Commit Graph

86 Commits

Author SHA1 Message Date
Kamil Dudka
b5c3feda17 NTLM tests: boost coverage by forcing the hostname
A shared library tests/libtest/.libs/lihostname.so is preloaded in NTLM
test-cases to override the system implementation of gethostname().  It
makes it possible to test the NTLM authentication for exact match, and
this way test the implementation of MD4 and DES.

If LD_PRELOAD doesn't work, a debug build willl also workk as debug
builds are now made to prefer a specific environment variable and will
then return that content as host name instead of the actual one.

Kamil wrote the bulk of this, Daniel Stenberg polished it.
2010-07-30 00:51:24 +02:00
Kamil Dudka
f3b77e5611 http_ntlm: add support for NSS
When configured with '--without-ssl --with-nss', NTLM authentication
now uses NSS crypto library for MD5 and DES.  For MD4 we have a local
implementation in that case.  More details are available at
https://bugzilla.redhat.com/603783

In order to get it working, curl_global_init() must be called with
CURL_GLOBAL_SSL or CURL_GLOBAL_ALL.  That's necessary because NSS needs
to be initialized globally and we do so only when the NSS library is
actually required by protocol.  The mentioned call of curl_global_init()
is responsible for creating of the initialization mutex.

There was also slightly changed the NSS initialization scenario, in
particular, loading of the NSS PEM module.  It used to be loaded always
right after the NSS library was initialized.  Now the library is
initialized as soon as any SSL or NTLM is required, while the PEM module
is prevented from being loaded until the SSL is actually required.
2010-06-30 13:12:25 +02:00
Daniel Stenberg
2309b4e330 remove the CVSish $Id$ lines 2010-03-24 11:02:54 +01:00
Dan Fandrich
c7e647b88a Allow compilation even when OpenSSL has been configured without MD4 support. 2010-03-11 06:57:33 +00:00
Daniel Stenberg
de2cc11a73 Julien Chaffraix corrected bad #elif lines to silence warnings 2010-01-24 22:44:10 +00:00
Yang Tse
33a3753c3f libcurl's memory.h renamed to curl_memory.h 2009-04-21 11:46:16 +00:00
Yang Tse
94bb7fe5cb Fix NTLM authentication memory leak on SSPI enabled Windows builds 2009-03-05 01:23:14 +00:00
Daniel Stenberg
794b4da840 Indentation fixes, untabify and related whitespace-cleanup. No code changed. 2009-02-27 08:53:10 +00:00
Dan Fandrich
9a4c887c4a Added support for Digest and NTLM authentication using GnuTLS. 2009-02-12 20:48:40 +00:00
Yang Tse
99b4912688 ensure that we use the ANSI version functions 2009-01-30 02:35:40 +00:00
Yang Tse
e813bf31d7 Introduced curl_sspi.c and curl_sspi.h for the implementation of functions
Curl_sspi_global_init() and Curl_sspi_global_cleanup() which previously were
named Curl_ntlm_global_init() and Curl_ntlm_global_cleanup() in http_ntlm.c
Also adjusted socks_sspi.c to remove the link-time dependency on the Windows
SSPI library using it now in the same way as it was done in http_ntlm.c.
2009-01-29 20:32:27 +00:00
Dan Fandrich
5591550167 Fixed a couple more locale-dependent toupper conversions, mainly for
clarity.  This does fix one problem that causes ;type=i FTP URLs
to fail in the Turkish locale when CURLOPT_PROXY_TRANSFER_MODE is
used (test case 561)

Added tests 561 and 1092 through 1094 to test various combinations
of ;type= and ;mode= URLs that could potentially fail in the Turkish
locale.
2009-01-21 04:42:47 +00:00
Daniel Stenberg
b701ea36a7 moved the Curl_raw_ functions into the new lib/rawstr.c file for easier curlx_
inclusion by the curl tool without colliding with the curl_strequal functions.
2008-10-23 11:49:19 +00:00
Yang Tse
2d77f7cd48 fix compiler warning: function declaration isn't a prototype 2008-09-30 15:06:03 +00:00
Dan Fandrich
934708d950 Made some variables const which eliminated some casts 2008-09-02 17:41:20 +00:00
Yang Tse
3e61c90dbe Adjust usage of conditional definition of USE_OPENSSL 2008-08-17 01:57:10 +00:00
Yang Tse
ac18b471d2 libcurl internal base64.h header file renamed to curl_base64.h 2008-08-17 00:25:38 +00:00
Daniel Stenberg
f8a3aa91cd - Constantine Sapuntzakis filed bug report #2042430
(http://curl.haxx.se/bug/view.cgi?id=2042430) with a patch. "NTLM Windows
  SSPI code is not thread safe". This was due to libcurl using static
  variables to tell wether to load the necessary SSPI DLL, but now the loading
  has been moved to the more suitable curl_global_init() call.
2008-08-11 20:29:36 +00:00
Daniel Stenberg
ad6e28073c removed space after if and while before the parenthesis for better source code
consistency
2007-11-05 09:45:09 +00:00
Dan Fandrich
16b95fc773 Enabled a few more gcc warnings with --enable-debug. Renamed a few
variables to avoid shadowing global declarations.
2007-09-27 01:45:22 +00:00
Dan Fandrich
8cf0814a14 Fixed some minor type mismatches and missing consts mainly found by splint. 2007-08-27 06:31:28 +00:00
Daniel Stenberg
2f8f12e82e Andrew Wansink provided an NTLM bugfix: in the case the server sets the flag
NTLMFLAG_NEGOTIATE_UNICODE, we need to filter it off because libcurl doesn't
unicode encode the strings it packs into the NTLM authenticate packet.
2007-08-14 10:28:21 +00:00
Gunter Knauf
2a1345ae9f added netdb.h for NetWare CLIB since gethostname() is defined there. 2007-07-11 09:08:03 +00:00
Dan Fandrich
d46d995766 Fixed some out of memory handling issues. 2007-04-10 22:52:50 +00:00
Yang Tse
5be7b543d8 Update NTLM flag and description 2007-04-10 02:17:06 +00:00
Dan Fandrich
c321b9f704 Fixes some more out of memory handling bugs. 2007-04-04 23:41:35 +00:00
Daniel Stenberg
39aac63521 silence two cases of "comparison between signed and unsigned" 2007-02-21 22:02:13 +00:00
Yang Tse
3a634a273a curlassert macro replaced with DEBUGASSERT macro defined in setup_once.h 2007-02-21 19:03:20 +00:00
Daniel Stenberg
354c8dcd82 - David McCreedy did NTLM changes mainly for non-ASCII platforms:
#1
  There's a compilation error in http_ntlm.c if USE_NTLM2SESSION is NOT
  defined.  I noticed this while testing various configurations.  Line 867 of
  the current http_ntlm.c is a closing bracket for an if/else pair that only
  gets compiled in if USE_NTLM2SESSION is defined.  But this closing bracket
  wasn't in an #ifdef so the code fails to compile unless USE_NTLM2SESSION was
  defined.  Lines 198 and 140 of my patch wraps that closing bracket in an
  #ifdef USE_NTLM2SESSION.

  #2
  I noticed several picky compiler warnings when DEBUG_ME is defined.  I've
  fixed them with casting.  By the way, DEBUG_ME was a huge help in
  understanding this code.

  #3
  Hopefully the last non-ASCII conversion patch for libcurl in a while.  I
  changed the "NTLMSSP" literal to hex since this signature must always be in
  ASCII.

  Conversion code was strategically added where necessary.  And the
  Curl_base64_encode calls were changed so the binary "blobs" http_ntlm.c
  creates are NOT translated on non-ASCII platforms.
2007-01-23 22:57:42 +00:00
Daniel Stenberg
359d500908 - David McCreedy made changes to allow base64 encoding/decoding to work on
non-ASCII platforms.
2007-01-03 23:04:38 +00:00
Yang Tse
0ed285e84d prototype for gethostname is in unistd.h 2006-11-02 00:33:43 +00:00
Daniel Stenberg
44d84ac164 Avoid typecasting a signed char to an int when using is*() functions, as that
could very well cause a negate number get passed in and thus cause reading
outside of the array usually used for this purpose.

We avoid this by using the uppercase macro versions introduced just now that
does some extra crazy typecasts to avoid byte codes > 127 to cause negative
int values.
2006-10-17 21:32:56 +00:00
Daniel Stenberg
b0f6e7cee4 Michele Bini fixed how the hostname is put in NTLM packages. As servers
don't expect fully qualified names we need to cut them off at the first dot.
2006-09-09 11:45:27 +00:00
Yang Tse
d157c29269 Fix compiler warnings 2006-07-19 21:14:02 +00:00
Daniel Stenberg
2bd3033f68 NTLM2 session response support 2006-06-07 14:14:04 +00:00
Gisle Vanem
e4a4b562c4 readint_le() not needed in USE_WINDOWS_SSPI code. 2006-04-08 11:04:53 +00:00
Daniel Stenberg
be285cde3f Michele Bini modified the NTLM code to work for his "weird IIS case"
(http://curl.haxx.se/mail/lib-2006-02/0154.html) by adding the NTLM hash
function in addition to the LM one and making some other adjustments in the
order the different parts of the data block are sent in the Type-2 reply.
Inspiration for this work was taken from the Firefox NTLM implementation.

I edited the existing 21(!) NTLM test cases to run fine with these news. Due
to the fact that we now properly include the host name in the Type-2 message
the test cases now only compare parts of that chunk.
2006-04-05 12:35:48 +00:00
Daniel Stenberg
92c0de518e Quagmire reported that he needed to raise a NTLM buffer for SSPI to work
properly for a case, and so we did. We raised it even for non-SSPI builds
but it should not do any harm. http://curl.haxx.se/bug/view.cgi?id=1356715
2005-11-14 22:10:52 +00:00
Daniel Stenberg
175335808b Dmitry Bartsevich discovered some issues in compatibilty of SSPI-enabled
version of libcurl with different Windows versions. Current version of
libcurl imports SSPI functions from secur32.dll. However, under Windows NT
4.0 these functions are located in security.dll, under Windows 9x - in
secur32.dll and Windows 2000 and XP contains both these DLLs (security.dll
just forwards calls to secur32.dll).

Dmitry's patch loads proper library dynamically depending on Windows
version. Function InitSecurityInterface() is used to obtain pointers to all
of SSPI function in one structure.
: ----------------------------------------------------------------------
2005-11-08 14:15:34 +00:00
Daniel Stenberg
943aea6267 Make sure that the user and domain strings fit in the target buffer before we
copy them there.
2005-10-13 07:57:51 +00:00
Gisle Vanem
06c3bec65d Avoid gcc warning "dereferencing type-punned pointer
will break strict-aliasing rules".
2005-10-02 18:22:45 +00:00
Daniel Stenberg
58d628c9f8 Uses __stdcall instead of SEC_ENTRY since it seems (at least) mingw doesn't
define SEC_ENTRY and thus fails unless this is done!
2005-09-20 08:29:56 +00:00
Daniel Stenberg
3fe5311967 Dmitry Bartsevich made the SSPI support work on Windows 9x as well 2005-09-19 21:45:16 +00:00
Daniel Stenberg
6e61939382 GnuTLS support added. There's now a "generic" SSL layer that we use all over
internally, with code provided by sslgen.c. All SSL-layer-specific code is
then written in ssluse.c (for OpenSSL) and gtls.c (for GnuTLS).

As far as possible, internals should not need to know what SSL layer that is
in use. Building with GnuTLS currently makes two test cases fail.

TODO.gnutls contains a few known outstanding issues for the GnuTLS support.

GnuTLS support is enabled with configure --with-gnutls
2005-04-07 15:27:13 +00:00
Daniel Stenberg
ec4e653c6f hushing up more warnings 2005-03-14 15:51:10 +00:00
Gisle Vanem
76c24a0d82 Avoid "unused variable" warnings. 2005-03-14 09:37:08 +00:00
Dan Fandrich
fb9ae9d0e2 Fixed some compiler warnings. 2005-03-11 05:49:04 +00:00
Daniel Stenberg
d1d35ba85f Christopher R. Palmer made it possible to build libcurl with the
USE_WINDOWS_SSPI on Windows, and then libcurl will be built to use the native
way to do NTLM. SSPI also allows libcurl to pass on the current user and its
password in the request.
2005-03-10 23:15:29 +00:00
Daniel Stenberg
527f70e540 Curl_base64_decode() now returns an allocated buffer 2005-02-22 12:10:30 +00:00
Daniel Stenberg
19f66c7575 Thanks for the notification iDEFENCE. We are the "initial vendor" and we sure
got no notification, no mail, no nothing.

You didn't even bother to mail us when you went public with this. Cool.

NTLM buffer overflow fix, as reported here:

http://www.securityfocus.com/archive/1/391042
2005-02-22 07:44:14 +00:00