--- misc/neon-0.28.2/src/config.h 2009-12-10 13:29:15.000000000 +0100 +++ misc/build/neon-0.28.2/src/config.h 2009-12-10 13:21:58.000000000 +0100 @@ -1 +1,488 @@ -dummy + +/* Define to specific EGD socket path */ +/* #undef EGD_PATH */ + +/* Define if EGD should be supported */ +/* #undef ENABLE_EGD */ + +/* Define if GSS_C_NT_HOSTBASED_SERVICE is not defined otherwise */ +/* #undef GSS_C_NT_HOSTBASED_SERVICE */ + +/* Define to 1 if you have the header file. */ +#ifdef UNX +#define HAVE_ARPA_INET_H 1 +#endif + +/* Define to 1 if you have the `bind_textdomain_codeset' function. */ +/* #undef HAVE_BIND_TEXTDOMAIN_CODESET 1 */ + +/* Define to 1 if you have the declaration of `h_errno', and to 0 if you + don't. */ +#ifdef WIN32 +#define HAVE_DECL_H_ERRNO 1 +#endif + +/* Define to 1 if you have the declaration of `stpcpy', and to 0 if you don't. + */ +#ifdef LINUX +#define HAVE_DECL_STPCPY 1 +#endif + +/* Define to 1 if you have the declaration of `strerror_r', and to 0 if you + don't. */ +#ifdef LINUX +#define HAVE_DECL_STRERROR_R 1 +#endif + +/* Define to 1 if you have the header file. */ +#ifdef UNX +#define HAVE_DLFCN_H 1 +#endif + +/* Define to 1 if you have the header file. */ +#define HAVE_ERRNO_H 1 + +/* Define if you have expat */ +/* #undef HAVE_EXPAT */ + +/* Define to 1 if you have the `fstat64' function. */ +#define HAVE_FSTAT64 + +/* Define to 1 if you have the `gai_strerror' function. */ +#define HAVE_GAI_STRERROR 1 + +/* Define if GnuTLS support is enabled */ +/* #undef HAVE_GNUTLS */ + +/* Define to 1 if you have the `gnutls_session_get_data2' function. */ +/* #undef HAVE_GNUTLS_SESSION_GET_DATA2 */ + +/* Define if GSSAPI support is enabled */ +/* #undef HAVE_GSSAPI */ + +/* Define to 1 if you have the header file. */ +/* #undef HAVE_GSSAPI_GSSAPI_GENERIC_H */ + +/* Define to 1 if you have the header file. */ +/* #undef HAVE_GSSAPI_GSSAPI_H */ + +/* Define to 1 if you have the header file. */ +/* #undef HAVE_GSSAPI_H */ + +/* Define to 1 if you have the `gss_init_sec_context' function. */ +/* #undef HAVE_GSS_INIT_SEC_CONTEXT */ + +/* Define to 1 if you have the `hstrerror' function. */ +/* #undef HAVE_HSTRERROR */ + +/* Define to 1 if you have the `inet_ntop' function. */ +#ifdef UNX +#define HAVE_INET_NTOP 1 +#endif + +/* Define to 1 if you have the header file. */ +#ifdef UNX +#define HAVE_INTTYPES_H 1 +#endif + +/* Define to 1 if you have the `isatty' function. */ +#define HAVE_ISATTY 1 + +/* Define to 1 if you have the header file. */ +/* #undef HAVE_LIBINTL_H */ + +/* Define if you have libxml */ +#define HAVE_LIBXML 1 + +/* Define to 1 if you have the header file. */ +#define HAVE_LIBXML_PARSER_H 1 + +/* Define to 1 if you have the header file. */ +#define HAVE_LIBXML_XMLVERSION_H 1 + +/* Define to 1 if you have the header file. */ +#define HAVE_LIMITS_H 1 + +/* Define to 1 if you have the header file. */ +#define HAVE_LOCALE_H 1 + +/* Define to 1 if you have the `lseek64' function. */ +#define HAVE_LSEEK64 1 + +/* Define to 1 if you have the header file. */ +#define HAVE_MEMORY_H 1 + +/* Define to 1 if you have the header file. */ +#ifdef UNX +#define HAVE_NETDB_H 1 +#endif + +/* Define to 1 if you have the header file. */ +#ifdef UNX +#define HAVE_NETINET_IN_H 1 +#endif + +/* Define to 1 if you have the header file. */ +#ifdef UNX +#define HAVE_NETINET_TCP_H 1 +#endif + +/* Define if OpenSSL support is enabled */ +#define HAVE_OPENSSL 1 + +/* Define to 1 if you have the header file. */ +#define HAVE_OPENSSL_OPENSSLV_H 1 + +/* Define to 1 if you have the header file. */ +#define HAVE_OPENSSL_SSL_H 1 + +/* Define to 1 if you have the `pipe' function. */ +#define HAVE_PIPE 1 + +/* Define to 1 if you have the `poll' function. */ +#define HAVE_POLL 1 + +/* Define to 1 if you have the `pthread_mutex_init' function. */ +/* #undef HAVE_PTHREAD_MUTEX_INIT */ + +/* Define to 1 if you have the `pthread_mutex_lock' function. */ +/* #undef HAVE_PTHREAD_MUTEX_LOCK */ + +/* Define to 1 if you have the `setlocale' function. */ +#define HAVE_SETLOCALE 1 + +/* Define to 1 if you have the `setsockopt' function. */ +#if defined (LINUX) || defined (WIN32) +#define HAVE_SETSOCKOPT 1 +#endif + +/* Define to 1 if you have the `setvbuf' function. */ +#define HAVE_SETVBUF 1 + +/* Define to 1 if you have the `shutdown' function. */ +#ifdef LINUX +#define HAVE_SHUTDOWN 1 +#endif + +/* Define to 1 if you have the `signal' function. */ +#define HAVE_SIGNAL 1 + +/* Define to 1 if you have the header file. */ +#define HAVE_SIGNAL_H 1 + +/* Define to 1 if you have the `snprintf' function. */ +#ifdef UNX +#define HAVE_SNPRINTF 1 +#endif + +#ifdef WIN32 +#define snprintf _snprintf +#endif + +/* Define to 1 if you have the header file. */ +/* #undef HAVE_SOCKS_H */ + +/* Define to 1 if you have the header file. */ +#define HAVE_STDARG_H 1 + +/* Define to 1 if you have the header file. */ +#define HAVE_STDINT_H 1 + +/* Define to 1 if you have the header file. */ +#define HAVE_STDLIB_H 1 + +/* Define to 1 if you have the `stpcpy' function. */ +#ifdef LINUX +#define HAVE_STPCPY 1 +#endif + +/* Define to 1 if you have the `strcasecmp' function. */ +#ifdef UNX +#define HAVE_STRCASECMP 1 +#endif + +#ifdef WIN32 +#define strcasecmp strcmpi +#endif + +/* Define to 1 if you have the `strerror_r' function. */ +#ifdef LINUX +#define HAVE_STRERROR_R 1 +#endif + +/* Define to 1 if you have the header file. */ +#ifdef UNX +#define HAVE_STRINGS_H 1 +#endif + +/* Define to 1 if you have the header file. */ +#define HAVE_STRING_H 1 + +/* Define to 1 if you have the `strtoll' function. */ +#define HAVE_STRTOLL 1 + +/* Define to 1 if you have the `strtoq' function. */ +/* #undef HAVE_STRTOQ */ + +/* Define to 1 if `tm_gmtoff' is member of `struct tm'. */ +#ifdef LINUX +#define HAVE_STRUCT_TM_TM_GMTOFF 1 +#endif + +/* Define to 1 if `__tm_gmtoff' is member of `struct tm'. */ +/* #undef HAVE_STRUCT_TM___TM_GMTOFF */ + +/* Define to 1 if you have the header file. */ +/* #undef HAVE_SYS_LIMITS_H */ + +/* Define to 1 if you have the header file. */ +#ifdef UNX +#define HAVE_SYS_POLL_H 1 +#endif + +/* Define to 1 if you have the header file. */ +#ifdef UNX +#define HAVE_SYS_SELECT_H 1 +#endif + +/* Define to 1 if you have the header file. */ +#ifdef UNX +#define HAVE_SYS_SOCKET_H 1 +#endif + +/* Define to 1 if you have the header file. */ +#define HAVE_SYS_STAT_H 1 + +/* Define to 1 if you have the header file. */ +#ifdef UNX +#define HAVE_SYS_TIME_H 1 +#endif + +/* Define to 1 if you have the header file. */ +#define HAVE_SYS_TYPES_H 1 + +/* Define if the timezone global is available */ +#ifndef MACOSX +#define HAVE_TIMEZONE 1 +#endif + +/* Use trio printf replacement library */ +/* #undef HAVE_TRIO */ + +/* Define to 1 if you have the header file. */ +/* #undef HAVE_TRIO_H */ + +/* Define to 1 if you have the header file. */ +#ifdef UNX +#define HAVE_UNISTD_H 1 +#endif + +/* Define to 1 if you have the `usleep' function. */ +#ifdef UNX +#define HAVE_USLEEP 1 +#endif + +/* Define to 1 if you have the `vsnprintf' function. */ +#if defined( UNX ) || (defined(_MSC_VER) && (_MSC_VER > 1400)) +#define HAVE_VSNPRINTF 1 +#endif + +#ifdef WIN32 +#if (defined(_MSC_VER) && (_MSC_VER < 1500)) || defined(__MINGW32__) +#define vsnprintf _vsnprintf +#endif +#endif + +/* Define to be location of localedir */ +/* #undef LOCALEDIR */ + +/* Defined when neon is built as a library */ +#define NEON_IS_LIBRARY 1 + +/* Define to be the neon version string */ +#define NEON_VERSION "0.28.2" + +/* Define to enable debugging */ +/* #undef NE_DEBUGGING */ + +/* Define to be printf format string for off64_t */ +#define NE_FMT_OFF64_T "lld" + +/* Define to be printf format string for off_t */ +#define NE_FMT_OFF_T "ld" + +/* Define to be printf format string for size_t */ +#define NE_FMT_SIZE_T "u" + +/* Define to be printf format string for ssize_t */ +#define NE_FMT_SSIZE_T "d" + +/* Define to be printf format string for time_t */ +#define NE_FMT_TIME_T "ld" + +/* Defined if DAV is supported */ +#define NE_HAVE_DAV 1 + +/* Defined if I18N is supported */ +/* #undef NE_HAVE_I18N 1 */ + +/* Defined if IPV6 is supported */ +#define NE_HAVE_IPV6 1 + +/* Defined if LFS is supported */ +#define NE_HAVE_LFS 1 + +/* Defined if SOCKS is supported */ +/* #undef NE_HAVE_SOCKS */ + +/* Defined if SSL is supported */ +#define NE_HAVE_SSL + +/* Defined if TS_SSL is supported */ +/* #undef NE_HAVE_TS_SSL */ + +/* Defined if ZLIB is supported */ +#define NE_HAVE_ZLIB 1 + +/* Define to be filename of an SSL CA root bundle */ +/* #undef NE_SSL_CA_BUNDLE */ + +/* Define if poll() should be used */ +#ifdef UNX +#define NE_USE_POLL 1 +#endif + +/* Define to be neon library major version */ +#define NE_VERSION_MAJOR (0) + +/* Define to be neon library minor version */ +#define NE_VERSION_MINOR (28) + +/* Define to be neon library patch version */ +#define NE_VERSION_PATCH (2) + +/* Define to the address where bug reports for this package should be sent. */ +#define PACKAGE_BUGREPORT "neon@webdav.org" + +/* Define to the full name of this package. */ +#define PACKAGE_NAME "neon" + +/* Define to the full name and version of this package. */ +#define PACKAGE_STRING "neon 0.28.2" + +/* Define to the one symbol short name of this package. */ +#define PACKAGE_TARNAME "neon" + +/* Define to the version of this package. */ +#define PACKAGE_VERSION "0.28.2" + +/* The size of a `int', as computed by sizeof. */ +#define SIZEOF_INT 4 + +/* The size of a `long', as computed by sizeof. */ +#define SIZEOF_LONG 4 + +/* The size of a `long long', as computed by sizeof. */ +#define SIZEOF_LONG_LONG 8 + +/* The size of a `off64_t', as computed by sizeof. */ +#define SIZEOF_OFF64_T 8 + +/* The size of a `off_t', as computed by sizeof. */ +#define SIZEOF_OFF_T 4 + +/* The size of a `size_t', as computed by sizeof. */ +#define SIZEOF_SIZE_T 4 + +/* The size of a `ssize_t', as computed by sizeof. */ +#define SIZEOF_SSIZE_T 4 + +/* The size of a `time_t', as computed by sizeof. */ +#define SIZEOF_TIME_T 4 + +/* Define to 1 if you have the ANSI C header files. */ +#ifdef SOLARIS +#define STDC_HEADERS 1 +#endif + +/* Define to 1 if strerror_r returns char *. */ +#ifdef LINUX +#define STRERROR_R_CHAR_P 1 +#endif + +/* Define to 1 if you can safely include both and . */ +#define TIME_WITH_SYS_TIME 1 + +/* Define if getaddrinfo supports AI_ADDRCONFIG */ +/* #undef USE_GAI_ADDRCONFIG */ + +/* Define if getaddrinfo() should be used */ +#define USE_GETADDRINFO 1 + +/* Define to 1 if your processor stores words with the most significant byte + first (like Motorola and SPARC, unlike Intel and VAX). */ +#if defined (SOLARIS) && defined (SPARC) +#define WORDS_BIGENDIAN 1 +#endif + +/* Always defined to enable GNU extensions */ +#define _GNU_SOURCE 1 + +/* Define to empty if `const' does not conform to ANSI C. */ +/* #undef const */ + +/* Define if in_addr_t is not available */ +/* #undef in_addr_t */ + +/* Define to `__inline__' or `__inline' if that's what the C compiler + calls it, or to nothing if 'inline' is not supported under any name. */ +#ifndef __cplusplus +#if defined (SOLARIS) && defined (__SUNPRO_C) +#define inline +#endif +#endif + +/* Define to `long' if does not define. */ +/* #undef off_t */ + +/* Define to `int' if does not define. */ +/* #undef pid_t */ + +/* Define to `unsigned' if does not define. */ +/* #undef size_t */ + +/* MS IIS does not send Lock-Token response header after creation of a */ +/* new lock. This violates RFC, but... if we want to talk with this */ +/* beast we need a workaround */ +#define IIS_LOCK_BUG_WORKAROUND 1 + +/* Enable leak-tracking versions of ne_*alloc when NEON_MEMLEAK is enabled */ +#ifdef NEON_MEMLEAK +# include "memleak.h" +#endif + +#if defined(HAVE_STPCPY) && defined(HAVE_DECL_STPCPY) && !HAVE_DECL_STPCPY && !defined(stpcpy) +char *stpcpy(char *, const char *); +#endif + +#ifdef WIN32 + +#include + +#define HAVE_MEMCPY 1 + +#define strncasecmp strnicmp +#define inline __inline +#define WIN32_LEAN_AND_MEAN +#define NOUSER +#define NOGDI +#define NONLS +#define NOCRYPT + +#endif + +#ifdef WIN32 +#define HAVE_SSPI 1 +#else +#define HAVE_NTLM 1 +#endif --- misc/neon-0.28.2/src/makefile.mk 2009-12-10 13:29:15.000000000 +0100 +++ misc/build/neon-0.28.2/src/makefile.mk 2009-12-10 13:21:58.000000000 +0100 @@ -1 +1,100 @@ -dummy +PRJ=..$/..$/..$/..$/.. + +PRJNAME=neon +TARGET=neon +LIBTARGET=NO +USE_DEFFILE=TRUE +EXTERNAL_WARNINGS_NOT_ERRORS := TRUE +UWINAPILIB= + +# --- Settings ----------------------------------------------------- + +.INCLUDE : settings.mk + +# --- Files -------------------------------------------------------- + +CDEFS+=-DHAVE_CONFIG_H + +.IF "$(SYSTEM_LIBXML)" == "YES" +CFLAGS+=-DSYSTEM_LIBXML $(LIBXML_CFLAGS) +.ELSE +LIBXMLINCDIR=external$/libxml +CFLAGS+= -I$(SOLARINCDIR)$/$(LIBXMLINCDIR) +.ENDIF + +.IF "$(SYSTEM_OPENSSL)" == "YES" +CFLAGS+= $(OPENSSL_CFLAGS) +.ENDIF + +.IF "$(SYSTEM_ZLIB)" == "YES" +CFLAGS+=-DSYSTEM_ZLIB +.ELSE +ZLIBINCDIR=external$/zlib +CFLAGS+=-I$(SOLARINCDIR)$/$(ZLIBINCDIR) +.ENDIF + +SLOFILES= \ + $(SLO)$/ne_207.obj \ + $(SLO)$/ne_acl.obj \ + $(SLO)$/ne_alloc.obj \ + $(SLO)$/ne_auth.obj \ + $(SLO)$/ne_basic.obj \ + $(SLO)$/ne_compress.obj \ + $(SLO)$/ne_dates.obj \ + $(SLO)$/ne_i18n.obj \ + $(SLO)$/ne_locks.obj \ + $(SLO)$/ne_md5.obj \ + $(SLO)$/ne_props.obj \ + $(SLO)$/ne_redirect.obj \ + $(SLO)$/ne_request.obj \ + $(SLO)$/ne_session.obj \ + $(SLO)$/ne_socket.obj \ + $(SLO)$/ne_string.obj \ + $(SLO)$/ne_uri.obj \ + $(SLO)$/ne_utils.obj \ + $(SLO)$/ne_xml.obj \ + $(SLO)$/ne_xmlreq.obj \ + $(SLO)$/ne_openssl.obj + +.IF "$(OS)"=="WNT" +SLOFILES+=$(SLO)$/ne_sspi.obj +.ELSE +SLOFILES+=$(SLO)$/ne_ntlm.obj +.ENDIF + +# $(SLO)$/ne_gnutls.obj \ +# $(SLO)$/ne_stubssl.obj + +SHL1OBJS=$(SLOFILES) +SHL1TARGET=$(TARGET) +SHL1VERSIONMAP=exports.map +SHL1IMPLIB=i$(TARGET) + +SHL1STDLIBS+= $(LIBXML2LIB) \ + $(ZLIB3RDLIB) + +.IF "$(GUI)"=="WNT" + SHL1STDLIBS+= $(WSOCK32LIB) + .IF "$(WINDOWS_VISTA_PSDK)" != "" + SHL1STDLIBS+= $(WS2_32LIB) + .ENDIF + SHL1STDLIBS+= $(OPENSSLLIB) +.ELSE # WNT + .IF "$(OS)"=="SOLARIS" + SHL1STDLIBS+= -lnsl -lsocket -ldl + .ENDIF # SOLARIS + .IF "$(OS)"=="OS2" + SHL1STDLIBS+= pthread.lib libz.lib + .ENDIF # OS2 + .IF "$(SYSTEM_OPENSSL)"=="YES" + SHL1STDLIBS+= $(OPENSSLLIB) + .ELSE + SHL1STDLIBS+= $(OPENSSLLIBST) + .ENDIF +.ENDIF # WNT + +SHL1DEF=$(MISC)$/$(SHL1TARGET).def + +# --- Targets ------------------------------------------------------ +DEF1NAME=$(SHL1TARGET) +.INCLUDE : target.mk --- misc/neon-0.28.2/src/ne_auth.c 2008-02-29 17:30:12.000000000 +0100 +++ misc/build/neon-0.28.2/src/ne_auth.c 2009-12-10 13:21:58.000000000 +0100 @@ -77,6 +77,10 @@ #include "ne_sspi.h" #endif +#ifdef HAVE_NTLM +#include "ne_ntlm.h" +#endif + #define HOOK_SERVER_ID "http://webdav.org/neon/hooks/server-auth" #define HOOK_PROXY_ID "http://webdav.org/neon/hooks/proxy-auth" @@ -173,6 +177,10 @@ char *sspi_token; void *sspi_context; #endif +#ifdef HAVE_NTLM + /* This is used for NTLM auth */ + ne_ntlm_context *ntlm_context; +#endif /* These all used for Digest auth */ char *realm; char *nonce; @@ -287,6 +295,11 @@ ne_sspi_destroy_context(sess->sspi_context); sess->sspi_context = NULL; #endif +#ifdef HAVE_NTLM + ne_ntlm_destroy_context(sess->ntlm_context); + sess->ntlm_context = NULL; +#endif + sess->protocol = NULL; } /* Returns client nonce string. */ @@ -351,7 +364,7 @@ static int get_credentials(auth_session *sess, ne_buffer **errmsg, int attempt, struct auth_challenge *chall, char *pwbuf) { - if (chall->handler->creds(chall->handler->userdata, sess->realm, + if (chall->handler->creds(chall->handler->userdata, chall->protocol->name, sess->realm, chall->handler->attempt++, sess->username, pwbuf) == 0) { return 0; } else { @@ -598,7 +611,8 @@ int ntlm = ne_strcasecmp(parms->protocol->name, "NTLM") == 0; int status; char *response = NULL; - + char password[NE_ABUFSIZ]; + NE_DEBUG(NE_DBG_HTTPAUTH, "auth: SSPI challenge.\n"); if (!sess->sspi_context) { @@ -614,8 +628,17 @@ return status; } } + + /* Authentification needs more than one http request. + * As long as authentification in progress use the existing credentials. + * Otherwise get new credentials.*/ + if (!parms->opaque) + if (get_credentials(sess, errmsg, attempt, parms, password)) { + /* Failed to get credentials */ + return -1; + } - status = ne_sspi_authenticate(sess->sspi_context, parms->opaque, &response); + status = ne_sspi_authenticate(sess->sspi_context, parms->opaque, &response, sess->username, password); if (status) { return status; } @@ -685,6 +708,62 @@ return invalid; } +#ifdef HAVE_NTLM + +static char *request_ntlm(auth_session *sess, struct auth_request *request) +{ + char *token = ne_ntlm_getRequestToken(sess->ntlm_context); + if (token) { + char * req = ne_concat(sess->protocol->name, " ", token, "\r\n", NULL); + ne_free(token); + return req; + } else { + return NULL; + } +} + +static int ntlm_challenge(auth_session *sess, int attempt, + struct auth_challenge *parms, + ne_buffer **errmsg) +{ + int status; + + NE_DEBUG(NE_DBG_HTTPAUTH, "auth: NTLM challenge.\n"); + + if (!parms->opaque && (!sess->ntlm_context || (attempt > 1))) { + char password[NE_ABUFSIZ]; + + if (get_credentials(sess, errmsg, attempt, parms, password)) { + /* Failed to get credentials */ + return -1; + } + + if (sess->ntlm_context) { + status = ne_ntlm_destroy_context(sess->ntlm_context); + sess->ntlm_context = NULL; + if (status) { + return status; + } + } + + status = ne_ntlm_create_context(&sess->ntlm_context, + sess->username, + password); + if (status) { + return status; + } + } + + status = ne_ntlm_authenticate(sess->ntlm_context, parms->opaque); + if (status) { + return status; + } + + return 0; +} +#endif /* HAVE_NTLM */ + + /* Examine a digest challenge: return 0 if it is a valid Digest challenge, * else non-zero. */ static int digest_challenge(auth_session *sess, int attempt, @@ -1134,6 +1213,11 @@ sspi_challenge, request_sspi, NULL, AUTH_FLAG_OPAQUE_PARAM|AUTH_FLAG_VERIFY_NON40x|AUTH_FLAG_CONN_AUTH }, #endif +#ifdef HAVE_NTLM + { NE_AUTH_NEGOTIATE, 30, "NTLM", + ntlm_challenge, request_ntlm, NULL, + AUTH_FLAG_OPAQUE_PARAM|AUTH_FLAG_VERIFY_NON40x|AUTH_FLAG_CONN_AUTH }, +#endif { 0 } }; @@ -1431,6 +1515,11 @@ ne_sspi_clear_context(sess->sspi_context); } #endif +#ifdef HAVE_NTLM + if (sess->ntlm_context) { + ne_ntlm_clear_context(sess->ntlm_context); + } +#endif return ret; } --- misc/neon-0.28.2/src/ne_auth.h 2007-12-05 17:39:58.000000000 +0100 +++ misc/build/neon-0.28.2/src/ne_auth.h 2009-12-10 13:21:58.000000000 +0100 @@ -47,8 +47,8 @@ * Hint: if you just wish to attempt authentication just once (even if * the user gets the username/password wrong), have the callback * function use 'attempt' value as the function return value. */ -typedef int (*ne_auth_creds)(void *userdata, const char *realm, int attempt, - char *username, char *password); +typedef int (*ne_auth_creds)(void *userdata, const char * auth_protocol, + const char *realm, int attempt, char *username, char *password); /* Set callbacks to provide credentials for server and proxy * authentication, using the default set of authentication protocols. --- misc/neon-0.28.2/src/ne_defs.h 2006-10-24 21:40:09.000000000 +0200 +++ misc/build/neon-0.28.2/src/ne_defs.h 2009-12-10 13:21:58.000000000 +0100 @@ -41,7 +41,7 @@ #endif /* define ssize_t for Win32 */ -#if defined(WIN32) && !defined(ssize_t) +#if defined(WIN32) && !defined(ssize_t) && !defined(__MINGW32__) #define ssize_t int #endif --- misc/neon-0.28.2/src/ne_locks.c 2007-02-05 11:09:27.000000000 +0100 +++ misc/build/neon-0.28.2/src/ne_locks.c 2009-12-10 13:21:58.000000000 +0100 @@ -579,6 +579,23 @@ const char *token = ne_get_response_header(ctx->req, "Lock-Token"); /* at the root element; retrieve the Lock-Token header, * and bail if it wasn't given. */ +#ifdef IIS_LOCK_BUG_WORKAROUND + /* MS IIS violates RFC 2518/4918. It does not send a Lock-Token response + header upon successful creation of a new lock. As a workaround, we + will try to pick the lock token from the response body (although + this is not 100% safe in case of multiple activelocks). */ + if (token == NULL) + NE_DEBUG(NE_DBG_LOCKS, + "Ignoring missing LOCK response Lock-Token header\n"); + + if (token != NULL) { + if (token[0] == '<') token++; + ctx->token = ne_strdup(token); + ne_shave(ctx->token, ">"); + NE_DEBUG(NE_DBG_LOCKS, "lk_startelm: Finding token %s\n", + ctx->token); + } +#else if (token == NULL) { ne_xml_set_error(ctx->parser, _("LOCK response missing Lock-Token header")); @@ -590,12 +607,28 @@ ne_shave(ctx->token, ">"); NE_DEBUG(NE_DBG_LOCKS, "lk_startelm: Finding token %s\n", ctx->token); +#endif } /* TODO: only accept 'prop' as root for LOCK response */ if (!can_accept(parent, id)) return NE_XML_DECLINE; +#ifdef IIS_LOCK_BUG_WORKAROUND + if (id == ELM_activelock && ctx->found) { + /* Found another activelock... */ + const char *token = ne_get_response_header(ctx->req, "Lock-Token"); + if (token == NULL) { + /* Response contains more than one activelock and no Lock-Token + * response header. We are doomed. No safe workaround for IIS + * lock bug possible. */ + ne_xml_set_error(ctx->parser, + _("LOCK response missing Lock-Token header and more than one activelock")); + return NE_XML_ABORT; + } + } +#endif + if (id == ELM_activelock && !ctx->found) { /* a new activelock */ ne_lock_free(&ctx->active); @@ -621,7 +654,12 @@ return -1; if (state == ELM_activelock) { +#ifdef IIS_LOCK_BUG_WORKAROUND + if (ctx->active.token) { + ctx->token = ne_strdup(ctx->active.token); +#else if (ctx->active.token && strcmp(ctx->active.token, ctx->token) == 0) { +#endif ctx->found = 1; } } --- misc/neon-0.28.2/src/ne_locks.h 2006-01-02 12:43:19.000000000 +0100 +++ misc/build/neon-0.28.2/src/ne_locks.h 2009-12-10 13:21:58.000000000 +0100 @@ -22,6 +22,10 @@ #ifndef NE_LOCKS_H #define NE_LOCKS_H +# if defined __GNUC__ +# pragma GCC system_header +# endif + #include "ne_request.h" /* for ne_session + ne_request */ #include "ne_uri.h" /* for ne_uri */ --- misc/neon-0.28.2/src/ne_ntlm.c 2009-12-10 13:29:15.000000000 +0100 +++ misc/build/neon-0.28.2/src/ne_ntlm.c 2009-12-10 13:21:58.000000000 +0100 @@ -1 +1,703 @@ -dummy +/* + Handling of NTLM Authentication + Copyright (C) 2003, Daniel Stenberg + Copyright (C) 2009, Kai Sommerfeld + + This library is free software; you can redistribute it and/or + modify it under the terms of the GNU Library General Public + License as published by the Free Software Foundation; either + version 2 of the License, or (at your option) any later version. + + This library is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + Library General Public License for more details. + + You should have received a copy of the GNU Library General Public + License along with this library; if not, write to the Free + Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, + MA 02111-1307, USA + +*/ + +/* NTLM details: + + http://davenport.sourceforge.net/ntlm.html + http://www.innovation.ch/java/ntlm.html + +*/ + +#include "ne_ntlm.h" + +#ifdef HAVE_NTLM + +#include "ne_string.h" + +typedef enum { + NTLMSTATE_NONE, + NTLMSTATE_TYPE1, + NTLMSTATE_TYPE2, + NTLMSTATE_TYPE3, + NTLMSTATE_LAST +} NTLMState; + +struct ne_ntlm_context_s { + NTLMState state; + unsigned char nonce[8]; + char *user; + char *passwd; + char *requestToken; +}; + +typedef enum { + NTLM_NONE, /* not a ntlm */ + NTLM_BAD, /* an ntlm, but one we don't like */ + NTLM_FIRST, /* the first 401-reply we got with NTLM */ + NTLM_FINE, /* an ntlm we act on */ + + NTLM_LAST /* last entry in this enum, don't use */ +} ntlm; + +/* Flag bits definitions based on http://davenport.sourceforge.net/ntlm.html */ + +#define NTLMFLAG_NEGOTIATE_UNICODE (1<<0) +/* Indicates that Unicode strings are supported for use in security buffer + data. */ + +#define NTLMFLAG_NEGOTIATE_OEM (1<<1) +/* Indicates that OEM strings are supported for use in security buffer data. */ + +#define NTLMFLAG_REQUEST_TARGET (1<<2) +/* Requests that the server's authentication realm be included in the Type 2 + message. */ + +/* unknown (1<<3) */ +#define NTLMFLAG_NEGOTIATE_SIGN (1<<4) +/* Specifies that authenticated communication between the client and server + should carry a digital signature (message integrity). */ + +#define NTLMFLAG_NEGOTIATE_SEAL (1<<5) +/* Specifies that authenticated communication between the client and server + should be encrypted (message confidentiality). */ + +#define NTLMFLAG_NEGOTIATE_DATAGRAM_STYLE (1<<6) +/* unknown purpose */ + +#define NTLMFLAG_NEGOTIATE_LM_KEY (1<<7) +/* Indicates that the LAN Manager session key should be used for signing and + sealing authenticated communications. */ + +#define NTLMFLAG_NEGOTIATE_NETWARE (1<<8) +/* unknown purpose */ + +#define NTLMFLAG_NEGOTIATE_NTLM_KEY (1<<9) +/* Indicates that NTLM authentication is being used. */ + +/* unknown (1<<10) */ +/* unknown (1<<11) */ + +#define NTLMFLAG_NEGOTIATE_DOMAIN_SUPPLIED (1<<12) +/* Sent by the client in the Type 1 message to indicate that a desired + authentication realm is included in the message. */ + +#define NTLMFLAG_NEGOTIATE_WORKSTATION_SUPPLIED (1<<13) +/* Sent by the client in the Type 1 message to indicate that the client + workstation's name is included in the message. */ + +#define NTLMFLAG_NEGOTIATE_LOCAL_CALL (1<<14) +/* Sent by the server to indicate that the server and client are on the same + machine. Implies that the client may use a pre-established local security + context rather than responding to the challenge. */ + +#define NTLMFLAG_NEGOTIATE_ALWAYS_SIGN (1<<15) +/* Indicates that authenticated communication between the client and server + should be signed with a "dummy" signature. */ + +#define NTLMFLAG_TARGET_TYPE_DOMAIN (1<<16) +/* Sent by the server in the Type 2 message to indicate that the target + authentication realm is a domain. */ + +#define NTLMFLAG_TARGET_TYPE_SERVER (1<<17) +/* Sent by the server in the Type 2 message to indicate that the target + authentication realm is a server. */ + +#define NTLMFLAG_TARGET_TYPE_SHARE (1<<18) +/* Sent by the server in the Type 2 message to indicate that the target + authentication realm is a share. Presumably, this is for share-level + authentication. Usage is unclear. */ + +#define NTLMFLAG_NEGOTIATE_NTLM2_KEY (1<<19) +/* Indicates that the NTLM2 signing and sealing scheme should be used for + protecting authenticated communications. */ + +#define NTLMFLAG_REQUEST_INIT_RESPONSE (1<<20) +/* unknown purpose */ + +#define NTLMFLAG_REQUEST_ACCEPT_RESPONSE (1<<21) +/* unknown purpose */ + +#define NTLMFLAG_REQUEST_NONNT_SESSION_KEY (1<<22) +/* unknown purpose */ + +#define NTLMFLAG_NEGOTIATE_TARGET_INFO (1<<23) +/* Sent by the server in the Type 2 message to indicate that it is including a + Target Information block in the message. */ + +/* unknown (1<24) */ +/* unknown (1<25) */ +/* unknown (1<26) */ +/* unknown (1<27) */ +/* unknown (1<28) */ + +#define NTLMFLAG_NEGOTIATE_128 (1<<29) +/* Indicates that 128-bit encryption is supported. */ + +#define NTLMFLAG_NEGOTIATE_KEY_EXCHANGE (1<<30) +/* unknown purpose */ + +#define NTLMFLAG_NEGOTIATE_56 (1<<31) +/* Indicates that 56-bit encryption is supported. */ + +#ifdef HAVE_OPENSSL +/* We need OpenSSL for the crypto lib to provide us with MD4 and DES */ + +/* -- WIN32 approved -- */ +#include +#include +#include +#include +#include + +#include +#include +#include + +#if OPENSSL_VERSION_NUMBER < 0x00907001L +#define DES_key_schedule des_key_schedule +#define DES_cblock des_cblock +#define DES_set_odd_parity des_set_odd_parity +#define DES_set_key des_set_key +#define DES_ecb_encrypt des_ecb_encrypt + +/* This is how things were done in the old days */ +#define DESKEY(x) x +#define DESKEYARG(x) x +#else +/* Modern version */ +#define DESKEYARG(x) *x +#define DESKEY(x) &x +#endif + +/* Define this to make the type-3 message include the NT response message */ +#define USE_NTRESPONSES 1 + +/* + (*) = A "security buffer" is a triplet consisting of two shorts and one + long: + + 1. a 'short' containing the length of the buffer in bytes + 2. a 'short' containing the allocated space for the buffer in bytes + 3. a 'long' containing the offset to the start of the buffer from the + beginning of the NTLM message, in bytes. +*/ + +static ntlm ne_input_ntlm(ne_ntlm_context *ctx, + const char *responseToken) +{ + if(responseToken) { + /* We got a type-2 message here: + + Index Description Content + 0 NTLMSSP Signature Null-terminated ASCII "NTLMSSP" + (0x4e544c4d53535000) + 8 NTLM Message Type long (0x02000000) + 12 Target Name security buffer(*) + 20 Flags long + 24 Challenge 8 bytes + (32) Context (optional) 8 bytes (two consecutive longs) + (40) Target Information (optional) security buffer(*) + 32 (48) start of data block + */ + unsigned char * buffer = NULL; + + int size = ne_unbase64(responseToken, &buffer); + + ctx->state = NTLMSTATE_TYPE2; /* we got a type-2 */ + + if(size >= 48) + /* the nonce of interest is index [24 .. 31], 8 bytes */ + memcpy(ctx->nonce, &buffer[24], 8); + + /* at index decimal 20, there's a 32bit NTLM flag field */ + + if (buffer) ne_free(buffer); + } + else { + if(ctx->state >= NTLMSTATE_TYPE1) + return NTLM_BAD; + + ctx->state = NTLMSTATE_TYPE1; /* we should sent away a type-1 */ + } + return NTLM_FINE; +} + +/* + * Turns a 56 bit key into the 64 bit, odd parity key and sets the key. The + * key schedule ks is also set. + */ +static void setup_des_key(unsigned char *key_56, + DES_key_schedule DESKEYARG(ks)) +{ + DES_cblock key; + + key[0] = key_56[0]; + key[1] = ((key_56[0] << 7) & 0xFF) | (key_56[1] >> 1); + key[2] = ((key_56[1] << 6) & 0xFF) | (key_56[2] >> 2); + key[3] = ((key_56[2] << 5) & 0xFF) | (key_56[3] >> 3); + key[4] = ((key_56[3] << 4) & 0xFF) | (key_56[4] >> 4); + key[5] = ((key_56[4] << 3) & 0xFF) | (key_56[5] >> 5); + key[6] = ((key_56[5] << 2) & 0xFF) | (key_56[6] >> 6); + key[7] = (key_56[6] << 1) & 0xFF; + + DES_set_odd_parity(&key); + DES_set_key(&key, ks); +} + + /* + * takes a 21 byte array and treats it as 3 56-bit DES keys. The + * 8 byte plaintext is encrypted with each key and the resulting 24 + * bytes are stored in the results array. + */ +static void calc_resp(unsigned char *keys, + unsigned char *plaintext, + unsigned char *results) +{ + DES_key_schedule ks; + + setup_des_key(keys, DESKEY(ks)); + DES_ecb_encrypt((DES_cblock*) plaintext, (DES_cblock*) results, + DESKEY(ks), DES_ENCRYPT); + + setup_des_key(keys+7, DESKEY(ks)); + DES_ecb_encrypt((DES_cblock*) plaintext, (DES_cblock*) (results+8), + DESKEY(ks), DES_ENCRYPT); + + setup_des_key(keys+14, DESKEY(ks)); + DES_ecb_encrypt((DES_cblock*) plaintext, (DES_cblock*) (results+16), + DESKEY(ks), DES_ENCRYPT); +} + +/* + * Set up lanmanager and nt hashed passwords + */ +static void mkhash(char *password, + unsigned char *nonce, /* 8 bytes */ + unsigned char *lmresp /* must fit 0x18 bytes */ +#ifdef USE_NTRESPONSES + , unsigned char *ntresp /* must fit 0x18 bytes */ +#endif + ) +{ + unsigned char lmbuffer[21]; +#ifdef USE_NTRESPONSES + unsigned char ntbuffer[21]; +#endif + unsigned char *pw; + static const unsigned char magic[] = { + 0x4B, 0x47, 0x53, 0x21, 0x40, 0x23, 0x24, 0x25 + }; + int i; + int len = strlen(password); + + /* make it fit at least 14 bytes */ + pw = malloc(len<7?14:len*2); + if(!pw) + return; /* this will lead to a badly generated package */ + + if (len > 14) + len = 14; + + for (i=0; i> 8) +#define LONGQUARTET(x) ((x) & 0xff), (((x) >> 8)&0xff), \ + (((x) >>16)&0xff), ((x)>>24) + +/* this is for creating ntlm header output */ +static int ne_output_ntlm(ne_ntlm_context *ctx) +{ + const char *domain=""; /* empty */ + const char *host=""; /* empty */ + int domlen=strlen(domain); + int hostlen = strlen(host); + int hostoff; /* host name offset */ + int domoff; /* domain name offset */ + int size; + unsigned char ntlmbuf[256]; /* enough, unless the host/domain is very long */ + + if(!ctx->user || !ctx->passwd) + /* no user, no auth */ + return 0; /* OK */ + + switch(ctx->state) { + case NTLMSTATE_TYPE1: + default: /* for the weird cases we (re)start here */ + hostoff = 32; + domoff = hostoff + hostlen; + + /* Create and send a type-1 message: + + Index Description Content + 0 NTLMSSP Signature Null-terminated ASCII "NTLMSSP" + (0x4e544c4d53535000) + 8 NTLM Message Type long (0x01000000) + 12 Flags long + 16 Supplied Domain security buffer(*) + 24 Supplied Workstation security buffer(*) + 32 start of data block + + */ + + snprintf((char *)ntlmbuf, sizeof(ntlmbuf), "NTLMSSP%c" + "\x01%c%c%c" /* 32-bit type = 1 */ + "%c%c%c%c" /* 32-bit NTLM flag field */ + "%c%c" /* domain length */ + "%c%c" /* domain allocated space */ + "%c%c" /* domain name offset */ + "%c%c" /* 2 zeroes */ + "%c%c" /* host length */ + "%c%c" /* host allocated space */ + "%c%c" /* host name offset */ + "%c%c" /* 2 zeroes */ + "%s" /* host name */ + "%s", /* domain string */ + 0, /* trailing zero */ + 0,0,0, /* part of type-1 long */ + + LONGQUARTET( + NTLMFLAG_NEGOTIATE_OEM| /* 2 */ + NTLMFLAG_NEGOTIATE_NTLM_KEY /* 200 */ + /* equals 0x0202 */ + ), + SHORTPAIR(domlen), + SHORTPAIR(domlen), + SHORTPAIR(domoff), + 0,0, + SHORTPAIR(hostlen), + SHORTPAIR(hostlen), + SHORTPAIR(hostoff), + 0,0, + host, domain); + + /* initial packet length */ + size = 32 + hostlen + domlen; + + /* now keeper of the base64 encoded package size */ + if (ctx->requestToken) ne_free(ctx->requestToken); + ctx->requestToken = ne_base64(ntlmbuf, size); + + break; + + case NTLMSTATE_TYPE2: + /* We received the type-2 already, create a type-3 message: + + Index Description Content + 0 NTLMSSP Signature Null-terminated ASCII "NTLMSSP" + (0x4e544c4d53535000) + 8 NTLM Message Type long (0x03000000) + 12 LM/LMv2 Response security buffer(*) + 20 NTLM/NTLMv2 Response security buffer(*) + 28 Domain Name security buffer(*) + 36 User Name security buffer(*) + 44 Workstation Name security buffer(*) + (52) Session Key (optional) security buffer(*) + (60) Flags (optional) long + 52 (64) start of data block + + */ + + { + int lmrespoff; + int ntrespoff; + int useroff; + unsigned char lmresp[0x18]; /* fixed-size */ +#ifdef USE_NTRESPONSES + unsigned char ntresp[0x18]; /* fixed-size */ +#endif + const char *user; + int userlen; + + user = strchr(ctx->user, '\\'); + if(!user) + user = strchr(ctx->user, '/'); + + if (user) { + domain = ctx->user; + domlen = user - domain; + user++; + } + else + user = ctx->user; + userlen = strlen(user); + + mkhash(ctx->passwd, &ctx->nonce[0], lmresp +#ifdef USE_NTRESPONSES + , ntresp +#endif + ); + + domoff = 64; /* always */ + useroff = domoff + domlen; + hostoff = useroff + userlen; + lmrespoff = hostoff + hostlen; + ntrespoff = lmrespoff + 0x18; + + /* Create the big type-3 message binary blob */ + size = snprintf((char *)ntlmbuf, sizeof(ntlmbuf), + "NTLMSSP%c" + "\x03%c%c%c" /* type-3, 32 bits */ + + "%c%c%c%c" /* LanManager length + allocated space */ + "%c%c" /* LanManager offset */ + "%c%c" /* 2 zeroes */ + + "%c%c" /* NT-response length */ + "%c%c" /* NT-response allocated space */ + "%c%c" /* NT-response offset */ + "%c%c" /* 2 zeroes */ + + "%c%c" /* domain length */ + "%c%c" /* domain allocated space */ + "%c%c" /* domain name offset */ + "%c%c" /* 2 zeroes */ + + "%c%c" /* user length */ + "%c%c" /* user allocated space */ + "%c%c" /* user offset */ + "%c%c" /* 2 zeroes */ + + "%c%c" /* host length */ + "%c%c" /* host allocated space */ + "%c%c" /* host offset */ + "%c%c%c%c%c%c" /* 6 zeroes */ + + "\xff\xff" /* message length */ + "%c%c" /* 2 zeroes */ + + "\x01\x82" /* flags */ + "%c%c" /* 2 zeroes */ + + /* domain string */ + /* user string */ + /* host string */ + /* LanManager response */ + /* NT response */ + , + 0, /* zero termination */ + 0,0,0, /* type-3 long, the 24 upper bits */ + + SHORTPAIR(0x18), /* LanManager response length, twice */ + SHORTPAIR(0x18), + SHORTPAIR(lmrespoff), + 0x0, 0x0, + +#ifdef USE_NTRESPONSES + SHORTPAIR(0x18), /* NT-response length, twice */ + SHORTPAIR(0x18), +#else + 0x0, 0x0, + 0x0, 0x0, +#endif + SHORTPAIR(ntrespoff), + 0x0, 0x0, + + SHORTPAIR(domlen), + SHORTPAIR(domlen), + SHORTPAIR(domoff), + 0x0, 0x0, + + SHORTPAIR(userlen), + SHORTPAIR(userlen), + SHORTPAIR(useroff), + 0x0, 0x0, + + SHORTPAIR(hostlen), + SHORTPAIR(hostlen), + SHORTPAIR(hostoff), + 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, + + 0x0, 0x0, + + 0x0, 0x0); + + /* size is now 64 */ + size=64; + ntlmbuf[62]=ntlmbuf[63]=0; + + /* Make sure that the user and domain strings fit in the target buffer + before we copy them there. */ + if(size + userlen + domlen >= sizeof(ntlmbuf)) { + return -1; + } + + memcpy(&ntlmbuf[size], domain, domlen); + size += domlen; + + memcpy(&ntlmbuf[size], user, userlen); + size += userlen; + + /* we append the binary hashes to the end of the blob */ + if(size < ((int)sizeof(ntlmbuf) - 0x18)) { + memcpy(&ntlmbuf[size], lmresp, 0x18); + size += 0x18; + } + +#ifdef USE_NTRESPONSES + if(size < ((int)sizeof(ntlmbuf) - 0x18)) { + memcpy(&ntlmbuf[size], ntresp, 0x18); + size += 0x18; + } +#endif + + ntlmbuf[56] = size & 0xff; + ntlmbuf[57] = size >> 8; + + /* convert the binary blob into base64 */ + ctx->requestToken = ne_base64(ntlmbuf, size); + + ctx->state = NTLMSTATE_TYPE3; /* we sent a type-3 */ + } + break; + + case NTLMSTATE_TYPE3: + /* connection is already authenticated, + * don't send a header in future requests */ + if (ctx->requestToken) ne_free(ctx->requestToken); + ctx->requestToken = NULL; + break; + } + + return 0; /* OK */ +} + +int ne_ntlm_create_context(ne_ntlm_context **context, const char *userName, const char *password) +{ + if (context == NULL) { + return -1; + } else { + ne_ntlm_context *ctx = ne_calloc(sizeof(ne_ntlm_context)); + + ctx->state = NTLMSTATE_NONE; + ctx->user = ne_strdup(userName); + ctx->passwd = ne_strdup(password); + + *context = ctx; + return 0; + } +} + +int ne_ntlm_destroy_context(ne_ntlm_context *context) +{ + if (context != NULL) { + if (context->user) + ne_free(context->user); + + if (context->passwd) + ne_free(context->passwd); + + if (context->requestToken) + ne_free(context->requestToken); + + ne_free(context); + } + return 0; +} + +int ne_ntlm_clear_context(ne_ntlm_context *context) +{ + return 0; +} + +int ne_ntlm_authenticate(ne_ntlm_context *context, const char *responseToken) +{ + if (context == NULL) { + return -1; + } else { + if (!responseToken && (context->state == NTLMSTATE_TYPE3)) + context->state = NTLMSTATE_NONE; + + if (context->state <= NTLMSTATE_TYPE3) { + ntlm ntlmstatus = ne_input_ntlm(context, responseToken); + + if (ntlmstatus != NTLM_FINE) { + return -1; + } + } + } + return ne_output_ntlm(context); +} + +char *ne_ntlm_getRequestToken(ne_ntlm_context *context) +{ + if (context == NULL) { + return NULL; + } else { + if (context->requestToken) { + char *ret = ne_strdup(context->requestToken); + ne_free(context->requestToken); + context->requestToken = NULL; + return ret; + } else { + return NULL; + } + } +} + +#endif /* HAVE_OPENSSL */ +#endif /* HAVE_NTLM */ --- misc/neon-0.28.2/src/ne_ntlm.h 2009-12-10 13:29:15.000000000 +0100 +++ misc/build/neon-0.28.2/src/ne_ntlm.h 2009-12-10 13:21:58.000000000 +0100 @@ -1 +1,44 @@ -dummy +/* + Handling of NTLM Authentication + Copyright (C) 2009, Kai Sommerfeld + + This library is free software; you can redistribute it and/or + modify it under the terms of the GNU Library General Public + License as published by the Free Software Foundation; either + version 2 of the License, or (at your option) any later version. + + This library is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + Library General Public License for more details. + + You should have received a copy of the GNU Library General Public + License along with this library; if not, write to the Free + Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, + MA 02111-1307, USA + +*/ +#ifndef NE_NTLM_H +#define NE_NTLM_H + +#include "config.h" + +/* PRIVATE TO NEON -- NOT PART OF THE EXTERNAL API. */ + +#ifdef HAVE_NTLM + +typedef struct ne_ntlm_context_s ne_ntlm_context; + +int ne_ntlm_create_context(ne_ntlm_context **context, const char *userName, const char *password); + +int ne_ntlm_destroy_context(ne_ntlm_context *context); + +int ne_ntlm_clear_context(ne_ntlm_context *context); + +int ne_ntlm_authenticate(ne_ntlm_context *context, const char *responseToken); + +char *ne_ntlm_getRequestToken(ne_ntlm_context *context); + +#endif /* HAVE_NTLM */ + +#endif /* NE_NTLM_H */ --- misc/neon-0.28.2/src/ne_socket.c 2008-02-28 14:19:19.000000000 +0100 +++ misc/build/neon-0.28.2/src/ne_socket.c 2009-12-10 13:21:58.000000000 +0100 @@ -60,6 +60,7 @@ #include #ifdef USE_GETADDRINFO #include +#include #endif #endif --- misc/neon-0.28.2/src/ne_sspi.c 2007-08-10 17:26:08.000000000 +0200 +++ misc/build/neon-0.28.2/src/ne_sspi.c 2009-12-10 13:28:42.000000000 +0100 @@ -202,9 +202,48 @@ return -1; } + return 0; +} + +/* + * Simplification wrapper arround AcquireCredentialsHandle as most of + * the parameters do not change. + */ +static int acquireCredentialsHandleForUsername(CredHandle * credentials, char *package, const char *username, const char *password) +{ + SECURITY_STATUS status; + TimeStamp timestamp; + + const char *domain = ""; + + int rc, rcISC; + SecPkgInfo *secPackInfo; + SEC_WINNT_AUTH_IDENTITY *nameAndPwd = NULL; + int bytesReceived = 0, bytesSent = 0; + + nameAndPwd = (SEC_WINNT_AUTH_IDENTITY *) malloc( sizeof(SEC_WINNT_AUTH_IDENTITY) ); + memset( nameAndPwd, '\0', sizeof (*nameAndPwd) ); + nameAndPwd->Domain = (unsigned char *) _strdup( domain? domain: "" ); + nameAndPwd->DomainLength = domain? strlen( domain ): 0; + nameAndPwd->User = (unsigned char *) _strdup( username? username: "" ); + nameAndPwd->UserLength = username? strlen( username ): 0; + nameAndPwd->Password = (unsigned char *) _strdup( password? password: "" ); + nameAndPwd->PasswordLength = password? strlen( password ): 0; + nameAndPwd->Flags = SEC_WINNT_AUTH_IDENTITY_ANSI; + + status = pSFT->AcquireCredentialsHandle( NULL, package, SECPKG_CRED_OUTBOUND, + NULL, nameAndPwd, NULL, NULL, credentials, ×tamp ); + + if (status != SEC_E_OK) { + NE_DEBUG(NE_DBG_HTTPAUTH, + "sspi: AcquireCredentialsHandle [fail] [%x].\n", status); + return -1; + } + return 0; } + /* * Wrapper arround initializeSecurityContext. Supplies several * default parameters as well as logging in case of errors. @@ -483,7 +522,7 @@ * Processes received authentication tokens as well as supplies the * response token. */ -int ne_sspi_authenticate(void *context, const char *base64Token, char **responseToken) +int ne_sspi_authenticate(void *context, const char *base64Token, char **responseToken, const char* username, const char* password) { SecBufferDesc outBufferDesc; SecBuffer outBuffer; @@ -560,14 +599,23 @@ /* Reset any existing context since we are starting over */ resetContext(sspiContext); + + if (strlen(username) != 0) { + if (acquireCredentialsHandleForUsername + (&sspiContext->credentials, sspiContext->mechanism, username, password) != SEC_E_OK) { + freeBuffer(&outBufferDesc); + NE_DEBUG(NE_DBG_HTTPAUTH, "sspi: acquireCredentialsHandleForUsername failed.\n"); + return -1; + } + } else { + if (acquireCredentialsHandle + (&sspiContext->credentials, sspiContext->mechanism) != SEC_E_OK) { + freeBuffer(&outBufferDesc); + NE_DEBUG(NE_DBG_HTTPAUTH, "sspi: acquireCredentialsHandle failed.\n"); + return -1; + } + } - if (acquireCredentialsHandle - (&sspiContext->credentials, sspiContext->mechanism) != SEC_E_OK) { - freeBuffer(&outBufferDesc); - NE_DEBUG(NE_DBG_HTTPAUTH, - "sspi: acquireCredentialsHandle failed.\n"); - return -1; - } securityStatus = initializeSecurityContext(&sspiContext->credentials, NULL, --- misc/neon-0.28.2/src/ne_sspi.h 2006-02-12 13:05:14.000000000 +0100 +++ misc/build/neon-0.28.2/src/ne_sspi.h 2009-12-10 13:21:58.000000000 +0100 @@ -41,7 +41,7 @@ int ne_sspi_clear_context(void *context); int ne_sspi_authenticate(void *context, const char *base64Token, - char **responseToken); + char **responseToken, const char* username, const char* password); #endif /* HAVE_SSPI */ --- misc/neon-0.28.2/src/ne_uri.c 2007-12-05 12:04:47.000000000 +0100 +++ misc/build/neon-0.28.2/src/ne_uri.c 2009-12-10 13:21:58.000000000 +0100 @@ -42,7 +42,7 @@ #include "ne_alloc.h" #include "ne_uri.h" -/* URI ABNF from RFC 3986: */ +/* URI ABNF from RFC 3986: (TKR: SharePoint is contradictory to this RFC. So I fix it here. )*/ #define PS (0x0001) /* "+" */ #define PC (0x0002) /* "%" */ @@ -67,6 +67,9 @@ #define OT (0x4000) /* others */ +/* TKR new symbol */ +#define WS (0x8000) /* Whitespaces ( Space, Tab ) */ + #define URI_ALPHA (AL) #define URI_DIGIT (DG) @@ -83,20 +86,21 @@ /* pchar = unreserved / pct-encoded / sub-delims / ":" / "@" */ #define URI_PCHAR (URI_UNRESERVED | PC | URI_SUBDELIM | CL | AT) /* invented: segchar = pchar / "/" */ -#define URI_SEGCHAR (URI_PCHAR | FS) +/* (TKR) WS added */ +#define URI_SEGCHAR (URI_PCHAR | FS | WS) /* query = *( pchar / "/" / "?" ) */ #define URI_QUERY (URI_PCHAR | FS | QU) /* fragment == query */ #define URI_FRAGMENT URI_QUERY /* any characters which should be path-escaped: */ -#define URI_ESCAPE ((URI_GENDELIM & ~(FS)) | URI_SUBDELIM | OT | PC) +#define URI_ESCAPE ((URI_GENDELIM & ~(FS)) | URI_SUBDELIM | OT | WS | PC) static const unsigned int uri_chars[256] = { /* 0xXX x0 x2 x4 x6 x8 xA xC xE */ -/* 0x */ OT, OT, OT, OT, OT, OT, OT, OT, OT, OT, OT, OT, OT, OT, OT, OT, +/* 0x */ OT, OT, OT, OT, OT, OT, OT, OT, OT, WS, OT, OT, OT, OT, OT, OT, /* 1x */ OT, OT, OT, OT, OT, OT, OT, OT, OT, OT, OT, OT, OT, OT, OT, OT, -/* 2x */ OT, SD, OT, GD, SD, PC, SD, SD, SD, SD, SD, PS, SD, DS, DT, FS, +/* 2x */ WS, SD, OT, GD, SD, PC, SD, SD, SD, SD, SD, PS, SD, DS, DT, FS, /* 3x */ DG, DG, DG, DG, DG, DG, DG, DG, DG, DG, CL, SD, OT, SD, OT, QU, /* 4x */ AT, AL, AL, AL, AL, AL, AL, AL, AL, AL, AL, AL, AL, AL, AL, AL, /* 5x */ AL, AL, AL, AL, AL, AL, AL, AL, AL, AL, AL, GD, OT, GD, OT, US, --- misc/neon-0.28.2/src/ne_utils.c 2006-03-07 10:36:43.000000000 +0100 +++ misc/build/neon-0.28.2/src/ne_utils.c 2009-12-10 13:21:58.000000000 +0100 @@ -118,6 +118,9 @@ #ifdef HAVE_GNUTLS ", GNU TLS " LIBGNUTLS_VERSION #endif /* HAVE_GNUTLS */ +#ifdef HAVE_SSPI + ", SSPI" +#endif /* HAVE_SSPI */ "." ; @@ -137,7 +140,7 @@ switch (feature) { #if defined(NE_HAVE_SSL) || defined(NE_HAVE_ZLIB) || defined(NE_HAVE_IPV6) \ || defined(NE_HAVE_SOCKS) || defined(NE_HAVE_LFS) \ - || defined(NE_HAVE_TS_SSL) || defined(NE_HAVE_I18N) + || defined(NE_HAVE_TS_SSL) || defined(NE_HAVE_I18N) || defined(HAVE_SSPI) #ifdef NE_HAVE_SSL case NE_FEATURE_SSL: #endif @@ -159,6 +162,9 @@ #ifdef NE_HAVE_I18N case NE_FEATURE_I18N: #endif +#ifdef HAVE_SSPI + case NE_FEATURE_SSPI: +#endif return 1; #endif /* NE_HAVE_* */ default: --- misc/neon-0.28.2/src/ne_utils.h 2007-07-16 08:54:57.000000000 +0200 +++ misc/build/neon-0.28.2/src/ne_utils.h 2009-12-10 13:21:58.000000000 +0100 @@ -54,6 +54,7 @@ #define NE_FEATURE_SOCKS (5) /* SOCKSv5 support */ #define NE_FEATURE_TS_SSL (6) /* Thread-safe SSL/TLS support */ #define NE_FEATURE_I18N (7) /* i18n error message support */ +#define NE_FEATURE_SSPI (8) /* NTLM/Negotiate authentication protocol via SSPI */ /* Returns non-zero if library is built with support for the given * NE_FEATURE_* feature code 'code'. */