2003-06-10 08:22:19 -04:00
|
|
|
/***************************************************************************
|
2004-06-24 07:54:11 -04:00
|
|
|
* _ _ ____ _
|
|
|
|
* Project ___| | | | _ \| |
|
|
|
|
* / __| | | | |_) | |
|
|
|
|
* | (__| |_| | _ <| |___
|
2003-06-10 08:22:19 -04:00
|
|
|
* \___|\___/|_| \_\_____|
|
|
|
|
*
|
2016-03-13 07:28:42 -04:00
|
|
|
* Copyright (C) 1998 - 2016, Daniel Stenberg, <daniel@haxx.se>, et al.
|
2003-06-10 08:22:19 -04:00
|
|
|
*
|
|
|
|
* This software is licensed as described in the file COPYING, which
|
|
|
|
* you should have received as part of this distribution. The terms
|
2016-02-02 18:19:02 -05:00
|
|
|
* are also available at https://curl.haxx.se/docs/copyright.html.
|
2004-06-24 07:54:11 -04:00
|
|
|
*
|
2003-06-10 08:22:19 -04:00
|
|
|
* You may opt to use, copy, modify, merge, publish, distribute and/or sell
|
|
|
|
* copies of the Software, and permit persons to whom the Software is
|
|
|
|
* furnished to do so, under the terms of the COPYING file.
|
|
|
|
*
|
|
|
|
* This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
|
|
|
|
* KIND, either express or implied.
|
|
|
|
*
|
|
|
|
***************************************************************************/
|
2011-07-26 11:23:27 -04:00
|
|
|
|
2013-01-06 13:06:49 -05:00
|
|
|
#include "curl_setup.h"
|
2003-06-10 08:22:19 -04:00
|
|
|
|
2016-03-13 16:09:15 -04:00
|
|
|
#if !defined(CURL_DISABLE_HTTP) && defined(USE_SPNEGO)
|
2003-06-10 08:22:19 -04:00
|
|
|
|
2013-01-03 20:50:28 -05:00
|
|
|
#include "urldata.h"
|
|
|
|
#include "sendf.h"
|
|
|
|
#include "rawstr.h"
|
|
|
|
#include "http_negotiate.h"
|
2015-09-12 06:48:24 -04:00
|
|
|
#include "vauth/vauth.h"
|
2015-03-03 06:36:18 -05:00
|
|
|
#include "curl_printf.h"
|
2003-06-10 08:22:19 -04:00
|
|
|
|
2015-03-24 18:12:03 -04:00
|
|
|
/* The last #include files should be: */
|
|
|
|
#include "curl_memory.h"
|
2013-01-03 20:50:28 -05:00
|
|
|
#include "memdebug.h"
|
2003-06-10 08:22:19 -04:00
|
|
|
|
2015-01-17 06:56:27 -05:00
|
|
|
CURLcode Curl_input_negotiate(struct connectdata *conn, bool proxy,
|
|
|
|
const char *header)
|
2004-06-24 07:54:11 -04:00
|
|
|
{
|
2011-07-19 13:10:43 -04:00
|
|
|
struct SessionHandle *data = conn->data;
|
2016-03-13 16:09:15 -04:00
|
|
|
size_t len;
|
2015-01-18 12:36:59 -05:00
|
|
|
|
2016-03-13 16:09:15 -04:00
|
|
|
/* Point to the username, password, service and host */
|
|
|
|
const char *userp;
|
|
|
|
const char *passwdp;
|
2016-03-13 14:51:46 -04:00
|
|
|
const char *service;
|
|
|
|
const char *host;
|
2015-01-18 12:36:59 -05:00
|
|
|
|
2016-03-13 14:51:46 -04:00
|
|
|
/* Point to the correct struct with this */
|
|
|
|
struct negotiatedata *neg_ctx;
|
2015-01-18 12:36:59 -05:00
|
|
|
|
2016-03-13 14:51:46 -04:00
|
|
|
if(proxy) {
|
2016-03-13 16:09:15 -04:00
|
|
|
userp = conn->proxyuser;
|
|
|
|
passwdp = conn->proxypasswd;
|
2016-03-13 14:51:46 -04:00
|
|
|
service = data->set.str[STRING_PROXY_SERVICE_NAME];
|
|
|
|
host = conn->host.name;
|
|
|
|
neg_ctx = &data->state.proxyneg;
|
|
|
|
}
|
|
|
|
else {
|
2016-03-13 16:09:15 -04:00
|
|
|
userp = conn->user;
|
|
|
|
passwdp = conn->passwd;
|
2016-03-13 14:51:46 -04:00
|
|
|
service = data->set.str[STRING_SERVICE_NAME];
|
|
|
|
host = conn->proxy.name;
|
|
|
|
neg_ctx = &data->state.negotiate;
|
2015-01-18 12:36:59 -05:00
|
|
|
}
|
2003-06-10 08:22:19 -04:00
|
|
|
|
2016-03-13 16:09:15 -04:00
|
|
|
/* Not set means empty */
|
|
|
|
if(!userp)
|
|
|
|
userp = "";
|
|
|
|
|
|
|
|
if(!passwdp)
|
|
|
|
passwdp = "";
|
|
|
|
|
2016-03-13 14:51:46 -04:00
|
|
|
/* Obtain the input token, if any */
|
2014-07-21 03:53:44 -04:00
|
|
|
header += strlen("Negotiate");
|
2006-10-17 17:32:56 -04:00
|
|
|
while(*header && ISSPACE(*header))
|
2003-06-10 08:22:19 -04:00
|
|
|
header++;
|
|
|
|
|
2016-03-13 16:09:15 -04:00
|
|
|
len = strlen(header);
|
|
|
|
if(!len) {
|
|
|
|
/* Is this the first call in a new negotiation? */
|
|
|
|
if(neg_ctx->context) {
|
|
|
|
/* The server rejected our authentication and hasn't suppled any more
|
|
|
|
negotiation mechanisms */
|
|
|
|
return CURLE_LOGIN_DENIED;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2016-03-13 14:51:46 -04:00
|
|
|
/* Initilise the security context and decode our challenge */
|
2016-03-13 16:09:15 -04:00
|
|
|
return Curl_auth_decode_spnego_message(data, userp, passwdp, service, host,
|
2016-03-13 14:51:46 -04:00
|
|
|
header, neg_ctx);
|
2015-01-17 06:56:27 -05:00
|
|
|
}
|
2003-06-10 08:22:19 -04:00
|
|
|
|
2007-09-21 07:05:31 -04:00
|
|
|
CURLcode Curl_output_negotiate(struct connectdata *conn, bool proxy)
|
2004-06-24 07:54:11 -04:00
|
|
|
{
|
2016-03-13 16:09:15 -04:00
|
|
|
struct negotiatedata *neg_ctx = proxy ? &conn->data->state.proxyneg :
|
2007-11-20 18:17:08 -05:00
|
|
|
&conn->data->state.negotiate;
|
2016-03-13 14:51:46 -04:00
|
|
|
char *base64 = NULL;
|
2011-08-24 02:07:36 -04:00
|
|
|
size_t len = 0;
|
2010-08-16 16:19:38 -04:00
|
|
|
char *userp;
|
2014-10-26 12:34:44 -04:00
|
|
|
CURLcode result;
|
2003-09-19 08:56:22 -04:00
|
|
|
|
2016-03-13 14:51:46 -04:00
|
|
|
result = Curl_auth_create_spnego_message(conn->data, neg_ctx, &base64, &len);
|
|
|
|
if(result)
|
|
|
|
return result;
|
2003-06-10 08:22:19 -04:00
|
|
|
|
2014-07-21 03:53:44 -04:00
|
|
|
userp = aprintf("%sAuthorization: Negotiate %s\r\n", proxy ? "Proxy-" : "",
|
2016-03-13 14:51:46 -04:00
|
|
|
base64);
|
|
|
|
|
2013-04-03 19:57:25 -04:00
|
|
|
if(proxy) {
|
|
|
|
Curl_safefree(conn->allocptr.proxyuserpwd);
|
2010-08-16 16:19:38 -04:00
|
|
|
conn->allocptr.proxyuserpwd = userp;
|
2013-04-03 19:57:25 -04:00
|
|
|
}
|
|
|
|
else {
|
|
|
|
Curl_safefree(conn->allocptr.userpwd);
|
2010-08-16 16:19:38 -04:00
|
|
|
conn->allocptr.userpwd = userp;
|
2013-04-03 19:57:25 -04:00
|
|
|
}
|
|
|
|
|
2016-03-13 14:51:46 -04:00
|
|
|
free(base64);
|
2013-04-03 19:57:25 -04:00
|
|
|
|
2010-08-16 16:19:38 -04:00
|
|
|
return (userp == NULL) ? CURLE_OUT_OF_MEMORY : CURLE_OK;
|
2003-06-10 08:22:19 -04:00
|
|
|
}
|
|
|
|
|
2007-11-20 18:17:08 -05:00
|
|
|
void Curl_cleanup_negotiate(struct SessionHandle *data)
|
|
|
|
{
|
2016-03-13 14:51:46 -04:00
|
|
|
Curl_auth_spnego_cleanup(&data->state.negotiate);
|
|
|
|
Curl_auth_spnego_cleanup(&data->state.proxyneg);
|
2007-11-20 18:17:08 -05:00
|
|
|
}
|
|
|
|
|
2016-03-13 16:09:15 -04:00
|
|
|
#endif /* !CURL_DISABLE_HTTP && USE_SPNEGO */
|