ntlm_sspi: fix authentication using Credential Manager

If you pass empty user/pass asking curl to use Windows Credential Storage (as stated in the docs) and it has valid credentials for the domain, e.g. curl -v -u : --ntlm example.com currently authentication fails. This change fixes it by providing proper SPN string to the SSPI API calls. Fixes https://github.com/curl/curl/issues/1622 Closes https://github.com/curl/curl/pull/1660
author: toughengineer <paul.skeptic@yandex.ru> 2017-07-08 02:10:08 +0200
committer: Marcel Raad <Marcel.Raad@teamviewer.com> 2018-04-16 20:43:21 +0200
commit: bc4b8c9717c8972acf1f8d6383b127b5c8ef3e72 (patch)
tree: 2fd661d5a829e90e76c47727c235ccf9a4d76c0e /lib/http_ntlm.c
parent: 2d4c2152c9eb3dbdf943de46ed8fc11285f1b90b (diff)
download: curl-bc4b8c9717c8972acf1f8d6383b127b5c8ef3e72.tar.gz
1 files changed, 12 insertions, 2 deletions
diff --git a/lib/http_ntlm.c b/lib/http_ntlm.c
index 0f1edcf65..fd5540b5d 100644
--- a/lib/http_ntlm.c
+++ b/lib/http_ntlm.c
@@ -121,9 +121,11 @@ CURLcode Curl_output_ntlm(struct connectdata *conn, bool proxy)
      server, which is for a plain host or for a HTTP proxy */
   char **allocuserpwd;
 
-  /* point to the name and password for this */
+  /* point to the username, password, service and host */
   const char *userp;
   const char *passwdp;
+  const char *service = NULL;
+  const char *hostname = NULL;
 
   /* point to the correct struct with this */
   struct ntlmdata *ntlm;
@@ -141,6 +143,9 @@ CURLcode Curl_output_ntlm(struct connectdata *conn, bool proxy)
     allocuserpwd = &conn->allocptr.proxyuserpwd;
     userp = conn->http_proxy.user;
     passwdp = conn->http_proxy.passwd;
+    service = conn->data->set.str[STRING_PROXY_SERVICE_NAME] ?
+              conn->data->set.str[STRING_PROXY_SERVICE_NAME] : "HTTP";
+    hostname = conn->http_proxy.host.name;
     ntlm = &conn->proxyntlm;
     authp = &conn->data->state.authproxy;
   }
@@ -148,6 +153,9 @@ CURLcode Curl_output_ntlm(struct connectdata *conn, bool proxy)
     allocuserpwd = &conn->allocptr.userpwd;
     userp = conn->user;
     passwdp = conn->passwd;
+    service = conn->data->set.str[STRING_SERVICE_NAME] ?
+              conn->data->set.str[STRING_SERVICE_NAME] : "HTTP";
+    hostname = conn->host.name;
     ntlm = &conn->ntlm;
     authp = &conn->data->state.authhost;
   }
@@ -174,7 +182,9 @@ CURLcode Curl_output_ntlm(struct connectdata *conn, bool proxy)
   default: /* for the weird cases we (re)start here */
     /* Create a type-1 message */
     result = Curl_auth_create_ntlm_type1_message(conn->data, userp, passwdp,
-                                                 ntlm, &base64, &len);
+                                                 service, hostname,
+                                                 ntlm, &base64,
+                                                 &len);
     if(result)
       return result;
author	toughengineer <paul.skeptic@yandex.ru>	2017-07-08 02:10:08 +0200
committer	Marcel Raad <Marcel.Raad@teamviewer.com>	2018-04-16 20:43:21 +0200
commit	bc4b8c9717c8972acf1f8d6383b127b5c8ef3e72 (patch)
tree	2fd661d5a829e90e76c47727c235ccf9a4d76c0e /lib/http_ntlm.c
parent	2d4c2152c9eb3dbdf943de46ed8fc11285f1b90b (diff)
download	curl-bc4b8c9717c8972acf1f8d6383b127b5c8ef3e72.tar.gz