2
0

digest_sspi.c 20 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658659660661662663664665666
  1. /***************************************************************************
  2. * _ _ ____ _
  3. * Project ___| | | | _ \| |
  4. * / __| | | | |_) | |
  5. * | (__| |_| | _ <| |___
  6. * \___|\___/|_| \_\_____|
  7. *
  8. * Copyright (C) 2014 - 2016, Steve Holme, <steve_holme@hotmail.com>.
  9. * Copyright (C) 2015 - 2021, Daniel Stenberg, <daniel@haxx.se>, et al.
  10. *
  11. * This software is licensed as described in the file COPYING, which
  12. * you should have received as part of this distribution. The terms
  13. * are also available at https://curl.se/docs/copyright.html.
  14. *
  15. * You may opt to use, copy, modify, merge, publish, distribute and/or sell
  16. * copies of the Software, and permit persons to whom the Software is
  17. * furnished to do so, under the terms of the COPYING file.
  18. *
  19. * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
  20. * KIND, either express or implied.
  21. *
  22. * RFC2831 DIGEST-MD5 authentication
  23. *
  24. ***************************************************************************/
  25. #include "curl_setup.h"
  26. #if defined(USE_WINDOWS_SSPI) && !defined(CURL_DISABLE_CRYPTO_AUTH)
  27. #include <curl/curl.h>
  28. #include "vauth/vauth.h"
  29. #include "vauth/digest.h"
  30. #include "urldata.h"
  31. #include "warnless.h"
  32. #include "curl_multibyte.h"
  33. #include "sendf.h"
  34. #include "strdup.h"
  35. #include "strcase.h"
  36. #include "strerror.h"
  37. /* The last #include files should be: */
  38. #include "curl_memory.h"
  39. #include "memdebug.h"
  40. /*
  41. * Curl_auth_is_digest_supported()
  42. *
  43. * This is used to evaluate if DIGEST is supported.
  44. *
  45. * Parameters: None
  46. *
  47. * Returns TRUE if DIGEST is supported by Windows SSPI.
  48. */
  49. bool Curl_auth_is_digest_supported(void)
  50. {
  51. PSecPkgInfo SecurityPackage;
  52. SECURITY_STATUS status;
  53. /* Query the security package for Digest */
  54. status = s_pSecFn->QuerySecurityPackageInfo((TCHAR *) TEXT(SP_NAME_DIGEST),
  55. &SecurityPackage);
  56. /* Release the package buffer as it is not required anymore */
  57. if(status == SEC_E_OK) {
  58. s_pSecFn->FreeContextBuffer(SecurityPackage);
  59. }
  60. return (status == SEC_E_OK ? TRUE : FALSE);
  61. }
  62. /*
  63. * Curl_auth_create_digest_md5_message()
  64. *
  65. * This is used to generate an already encoded DIGEST-MD5 response message
  66. * ready for sending to the recipient.
  67. *
  68. * Parameters:
  69. *
  70. * data [in] - The session handle.
  71. * chlg [in] - The challenge message.
  72. * userp [in] - The user name in the format User or Domain\User.
  73. * passwdp [in] - The user's password.
  74. * service [in] - The service type such as http, smtp, pop or imap.
  75. * out [out] - The result storage.
  76. *
  77. * Returns CURLE_OK on success.
  78. */
  79. CURLcode Curl_auth_create_digest_md5_message(struct Curl_easy *data,
  80. const struct bufref *chlg,
  81. const char *userp,
  82. const char *passwdp,
  83. const char *service,
  84. struct bufref *out)
  85. {
  86. CURLcode result = CURLE_OK;
  87. TCHAR *spn = NULL;
  88. size_t token_max = 0;
  89. unsigned char *output_token = NULL;
  90. CredHandle credentials;
  91. CtxtHandle context;
  92. PSecPkgInfo SecurityPackage;
  93. SEC_WINNT_AUTH_IDENTITY identity;
  94. SEC_WINNT_AUTH_IDENTITY *p_identity;
  95. SecBuffer chlg_buf;
  96. SecBuffer resp_buf;
  97. SecBufferDesc chlg_desc;
  98. SecBufferDesc resp_desc;
  99. SECURITY_STATUS status;
  100. unsigned long attrs;
  101. TimeStamp expiry; /* For Windows 9x compatibility of SSPI calls */
  102. /* Ensure we have a valid challenge message */
  103. if(!Curl_bufref_len(chlg)) {
  104. infof(data, "DIGEST-MD5 handshake failure (empty challenge message)");
  105. return CURLE_BAD_CONTENT_ENCODING;
  106. }
  107. /* Query the security package for DigestSSP */
  108. status = s_pSecFn->QuerySecurityPackageInfo((TCHAR *) TEXT(SP_NAME_DIGEST),
  109. &SecurityPackage);
  110. if(status != SEC_E_OK) {
  111. failf(data, "SSPI: couldn't get auth info");
  112. return CURLE_AUTH_ERROR;
  113. }
  114. token_max = SecurityPackage->cbMaxToken;
  115. /* Release the package buffer as it is not required anymore */
  116. s_pSecFn->FreeContextBuffer(SecurityPackage);
  117. /* Allocate our response buffer */
  118. output_token = malloc(token_max);
  119. if(!output_token)
  120. return CURLE_OUT_OF_MEMORY;
  121. /* Generate our SPN */
  122. spn = Curl_auth_build_spn(service, data->conn->host.name, NULL);
  123. if(!spn) {
  124. free(output_token);
  125. return CURLE_OUT_OF_MEMORY;
  126. }
  127. if(userp && *userp) {
  128. /* Populate our identity structure */
  129. result = Curl_create_sspi_identity(userp, passwdp, &identity);
  130. if(result) {
  131. free(spn);
  132. free(output_token);
  133. return result;
  134. }
  135. /* Allow proper cleanup of the identity structure */
  136. p_identity = &identity;
  137. }
  138. else
  139. /* Use the current Windows user */
  140. p_identity = NULL;
  141. /* Acquire our credentials handle */
  142. status = s_pSecFn->AcquireCredentialsHandle(NULL,
  143. (TCHAR *) TEXT(SP_NAME_DIGEST),
  144. SECPKG_CRED_OUTBOUND, NULL,
  145. p_identity, NULL, NULL,
  146. &credentials, &expiry);
  147. if(status != SEC_E_OK) {
  148. Curl_sspi_free_identity(p_identity);
  149. free(spn);
  150. free(output_token);
  151. return CURLE_LOGIN_DENIED;
  152. }
  153. /* Setup the challenge "input" security buffer */
  154. chlg_desc.ulVersion = SECBUFFER_VERSION;
  155. chlg_desc.cBuffers = 1;
  156. chlg_desc.pBuffers = &chlg_buf;
  157. chlg_buf.BufferType = SECBUFFER_TOKEN;
  158. chlg_buf.pvBuffer = (void *) Curl_bufref_ptr(chlg);
  159. chlg_buf.cbBuffer = curlx_uztoul(Curl_bufref_len(chlg));
  160. /* Setup the response "output" security buffer */
  161. resp_desc.ulVersion = SECBUFFER_VERSION;
  162. resp_desc.cBuffers = 1;
  163. resp_desc.pBuffers = &resp_buf;
  164. resp_buf.BufferType = SECBUFFER_TOKEN;
  165. resp_buf.pvBuffer = output_token;
  166. resp_buf.cbBuffer = curlx_uztoul(token_max);
  167. /* Generate our response message */
  168. status = s_pSecFn->InitializeSecurityContext(&credentials, NULL, spn,
  169. 0, 0, 0, &chlg_desc, 0,
  170. &context, &resp_desc, &attrs,
  171. &expiry);
  172. if(status == SEC_I_COMPLETE_NEEDED ||
  173. status == SEC_I_COMPLETE_AND_CONTINUE)
  174. s_pSecFn->CompleteAuthToken(&credentials, &resp_desc);
  175. else if(status != SEC_E_OK && status != SEC_I_CONTINUE_NEEDED) {
  176. #if !defined(CURL_DISABLE_VERBOSE_STRINGS)
  177. char buffer[STRERROR_LEN];
  178. #endif
  179. s_pSecFn->FreeCredentialsHandle(&credentials);
  180. Curl_sspi_free_identity(p_identity);
  181. free(spn);
  182. free(output_token);
  183. if(status == SEC_E_INSUFFICIENT_MEMORY)
  184. return CURLE_OUT_OF_MEMORY;
  185. infof(data, "schannel: InitializeSecurityContext failed: %s",
  186. Curl_sspi_strerror(status, buffer, sizeof(buffer)));
  187. return CURLE_AUTH_ERROR;
  188. }
  189. /* Return the response. */
  190. Curl_bufref_set(out, output_token, resp_buf.cbBuffer, curl_free);
  191. /* Free our handles */
  192. s_pSecFn->DeleteSecurityContext(&context);
  193. s_pSecFn->FreeCredentialsHandle(&credentials);
  194. /* Free the identity structure */
  195. Curl_sspi_free_identity(p_identity);
  196. /* Free the SPN */
  197. free(spn);
  198. return result;
  199. }
  200. /*
  201. * Curl_override_sspi_http_realm()
  202. *
  203. * This is used to populate the domain in a SSPI identity structure
  204. * The realm is extracted from the challenge message and used as the
  205. * domain if it is not already explicitly set.
  206. *
  207. * Parameters:
  208. *
  209. * chlg [in] - The challenge message.
  210. * identity [in/out] - The identity structure.
  211. *
  212. * Returns CURLE_OK on success.
  213. */
  214. CURLcode Curl_override_sspi_http_realm(const char *chlg,
  215. SEC_WINNT_AUTH_IDENTITY *identity)
  216. {
  217. xcharp_u domain, dup_domain;
  218. /* If domain is blank or unset, check challenge message for realm */
  219. if(!identity->Domain || !identity->DomainLength) {
  220. for(;;) {
  221. char value[DIGEST_MAX_VALUE_LENGTH];
  222. char content[DIGEST_MAX_CONTENT_LENGTH];
  223. /* Pass all additional spaces here */
  224. while(*chlg && ISSPACE(*chlg))
  225. chlg++;
  226. /* Extract a value=content pair */
  227. if(Curl_auth_digest_get_pair(chlg, value, content, &chlg)) {
  228. if(strcasecompare(value, "realm")) {
  229. /* Setup identity's domain and length */
  230. domain.tchar_ptr = curlx_convert_UTF8_to_tchar((char *) content);
  231. if(!domain.tchar_ptr)
  232. return CURLE_OUT_OF_MEMORY;
  233. dup_domain.tchar_ptr = _tcsdup(domain.tchar_ptr);
  234. if(!dup_domain.tchar_ptr) {
  235. curlx_unicodefree(domain.tchar_ptr);
  236. return CURLE_OUT_OF_MEMORY;
  237. }
  238. free(identity->Domain);
  239. identity->Domain = dup_domain.tbyte_ptr;
  240. identity->DomainLength = curlx_uztoul(_tcslen(dup_domain.tchar_ptr));
  241. dup_domain.tchar_ptr = NULL;
  242. curlx_unicodefree(domain.tchar_ptr);
  243. }
  244. else {
  245. /* Unknown specifier, ignore it! */
  246. }
  247. }
  248. else
  249. break; /* We're done here */
  250. /* Pass all additional spaces here */
  251. while(*chlg && ISSPACE(*chlg))
  252. chlg++;
  253. /* Allow the list to be comma-separated */
  254. if(',' == *chlg)
  255. chlg++;
  256. }
  257. }
  258. return CURLE_OK;
  259. }
  260. /*
  261. * Curl_auth_decode_digest_http_message()
  262. *
  263. * This is used to decode a HTTP DIGEST challenge message into the separate
  264. * attributes.
  265. *
  266. * Parameters:
  267. *
  268. * chlg [in] - The challenge message.
  269. * digest [in/out] - The digest data struct being used and modified.
  270. *
  271. * Returns CURLE_OK on success.
  272. */
  273. CURLcode Curl_auth_decode_digest_http_message(const char *chlg,
  274. struct digestdata *digest)
  275. {
  276. size_t chlglen = strlen(chlg);
  277. /* We had an input token before so if there's another one now that means we
  278. provided bad credentials in the previous request or it's stale. */
  279. if(digest->input_token) {
  280. bool stale = false;
  281. const char *p = chlg;
  282. /* Check for the 'stale' directive */
  283. for(;;) {
  284. char value[DIGEST_MAX_VALUE_LENGTH];
  285. char content[DIGEST_MAX_CONTENT_LENGTH];
  286. while(*p && ISSPACE(*p))
  287. p++;
  288. if(!Curl_auth_digest_get_pair(p, value, content, &p))
  289. break;
  290. if(strcasecompare(value, "stale") &&
  291. strcasecompare(content, "true")) {
  292. stale = true;
  293. break;
  294. }
  295. while(*p && ISSPACE(*p))
  296. p++;
  297. if(',' == *p)
  298. p++;
  299. }
  300. if(stale)
  301. Curl_auth_digest_cleanup(digest);
  302. else
  303. return CURLE_LOGIN_DENIED;
  304. }
  305. /* Store the challenge for use later */
  306. digest->input_token = (BYTE *) Curl_memdup(chlg, chlglen + 1);
  307. if(!digest->input_token)
  308. return CURLE_OUT_OF_MEMORY;
  309. digest->input_token_len = chlglen;
  310. return CURLE_OK;
  311. }
  312. /*
  313. * Curl_auth_create_digest_http_message()
  314. *
  315. * This is used to generate a HTTP DIGEST response message ready for sending
  316. * to the recipient.
  317. *
  318. * Parameters:
  319. *
  320. * data [in] - The session handle.
  321. * userp [in] - The user name in the format User or Domain\User.
  322. * passwdp [in] - The user's password.
  323. * request [in] - The HTTP request.
  324. * uripath [in] - The path of the HTTP uri.
  325. * digest [in/out] - The digest data struct being used and modified.
  326. * outptr [in/out] - The address where a pointer to newly allocated memory
  327. * holding the result will be stored upon completion.
  328. * outlen [out] - The length of the output message.
  329. *
  330. * Returns CURLE_OK on success.
  331. */
  332. CURLcode Curl_auth_create_digest_http_message(struct Curl_easy *data,
  333. const char *userp,
  334. const char *passwdp,
  335. const unsigned char *request,
  336. const unsigned char *uripath,
  337. struct digestdata *digest,
  338. char **outptr, size_t *outlen)
  339. {
  340. size_t token_max;
  341. char *resp;
  342. BYTE *output_token;
  343. size_t output_token_len = 0;
  344. PSecPkgInfo SecurityPackage;
  345. SecBuffer chlg_buf[5];
  346. SecBufferDesc chlg_desc;
  347. SECURITY_STATUS status;
  348. (void) data;
  349. /* Query the security package for DigestSSP */
  350. status = s_pSecFn->QuerySecurityPackageInfo((TCHAR *) TEXT(SP_NAME_DIGEST),
  351. &SecurityPackage);
  352. if(status != SEC_E_OK) {
  353. failf(data, "SSPI: couldn't get auth info");
  354. return CURLE_AUTH_ERROR;
  355. }
  356. token_max = SecurityPackage->cbMaxToken;
  357. /* Release the package buffer as it is not required anymore */
  358. s_pSecFn->FreeContextBuffer(SecurityPackage);
  359. /* Allocate the output buffer according to the max token size as indicated
  360. by the security package */
  361. output_token = malloc(token_max);
  362. if(!output_token) {
  363. return CURLE_OUT_OF_MEMORY;
  364. }
  365. /* If the user/passwd that was used to make the identity for http_context
  366. has changed then delete that context. */
  367. if((userp && !digest->user) || (!userp && digest->user) ||
  368. (passwdp && !digest->passwd) || (!passwdp && digest->passwd) ||
  369. (userp && digest->user && strcmp(userp, digest->user)) ||
  370. (passwdp && digest->passwd && strcmp(passwdp, digest->passwd))) {
  371. if(digest->http_context) {
  372. s_pSecFn->DeleteSecurityContext(digest->http_context);
  373. Curl_safefree(digest->http_context);
  374. }
  375. Curl_safefree(digest->user);
  376. Curl_safefree(digest->passwd);
  377. }
  378. if(digest->http_context) {
  379. chlg_desc.ulVersion = SECBUFFER_VERSION;
  380. chlg_desc.cBuffers = 5;
  381. chlg_desc.pBuffers = chlg_buf;
  382. chlg_buf[0].BufferType = SECBUFFER_TOKEN;
  383. chlg_buf[0].pvBuffer = NULL;
  384. chlg_buf[0].cbBuffer = 0;
  385. chlg_buf[1].BufferType = SECBUFFER_PKG_PARAMS;
  386. chlg_buf[1].pvBuffer = (void *) request;
  387. chlg_buf[1].cbBuffer = curlx_uztoul(strlen((const char *) request));
  388. chlg_buf[2].BufferType = SECBUFFER_PKG_PARAMS;
  389. chlg_buf[2].pvBuffer = (void *) uripath;
  390. chlg_buf[2].cbBuffer = curlx_uztoul(strlen((const char *) uripath));
  391. chlg_buf[3].BufferType = SECBUFFER_PKG_PARAMS;
  392. chlg_buf[3].pvBuffer = NULL;
  393. chlg_buf[3].cbBuffer = 0;
  394. chlg_buf[4].BufferType = SECBUFFER_PADDING;
  395. chlg_buf[4].pvBuffer = output_token;
  396. chlg_buf[4].cbBuffer = curlx_uztoul(token_max);
  397. status = s_pSecFn->MakeSignature(digest->http_context, 0, &chlg_desc, 0);
  398. if(status == SEC_E_OK)
  399. output_token_len = chlg_buf[4].cbBuffer;
  400. else { /* delete the context so a new one can be made */
  401. infof(data, "digest_sspi: MakeSignature failed, error 0x%08lx",
  402. (long)status);
  403. s_pSecFn->DeleteSecurityContext(digest->http_context);
  404. Curl_safefree(digest->http_context);
  405. }
  406. }
  407. if(!digest->http_context) {
  408. CredHandle credentials;
  409. SEC_WINNT_AUTH_IDENTITY identity;
  410. SEC_WINNT_AUTH_IDENTITY *p_identity;
  411. SecBuffer resp_buf;
  412. SecBufferDesc resp_desc;
  413. unsigned long attrs;
  414. TimeStamp expiry; /* For Windows 9x compatibility of SSPI calls */
  415. TCHAR *spn;
  416. /* free the copy of user/passwd used to make the previous identity */
  417. Curl_safefree(digest->user);
  418. Curl_safefree(digest->passwd);
  419. if(userp && *userp) {
  420. /* Populate our identity structure */
  421. if(Curl_create_sspi_identity(userp, passwdp, &identity)) {
  422. free(output_token);
  423. return CURLE_OUT_OF_MEMORY;
  424. }
  425. /* Populate our identity domain */
  426. if(Curl_override_sspi_http_realm((const char *) digest->input_token,
  427. &identity)) {
  428. free(output_token);
  429. return CURLE_OUT_OF_MEMORY;
  430. }
  431. /* Allow proper cleanup of the identity structure */
  432. p_identity = &identity;
  433. }
  434. else
  435. /* Use the current Windows user */
  436. p_identity = NULL;
  437. if(userp) {
  438. digest->user = strdup(userp);
  439. if(!digest->user) {
  440. free(output_token);
  441. return CURLE_OUT_OF_MEMORY;
  442. }
  443. }
  444. if(passwdp) {
  445. digest->passwd = strdup(passwdp);
  446. if(!digest->passwd) {
  447. free(output_token);
  448. Curl_safefree(digest->user);
  449. return CURLE_OUT_OF_MEMORY;
  450. }
  451. }
  452. /* Acquire our credentials handle */
  453. status = s_pSecFn->AcquireCredentialsHandle(NULL,
  454. (TCHAR *) TEXT(SP_NAME_DIGEST),
  455. SECPKG_CRED_OUTBOUND, NULL,
  456. p_identity, NULL, NULL,
  457. &credentials, &expiry);
  458. if(status != SEC_E_OK) {
  459. Curl_sspi_free_identity(p_identity);
  460. free(output_token);
  461. return CURLE_LOGIN_DENIED;
  462. }
  463. /* Setup the challenge "input" security buffer if present */
  464. chlg_desc.ulVersion = SECBUFFER_VERSION;
  465. chlg_desc.cBuffers = 3;
  466. chlg_desc.pBuffers = chlg_buf;
  467. chlg_buf[0].BufferType = SECBUFFER_TOKEN;
  468. chlg_buf[0].pvBuffer = digest->input_token;
  469. chlg_buf[0].cbBuffer = curlx_uztoul(digest->input_token_len);
  470. chlg_buf[1].BufferType = SECBUFFER_PKG_PARAMS;
  471. chlg_buf[1].pvBuffer = (void *) request;
  472. chlg_buf[1].cbBuffer = curlx_uztoul(strlen((const char *) request));
  473. chlg_buf[2].BufferType = SECBUFFER_PKG_PARAMS;
  474. chlg_buf[2].pvBuffer = NULL;
  475. chlg_buf[2].cbBuffer = 0;
  476. /* Setup the response "output" security buffer */
  477. resp_desc.ulVersion = SECBUFFER_VERSION;
  478. resp_desc.cBuffers = 1;
  479. resp_desc.pBuffers = &resp_buf;
  480. resp_buf.BufferType = SECBUFFER_TOKEN;
  481. resp_buf.pvBuffer = output_token;
  482. resp_buf.cbBuffer = curlx_uztoul(token_max);
  483. spn = curlx_convert_UTF8_to_tchar((char *) uripath);
  484. if(!spn) {
  485. s_pSecFn->FreeCredentialsHandle(&credentials);
  486. Curl_sspi_free_identity(p_identity);
  487. free(output_token);
  488. return CURLE_OUT_OF_MEMORY;
  489. }
  490. /* Allocate our new context handle */
  491. digest->http_context = calloc(1, sizeof(CtxtHandle));
  492. if(!digest->http_context)
  493. return CURLE_OUT_OF_MEMORY;
  494. /* Generate our response message */
  495. status = s_pSecFn->InitializeSecurityContext(&credentials, NULL,
  496. spn,
  497. ISC_REQ_USE_HTTP_STYLE, 0, 0,
  498. &chlg_desc, 0,
  499. digest->http_context,
  500. &resp_desc, &attrs, &expiry);
  501. curlx_unicodefree(spn);
  502. if(status == SEC_I_COMPLETE_NEEDED ||
  503. status == SEC_I_COMPLETE_AND_CONTINUE)
  504. s_pSecFn->CompleteAuthToken(&credentials, &resp_desc);
  505. else if(status != SEC_E_OK && status != SEC_I_CONTINUE_NEEDED) {
  506. #if !defined(CURL_DISABLE_VERBOSE_STRINGS)
  507. char buffer[STRERROR_LEN];
  508. #endif
  509. s_pSecFn->FreeCredentialsHandle(&credentials);
  510. Curl_sspi_free_identity(p_identity);
  511. free(output_token);
  512. Curl_safefree(digest->http_context);
  513. if(status == SEC_E_INSUFFICIENT_MEMORY)
  514. return CURLE_OUT_OF_MEMORY;
  515. infof(data, "schannel: InitializeSecurityContext failed: %s",
  516. Curl_sspi_strerror(status, buffer, sizeof(buffer)));
  517. return CURLE_AUTH_ERROR;
  518. }
  519. output_token_len = resp_buf.cbBuffer;
  520. s_pSecFn->FreeCredentialsHandle(&credentials);
  521. Curl_sspi_free_identity(p_identity);
  522. }
  523. resp = malloc(output_token_len + 1);
  524. if(!resp) {
  525. free(output_token);
  526. return CURLE_OUT_OF_MEMORY;
  527. }
  528. /* Copy the generated response */
  529. memcpy(resp, output_token, output_token_len);
  530. resp[output_token_len] = 0;
  531. /* Return the response */
  532. *outptr = resp;
  533. *outlen = output_token_len;
  534. /* Free the response buffer */
  535. free(output_token);
  536. return CURLE_OK;
  537. }
  538. /*
  539. * Curl_auth_digest_cleanup()
  540. *
  541. * This is used to clean up the digest specific data.
  542. *
  543. * Parameters:
  544. *
  545. * digest [in/out] - The digest data struct being cleaned up.
  546. *
  547. */
  548. void Curl_auth_digest_cleanup(struct digestdata *digest)
  549. {
  550. /* Free the input token */
  551. Curl_safefree(digest->input_token);
  552. /* Reset any variables */
  553. digest->input_token_len = 0;
  554. /* Delete security context */
  555. if(digest->http_context) {
  556. s_pSecFn->DeleteSecurityContext(digest->http_context);
  557. Curl_safefree(digest->http_context);
  558. }
  559. /* Free the copy of user/passwd used to make the identity for http_context */
  560. Curl_safefree(digest->user);
  561. Curl_safefree(digest->passwd);
  562. }
  563. #endif /* USE_WINDOWS_SSPI && !CURL_DISABLE_CRYPTO_AUTH */