? ChangeLog
Index: http_ntlm.c
===================================================================
RCS file: /cvsroot/curl/curl/lib/http_ntlm.c,v
retrieving revision 1.51
diff -u -w -u -r1.51 http_ntlm.c
--- http_ntlm.c	8 Apr 2006 11:04:53 -0000	1.51
+++ http_ntlm.c	30 May 2006 22:28:50 -0000
@@ -59,6 +59,7 @@
 
 #include <openssl/des.h>
 #include <openssl/md4.h>
+#include <openssl/md5.h>
 #include <openssl/ssl.h>
 
 #if OPENSSL_VERSION_NUMBER < 0x00907001L
@@ -94,6 +95,10 @@
 /* Define this to make the type-3 message include the NT response message */
 #define USE_NTRESPONSES 1
 
+/* Define this to make the type-3 message include the NTLM2Session response message */
+/* Requires USE_NTRESPONSES */
+#define USE_NTLM2SESSION 1
+
 #ifndef USE_WINDOWS_SSPI
 /* this function converts from the little endian format used in the incoming
    package to whatever endian format we're using natively */
@@ -630,7 +635,11 @@
     32    start of data block
 
     */
-
+#if USE_NTLM2SESSION
+#define NTLM2FLAG NTLMFLAG_NEGOTIATE_NTLM2_KEY
+#else
+#define NTLM2FLAG 0
+#endif
     snprintf((char *)ntlmbuf, sizeof(ntlmbuf), "NTLMSSP%c"
              "\x01%c%c%c" /* 32-bit type = 1 */
              "%c%c%c%c"   /* 32-bit NTLM flag field */
@@ -651,6 +660,7 @@
                NTLMFLAG_NEGOTIATE_OEM|
                NTLMFLAG_REQUEST_TARGET|
                NTLMFLAG_NEGOTIATE_NTLM_KEY|
+	       NTLM2FLAG|
                NTLMFLAG_NEGOTIATE_ALWAYS_SIGN
                ),
              SHORTPAIR(domlen),
@@ -672,15 +682,18 @@
               LONGQUARTET(NTLMFLAG_NEGOTIATE_OEM|
                           NTLMFLAG_REQUEST_TARGET|
                           NTLMFLAG_NEGOTIATE_NTLM_KEY|
+			  NTLM2FLAG|
                           NTLMFLAG_NEGOTIATE_ALWAYS_SIGN),
               NTLMFLAG_NEGOTIATE_OEM|
               NTLMFLAG_REQUEST_TARGET|
               NTLMFLAG_NEGOTIATE_NTLM_KEY|
+	      NTLM2FLAG|
               NTLMFLAG_NEGOTIATE_ALWAYS_SIGN);
       print_flags(stderr,
                   NTLMFLAG_NEGOTIATE_OEM|
                   NTLMFLAG_REQUEST_TARGET|
                   NTLMFLAG_NEGOTIATE_NTLM_KEY|
+		  NTLM2FLAG|
                   NTLMFLAG_NEGOTIATE_ALWAYS_SIGN);
       fprintf(stderr, "\n****\n");
     });
@@ -786,7 +799,35 @@
       hostlen = strlen(host);
     }
 
-    {
+#if USE_NTLM2SESSION
+    /* We don't support NTLM2 if we don't have USE_NTRESPONSES */
+    if (ntlm->flags & NTLMFLAG_NEGOTIATE_NTLM2_KEY) {
+      unsigned char ntbuffer[0x18];
+      unsigned char tmp[0x18];
+      unsigned char md5sum[MD5_DIGEST_LENGTH];
+      MD5_CTX MD5;
+      char random[]="NotRando";
+      /* Need to create 8 bytes random data, but we start with static */
+      /* 8 bytes random data as challenge in lmresp */
+      memcpy(lmresp,random,8);
+      /* Pad with zeros */
+      memset(lmresp+8,0,0x10);
+
+      /* Fill tmp with challenge(nonce?) + random */
+      memcpy(tmp,&ntlm->nonce[0],8);
+      memcpy(tmp+8,random,8);
+
+      MD5_Init(&MD5);
+      MD5_Update(&MD5, tmp, 16);
+      MD5_Final(md5sum, &MD5);
+      
+      mk_nt_hash(passwdp, ntbuffer);
+      lm_resp(ntbuffer, md5sum, ntresp);
+
+      /* End of NTLM2 Session code */     
+    } else {
+#endif 
+      
 #if USE_NTRESPONSES
       unsigned char ntbuffer[0x18];
 #endif