2
0

digest_sspi.c 20 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658659660661662663664665666667668669670671672673674675676
  1. /***************************************************************************
  2. * _ _ ____ _
  3. * Project ___| | | | _ \| |
  4. * / __| | | | |_) | |
  5. * | (__| |_| | _ <| |___
  6. * \___|\___/|_| \_\_____|
  7. *
  8. * Copyright (C) Steve Holme, <steve_holme@hotmail.com>.
  9. * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  10. *
  11. * This software is licensed as described in the file COPYING, which
  12. * you should have received as part of this distribution. The terms
  13. * are also available at https://curl.se/docs/copyright.html.
  14. *
  15. * You may opt to use, copy, modify, merge, publish, distribute and/or sell
  16. * copies of the Software, and permit persons to whom the Software is
  17. * furnished to do so, under the terms of the COPYING file.
  18. *
  19. * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
  20. * KIND, either express or implied.
  21. *
  22. * SPDX-License-Identifier: curl
  23. *
  24. * RFC2831 DIGEST-MD5 authentication
  25. *
  26. ***************************************************************************/
  27. #include "curl_setup.h"
  28. #if defined(USE_WINDOWS_SSPI) && !defined(CURL_DISABLE_DIGEST_AUTH)
  29. #include <curl/curl.h>
  30. #include "vauth/vauth.h"
  31. #include "vauth/digest.h"
  32. #include "urldata.h"
  33. #include "warnless.h"
  34. #include "curl_multibyte.h"
  35. #include "sendf.h"
  36. #include "strdup.h"
  37. #include "strcase.h"
  38. #include "strerror.h"
  39. /* The last #include files should be: */
  40. #include "curl_memory.h"
  41. #include "memdebug.h"
  42. /*
  43. * Curl_auth_is_digest_supported()
  44. *
  45. * This is used to evaluate if DIGEST is supported.
  46. *
  47. * Parameters: None
  48. *
  49. * Returns TRUE if DIGEST is supported by Windows SSPI.
  50. */
  51. bool Curl_auth_is_digest_supported(void)
  52. {
  53. PSecPkgInfo SecurityPackage;
  54. SECURITY_STATUS status;
  55. /* Query the security package for Digest */
  56. status =
  57. Curl_pSecFn->QuerySecurityPackageInfo((TCHAR *) TEXT(SP_NAME_DIGEST),
  58. &SecurityPackage);
  59. /* Release the package buffer as it is not required anymore */
  60. if(status == SEC_E_OK) {
  61. Curl_pSecFn->FreeContextBuffer(SecurityPackage);
  62. }
  63. return (status == SEC_E_OK);
  64. }
  65. /*
  66. * Curl_auth_create_digest_md5_message()
  67. *
  68. * This is used to generate an already encoded DIGEST-MD5 response message
  69. * ready for sending to the recipient.
  70. *
  71. * Parameters:
  72. *
  73. * data [in] - The session handle.
  74. * chlg [in] - The challenge message.
  75. * userp [in] - The username in the format User or Domain\User.
  76. * passwdp [in] - The user's password.
  77. * service [in] - The service type such as http, smtp, pop or imap.
  78. * out [out] - The result storage.
  79. *
  80. * Returns CURLE_OK on success.
  81. */
  82. CURLcode Curl_auth_create_digest_md5_message(struct Curl_easy *data,
  83. const struct bufref *chlg,
  84. const char *userp,
  85. const char *passwdp,
  86. const char *service,
  87. struct bufref *out)
  88. {
  89. CURLcode result = CURLE_OK;
  90. TCHAR *spn = NULL;
  91. size_t token_max = 0;
  92. unsigned char *output_token = NULL;
  93. CredHandle credentials;
  94. CtxtHandle context;
  95. PSecPkgInfo SecurityPackage;
  96. SEC_WINNT_AUTH_IDENTITY identity;
  97. SEC_WINNT_AUTH_IDENTITY *p_identity;
  98. SecBuffer chlg_buf;
  99. SecBuffer resp_buf;
  100. SecBufferDesc chlg_desc;
  101. SecBufferDesc resp_desc;
  102. SECURITY_STATUS status;
  103. unsigned long attrs;
  104. TimeStamp expiry; /* For Windows 9x compatibility of SSPI calls */
  105. /* Ensure we have a valid challenge message */
  106. if(!Curl_bufref_len(chlg)) {
  107. infof(data, "DIGEST-MD5 handshake failure (empty challenge message)");
  108. return CURLE_BAD_CONTENT_ENCODING;
  109. }
  110. /* Query the security package for DigestSSP */
  111. status =
  112. Curl_pSecFn->QuerySecurityPackageInfo((TCHAR *) TEXT(SP_NAME_DIGEST),
  113. &SecurityPackage);
  114. if(status != SEC_E_OK) {
  115. failf(data, "SSPI: could not get auth info");
  116. return CURLE_AUTH_ERROR;
  117. }
  118. token_max = SecurityPackage->cbMaxToken;
  119. /* Release the package buffer as it is not required anymore */
  120. Curl_pSecFn->FreeContextBuffer(SecurityPackage);
  121. /* Allocate our response buffer */
  122. output_token = malloc(token_max);
  123. if(!output_token)
  124. return CURLE_OUT_OF_MEMORY;
  125. /* Generate our SPN */
  126. spn = Curl_auth_build_spn(service, data->conn->host.name, NULL);
  127. if(!spn) {
  128. free(output_token);
  129. return CURLE_OUT_OF_MEMORY;
  130. }
  131. if(userp && *userp) {
  132. /* Populate our identity structure */
  133. result = Curl_create_sspi_identity(userp, passwdp, &identity);
  134. if(result) {
  135. free(spn);
  136. free(output_token);
  137. return result;
  138. }
  139. /* Allow proper cleanup of the identity structure */
  140. p_identity = &identity;
  141. }
  142. else
  143. /* Use the current Windows user */
  144. p_identity = NULL;
  145. /* Acquire our credentials handle */
  146. status = Curl_pSecFn->AcquireCredentialsHandle(NULL,
  147. (TCHAR *) TEXT(SP_NAME_DIGEST),
  148. SECPKG_CRED_OUTBOUND, NULL,
  149. p_identity, NULL, NULL,
  150. &credentials, &expiry);
  151. if(status != SEC_E_OK) {
  152. Curl_sspi_free_identity(p_identity);
  153. free(spn);
  154. free(output_token);
  155. return CURLE_LOGIN_DENIED;
  156. }
  157. /* Setup the challenge "input" security buffer */
  158. chlg_desc.ulVersion = SECBUFFER_VERSION;
  159. chlg_desc.cBuffers = 1;
  160. chlg_desc.pBuffers = &chlg_buf;
  161. chlg_buf.BufferType = SECBUFFER_TOKEN;
  162. chlg_buf.pvBuffer = (void *) Curl_bufref_ptr(chlg);
  163. chlg_buf.cbBuffer = curlx_uztoul(Curl_bufref_len(chlg));
  164. /* Setup the response "output" security buffer */
  165. resp_desc.ulVersion = SECBUFFER_VERSION;
  166. resp_desc.cBuffers = 1;
  167. resp_desc.pBuffers = &resp_buf;
  168. resp_buf.BufferType = SECBUFFER_TOKEN;
  169. resp_buf.pvBuffer = output_token;
  170. resp_buf.cbBuffer = curlx_uztoul(token_max);
  171. /* Generate our response message */
  172. status = Curl_pSecFn->InitializeSecurityContext(&credentials, NULL, spn,
  173. 0, 0, 0, &chlg_desc, 0,
  174. &context, &resp_desc, &attrs,
  175. &expiry);
  176. if(status == SEC_I_COMPLETE_NEEDED ||
  177. status == SEC_I_COMPLETE_AND_CONTINUE)
  178. Curl_pSecFn->CompleteAuthToken(&credentials, &resp_desc);
  179. else if(status != SEC_E_OK && status != SEC_I_CONTINUE_NEEDED) {
  180. #if !defined(CURL_DISABLE_VERBOSE_STRINGS)
  181. char buffer[STRERROR_LEN];
  182. #endif
  183. Curl_pSecFn->FreeCredentialsHandle(&credentials);
  184. Curl_sspi_free_identity(p_identity);
  185. free(spn);
  186. free(output_token);
  187. if(status == SEC_E_INSUFFICIENT_MEMORY)
  188. return CURLE_OUT_OF_MEMORY;
  189. #if !defined(CURL_DISABLE_VERBOSE_STRINGS)
  190. infof(data, "schannel: InitializeSecurityContext failed: %s",
  191. Curl_sspi_strerror(status, buffer, sizeof(buffer)));
  192. #endif
  193. return CURLE_AUTH_ERROR;
  194. }
  195. /* Return the response. */
  196. Curl_bufref_set(out, output_token, resp_buf.cbBuffer, curl_free);
  197. /* Free our handles */
  198. Curl_pSecFn->DeleteSecurityContext(&context);
  199. Curl_pSecFn->FreeCredentialsHandle(&credentials);
  200. /* Free the identity structure */
  201. Curl_sspi_free_identity(p_identity);
  202. /* Free the SPN */
  203. free(spn);
  204. return result;
  205. }
  206. /*
  207. * Curl_override_sspi_http_realm()
  208. *
  209. * This is used to populate the domain in a SSPI identity structure
  210. * The realm is extracted from the challenge message and used as the
  211. * domain if it is not already explicitly set.
  212. *
  213. * Parameters:
  214. *
  215. * chlg [in] - The challenge message.
  216. * identity [in/out] - The identity structure.
  217. *
  218. * Returns CURLE_OK on success.
  219. */
  220. CURLcode Curl_override_sspi_http_realm(const char *chlg,
  221. SEC_WINNT_AUTH_IDENTITY *identity)
  222. {
  223. xcharp_u domain, dup_domain;
  224. /* If domain is blank or unset, check challenge message for realm */
  225. if(!identity->Domain || !identity->DomainLength) {
  226. for(;;) {
  227. char value[DIGEST_MAX_VALUE_LENGTH];
  228. char content[DIGEST_MAX_CONTENT_LENGTH];
  229. /* Pass all additional spaces here */
  230. while(*chlg && ISBLANK(*chlg))
  231. chlg++;
  232. /* Extract a value=content pair */
  233. if(Curl_auth_digest_get_pair(chlg, value, content, &chlg)) {
  234. if(strcasecompare(value, "realm")) {
  235. /* Setup identity's domain and length */
  236. domain.tchar_ptr = curlx_convert_UTF8_to_tchar((char *) content);
  237. if(!domain.tchar_ptr)
  238. return CURLE_OUT_OF_MEMORY;
  239. dup_domain.tchar_ptr = _tcsdup(domain.tchar_ptr);
  240. if(!dup_domain.tchar_ptr) {
  241. curlx_unicodefree(domain.tchar_ptr);
  242. return CURLE_OUT_OF_MEMORY;
  243. }
  244. free(identity->Domain);
  245. identity->Domain = dup_domain.tbyte_ptr;
  246. identity->DomainLength = curlx_uztoul(_tcslen(dup_domain.tchar_ptr));
  247. dup_domain.tchar_ptr = NULL;
  248. curlx_unicodefree(domain.tchar_ptr);
  249. }
  250. else {
  251. /* Unknown specifier, ignore it! */
  252. }
  253. }
  254. else
  255. break; /* We are done here */
  256. /* Pass all additional spaces here */
  257. while(*chlg && ISBLANK(*chlg))
  258. chlg++;
  259. /* Allow the list to be comma-separated */
  260. if(',' == *chlg)
  261. chlg++;
  262. }
  263. }
  264. return CURLE_OK;
  265. }
  266. /*
  267. * Curl_auth_decode_digest_http_message()
  268. *
  269. * This is used to decode an HTTP DIGEST challenge message into the separate
  270. * attributes.
  271. *
  272. * Parameters:
  273. *
  274. * chlg [in] - The challenge message.
  275. * digest [in/out] - The digest data struct being used and modified.
  276. *
  277. * Returns CURLE_OK on success.
  278. */
  279. CURLcode Curl_auth_decode_digest_http_message(const char *chlg,
  280. struct digestdata *digest)
  281. {
  282. size_t chlglen = strlen(chlg);
  283. /* We had an input token before so if there is another one now that means we
  284. provided bad credentials in the previous request or it is stale. */
  285. if(digest->input_token) {
  286. bool stale = FALSE;
  287. const char *p = chlg;
  288. /* Check for the 'stale' directive */
  289. for(;;) {
  290. char value[DIGEST_MAX_VALUE_LENGTH];
  291. char content[DIGEST_MAX_CONTENT_LENGTH];
  292. while(*p && ISBLANK(*p))
  293. p++;
  294. if(!Curl_auth_digest_get_pair(p, value, content, &p))
  295. break;
  296. if(strcasecompare(value, "stale") &&
  297. strcasecompare(content, "true")) {
  298. stale = TRUE;
  299. break;
  300. }
  301. while(*p && ISBLANK(*p))
  302. p++;
  303. if(',' == *p)
  304. p++;
  305. }
  306. if(stale)
  307. Curl_auth_digest_cleanup(digest);
  308. else
  309. return CURLE_LOGIN_DENIED;
  310. }
  311. /* Store the challenge for use later */
  312. digest->input_token = (BYTE *) Curl_memdup(chlg, chlglen + 1);
  313. if(!digest->input_token)
  314. return CURLE_OUT_OF_MEMORY;
  315. digest->input_token_len = chlglen;
  316. return CURLE_OK;
  317. }
  318. /*
  319. * Curl_auth_create_digest_http_message()
  320. *
  321. * This is used to generate an HTTP DIGEST response message ready for sending
  322. * to the recipient.
  323. *
  324. * Parameters:
  325. *
  326. * data [in] - The session handle.
  327. * userp [in] - The username in the format User or Domain\User.
  328. * passwdp [in] - The user's password.
  329. * request [in] - The HTTP request.
  330. * uripath [in] - The path of the HTTP uri.
  331. * digest [in/out] - The digest data struct being used and modified.
  332. * outptr [in/out] - The address where a pointer to newly allocated memory
  333. * holding the result will be stored upon completion.
  334. * outlen [out] - The length of the output message.
  335. *
  336. * Returns CURLE_OK on success.
  337. */
  338. CURLcode Curl_auth_create_digest_http_message(struct Curl_easy *data,
  339. const char *userp,
  340. const char *passwdp,
  341. const unsigned char *request,
  342. const unsigned char *uripath,
  343. struct digestdata *digest,
  344. char **outptr, size_t *outlen)
  345. {
  346. size_t token_max;
  347. char *resp;
  348. BYTE *output_token;
  349. size_t output_token_len = 0;
  350. PSecPkgInfo SecurityPackage;
  351. SecBuffer chlg_buf[5];
  352. SecBufferDesc chlg_desc;
  353. SECURITY_STATUS status;
  354. (void) data;
  355. /* Query the security package for DigestSSP */
  356. status =
  357. Curl_pSecFn->QuerySecurityPackageInfo((TCHAR *) TEXT(SP_NAME_DIGEST),
  358. &SecurityPackage);
  359. if(status != SEC_E_OK) {
  360. failf(data, "SSPI: could not get auth info");
  361. return CURLE_AUTH_ERROR;
  362. }
  363. token_max = SecurityPackage->cbMaxToken;
  364. /* Release the package buffer as it is not required anymore */
  365. Curl_pSecFn->FreeContextBuffer(SecurityPackage);
  366. /* Allocate the output buffer according to the max token size as indicated
  367. by the security package */
  368. output_token = malloc(token_max);
  369. if(!output_token) {
  370. return CURLE_OUT_OF_MEMORY;
  371. }
  372. /* If the user/passwd that was used to make the identity for http_context
  373. has changed then delete that context. */
  374. if((userp && !digest->user) || (!userp && digest->user) ||
  375. (passwdp && !digest->passwd) || (!passwdp && digest->passwd) ||
  376. (userp && digest->user && Curl_timestrcmp(userp, digest->user)) ||
  377. (passwdp && digest->passwd && Curl_timestrcmp(passwdp, digest->passwd))) {
  378. if(digest->http_context) {
  379. Curl_pSecFn->DeleteSecurityContext(digest->http_context);
  380. Curl_safefree(digest->http_context);
  381. }
  382. Curl_safefree(digest->user);
  383. Curl_safefree(digest->passwd);
  384. }
  385. if(digest->http_context) {
  386. chlg_desc.ulVersion = SECBUFFER_VERSION;
  387. chlg_desc.cBuffers = 5;
  388. chlg_desc.pBuffers = chlg_buf;
  389. chlg_buf[0].BufferType = SECBUFFER_TOKEN;
  390. chlg_buf[0].pvBuffer = NULL;
  391. chlg_buf[0].cbBuffer = 0;
  392. chlg_buf[1].BufferType = SECBUFFER_PKG_PARAMS;
  393. chlg_buf[1].pvBuffer = (void *) request;
  394. chlg_buf[1].cbBuffer = curlx_uztoul(strlen((const char *) request));
  395. chlg_buf[2].BufferType = SECBUFFER_PKG_PARAMS;
  396. chlg_buf[2].pvBuffer = (void *) uripath;
  397. chlg_buf[2].cbBuffer = curlx_uztoul(strlen((const char *) uripath));
  398. chlg_buf[3].BufferType = SECBUFFER_PKG_PARAMS;
  399. chlg_buf[3].pvBuffer = NULL;
  400. chlg_buf[3].cbBuffer = 0;
  401. chlg_buf[4].BufferType = SECBUFFER_PADDING;
  402. chlg_buf[4].pvBuffer = output_token;
  403. chlg_buf[4].cbBuffer = curlx_uztoul(token_max);
  404. status = Curl_pSecFn->MakeSignature(digest->http_context, 0, &chlg_desc,
  405. 0);
  406. if(status == SEC_E_OK)
  407. output_token_len = chlg_buf[4].cbBuffer;
  408. else { /* delete the context so a new one can be made */
  409. infof(data, "digest_sspi: MakeSignature failed, error 0x%08lx",
  410. (long)status);
  411. Curl_pSecFn->DeleteSecurityContext(digest->http_context);
  412. Curl_safefree(digest->http_context);
  413. }
  414. }
  415. if(!digest->http_context) {
  416. CredHandle credentials;
  417. SEC_WINNT_AUTH_IDENTITY identity;
  418. SEC_WINNT_AUTH_IDENTITY *p_identity;
  419. SecBuffer resp_buf;
  420. SecBufferDesc resp_desc;
  421. unsigned long attrs;
  422. TimeStamp expiry; /* For Windows 9x compatibility of SSPI calls */
  423. TCHAR *spn;
  424. /* free the copy of user/passwd used to make the previous identity */
  425. Curl_safefree(digest->user);
  426. Curl_safefree(digest->passwd);
  427. if(userp && *userp) {
  428. /* Populate our identity structure */
  429. if(Curl_create_sspi_identity(userp, passwdp, &identity)) {
  430. free(output_token);
  431. return CURLE_OUT_OF_MEMORY;
  432. }
  433. /* Populate our identity domain */
  434. if(Curl_override_sspi_http_realm((const char *) digest->input_token,
  435. &identity)) {
  436. free(output_token);
  437. return CURLE_OUT_OF_MEMORY;
  438. }
  439. /* Allow proper cleanup of the identity structure */
  440. p_identity = &identity;
  441. }
  442. else
  443. /* Use the current Windows user */
  444. p_identity = NULL;
  445. if(userp) {
  446. digest->user = strdup(userp);
  447. if(!digest->user) {
  448. free(output_token);
  449. return CURLE_OUT_OF_MEMORY;
  450. }
  451. }
  452. if(passwdp) {
  453. digest->passwd = strdup(passwdp);
  454. if(!digest->passwd) {
  455. free(output_token);
  456. Curl_safefree(digest->user);
  457. return CURLE_OUT_OF_MEMORY;
  458. }
  459. }
  460. /* Acquire our credentials handle */
  461. status = Curl_pSecFn->AcquireCredentialsHandle(NULL,
  462. (TCHAR *) TEXT(SP_NAME_DIGEST),
  463. SECPKG_CRED_OUTBOUND, NULL,
  464. p_identity, NULL, NULL,
  465. &credentials, &expiry);
  466. if(status != SEC_E_OK) {
  467. Curl_sspi_free_identity(p_identity);
  468. free(output_token);
  469. return CURLE_LOGIN_DENIED;
  470. }
  471. /* Setup the challenge "input" security buffer if present */
  472. chlg_desc.ulVersion = SECBUFFER_VERSION;
  473. chlg_desc.cBuffers = 3;
  474. chlg_desc.pBuffers = chlg_buf;
  475. chlg_buf[0].BufferType = SECBUFFER_TOKEN;
  476. chlg_buf[0].pvBuffer = digest->input_token;
  477. chlg_buf[0].cbBuffer = curlx_uztoul(digest->input_token_len);
  478. chlg_buf[1].BufferType = SECBUFFER_PKG_PARAMS;
  479. chlg_buf[1].pvBuffer = (void *) request;
  480. chlg_buf[1].cbBuffer = curlx_uztoul(strlen((const char *) request));
  481. chlg_buf[2].BufferType = SECBUFFER_PKG_PARAMS;
  482. chlg_buf[2].pvBuffer = NULL;
  483. chlg_buf[2].cbBuffer = 0;
  484. /* Setup the response "output" security buffer */
  485. resp_desc.ulVersion = SECBUFFER_VERSION;
  486. resp_desc.cBuffers = 1;
  487. resp_desc.pBuffers = &resp_buf;
  488. resp_buf.BufferType = SECBUFFER_TOKEN;
  489. resp_buf.pvBuffer = output_token;
  490. resp_buf.cbBuffer = curlx_uztoul(token_max);
  491. spn = curlx_convert_UTF8_to_tchar((char *) uripath);
  492. if(!spn) {
  493. Curl_pSecFn->FreeCredentialsHandle(&credentials);
  494. Curl_sspi_free_identity(p_identity);
  495. free(output_token);
  496. return CURLE_OUT_OF_MEMORY;
  497. }
  498. /* Allocate our new context handle */
  499. digest->http_context = calloc(1, sizeof(CtxtHandle));
  500. if(!digest->http_context)
  501. return CURLE_OUT_OF_MEMORY;
  502. /* Generate our response message */
  503. status = Curl_pSecFn->InitializeSecurityContext(&credentials, NULL,
  504. spn,
  505. ISC_REQ_USE_HTTP_STYLE, 0, 0,
  506. &chlg_desc, 0,
  507. digest->http_context,
  508. &resp_desc, &attrs, &expiry);
  509. curlx_unicodefree(spn);
  510. if(status == SEC_I_COMPLETE_NEEDED ||
  511. status == SEC_I_COMPLETE_AND_CONTINUE)
  512. Curl_pSecFn->CompleteAuthToken(&credentials, &resp_desc);
  513. else if(status != SEC_E_OK && status != SEC_I_CONTINUE_NEEDED) {
  514. #if !defined(CURL_DISABLE_VERBOSE_STRINGS)
  515. char buffer[STRERROR_LEN];
  516. #endif
  517. Curl_pSecFn->FreeCredentialsHandle(&credentials);
  518. Curl_sspi_free_identity(p_identity);
  519. free(output_token);
  520. Curl_safefree(digest->http_context);
  521. if(status == SEC_E_INSUFFICIENT_MEMORY)
  522. return CURLE_OUT_OF_MEMORY;
  523. #if !defined(CURL_DISABLE_VERBOSE_STRINGS)
  524. infof(data, "schannel: InitializeSecurityContext failed: %s",
  525. Curl_sspi_strerror(status, buffer, sizeof(buffer)));
  526. #endif
  527. return CURLE_AUTH_ERROR;
  528. }
  529. output_token_len = resp_buf.cbBuffer;
  530. Curl_pSecFn->FreeCredentialsHandle(&credentials);
  531. Curl_sspi_free_identity(p_identity);
  532. }
  533. resp = malloc(output_token_len + 1);
  534. if(!resp) {
  535. free(output_token);
  536. return CURLE_OUT_OF_MEMORY;
  537. }
  538. /* Copy the generated response */
  539. memcpy(resp, output_token, output_token_len);
  540. resp[output_token_len] = 0;
  541. /* Return the response */
  542. *outptr = resp;
  543. *outlen = output_token_len;
  544. /* Free the response buffer */
  545. free(output_token);
  546. return CURLE_OK;
  547. }
  548. /*
  549. * Curl_auth_digest_cleanup()
  550. *
  551. * This is used to clean up the digest specific data.
  552. *
  553. * Parameters:
  554. *
  555. * digest [in/out] - The digest data struct being cleaned up.
  556. *
  557. */
  558. void Curl_auth_digest_cleanup(struct digestdata *digest)
  559. {
  560. /* Free the input token */
  561. Curl_safefree(digest->input_token);
  562. /* Reset any variables */
  563. digest->input_token_len = 0;
  564. /* Delete security context */
  565. if(digest->http_context) {
  566. Curl_pSecFn->DeleteSecurityContext(digest->http_context);
  567. Curl_safefree(digest->http_context);
  568. }
  569. /* Free the copy of user/passwd used to make the identity for http_context */
  570. Curl_safefree(digest->user);
  571. Curl_safefree(digest->passwd);
  572. }
  573. #endif /* USE_WINDOWS_SSPI && !CURL_DISABLE_DIGEST_AUTH */