From 85bef18ca1afc356df3bb28e27ac74e4332affa1 Mon Sep 17 00:00:00 2001 From: Steve Holme Date: Mon, 13 May 2019 20:58:39 +0100 Subject: http_ntlm: Move the NTLM state out of the ntlmdata structure Given that this member variable is not used by the SASL based protocols there is no need to have it here. --- lib/curl_ntlm_wb.c | 15 +++++++-------- lib/http.c | 8 ++++---- lib/http_ntlm.c | 23 ++++++++++++++--------- lib/multi.c | 4 ++-- lib/url.c | 8 ++++---- lib/urldata.h | 4 +++- 6 files changed, 34 insertions(+), 28 deletions(-) (limited to 'lib') diff --git a/lib/curl_ntlm_wb.c b/lib/curl_ntlm_wb.c index 20dde057d..865f1396b 100644 --- a/lib/curl_ntlm_wb.c +++ b/lib/curl_ntlm_wb.c @@ -345,8 +345,7 @@ CURLcode Curl_output_ntlm_wb(struct connectdata *conn, char **allocuserpwd; /* point to the name and password for this */ const char *userp; - /* point to the correct struct with this */ - struct ntlmdata *ntlm; + curlntlm *state; struct auth *authp; CURLcode res = CURLE_OK; @@ -358,13 +357,13 @@ CURLcode Curl_output_ntlm_wb(struct connectdata *conn, if(proxy) { allocuserpwd = &conn->allocptr.proxyuserpwd; userp = conn->http_proxy.user; - ntlm = &conn->proxyntlm; + state = &conn->proxy_ntlm_state; authp = &conn->data->state.authproxy; } else { allocuserpwd = &conn->allocptr.userpwd; userp = conn->user; - ntlm = &conn->ntlm; + state = &conn->http_ntlm_state; authp = &conn->data->state.authhost; } authp->done = FALSE; @@ -373,7 +372,7 @@ CURLcode Curl_output_ntlm_wb(struct connectdata *conn, if(!userp) userp = ""; - switch(ntlm->state) { + switch(*state) { case NTLMSTATE_TYPE1: default: /* Use Samba's 'winbind' daemon to support NTLM authentication, @@ -392,7 +391,7 @@ CURLcode Curl_output_ntlm_wb(struct connectdata *conn, res = ntlm_wb_init(conn, userp); if(res) return res; - res = ntlm_wb_response(conn, "YR\n", ntlm->state); + res = ntlm_wb_response(conn, "YR\n", *state); if(res) return res; @@ -410,7 +409,7 @@ CURLcode Curl_output_ntlm_wb(struct connectdata *conn, input = aprintf("TT %s\n", conn->challenge_header); if(!input) return CURLE_OUT_OF_MEMORY; - res = ntlm_wb_response(conn, input, ntlm->state); + res = ntlm_wb_response(conn, input, *state); free(input); input = NULL; if(res) @@ -421,7 +420,7 @@ CURLcode Curl_output_ntlm_wb(struct connectdata *conn, proxy ? "Proxy-" : "", conn->response_header); DEBUG_OUT(fprintf(stderr, "**** %s\n ", *allocuserpwd)); - ntlm->state = NTLMSTATE_TYPE3; /* we sent a type-3 */ + *state = NTLMSTATE_TYPE3; /* we sent a type-3 */ authp->done = TRUE; Curl_http_auth_cleanup_ntlm_wb(conn); if(!*allocuserpwd) diff --git a/lib/http.c b/lib/http.c index 11c2fa12c..75d59ca90 100644 --- a/lib/http.c +++ b/lib/http.c @@ -466,8 +466,8 @@ static CURLcode http_perhapsrewind(struct connectdata *conn) (data->state.authproxy.picked == CURLAUTH_NTLM_WB) || (data->state.authhost.picked == CURLAUTH_NTLM_WB)) { if(((expectsend - bytessent) < 2000) || - (conn->ntlm.state != NTLMSTATE_NONE) || - (conn->proxyntlm.state != NTLMSTATE_NONE)) { + (conn->http_ntlm_state != NTLMSTATE_NONE) || + (conn->proxy_ntlm_state != NTLMSTATE_NONE)) { /* The NTLM-negotiation has started *OR* there is just a little (<2K) data left to send, keep on sending. */ @@ -3422,9 +3422,9 @@ CURLcode Curl_http_readwrite_headers(struct Curl_easy *data, #if defined(USE_NTLM) if(conn->bits.close && (((data->req.httpcode == 401) && - (conn->ntlm.state == NTLMSTATE_TYPE2)) || + (conn->http_ntlm_state == NTLMSTATE_TYPE2)) || ((data->req.httpcode == 407) && - (conn->proxyntlm.state == NTLMSTATE_TYPE2)))) { + (conn->proxy_ntlm_state == NTLMSTATE_TYPE2)))) { infof(data, "Connection closure while negotiating auth (HTTP 1.0?)\n"); data->state.authproblem = TRUE; } diff --git a/lib/http_ntlm.c b/lib/http_ntlm.c index afc7f75d3..e4a4fe05d 100644 --- a/lib/http_ntlm.c +++ b/lib/http_ntlm.c @@ -68,9 +68,11 @@ CURLcode Curl_input_ntlm(struct connectdata *conn, { /* point to the correct struct with this */ struct ntlmdata *ntlm; + curlntlm *state; CURLcode result = CURLE_OK; ntlm = proxy ? &conn->proxyntlm : &conn->ntlm; + state = proxy ? &conn->proxy_ntlm_state : &conn->http_ntlm_state; if(checkprefix("NTLM", header)) { header += strlen("NTLM"); @@ -83,25 +85,25 @@ CURLcode Curl_input_ntlm(struct connectdata *conn, if(result) return result; - ntlm->state = NTLMSTATE_TYPE2; /* We got a type-2 message */ + *state = NTLMSTATE_TYPE2; /* We got a type-2 message */ } else { - if(ntlm->state == NTLMSTATE_LAST) { + if(*state == NTLMSTATE_LAST) { infof(conn->data, "NTLM auth restarted\n"); Curl_http_auth_cleanup_ntlm(conn); } - else if(ntlm->state == NTLMSTATE_TYPE3) { + else if(*state == NTLMSTATE_TYPE3) { infof(conn->data, "NTLM handshake rejected\n"); Curl_http_auth_cleanup_ntlm(conn); - ntlm->state = NTLMSTATE_NONE; + *state = NTLMSTATE_NONE; return CURLE_REMOTE_ACCESS_DENIED; } - else if(ntlm->state >= NTLMSTATE_TYPE1) { + else if(*state >= NTLMSTATE_TYPE1) { infof(conn->data, "NTLM handshake failure (internal error)\n"); return CURLE_REMOTE_ACCESS_DENIED; } - ntlm->state = NTLMSTATE_TYPE1; /* We should send away a type-1 */ + *state = NTLMSTATE_TYPE1; /* We should send away a type-1 */ } } @@ -129,6 +131,7 @@ CURLcode Curl_output_ntlm(struct connectdata *conn, bool proxy) /* point to the correct struct with this */ struct ntlmdata *ntlm; + curlntlm *state; struct auth *authp; DEBUGASSERT(conn); @@ -147,6 +150,7 @@ CURLcode Curl_output_ntlm(struct connectdata *conn, bool proxy) conn->data->set.str[STRING_PROXY_SERVICE_NAME] : "HTTP"; hostname = conn->http_proxy.host.name; ntlm = &conn->proxyntlm; + state = &conn->proxy_ntlm_state; authp = &conn->data->state.authproxy; } else { @@ -157,6 +161,7 @@ CURLcode Curl_output_ntlm(struct connectdata *conn, bool proxy) conn->data->set.str[STRING_SERVICE_NAME] : "HTTP"; hostname = conn->host.name; ntlm = &conn->ntlm; + state = &conn->http_ntlm_state; authp = &conn->data->state.authhost; } authp->done = FALSE; @@ -180,7 +185,7 @@ CURLcode Curl_output_ntlm(struct connectdata *conn, bool proxy) #endif #endif - switch(ntlm->state) { + switch(*state) { case NTLMSTATE_TYPE1: default: /* for the weird cases we (re)start here */ /* Create a type-1 message */ @@ -222,7 +227,7 @@ CURLcode Curl_output_ntlm(struct connectdata *conn, bool proxy) DEBUG_OUT(fprintf(stderr, "**** %s\n ", *allocuserpwd)); - ntlm->state = NTLMSTATE_TYPE3; /* we send a type-3 */ + *state = NTLMSTATE_TYPE3; /* we send a type-3 */ authp->done = TRUE; } break; @@ -230,7 +235,7 @@ CURLcode Curl_output_ntlm(struct connectdata *conn, bool proxy) case NTLMSTATE_TYPE3: /* connection is already authenticated, * don't send a header in future requests */ - ntlm->state = NTLMSTATE_LAST; + *state = NTLMSTATE_LAST; /* FALLTHROUGH */ case NTLMSTATE_LAST: Curl_safefree(*allocuserpwd); diff --git a/lib/multi.c b/lib/multi.c index 09e4830c6..39e521afd 100644 --- a/lib/multi.c +++ b/lib/multi.c @@ -588,8 +588,8 @@ static CURLcode multi_done(struct Curl_easy *data, if((data->set.reuse_forbid #if defined(USE_NTLM) - && !(conn->ntlm.state == NTLMSTATE_TYPE2 || - conn->proxyntlm.state == NTLMSTATE_TYPE2) + && !(conn->http_ntlm_state == NTLMSTATE_TYPE2 || + conn->proxy_ntlm_state == NTLMSTATE_TYPE2) #endif #if defined(USE_SPNEGO) && !(conn->negotiate.state == GSS_AUTHRECV || diff --git a/lib/url.c b/lib/url.c index 163037283..c2691e6c9 100644 --- a/lib/url.c +++ b/lib/url.c @@ -1278,7 +1278,7 @@ ConnectionExists(struct Curl_easy *data, strcmp(needle->passwd, check->passwd)) continue; } - else if(check->ntlm.state != NTLMSTATE_NONE) { + else if(check->http_ntlm_state != NTLMSTATE_NONE) { /* Connection is using NTLM auth but we don't want NTLM */ continue; } @@ -1294,7 +1294,7 @@ ConnectionExists(struct Curl_easy *data, strcmp(needle->http_proxy.passwd, check->http_proxy.passwd)) continue; } - else if(check->proxyntlm.state != NTLMSTATE_NONE) { + else if(check->proxy_ntlm_state != NTLMSTATE_NONE) { /* Proxy connection is using NTLM auth but we don't want NTLM */ continue; } @@ -1304,9 +1304,9 @@ ConnectionExists(struct Curl_easy *data, chosen = check; if((wantNTLMhttp && - (check->ntlm.state != NTLMSTATE_NONE)) || + (check->http_ntlm_state != NTLMSTATE_NONE)) || (wantProxyNTLMhttp && - (check->proxyntlm.state != NTLMSTATE_NONE))) { + (check->proxy_ntlm_state != NTLMSTATE_NONE))) { /* We must use this connection, no other */ *force_reuse = TRUE; break; diff --git a/lib/urldata.h b/lib/urldata.h index c7944c546..fe54651b1 100644 --- a/lib/urldata.h +++ b/lib/urldata.h @@ -336,7 +336,6 @@ struct kerberos5data { /* Struct used for NTLM challenge-response authentication */ #if defined(USE_NTLM) struct ntlmdata { - curlntlm state; #ifdef USE_WINDOWS_SSPI /* The sslContext is used for the Schannel bindings. The * api is available on the Windows 7 SDK and later. @@ -968,6 +967,9 @@ struct connectdata { #endif #if defined(USE_NTLM) + curlntlm http_ntlm_state; + curlntlm proxy_ntlm_state; + struct ntlmdata ntlm; /* NTLM differs from other authentication schemes because it authenticates connections, not single requests! */ -- cgit v1.2.3