From: Marcel Raad Date: Tue, 15 Feb 2022 12:50:06 +0000 (+0100) Subject: ntlm: remove unused feature defines X-Git-Tag: curl-7_82_0~66 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=897e8baa542cd3b1b94689986f8b4cbda7cd7a23;p=thirdparty%2Fcurl.git ntlm: remove unused feature defines They're not used anymore and always supported. Closes https://github.com/curl/curl/pull/8453 --- diff --git a/lib/curl_ntlm_core.c b/lib/curl_ntlm_core.c index d1387ee72d..f3b8b130f1 100644 --- a/lib/curl_ntlm_core.c +++ b/lib/curl_ntlm_core.c @@ -444,7 +444,6 @@ CURLcode Curl_ntlm_core_mk_lm_hash(const char *password, return CURLE_OK; } -#ifdef USE_NTRESPONSES static void ascii_to_unicode_le(unsigned char *dest, const char *src, size_t srclen) { @@ -455,7 +454,7 @@ static void ascii_to_unicode_le(unsigned char *dest, const char *src, } } -#if defined(USE_NTLM_V2) && !defined(USE_WINDOWS_SSPI) +#if !defined(USE_WINDOWS_SSPI) static void ascii_uppercase_to_unicode_le(unsigned char *dest, const char *src, size_t srclen) @@ -467,7 +466,7 @@ static void ascii_uppercase_to_unicode_le(unsigned char *dest, } } -#endif /* USE_NTLM_V2 && !USE_WINDOWS_SSPI */ +#endif /* !USE_WINDOWS_SSPI */ /* * Set up nt hashed passwords @@ -495,7 +494,7 @@ CURLcode Curl_ntlm_core_mk_nt_hash(const char *password, return CURLE_OK; } -#if defined(USE_NTLM_V2) && !defined(USE_WINDOWS_SSPI) +#if !defined(USE_WINDOWS_SSPI) /* Timestamp in tenths of a microsecond since January 1, 1601 00:00:00 UTC. */ struct ms_filetime { @@ -711,8 +710,6 @@ CURLcode Curl_ntlm_core_mk_lmv2_resp(unsigned char *ntlmv2hash, return result; } -#endif /* USE_NTLM_V2 && !USE_WINDOWS_SSPI */ - -#endif /* USE_NTRESPONSES */ +#endif /* !USE_WINDOWS_SSPI */ #endif /* USE_CURL_NTLM_CORE */ diff --git a/lib/curl_ntlm_core.h b/lib/curl_ntlm_core.h index 957d9cbfe6..5e52bb26de 100644 --- a/lib/curl_ntlm_core.h +++ b/lib/curl_ntlm_core.h @@ -42,22 +42,6 @@ # include #endif -/* Define USE_NTRESPONSES in order to make the type-3 message include - * the NT response message. */ -#define USE_NTRESPONSES - -/* Define USE_NTLM2SESSION in order to make the type-3 message include the - NTLM2Session response message, requires USE_NTRESPONSES defined to 1 */ -#if defined(USE_NTRESPONSES) -#define USE_NTLM2SESSION -#endif - -/* Define USE_NTLM_V2 in order to allow the type-3 message to include the - LMv2 and NTLMv2 response messages, requires USE_NTRESPONSES defined to 1 */ -#if defined(USE_NTRESPONSES) -#define USE_NTLM_V2 -#endif - /* Helpers to generate function byte arguments in little endian order */ #define SHORTPAIR(x) ((int)((x) & 0xff)), ((int)(((x) >> 8) & 0xff)) #define LONGQUARTET(x) ((int)((x) & 0xff)), ((int)(((x) >> 8) & 0xff)), \ @@ -70,11 +54,10 @@ void Curl_ntlm_core_lm_resp(const unsigned char *keys, CURLcode Curl_ntlm_core_mk_lm_hash(const char *password, unsigned char *lmbuffer /* 21 bytes */); -#ifdef USE_NTRESPONSES CURLcode Curl_ntlm_core_mk_nt_hash(const char *password, unsigned char *ntbuffer /* 21 bytes */); -#if defined(USE_NTLM_V2) && !defined(USE_WINDOWS_SSPI) +#if !defined(USE_WINDOWS_SSPI) CURLcode Curl_hmac_md5(const unsigned char *key, unsigned int keylen, const unsigned char *data, unsigned int datalen, @@ -96,9 +79,7 @@ CURLcode Curl_ntlm_core_mk_lmv2_resp(unsigned char *ntlmv2hash, unsigned char *challenge_server, unsigned char *lmresp); -#endif /* USE_NTLM_V2 && !USE_WINDOWS_SSPI */ - -#endif /* USE_NTRESPONSES */ +#endif /* !USE_WINDOWS_SSPI */ #endif /* USE_CURL_NTLM_CORE */ diff --git a/lib/smb.c b/lib/smb.c index c16e9a959a..e756ce372a 100644 --- a/lib/smb.c +++ b/lib/smb.c @@ -464,12 +464,8 @@ static CURLcode smb_send_setup(struct Curl_easy *data) Curl_ntlm_core_mk_lm_hash(conn->passwd, lm_hash); Curl_ntlm_core_lm_resp(lm_hash, smbc->challenge, lm); -#ifdef USE_NTRESPONSES Curl_ntlm_core_mk_nt_hash(conn->passwd, nt_hash); Curl_ntlm_core_lm_resp(nt_hash, smbc->challenge, nt); -#else - memset(nt, 0, sizeof(nt)); -#endif memset(&msg, 0, sizeof(msg)); msg.word_count = SMB_WC_SETUP_ANDX; diff --git a/lib/vauth/ntlm.c b/lib/vauth/ntlm.c index cb25c49eb8..b769e0f5d2 100644 --- a/lib/vauth/ntlm.c +++ b/lib/vauth/ntlm.c @@ -382,12 +382,6 @@ CURLcode Curl_auth_create_ntlm_type1_message(struct Curl_easy *data, /* Clean up any former leftovers and initialise to defaults */ Curl_auth_cleanup_ntlm(ntlm); -#if defined(USE_NTRESPONSES) && \ - (defined(USE_NTLM2SESSION) || defined(USE_NTLM_V2)) -#define NTLM2FLAG NTLMFLAG_NEGOTIATE_NTLM2_KEY -#else -#define NTLM2FLAG 0 -#endif ntlmbuf = aprintf(NTLMSSP_SIGNATURE "%c" "\x01%c%c%c" /* 32-bit type = 1 */ "%c%c%c%c" /* 32-bit NTLM flag field */ @@ -407,7 +401,7 @@ CURLcode Curl_auth_create_ntlm_type1_message(struct Curl_easy *data, LONGQUARTET(NTLMFLAG_NEGOTIATE_OEM | NTLMFLAG_REQUEST_TARGET | NTLMFLAG_NEGOTIATE_NTLM_KEY | - NTLM2FLAG | + NTLMFLAG_NEGOTIATE_NTLM2_KEY | NTLMFLAG_NEGOTIATE_ALWAYS_SIGN), SHORTPAIR(domlen), SHORTPAIR(domlen), @@ -432,18 +426,18 @@ CURLcode Curl_auth_create_ntlm_type1_message(struct Curl_easy *data, LONGQUARTET(NTLMFLAG_NEGOTIATE_OEM | NTLMFLAG_REQUEST_TARGET | NTLMFLAG_NEGOTIATE_NTLM_KEY | - NTLM2FLAG | + NTLMFLAG_NEGOTIATE_NTLM2_KEY | NTLMFLAG_NEGOTIATE_ALWAYS_SIGN), NTLMFLAG_NEGOTIATE_OEM | NTLMFLAG_REQUEST_TARGET | NTLMFLAG_NEGOTIATE_NTLM_KEY | - NTLM2FLAG | + NTLMFLAG_NEGOTIATE_NTLM2_KEY | NTLMFLAG_NEGOTIATE_ALWAYS_SIGN); ntlm_print_flags(stderr, NTLMFLAG_NEGOTIATE_OEM | NTLMFLAG_REQUEST_TARGET | NTLMFLAG_NEGOTIATE_NTLM_KEY | - NTLM2FLAG | + NTLMFLAG_NEGOTIATE_NTLM2_KEY | NTLMFLAG_NEGOTIATE_ALWAYS_SIGN); fprintf(stderr, "\n****\n"); }); @@ -497,13 +491,11 @@ CURLcode Curl_auth_create_ntlm_type3_message(struct Curl_easy *data, unsigned char ntlmbuf[NTLM_BUFSIZE]; int lmrespoff; unsigned char lmresp[24]; /* fixed-size */ -#ifdef USE_NTRESPONSES int ntrespoff; unsigned int ntresplen = 24; unsigned char ntresp[24]; /* fixed-size */ unsigned char *ptr_ntresp = &ntresp[0]; unsigned char *ntlmv2resp = NULL; -#endif bool unicode = (ntlm->flags & NTLMFLAG_NEGOTIATE_UNICODE) ? TRUE : FALSE; char host[HOSTNAME_MAX + 1] = ""; const char *user; @@ -539,12 +531,7 @@ CURLcode Curl_auth_create_ntlm_type3_message(struct Curl_easy *data, hostlen = strlen(host); } -#if defined(USE_NTRESPONSES) && \ - (defined(USE_NTLM2SESSION) || defined(USE_NTLM_V2)) - /* We don't support NTLM2 or extended security if we don't have - USE_NTRESPONSES */ if(ntlm->flags & NTLMFLAG_NEGOTIATE_NTLM2_KEY) { -# if defined(USE_NTLM_V2) unsigned char ntbuffer[0x18]; unsigned char entropy[8]; unsigned char ntlmv2hash[0x18]; @@ -579,65 +566,19 @@ CURLcode Curl_auth_create_ntlm_type3_message(struct Curl_easy *data, return result; ptr_ntresp = ntlmv2resp; -# else /* defined(USE_NTLM_V2) */ - unsigned char ntbuffer[0x18]; - unsigned char tmp[0x18]; - unsigned char md5sum[MD5_DIGEST_LEN]; - unsigned char entropy[8]; - - /* NTLM version 1 with extended security. */ - - /* Need to create 8 bytes random data */ - result = Curl_rand(data, entropy, 8); - if(result) - return result; - - /* 8 bytes random data as challenge in lmresp */ - memcpy(lmresp, entropy, 8); - - /* Pad with zeros */ - memset(lmresp + 8, 0, 0x10); - - /* Fill tmp with challenge(nonce?) + entropy */ - memcpy(tmp, &ntlm->nonce[0], 8); - memcpy(tmp + 8, entropy, 8); - - result = Curl_md5it(md5sum, tmp, 16); - if(result) - return result; - - /* We shall only use the first 8 bytes of md5sum, but the des code in - Curl_ntlm_core_lm_resp only encrypt the first 8 bytes */ - result = Curl_ntlm_core_mk_nt_hash(data, passwdp, ntbuffer); - if(result) - return result; - - Curl_ntlm_core_lm_resp(ntbuffer, md5sum, ntresp); - - /* End of NTLM2 Session code */ - /* NTLM v2 session security is a misnomer because it is not NTLM v2. - It is NTLM v1 using the extended session security that is also - in NTLM v2 */ -# endif /* defined(USE_NTLM_V2) */ } - else -#endif - { + else { -#ifdef USE_NTRESPONSES unsigned char ntbuffer[0x18]; -#endif unsigned char lmbuffer[0x18]; /* NTLM version 1 */ -#ifdef USE_NTRESPONSES result = Curl_ntlm_core_mk_nt_hash(passwdp, ntbuffer); if(result) return result; Curl_ntlm_core_lm_resp(ntbuffer, &ntlm->nonce[0], ntresp); -#endif result = Curl_ntlm_core_mk_lm_hash(passwdp, lmbuffer); if(result) @@ -658,12 +599,8 @@ CURLcode Curl_auth_create_ntlm_type3_message(struct Curl_easy *data, } lmrespoff = 64; /* size of the message header */ -#ifdef USE_NTRESPONSES ntrespoff = lmrespoff + 0x18; domoff = ntrespoff + ntresplen; -#else - domoff = lmrespoff + 0x18; -#endif useroff = domoff + domlen; hostoff = useroff + userlen; @@ -718,17 +655,11 @@ CURLcode Curl_auth_create_ntlm_type3_message(struct Curl_easy *data, SHORTPAIR(lmrespoff), 0x0, 0x0, -#ifdef USE_NTRESPONSES SHORTPAIR(ntresplen), /* NT-response length, twice */ SHORTPAIR(ntresplen), SHORTPAIR(ntrespoff), 0x0, 0x0, -#else - 0x0, 0x0, - 0x0, 0x0, - 0x0, 0x0, - 0x0, 0x0, -#endif + SHORTPAIR(domlen), SHORTPAIR(domlen), SHORTPAIR(domoff), @@ -765,7 +696,6 @@ CURLcode Curl_auth_create_ntlm_type3_message(struct Curl_easy *data, ntlm_print_hex(stderr, (char *)&ntlmbuf[lmrespoff], 0x18); }); -#ifdef USE_NTRESPONSES /* ntresplen + size should not be risking an integer overflow here */ if(ntresplen + size > sizeof(ntlmbuf)) { failf(data, "incoming NTLM message too big"); @@ -782,8 +712,6 @@ CURLcode Curl_auth_create_ntlm_type3_message(struct Curl_easy *data, free(ntlmv2resp);/* Free the dynamic buffer allocated for NTLMv2 */ -#endif - DEBUG_OUT({ fprintf(stderr, "\n flags=0x%02.2x%02.2x%02.2x%02.2x 0x%08.8x ", LONGQUARTET(ntlm->flags), ntlm->flags);