Commit b6821dbb authored by Steve Holme's avatar Steve Holme
Browse files

sasl: Fixed Kerberos V5 inclusion when CURL_DISABLE_CRYPTO_AUTH is used 

Typically the USE_WINDOWS_SSPI definition would not be used when the
CURL_DISABLE_CRYPTO_AUTH define is, however, it is still a valid build
configuration and, as such, the SASL Kerberos V5 (GSSAPI) authentication
data structures and functions would incorrectly be used when they
shouldn't be.

Introduced a new USE_KRB5 definition that takes into account the use of
CURL_DISABLE_CRYPTO_AUTH like USE_SPNEGO and USE_NTLM do.
parent b04eef13

lib/curl_sasl.c

+2 −2
Original line number Diff line number Diff line
@@ -53,7 +53,7 @@ 
/* The last #include file should be: */

#include "memdebug.h"



#if defined(USE_WINDOWS_SSPI)

#if defined(USE_KRB5)

extern void Curl_sasl_gssapi_cleanup(struct kerberos5data *krb5);

#endif
@@ -722,7 +722,7 @@ CURLcode Curl_sasl_create_xoauth2_message(struct SessionHandle *data, 
 */

void Curl_sasl_cleanup(struct connectdata *conn, unsigned int authused)

{

#if defined(USE_WINDOWS_SSPI)

#if defined(USE_KRB5)

  /* Cleanup the gssapi structure */

  if(authused == SASL_MECH_GSSAPI) {

    Curl_sasl_gssapi_cleanup(&conn->krb5);

lib/curl_sasl.h

+3 −3
Original line number Diff line number Diff line
@@ -28,7 +28,7 @@ struct SessionHandle; 
struct connectdata;

struct ntlmdata;



#if defined(USE_WINDOWS_SSPI)

#if defined(USE_KRB5)

struct kerberos5data;

#endif
@@ -123,7 +123,7 @@ CURLcode Curl_sasl_create_ntlm_type3_message(struct SessionHandle *data, 


#endif /* USE_NTLM */



#if defined(USE_WINDOWS_SSPI)

#if defined(USE_KRB5)

/* This is used to generate a base64 encoded GSSAPI (Kerberos V5) user token

   message */

CURLcode Curl_sasl_create_gssapi_user_message(struct SessionHandle *data,
@@ -142,7 +142,7 @@ CURLcode Curl_sasl_create_gssapi_security_message(struct SessionHandle *data, 
                                                  struct kerberos5data *krb5,

                                                  char **outptr,

                                                  size_t *outlen);

#endif

#endif /* USE_KRB5 */



/* This is used to generate a base64 encoded XOAUTH2 authentication message

   containing the user name and bearer token */

lib/curl_sasl_sspi.c

+4 −1
Original line number Diff line number Diff line
@@ -44,7 +44,9 @@ 
/* The last #include file should be: */

#include "memdebug.h"



#if defined(USE_KRB5)

void Curl_sasl_gssapi_cleanup(struct kerberos5data *krb5);

#endif



/*

 * Curl_sasl_build_spn()
@@ -269,9 +271,9 @@ CURLcode Curl_sasl_create_digest_md5_message(struct SessionHandle *data, 


  return result;

}



#endif /* !CURL_DISABLE_CRYPTO_AUTH */



#if defined(USE_KRB5)

/*

 * Curl_sasl_create_gssapi_user_message()

 *
@@ -703,5 +705,6 @@ void Curl_sasl_gssapi_cleanup(struct kerberos5data *krb5) 
  /* Reset any variables */

  krb5->token_max = 0;

}

#endif /* USE_KRB5 */



#endif /* USE_WINDOWS_SSPI */

lib/curl_setup.h

+7 −1
Original line number Diff line number Diff line
@@ -608,12 +608,18 @@ int netware_init(void); 
#define USE_SSL    /* SSL support has been enabled */

#endif



/* Single point where USE_SPNEGO definition might be defined */

#if !defined(CURL_DISABLE_CRYPTO_AUTH) && \

    (defined(HAVE_GSSAPI) || defined(USE_WINDOWS_SSPI))

#define USE_SPNEGO

#endif



/* Single point where USE_NTLM definition might be done */

/* Single point where USE_KRB5 definition might be defined */

#if !defined(CURL_DISABLE_CRYPTO_AUTH) && defined(USE_WINDOWS_SSPI)

#define USE_KRB5

#endif



/* Single point where USE_NTLM definition might be defined */

#if !defined(CURL_DISABLE_HTTP) && !defined(CURL_DISABLE_NTLM) && \

    !defined(CURL_DISABLE_CRYPTO_AUTH)

#if defined(USE_SSLEAY) || defined(USE_WINDOWS_SSPI) || \

lib/imap.c

+3 −3
Original line number Diff line number Diff line
@@ -1300,7 +1300,7 @@ static CURLcode imap_state_auth_ntlm_type2msg_resp(struct connectdata *conn, 
}

#endif



#if defined(USE_WINDOWS_SSPI)

#if defined(USE_KRB5)

/* For AUTHENTICATE GSSAPI (without initial response) responses */

static CURLcode imap_state_auth_gssapi_resp(struct connectdata *conn,

                                            int imapcode,
@@ -1911,7 +1911,7 @@ static CURLcode imap_statemach_act(struct connectdata *conn) 
      break;

#endif



#if defined(USE_WINDOWS_SSPI)

#if defined(USE_KRB5)

    case IMAP_AUTHENTICATE_GSSAPI:

      result = imap_state_auth_gssapi_resp(conn, imapcode, imapc->state);

      break;
@@ -2803,7 +2803,7 @@ static CURLcode imap_calc_sasl_details(struct connectdata *conn, 


  /* Calculate the supported authentication mechanism, by decreasing order of

     security, as well as the initial response where appropriate */

#if defined(USE_WINDOWS_SSPI)

#if defined(USE_KRB5)

    if((imapc->authmechs & SASL_MECH_GSSAPI) &&

       (imapc->prefmech & SASL_MECH_GSSAPI)) {

    imapc->mutual_auth = FALSE; /* TODO: Calculate mutual authentication */