← Back to branch summary

~ubuntu-branches/ubuntu/lucid/curl/lucid-security

« back to all changes in this revision

Viewing changes to lib/krb5.c

  • Committer: Bazaar Package Importer
  • Author(s): Michael Vogt
  • Date: 2009-04-29 11:10:29 UTC
  • mfrom: (3.2.3 sid)
  • Revision ID: james.westby@ubuntu.com-20090429111029-2j5eiyokfw2bw049
Tags: 7.19.4-1ubuntu1
* Merge from debian unstable, remaining changes:
  - Drop build dependencies: stunnel, libdb4.6-dev, libssh2-1-dev
  - Add build-dependency on openssh-server
  - Drop libssh2-1-dev from libcurl4-openssl-dev's Depends.
  - Call automake-1.9 with --add-missing --copy --force
* drop debian/patches/security_CVE-2009-0037.patch 
  - this patch is part of 7.19.4

Show diffs side-by-side

added added

removed removed

Lines of Context:
lib/krb5.c
2
2
 *
3
3
 * Copyright (c) 1995, 1996, 1997, 1998, 1999 Kungliga Tekniska H�gskolan
4
4
 * (Royal Institute of Technology, Stockholm, Sweden).
 
5
 * Copyright (c) 2004 - 2008 Daniel Stenberg
5
6
 * All rights reserved.
6
7
 *
7
8
 * Redistribution and use in source and binary forms, with or without
56
57
#endif
57
58
 
58
59
#include "urldata.h"
59
 
#include "base64.h"
 
60
#include "curl_base64.h"
60
61
#include "ftp.h"
61
62
#include "sendf.h"
62
63
#include "krb4.h"
131
132
  /* shut gcc up */
132
133
  conn = NULL;
133
134
 
134
 
  /* NOTE that the cast is safe, neither of the krb5, gnu gss and heimdal 
 
135
  /* NOTE that the cast is safe, neither of the krb5, gnu gss and heimdal
135
136
   * libraries modify the input buffer in gss_seal()
136
137
   */
137
138
  dec.value = (void*)from;
138
139
  dec.length = length;
139
140
  maj = gss_seal(&min, *context,
140
 
                 level == prot_private,
141
 
                 GSS_C_QOP_DEFAULT,
142
 
                 &dec, &state, &enc);
 
141
                 level == prot_private,
 
142
                 GSS_C_QOP_DEFAULT,
 
143
                 &dec, &state, &enc);
143
144
 
144
145
  if(maj != GSS_S_COMPLETE)
145
146
    return -1;
177
178
 
178
179
  chan.initiator_addrtype = GSS_C_AF_INET;
179
180
  chan.initiator_address.length = l - 4;
180
 
  chan.initiator_address.value = &((struct sockaddr_in *)LOCAL_ADDR)->sin_addr.s_addr;
 
181
  chan.initiator_address.value =
 
182
    &((struct sockaddr_in *)LOCAL_ADDR)->sin_addr.s_addr;
181
183
  chan.acceptor_addrtype = GSS_C_AF_INET;
182
184
  chan.acceptor_address.length = l - 4;
183
 
  chan.acceptor_address.value = &((struct sockaddr_in *)REMOTE_ADDR)->sin_addr.s_addr;
 
185
  chan.acceptor_address.value =
 
186
    &((struct sockaddr_in *)REMOTE_ADDR)->sin_addr.s_addr;
184
187
  chan.application_data.length = 0;
185
188
  chan.application_data.value = NULL;
186
189
 
191
194
      result = Curl_ftpsendf(conn, "AUTH GSSAPI");
192
195
 
193
196
      if(result)
194
 
        return -2;
 
197
        return -2;
195
198
      if(Curl_GetFTPResponse(&nread, conn, NULL))
196
 
        return -1;
 
199
        return -1;
197
200
 
198
201
      if(data->state.buffer[0] != '3')
199
 
        return -1;
 
202
        return -1;
200
203
    }
201
204
 
202
205
    gssbuf.value = data->state.buffer;
205
208
    if(maj != GSS_S_COMPLETE) {
206
209
      gss_release_name(&min, &gssname);
207
210
      if(service == srv_host) {
208
 
        Curl_failf(data, "Error importing service name %s", gssbuf.value);
209
 
        return AUTH_ERROR;
 
211
        Curl_failf(data, "Error importing service name %s", gssbuf.value);
 
212
        return AUTH_ERROR;
210
213
      }
211
214
      service = srv_host;
212
215
      continue;
223
226
    do {
224
227
      ret = AUTH_OK;
225
228
      maj = gss_init_sec_context(&min,
226
 
                                 GSS_C_NO_CREDENTIAL,
227
 
                                 context,
228
 
                                 gssname,
229
 
                                 GSS_C_NO_OID,
230
 
                                 GSS_C_MUTUAL_FLAG | GSS_C_REPLAY_FLAG,
231
 
                                 0,
232
 
                                 &chan,
233
 
                                 gssresp,
234
 
                                 NULL,
235
 
                                 &gssbuf,
236
 
                                 NULL,
237
 
                                 NULL);
 
229
                                 GSS_C_NO_CREDENTIAL,
 
230
                                 context,
 
231
                                 gssname,
 
232
                                 GSS_C_NO_OID,
 
233
                                 GSS_C_MUTUAL_FLAG | GSS_C_REPLAY_FLAG,
 
234
                                 0,
 
235
                                 &chan,
 
236
                                 gssresp,
 
237
                                 NULL,
 
238
                                 &gssbuf,
 
239
                                 NULL,
 
240
                                 NULL);
238
241
 
239
242
      if(gssresp) {
240
 
        free(_gssresp.value);
241
 
        gssresp = NULL;
 
243
        free(_gssresp.value);
 
244
        gssresp = NULL;
242
245
      }
243
246
 
244
247
      if(maj != GSS_S_COMPLETE && maj != GSS_S_CONTINUE_NEEDED) {
245
 
        Curl_infof(data, "Error creating security context");
246
 
        ret = AUTH_ERROR;
247
 
        break;
 
248
        Curl_infof(data, "Error creating security context");
 
249
        ret = AUTH_ERROR;
 
250
        break;
248
251
      }
249
252
 
250
253
      if(gssbuf.length != 0) {
251
 
        if(Curl_base64_encode(data, (char *)gssbuf.value, gssbuf.length, &p) < 1) {
252
 
          Curl_infof(data, "Out of memory base64-encoding");
253
 
          ret = AUTH_CONTINUE;
254
 
          break;
255
 
        }
256
 
 
257
 
        result = Curl_ftpsendf(conn, "ADAT %s", p);
258
 
 
259
 
        free(p);
260
 
 
261
 
        if(result) {
262
 
          ret = -2;
263
 
          break;
264
 
        }
265
 
 
266
 
        if(Curl_GetFTPResponse(&nread, conn, NULL)) {
267
 
          ret = -1;
268
 
          break;
269
 
        }
270
 
 
271
 
        if(data->state.buffer[0] != '2' && data->state.buffer[0] != '3'){
272
 
          Curl_infof(data, "Server didn't accept auth data\n");
273
 
          ret = AUTH_ERROR;
274
 
          break;
275
 
        }
276
 
 
277
 
        p = data->state.buffer + 4;
278
 
        p = strstr(p, "ADAT=");
279
 
        if(p) {
280
 
          _gssresp.length = Curl_base64_decode(p + 5, (unsigned char **)&_gssresp.value);
281
 
          if(_gssresp.length < 1) {
282
 
            Curl_failf(data, "Out of memory base64-encoding");
283
 
            ret = AUTH_CONTINUE;
284
 
            break;
285
 
          }
286
 
        }
287
 
 
288
 
        gssresp = &_gssresp;
 
254
        if(Curl_base64_encode(data, (char *)gssbuf.value, gssbuf.length, &p)
 
255
           < 1) {
 
256
          Curl_infof(data, "Out of memory base64-encoding");
 
257
          ret = AUTH_CONTINUE;
 
258
          break;
 
259
        }
 
260
 
 
261
        result = Curl_ftpsendf(conn, "ADAT %s", p);
 
262
 
 
263
        free(p);
 
264
 
 
265
        if(result) {
 
266
          ret = -2;
 
267
          break;
 
268
        }
 
269
 
 
270
        if(Curl_GetFTPResponse(&nread, conn, NULL)) {
 
271
          ret = -1;
 
272
          break;
 
273
        }
 
274
 
 
275
        if(data->state.buffer[0] != '2' && data->state.buffer[0] != '3'){
 
276
          Curl_infof(data, "Server didn't accept auth data\n");
 
277
          ret = AUTH_ERROR;
 
278
          break;
 
279
        }
 
280
 
 
281
        p = data->state.buffer + 4;
 
282
        p = strstr(p, "ADAT=");
 
283
        if(p) {
 
284
          _gssresp.length = Curl_base64_decode(p + 5, (unsigned char **)
 
285
                                               &_gssresp.value);
 
286
          if(_gssresp.length < 1) {
 
287
            Curl_failf(data, "Out of memory base64-encoding");
 
288
            ret = AUTH_CONTINUE;
 
289
            break;
 
290
          }
 
291
        }
 
292
 
 
293
        gssresp = &_gssresp;
289
294
      }
290
295
    } while(maj == GSS_S_CONTINUE_NEEDED);
291
296