diff options
-rw-r--r-- | lib/http.c | 4 | ||||
-rw-r--r-- | lib/http_ntlm.c | 21 | ||||
-rw-r--r-- | lib/http_ntlm.h | 11 |
3 files changed, 16 insertions, 20 deletions
diff --git a/lib/http.c b/lib/http.c index 97c904342..4952ddd64 100644 --- a/lib/http.c +++ b/lib/http.c @@ -767,9 +767,9 @@ CURLcode Curl_http_input_auth(struct connectdata *conn, if(authp->picked == CURLAUTH_NTLM || authp->picked == CURLAUTH_NTLM_SSO) { /* NTLM authentication is picked and activated */ - CURLntlm ntlm = + CURLcode ntlm = Curl_input_ntlm(conn, (bool)(httpcode == 407), start); - if(CURLNTLM_BAD != ntlm) { + if(CURLE_OK == ntlm) { data->state.authproblem = FALSE; #ifdef WINBIND_NTLM_AUTH_ENABLED if(authp->picked == CURLAUTH_NTLM_SSO) { diff --git a/lib/http_ntlm.c b/lib/http_ntlm.c index ed2f05b3b..98d9ad890 100644 --- a/lib/http_ntlm.c +++ b/lib/http_ntlm.c @@ -265,7 +265,7 @@ static unsigned int readint_le(unsigned char *buf) from the beginning of the NTLM message. */ -CURLntlm Curl_input_ntlm(struct connectdata *conn, +CURLcode Curl_input_ntlm(struct connectdata *conn, bool proxy, /* if proxy or not */ const char *header) /* rest of the www-authenticate: header */ @@ -275,10 +275,12 @@ CURLntlm Curl_input_ntlm(struct connectdata *conn, #ifndef USE_WINDOWS_SSPI static const char type2_marker[] = { 0x02, 0x00, 0x00, 0x00 }; #endif + CURLcode result = CURLE_OK; #ifdef USE_NSS - if(CURLE_OK != Curl_nss_force_init(conn->data)) - return CURLNTLM_BAD; + result = Curl_nss_force_init(conn->data); + if(result) + return result; #endif ntlm = proxy ? &conn->proxyntlm : &conn->ntlm; @@ -314,7 +316,7 @@ CURLntlm Curl_input_ntlm(struct connectdata *conn, unsigned char *buffer; size = Curl_base64_decode(header, &buffer); if(!buffer) - return CURLNTLM_BAD; + return CURLE_OUT_OF_MEMORY; ntlm->state = NTLMSTATE_TYPE2; /* we got a type-2 */ @@ -334,7 +336,8 @@ CURLntlm Curl_input_ntlm(struct connectdata *conn, (memcmp(buffer + 8, type2_marker, sizeof(type2_marker)) != 0)) { /* This was not a good enough type-2 message */ free(buffer); - return CURLNTLM_BAD; + infof(conn->data, "NTLM handshake failure (bad type-2 message)\n"); + return CURLE_REMOTE_ACCESS_DENIED; } ntlm->flags = readint_le(&buffer[20]); @@ -352,14 +355,16 @@ CURLntlm Curl_input_ntlm(struct connectdata *conn, free(buffer); } else { - if(ntlm->state >= NTLMSTATE_TYPE1) - return CURLNTLM_BAD; + if(ntlm->state >= NTLMSTATE_TYPE1) { + infof(conn->data, "NTLM handshake failure (internal error)\n"); + return CURLE_REMOTE_ACCESS_DENIED; + } ntlm->state = NTLMSTATE_TYPE1; /* we should sent away a type-1 */ } } - return CURLNTLM_FINE; + return result; } #ifndef USE_WINDOWS_SSPI diff --git a/lib/http_ntlm.h b/lib/http_ntlm.h index c80bb09ff..d3b79ed2c 100644 --- a/lib/http_ntlm.h +++ b/lib/http_ntlm.h @@ -22,17 +22,8 @@ * ***************************************************************************/ -typedef enum { - CURLNTLM_NONE, /* not a ntlm */ - CURLNTLM_BAD, /* an ntlm, but one we don't like */ - CURLNTLM_FIRST, /* the first 401-reply we got with NTLM */ - CURLNTLM_FINE, /* an ntlm we act on */ - - CURLNTLM_LAST /* last entry in this enum, don't use */ -} CURLntlm; - /* this is for ntlm header input */ -CURLntlm Curl_input_ntlm(struct connectdata *conn, bool proxy, +CURLcode Curl_input_ntlm(struct connectdata *conn, bool proxy, const char *header); /* this is for creating ntlm header output */ |