OS400: enable NTLM authentication

diff --git a/lib/config-os400.h b/lib/config-os400.h
index 14c685ae7756a70ded1a7fcb9a70953b61db6392..1e622281d5d5b5ced6ea84f63a147ca9e4d02346 100644 (file)
--- a/lib/config-os400.h
+++ b/lib/config-os400.h
@@ -540,6 +540,9 @@
 /* Define to use the GSKit package. */
 #define USE_GSKIT
 
+/* Define to use the OS/400 crypto library. */
+#define USE_OS400CRYPTO
+
 /* Define to use Unix sockets. */
 #define USE_UNIX_SOCKETS
 

diff --git a/lib/curl_md4.h b/lib/curl_md4.h
index b0be9cf6cf2883a6f63c097a579b2f09de52dd55..c26649f44902b41016ee9a4e74a628a6aaa982c5 100644 (file)
--- a/lib/curl_md4.h
+++ b/lib/curl_md4.h
@@ -24,10 +24,10 @@
 
 #include "curl_setup.h"
 
-/* NSS crypto library does not provide the MD4 hash algorithm, so that we have
- * a local implementation of it */
-#ifdef USE_NSS
+/* NSS and OS/400 crypto library do not provide the MD4 hash algorithm, so
+ * that we have a local implementation of it */
+#if defined(USE_NSS) || defined(USE_OS400CRYPTO)
 void Curl_md4it(unsigned char *output, const unsigned char *input, size_t len);
-#endif /* USE_NSS */
+#endif /* defined(USE_NSS) || defined(USE_OS400CRYPTO) */
 
 #endif /* HEADER_CURL_MD4_H */

diff --git a/lib/curl_ntlm_core.c b/lib/curl_ntlm_core.c
index 68c82cad1a6d20254134db97db8d35b49394bd47..21fb3755061170baf4dd64cfed8a13cad800d761 100644 (file)
--- a/lib/curl_ntlm_core.c
+++ b/lib/curl_ntlm_core.c
@@ -87,6 +87,9 @@
 #  include <CommonCrypto/CommonCryptor.h>
 #  include <CommonCrypto/CommonDigest.h>
 
+#elif defined(USE_OS400CRYPTO)
+#  include "cipher.mih"  /* mih/cipher */
+#  include "curl_md4.h"
 #else
 #  error "Can't compile NTLM support without a crypto library."
 #endif
@@ -249,7 +252,22 @@ static bool encrypt_des(const unsigned char *in, unsigned char *out,
   return err == kCCSuccess;
 }
 
-#endif /* defined(USE_DARWINSSL) */
+#elif defined(USE_OS400CRYPTO)
+
+static bool encrypt_des(const unsigned char *in, unsigned char *out,
+                        const unsigned char *key_56)
+{
+  char key[8];
+  _CIPHER_Control_T ctl;
+
+  ctl.Func_ID = ENCRYPT_ONLY;
+  ctl.Data_Len = 8;
+  extend_key_56_to_64(key_56, ctl.Crypto_Key);
+  _CIPHER((_SPCPTR *) &out, &ctl, (_SPCPTR *) &in);
+  return TRUE;
+}
+
+#endif /* defined(USE_OS400CRYPTO) */
 
 #endif /* defined(USE_SSLEAY) */
 
@@ -301,7 +319,7 @@ void Curl_ntlm_core_lm_resp(const unsigned char *keys,
   setup_des_key(keys + 14, &des);
   gcry_cipher_encrypt(des, results + 16, 8, plaintext, 8);
   gcry_cipher_close(des);
-#elif defined(USE_NSS) || defined(USE_DARWINSSL)
+#elif defined(USE_NSS) || defined(USE_DARWINSSL) || defined(USE_OS400CRYPTO)
   encrypt_des(plaintext, results, keys);
   encrypt_des(plaintext, results + 8, keys + 7);
   encrypt_des(plaintext, results + 16, keys + 14);
@@ -364,7 +382,7 @@ CURLcode Curl_ntlm_core_mk_lm_hash(struct SessionHandle *data,
     setup_des_key(pw + 7, &des);
     gcry_cipher_encrypt(des, lmbuffer + 8, 8, magic, 8);
     gcry_cipher_close(des);
-#elif defined(USE_NSS) || defined(USE_DARWINSSL)
+#elif defined(USE_NSS) || defined(USE_DARWINSSL) || defined(USE_OS400CRYPTO)
     encrypt_des(magic, lmbuffer, pw);
     encrypt_des(magic, lmbuffer + 8, pw + 7);
 #endif
@@ -455,7 +473,7 @@ CURLcode Curl_ntlm_core_mk_nt_hash(struct SessionHandle *data,
     gcry_md_write(MD4pw, pw, 2 * len);
     memcpy (ntbuffer, gcry_md_read (MD4pw, 0), MD4_DIGEST_LENGTH);
     gcry_md_close(MD4pw);
-#elif defined(USE_NSS)
+#elif defined(USE_NSS) || defined(USE_OS400CRYPTO)
     Curl_md4it(ntbuffer, pw, 2 * len);
 #elif defined(USE_DARWINSSL)
     (void)CC_MD4(pw, (CC_LONG)(2 * len), ntbuffer);

diff --git a/lib/curl_setup.h b/lib/curl_setup.h
index a8285598906d9057a104a06974af954af7592e75..6370e80f5e8b4bc1b27b2349213b4a2a087d4a6e 100644 (file)
--- a/lib/curl_setup.h
+++ b/lib/curl_setup.h
@@ -623,7 +623,8 @@ int netware_init(void);
 /* Single point where USE_NTLM definition might be defined */
 #if !defined(CURL_DISABLE_NTLM) && !defined(CURL_DISABLE_CRYPTO_AUTH)
 #if defined(USE_SSLEAY) || defined(USE_WINDOWS_SSPI) || \
-    defined(USE_GNUTLS) || defined(USE_NSS) || defined(USE_DARWINSSL)
+    defined(USE_GNUTLS) || defined(USE_NSS) || defined(USE_DARWINSSL) || \
+    defined(USE_OS400CRYPTO)
 #define USE_NTLM
 #endif
 #endif

diff --git a/lib/md4.c b/lib/md4.c
index 6930e021af929fd6cd819747e44d05334fb27621..fd0c6d4ab4e42d065e8d11a136b7d1c2dbf400cf 100644 (file)
--- a/lib/md4.c
+++ b/lib/md4.c
@@ -22,9 +22,9 @@
 
 #include "curl_setup.h"
 
-/* NSS crypto library does not provide the MD4 hash algorithm, so that we have
- * a local implementation of it */
-#ifdef USE_NSS
+/* NSS and OS/400 crypto library do not provide the MD4 hash algorithm, so
+ * that we have a local implementation of it */
+#if defined(USE_NSS) || defined(USE_OS400CRYPTO)
 
 #include "curl_md4.h"
 #include "warnless.h"
@@ -279,4 +279,4 @@ void Curl_md4it(unsigned char *output, const unsigned char *input, size_t len)
   MD4Update(&ctx, input, curlx_uztoui(len));
   MD4Final(output, &ctx);
 }
-#endif /* USE_NSS */
+#endif /* defined(USE_NSS) || defined(USE_OS400CRYPTO) */

diff --git a/packages/OS400/make-lib.sh b/packages/OS400/make-lib.sh
index d987207f9ce5d53d8be57b547a2ff767d33638c9..a4e505935d5714ca4f0c5fad91f033eabc56fc0a 100644 (file)
--- a/packages/OS400/make-lib.sh
+++ b/packages/OS400/make-lib.sh
@@ -7,6 +7,13 @@ SCRIPTDIR=`dirname "${0}"`
 . "${SCRIPTDIR}/initscript.sh"
 cd "${TOPDIR}/lib"
 
+#       Need to have IFS access to the mih/cipher header file.
+
+if action_needed cipher.mih '/QSYS.LIB/QSYSINC.LIB/MIH.FILE/CIPHER.MBR'
+then    rm -f cipher.mih
+        ln -s '/QSYS.LIB/QSYSINC.LIB/MIH.FILE/CIPHER.MBR' cipher.mih
+fi
+
 
 #      Create and compile the identification source file.