diff options
author | toughengineer <paul.skeptic@yandex.ru> | 2017-07-08 02:10:08 +0200 |
---|---|---|
committer | Marcel Raad <Marcel.Raad@teamviewer.com> | 2018-04-16 20:43:21 +0200 |
commit | bc4b8c9717c8972acf1f8d6383b127b5c8ef3e72 (patch) | |
tree | 2fd661d5a829e90e76c47727c235ccf9a4d76c0e /lib/curl_sasl.c | |
parent | 2d4c2152c9eb3dbdf943de46ed8fc11285f1b90b (diff) | |
download | curl-bc4b8c9717c8972acf1f8d6383b127b5c8ef3e72.tar.gz |
ntlm_sspi: fix authentication using Credential Manager
If you pass empty user/pass asking curl to use Windows Credential
Storage (as stated in the docs) and it has valid credentials for the
domain, e.g.
curl -v -u : --ntlm example.com
currently authentication fails.
This change fixes it by providing proper SPN string to the SSPI API
calls.
Fixes https://github.com/curl/curl/issues/1622
Closes https://github.com/curl/curl/pull/1660
Diffstat (limited to 'lib/curl_sasl.c')
-rw-r--r-- | lib/curl_sasl.c | 14 |
1 files changed, 8 insertions, 6 deletions
diff --git a/lib/curl_sasl.c b/lib/curl_sasl.c index 7052bd913..e54e4875e 100644 --- a/lib/curl_sasl.c +++ b/lib/curl_sasl.c @@ -265,7 +265,7 @@ CURLcode Curl_sasl_start(struct SASL *sasl, struct connectdata *conn, const char * const hostname = SSL_IS_PROXY() ? conn->http_proxy.host.name : conn->host.name; const long int port = SSL_IS_PROXY() ? conn->port : conn->remote_port; -#if defined(USE_KERBEROS5) +#if defined(USE_KERBEROS5) || defined(USE_NTLM) const char *service = data->set.str[STRING_SERVICE_NAME] ? data->set.str[STRING_SERVICE_NAME] : sasl->params->service; @@ -333,7 +333,10 @@ CURLcode Curl_sasl_start(struct SASL *sasl, struct connectdata *conn, if(force_ir || data->set.sasl_ir) result = Curl_auth_create_ntlm_type1_message(data, conn->user, conn->passwd, - &conn->ntlm, &resp, &len); + service, + hostname, + &conn->ntlm, &resp, + &len); } else #endif @@ -419,13 +422,11 @@ CURLcode Curl_sasl_continue(struct SASL *sasl, struct connectdata *conn, char *chlg = NULL; size_t chlglen = 0; #endif -#if !defined(CURL_DISABLE_CRYPTO_AUTH) || defined(USE_KERBEROS5) +#if !defined(CURL_DISABLE_CRYPTO_AUTH) || defined(USE_KERBEROS5) || \ + defined(USE_NTLM) const char *service = data->set.str[STRING_SERVICE_NAME] ? data->set.str[STRING_SERVICE_NAME] : sasl->params->service; -#endif -#if !defined(CURL_DISABLE_CRYPTO_AUTH) || defined(USE_KERBEROS5) || \ - defined(USE_NTLM) char *serverdata; #endif size_t len = 0; @@ -496,6 +497,7 @@ CURLcode Curl_sasl_continue(struct SASL *sasl, struct connectdata *conn, /* Create the type-1 message */ result = Curl_auth_create_ntlm_type1_message(data, conn->user, conn->passwd, + service, hostname, &conn->ntlm, &resp, &len); newstate = SASL_NTLM_TYPE2MSG; break; |