Changelog
+Daniel (7 June 2006)
+- Mikael Sennerholm provided a patch that added NTLM2 session response support
+ to libcurl. The 21 NTLM test cases were again modified to comply...
+
Daniel (27 May 2006)
- Óscar Morales Vivó updated the libcurl.framework.make file.
Available command line options: 112
Available curl_easy_setopt() options: 132
Number of public functions in libcurl: 49
- Amount of public web site mirrors: 32
+ Amount of public web site mirrors: 33
Number of known libcurl bindings: 32
Number of contributors: 492
This release includes the following changes:
+ o NTLM2 session response support
o CURLOPT_COOKIELIST set to "SESS" clears all session cookies
o CURLINFO_LASTSOCKET returned sockets are now checked more before returned
o curl-config got a --checkfor option to compare version numbers
o TFTP transfers could trash data
o -d + -G combo crash
-Other curl-related news since the previous public release:
+Other curl-related news:
- o http://curl.de-mirror.de/ is a new mirror in Aachen, Germany
- o http://curl.osmirror.nl/ is a new mirror in Amsterdam, the Netherlands
o tclcurl 0.15.3 was released:
http://personal1.iddeo.es/andresgarci/tclcurl/english/
- o http://curl.usphp.com/ is a new mirror in Florida, US
+
+New curl mirrors:
+
+ o http://curl.webdesign-zdg.de/ in Frankfurt, Germany
+ o http://curl.de-mirror.de/ in Aachen, Germany
+ o http://curl.osmirror.nl/ in Amsterdam, the Netherlands
+ o http://curl.usphp.com/ in Florida, US
This release would not have looked like this without help, code, reports and
advice from friends like these:
Dan Fandrich, Ilja van Sprundel, David McCreedy, Tor Arntsen, Xavier Bouchoux,
David Byron, Michele Bini, Ates Goral, Katie Wang, Robson Braga Araujo,
Ale Vesely, Paul Querna, Gisle Vanem, Mark Eichin, Roland Blom, Andreas
- Ntaflos, David Shaw, Michael Wallner, Olaf Stüben
+ Ntaflos, David Shaw, Michael Wallner, Olaf Stüben, Mikael Sennerholm
Thanks! (and sorry if I forgot to mention someone)
#include "http_ntlm.h"
#include "url.h"
#include "memory.h"
+#include "ssluse.h"
#define _MPRINTF_REPLACE /* use our functions only */
#include <curl/mprintf.h>
#include <openssl/des.h>
#include <openssl/md4.h>
+#include <openssl/md5.h>
#include <openssl/ssl.h>
+#include <openssl/rand.h>
#if OPENSSL_VERSION_NUMBER < 0x00907001L
#define DES_key_schedule des_key_schedule
/* Define this to make the type-3 message include the NT response message */
#define USE_NTRESPONSES 1
+/* Define this to make the type-3 message include the NTLM2Session response
+ message, requires USE_NTRESPONSES. */
+#define USE_NTLM2SESSION 1
+
#ifndef USE_WINDOWS_SSPI
/* this function converts from the little endian format used in the incoming
package to whatever endian format we're using natively */
32 start of data block
*/
-
+#if USE_NTLM2SESSION
+#define NTLM2FLAG NTLMFLAG_NEGOTIATE_NTLM2_KEY
+#else
+#define NTLM2FLAG 0
+#endif
snprintf((char *)ntlmbuf, sizeof(ntlmbuf), "NTLMSSP%c"
"\x01%c%c%c" /* 32-bit type = 1 */
"%c%c%c%c" /* 32-bit NTLM flag field */
NTLMFLAG_NEGOTIATE_OEM|
NTLMFLAG_REQUEST_TARGET|
NTLMFLAG_NEGOTIATE_NTLM_KEY|
+ NTLM2FLAG|
NTLMFLAG_NEGOTIATE_ALWAYS_SIGN
),
SHORTPAIR(domlen),
LONGQUARTET(NTLMFLAG_NEGOTIATE_OEM|
NTLMFLAG_REQUEST_TARGET|
NTLMFLAG_NEGOTIATE_NTLM_KEY|
+ NTLM2FLAG|
NTLMFLAG_NEGOTIATE_ALWAYS_SIGN),
NTLMFLAG_NEGOTIATE_OEM|
NTLMFLAG_REQUEST_TARGET|
NTLMFLAG_NEGOTIATE_NTLM_KEY|
+ NTLM2FLAG|
NTLMFLAG_NEGOTIATE_ALWAYS_SIGN);
print_flags(stderr,
NTLMFLAG_NEGOTIATE_OEM|
NTLMFLAG_REQUEST_TARGET|
NTLMFLAG_NEGOTIATE_NTLM_KEY|
+ NTLM2FLAG|
NTLMFLAG_NEGOTIATE_ALWAYS_SIGN);
fprintf(stderr, "\n****\n");
});
hostlen = strlen(host);
}
- {
+#if USE_NTLM2SESSION
+ /* We don't support NTLM2 if we don't have USE_NTRESPONSES */
+ if (ntlm->flags & NTLMFLAG_NEGOTIATE_NTLM2_KEY) {
+ unsigned char ntbuffer[0x18];
+ unsigned char tmp[0x18];
+ unsigned char md5sum[MD5_DIGEST_LENGTH];
+ MD5_CTX MD5;
+ unsigned char random[8];
+
+ /* Need to create 8 bytes random data */
+ Curl_ossl_seed(conn->data); /* Initiate the seed if not already done */
+ RAND_bytes(random,8);
+
+ /* 8 bytes random data as challenge in lmresp */
+ memcpy(lmresp,random,8);
+ /* Pad with zeros */
+ memset(lmresp+8,0,0x10);
+
+ /* Fill tmp with challenge(nonce?) + random */
+ memcpy(tmp,&ntlm->nonce[0],8);
+ memcpy(tmp+8,random,8);
+
+ MD5_Init(&MD5);
+ MD5_Update(&MD5, tmp, 16);
+ MD5_Final(md5sum, &MD5);
+ /* We shall only use the first 8 bytes of md5sum,
+ but the des code in lm_resp only encrypt the first 8 bytes */
+ mk_nt_hash(passwdp, ntbuffer);
+ lm_resp(ntbuffer, md5sum, ntresp);
+
+ /* End of NTLM2 Session code */
+ }
+ else {
+#endif
+
#if USE_NTRESPONSES
unsigned char ntbuffer[0x18];
#endif
}
#endif
-static
-int random_the_seed(struct SessionHandle *data)
+static int ossl_seed(struct SessionHandle *data)
{
char *buf = data->state.buffer; /* point to the big buffer */
int nread=0;
return nread;
}
+int Curl_ossl_seed(struct SessionHandle *data)
+{
+ /* we have the "SSL is seeded" boolean static to prevent multiple
+ time-consuming seedings in vain */
+ static bool ssl_seeded = FALSE;
+
+ if(!ssl_seeded || data->set.ssl.random_file || data->set.ssl.egdsocket) {
+ ossl_seed(data);
+ ssl_seeded = TRUE;
+ }
+ return 0;
+}
+
+
#ifndef SSL_FILETYPE_ENGINE
#define SSL_FILETYPE_ENGINE 42
#endif
return (buf);
}
-/* we have the "SSL is seeded" boolean global for the application to
- prevent multiple time-consuming seedings in vain */
-static bool ssl_seeded = FALSE;
#endif /* USE_SSLEAY */
#ifdef USE_SSLEAY
curlassert(ssl_connect_1 == connssl->connecting_state);
- if(!ssl_seeded || data->set.ssl.random_file || data->set.ssl.egdsocket) {
- /* Make funny stuff to get random input */
- random_the_seed(data);
-
- ssl_seeded = TRUE;
- }
+ /* Make funny stuff to get random input */
+ Curl_ossl_seed(data);
/* check to see if we've been told to use an explicit SSL/TLS version */
switch(data->set.ssl.version) {
* | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____|
*
- * Copyright (C) 1998 - 2005, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2006, Daniel Stenberg, <daniel@haxx.se>, et al.
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
bool *wouldblock);
size_t Curl_ossl_version(char *buffer, size_t size);
-
int Curl_ossl_check_cxn(struct connectdata *cxn);
+int Curl_ossl_seed(struct SessionHandle *data);
#endif
</strippart)
<protocol>
GET /150 HTTP/1.1\r
-Authorization: NTLM TlRMTVNTUAABAAAABoIAAAAAAAAAAAAAAAAAAAAAAAA=\r
+Authorization: NTLM TlRMTVNTUAABAAAABoIIAAAAAAAAAAAAAAAAAAAAAAA=\r
User-Agent: curl/7.10.6-pre1 (i686-pc-linux-gnu) libcurl/7.10.6-pre1 OpenSSL/0.9.7a ipv6 zlib/1.1.3\r
Host: 127.0.0.1:%HTTPPORT\r
Accept: */*\r
Expect: 100-continue\r
\r
PUT /155 HTTP/1.1\r
-Authorization: NTLM TlRMTVNTUAABAAAABoIAAAAAAAAAAAAAAAAAAAAAAAA=\r
+Authorization: NTLM TlRMTVNTUAABAAAABoIIAAAAAAAAAAAAAAAAAAAAAAA=\r
Host: 127.0.0.1:%HTTPPORT\r
Accept: */*\r
Content-Length: 0\r
</strippart)
<protocol>
GET /159 HTTP/1.0\r
-Authorization: NTLM TlRMTVNTUAABAAAABoIAAAAAAAAAAAAAAAAAAAAAAAA=\r
+Authorization: NTLM TlRMTVNTUAABAAAABoIIAAAAAAAAAAAAAAAAAAAAAAA=\r
User-Agent: curl/7.10.6-pre1 (i686-pc-linux-gnu) libcurl/7.10.6-pre1 OpenSSL/0.9.7a ipv6 zlib/1.1.3\r
Host: 127.0.0.1:%HTTPPORT\r
Accept: */*\r
</strip>
<protocol>
GET http://127.0.0.1:%HTTPPORT/162 HTTP/1.1\r
-Proxy-Authorization: NTLM TlRMTVNTUAABAAAABoIAAAAAAAAAAAAAAAAAAAAAAAA=\r
+Proxy-Authorization: NTLM TlRMTVNTUAABAAAABoIIAAAAAAAAAAAAAAAAAAAAAAA=\r
User-Agent: curl/7.8.1-pre3 (sparc-sun-solaris2.7) libcurl 7.8.1-pre3 (OpenSSL 0.9.6a) (krb4 enabled)\r
Host: 127.0.0.1:%HTTPPORT\r
Pragma: no-cache\r
</strippart)
<protocol>
GET http://data.from.server.requiring.digest.hohoho.com/169 HTTP/1.1\r
-Proxy-Authorization: NTLM TlRMTVNTUAABAAAABoIAAAAAAAAAAAAAAAAAAAAAAAA=\r
+Proxy-Authorization: NTLM TlRMTVNTUAABAAAABoIIAAAAAAAAAAAAAAAAAAAAAAA=\r
User-Agent: curl/7.12.0-CVS (i686-pc-linux-gnu) libcurl/7.12.0-CVS OpenSSL/0.9.6b ipv6 zlib/1.1.4 GSS libidn/0.4.3\r
Host: data.from.server.requiring.digest.hohoho.com\r
Pragma: no-cache\r
</strip>
<protocol>
POST http://a.galaxy.far.far.away/170 HTTP/1.1\r
-Proxy-Authorization: NTLM TlRMTVNTUAABAAAABoIAAAAAAAAAAAAAAAAAAAAAAAA=\r
+Proxy-Authorization: NTLM TlRMTVNTUAABAAAABoIIAAAAAAAAAAAAAAAAAAAAAAA=\r
User-Agent: curl/7.12.0-CVS (i686-pc-linux-gnu) libcurl/7.12.0-CVS OpenSSL/0.9.6b ipv6 zlib/1.1.4 libidn/0.4.3\r
Host: a.galaxy.far.far.away\r
Pragma: no-cache\r
</strip>
<protocol nonewline=yes>
POST /176 HTTP/1.1\r
-Authorization: NTLM TlRMTVNTUAABAAAABoIAAAAAAAAAAAAAAAAAAAAAAAA=\r
+Authorization: NTLM TlRMTVNTUAABAAAABoIIAAAAAAAAAAAAAAAAAAAAAAA=\r
User-Agent: curl/7.12.1-CVS (i686-pc-linux-gnu) libcurl/7.12.1-CVS OpenSSL/0.9.6b ipv6 zlib/1.1.4 GSS libidn/0.4.6\r
Host: 127.0.0.1:%HTTPPORT\r
Accept: */*\r
<protocol>
CONNECT test.remote.server.com:209 HTTP/1.0\r
Host: test.remote.server.com:209\r
-Proxy-Authorization: NTLM TlRMTVNTUAABAAAABoIAAAAAAAAAAAAAAAAAAAAAAAA=\r
+Proxy-Authorization: NTLM TlRMTVNTUAABAAAABoIIAAAAAAAAAAAAAAAAAAAAAAA=\r
Proxy-Connection: Keep-Alive\r
\r
CONNECT test.remote.server.com:209 HTTP/1.0\r
<protocol nonewline=yes>
CONNECT test.remote.server.com:213 HTTP/1.0\r
Host: test.remote.server.com:213\r
-Proxy-Authorization: NTLM TlRMTVNTUAABAAAABoIAAAAAAAAAAAAAAAAAAAAAAAA=\r
+Proxy-Authorization: NTLM TlRMTVNTUAABAAAABoIIAAAAAAAAAAAAAAAAAAAAAAA=\r
Proxy-Connection: Keep-Alive\r
\r
CONNECT test.remote.server.com:213 HTTP/1.0\r
</strippart)
<protocol nonewline=yes>
POST http://%HOSTIP:%HTTPPORT/239 HTTP/1.1\r
-Proxy-Authorization: NTLM TlRMTVNTUAABAAAABoIAAAAAAAAAAAAAAAAAAAAAAAA=\r
+Proxy-Authorization: NTLM TlRMTVNTUAABAAAABoIIAAAAAAAAAAAAAAAAAAAAAAA=\r
User-Agent: curl/7.13.2-CVS (i686-pc-linux-gnu) libcurl/7.13.2-CVS OpenSSL/0.9.7e zlib/1.2.2 libidn/0.5.13\r
Host: %HOSTIP:%HTTPPORT\r
Pragma: no-cache\r
Content-Type: application/x-www-form-urlencoded\r
\r
postitPOST http://%HOSTIP:%HTTPPORT/243 HTTP/1.1\r
-Proxy-Authorization: NTLM TlRMTVNTUAABAAAABoIAAAAAAAAAAAAAAAAAAAAAAAA=\r
+Proxy-Authorization: NTLM TlRMTVNTUAABAAAABoIIAAAAAAAAAAAAAAAAAAAAAAA=\r
User-Agent: curl/7.13.2-CVS (i686-pc-linux-gnu) libcurl/7.13.2-CVS OpenSSL/0.9.7e zlib/1.2.2 libidn/0.5.13\r
Host: %HOSTIP:%HTTPPORT\r
Pragma: no-cache\r
<protocol nonewline=yes>
CONNECT test.remote.server.com:265 HTTP/1.0\r
Host: test.remote.server.com:265\r
-Proxy-Authorization: NTLM TlRMTVNTUAABAAAABoIAAAAAAAAAAAAAAAAAAAAAAAA=\r
+Proxy-Authorization: NTLM TlRMTVNTUAABAAAABoIIAAAAAAAAAAAAAAAAAAAAAAA=\r
Proxy-Connection: Keep-Alive\r
\r
CONNECT test.remote.server.com:265 HTTP/1.0\r
</strippart)
<protocol nonewline=yes>
POST /267 HTTP/1.1\r
-Authorization: NTLM TlRMTVNTUAABAAAABoIAAAAAAAAAAAAAAAAAAAAAAAA=\r
+Authorization: NTLM TlRMTVNTUAABAAAABoIIAAAAAAAAAAAAAAAAAAAAAAA=\r
User-Agent: curl/7.10.6-pre1 (i686-pc-linux-gnu) libcurl/7.10.6-pre1 OpenSSL/0.9.7a ipv6 zlib/1.1.3\r
Host: 127.0.0.1:%HTTPPORT\r
Accept: */*\r
</strippart)
<protocol>
GET /67 HTTP/1.1\r
-Authorization: NTLM TlRMTVNTUAABAAAABoIAAAAAAAAAAAAAAAAAAAAAAAA=\r
+Authorization: NTLM TlRMTVNTUAABAAAABoIIAAAAAAAAAAAAAAAAAAAAAAA=\r
User-Agent: curl/7.10.6-pre1 (i686-pc-linux-gnu) libcurl/7.10.6-pre1 OpenSSL/0.9.7a ipv6 zlib/1.1.3\r
Host: 127.0.0.1:%HTTPPORT\r
Accept: */*\r
</strippart)
<protocol>
GET /68 HTTP/1.1\r
-Authorization: NTLM TlRMTVNTUAABAAAABoIAAAAAAAAAAAAAAAAAAAAAAAA=\r
+Authorization: NTLM TlRMTVNTUAABAAAABoIIAAAAAAAAAAAAAAAAAAAAAAA=\r
User-Agent: curl/7.10.6-pre1 (i686-pc-linux-gnu) libcurl/7.10.6-pre1 OpenSSL/0.9.7a ipv6 zlib/1.1.3\r
Host: 127.0.0.1:%HTTPPORT\r
Accept: */*\r
Accept: */*\r
\r
GET /69 HTTP/1.1\r
-Authorization: NTLM TlRMTVNTUAABAAAABoIAAAAAAAAAAAAAAAAAAAAAAAA=\r
+Authorization: NTLM TlRMTVNTUAABAAAABoIIAAAAAAAAAAAAAAAAAAAAAAA=\r
User-Agent: curl/7.10.6-pre1 (i686-pc-linux-gnu) libcurl/7.10.6-pre1 OpenSSL/0.9.7a ipv6 zlib/1.1.3\r
Host: 127.0.0.1:%HTTPPORT\r
Accept: */*\r
</strippart)
<protocol>
GET http://127.0.0.1:%HTTPPORT/81 HTTP/1.1\r
-Proxy-Authorization: NTLM TlRMTVNTUAABAAAABoIAAAAAAAAAAAAAAAAAAAAAAAA=\r
+Proxy-Authorization: NTLM TlRMTVNTUAABAAAABoIIAAAAAAAAAAAAAAAAAAAAAAA=\r
User-Agent: curl/7.10.6-pre1 (i686-pc-linux-gnu) libcurl/7.10.6-pre1 OpenSSL/0.9.7a ipv6 zlib/1.1.3\r
Host: 127.0.0.1:%HTTPPORT\r
Pragma: no-cache\r
</strippart)
<protocol>
GET /89 HTTP/1.1\r
-Authorization: NTLM TlRMTVNTUAABAAAABoIAAAAAAAAAAAAAAAAAAAAAAAA=\r
+Authorization: NTLM TlRMTVNTUAABAAAABoIIAAAAAAAAAAAAAAAAAAAAAAA=\r
User-Agent: curl/7.10.6-pre1 (i686-pc-linux-gnu) libcurl/7.10.6-pre1 OpenSSL/0.9.7a ipv6 zlib/1.1.3\r
Host: 127.0.0.1:%HTTPPORT\r
Accept: */*\r
Accept: */*\r
\r
GET /you/890010 HTTP/1.1\r
-Authorization: NTLM TlRMTVNTUAABAAAABoIAAAAAAAAAAAAAAAAAAAAAAAA=\r
+Authorization: NTLM TlRMTVNTUAABAAAABoIIAAAAAAAAAAAAAAAAAAAAAAA=\r
User-Agent: curl/7.10.8-pre1 (i686-pc-linux-gnu) libcurl/7.10.8-pre1 OpenSSL/0.9.7a ipv6 zlib/1.1.3 GSS\r
Host: 127.0.0.1:%HTTPPORT\r
Accept: */*\r
Accept: */*\r
\r
GET /90 HTTP/1.1\r
-Authorization: NTLM TlRMTVNTUAABAAAABoIAAAAAAAAAAAAAAAAAAAAAAAA=\r
+Authorization: NTLM TlRMTVNTUAABAAAABoIIAAAAAAAAAAAAAAAAAAAAAAA=\r
User-Agent: curl/7.10.6-pre1 (i686-pc-linux-gnu) libcurl/7.10.6-pre1 OpenSSL/0.9.7a ipv6 zlib/1.1.3\r
Host: 127.0.0.1:%HTTPPORT\r
Accept: */*\r
Accept: */*\r
\r
GET /you/900010 HTTP/1.1\r
-Authorization: NTLM TlRMTVNTUAABAAAABoIAAAAAAAAAAAAAAAAAAAAAAAA=\r
+Authorization: NTLM TlRMTVNTUAABAAAABoIIAAAAAAAAAAAAAAAAAAAAAAA=\r
User-Agent: curl/7.10.8-pre1 (i686-pc-linux-gnu) libcurl/7.10.8-pre1 OpenSSL/0.9.7a ipv6 zlib/1.1.3 GSS\r
Host: 127.0.0.1:%HTTPPORT\r
Accept: */*\r
Accept: */*\r
\r
GET /91 HTTP/1.1\r
-Authorization: NTLM TlRMTVNTUAABAAAABoIAAAAAAAAAAAAAAAAAAAAAAAA=\r
+Authorization: NTLM TlRMTVNTUAABAAAABoIIAAAAAAAAAAAAAAAAAAAAAAA=\r
User-Agent: curl/7.10.6-pre1 (i686-pc-linux-gnu) libcurl/7.10.6-pre1 OpenSSL/0.9.7a ipv6 zlib/1.1.3\r
Host: 127.0.0.1:%HTTPPORT\r
Accept: */*\r
projects / curl / commitdiff