aboutsummaryrefslogtreecommitdiff
path: root/lib
diff options
context:
space:
mode:
authorSteve Holme <steve_holme@hotmail.com>2014-04-06 13:29:29 +0100
committerSteve Holme <steve_holme@hotmail.com>2014-04-06 13:30:52 +0100
commitee40136f6cd8a4f0c55b132c2d3cb1ea6b0ebc9b (patch)
treed1a2b0b22dcf1e454e75f2241e8622270e74787d /lib
parent19a514237d5ebc8ad800883b9a12fc56de1c01c6 (diff)
sasl: Post DIGEST-MD5 SSPI code tidy up
* Added comments to SSPI NTLM message generation * Added comments to native DIGEST-MD5 code * Removed redundant identity pointer
Diffstat (limited to 'lib')
-rw-r--r--lib/curl_ntlm_msgs.c61
-rw-r--r--lib/curl_sasl.c1
-rw-r--r--lib/curl_sasl_sspi.c18
3 files changed, 43 insertions, 37 deletions
diff --git a/lib/curl_ntlm_msgs.c b/lib/curl_ntlm_msgs.c
index e222b73b7..969e6bf78 100644
--- a/lib/curl_ntlm_msgs.c
+++ b/lib/curl_ntlm_msgs.c
@@ -414,8 +414,8 @@ CURLcode Curl_ntlm_create_type1_message(const char *userp,
#ifdef USE_WINDOWS_SSPI
- SecBuffer buf;
- SecBufferDesc desc;
+ SecBuffer type_1_buf;
+ SecBufferDesc type_1_desc;
SECURITY_STATUS status;
unsigned long attrs;
TimeStamp tsDummy; /* For Windows 9x compatibility of SSPI calls */
@@ -434,8 +434,10 @@ CURLcode Curl_ntlm_create_type1_message(const char *userp,
ntlm->p_identity = &ntlm->identity;
}
else
+ /* Use the current Windows user */
ntlm->p_identity = NULL;
+ /* Acquire our credientials handle */
status = s_pSecFn->AcquireCredentialsHandle(NULL,
(TCHAR *) TEXT("NTLM"),
SECPKG_CRED_OUTBOUND, NULL,
@@ -444,13 +446,15 @@ CURLcode Curl_ntlm_create_type1_message(const char *userp,
if(status != SEC_E_OK)
return CURLE_OUT_OF_MEMORY;
- desc.ulVersion = SECBUFFER_VERSION;
- desc.cBuffers = 1;
- desc.pBuffers = &buf;
- buf.cbBuffer = NTLM_BUFSIZE;
- buf.BufferType = SECBUFFER_TOKEN;
- buf.pvBuffer = ntlmbuf;
+ /* Setup the type-1 "output" security buffer */
+ type_1_desc.ulVersion = SECBUFFER_VERSION;
+ type_1_desc.cBuffers = 1;
+ type_1_desc.pBuffers = &type_1_buf;
+ type_1_buf.cbBuffer = NTLM_BUFSIZE;
+ type_1_buf.BufferType = SECBUFFER_TOKEN;
+ type_1_buf.pvBuffer = ntlmbuf;
+ /* Generate our type-1 message */
status = s_pSecFn->InitializeSecurityContext(&ntlm->handle, NULL,
(TCHAR *) TEXT(""),
ISC_REQ_CONFIDENTIALITY |
@@ -458,19 +462,19 @@ CURLcode Curl_ntlm_create_type1_message(const char *userp,
ISC_REQ_CONNECTION,
0, SECURITY_NETWORK_DREP,
NULL, 0,
- &ntlm->c_handle, &desc,
+ &ntlm->c_handle, &type_1_desc,
&attrs, &tsDummy);
if(status == SEC_I_COMPLETE_AND_CONTINUE ||
status == SEC_I_CONTINUE_NEEDED)
- s_pSecFn->CompleteAuthToken(&ntlm->c_handle, &desc);
+ s_pSecFn->CompleteAuthToken(&ntlm->c_handle, &type_1_desc);
else if(status != SEC_E_OK) {
s_pSecFn->FreeCredentialsHandle(&ntlm->handle);
return CURLE_RECV_ERROR;
}
ntlm->has_handles = 1;
- size = buf.cbBuffer;
+ size = type_1_buf.cbBuffer;
#else
@@ -602,8 +606,8 @@ CURLcode Curl_ntlm_create_type3_message(struct SessionHandle *data,
size_t size;
#ifdef USE_WINDOWS_SSPI
- SecBuffer type_2;
- SecBuffer type_3;
+ SecBuffer type_2_buf;
+ SecBuffer type_3_buf;
SecBufferDesc type_2_desc;
SecBufferDesc type_3_desc;
SECURITY_STATUS status;
@@ -614,18 +618,23 @@ CURLcode Curl_ntlm_create_type3_message(struct SessionHandle *data,
(void)userp;
(void)data;
- type_2_desc.ulVersion = type_3_desc.ulVersion = SECBUFFER_VERSION;
- type_2_desc.cBuffers = type_3_desc.cBuffers = 1;
- type_2_desc.pBuffers = &type_2;
- type_3_desc.pBuffers = &type_3;
-
- type_2.BufferType = SECBUFFER_TOKEN;
- type_2.pvBuffer = ntlm->type_2;
- type_2.cbBuffer = ntlm->n_type_2;
- type_3.BufferType = SECBUFFER_TOKEN;
- type_3.pvBuffer = ntlmbuf;
- type_3.cbBuffer = NTLM_BUFSIZE;
-
+ /* Setup the type-2 "input" security buffer */
+ type_2_desc.ulVersion = SECBUFFER_VERSION;
+ type_2_desc.cBuffers = 1;
+ type_2_desc.pBuffers = &type_2_buf;
+ type_2_buf.BufferType = SECBUFFER_TOKEN;
+ type_2_buf.pvBuffer = ntlm->type_2;
+ type_2_buf.cbBuffer = ntlm->n_type_2;
+
+ /* Setup the type-3 "output" security buffer */
+ type_3_desc.ulVersion = SECBUFFER_VERSION;
+ type_3_desc.cBuffers = 1;
+ type_3_desc.pBuffers = &type_3_buf;
+ type_3_buf.BufferType = SECBUFFER_TOKEN;
+ type_3_buf.pvBuffer = ntlmbuf;
+ type_3_buf.cbBuffer = NTLM_BUFSIZE;
+
+ /* Generate our type-3 message */
status = s_pSecFn->InitializeSecurityContext(&ntlm->handle,
&ntlm->c_handle,
(TCHAR *) TEXT(""),
@@ -640,7 +649,7 @@ CURLcode Curl_ntlm_create_type3_message(struct SessionHandle *data,
if(status != SEC_E_OK)
return CURLE_RECV_ERROR;
- size = type_3.cbBuffer;
+ size = type_3_buf.cbBuffer;
Curl_ntlm_sspi_cleanup(ntlm);
diff --git a/lib/curl_sasl.c b/lib/curl_sasl.c
index 842bb727f..1968ccbc7 100644
--- a/lib/curl_sasl.c
+++ b/lib/curl_sasl.c
@@ -292,6 +292,7 @@ static CURLcode sasl_decode_digest_md5_message(const char *chlg64,
size_t chlglen = 0;
size_t chlg64len = strlen(chlg64);
+ /* Decode the base-64 encoded challenge message */
if(chlg64len && *chlg64 != '=') {
result = Curl_base64_decode(chlg64, &chlg, &chlglen);
if(result)
diff --git a/lib/curl_sasl_sspi.c b/lib/curl_sasl_sspi.c
index 9b67498e9..d17e08c79 100644
--- a/lib/curl_sasl_sspi.c
+++ b/lib/curl_sasl_sspi.c
@@ -74,7 +74,6 @@ CURLcode Curl_sasl_create_digest_md5_message(struct SessionHandle *data,
CtxtHandle ctx;
PSecPkgInfo SecurityPackage;
SEC_WINNT_AUTH_IDENTITY identity;
- SEC_WINNT_AUTH_IDENTITY *identityp = NULL;
SecBuffer chlg_buf;
SecBuffer resp_buf;
SecBufferDesc chlg_desc;
@@ -118,24 +117,21 @@ CURLcode Curl_sasl_create_digest_md5_message(struct SessionHandle *data,
return result;
}
- /* Allow proper cleanup of the identity structure */
- identityp = &identity;
-
/* Acquire our credientials handle */
status = s_pSecFn->AcquireCredentialsHandle(NULL,
(TCHAR *) TEXT("WDigest"),
SECPKG_CRED_OUTBOUND, NULL,
- identityp, NULL, NULL,
+ &identity, NULL, NULL,
&handle, &tsDummy);
if(status != SEC_E_OK) {
- Curl_sspi_free_identity(identityp);
+ Curl_sspi_free_identity(&identity);
Curl_safefree(spn);
return CURLE_OUT_OF_MEMORY;
}
- /* Setup the challenge security buffer */
+ /* Setup the challenge "input" security buffer */
chlg_desc.ulVersion = SECBUFFER_VERSION;
chlg_desc.cBuffers = 1;
chlg_desc.pBuffers = &chlg_buf;
@@ -143,7 +139,7 @@ CURLcode Curl_sasl_create_digest_md5_message(struct SessionHandle *data,
chlg_buf.pvBuffer = chlg;
chlg_buf.cbBuffer = curlx_uztoul(chlglen);
- /* Setup the response security buffer */
+ /* Setup the response "output" security buffer */
resp_desc.ulVersion = SECBUFFER_VERSION;
resp_desc.cBuffers = 1;
resp_desc.pBuffers = &resp_buf;
@@ -151,7 +147,7 @@ CURLcode Curl_sasl_create_digest_md5_message(struct SessionHandle *data,
resp_buf.pvBuffer = resp;
resp_buf.cbBuffer = sizeof(resp);
- /* Generate our challenge-response */
+ /* Generate our challenge-response message */
status = s_pSecFn->InitializeSecurityContext(&handle,
NULL,
(TCHAR *) spn,
@@ -166,7 +162,7 @@ CURLcode Curl_sasl_create_digest_md5_message(struct SessionHandle *data,
s_pSecFn->CompleteAuthToken(&handle, &resp_desc);
else if(status != SEC_E_OK) {
s_pSecFn->FreeCredentialsHandle(&handle);
- Curl_sspi_free_identity(identityp);
+ Curl_sspi_free_identity(&identity);
Curl_safefree(spn);
return CURLE_RECV_ERROR;
@@ -181,7 +177,7 @@ CURLcode Curl_sasl_create_digest_md5_message(struct SessionHandle *data,
s_pSecFn->FreeCredentialsHandle(&handle);
/* Free the identity structure */
- Curl_sspi_free_identity(identityp);
+ Curl_sspi_free_identity(&identity);
/* Free the SPN */
Curl_safefree(spn);