moparisthebest/curl
1
0
Fork 0
mirror of https://github.com/moparisthebest/curl synced 2024-12-21 23:58:49 -05:00
Code Issues Releases Wiki Activity

Markus Moeller's SPNEGO patch applied, with my edits, additions and minor

Browse Source 
cleanups.
This commit is contained in:
Daniel Stenberg 2003-09-19 12:56:22 +00:00
parent bbc01c36d2
commit 09ccfcdcd4
10 changed files with 150 additions and 16 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
CHANGES
View File

@ -6,6 +6,13 @@
Changelog Changelog
Daniel (19 September)
- Applied Markus Moeller's patch that introduces SPNEGO support if libcurl
is built with the FBopenssl libraries. curl_version_info() now returns
info on SPNEGO availability. The patch also made the GSSAPI stuff work fine
with the MIT GSS-library (the Heimdal one still works too).
Daniel (16 September) Daniel (16 September)
- Doing PUT with --digest failed, as reported in bug report #805853. - Doing PUT with --digest failed, as reported in bug report #805853.

32
configure.ac
View File

@ -457,6 +457,31 @@ else
AC_MSG_RESULT(no) AC_MSG_RESULT(no)
fi fi
dnl **********************************************************************
dnl Check for FBopenssl(SPNEGO) libraries
dnl **********************************************************************
AC_ARG_WITH(spnego,
AC_HELP_STRING([--with-spnego=DIR],
[Specify location of SPNEGO library fbopenssl]),
[ SPNEGO_ROOT="$withval"
want_spnego="yes" ]
)
AC_MSG_CHECKING([if SPNEGO support is requested])
if test x"$want_spnego" = xyes; then
if test -z "$SPNEGO_LIB_DIR"; then
LDFLAGS="$LDFLAGS -L$SPNEGO_ROOT $(wl)-R$SPNEGO_ROOT -lfbopenssl"
else
LDFLAGS="$LDFLAGS $SPNEGO_LIB_DIR"
fi
AC_DEFINE(HAVE_SPNEGO, 1, [Define this if you have the SPNEGO library fbopenssl])
AC_MSG_RESULT(yes)
else
AC_MSG_RESULT(no)
fi
dnl ********************************************************************** dnl **********************************************************************
dnl Check for GSS-API libraries dnl Check for GSS-API libraries
dnl ********************************************************************** dnl **********************************************************************
@ -507,7 +532,12 @@ if test x"$want_gss" = xyes; then
fi fi
AC_MSG_RESULT(yes) AC_MSG_RESULT(yes)
AC_DEFINE(GSSAPI, 1, [if you have the gssapi libraries]) AC_DEFINE(HAVE_GSSAPI, 1, [if you have the gssapi libraries])
if test -f "$GSSAPI_INCS/gssapi.h"; then
AC_DEFINE(HAVE_GSSHEIMDAL, 1, [if you have the Heimdal gssapi libraries])
else
AC_DEFINE(HAVE_GSSMIT, 1, [if you have the MIT gssapi libraries])
fi
else else
AC_MSG_RESULT(no) AC_MSG_RESULT(no)

6
docs/libcurl/curl_version_info.3
View File

@ -2,7 +2,7 @@
.\" nroff -man [file] .\" nroff -man [file]
.\" $Id$ .\" $Id$
.\" .\"
.TH curl_version_info 3 "12 Aug 2003" "libcurl 7.10.7" "libcurl Manual" .TH curl_version_info 3 "19 Sep 2003" "libcurl 7.10.8" "libcurl Manual"
.SH NAME .SH NAME
curl_version_info - returns run-time libcurl version info curl_version_info - returns run-time libcurl version info
.SH SYNOPSIS .SH SYNOPSIS
@ -84,6 +84,10 @@ interest for libcurl hackers. (added in 7.10.6)
libcurl was built with support for asynchronous name lookups, which allows libcurl was built with support for asynchronous name lookups, which allows
more exact timeouts (even on Windows) and less blocking when using the multi more exact timeouts (even on Windows) and less blocking when using the multi
interface. (added in 7.10.7) interface. (added in 7.10.7)
.TP
.B CURL_VERSION_SPNEGO
libcurl was built with support for SPNEGO authentication (Simple and Protected
GSS-API Negotiation Mechanism, defined in RFC 2478.) (added in 7.10.8)
.PP .PP
\fIssl_version\fP is an ascii string for the OpenSSL version used. If libcurl \fIssl_version\fP is an ascii string for the OpenSSL version used. If libcurl
has no SSL support, this is NULL. has no SSL support, this is NULL.

1
include/curl/curl.h
View File

@ -1134,6 +1134,7 @@ typedef struct {
#define CURL_VERSION_GSSNEGOTIATE (1<<5) #define CURL_VERSION_GSSNEGOTIATE (1<<5)
#define CURL_VERSION_DEBUG (1<<6) /* built with debug capabilities */ #define CURL_VERSION_DEBUG (1<<6) /* built with debug capabilities */
#define CURL_VERSION_ASYNCHDNS (1<<7) #define CURL_VERSION_ASYNCHDNS (1<<7)
#define CURL_VERSION_SPNEGO (1<<8)
/* /*
* NAME curl_version_info() * NAME curl_version_info()

4
lib/http.c
View File

@ -238,7 +238,7 @@ CURLcode http_auth_headers(struct connectdata *conn,
} }
/* Send web authentication header if needed */ /* Send web authentication header if needed */
if (data->state.authstage == 401) { if (data->state.authstage == 401) {
#ifdef GSSAPI #ifdef HAVE_GSSAPI
if((data->state.authwant == CURLAUTH_GSSNEGOTIATE) && if((data->state.authwant == CURLAUTH_GSSNEGOTIATE) &&
data->state.negotiate.context && data->state.negotiate.context &&
!GSS_ERROR(data->state.negotiate.status)) { !GSS_ERROR(data->state.negotiate.status)) {
@ -324,7 +324,7 @@ CURLcode Curl_http_auth(struct connectdata *conn,
while(*start && isspace((int)*start)) while(*start && isspace((int)*start))
start++; start++;
#ifdef GSSAPI #ifdef HAVE_GSSAPI
if (checkprefix("GSS-Negotiate", start) || if (checkprefix("GSS-Negotiate", start) ||
checkprefix("Negotiate", start)) { checkprefix("Negotiate", start)) {
*availp |= CURLAUTH_GSSNEGOTIATE; *availp |= CURLAUTH_GSSNEGOTIATE;

92
lib/http_negotiate.c
View File

@ -22,7 +22,10 @@
***************************************************************************/ ***************************************************************************/
#include "setup.h" #include "setup.h"
#ifdef GSSAPI #ifdef HAVE_GSSAPI
#ifdef HAVE_GSSMIT
#define GSS_C_NT_HOSTBASED_SERVICE gss_nt_service_name
#endif
#ifndef CURL_DISABLE_HTTP #ifndef CURL_DISABLE_HTTP
/* -- WIN32 approved -- */ /* -- WIN32 approved -- */
@ -171,6 +174,46 @@ int Curl_input_negotiate(struct connectdata *conn, char *header)
if (rawlen < 0) if (rawlen < 0)
return -1; return -1;
input_token.length = rawlen; input_token.length = rawlen;
#ifdef SPNEGO /* Handle SPNEGO */
if (checkprefix("Negotiate", header)) {
ASN1_OBJECT * object = NULL;
int rc = 1;
unsigned char * spnegoToken = NULL;
size_t spnegoTokenLength = 0;
unsigned char * mechToken = NULL;
size_t mechTokenLength = 0;
spnegoToken = malloc(input_token.length);
if (input_token.value == NULL)
return ENOMEM;
spnegoTokenLength = input_token.length;
object = OBJ_txt2obj ("1.2.840.113554.1.2.2", 1);
if (!parseSpnegoTargetToken(spnegoToken,
spnegoTokenLength,
NULL,
NULL,
&mechToken,
&mechTokenLength,
NULL,
NULL)) {
free(spnegoToken);
spnegoToken = NULL;
infof(conn->data, "Parse SPNEGO Target Token failed\n");
}
else {
free(input_token.value);
input_token.value = NULL;
input_token.value = malloc(mechTokenLength);
memcpy(input_token.value, mechToken,mechTokenLength);
input_token.length = mechTokenLength;
free(mechToken);
mechToken = NULL;
infof(conn->data, "Parse SPNEGO Target Token succeded\n");
}
}
#endif
} }
major_status = gss_init_sec_context(&minor_status, major_status = gss_init_sec_context(&minor_status,
@ -212,9 +255,50 @@ CURLcode Curl_output_negotiate(struct connectdata *conn)
struct negotiatedata *neg_ctx = &conn->data->state.negotiate; struct negotiatedata *neg_ctx = &conn->data->state.negotiate;
OM_uint32 minor_status; OM_uint32 minor_status;
char *encoded = NULL; char *encoded = NULL;
int len = Curl_base64_encode(neg_ctx->output_token.value, int len;
neg_ctx->output_token.length,
&encoded); #ifdef SPNEGO /* Handle SPNEGO */
if (checkprefix("Negotiate",neg_ctx->protocol)) {
ASN1_OBJECT * object = NULL;
int rc = 1;
unsigned char * spnegoToken = NULL;
size_t spnegoTokenLength = 0;
unsigned char * responseToken = NULL;
size_t responseTokenLength = 0;
responseToken = malloc(neg_ctx->output_token.length);
if ( responseToken == NULL)
return CURLE_OUT_OF_MEMORY;
memcpy(responseToken, neg_ctx->output_token.value,
neg_ctx->output_token.length);
responseTokenLength = neg_ctx->output_token.length;
object=OBJ_txt2obj ("1.2.840.113554.1.2.2", 1);
if (!makeSpnegoInitialToken (object,
responseToken,
responseTokenLength,
&spnegoToken,
&spnegoTokenLength)) {
free(responseToken);
responseToken = NULL;
infof(conn->data, "Make SPNEGO Initial Token failed\n");
}
else {
free(neg_ctx->output_token.value);
responseToken = NULL;
neg_ctx->output_token.value = malloc(spnegoTokenLength);
memcpy(neg_ctx->output_token.value, spnegoToken,spnegoTokenLength);
neg_ctx->output_token.length = spnegoTokenLength;
free(spnegoToken);
spnegoToken = NULL;
infof(conn->data, "Make SPNEGO Initial Token succeded\n");
}
}
#endif
len = Curl_base64_encode(neg_ctx->output_token.value,
neg_ctx->output_token.length,
&encoded);
if (len < 0) if (len < 0)
return CURLE_OUT_OF_MEMORY; return CURLE_OUT_OF_MEMORY;

2
lib/http_negotiate.h
View File

@ -24,7 +24,7 @@
* $Id$ * $Id$
***************************************************************************/ ***************************************************************************/
#ifdef GSSAPI #ifdef HAVE_GSSAPI
/* this is for Negotiate header input */ /* this is for Negotiate header input */
int Curl_input_negotiate(struct connectdata *conn, char *header); int Curl_input_negotiate(struct connectdata *conn, char *header);

4
lib/url.c
View File

@ -879,7 +879,7 @@ CURLcode Curl_setopt(struct SessionHandle *data, CURLoption option, ...)
#ifndef USE_SSLEAY #ifndef USE_SSLEAY
auth &= ~CURLAUTH_NTLM; /* no NTLM without SSL */ auth &= ~CURLAUTH_NTLM; /* no NTLM without SSL */
#endif #endif
#ifndef GSSAPI #ifndef HAVE_GSSAPI
auth &= ~CURLAUTH_GSSNEGOTIATE; /* no GSS-Negotiate without GSSAPI */ auth &= ~CURLAUTH_GSSNEGOTIATE; /* no GSS-Negotiate without GSSAPI */
#endif #endif
if(!auth) if(!auth)
@ -899,7 +899,7 @@ CURLcode Curl_setopt(struct SessionHandle *data, CURLoption option, ...)
#ifndef USE_SSLEAY #ifndef USE_SSLEAY
auth &= ~CURLAUTH_NTLM; /* no NTLM without SSL */ auth &= ~CURLAUTH_NTLM; /* no NTLM without SSL */
#endif #endif
#ifndef GSSAPI #ifndef HAVE_GSSAPI
auth &= ~CURLAUTH_GSSNEGOTIATE; /* no GSS-Negotiate without GSSAPI */ auth &= ~CURLAUTH_GSSNEGOTIATE; /* no GSS-Negotiate without GSSAPI */
#endif #endif
if(!auth) if(!auth)

11
lib/urldata.h
View File

@ -86,9 +86,14 @@
#include <zlib.h> /* for content-encoding */ #include <zlib.h> /* for content-encoding */
#endif #endif
#ifdef GSSAPI #ifdef HAVE_GSSAPI
#ifdef HAVE_GSSMIT
#include <gssapi/gssapi.h>
#include <gssapi/gssapi_generic.h>
#else
#include <gssapi.h> #include <gssapi.h>
#endif #endif
#endif
#ifdef USE_ARES #ifdef USE_ARES
#include <ares.h> #include <ares.h>
@ -184,7 +189,7 @@ struct ntlmdata {
unsigned char nonce[8]; unsigned char nonce[8];
}; };
#ifdef GSSAPI #ifdef HAVE_GSSAPI
struct negotiatedata { struct negotiatedata {
bool gss; /* Whether we're processing GSS-Negotiate or Negotiate */ bool gss; /* Whether we're processing GSS-Negotiate or Negotiate */
const char* protocol; /* "GSS-Negotiate" or "Negotiate" */ const char* protocol; /* "GSS-Negotiate" or "Negotiate" */
@ -688,7 +693,7 @@ struct UrlState {
struct digestdata digest; struct digestdata digest;
#ifdef GSSAPI #ifdef HAVE_GSSAPI
struct negotiatedata negotiate; struct negotiatedata negotiate;
#endif #endif

7
lib/version.c
View File

@ -114,7 +114,7 @@ char *curl_version(void)
sprintf(ptr, " zlib/%s", zlibVersion()); sprintf(ptr, " zlib/%s", zlibVersion());
ptr += strlen(ptr); ptr += strlen(ptr);
#endif #endif
#ifdef GSSAPI #ifdef HAVE_GSSAPI
sprintf(ptr, " GSS"); sprintf(ptr, " GSS");
ptr += strlen(ptr); ptr += strlen(ptr);
#endif #endif
@ -177,7 +177,7 @@ static curl_version_info_data version_info = {
#ifdef HAVE_LIBZ #ifdef HAVE_LIBZ
| CURL_VERSION_LIBZ | CURL_VERSION_LIBZ
#endif #endif
#ifdef GSSAPI #ifdef HAVE_GSSAPI
| CURL_VERSION_GSSNEGOTIATE | CURL_VERSION_GSSNEGOTIATE
#endif #endif
#ifdef CURLDEBUG #ifdef CURLDEBUG
@ -185,6 +185,9 @@ static curl_version_info_data version_info = {
#endif #endif
#ifdef USE_ARES #ifdef USE_ARES
| CURL_VERSION_ASYNCHDNS | CURL_VERSION_ASYNCHDNS
#endif
#ifdef HAVE_SPNEGO
| CURL_VERSION_SPNEGO
#endif #endif
, ,
NULL, /* ssl_version */ NULL, /* ssl_version */