summaryrefslogtreecommitdiff
path: root/libs/libcurl/src/vauth
diff options
context:
space:
mode:
authordartraiden <wowemuh@gmail.com>2024-09-11 21:49:43 +0300
committerdartraiden <wowemuh@gmail.com>2024-09-11 21:52:35 +0300
commitc36db68a5f58ec6c9135eff778b6e77c30e58088 (patch)
tree22eea126db82c50388c9f94cd683d6ec6f04e6cb /libs/libcurl/src/vauth
parent02bb82c1c0a4031e7b2f5578370fa5acd620f8e1 (diff)
libcurl: update to 8.10.0
Diffstat (limited to 'libs/libcurl/src/vauth')
-rw-r--r--libs/libcurl/src/vauth/digest.c4
-rw-r--r--libs/libcurl/src/vauth/digest_sspi.c54
-rw-r--r--libs/libcurl/src/vauth/krb5_sspi.c26
-rw-r--r--libs/libcurl/src/vauth/ntlm.c24
-rw-r--r--libs/libcurl/src/vauth/ntlm_sspi.c22
-rw-r--r--libs/libcurl/src/vauth/spnego_gssapi.c12
-rw-r--r--libs/libcurl/src/vauth/spnego_sspi.c38
7 files changed, 89 insertions, 91 deletions
diff --git a/libs/libcurl/src/vauth/digest.c b/libs/libcurl/src/vauth/digest.c
index 5e1461fff4..ab396d2f6b 100644
--- a/libs/libcurl/src/vauth/digest.c
+++ b/libs/libcurl/src/vauth/digest.c
@@ -142,7 +142,7 @@ bool Curl_auth_digest_get_pair(const char *str, char *value, char *content,
}
#if !defined(USE_WINDOWS_SSPI)
-/* Convert md5 chunk to RFC2617 (section 3.1.3) -suitable ascii string */
+/* Convert md5 chunk to RFC2617 (section 3.1.3) -suitable ASCII string */
static void auth_digest_md5_to_ascii(unsigned char *source, /* 16 bytes */
unsigned char *dest) /* 33 bytes */
{
@@ -151,7 +151,7 @@ static void auth_digest_md5_to_ascii(unsigned char *source, /* 16 bytes */
msnprintf((char *) &dest[i * 2], 3, "%02x", source[i]);
}
-/* Convert sha256 or SHA-512/256 chunk to RFC7616 -suitable ascii string */
+/* Convert sha256 or SHA-512/256 chunk to RFC7616 -suitable ASCII string */
static void auth_digest_sha256_to_ascii(unsigned char *source, /* 32 bytes */
unsigned char *dest) /* 65 bytes */
{
diff --git a/libs/libcurl/src/vauth/digest_sspi.c b/libs/libcurl/src/vauth/digest_sspi.c
index 1562e124f4..4a24d5c577 100644
--- a/libs/libcurl/src/vauth/digest_sspi.c
+++ b/libs/libcurl/src/vauth/digest_sspi.c
@@ -60,12 +60,13 @@ bool Curl_auth_is_digest_supported(void)
SECURITY_STATUS status;
/* Query the security package for Digest */
- status = s_pSecFn->QuerySecurityPackageInfo((TCHAR *) TEXT(SP_NAME_DIGEST),
- &SecurityPackage);
+ status =
+ Curl_pSecFn->QuerySecurityPackageInfo((TCHAR *) TEXT(SP_NAME_DIGEST),
+ &SecurityPackage);
/* Release the package buffer as it is not required anymore */
if(status == SEC_E_OK) {
- s_pSecFn->FreeContextBuffer(SecurityPackage);
+ Curl_pSecFn->FreeContextBuffer(SecurityPackage);
}
return (status == SEC_E_OK ? TRUE : FALSE);
@@ -119,8 +120,9 @@ CURLcode Curl_auth_create_digest_md5_message(struct Curl_easy *data,
}
/* Query the security package for DigestSSP */
- status = s_pSecFn->QuerySecurityPackageInfo((TCHAR *) TEXT(SP_NAME_DIGEST),
- &SecurityPackage);
+ status =
+ Curl_pSecFn->QuerySecurityPackageInfo((TCHAR *) TEXT(SP_NAME_DIGEST),
+ &SecurityPackage);
if(status != SEC_E_OK) {
failf(data, "SSPI: could not get auth info");
return CURLE_AUTH_ERROR;
@@ -129,7 +131,7 @@ CURLcode Curl_auth_create_digest_md5_message(struct Curl_easy *data,
token_max = SecurityPackage->cbMaxToken;
/* Release the package buffer as it is not required anymore */
- s_pSecFn->FreeContextBuffer(SecurityPackage);
+ Curl_pSecFn->FreeContextBuffer(SecurityPackage);
/* Allocate our response buffer */
output_token = malloc(token_max);
@@ -160,7 +162,7 @@ CURLcode Curl_auth_create_digest_md5_message(struct Curl_easy *data,
p_identity = NULL;
/* Acquire our credentials handle */
- status = s_pSecFn->AcquireCredentialsHandle(NULL,
+ status = Curl_pSecFn->AcquireCredentialsHandle(NULL,
(TCHAR *) TEXT(SP_NAME_DIGEST),
SECPKG_CRED_OUTBOUND, NULL,
p_identity, NULL, NULL,
@@ -190,20 +192,20 @@ CURLcode Curl_auth_create_digest_md5_message(struct Curl_easy *data,
resp_buf.cbBuffer = curlx_uztoul(token_max);
/* Generate our response message */
- status = s_pSecFn->InitializeSecurityContext(&credentials, NULL, spn,
+ status = Curl_pSecFn->InitializeSecurityContext(&credentials, NULL, spn,
0, 0, 0, &chlg_desc, 0,
&context, &resp_desc, &attrs,
&expiry);
if(status == SEC_I_COMPLETE_NEEDED ||
status == SEC_I_COMPLETE_AND_CONTINUE)
- s_pSecFn->CompleteAuthToken(&credentials, &resp_desc);
+ Curl_pSecFn->CompleteAuthToken(&credentials, &resp_desc);
else if(status != SEC_E_OK && status != SEC_I_CONTINUE_NEEDED) {
#if !defined(CURL_DISABLE_VERBOSE_STRINGS)
char buffer[STRERROR_LEN];
#endif
- s_pSecFn->FreeCredentialsHandle(&credentials);
+ Curl_pSecFn->FreeCredentialsHandle(&credentials);
Curl_sspi_free_identity(p_identity);
free(spn);
free(output_token);
@@ -223,8 +225,8 @@ CURLcode Curl_auth_create_digest_md5_message(struct Curl_easy *data,
Curl_bufref_set(out, output_token, resp_buf.cbBuffer, curl_free);
/* Free our handles */
- s_pSecFn->DeleteSecurityContext(&context);
- s_pSecFn->FreeCredentialsHandle(&credentials);
+ Curl_pSecFn->DeleteSecurityContext(&context);
+ Curl_pSecFn->FreeCredentialsHandle(&credentials);
/* Free the identity structure */
Curl_sspi_free_identity(p_identity);
@@ -410,8 +412,9 @@ CURLcode Curl_auth_create_digest_http_message(struct Curl_easy *data,
(void) data;
/* Query the security package for DigestSSP */
- status = s_pSecFn->QuerySecurityPackageInfo((TCHAR *) TEXT(SP_NAME_DIGEST),
- &SecurityPackage);
+ status =
+ Curl_pSecFn->QuerySecurityPackageInfo((TCHAR *) TEXT(SP_NAME_DIGEST),
+ &SecurityPackage);
if(status != SEC_E_OK) {
failf(data, "SSPI: could not get auth info");
return CURLE_AUTH_ERROR;
@@ -420,7 +423,7 @@ CURLcode Curl_auth_create_digest_http_message(struct Curl_easy *data,
token_max = SecurityPackage->cbMaxToken;
/* Release the package buffer as it is not required anymore */
- s_pSecFn->FreeContextBuffer(SecurityPackage);
+ Curl_pSecFn->FreeContextBuffer(SecurityPackage);
/* Allocate the output buffer according to the max token size as indicated
by the security package */
@@ -436,7 +439,7 @@ CURLcode Curl_auth_create_digest_http_message(struct Curl_easy *data,
(userp && digest->user && Curl_timestrcmp(userp, digest->user)) ||
(passwdp && digest->passwd && Curl_timestrcmp(passwdp, digest->passwd))) {
if(digest->http_context) {
- s_pSecFn->DeleteSecurityContext(digest->http_context);
+ Curl_pSecFn->DeleteSecurityContext(digest->http_context);
Curl_safefree(digest->http_context);
}
Curl_safefree(digest->user);
@@ -463,13 +466,14 @@ CURLcode Curl_auth_create_digest_http_message(struct Curl_easy *data,
chlg_buf[4].pvBuffer = output_token;
chlg_buf[4].cbBuffer = curlx_uztoul(token_max);
- status = s_pSecFn->MakeSignature(digest->http_context, 0, &chlg_desc, 0);
+ status = Curl_pSecFn->MakeSignature(digest->http_context, 0, &chlg_desc,
+ 0);
if(status == SEC_E_OK)
output_token_len = chlg_buf[4].cbBuffer;
else { /* delete the context so a new one can be made */
infof(data, "digest_sspi: MakeSignature failed, error 0x%08lx",
(long)status);
- s_pSecFn->DeleteSecurityContext(digest->http_context);
+ Curl_pSecFn->DeleteSecurityContext(digest->http_context);
Curl_safefree(digest->http_context);
}
}
@@ -529,7 +533,7 @@ CURLcode Curl_auth_create_digest_http_message(struct Curl_easy *data,
}
/* Acquire our credentials handle */
- status = s_pSecFn->AcquireCredentialsHandle(NULL,
+ status = Curl_pSecFn->AcquireCredentialsHandle(NULL,
(TCHAR *) TEXT(SP_NAME_DIGEST),
SECPKG_CRED_OUTBOUND, NULL,
p_identity, NULL, NULL,
@@ -565,7 +569,7 @@ CURLcode Curl_auth_create_digest_http_message(struct Curl_easy *data,
spn = curlx_convert_UTF8_to_tchar((char *) uripath);
if(!spn) {
- s_pSecFn->FreeCredentialsHandle(&credentials);
+ Curl_pSecFn->FreeCredentialsHandle(&credentials);
Curl_sspi_free_identity(p_identity);
free(output_token);
@@ -579,7 +583,7 @@ CURLcode Curl_auth_create_digest_http_message(struct Curl_easy *data,
return CURLE_OUT_OF_MEMORY;
/* Generate our response message */
- status = s_pSecFn->InitializeSecurityContext(&credentials, NULL,
+ status = Curl_pSecFn->InitializeSecurityContext(&credentials, NULL,
spn,
ISC_REQ_USE_HTTP_STYLE, 0, 0,
&chlg_desc, 0,
@@ -589,13 +593,13 @@ CURLcode Curl_auth_create_digest_http_message(struct Curl_easy *data,
if(status == SEC_I_COMPLETE_NEEDED ||
status == SEC_I_COMPLETE_AND_CONTINUE)
- s_pSecFn->CompleteAuthToken(&credentials, &resp_desc);
+ Curl_pSecFn->CompleteAuthToken(&credentials, &resp_desc);
else if(status != SEC_E_OK && status != SEC_I_CONTINUE_NEEDED) {
#if !defined(CURL_DISABLE_VERBOSE_STRINGS)
char buffer[STRERROR_LEN];
#endif
- s_pSecFn->FreeCredentialsHandle(&credentials);
+ Curl_pSecFn->FreeCredentialsHandle(&credentials);
Curl_sspi_free_identity(p_identity);
free(output_token);
@@ -615,7 +619,7 @@ CURLcode Curl_auth_create_digest_http_message(struct Curl_easy *data,
output_token_len = resp_buf.cbBuffer;
- s_pSecFn->FreeCredentialsHandle(&credentials);
+ Curl_pSecFn->FreeCredentialsHandle(&credentials);
Curl_sspi_free_identity(p_identity);
}
@@ -660,7 +664,7 @@ void Curl_auth_digest_cleanup(struct digestdata *digest)
/* Delete security context */
if(digest->http_context) {
- s_pSecFn->DeleteSecurityContext(digest->http_context);
+ Curl_pSecFn->DeleteSecurityContext(digest->http_context);
Curl_safefree(digest->http_context);
}
diff --git a/libs/libcurl/src/vauth/krb5_sspi.c b/libs/libcurl/src/vauth/krb5_sspi.c
index d93cd6ef42..eae79ccaa5 100644
--- a/libs/libcurl/src/vauth/krb5_sspi.c
+++ b/libs/libcurl/src/vauth/krb5_sspi.c
@@ -55,13 +55,13 @@ bool Curl_auth_is_gssapi_supported(void)
SECURITY_STATUS status;
/* Query the security package for Kerberos */
- status = s_pSecFn->QuerySecurityPackageInfo((TCHAR *)
+ status = Curl_pSecFn->QuerySecurityPackageInfo((TCHAR *)
TEXT(SP_NAME_KERBEROS),
&SecurityPackage);
/* Release the package buffer as it is not required anymore */
if(status == SEC_E_OK) {
- s_pSecFn->FreeContextBuffer(SecurityPackage);
+ Curl_pSecFn->FreeContextBuffer(SecurityPackage);
}
return (status == SEC_E_OK ? TRUE : FALSE);
@@ -118,7 +118,7 @@ CURLcode Curl_auth_create_gssapi_user_message(struct Curl_easy *data,
if(!krb5->output_token) {
/* Query the security package for Kerberos */
- status = s_pSecFn->QuerySecurityPackageInfo((TCHAR *)
+ status = Curl_pSecFn->QuerySecurityPackageInfo((TCHAR *)
TEXT(SP_NAME_KERBEROS),
&SecurityPackage);
if(status != SEC_E_OK) {
@@ -129,7 +129,7 @@ CURLcode Curl_auth_create_gssapi_user_message(struct Curl_easy *data,
krb5->token_max = SecurityPackage->cbMaxToken;
/* Release the package buffer as it is not required anymore */
- s_pSecFn->FreeContextBuffer(SecurityPackage);
+ Curl_pSecFn->FreeContextBuffer(SecurityPackage);
/* Allocate our response buffer */
krb5->output_token = malloc(krb5->token_max);
@@ -158,7 +158,7 @@ CURLcode Curl_auth_create_gssapi_user_message(struct Curl_easy *data,
return CURLE_OUT_OF_MEMORY;
/* Acquire our credentials handle */
- status = s_pSecFn->AcquireCredentialsHandle(NULL,
+ status = Curl_pSecFn->AcquireCredentialsHandle(NULL,
(TCHAR *)
TEXT(SP_NAME_KERBEROS),
SECPKG_CRED_OUTBOUND, NULL,
@@ -197,7 +197,7 @@ CURLcode Curl_auth_create_gssapi_user_message(struct Curl_easy *data,
resp_buf.cbBuffer = curlx_uztoul(krb5->token_max);
/* Generate our challenge-response message */
- status = s_pSecFn->InitializeSecurityContext(krb5->credentials,
+ status = Curl_pSecFn->InitializeSecurityContext(krb5->credentials,
chlg ? krb5->context : NULL,
krb5->spn,
(mutual_auth ?
@@ -215,7 +215,7 @@ CURLcode Curl_auth_create_gssapi_user_message(struct Curl_easy *data,
return CURLE_AUTH_ERROR;
if(memcmp(&context, krb5->context, sizeof(context))) {
- s_pSecFn->DeleteSecurityContext(krb5->context);
+ Curl_pSecFn->DeleteSecurityContext(krb5->context);
memcpy(krb5->context, &context, sizeof(context));
}
@@ -282,7 +282,7 @@ CURLcode Curl_auth_create_gssapi_security_message(struct Curl_easy *data,
}
/* Get our response size information */
- status = s_pSecFn->QueryContextAttributes(krb5->context,
+ status = Curl_pSecFn->QueryContextAttributes(krb5->context,
SECPKG_ATTR_SIZES,
&sizes);
@@ -304,7 +304,7 @@ CURLcode Curl_auth_create_gssapi_security_message(struct Curl_easy *data,
input_buf[1].cbBuffer = 0;
/* Decrypt the inbound challenge and obtain the qop */
- status = s_pSecFn->DecryptMessage(krb5->context, &input_desc, 0, &qop);
+ status = Curl_pSecFn->DecryptMessage(krb5->context, &input_desc, 0, &qop);
if(status != SEC_E_OK) {
infof(data, "GSSAPI handshake failure (empty security message)");
return CURLE_BAD_CONTENT_ENCODING;
@@ -323,7 +323,7 @@ CURLcode Curl_auth_create_gssapi_security_message(struct Curl_easy *data,
((unsigned long)indata[2] << 8) | indata[3];
/* Free the challenge as it is not required anymore */
- s_pSecFn->FreeContextBuffer(input_buf[1].pvBuffer);
+ Curl_pSecFn->FreeContextBuffer(input_buf[1].pvBuffer);
/* Process the security layer */
if(!(sec_layer & KERB_WRAP_NO_ENCRYPT)) {
@@ -392,7 +392,7 @@ CURLcode Curl_auth_create_gssapi_security_message(struct Curl_easy *data,
wrap_buf[2].cbBuffer = sizes.cbBlockSize;
/* Encrypt the data */
- status = s_pSecFn->EncryptMessage(krb5->context, KERB_WRAP_NO_ENCRYPT,
+ status = Curl_pSecFn->EncryptMessage(krb5->context, KERB_WRAP_NO_ENCRYPT,
&wrap_desc, 0);
if(status != SEC_E_OK) {
free(padding);
@@ -448,14 +448,14 @@ void Curl_auth_cleanup_gssapi(struct kerberos5data *krb5)
{
/* Free our security context */
if(krb5->context) {
- s_pSecFn->DeleteSecurityContext(krb5->context);
+ Curl_pSecFn->DeleteSecurityContext(krb5->context);
free(krb5->context);
krb5->context = NULL;
}
/* Free our credentials handle */
if(krb5->credentials) {
- s_pSecFn->FreeCredentialsHandle(krb5->credentials);
+ Curl_pSecFn->FreeCredentialsHandle(krb5->credentials);
free(krb5->credentials);
krb5->credentials = NULL;
}
diff --git a/libs/libcurl/src/vauth/ntlm.c b/libs/libcurl/src/vauth/ntlm.c
index 99bd62470e..4a80ba3c8b 100644
--- a/libs/libcurl/src/vauth/ntlm.c
+++ b/libs/libcurl/src/vauth/ntlm.c
@@ -59,10 +59,6 @@
/* "NTLMSSP" signature is always in ASCII regardless of the platform */
#define NTLMSSP_SIGNATURE "\x4e\x54\x4c\x4d\x53\x53\x50"
-/* The fixed hostname we provide, in order to not leak our real local host
- name. Copy the name used by Firefox. */
-#define NTLM_HOSTNAME "WORKSTATION"
-
#if DEBUG_ME
# define DEBUG_OUT(x) x
static void ntlm_print_flags(FILE *handle, unsigned long flags)
@@ -490,7 +486,9 @@ CURLcode Curl_auth_create_ntlm_type3_message(struct Curl_easy *data,
unsigned char *ptr_ntresp = &ntresp[0];
unsigned char *ntlmv2resp = NULL;
bool unicode = (ntlm->flags & NTLMFLAG_NEGOTIATE_UNICODE) ? TRUE : FALSE;
- char host[HOSTNAME_MAX + 1] = "";
+ /* The fixed hostname we provide, in order to not leak our real local host
+ name. Copy the name used by Firefox. */
+ static const char host[] = "WORKSTATION";
const char *user;
const char *domain = "";
size_t hostoff = 0;
@@ -515,21 +513,7 @@ CURLcode Curl_auth_create_ntlm_type3_message(struct Curl_easy *data,
user = userp;
userlen = strlen(user);
-
-#ifndef NTLM_HOSTNAME
- /* Get the machine's un-qualified hostname as NTLM does not like the fully
- qualified domain name */
- if(Curl_gethostname(host, sizeof(host))) {
- infof(data, "gethostname() failed, continuing without");
- hostlen = 0;
- }
- else {
- hostlen = strlen(host);
- }
-#else
- (void)msnprintf(host, sizeof(host), "%s", NTLM_HOSTNAME);
- hostlen = sizeof(NTLM_HOSTNAME)-1;
-#endif
+ hostlen = sizeof(host) - 1;
if(ntlm->flags & NTLMFLAG_NEGOTIATE_NTLM2_KEY) {
unsigned char ntbuffer[0x18];
diff --git a/libs/libcurl/src/vauth/ntlm_sspi.c b/libs/libcurl/src/vauth/ntlm_sspi.c
index 2da0789d73..e3d56335b4 100644
--- a/libs/libcurl/src/vauth/ntlm_sspi.c
+++ b/libs/libcurl/src/vauth/ntlm_sspi.c
@@ -55,12 +55,12 @@ bool Curl_auth_is_ntlm_supported(void)
SECURITY_STATUS status;
/* Query the security package for NTLM */
- status = s_pSecFn->QuerySecurityPackageInfo((TCHAR *) TEXT(SP_NAME_NTLM),
+ status = Curl_pSecFn->QuerySecurityPackageInfo((TCHAR *) TEXT(SP_NAME_NTLM),
&SecurityPackage);
/* Release the package buffer as it is not required anymore */
if(status == SEC_E_OK) {
- s_pSecFn->FreeContextBuffer(SecurityPackage);
+ Curl_pSecFn->FreeContextBuffer(SecurityPackage);
}
return (status == SEC_E_OK ? TRUE : FALSE);
@@ -103,7 +103,7 @@ CURLcode Curl_auth_create_ntlm_type1_message(struct Curl_easy *data,
Curl_auth_cleanup_ntlm(ntlm);
/* Query the security package for NTLM */
- status = s_pSecFn->QuerySecurityPackageInfo((TCHAR *) TEXT(SP_NAME_NTLM),
+ status = Curl_pSecFn->QuerySecurityPackageInfo((TCHAR *) TEXT(SP_NAME_NTLM),
&SecurityPackage);
if(status != SEC_E_OK) {
failf(data, "SSPI: could not get auth info");
@@ -113,7 +113,7 @@ CURLcode Curl_auth_create_ntlm_type1_message(struct Curl_easy *data,
ntlm->token_max = SecurityPackage->cbMaxToken;
/* Release the package buffer as it is not required anymore */
- s_pSecFn->FreeContextBuffer(SecurityPackage);
+ Curl_pSecFn->FreeContextBuffer(SecurityPackage);
/* Allocate our output buffer */
ntlm->output_token = malloc(ntlm->token_max);
@@ -141,7 +141,7 @@ CURLcode Curl_auth_create_ntlm_type1_message(struct Curl_easy *data,
return CURLE_OUT_OF_MEMORY;
/* Acquire our credentials handle */
- status = s_pSecFn->AcquireCredentialsHandle(NULL,
+ status = Curl_pSecFn->AcquireCredentialsHandle(NULL,
(TCHAR *) TEXT(SP_NAME_NTLM),
SECPKG_CRED_OUTBOUND, NULL,
ntlm->p_identity, NULL, NULL,
@@ -167,7 +167,7 @@ CURLcode Curl_auth_create_ntlm_type1_message(struct Curl_easy *data,
type_1_buf.cbBuffer = curlx_uztoul(ntlm->token_max);
/* Generate our type-1 message */
- status = s_pSecFn->InitializeSecurityContext(ntlm->credentials, NULL,
+ status = Curl_pSecFn->InitializeSecurityContext(ntlm->credentials, NULL,
ntlm->spn,
0, 0, SECURITY_NETWORK_DREP,
NULL, 0,
@@ -175,7 +175,7 @@ CURLcode Curl_auth_create_ntlm_type1_message(struct Curl_easy *data,
&attrs, &expiry);
if(status == SEC_I_COMPLETE_NEEDED ||
status == SEC_I_COMPLETE_AND_CONTINUE)
- s_pSecFn->CompleteAuthToken(ntlm->context, &type_1_desc);
+ Curl_pSecFn->CompleteAuthToken(ntlm->context, &type_1_desc);
else if(status == SEC_E_INSUFFICIENT_MEMORY)
return CURLE_OUT_OF_MEMORY;
else if(status != SEC_E_OK && status != SEC_I_CONTINUE_NEEDED)
@@ -282,7 +282,7 @@ CURLcode Curl_auth_create_ntlm_type3_message(struct Curl_easy *data,
SEC_CHANNEL_BINDINGS channelBindings;
SecPkgContext_Bindings pkgBindings;
pkgBindings.Bindings = &channelBindings;
- status = s_pSecFn->QueryContextAttributes(
+ status = Curl_pSecFn->QueryContextAttributes(
ntlm->sslContext,
SECPKG_ATTR_ENDPOINT_BINDINGS,
&pkgBindings
@@ -305,7 +305,7 @@ CURLcode Curl_auth_create_ntlm_type3_message(struct Curl_easy *data,
type_3_buf.cbBuffer = curlx_uztoul(ntlm->token_max);
/* Generate our type-3 message */
- status = s_pSecFn->InitializeSecurityContext(ntlm->credentials,
+ status = Curl_pSecFn->InitializeSecurityContext(ntlm->credentials,
ntlm->context,
ntlm->spn,
0, 0, SECURITY_NETWORK_DREP,
@@ -343,14 +343,14 @@ void Curl_auth_cleanup_ntlm(struct ntlmdata *ntlm)
{
/* Free our security context */
if(ntlm->context) {
- s_pSecFn->DeleteSecurityContext(ntlm->context);
+ Curl_pSecFn->DeleteSecurityContext(ntlm->context);
free(ntlm->context);
ntlm->context = NULL;
}
/* Free our credentials handle */
if(ntlm->credentials) {
- s_pSecFn->FreeCredentialsHandle(ntlm->credentials);
+ Curl_pSecFn->FreeCredentialsHandle(ntlm->credentials);
free(ntlm->credentials);
ntlm->credentials = NULL;
}
diff --git a/libs/libcurl/src/vauth/spnego_gssapi.c b/libs/libcurl/src/vauth/spnego_gssapi.c
index d7a533eb98..74d4fa3362 100644
--- a/libs/libcurl/src/vauth/spnego_gssapi.c
+++ b/libs/libcurl/src/vauth/spnego_gssapi.c
@@ -91,6 +91,8 @@ CURLcode Curl_auth_decode_spnego_message(struct Curl_easy *data,
gss_buffer_desc spn_token = GSS_C_EMPTY_BUFFER;
gss_buffer_desc input_token = GSS_C_EMPTY_BUFFER;
gss_buffer_desc output_token = GSS_C_EMPTY_BUFFER;
+ gss_channel_bindings_t chan_bindings = GSS_C_NO_CHANNEL_BINDINGS;
+ struct gss_channel_bindings_struct chan;
(void) user;
(void) password;
@@ -148,13 +150,21 @@ CURLcode Curl_auth_decode_spnego_message(struct Curl_easy *data,
input_token.length = chlglen;
}
+ /* Set channel binding data if available */
+ if(nego->channel_binding_data.leng > 0) {
+ memset(&chan, 0, sizeof(struct gss_channel_bindings_struct));
+ chan.application_data.length = nego->channel_binding_data.leng;
+ chan.application_data.value = nego->channel_binding_data.bufr;
+ chan_bindings = &chan;
+ }
+
/* Generate our challenge-response message */
major_status = Curl_gss_init_sec_context(data,
&minor_status,
&nego->context,
nego->spn,
&Curl_spnego_mech_oid,
- GSS_C_NO_CHANNEL_BINDINGS,
+ chan_bindings,
&input_token,
&output_token,
TRUE,
diff --git a/libs/libcurl/src/vauth/spnego_sspi.c b/libs/libcurl/src/vauth/spnego_sspi.c
index a1883d0cd3..5a0ffe3b57 100644
--- a/libs/libcurl/src/vauth/spnego_sspi.c
+++ b/libs/libcurl/src/vauth/spnego_sspi.c
@@ -57,13 +57,13 @@ bool Curl_auth_is_spnego_supported(void)
SECURITY_STATUS status;
/* Query the security package for Negotiate */
- status = s_pSecFn->QuerySecurityPackageInfo((TCHAR *)
+ status = Curl_pSecFn->QuerySecurityPackageInfo((TCHAR *)
TEXT(SP_NAME_NEGOTIATE),
&SecurityPackage);
/* Release the package buffer as it is not required anymore */
if(status == SEC_E_OK) {
- s_pSecFn->FreeContextBuffer(SecurityPackage);
+ Curl_pSecFn->FreeContextBuffer(SecurityPackage);
}
@@ -128,7 +128,7 @@ CURLcode Curl_auth_decode_spnego_message(struct Curl_easy *data,
if(!nego->output_token) {
/* Query the security package for Negotiate */
- nego->status = (DWORD)s_pSecFn->QuerySecurityPackageInfo((TCHAR *)
+ nego->status = (DWORD)Curl_pSecFn->QuerySecurityPackageInfo((TCHAR *)
TEXT(SP_NAME_NEGOTIATE),
&SecurityPackage);
if(nego->status != SEC_E_OK) {
@@ -139,7 +139,7 @@ CURLcode Curl_auth_decode_spnego_message(struct Curl_easy *data,
nego->token_max = SecurityPackage->cbMaxToken;
/* Release the package buffer as it is not required anymore */
- s_pSecFn->FreeContextBuffer(SecurityPackage);
+ Curl_pSecFn->FreeContextBuffer(SecurityPackage);
/* Allocate our output buffer */
nego->output_token = malloc(nego->token_max);
@@ -169,7 +169,7 @@ CURLcode Curl_auth_decode_spnego_message(struct Curl_easy *data,
/* Acquire our credentials handle */
nego->status = (DWORD)
- s_pSecFn->AcquireCredentialsHandle(NULL,
+ Curl_pSecFn->AcquireCredentialsHandle(NULL,
(TCHAR *)TEXT(SP_NAME_NEGOTIATE),
SECPKG_CRED_OUTBOUND, NULL,
nego->p_identity, NULL, NULL,
@@ -218,7 +218,7 @@ CURLcode Curl_auth_decode_spnego_message(struct Curl_easy *data,
SEC_CHANNEL_BINDINGS channelBindings;
SecPkgContext_Bindings pkgBindings;
pkgBindings.Bindings = &channelBindings;
- nego->status = (DWORD)s_pSecFn->QueryContextAttributes(
+ nego->status = (DWORD)Curl_pSecFn->QueryContextAttributes(
nego->sslContext,
SECPKG_ATTR_ENDPOINT_BINDINGS,
&pkgBindings
@@ -242,16 +242,16 @@ CURLcode Curl_auth_decode_spnego_message(struct Curl_easy *data,
resp_buf.cbBuffer = curlx_uztoul(nego->token_max);
/* Generate our challenge-response message */
- nego->status = (DWORD)s_pSecFn->InitializeSecurityContext(nego->credentials,
- chlg ? nego->context :
- NULL,
- nego->spn,
- ISC_REQ_CONFIDENTIALITY,
- 0, SECURITY_NATIVE_DREP,
- chlg ? &chlg_desc : NULL,
- 0, nego->context,
- &resp_desc, &attrs,
- &expiry);
+ nego->status =
+ (DWORD)Curl_pSecFn->InitializeSecurityContext(nego->credentials,
+ chlg ? nego->context : NULL,
+ nego->spn,
+ ISC_REQ_CONFIDENTIALITY,
+ 0, SECURITY_NATIVE_DREP,
+ chlg ? &chlg_desc : NULL,
+ 0, nego->context,
+ &resp_desc, &attrs,
+ &expiry);
/* Free the decoded challenge as it is not required anymore */
free(chlg);
@@ -269,7 +269,7 @@ CURLcode Curl_auth_decode_spnego_message(struct Curl_easy *data,
if(nego->status == SEC_I_COMPLETE_NEEDED ||
nego->status == SEC_I_COMPLETE_AND_CONTINUE) {
- nego->status = (DWORD)s_pSecFn->CompleteAuthToken(nego->context,
+ nego->status = (DWORD)Curl_pSecFn->CompleteAuthToken(nego->context,
&resp_desc);
if(GSS_ERROR(nego->status)) {
char buffer[STRERROR_LEN];
@@ -333,14 +333,14 @@ void Curl_auth_cleanup_spnego(struct negotiatedata *nego)
{
/* Free our security context */
if(nego->context) {
- s_pSecFn->DeleteSecurityContext(nego->context);
+ Curl_pSecFn->DeleteSecurityContext(nego->context);
free(nego->context);
nego->context = NULL;
}
/* Free our credentials handle */
if(nego->credentials) {
- s_pSecFn->FreeCredentialsHandle(nego->credentials);
+ Curl_pSecFn->FreeCredentialsHandle(nego->credentials);
free(nego->credentials);
nego->credentials = NULL;
}
generated by cgit v1.2.3 (git 2.25.1) at 2026-05-04 06:46:51 +0000