Annotation of embedaddon/curl/lib/http_negotiate.c, revision 1.1.1.1
1.1 misho 1: /***************************************************************************
2: * _ _ ____ _
3: * Project ___| | | | _ \| |
4: * / __| | | | |_) | |
5: * | (__| |_| | _ <| |___
6: * \___|\___/|_| \_\_____|
7: *
8: * Copyright (C) 1998 - 2019, Daniel Stenberg, <daniel@haxx.se>, et al.
9: *
10: * This software is licensed as described in the file COPYING, which
11: * you should have received as part of this distribution. The terms
12: * are also available at https://curl.haxx.se/docs/copyright.html.
13: *
14: * You may opt to use, copy, modify, merge, publish, distribute and/or sell
15: * copies of the Software, and permit persons to whom the Software is
16: * furnished to do so, under the terms of the COPYING file.
17: *
18: * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
19: * KIND, either express or implied.
20: *
21: ***************************************************************************/
22:
23: #include "curl_setup.h"
24:
25: #if !defined(CURL_DISABLE_HTTP) && defined(USE_SPNEGO)
26:
27: #include "urldata.h"
28: #include "sendf.h"
29: #include "http_negotiate.h"
30: #include "vauth/vauth.h"
31:
32: /* The last 3 #include files should be in this order */
33: #include "curl_printf.h"
34: #include "curl_memory.h"
35: #include "memdebug.h"
36:
37: CURLcode Curl_input_negotiate(struct connectdata *conn, bool proxy,
38: const char *header)
39: {
40: CURLcode result;
41: struct Curl_easy *data = conn->data;
42: size_t len;
43:
44: /* Point to the username, password, service and host */
45: const char *userp;
46: const char *passwdp;
47: const char *service;
48: const char *host;
49:
50: /* Point to the correct struct with this */
51: struct negotiatedata *neg_ctx;
52: curlnegotiate state;
53:
54: if(proxy) {
55: userp = conn->http_proxy.user;
56: passwdp = conn->http_proxy.passwd;
57: service = data->set.str[STRING_PROXY_SERVICE_NAME] ?
58: data->set.str[STRING_PROXY_SERVICE_NAME] : "HTTP";
59: host = conn->http_proxy.host.name;
60: neg_ctx = &conn->proxyneg;
61: state = conn->proxy_negotiate_state;
62: }
63: else {
64: userp = conn->user;
65: passwdp = conn->passwd;
66: service = data->set.str[STRING_SERVICE_NAME] ?
67: data->set.str[STRING_SERVICE_NAME] : "HTTP";
68: host = conn->host.name;
69: neg_ctx = &conn->negotiate;
70: state = conn->http_negotiate_state;
71: }
72:
73: /* Not set means empty */
74: if(!userp)
75: userp = "";
76:
77: if(!passwdp)
78: passwdp = "";
79:
80: /* Obtain the input token, if any */
81: header += strlen("Negotiate");
82: while(*header && ISSPACE(*header))
83: header++;
84:
85: len = strlen(header);
86: neg_ctx->havenegdata = len != 0;
87: if(!len) {
88: if(state == GSS_AUTHSUCC) {
89: infof(conn->data, "Negotiate auth restarted\n");
90: Curl_http_auth_cleanup_negotiate(conn);
91: }
92: else if(state != GSS_AUTHNONE) {
93: /* The server rejected our authentication and hasn't supplied any more
94: negotiation mechanisms */
95: Curl_http_auth_cleanup_negotiate(conn);
96: return CURLE_LOGIN_DENIED;
97: }
98: }
99:
100: /* Supports SSL channel binding for Windows ISS extended protection */
101: #if defined(USE_WINDOWS_SSPI) && defined(SECPKG_ATTR_ENDPOINT_BINDINGS)
102: neg_ctx->sslContext = conn->sslContext;
103: #endif
104:
105: /* Initialize the security context and decode our challenge */
106: result = Curl_auth_decode_spnego_message(data, userp, passwdp, service,
107: host, header, neg_ctx);
108:
109: if(result)
110: Curl_http_auth_cleanup_negotiate(conn);
111:
112: return result;
113: }
114:
115: CURLcode Curl_output_negotiate(struct connectdata *conn, bool proxy)
116: {
117: struct negotiatedata *neg_ctx = proxy ? &conn->proxyneg :
118: &conn->negotiate;
119: struct auth *authp = proxy ? &conn->data->state.authproxy :
120: &conn->data->state.authhost;
121: curlnegotiate *state = proxy ? &conn->proxy_negotiate_state :
122: &conn->http_negotiate_state;
123: char *base64 = NULL;
124: size_t len = 0;
125: char *userp;
126: CURLcode result;
127:
128: authp->done = FALSE;
129:
130: if(*state == GSS_AUTHRECV) {
131: if(neg_ctx->havenegdata) {
132: neg_ctx->havemultiplerequests = TRUE;
133: }
134: }
135: else if(*state == GSS_AUTHSUCC) {
136: if(!neg_ctx->havenoauthpersist) {
137: neg_ctx->noauthpersist = !neg_ctx->havemultiplerequests;
138: }
139: }
140:
141: if(neg_ctx->noauthpersist ||
142: (*state != GSS_AUTHDONE && *state != GSS_AUTHSUCC)) {
143:
144: if(neg_ctx->noauthpersist && *state == GSS_AUTHSUCC) {
145: infof(conn->data, "Curl_output_negotiate, "
146: "no persistent authentication: cleanup existing context");
147: Curl_http_auth_cleanup_negotiate(conn);
148: }
149: if(!neg_ctx->context) {
150: result = Curl_input_negotiate(conn, proxy, "Negotiate");
151: if(result == CURLE_AUTH_ERROR) {
152: /* negotiate auth failed, let's continue unauthenticated to stay
153: * compatible with the behavior before curl-7_64_0-158-g6c6035532 */
154: authp->done = TRUE;
155: return CURLE_OK;
156: }
157: else if(result)
158: return result;
159: }
160:
161: result = Curl_auth_create_spnego_message(conn->data,
162: neg_ctx, &base64, &len);
163: if(result)
164: return result;
165:
166: userp = aprintf("%sAuthorization: Negotiate %s\r\n", proxy ? "Proxy-" : "",
167: base64);
168:
169: if(proxy) {
170: Curl_safefree(conn->allocptr.proxyuserpwd);
171: conn->allocptr.proxyuserpwd = userp;
172: }
173: else {
174: Curl_safefree(conn->allocptr.userpwd);
175: conn->allocptr.userpwd = userp;
176: }
177:
178: free(base64);
179:
180: if(userp == NULL) {
181: return CURLE_OUT_OF_MEMORY;
182: }
183:
184: *state = GSS_AUTHSENT;
185: #ifdef HAVE_GSSAPI
186: if(neg_ctx->status == GSS_S_COMPLETE ||
187: neg_ctx->status == GSS_S_CONTINUE_NEEDED) {
188: *state = GSS_AUTHDONE;
189: }
190: #else
191: #ifdef USE_WINDOWS_SSPI
192: if(neg_ctx->status == SEC_E_OK ||
193: neg_ctx->status == SEC_I_CONTINUE_NEEDED) {
194: *state = GSS_AUTHDONE;
195: }
196: #endif
197: #endif
198: }
199:
200: if(*state == GSS_AUTHDONE || *state == GSS_AUTHSUCC) {
201: /* connection is already authenticated,
202: * don't send a header in future requests */
203: authp->done = TRUE;
204: }
205:
206: neg_ctx->havenegdata = FALSE;
207:
208: return CURLE_OK;
209: }
210:
211: void Curl_http_auth_cleanup_negotiate(struct connectdata *conn)
212: {
213: conn->http_negotiate_state = GSS_AUTHNONE;
214: conn->proxy_negotiate_state = GSS_AUTHNONE;
215:
216: Curl_auth_cleanup_spnego(&conn->negotiate);
217: Curl_auth_cleanup_spnego(&conn->proxyneg);
218: }
219:
220: #endif /* !CURL_DISABLE_HTTP && USE_SPNEGO */
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>
![[BACK]](/icons/cvsweb/back.gif){kind=icon}
Return to http_negotiate.c CVS log ![[TXT]](/icons/cvsweb/text.gif){kind=icon}
![[DIR]](/icons/cvsweb/dir.gif){kind=icon}
Up to [ELWIX - Embedded LightWeight unIX -] / embedaddon / curl / lib