From 28ff8babada4095f5b74818e0018a0fbda58686e Mon Sep 17 00:00:00 2001 From: Steve Holme Date: Sat, 25 Oct 2014 14:23:40 +0100 Subject: [PATCH] ntlm: Changed handles to be dynamic like other SSPI handles Code cleanup to try and synchronise code between the different SSPI based authentication mechanisms. --- lib/curl_ntlm_msgs.c | 49 +++++++++++++++++++++++++++++--------------- lib/urldata.h | 5 ++--- 2 files changed, 35 insertions(+), 19 deletions(-) diff --git a/lib/curl_ntlm_msgs.c b/lib/curl_ntlm_msgs.c index b38670fdf..99df82f87 100644 --- a/lib/curl_ntlm_msgs.c +++ b/lib/curl_ntlm_msgs.c @@ -343,10 +343,16 @@ void Curl_ntlm_sspi_cleanup(struct ntlmdata *ntlm) { Curl_safefree(ntlm->input_token); - if(ntlm->has_handles) { - s_pSecFn->DeleteSecurityContext(&ntlm->context); - s_pSecFn->FreeCredentialsHandle(&ntlm->credentials); - ntlm->has_handles = 0; + if(ntlm->context) { + s_pSecFn->DeleteSecurityContext(ntlm->context); + free(ntlm->context); + ntlm->context = NULL; + } + + if(ntlm->credentials) { + s_pSecFn->FreeCredentialsHandle(ntlm->credentials); + free(ntlm->credentials); + ntlm->credentials = NULL; } ntlm->max_token_length = 0; @@ -452,15 +458,29 @@ CURLcode Curl_ntlm_create_type1_message(const char *userp, /* Use the current Windows user */ ntlm->p_identity = NULL; - /* Acquire our credientials handle */ + /* Allocate our credentials handle */ + ntlm->credentials = malloc(sizeof(CredHandle)); + if(!ntlm->credentials) + return CURLE_OUT_OF_MEMORY; + + memset(ntlm->credentials, 0, sizeof(CredHandle)); + + /* Acquire our credentials handle */ status = s_pSecFn->AcquireCredentialsHandle(NULL, (TCHAR *) TEXT("NTLM"), SECPKG_CRED_OUTBOUND, NULL, ntlm->p_identity, NULL, NULL, - &ntlm->credentials, &tsDummy); + ntlm->credentials, &tsDummy); if(status != SEC_E_OK) return CURLE_OUT_OF_MEMORY; + /* Allocate our new context handle */ + ntlm->context = malloc(sizeof(CtxtHandle)); + if(!ntlm->context) + return CURLE_OUT_OF_MEMORY; + + memset(ntlm->context, 0, sizeof(CtxtHandle)); + /* Setup the type-1 "output" security buffer */ type_1_desc.ulVersion = SECBUFFER_VERSION; type_1_desc.cBuffers = 1; @@ -470,22 +490,19 @@ CURLcode Curl_ntlm_create_type1_message(const char *userp, type_1_buf.cbBuffer = curlx_uztoul(ntlm->max_token_length); /* Generate our type-1 message */ - status = s_pSecFn->InitializeSecurityContext(&ntlm->credentials, NULL, + status = s_pSecFn->InitializeSecurityContext(ntlm->credentials, NULL, (TCHAR *) TEXT(""), 0, 0, SECURITY_NETWORK_DREP, NULL, 0, - &ntlm->context, &type_1_desc, + ntlm->context, &type_1_desc, &attrs, &tsDummy); if(status == SEC_I_COMPLETE_AND_CONTINUE || status == SEC_I_CONTINUE_NEEDED) - s_pSecFn->CompleteAuthToken(&ntlm->context, &type_1_desc); - else if(status != SEC_E_OK) { - s_pSecFn->FreeCredentialsHandle(&ntlm->credentials); + s_pSecFn->CompleteAuthToken(ntlm->context, &type_1_desc); + else if(status != SEC_E_OK) return CURLE_RECV_ERROR; - } - ntlm->has_handles = 1; size = type_1_buf.cbBuffer; #else @@ -652,12 +669,12 @@ CURLcode Curl_ntlm_create_type3_message(struct SessionHandle *data, type_3_buf.cbBuffer = curlx_uztoul(ntlm->max_token_length); /* Generate our type-3 message */ - status = s_pSecFn->InitializeSecurityContext(&ntlm->credentials, - &ntlm->context, + status = s_pSecFn->InitializeSecurityContext(ntlm->credentials, + ntlm->context, (TCHAR *) TEXT(""), 0, 0, SECURITY_NETWORK_DREP, &type_2_desc, - 0, &ntlm->context, + 0, ntlm->context, &type_3_desc, &attrs, &tsDummy); if(status != SEC_E_OK) { diff --git a/lib/urldata.h b/lib/urldata.h index 5d1366737..4146b8b72 100644 --- a/lib/urldata.h +++ b/lib/urldata.h @@ -435,13 +435,12 @@ struct kerberos5data { struct ntlmdata { curlntlm state; #ifdef USE_WINDOWS_SSPI - CredHandle credentials; - CtxtHandle context; + CredHandle *credentials; + CtxtHandle *context; SEC_WINNT_AUTH_IDENTITY identity; SEC_WINNT_AUTH_IDENTITY *p_identity; size_t max_token_length; BYTE *output_token; - int has_handles; BYTE *input_token; size_t input_token_len; #else -- 2.40.0