believed to solve the following:
1) uses secur32.dll alternatively to security.dll when
the former is not found.
2) allows the providing of alternate credentials to
the SSPI call
--- src/ne_sspi.c 2005-01-27 11:03:54.000000000 -0800
+++ src1/ne_sspi.c 2005-07-22 09:02:55.227316800 -0700
@@ -20,7 +20,7 @@
*/
#include "config.h"
-
+#include "tchar.h"
#include "ne_utils.h"
#include "ne_string.h"
#include "ne_sspi.h"
@@ -29,6 +29,7 @@
#define SEC_SUCCESS(Status) ((Status) >= 0)
+
struct SSPIContextStruct {
CtxtHandle context;
char *serverName;
@@ -37,6 +38,7 @@
char *mechanism;
int ntlm;
ULONG maxTokenSize;
+ SEC_WINNT_AUTH_IDENTITY *alt_creds; /* alternate to
default credentials */
};
typedef struct SSPIContextStruct SSPIContext;
@@ -47,6 +49,8 @@
static PSecurityFunctionTable pSFT = NULL;
static int initialized = 0;
+
+
/*
* Query specified package for it's maximum token
size.
*/
@@ -70,6 +74,88 @@
return 0;
}
+/* convert to SSPI-friendly version */
+
+
+int ne_sspi_alt_creds(SSPIContext *sspi,char
*username,char *realm,char *scheme, char *password) {
+ /* todo - create the security structure, put the
info into it */
+ SEC_WINNT_AUTH_IDENTITY *pAuthData;
+ int totalsize;
+ char *domainpart,*userpart,*sbuff;
+ char *lusername, *lpw;
+ if (!username || !password) return -1;
+
+ lusername = ne_calloc(strlen(username)+1);
+ lpw = password;
+
+ if (!lpw || !lusername) return -1;
+
+ strcpy(lusername,username);
+
+ /* todo - sort out [EMAIL PROTECTED] instead of
domain\USER */
+
+ if ((userpart = strchr(lusername, '\\')) != NULL) {
+ *userpart = '\0';
+ domainpart = lusername;
+ userpart++;
+ } else {
+ /* not old-style */
+ if ((domainpart = strchr(lusername, '@')) != NULL)
{
+ *domainpart = '\0';
+ userpart = lusername;
+ domainpart++;
+ } else {
+ NE_DEBUG(NE_DBG_HTTPAUTH,
+ "sspi: No domain specified with
credentials");
+ ne_free(lusername);
+ return -1;
+ }
+ }
+ totalsize
=sizeof(SEC_WINNT_AUTH_IDENTITY)+strlen(userpart)+strlen(domainpart)+strlen(lpw)+15;
+
+ pAuthData=ne_calloc(totalsize);
+ if (!pAuthData) { ne_free(lusername); return -1; }
+
+ pAuthData->Flags = SEC_WINNT_AUTH_IDENTITY_ANSI;
+ pAuthData->UserLength = strlen(userpart);
+ pAuthData->DomainLength = strlen(domainpart);
+ pAuthData->PasswordLength = strlen(lpw);
+
+ NE_DEBUG(NE_DBG_HTTPAUTH,
+ "sspi: Credentials Username %s
Domainname %s\n",
+ userpart,
+ domainpart);
+
+ sbuff = ((char
*)pAuthData)+sizeof(SEC_WINNT_AUTH_IDENTITY);
+
+ strncpy(sbuff,userpart,pAuthData->UserLength+1);
+ pAuthData->User = sbuff;
+ sbuff += (pAuthData->UserLength+1);
+
+ strncpy(sbuff,domainpart,pAuthData->DomainLength+1);
+ pAuthData->Domain = sbuff;
+ sbuff += (pAuthData->DomainLength+1);
+
+ strncpy(sbuff,lpw,pAuthData->PasswordLength+1);
+ pAuthData->Password = sbuff;
+ sbuff += (pAuthData->PasswordLength+1);
+
+ sspi->alt_creds = pAuthData;
+ NE_DEBUG(NE_DBG_HTTPAUTH,
+ "sspi: Credentials Username %s %x
Domainname %s %x size %d\n",
+ pAuthData->User,pAuthData->User,
+ pAuthData->Domain,pAuthData->Domain,
+
+ totalsize);
+ return 0;
+}
+
+int ne_sspi_provide_alt_creds(void *cp,char
*username, char *pw){
+ SSPIContext *mysspi;
+
+ if (getContext(cp,&mysspi)) { return -1; }
+ return
ne_sspi_alt_creds(mysspi,username,NULL,NULL,pw);
+}
/*
* Initialize all the SSPI data
@@ -126,10 +212,21 @@
NE_DEBUG(NE_DBG_SOCKET, "sspiInit\n");
NE_DEBUG(NE_DBG_HTTPAUTH, "sspi: Loading security
dll.\n");
- hSecDll = LoadLibrary("security.dll");
+ hSecDll = LoadLibrary(_TEXT("security.dll"));
if (hSecDll == NULL) {
- NE_DEBUG(NE_DBG_HTTPAUTH, "sspi: Loading of
security dll [fail].\n");
+ NE_DEBUG(NE_DBG_HTTPAUTH, "sspi: Loading of
security dll [fail %d]. Trying
alternate\n",GetLastError());
+ hSecDll = LoadLibrary(_TEXT("secur32.dll"));
+ if (hSecDll != NULL) {
+ NE_DEBUG(NE_DBG_HTTPAUTH, "sspi: Loading of
secur32.dll [ok]. \n");
+ initDll(hSecDll);
+ if (initialized == 0) {
+ initialized = 1;
+ }
+ } else {
+ NE_DEBUG(NE_DBG_HTTPAUTH, "sspi: Loading of
secur32.dll [fail %d]. \n",GetLastError());
+ }
+
} else {
NE_DEBUG(NE_DBG_HTTPAUTH, "sspi: Loading of
security dll [ok].\n");
initDll(hSecDll);
@@ -179,14 +276,26 @@
* Simplification wrapper arround
AcquireCredentialsHandle as most of
* the parameters do not change.
*/
-static int acquireCredentialsHandle(CredHandle *
credentials, char *package)
+static int acquireCredentialsHandle(CredHandle *
credentials, char *package, SSPIContext *sspic)
{
SECURITY_STATUS status;
TimeStamp timestamp;
+ SEC_WINNT_AUTH_IDENTITY *pAuthData;
- status =
+ pAuthData = NULL;
+
+ if (sspic->alt_creds) {
+ pAuthData = sspic->alt_creds;
+ NE_DEBUG(NE_DBG_HTTPAUTH,
+ "sspi: AcquireCredentialsHandle with Username %s,
Domain %s, POINTER %x\n",
+ sspic->alt_creds->User,
+ sspic->alt_creds->Domain,
+ sspic->alt_creds);
+
+ }
+ status =
pSFT->AcquireCredentialsHandle(NULL, package,
SECPKG_CRED_OUTBOUND,
- NULL, NULL,
NULL, NULL, credentials,
+ NULL,
pAuthData, NULL, NULL, credentials,
×tamp);
if (status != SEC_E_OK) {
@@ -358,8 +467,9 @@
}
sspiContext = ne_calloc(sizeof(SSPIContext));
+
sspiContext->continueNeeded = 0;
-
+
if (ntlm) {
sspiContext->mechanism = "NTLM";
sspiContext->serverName =
ne_strdup(serverName);
@@ -370,6 +480,10 @@
sspiContext->maxTokenSize =
negotiateMaxTokenSize;
}
+ NE_DEBUG(NE_DBG_HTTPAUTH,"ne_sspi_create_context:
server name is %s, NTLM=%d\n",
+ serverName,
+ ntlm);
+
sspiContext->ntlm = ntlm;
*context = sspiContext;
return 0;
@@ -383,6 +497,7 @@
pSFT->DeleteSecurityContext(&(sspiContext->context));
pSFT->FreeCredentialsHandle(&(sspiContext->credentials));
sspiContext->continueNeeded = 0;
+
memset(&sspiContext->credentials,0,sizeof(sspiContext->credentials));
}
/*
@@ -425,6 +540,10 @@
ne_free(sspiContext->serverName);
sspiContext->serverName = NULL;
}
+ if (sspiContext->alt_creds ) {
+ ne_free(sspiContext->alt_creds);
+ sspiContext->alt_creds = NULL;
+ }
ne_free(sspiContext);
return 0;
@@ -447,6 +566,9 @@
return -1;
}
+ NE_DEBUG(NE_DBG_HTTPAUTH,"ne_sspi_authenticate:
token [%s]\n",base64Token);
+
+
status = getContext(context, &sspiContext);
if (status) {
return status;
@@ -463,7 +585,12 @@
return status;
}
- if (base64Token) {
+ if (!base64Token &&
(sspiContext->credentials.dwLower ||
sspiContext->credentials.dwUpper)) {
+ NE_DEBUG(NE_DBG_HTTPAUTH,"ne_sspi_authenticate:
have start over, but previous credentials. must have
failed\n");
+ return -1;
+ }
+
+ if (base64Token) {
SecBufferDesc inBufferDesc;
SecBuffer inBuffer;
@@ -496,7 +623,7 @@
resetContext(sspiContext);
if (acquireCredentialsHandle
- (&sspiContext->credentials,
sspiContext->mechanism) != SEC_E_OK) {
+ (&sspiContext->credentials,
sspiContext->mechanism, sspiContext) != SEC_E_OK) {
NE_DEBUG(NE_DBG_HTTPAUTH,
"sspi: acquireCredentialsHandle
failed.\n");
return -1;
@@ -542,6 +669,7 @@
*responseToken =
ne_base64(outBufferDesc.pBuffers->pvBuffer,
outBufferDesc.pBuffers->cbBuffer);
freeBuffer(&outBufferDesc);
+ NE_DEBUG(NE_DBG_HTTPAUTH,"ne_sspi_authenticate:
response token [%s]\n",*responseToken);
return 0;
}
_______________________________________________
neon mailing list
[email protected]
http://mailman.webdav.org/mailman/listinfo/neon
