Return to curl_gssapi.c CVS log

Up to [ELWIX - Embedded LightWeight unIX -] / embedaddon / curl / lib

curl

    1: /***************************************************************************
    2:  *                                  _   _ ____  _
    3:  *  Project                     ___| | | |  _ \| |
    4:  *                             / __| | | | |_) | |
    5:  *                            | (__| |_| |  _ <| |___
    6:  *                             \___|\___/|_| \_\_____|
    7:  *
    8:  * Copyright (C) 2011 - 2018, Daniel Stenberg, <daniel@haxx.se>, et al.
    9:  *
   10:  * This software is licensed as described in the file COPYING, which
   11:  * you should have received as part of this distribution. The terms
   12:  * are also available at https://curl.haxx.se/docs/copyright.html.
   13:  *
   14:  * You may opt to use, copy, modify, merge, publish, distribute and/or sell
   15:  * copies of the Software, and permit persons to whom the Software is
   16:  * furnished to do so, under the terms of the COPYING file.
   17:  *
   18:  * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
   19:  * KIND, either express or implied.
   20:  *
   21:  ***************************************************************************/
   22: 
   23: #include "curl_setup.h"
   24: 
   25: #ifdef HAVE_GSSAPI
   26: 
   27: #include "curl_gssapi.h"
   28: #include "sendf.h"
   29: 
   30: /* The last 3 #include files should be in this order */
   31: #include "curl_printf.h"
   32: #include "curl_memory.h"
   33: #include "memdebug.h"
   34: 
   35: static char spnego_oid_bytes[] = "\x2b\x06\x01\x05\x05\x02";
   36: gss_OID_desc Curl_spnego_mech_oid = { 6, &spnego_oid_bytes };
   37: static char krb5_oid_bytes[] = "\x2a\x86\x48\x86\xf7\x12\x01\x02\x02";
   38: gss_OID_desc Curl_krb5_mech_oid = { 9, &krb5_oid_bytes };
   39: 
   40: OM_uint32 Curl_gss_init_sec_context(
   41:     struct Curl_easy *data,
   42:     OM_uint32 *minor_status,
   43:     gss_ctx_id_t *context,
   44:     gss_name_t target_name,
   45:     gss_OID mech_type,
   46:     gss_channel_bindings_t input_chan_bindings,
   47:     gss_buffer_t input_token,
   48:     gss_buffer_t output_token,
   49:     const bool mutual_auth,
   50:     OM_uint32 *ret_flags)
   51: {
   52:   OM_uint32 req_flags = GSS_C_REPLAY_FLAG;
   53: 
   54:   if(mutual_auth)
   55:     req_flags |= GSS_C_MUTUAL_FLAG;
   56: 
   57:   if(data->set.gssapi_delegation & CURLGSSAPI_DELEGATION_POLICY_FLAG) {
   58: #ifdef GSS_C_DELEG_POLICY_FLAG
   59:     req_flags |= GSS_C_DELEG_POLICY_FLAG;
   60: #else
   61:     infof(data, "warning: support for CURLGSSAPI_DELEGATION_POLICY_FLAG not "
   62:         "compiled in\n");
   63: #endif
   64:   }
   65: 
   66:   if(data->set.gssapi_delegation & CURLGSSAPI_DELEGATION_FLAG)
   67:     req_flags |= GSS_C_DELEG_FLAG;
   68: 
   69:   return gss_init_sec_context(minor_status,
   70:                               GSS_C_NO_CREDENTIAL, /* cred_handle */
   71:                               context,
   72:                               target_name,
   73:                               mech_type,
   74:                               req_flags,
   75:                               0, /* time_req */
   76:                               input_chan_bindings,
   77:                               input_token,
   78:                               NULL, /* actual_mech_type */
   79:                               output_token,
   80:                               ret_flags,
   81:                               NULL /* time_rec */);
   82: }
   83: 
   84: #define GSS_LOG_BUFFER_LEN 1024
   85: static size_t display_gss_error(OM_uint32 status, int type,
   86:                                 char *buf, size_t len) {
   87:   OM_uint32 maj_stat;
   88:   OM_uint32 min_stat;
   89:   OM_uint32 msg_ctx = 0;
   90:   gss_buffer_desc status_string;
   91: 
   92:   do {
   93:     maj_stat = gss_display_status(&min_stat,
   94:                                   status,
   95:                                   type,
   96:                                   GSS_C_NO_OID,
   97:                                   &msg_ctx,
   98:                                   &status_string);
   99:     if(GSS_LOG_BUFFER_LEN > len + status_string.length + 3) {
  100:       len += msnprintf(buf + len, GSS_LOG_BUFFER_LEN - len,
  101:                        "%.*s. ", (int)status_string.length,
  102:                        (char *)status_string.value);
  103:     }
  104:     gss_release_buffer(&min_stat, &status_string);
  105:   } while(!GSS_ERROR(maj_stat) && msg_ctx != 0);
  106: 
  107:   return len;
  108: }
  109: 
  110: /*
  111:  * Curl_gss_log_error()
  112:  *
  113:  * This is used to log a GSS-API error status.
  114:  *
  115:  * Parameters:
  116:  *
  117:  * data    [in] - The session handle.
  118:  * prefix  [in] - The prefix of the log message.
  119:  * major   [in] - The major status code.
  120:  * minor   [in] - The minor status code.
  121:  */
  122: void Curl_gss_log_error(struct Curl_easy *data, const char *prefix,
  123:                         OM_uint32 major, OM_uint32 minor)
  124: {
  125:   char buf[GSS_LOG_BUFFER_LEN];
  126:   size_t len = 0;
  127: 
  128:   if(major != GSS_S_FAILURE)
  129:     len = display_gss_error(major, GSS_C_GSS_CODE, buf, len);
  130: 
  131:   display_gss_error(minor, GSS_C_MECH_CODE, buf, len);
  132: 
  133:   infof(data, "%s%s\n", prefix, buf);
  134: }
  135: 
  136: #endif /* HAVE_GSSAPI */