Loading lib/http.c +3 −4 Original line number Diff line number Diff line Loading @@ -5,7 +5,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * * Copyright (C) 1998 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al. * Copyright (C) 1998 - 2015, Daniel Stenberg, <daniel@haxx.se>, et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms Loading Loading @@ -834,14 +834,13 @@ CURLcode Curl_http_input_auth(struct connectdata *conn, bool proxy, while(*auth) { #ifdef USE_SPNEGO if(checkprefix("Negotiate", auth)) { int neg; *availp |= CURLAUTH_NEGOTIATE; authp->avail |= CURLAUTH_NEGOTIATE; if(authp->picked == CURLAUTH_NEGOTIATE) { if(negdata->state == GSS_AUTHSENT || negdata->state == GSS_AUTHNONE) { neg = Curl_input_negotiate(conn, proxy, auth); if(neg == 0) { CURLcode result = Curl_input_negotiate(conn, proxy, auth); if(!result) { DEBUGASSERT(!data->req.newurl); data->req.newurl = strdup(data->change.url); if(!data->req.newurl) Loading lib/http_negotiate.c +15 −13 Original line number Diff line number Diff line Loading @@ -64,9 +64,7 @@ get_gss_name(struct connectdata *conn, bool proxy, gss_name_t *server) return GSS_ERROR(major_status) ? -1 : 0; } /* returning zero (0) means success, everything else is treated as "failure" with no care exactly what the failure was */ int Curl_input_negotiate(struct connectdata *conn, bool proxy, CURLcode Curl_input_negotiate(struct connectdata *conn, bool proxy, const char *header) { struct SessionHandle *data = conn->data; Loading @@ -85,12 +83,12 @@ int Curl_input_negotiate(struct connectdata *conn, bool proxy, * rejected it (since we're again here). Exit with an error since we * can't invent anything better */ Curl_cleanup_negotiate(data); return -1; return CURLE_LOGIN_DENIED; } if(neg_ctx->server_name == NULL && (ret = get_gss_name(conn, proxy, &neg_ctx->server_name))) return ret; get_gss_name(conn, proxy, &neg_ctx->server_name)) return CURLE_OUT_OF_MEMORY; header += strlen("Negotiate"); while(*header && ISSPACE(*header)) Loading @@ -100,8 +98,12 @@ int Curl_input_negotiate(struct connectdata *conn, bool proxy, if(len > 0) { result = Curl_base64_decode(header, (unsigned char **)&input_token.value, &rawlen); if(result || rawlen == 0) return -1; if(result) return result; if(!rawlen) return CURLE_BAD_CONTENT_ENCODING; input_token.length = rawlen; DEBUGASSERT(input_token.value != NULL); Loading @@ -125,19 +127,19 @@ int Curl_input_negotiate(struct connectdata *conn, bool proxy, gss_release_buffer(&discard_st, &output_token); Curl_gss_log_error(conn->data, minor_status, "gss_init_sec_context() failed: "); return -1; return CURLE_OUT_OF_MEMORY; } if(!output_token.value || !output_token.length) { if(output_token.value) gss_release_buffer(&discard_st, &output_token); return -1; return CURLE_OUT_OF_MEMORY; } neg_ctx->output_token = output_token; return 0; } return CURLE_OK; } CURLcode Curl_output_negotiate(struct connectdata *conn, bool proxy) { Loading lib/http_negotiate.h +3 −3 Original line number Diff line number Diff line Loading @@ -7,7 +7,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * * Copyright (C) 1998 - 2011, Daniel Stenberg, <daniel@haxx.se>, et al. * Copyright (C) 1998 - 2015, Daniel Stenberg, <daniel@haxx.se>, et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms Loading @@ -25,7 +25,7 @@ #ifdef USE_SPNEGO /* this is for Negotiate header input */ int Curl_input_negotiate(struct connectdata *conn, bool proxy, CURLcode Curl_input_negotiate(struct connectdata *conn, bool proxy, const char *header); /* this is for creating Negotiate header output */ Loading lib/http_negotiate_sspi.c +18 −18 Original line number Diff line number Diff line Loading @@ -42,9 +42,7 @@ /* The last #include file should be: */ #include "memdebug.h" /* returning zero (0) means success, everything else is treated as "failure" with no care exactly what the failure was */ int Curl_input_negotiate(struct connectdata *conn, bool proxy, CURLcode Curl_input_negotiate(struct connectdata *conn, bool proxy, const char *header) { BYTE *input_token = NULL; Loading Loading @@ -88,20 +86,20 @@ int Curl_input_negotiate(struct connectdata *conn, bool proxy, * rejected it (since we're again here). Exit with an error since we * can't invent anything better */ Curl_cleanup_negotiate(conn->data); return -1; return CURLE_LOGIN_DENIED; } if(!neg_ctx->server_name) { /* Check proxy auth requested but no given proxy name */ if(proxy && !conn->proxy.name) return -1; return CURLE_BAD_FUNCTION_ARGUMENT; /* Generate our SPN */ neg_ctx->server_name = Curl_sasl_build_spn("HTTP", proxy ? conn->proxy.name : conn->host.name); if(!neg_ctx->server_name) return -1; return CURLE_OUT_OF_MEMORY; } if(!neg_ctx->output_token) { Loading @@ -110,7 +108,7 @@ int Curl_input_negotiate(struct connectdata *conn, bool proxy, TEXT(SP_NAME_NEGOTIATE), &SecurityPackage); if(status != SEC_E_OK) return -1; return CURLE_NOT_BUILT_IN; /* Allocate input and output buffers according to the max token size as indicated by the security package */ Loading @@ -130,7 +128,7 @@ int Curl_input_negotiate(struct connectdata *conn, bool proxy, if(neg_ctx->context) { /* The server rejected our authentication and hasn't suppled any more negotiation mechanisms */ return -1; return CURLE_LOGIN_DENIED; } /* We have to acquire credentials and allocate memory for the context */ Loading @@ -138,13 +136,13 @@ int Curl_input_negotiate(struct connectdata *conn, bool proxy, neg_ctx->context = malloc(sizeof(CtxtHandle)); if(!neg_ctx->credentials || !neg_ctx->context) return -1; return CURLE_OUT_OF_MEMORY; if(userp && *userp) { /* Populate our identity structure */ result = Curl_create_sspi_identity(userp, passwdp, &neg_ctx->identity); if(result) return -1; return result; /* Allow proper cleanup of the identity structure */ neg_ctx->p_identity = &neg_ctx->identity; Loading @@ -161,14 +159,17 @@ int Curl_input_negotiate(struct connectdata *conn, bool proxy, neg_ctx->p_identity, NULL, NULL, neg_ctx->credentials, &expiry); if(neg_ctx->status != SEC_E_OK) return -1; return CURLE_LOGIN_DENIED; } else { result = Curl_base64_decode(header, (unsigned char **)&input_token, &input_token_len); if(result || !input_token_len) return -1; if(result) return result; if(!input_token_len) return CURLE_BAD_CONTENT_ENCODING; } /* Setup the "output" security buffer */ Loading Loading @@ -207,22 +208,21 @@ int Curl_input_negotiate(struct connectdata *conn, bool proxy, Curl_safefree(input_token); if(GSS_ERROR(neg_ctx->status)) return -1; return CURLE_OUT_OF_MEMORY; if(neg_ctx->status == SEC_I_COMPLETE_NEEDED || neg_ctx->status == SEC_I_COMPLETE_AND_CONTINUE) { neg_ctx->status = s_pSecFn->CompleteAuthToken(neg_ctx->context, &out_buff_desc); if(GSS_ERROR(neg_ctx->status)) return -1; return CURLE_RECV_ERROR; } neg_ctx->output_token_length = out_sec_buff.cbBuffer; return 0; return CURLE_OK; } CURLcode Curl_output_negotiate(struct connectdata *conn, bool proxy) { struct negotiatedata *neg_ctx = proxy?&conn->data->state.proxyneg: Loading Loading
lib/http.c +3 −4 Original line number Diff line number Diff line Loading @@ -5,7 +5,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * * Copyright (C) 1998 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al. * Copyright (C) 1998 - 2015, Daniel Stenberg, <daniel@haxx.se>, et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms Loading Loading @@ -834,14 +834,13 @@ CURLcode Curl_http_input_auth(struct connectdata *conn, bool proxy, while(*auth) { #ifdef USE_SPNEGO if(checkprefix("Negotiate", auth)) { int neg; *availp |= CURLAUTH_NEGOTIATE; authp->avail |= CURLAUTH_NEGOTIATE; if(authp->picked == CURLAUTH_NEGOTIATE) { if(negdata->state == GSS_AUTHSENT || negdata->state == GSS_AUTHNONE) { neg = Curl_input_negotiate(conn, proxy, auth); if(neg == 0) { CURLcode result = Curl_input_negotiate(conn, proxy, auth); if(!result) { DEBUGASSERT(!data->req.newurl); data->req.newurl = strdup(data->change.url); if(!data->req.newurl) Loading
lib/http_negotiate.c +15 −13 Original line number Diff line number Diff line Loading @@ -64,9 +64,7 @@ get_gss_name(struct connectdata *conn, bool proxy, gss_name_t *server) return GSS_ERROR(major_status) ? -1 : 0; } /* returning zero (0) means success, everything else is treated as "failure" with no care exactly what the failure was */ int Curl_input_negotiate(struct connectdata *conn, bool proxy, CURLcode Curl_input_negotiate(struct connectdata *conn, bool proxy, const char *header) { struct SessionHandle *data = conn->data; Loading @@ -85,12 +83,12 @@ int Curl_input_negotiate(struct connectdata *conn, bool proxy, * rejected it (since we're again here). Exit with an error since we * can't invent anything better */ Curl_cleanup_negotiate(data); return -1; return CURLE_LOGIN_DENIED; } if(neg_ctx->server_name == NULL && (ret = get_gss_name(conn, proxy, &neg_ctx->server_name))) return ret; get_gss_name(conn, proxy, &neg_ctx->server_name)) return CURLE_OUT_OF_MEMORY; header += strlen("Negotiate"); while(*header && ISSPACE(*header)) Loading @@ -100,8 +98,12 @@ int Curl_input_negotiate(struct connectdata *conn, bool proxy, if(len > 0) { result = Curl_base64_decode(header, (unsigned char **)&input_token.value, &rawlen); if(result || rawlen == 0) return -1; if(result) return result; if(!rawlen) return CURLE_BAD_CONTENT_ENCODING; input_token.length = rawlen; DEBUGASSERT(input_token.value != NULL); Loading @@ -125,19 +127,19 @@ int Curl_input_negotiate(struct connectdata *conn, bool proxy, gss_release_buffer(&discard_st, &output_token); Curl_gss_log_error(conn->data, minor_status, "gss_init_sec_context() failed: "); return -1; return CURLE_OUT_OF_MEMORY; } if(!output_token.value || !output_token.length) { if(output_token.value) gss_release_buffer(&discard_st, &output_token); return -1; return CURLE_OUT_OF_MEMORY; } neg_ctx->output_token = output_token; return 0; } return CURLE_OK; } CURLcode Curl_output_negotiate(struct connectdata *conn, bool proxy) { Loading
lib/http_negotiate.h +3 −3 Original line number Diff line number Diff line Loading @@ -7,7 +7,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * * Copyright (C) 1998 - 2011, Daniel Stenberg, <daniel@haxx.se>, et al. * Copyright (C) 1998 - 2015, Daniel Stenberg, <daniel@haxx.se>, et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms Loading @@ -25,7 +25,7 @@ #ifdef USE_SPNEGO /* this is for Negotiate header input */ int Curl_input_negotiate(struct connectdata *conn, bool proxy, CURLcode Curl_input_negotiate(struct connectdata *conn, bool proxy, const char *header); /* this is for creating Negotiate header output */ Loading
lib/http_negotiate_sspi.c +18 −18 Original line number Diff line number Diff line Loading @@ -42,9 +42,7 @@ /* The last #include file should be: */ #include "memdebug.h" /* returning zero (0) means success, everything else is treated as "failure" with no care exactly what the failure was */ int Curl_input_negotiate(struct connectdata *conn, bool proxy, CURLcode Curl_input_negotiate(struct connectdata *conn, bool proxy, const char *header) { BYTE *input_token = NULL; Loading Loading @@ -88,20 +86,20 @@ int Curl_input_negotiate(struct connectdata *conn, bool proxy, * rejected it (since we're again here). Exit with an error since we * can't invent anything better */ Curl_cleanup_negotiate(conn->data); return -1; return CURLE_LOGIN_DENIED; } if(!neg_ctx->server_name) { /* Check proxy auth requested but no given proxy name */ if(proxy && !conn->proxy.name) return -1; return CURLE_BAD_FUNCTION_ARGUMENT; /* Generate our SPN */ neg_ctx->server_name = Curl_sasl_build_spn("HTTP", proxy ? conn->proxy.name : conn->host.name); if(!neg_ctx->server_name) return -1; return CURLE_OUT_OF_MEMORY; } if(!neg_ctx->output_token) { Loading @@ -110,7 +108,7 @@ int Curl_input_negotiate(struct connectdata *conn, bool proxy, TEXT(SP_NAME_NEGOTIATE), &SecurityPackage); if(status != SEC_E_OK) return -1; return CURLE_NOT_BUILT_IN; /* Allocate input and output buffers according to the max token size as indicated by the security package */ Loading @@ -130,7 +128,7 @@ int Curl_input_negotiate(struct connectdata *conn, bool proxy, if(neg_ctx->context) { /* The server rejected our authentication and hasn't suppled any more negotiation mechanisms */ return -1; return CURLE_LOGIN_DENIED; } /* We have to acquire credentials and allocate memory for the context */ Loading @@ -138,13 +136,13 @@ int Curl_input_negotiate(struct connectdata *conn, bool proxy, neg_ctx->context = malloc(sizeof(CtxtHandle)); if(!neg_ctx->credentials || !neg_ctx->context) return -1; return CURLE_OUT_OF_MEMORY; if(userp && *userp) { /* Populate our identity structure */ result = Curl_create_sspi_identity(userp, passwdp, &neg_ctx->identity); if(result) return -1; return result; /* Allow proper cleanup of the identity structure */ neg_ctx->p_identity = &neg_ctx->identity; Loading @@ -161,14 +159,17 @@ int Curl_input_negotiate(struct connectdata *conn, bool proxy, neg_ctx->p_identity, NULL, NULL, neg_ctx->credentials, &expiry); if(neg_ctx->status != SEC_E_OK) return -1; return CURLE_LOGIN_DENIED; } else { result = Curl_base64_decode(header, (unsigned char **)&input_token, &input_token_len); if(result || !input_token_len) return -1; if(result) return result; if(!input_token_len) return CURLE_BAD_CONTENT_ENCODING; } /* Setup the "output" security buffer */ Loading Loading @@ -207,22 +208,21 @@ int Curl_input_negotiate(struct connectdata *conn, bool proxy, Curl_safefree(input_token); if(GSS_ERROR(neg_ctx->status)) return -1; return CURLE_OUT_OF_MEMORY; if(neg_ctx->status == SEC_I_COMPLETE_NEEDED || neg_ctx->status == SEC_I_COMPLETE_AND_CONTINUE) { neg_ctx->status = s_pSecFn->CompleteAuthToken(neg_ctx->context, &out_buff_desc); if(GSS_ERROR(neg_ctx->status)) return -1; return CURLE_RECV_ERROR; } neg_ctx->output_token_length = out_sec_buff.cbBuffer; return 0; return CURLE_OK; } CURLcode Curl_output_negotiate(struct connectdata *conn, bool proxy) { struct negotiatedata *neg_ctx = proxy?&conn->data->state.proxyneg: Loading
