Newer
Older
/***************************************************************************
* _ _ ____ _
* Project ___| | | | _ \| |
* / __| | | | |_) | |
* | (__| |_| | _ <| |___
* Copyright (C) 1998 - 2015, Daniel Stenberg, <daniel@haxx.se>, et al.
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
* are also available at http://curl.haxx.se/docs/copyright.html.
*
* You may opt to use, copy, modify, merge, publish, distribute and/or sell
* copies of the Software, and permit persons to whom the Software is
* furnished to do so, under the terms of the COPYING file.
* This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
* KIND, either express or implied.
***************************************************************************/
#include "curl_setup.h"
#ifndef CURL_DISABLE_HTTP
#ifdef HAVE_NETDB_H
#endif
#ifdef HAVE_ARPA_INET_H
#include <arpa/inet.h>
#endif
#ifdef HAVE_NET_IF_H
#include <net/if.h>
#endif
#ifdef HAVE_SYS_IOCTL_H
#endif
#ifdef HAVE_SYS_PARAM_H
#include <sys/param.h>
#endif
#include "transfer.h"
#include "sendf.h"
#include "formdata.h"
#include "progress.h"
#include "curl_base64.h"
#include "cookie.h"
#include "strequal.h"
#include "http_digest.h"
#include "curl_ntlm_wb.h"
#include "http_negotiate.h"
#include "url.h"
#include "share.h"
#include "hostip.h"
#include "http.h"
#include "select.h"
#include "parsedate.h" /* for the week day and month names */
#include "strtoofft.h"
#include "multiif.h"
#include "rawstr.h"
#include "content_encoding.h"
#include "http_proxy.h"
#include "warnless.h"
#include "non-ascii.h"
#include "bundles.h"
#include "pipeline.h"
/* The last #include file should be: */
Patrick Monnerat
committed
/*
* Forward declarations.
*/
Daniel Stenberg
committed
static int http_getsock_do(struct connectdata *conn,
curl_socket_t *socks,
int numsocks);
static int http_should_fail(struct connectdata *conn);
static CURLcode https_connecting(struct connectdata *conn, bool *done);
static int https_getsock(struct connectdata *conn,
curl_socket_t *socks,
int numsocks);
#else
#define https_connecting(x,y) CURLE_COULDNT_CONNECT
Patrick Monnerat
committed
/*
* HTTP handler interface.
*/
const struct Curl_handler Curl_handler_http = {
"HTTP", /* scheme */
Curl_http_setup_conn, /* setup_connection */
Patrick Monnerat
committed
Curl_http, /* do_it */
Curl_http_done, /* done */
ZERO_NULL, /* do_more */
Patrick Monnerat
committed
Curl_http_connect, /* connect_it */
ZERO_NULL, /* connecting */
ZERO_NULL, /* doing */
ZERO_NULL, /* proto_getsock */
Daniel Stenberg
committed
http_getsock_do, /* doing_getsock */
ZERO_NULL, /* domore_getsock */
Daniel Stenberg
committed
ZERO_NULL, /* perform_getsock */
ZERO_NULL, /* disconnect */
ZERO_NULL, /* readwrite */
Patrick Monnerat
committed
PORT_HTTP, /* defport */
PROTOPT_CREDSPERREQUEST /* flags */
Patrick Monnerat
committed
};
#ifdef USE_SSL
/*
* HTTPS handler interface.
*/
const struct Curl_handler Curl_handler_https = {
"HTTPS", /* scheme */
Curl_http_setup_conn, /* setup_connection */
Patrick Monnerat
committed
Curl_http, /* do_it */
Curl_http_done, /* done */
ZERO_NULL, /* do_more */
Patrick Monnerat
committed
Curl_http_connect, /* connect_it */
https_connecting, /* connecting */
ZERO_NULL, /* doing */
https_getsock, /* proto_getsock */
Daniel Stenberg
committed
http_getsock_do, /* doing_getsock */
ZERO_NULL, /* domore_getsock */
Daniel Stenberg
committed
ZERO_NULL, /* perform_getsock */
ZERO_NULL, /* disconnect */
ZERO_NULL, /* readwrite */
Patrick Monnerat
committed
PORT_HTTPS, /* defport */
CURLPROTO_HTTPS, /* protocol */
PROTOPT_SSL | PROTOPT_CREDSPERREQUEST /* flags */
Patrick Monnerat
committed
};
#endif
CURLcode Curl_http_setup_conn(struct connectdata *conn)
{
/* allocate the HTTP-specific struct for the SessionHandle, only to survive
during this request */
DEBUGASSERT(conn->data->req.protop == NULL);
conn->data->req.protop = calloc(1, sizeof(struct HTTP));
if(!conn->data->req.protop)
return CURLE_OUT_OF_MEMORY;
return CURLE_OK;
}
/*
* checkheaders() checks the linked list of custom HTTP headers for a
* particular header (prefix).
*
* Returns a pointer to the first matching header or NULL if none matched.
*/
char *Curl_checkheaders(const struct connectdata *conn,
const char *thisheader)
{
struct curl_slist *head;
size_t thislen = strlen(thisheader);
struct SessionHandle *data = conn->data;
for(head = data->set.headers;head; head=head->next) {
if(Curl_raw_nequal(head->data, thisheader, thislen))
return head->data;
}
return NULL;
}
/*
* checkProxyHeaders() checks the linked list of custom proxy headers
* if proxy headers are not available, then it will lookup into http header
* link list
*
* It takes a connectdata struct as input instead of the SessionHandle simply
* to know if this is a proxy request or not, as it then might check a
* different header list.
*
*/
char *Curl_checkProxyheaders(const struct connectdata *conn,
const char *thisheader)
{
struct curl_slist *head;
size_t thislen = strlen(thisheader);
struct SessionHandle *data = conn->data;
for(head = (conn->bits.proxy && data->set.sep_headers)?
data->set.proxyheaders:data->set.headers;
head; head=head->next) {
if(Curl_raw_nequal(head->data, thisheader, thislen))
return head->data;
}
return NULL;
}
/*
* Strip off leading and trailing whitespace from the value in the
* given HTTP header line and return a strdupped copy. Returns NULL in
* case of allocation failure. Returns an empty string if the header value
* consists entirely of whitespace.
*/
char *Curl_copy_header_value(const char *header)
{
const char *start;
const char *end;
char *value;
size_t len;
/* Find the end of the header name */
while(*header && (*header != ':'))
++header;
/* Find the first non-space letter */
/* data is in the host encoding so
use '\r' and '\n' instead of 0x0d and 0x0a */
end = strchr(start, '\r');
if(!end)
end = strchr(start, '\n');
if(!end)
end = strchr(start, '\0');
/* skip all trailing space letters */
value = malloc(len + 1);
if(!value)
return NULL;
memcpy(value, start, len);
value[len] = 0; /* zero terminate */
return value;
}
* http_output_basic() sets up an Authorization: header (or the proxy version)
* for HTTP Basic authentication.
static CURLcode http_output_basic(struct connectdata *conn, bool proxy)
{
size_t size = 0;
char *authorization = NULL;
struct SessionHandle *data = conn->data;
const char *user;
const char *pwd;
if(proxy) {
userp = &conn->allocptr.proxyuserpwd;
user = conn->proxyuser;
pwd = conn->proxypasswd;
}
else {
userp = &conn->allocptr.userpwd;
user = conn->user;
pwd = conn->passwd;
}
snprintf(data->state.buffer, sizeof(data->state.buffer), "%s:%s", user, pwd);
result = Curl_base64_encode(data,
data->state.buffer, strlen(data->state.buffer),
&authorization, &size);
if(result)
return result;
if(!authorization)
return CURLE_REMOTE_ACCESS_DENIED;
*userp = aprintf("%sAuthorization: Basic %s\r\n",
proxy?"Proxy-":"",
authorization);
free(authorization);
if(!*userp)
return CURLE_OUT_OF_MEMORY;
return CURLE_OK;
}
/* pickoneauth() selects the most favourable authentication method from the
* ones available and the ones we want.
* return TRUE if one was picked
static bool pickoneauth(struct auth *pick)
{
Daniel Stenberg
committed
/* only deal with authentication we want */
unsigned long avail = pick->avail & pick->want;
Daniel Stenberg
committed
picked = TRUE;
/* The order of these checks is highly relevant, as this will be the order
of preference in case of the existence of multiple accepted types. */
if(avail & CURLAUTH_NEGOTIATE)
pick->picked = CURLAUTH_NEGOTIATE;
Daniel Stenberg
committed
else if(avail & CURLAUTH_DIGEST)
pick->picked = CURLAUTH_DIGEST;
else if(avail & CURLAUTH_NTLM)
pick->picked = CURLAUTH_NTLM;
else if(avail & CURLAUTH_NTLM_WB)
pick->picked = CURLAUTH_NTLM_WB;
Daniel Stenberg
committed
else if(avail & CURLAUTH_BASIC)
pick->picked = CURLAUTH_BASIC;
else {
pick->picked = CURLAUTH_PICKNONE; /* we select to use nothing */
picked = FALSE;
}
Daniel Stenberg
committed
pick->avail = CURLAUTH_NONE; /* clear it here */
}
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
/* whether to complete request (for authentication) in current connection */
static bool complete_request(struct connectdata *conn,
curl_off_t remaining_bytes)
{
#if defined(USE_NTLM) || defined(USE_SPNEGO)
struct SessionHandle *data = conn->data;
bool have_ntlm_or_negotiate = FALSE;
bool auth_started = FALSE;
/* don't reset connection when we're in NTLM or Negotiate authentication;
* those authenticate the connection - creating a new connection breaks the
* authentication.
*/
#if defined(USE_NTLM)
/* proxy NTLM authentication */
if((data->state.authproxy.picked == CURLAUTH_NTLM) ||
(data->state.authproxy.picked == CURLAUTH_NTLM_WB)) {
have_ntlm_or_negotiate = TRUE;
auth_started = auth_started
|| (conn->proxyntlm.state != NTLMSTATE_NONE);
}
/* normal NTLM authentication */
if((data->state.authhost.picked == CURLAUTH_NTLM) ||
(data->state.authhost.picked == CURLAUTH_NTLM_WB)) {
have_ntlm_or_negotiate = TRUE;
auth_started = auth_started
|| (conn->ntlm.state != NTLMSTATE_NONE);
}
#endif
#if defined(USE_SPNEGO)
/* proxy Negotiate authentication */
if(data->state.authproxy.picked == CURLAUTH_NEGOTIATE) {
have_ntlm_or_negotiate = TRUE;
auth_started = auth_started
|| (data->state.proxyneg.state != GSS_AUTHNONE);
}
/* normal Negotiate authentication */
if(data->state.authhost.picked == CURLAUTH_NEGOTIATE) {
have_ntlm_or_negotiate = TRUE;
auth_started = auth_started
|| (data->state.negotiate.state != GSS_AUTHNONE);
}
#endif
if(have_ntlm_or_negotiate) {
if(remaining_bytes < 2000 || auth_started) {
/* NTLM/Negotiation has started *OR* there is just a little (<2K)
* data left to send, keep on sending.
*/
/* rewind data when completely done sending! */
if(!conn->bits.authneg) {
conn->bits.rewindaftersend = TRUE;
infof(data, "Rewind stream after send\n");
}
return TRUE;
}
infof(data, "NTLM/Negotiate send, close instead of sending %"
CURL_FORMAT_CURL_OFF_T " bytes\n",
remaining_bytes);
}
#else
/* unused parameters: */
(void)conn;
(void)remaining_bytes;
#endif
return FALSE;
}
Daniel Stenberg
committed
* Curl_http_perhapsrewind()
*
* If we are doing POST or PUT {
* If we have more data to send {
* If we are doing NTLM {
* Keep sending since we must not disconnect
* }
* else {
* If there is more than just a little data left to send, close
* the current connection by force.
* }
* }
* If we have sent any data {
* If we don't have track of all the data {
* call app to tell it to rewind
* }
* else {
* rewind internally so that the operation can restart fine
* }
* }
* }
*/
static CURLcode http_perhapsrewind(struct connectdata *conn)
{
struct SessionHandle *data = conn->data;
struct HTTP *http = data->req.protop;
curl_off_t bytessent;
curl_off_t expectsend = -1; /* default is unknown */
if(!http)
/* If this is still NULL, we have not reach very far and we can safely
skip this rewinding stuff */
return CURLE_OK;
Daniel Stenberg
committed
switch(data->set.httpreq) {
case HTTPREQ_GET:
case HTTPREQ_HEAD:
return CURLE_OK;
default:
break;
}
bytessent = http->writebytecount;
if(conn->bits.authneg) {
Daniel Stenberg
committed
/* This is a state where we are known to be negotiating and we don't send
any data then. */
expectsend = 0;
}
else if(!conn->bits.protoconnstart) {
/* HTTP CONNECT in progress: there is no body */
expectsend = 0;
}
Daniel Stenberg
committed
else {
/* figure out how much data we are expected to send */
switch(data->set.httpreq) {
case HTTPREQ_POST:
if(data->set.postfieldsize != -1)
expectsend = data->set.postfieldsize;
Daniel Stenberg
committed
else if(data->set.postfields)
expectsend = (curl_off_t)strlen(data->set.postfields);
Daniel Stenberg
committed
break;
case HTTPREQ_PUT:
if(data->state.infilesize != -1)
expectsend = data->state.infilesize;
Daniel Stenberg
committed
break;
case HTTPREQ_POST_FORM:
expectsend = http->postsize;
break;
default:
break;
}
}
conn->bits.rewindaftersend = FALSE; /* default */
if((expectsend == -1) || (expectsend > bytessent)) {
if(conn->bits.close)
/* this is already marked to get closed */
return CURLE_OK;
if(complete_request(conn, (curl_off_t)(expectsend - bytessent)))
return CURLE_OK;
Daniel Stenberg
committed
/* This is not NTLM or many bytes left to send: close */
connclose(conn, "Mid-auth HTTP and much data left to send");
Daniel Stenberg
committed
data->req.size = 0; /* don't download any more than 0 bytes */
Daniel Stenberg
committed
/* There still is data left to send, but this connection is marked for
closure so we can safely do the rewind right now */
}
if(bytessent)
/* we rewind now at once since we already sent something */
return Curl_readrewind(conn);
return CURLE_OK;
}
/*
* Curl_http_auth_act() gets called when all HTTP headers have been received
* and it checks what authentication methods that are available and decides
* which one (if any) to use. It will set 'newurl' if an auth method was
*/
CURLcode Curl_http_auth_act(struct connectdata *conn)
{
struct SessionHandle *data = conn->data;
bool pickhost = FALSE;
bool pickproxy = FALSE;
if(100 <= data->req.httpcode && 199 >= data->req.httpcode)
Daniel Stenberg
committed
/* this is a transient response code, ignore */
return CURLE_OK;
if(data->state.authproblem)
return data->set.http_fail_on_error?CURLE_HTTP_RETURNED_ERROR:CURLE_OK;
Daniel Stenberg
committed
if(conn->bits.user_passwd &&
Daniel Stenberg
committed
((data->req.httpcode == 401) ||
(conn->bits.authneg && data->req.httpcode < 300))) {
pickhost = pickoneauth(&data->state.authhost);
Daniel Stenberg
committed
if(!pickhost)
data->state.authproblem = TRUE;
}
Daniel Stenberg
committed
if(conn->bits.proxy_user_passwd &&
Daniel Stenberg
committed
((data->req.httpcode == 407) ||
(conn->bits.authneg && data->req.httpcode < 300))) {
pickproxy = pickoneauth(&data->state.authproxy);
Daniel Stenberg
committed
if(!pickproxy)
data->state.authproblem = TRUE;
}
if(pickhost || pickproxy) {
Daniel Stenberg
committed
/* In case this is GSS auth, the newurl field is already allocated so
we must make sure to free it before allocating a new one. As figured
out in bug #2284386 */
Curl_safefree(data->req.newurl);
Daniel Stenberg
committed
data->req.newurl = strdup(data->change.url); /* clone URL */
if(!data->req.newurl)
if((data->set.httpreq != HTTPREQ_GET) &&
Daniel Stenberg
committed
(data->set.httpreq != HTTPREQ_HEAD) &&
!conn->bits.rewindaftersend) {
result = http_perhapsrewind(conn);
if(result)
return result;
Daniel Stenberg
committed
else if((data->req.httpcode < 300) &&
(!data->state.authhost.done) &&
Daniel Stenberg
committed
/* no (known) authentication available,
authentication is not "done" yet and
no authentication seems to be required and
we didn't try HEAD or GET */
if((data->set.httpreq != HTTPREQ_GET) &&
(data->set.httpreq != HTTPREQ_HEAD)) {
Daniel Stenberg
committed
data->req.newurl = strdup(data->change.url); /* clone URL */
if(!data->req.newurl)
data->state.authhost.done = TRUE;
Daniel Stenberg
committed
}
}
failf (data, "The requested URL returned error: %d",
Daniel Stenberg
committed
data->req.httpcode);
result = CURLE_HTTP_RETURNED_ERROR;
}
/*
* Output the correct authentication header depending on the auth type
* and whether or not it is to a proxy.
*/
static CURLcode
output_auth_headers(struct connectdata *conn,
struct auth *authstatus,
const char *request,
const char *path,
bool proxy)
{
const char *auth = NULL;
CURLcode result = CURLE_OK;
#if defined(USE_SPNEGO) || !defined(CURL_DISABLE_VERBOSE_STRINGS)
struct SessionHandle *data = conn->data;
#endif
#ifdef USE_SPNEGO
Daniel Stenberg
committed
struct negotiatedata *negdata = proxy?
&data->state.proxyneg:&data->state.negotiate;
#endif
(void)request;
(void)path;
#endif
#ifdef USE_SPNEGO
if((authstatus->picked == CURLAUTH_NEGOTIATE) &&
Daniel Stenberg
committed
negdata->context && !GSS_ERROR(negdata->status)) {
result = Curl_output_negotiate(conn, proxy);
if(result)
return result;
authstatus->done = TRUE;
Daniel Stenberg
committed
negdata->state = GSS_AUTHSENT;
}
else
#endif
#ifdef USE_NTLM
if(authstatus->picked == CURLAUTH_NTLM) {
auth="NTLM";
result = Curl_output_ntlm(conn, proxy);
if(result)
return result;
}
else
#endif
#if defined(USE_NTLM) && defined(NTLM_WB_ENABLED)
if(authstatus->picked == CURLAUTH_NTLM_WB) {
auth="NTLM_WB";
result = Curl_output_ntlm_wb(conn, proxy);
if(result)
return result;
}
else
#endif
#ifndef CURL_DISABLE_CRYPTO_AUTH
if(authstatus->picked == CURLAUTH_DIGEST) {
auth="Digest";
result = Curl_output_digest(conn,
proxy,
(const unsigned char *)request,
(const unsigned char *)path);
if(result)
return result;
}
else
#endif
if(authstatus->picked == CURLAUTH_BASIC) {
/* Basic */
if((proxy && conn->bits.proxy_user_passwd &&
!Curl_checkProxyheaders(conn, "Proxy-authorization:")) ||
(!proxy && conn->bits.user_passwd &&
!Curl_checkheaders(conn, "Authorization:"))) {
auth="Basic";
result = http_output_basic(conn, proxy);
if(result)
}
/* NOTE: this function should set 'done' TRUE, as the other auth
functions work that way */
authstatus->done = TRUE;
}
if(auth) {
infof(data, "%s auth using %s with user '%s'\n",
proxy?"Proxy":"Server", auth,
proxy?(conn->proxyuser?conn->proxyuser:""):
(conn->user?conn->user:""));
authstatus->multi = (!authstatus->done) ? TRUE : FALSE;
}
else
authstatus->multi = FALSE;
return CURLE_OK;
}
Daniel Stenberg
committed
/**
* Curl_http_output_auth() setups the authentication headers for the
* host/proxy and the correct authentication
* method. conn->data->state.authdone is set to TRUE when authentication is
* done.
Daniel Stenberg
committed
*
* @param conn all information about the current connection
* @param request pointer to the request keyword
* @param path pointer to the requested path
* @param proxytunnel boolean if this is the request setting up a "proxy
* tunnel"
* @returns CURLcode
*/
CURLcode
Curl_http_output_auth(struct connectdata *conn,
const char *request,
const char *path,
bool proxytunnel) /* TRUE if this is the request setting
up the proxy tunnel */
{
CURLcode result = CURLE_OK;
struct SessionHandle *data = conn->data;
struct auth *authhost;
struct auth *authproxy;
DEBUGASSERT(data);
authhost = &data->state.authhost;
authproxy = &data->state.authproxy;
if((conn->bits.httpproxy && conn->bits.proxy_user_passwd) ||
conn->bits.user_passwd)
/* continue please */ ;
else {
authhost->done = TRUE;
authproxy->done = TRUE;
return CURLE_OK; /* no authentication with no user or password */
}
if(authhost->want && !authhost->picked)
/* The app has selected one or more methods, but none has been picked
so far by a server round-trip. Then we set the picked one to the
want one, and if this is one single bit it'll be used instantly. */
authhost->picked = authhost->want;
if(authproxy->want && !authproxy->picked)
Daniel Stenberg
committed
/* The app has selected one or more methods, but none has been picked so
far by a proxy round-trip. Then we set the picked one to the want one,
and if this is one single bit it'll be used instantly. */
authproxy->picked = authproxy->want;
#ifndef CURL_DISABLE_PROXY
/* Send proxy authentication header if needed */
Daniel Stenberg
committed
if(conn->bits.httpproxy &&
(conn->bits.tunnel_proxy == proxytunnel)) {
result = output_auth_headers(conn, authproxy, request, path, TRUE);
if(result)
return result;
}
else
#else
(void)proxytunnel;
#endif /* CURL_DISABLE_PROXY */
/* we have no proxy so let's pretend we're done authenticating
with it */
authproxy->done = TRUE;
/* To prevent the user+password to get sent to other than the original
host due to a location-follow, we do some weirdo checks here */
if(!data->state.this_is_a_follow ||
Daniel Stenberg
committed
conn->bits.netrc ||
!data->state.first_host ||
data->set.http_disable_hostname_check_before_authentication ||
Curl_raw_equal(data->state.first_host, conn->host.name)) {
result = output_auth_headers(conn, authhost, request, path, FALSE);
}
else
authhost->done = TRUE;
return result;
}
/*
* Curl_http_input_auth() deals with Proxy-Authenticate: and WWW-Authenticate:
* headers. They are dealt with both in the transfer.c main loop and in the
* proxy CONNECT loop.
*/
CURLcode Curl_http_input_auth(struct connectdata *conn, bool proxy,
const char *auth) /* the first non-space */
{
/*
* This resource requires authentication
*/
struct SessionHandle *data = conn->data;
#ifdef USE_SPNEGO
struct negotiatedata *negdata = proxy?
&data->state.proxyneg:&data->state.negotiate;
#endif
unsigned long *availp;
availp = &data->info.proxyauthavail;
authp = &data->state.authproxy;
}
else {
availp = &data->info.httpauthavail;
authp = &data->state.authhost;
/*
* Here we check if we want the specific single authentication (using ==) and
* if we do, we initiate usage of it.
*
* If the provided authentication is wanted as one out of several accepted
* types (using &), we OR this authentication type to the authavail
* variable.
*
* Note:
*
* ->picked is first set to the 'want' value (one or more bits) before the
* request is sent, and then it is again set _after_ all response 401/407
* headers have been received but then only to a single preferred method
* (bit).
*
*/
#ifdef USE_SPNEGO
if(checkprefix("Negotiate", auth)) {
*availp |= CURLAUTH_NEGOTIATE;
authp->avail |= CURLAUTH_NEGOTIATE;
if(authp->picked == CURLAUTH_NEGOTIATE) {
if(negdata->state == GSS_AUTHSENT || negdata->state == GSS_AUTHNONE) {
CURLcode result = Curl_input_negotiate(conn, proxy, auth);
if(!result) {
DEBUGASSERT(!data->req.newurl);
data->req.newurl = strdup(data->change.url);
if(!data->req.newurl)
return CURLE_OUT_OF_MEMORY;
data->state.authproblem = FALSE;
/* we received a GSS auth token and we dealt with it fine */
negdata->state = GSS_AUTHRECV;
}
else
data->state.authproblem = TRUE;
Daniel Stenberg
committed
}
}
}
else
#endif
#ifdef USE_NTLM
/* NTLM support requires the SSL crypto libs */
if(checkprefix("NTLM", auth)) {
*availp |= CURLAUTH_NTLM;
authp->avail |= CURLAUTH_NTLM;
if(authp->picked == CURLAUTH_NTLM ||
authp->picked == CURLAUTH_NTLM_WB) {
/* NTLM authentication is picked and activated */
CURLcode result = Curl_input_ntlm(conn, proxy, auth);
if(!result) {
data->state.authproblem = FALSE;
#ifdef NTLM_WB_ENABLED
if(authp->picked == CURLAUTH_NTLM_WB) {
*availp &= ~CURLAUTH_NTLM;
authp->avail &= ~CURLAUTH_NTLM;
*availp |= CURLAUTH_NTLM_WB;
authp->avail |= CURLAUTH_NTLM_WB;
/* Get the challenge-message which will be passed to
* ntlm_auth for generating the type 3 message later */
while(*auth && ISSPACE(*auth))
auth++;
if(checkprefix("NTLM", auth)) {
auth += strlen("NTLM");
while(*auth && ISSPACE(*auth))
auth++;
if(*auth)
if((conn->challenge_header = strdup(auth)) == NULL)
return CURLE_OUT_OF_MEMORY;
}
}
#endif
}
else {
infof(data, "Authentication problem. Ignoring this.\n");
data->state.authproblem = TRUE;
}
}
}
else
#endif
#ifndef CURL_DISABLE_CRYPTO_AUTH
if(checkprefix("Digest", auth)) {
if((authp->avail & CURLAUTH_DIGEST) != 0) {
infof(data, "Ignoring duplicate digest auth header.\n");
}
else {
*availp |= CURLAUTH_DIGEST;
authp->avail |= CURLAUTH_DIGEST;
/* We call this function on input Digest headers even if Digest
* authentication isn't activated yet, as we need to store the
* incoming data from this header in case we are gonna use
* Digest. */
result = Curl_input_digest(conn, proxy, auth);
if(result) {
infof(data, "Authentication problem. Ignoring this.\n");
data->state.authproblem = TRUE;
}
}
}
else
#endif
if(checkprefix("Basic", auth)) {
*availp |= CURLAUTH_BASIC;
authp->avail |= CURLAUTH_BASIC;
if(authp->picked == CURLAUTH_BASIC) {
/* We asked for Basic authentication but got a 40X back
anyway, which basically means our name+password isn't
valid. */
authp->avail = CURLAUTH_NONE;
infof(data, "Authentication problem. Ignoring this.\n");
data->state.authproblem = TRUE;
}
}
/* there may be multiple methods on one line, so keep reading */
while(*auth && *auth != ',') /* read up to the next comma */
auth++;
if(*auth == ',') /* if we're on a comma, skip it */
auth++;
while(*auth && ISSPACE(*auth))
auth++;
return CURLE_OK;
}
Daniel Stenberg
committed
/**
* http_should_fail() determines whether an HTTP response has gotten us
Daniel Stenberg
committed
*
* @param conn all information about the current connection
*
* @retval 0 communications should continue
*
* @retval 1 communications should not continue
*/
static int http_should_fail(struct connectdata *conn)
Daniel Stenberg
committed
{
struct SessionHandle *data;
Daniel Stenberg
committed
int httpcode;
Daniel Stenberg
committed
DEBUGASSERT(conn);
Daniel Stenberg
committed
data = conn->data;
DEBUGASSERT(data);
Daniel Stenberg
committed
Daniel Stenberg
committed
httpcode = data->req.httpcode;
Daniel Stenberg
committed
/*
** If we haven't been asked to fail on error,
** don't fail.
*/
Daniel Stenberg
committed
if(!data->set.http_fail_on_error)
Daniel Stenberg
committed
return 0;
/*
** Any code < 400 is never terminal.
*/
Daniel Stenberg
committed
if(httpcode < 400)
Daniel Stenberg
committed
return 0;
/*
** Any code >= 400 that's not 401 or 407 is always
** a terminal error
*/
Daniel Stenberg
committed
if((httpcode != 401) &&
(httpcode != 407))
Daniel Stenberg
committed
return 1;
/*
** All we have left to deal with is 401 and 407
*/
Daniel Stenberg
committed
DEBUGASSERT((httpcode == 401) || (httpcode == 407));
Daniel Stenberg
committed
/*
** Examine the current authentication state to see if this
** is an error. The idea is for this function to get
** called after processing all the headers in a response
** message. So, if we've been to asked to authenticate a
** particular stage, and we've done it, we're OK. But, if
** we're already completely authenticated, it's not OK to
** get another 401 or 407.
**