ CURLcode Curl_output_ntlm_wb(struct connectdata *conn,
if(proxy) {
allocuserpwd = &conn->allocptr.proxyuserpwd;
userp = conn->http_proxy.user;
- ntlm = &conn->proxyntlm;
+ state = &conn->proxy_ntlm_state;
authp = &conn->data->state.authproxy;
}
else {
allocuserpwd = &conn->allocptr.userpwd;
userp = conn->user;
- ntlm = &conn->ntlm;
+ state = &conn->http_ntlm_state;
authp = &conn->data->state.authhost;
}
authp->done = FALSE;
@@ -373,7 +372,7 @@ CURLcode Curl_output_ntlm_wb(struct connectdata *conn,
if(!userp)
userp = "";
- switch(ntlm->state) {
+ switch(*state) {
case NTLMSTATE_TYPE1:
default:
/* Use Samba's 'winbind' daemon to support NTLM authentication,
@@ -392,7 +391,7 @@ CURLcode Curl_output_ntlm_wb(struct connectdata *conn,
res = ntlm_wb_init(conn, userp);
if(res)
return res;
- res = ntlm_wb_response(conn, "YR\n", ntlm->state);
+ res = ntlm_wb_response(conn, "YR\n", *state);
if(res)
return res;
@@ -410,7 +409,7 @@ CURLcode Curl_output_ntlm_wb(struct connectdata *conn,
input = aprintf("TT %s\n", conn->challenge_header);
if(!input)
return CURLE_OUT_OF_MEMORY;
- res = ntlm_wb_response(conn, input, ntlm->state);
+ res = ntlm_wb_response(conn, input, *state);
free(input);
input = NULL;
if(res)
@@ -421,7 +420,7 @@ CURLcode Curl_output_ntlm_wb(struct connectdata *conn,
proxy ? "Proxy-" : "",
conn->response_header);
DEBUG_OUT(fprintf(stderr, "**** %s\n ", *allocuserpwd));
- ntlm->state = NTLMSTATE_TYPE3; /* we sent a type-3 */
+ *state = NTLMSTATE_TYPE3; /* we sent a type-3 */
authp->done = TRUE;
Curl_http_auth_cleanup_ntlm_wb(conn);
if(!*allocuserpwd)
diff --git a/lib/http.c b/lib/http.c
index 11c2fa12c..75d59ca90 100644
--- a/lib/http.c
+++ b/lib/http.c
@@ -466,8 +466,8 @@ static CURLcode http_perhapsrewind(struct connectdata *conn)
(data->state.authproxy.picked == CURLAUTH_NTLM_WB) ||
(data->state.authhost.picked == CURLAUTH_NTLM_WB)) {
if(((expectsend - bytessent) < 2000) ||
- (conn->ntlm.state != NTLMSTATE_NONE) ||
- (conn->proxyntlm.state != NTLMSTATE_NONE)) {
+ (conn->http_ntlm_state != NTLMSTATE_NONE) ||
+ (conn->proxy_ntlm_state != NTLMSTATE_NONE)) {
/* The NTLM-negotiation has started *OR* there is just a little (<2K)
data left to send, keep on sending. */
@@ -3422,9 +3422,9 @@ CURLcode Curl_http_readwrite_headers(struct Curl_easy *data,
#if defined(USE_NTLM)
if(conn->bits.close &&
(((data->req.httpcode == 401) &&
- (conn->ntlm.state == NTLMSTATE_TYPE2)) ||
+ (conn->http_ntlm_state == NTLMSTATE_TYPE2)) ||
((data->req.httpcode == 407) &&
- (conn->proxyntlm.state == NTLMSTATE_TYPE2)))) {
+ (conn->proxy_ntlm_state == NTLMSTATE_TYPE2)))) {
infof(data, "Connection closure while negotiating auth (HTTP 1.0?)\n");
data->state.authproblem = TRUE;
}
diff --git a/lib/http_ntlm.c b/lib/http_ntlm.c
index afc7f75d3..e4a4fe05d 100644
--- a/lib/http_ntlm.c
+++ b/lib/http_ntlm.c
@@ -68,9 +68,11 @@ CURLcode Curl_input_ntlm(struct connectdata *conn,
{
/* point to the correct struct with this */
struct ntlmdata *ntlm;
+ curlntlm *state;
CURLcode result = CURLE_OK;
ntlm = proxy ? &conn->proxyntlm : &conn->ntlm;
+ state = proxy ? &conn->proxy_ntlm_state : &conn->http_ntlm_state;
if(checkprefix("NTLM", header)) {
header += strlen("NTLM");
@@ -83,25 +85,25 @@ CURLcode Curl_input_ntlm(struct connectdata *conn,
if(result)
return result;
- ntlm->state = NTLMSTATE_TYPE2; /* We got a type-2 message */
+ *state = NTLMSTATE_TYPE2; /* We got a type-2 message */
}
else {
- if(ntlm->state == NTLMSTATE_LAST) {
+ if(*state == NTLMSTATE_LAST) {
infof(conn->data, "NTLM auth restarted\n");
Curl_http_auth_cleanup_ntlm(conn);
}
- else if(ntlm->state == NTLMSTATE_TYPE3) {
+ else if(*state == NTLMSTATE_TYPE3) {
infof(conn->data, "NTLM handshake rejected\n");
Curl_http_auth_cleanup_ntlm(conn);
- ntlm->state = NTLMSTATE_NONE;
+ *state = NTLMSTATE_NONE;
return CURLE_REMOTE_ACCESS_DENIED;
}
- else if(ntlm->state >= NTLMSTATE_TYPE1) {
+ else if(*state >= NTLMSTATE_TYPE1) {
infof(conn->data, "NTLM handshake failure (internal error)\n");
return CURLE_REMOTE_ACCESS_DENIED;
}
- ntlm->state = NTLMSTATE_TYPE1; /* We should send away a type-1 */
+ *state = NTLMSTATE_TYPE1; /* We should send away a type-1 */
}
}
@@ -129,6 +131,7 @@ CURLcode Curl_output_ntlm(struct connectdata *conn, bool proxy)
/* point to the correct struct with this */
struct ntlmdata *ntlm;
+ curlntlm *state;
struct auth *authp;
DEBUGASSERT(conn);
@@ -147,6 +150,7 @@ CURLcode Curl_output_ntlm(struct connectdata *conn, bool proxy)
conn->data->set.str[STRING_PROXY_SERVICE_NAME] : "HTTP";
hostname = conn->http_proxy.host.name;
ntlm = &conn->proxyntlm;
+ state = &conn->proxy_ntlm_state;
authp = &conn->data->state.authproxy;
}
else {
@@ -157,6 +161,7 @@ CURLcode Curl_output_ntlm(struct connectdata *conn, bool proxy)
conn->data->set.str[STRING_SERVICE_NAME] : "HTTP";
hostname = conn->host.name;
ntlm = &conn->ntlm;
+ state = &conn->http_ntlm_state;
authp = &conn->data->state.authhost;
}
authp->done = FALSE;
@@ -180,7 +185,7 @@ CURLcode Curl_output_ntlm(struct connectdata *conn, bool proxy)
#endif
#endif
- switch(ntlm->state) {
+ switch(*state) {
case NTLMSTATE_TYPE1:
default: /* for the weird cases we (re)start here */
/* Create a type-1 message */
@@ -222,7 +227,7 @@ CURLcode Curl_output_ntlm(struct connectdata *conn, bool proxy)
DEBUG_OUT(fprintf(stderr, "**** %s\n ", *allocuserpwd));
- ntlm->state = NTLMSTATE_TYPE3; /* we send a type-3 */
+ *state = NTLMSTATE_TYPE3; /* we send a type-3 */
authp->done = TRUE;
}
break;
@@ -230,7 +235,7 @@ CURLcode Curl_output_ntlm(struct connectdata *conn, bool proxy)
case NTLMSTATE_TYPE3:
/* connection is already authenticated,
* don't send a header in future requests */
- ntlm->state = NTLMSTATE_LAST;
+ *state = NTLMSTATE_LAST;
/* FALLTHROUGH */
case NTLMSTATE_LAST:
Curl_safefree(*allocuserpwd);
diff --git a/lib/multi.c b/lib/multi.c
index 09e4830c6..39e521afd 100644
--- a/lib/multi.c
+++ b/lib/multi.c
@@ -588,8 +588,8 @@ static CURLcode multi_done(struct Curl_easy *data,
if((data->set.reuse_forbid
#if defined(USE_NTLM)
- && !(conn->ntlm.state == NTLMSTATE_TYPE2 ||
- conn->proxyntlm.state == NTLMSTATE_TYPE2)
+ && !(conn->http_ntlm_state == NTLMSTATE_TYPE2 ||
+ conn->proxy_ntlm_state == NTLMSTATE_TYPE2)
#endif
#if defined(USE_SPNEGO)
&& !(conn->negotiate.state == GSS_AUTHRECV ||
diff --git a/lib/url.c b/lib/url.c
index 163037283..c2691e6c9 100644
--- a/lib/url.c
+++ b/lib/url.c
@@ -1278,7 +1278,7 @@ ConnectionExists(struct Curl_easy *data,
strcmp(needle->passwd, check->passwd))
continue;
}
- else if(check->ntlm.state != NTLMSTATE_NONE) {
+ else if(check->http_ntlm_state != NTLMSTATE_NONE) {
/* Connection is using NTLM auth but we don't want NTLM */
continue;
}
@@ -1294,7 +1294,7 @@ ConnectionExists(struct Curl_easy *data,
strcmp(needle->http_proxy.passwd, check->http_proxy.passwd))
continue;
}
- else if(check->proxyntlm.state != NTLMSTATE_NONE) {
+ else if(check->proxy_ntlm_state != NTLMSTATE_NONE) {
/* Proxy connection is using NTLM auth but we don't want NTLM */
continue;
}
@@ -1304,9 +1304,9 @@ ConnectionExists(struct Curl_easy *data,
chosen = check;
if((wantNTLMhttp &&
- (check->ntlm.state != NTLMSTATE_NONE)) ||
+ (check->http_ntlm_state != NTLMSTATE_NONE)) ||
(wantProxyNTLMhttp &&
- (check->proxyntlm.state != NTLMSTATE_NONE))) {
+ (check->proxy_ntlm_state != NTLMSTATE_NONE))) {
/* We must use this connection, no other */
*force_reuse = TRUE;
break;
diff --git a/lib/urldata.h b/lib/urldata.h
index c7944c546..fe54651b1 100644
--- a/lib/urldata.h
+++ b/lib/urldata.h
@@ -336,7 +336,6 @@ struct kerberos5data {
/* Struct used for NTLM challenge-response authentication */
#if defined(USE_NTLM)
struct ntlmdata {
- curlntlm state;
#ifdef USE_WINDOWS_SSPI
/* The sslContext is used for the Schannel bindings. The
* api is available on the Windows 7 SDK and later.
@@ -968,6 +967,9 @@ struct connectdata {
#endif
#if defined(USE_NTLM)
+ curlntlm http_ntlm_state;
+ curlntlm proxy_ntlm_state;
+
struct ntlmdata ntlm; /* NTLM differs from other authentication schemes
because it authenticates connections, not
single requests! */