← Back to branch summary

~ubuntu-branches/ubuntu/raring/curl/raring-updates

« back to all changes in this revision

Viewing changes to lib/http_negotiate_sspi.c

  • Committer: Package Import Robot
  • Author(s): Alessandro Ghedini
  • Date: 2011-11-13 21:07:32 UTC
  • mto: (3.6.1 experimental) (1.3.1)
  • mto: This revision was merged to the branch mainline in revision 55.
  • Revision ID: package-import@ubuntu.com-20111113210732-bk5n25x2tu7aplur
Tags: upstream-7.22.0
ImportĀ upstreamĀ versionĀ 7.22.0

Show diffs side-by-side

added added

removed removed

Lines of Context:
lib/http_negotiate_sspi.c
19
19
 * KIND, either express or implied.
20
20
 *
21
21
 ***************************************************************************/
 
22
 
22
23
#include "setup.h"
23
24
 
24
25
#ifdef USE_WINDOWS_SSPI
25
26
 
26
27
#ifndef CURL_DISABLE_HTTP
27
 
/* -- WIN32 approved -- */
28
 
#include <stdio.h>
29
 
#include <string.h>
30
 
#include <stdarg.h>
31
 
#include <stdlib.h>
32
 
#include <ctype.h>
33
28
 
34
29
#include "urldata.h"
35
30
#include "sendf.h"
45
40
#include "memdebug.h"
46
41
 
47
42
static int
48
 
get_gss_name(struct connectdata *conn, bool proxy, char *server)
 
43
get_gss_name(struct connectdata *conn, bool proxy,
 
44
             struct negotiatedata *neg_ctx)
49
45
{
50
 
  struct negotiatedata *neg_ctx = proxy?&conn->data->state.proxyneg:
51
 
    &conn->data->state.negotiate;
52
46
  const char* service;
53
47
  size_t length;
54
48
 
 
49
  if(proxy && !conn->proxy.name)
 
50
    /* proxy auth requested but no given proxy name, error out! */
 
51
    return -1;
 
52
 
55
53
  /* GSSAPI implementation by Globus (known as GSI) requires the name to be
56
54
     of form "<service>/<fqdn>" instead of <service>@<fqdn> (ie. slash instead
57
55
     of at-sign). Also GSI servers are often identified as 'host' not 'khttp'.
71
69
  if(length + 1 > sizeof(neg_ctx->server_name))
72
70
    return EMSGSIZE;
73
71
 
74
 
  snprintf(server, sizeof(neg_ctx->server_name), "%s/%s",
 
72
  snprintf(neg_ctx->server_name, sizeof(neg_ctx->server_name), "%s/%s",
75
73
           service, proxy ? conn->proxy.name : conn->host.name);
76
74
 
77
75
  return 0;
84
82
{
85
83
  struct negotiatedata *neg_ctx = proxy?&conn->data->state.proxyneg:
86
84
    &conn->data->state.negotiate;
87
 
  BYTE                          *input_token = 0;
 
85
  BYTE              *input_token = 0;
88
86
  SecBufferDesc     out_buff_desc;
89
87
  SecBuffer         out_sec_buff;
90
88
  SecBufferDesc     in_buff_desc;
96
94
  size_t len = 0, input_token_len = 0;
97
95
  bool gss = FALSE;
98
96
  const char* protocol;
 
97
  CURLcode error;
99
98
 
100
99
  while(*header && ISSPACE(*header))
101
100
    header++;
129
128
    return -1;
130
129
  }
131
130
 
132
 
  if(strlen(neg_ctx->server_name) == 0 &&
133
 
     (ret = get_gss_name(conn, proxy, neg_ctx->server_name)))
134
 
    return ret;
 
131
  if(0 == strlen(neg_ctx->server_name)) {
 
132
    ret = get_gss_name(conn, proxy, neg_ctx);
 
133
    if(ret)
 
134
      return ret;
 
135
  }
135
136
 
136
137
  if(!neg_ctx->output_token) {
137
138
    PSecPkgInfo SecurityPackage;
176
177
    if(!input_token)
177
178
      return -1;
178
179
 
179
 
    input_token_len = Curl_base64_decode(header,
180
 
                                         (unsigned char **)&input_token);
181
 
    if(input_token_len == 0)
 
180
    error = Curl_base64_decode(header,
 
181
                               (unsigned char **)&input_token,
 
182
                               &input_token_len);
 
183
    if(error || input_token_len == 0)
182
184
      return -1;
183
185
  }
184
186
 
238
240
  struct negotiatedata *neg_ctx = proxy?&conn->data->state.proxyneg:
239
241
    &conn->data->state.negotiate;
240
242
  char *encoded = NULL;
241
 
  size_t len;
 
243
  size_t len = 0;
242
244
  char *userp;
 
245
  CURLcode error;
243
246
 
244
 
  len = Curl_base64_encode(conn->data,
245
 
                           (const char*)neg_ctx->output_token,
246
 
                           neg_ctx->output_token_length,
247
 
                           &encoded);
 
247
  error = Curl_base64_encode(conn->data,
 
248
                             (const char*)neg_ctx->output_token,
 
249
                             neg_ctx->output_token_length,
 
250
                             &encoded, &len);
 
251
  if(error)
 
252
    return error;
248
253
 
249
254
  if(len == 0)
250
 
    return CURLE_OUT_OF_MEMORY;
 
255
    return CURLE_REMOTE_ACCESS_DENIED;
251
256
 
252
257
  userp = aprintf("%sAuthorization: %s %s\r\n", proxy ? "Proxy-" : "",
253
258
                  neg_ctx->protocol, encoded);