generic-library/curl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

http_negotiate_sspi: Fixed specific username and password not working

Browse Source 
Bug: http://curl.haxx.se/mail/lib-2014-06/0224.html
Reported-by: Leonardo Rosati
This commit is contained in:
Steve Holme 2014-07-11 21:45:25 +01:00
parent f8af8606a5
commit f8a8ed73fe
2 changed files with 47 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

50
lib/http_negotiate_sspi.c
View File

@ -68,8 +68,6 @@ get_gss_name(struct connectdata *conn, bool proxy,
int Curl_input_negotiate(struct connectdata *conn, bool proxy, int Curl_input_negotiate(struct connectdata *conn, bool proxy,
const char *header) const char *header)
{ {
struct negotiatedata *neg_ctx = proxy?&conn->data->state.proxyneg:
&conn->data->state.negotiate;
BYTE *input_token = 0; BYTE *input_token = 0;
SecBufferDesc out_buff_desc; SecBufferDesc out_buff_desc;
SecBuffer out_sec_buff; SecBuffer out_sec_buff;
@ -82,6 +80,31 @@ int Curl_input_negotiate(struct connectdata *conn, bool proxy,
size_t len = 0, input_token_len = 0; size_t len = 0, input_token_len = 0;
CURLcode error; CURLcode error;
/* Point to the username and password */
const char *userp;
const char *passwdp;
/* Point to the correct struct with this */
struct negotiatedata *neg_ctx;
if(proxy) {
userp = conn->proxyuser;
passwdp = conn->proxypasswd;
neg_ctx = &conn->data->state.proxyneg;
}
else {
userp = conn->user;
passwdp = conn->passwd;
neg_ctx = &conn->data->state.negotiate;
}
/* Not set means empty */
if(!userp)
userp = "";
if(!passwdp)
passwdp = "";
if(neg_ctx->context && neg_ctx->status == SEC_E_OK) { if(neg_ctx->context && neg_ctx->status == SEC_E_OK) {
/* We finished successfully our part of authentication, but server /* We finished successfully our part of authentication, but server
* rejected it (since we're again here). Exit with an error since we * rejected it (since we're again here). Exit with an error since we
@ -131,12 +154,26 @@ int Curl_input_negotiate(struct connectdata *conn, bool proxy,
if(!neg_ctx->credentials || !neg_ctx->context) if(!neg_ctx->credentials || !neg_ctx->context)
return -1; return -1;
if(userp && *userp) {
/* Populate our identity structure */
error = Curl_create_sspi_identity(userp, passwdp, &neg_ctx->identity);
if(error)
return -1;
/* Allow proper cleanup of the identity structure */
neg_ctx->p_identity = &neg_ctx->identity;
}
else
/* Use the current Windows user */
neg_ctx->p_identity = NULL;
/* Acquire our credientials handle */
neg_ctx->status = neg_ctx->status =
s_pSecFn->AcquireCredentialsHandle(NULL, s_pSecFn->AcquireCredentialsHandle(NULL,
(TCHAR *) TEXT("Negotiate"), (TCHAR *) TEXT("Negotiate"),
SECPKG_CRED_OUTBOUND, NULL, NULL, SECPKG_CRED_OUTBOUND, NULL,
NULL, NULL, neg_ctx->credentials, neg_ctx->p_identity, NULL, NULL,
&lifetime); neg_ctx->credentials, &lifetime);
if(neg_ctx->status != SEC_E_OK) if(neg_ctx->status != SEC_E_OK)
return -1; return -1;
} }
@ -260,6 +297,9 @@ static void cleanup(struct negotiatedata *neg_ctx)
} }
neg_ctx->max_token_length = 0; neg_ctx->max_token_length = 0;
Curl_sspi_free_identity(neg_ctx->p_identity);
neg_ctx->p_identity = NULL;
} }
void Curl_cleanup_negotiate(struct SessionHandle *data) void Curl_cleanup_negotiate(struct SessionHandle *data)

2
lib/urldata.h
View File

@ -459,6 +459,8 @@ struct negotiatedata {
DWORD status; DWORD status;
CtxtHandle *context; CtxtHandle *context;
CredHandle *credentials; CredHandle *credentials;
SEC_WINNT_AUTH_IDENTITY identity;
SEC_WINNT_AUTH_IDENTITY *p_identity;
char server_name[1024]; char server_name[1024];
size_t max_token_length; size_t max_token_length;
BYTE *output_token; BYTE *output_token;