mirror of
https://github.com/moparisthebest/curl
synced 2024-12-21 23:58:49 -05:00
Added Curl_gss_init_sec_context.
This function wraps our calls to gss_init_sec_context so that we have a unified way to talk to GSSAPI.
This commit is contained in:
parent
6488e03f44
commit
20485a4885
@ -22,7 +22,7 @@ CSOURCES = file.c timeval.c base64.c hostip.c progress.c formdata.c \
|
|||||||
pingpong.c rtsp.c curl_threads.c warnless.c hmac.c polarssl.c \
|
pingpong.c rtsp.c curl_threads.c warnless.c hmac.c polarssl.c \
|
||||||
curl_rtmp.c openldap.c curl_gethostname.c gopher.c axtls.c \
|
curl_rtmp.c openldap.c curl_gethostname.c gopher.c axtls.c \
|
||||||
idn_win32.c http_negotiate_sspi.c cyassl.c http_proxy.c non-ascii.c \
|
idn_win32.c http_negotiate_sspi.c cyassl.c http_proxy.c non-ascii.c \
|
||||||
asyn-ares.c asyn-thread.c
|
asyn-ares.c asyn-thread.c gssapi.c
|
||||||
|
|
||||||
HHEADERS = arpa_telnet.h netrc.h file.h timeval.h qssl.h hostip.h \
|
HHEADERS = arpa_telnet.h netrc.h file.h timeval.h qssl.h hostip.h \
|
||||||
progress.h formdata.h cookie.h http.h sendf.h ftp.h url.h dict.h \
|
progress.h formdata.h cookie.h http.h sendf.h ftp.h url.h dict.h \
|
||||||
@ -37,4 +37,4 @@ HHEADERS = arpa_telnet.h netrc.h file.h timeval.h qssl.h hostip.h \
|
|||||||
curl_base64.h rawstr.h curl_addrinfo.h curl_sspi.h slist.h nonblock.h \
|
curl_base64.h rawstr.h curl_addrinfo.h curl_sspi.h slist.h nonblock.h \
|
||||||
curl_memrchr.h imap.h pop3.h smtp.h pingpong.h rtsp.h curl_threads.h \
|
curl_memrchr.h imap.h pop3.h smtp.h pingpong.h rtsp.h curl_threads.h \
|
||||||
warnless.h curl_hmac.h polarssl.h curl_rtmp.h curl_gethostname.h \
|
warnless.h curl_hmac.h polarssl.h curl_rtmp.h curl_gethostname.h \
|
||||||
gopher.h axtls.h cyassl.h http_proxy.h non-ascii.h asyn.h
|
gopher.h axtls.h cyassl.h http_proxy.h non-ascii.h asyn.h gssapi.h
|
||||||
|
53
lib/gssapi.c
Normal file
53
lib/gssapi.c
Normal file
@ -0,0 +1,53 @@
|
|||||||
|
/***************************************************************************
|
||||||
|
* _ _ ____ _
|
||||||
|
* Project ___| | | | _ \| |
|
||||||
|
* / __| | | | |_) | |
|
||||||
|
* | (__| |_| | _ <| |___
|
||||||
|
* \___|\___/|_| \_\_____|
|
||||||
|
*
|
||||||
|
* Copyright (C) 2011, Daniel Stenberg, <daniel@haxx.se>, et al.
|
||||||
|
*
|
||||||
|
* This software is licensed as described in the file COPYING, which
|
||||||
|
* you should have received as part of this distribution. The terms
|
||||||
|
* are also available at http://curl.haxx.se/docs/copyright.html.
|
||||||
|
*
|
||||||
|
* You may opt to use, copy, modify, merge, publish, distribute and/or sell
|
||||||
|
* copies of the Software, and permit persons to whom the Software is
|
||||||
|
* furnished to do so, under the terms of the COPYING file.
|
||||||
|
*
|
||||||
|
* This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
|
||||||
|
* KIND, either express or implied.
|
||||||
|
*
|
||||||
|
***************************************************************************/
|
||||||
|
|
||||||
|
#include "gssapi.h"
|
||||||
|
|
||||||
|
OM_uint32 Curl_gss_init_sec_context(
|
||||||
|
OM_uint32 * minor_status,
|
||||||
|
gss_cred_id_t cred_handle,
|
||||||
|
gss_ctx_id_t * context,
|
||||||
|
gss_name_t target_name,
|
||||||
|
gss_OID mech_type, /* needed? */
|
||||||
|
OM_uint32 req_flags, /* TBR. */
|
||||||
|
OM_uint32 time_req,
|
||||||
|
gss_channel_bindings_t input_chan_bindings,
|
||||||
|
gss_buffer_t input_token,
|
||||||
|
gss_OID * actual_mech_type,
|
||||||
|
gss_buffer_t output_token,
|
||||||
|
OM_uint32 * ret_flags,
|
||||||
|
OM_uint32 * time_rec)
|
||||||
|
{
|
||||||
|
return gss_init_sec_context(minor_status,
|
||||||
|
cred_handle,
|
||||||
|
context,
|
||||||
|
target_name,
|
||||||
|
mech_type,
|
||||||
|
req_flags,
|
||||||
|
time_req,
|
||||||
|
input_chan_bindings,
|
||||||
|
input_token,
|
||||||
|
actual_mech_type,
|
||||||
|
output_token,
|
||||||
|
ret_flags,
|
||||||
|
time_rec);
|
||||||
|
}
|
53
lib/gssapi.h
Normal file
53
lib/gssapi.h
Normal file
@ -0,0 +1,53 @@
|
|||||||
|
/***************************************************************************
|
||||||
|
* _ _ ____ _
|
||||||
|
* Project ___| | | | _ \| |
|
||||||
|
* / __| | | | |_) | |
|
||||||
|
* | (__| |_| | _ <| |___
|
||||||
|
* \___|\___/|_| \_\_____|
|
||||||
|
*
|
||||||
|
* Copyright (C) 2011, Daniel Stenberg, <daniel@haxx.se>, et al.
|
||||||
|
*
|
||||||
|
* This software is licensed as described in the file COPYING, which
|
||||||
|
* you should have received as part of this distribution. The terms
|
||||||
|
* are also available at http://curl.haxx.se/docs/copyright.html.
|
||||||
|
*
|
||||||
|
* You may opt to use, copy, modify, merge, publish, distribute and/or sell
|
||||||
|
* copies of the Software, and permit persons to whom the Software is
|
||||||
|
* furnished to do so, under the terms of the COPYING file.
|
||||||
|
*
|
||||||
|
* This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
|
||||||
|
* KIND, either express or implied.
|
||||||
|
*
|
||||||
|
***************************************************************************/
|
||||||
|
|
||||||
|
#include "setup.h"
|
||||||
|
|
||||||
|
#ifdef HAVE_GSSGNU
|
||||||
|
# include <gss.h>
|
||||||
|
#elif defined HAVE_GSSMIT
|
||||||
|
/* MIT style */
|
||||||
|
# include <gssapi/gssapi.h>
|
||||||
|
# include <gssapi/gssapi_generic.h>
|
||||||
|
# include <gssapi/gssapi_krb5.h>
|
||||||
|
#else
|
||||||
|
/* Heimdal-style */
|
||||||
|
# include <gssapi.h>
|
||||||
|
#endif
|
||||||
|
|
||||||
|
|
||||||
|
/* Common method for using gss api */
|
||||||
|
|
||||||
|
OM_uint32 Curl_gss_init_sec_context(
|
||||||
|
OM_uint32 * minor_status,
|
||||||
|
gss_cred_id_t cred_handle,
|
||||||
|
gss_ctx_id_t * context,
|
||||||
|
gss_name_t target_name,
|
||||||
|
gss_OID, /* mech_type (used to be const) */
|
||||||
|
OM_uint32, /* req_flags */
|
||||||
|
OM_uint32, /* time_req */
|
||||||
|
gss_channel_bindings_t, /* input_chan_bindings */
|
||||||
|
gss_buffer_t, /* input_token */
|
||||||
|
gss_OID *, /* actual_mech_type */
|
||||||
|
gss_buffer_t, /* output_token */
|
||||||
|
OM_uint32 *, /* ret_flags */
|
||||||
|
OM_uint32 *); /* time_rec */
|
@ -36,6 +36,7 @@
|
|||||||
|
|
||||||
#include "urldata.h"
|
#include "urldata.h"
|
||||||
#include "sendf.h"
|
#include "sendf.h"
|
||||||
|
#include "gssapi.h"
|
||||||
#include "rawstr.h"
|
#include "rawstr.h"
|
||||||
#include "curl_base64.h"
|
#include "curl_base64.h"
|
||||||
#include "http_negotiate.h"
|
#include "http_negotiate.h"
|
||||||
@ -238,19 +239,20 @@ int Curl_input_negotiate(struct connectdata *conn, bool proxy,
|
|||||||
#endif
|
#endif
|
||||||
}
|
}
|
||||||
|
|
||||||
major_status = gss_init_sec_context(&minor_status,
|
major_status = Curl_gss_init_sec_context(&minor_status,
|
||||||
GSS_C_NO_CREDENTIAL,
|
GSS_C_NO_CREDENTIAL,
|
||||||
&neg_ctx->context,
|
&neg_ctx->context,
|
||||||
neg_ctx->server_name,
|
neg_ctx->server_name,
|
||||||
GSS_C_NO_OID,
|
GSS_C_NO_OID,
|
||||||
GSS_C_MUTUAL_FLAG | GSS_C_REPLAY_FLAG,
|
GSS_C_MUTUAL_FLAG
|
||||||
0,
|
| GSS_C_REPLAY_FLAG,
|
||||||
GSS_C_NO_CHANNEL_BINDINGS,
|
0,
|
||||||
&input_token,
|
GSS_C_NO_CHANNEL_BINDINGS,
|
||||||
NULL,
|
&input_token,
|
||||||
&output_token,
|
NULL,
|
||||||
NULL,
|
&output_token,
|
||||||
NULL);
|
NULL,
|
||||||
|
NULL);
|
||||||
if(input_token.length > 0)
|
if(input_token.length > 0)
|
||||||
gss_release_buffer(&minor_status2, &input_token);
|
gss_release_buffer(&minor_status2, &input_token);
|
||||||
neg_ctx->status = major_status;
|
neg_ctx->status = major_status;
|
||||||
|
39
lib/krb5.c
39
lib/krb5.c
@ -47,21 +47,10 @@
|
|||||||
#endif
|
#endif
|
||||||
#include <string.h>
|
#include <string.h>
|
||||||
|
|
||||||
#ifdef HAVE_GSSGNU
|
|
||||||
# include <gss.h>
|
|
||||||
#elif defined HAVE_GSSMIT
|
|
||||||
/* MIT style */
|
|
||||||
# include <gssapi/gssapi.h>
|
|
||||||
# include <gssapi/gssapi_generic.h>
|
|
||||||
# include <gssapi/gssapi_krb5.h>
|
|
||||||
#else
|
|
||||||
/* Heimdal-style */
|
|
||||||
# include <gssapi.h>
|
|
||||||
#endif
|
|
||||||
|
|
||||||
#include "urldata.h"
|
#include "urldata.h"
|
||||||
#include "curl_base64.h"
|
#include "curl_base64.h"
|
||||||
#include "ftp.h"
|
#include "ftp.h"
|
||||||
|
#include "gssapi.h"
|
||||||
#include "sendf.h"
|
#include "sendf.h"
|
||||||
#include "krb4.h"
|
#include "krb4.h"
|
||||||
#include "curl_memory.h"
|
#include "curl_memory.h"
|
||||||
@ -242,19 +231,19 @@ krb5_auth(void *app_data, struct connectdata *conn)
|
|||||||
taken care by a final gss_release_buffer. */
|
taken care by a final gss_release_buffer. */
|
||||||
gss_release_buffer(&min, &output_buffer);
|
gss_release_buffer(&min, &output_buffer);
|
||||||
ret = AUTH_OK;
|
ret = AUTH_OK;
|
||||||
maj = gss_init_sec_context(&min,
|
maj = Curl_gss_init_sec_context(&min,
|
||||||
GSS_C_NO_CREDENTIAL,
|
GSS_C_NO_CREDENTIAL,
|
||||||
context,
|
context,
|
||||||
gssname,
|
gssname,
|
||||||
GSS_C_NO_OID,
|
GSS_C_NO_OID,
|
||||||
GSS_C_MUTUAL_FLAG | GSS_C_REPLAY_FLAG,
|
GSS_C_MUTUAL_FLAG | GSS_C_REPLAY_FLAG,
|
||||||
0,
|
0,
|
||||||
&chan,
|
&chan,
|
||||||
gssresp,
|
gssresp,
|
||||||
NULL,
|
NULL,
|
||||||
&output_buffer,
|
&output_buffer,
|
||||||
NULL,
|
NULL,
|
||||||
NULL);
|
NULL);
|
||||||
|
|
||||||
if(gssresp) {
|
if(gssresp) {
|
||||||
free(_gssresp.value);
|
free(_gssresp.value);
|
||||||
|
@ -37,6 +37,7 @@
|
|||||||
#include <stdlib.h>
|
#include <stdlib.h>
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
|
#include "gssapi.h"
|
||||||
#include "urldata.h"
|
#include "urldata.h"
|
||||||
#include "sendf.h"
|
#include "sendf.h"
|
||||||
#include "connect.h"
|
#include "connect.h"
|
||||||
@ -183,19 +184,19 @@ CURLcode Curl_SOCKS5_gssapi_negotiate(int sockindex,
|
|||||||
/* As long as we need to keep sending some context info, and there's no */
|
/* As long as we need to keep sending some context info, and there's no */
|
||||||
/* errors, keep sending it... */
|
/* errors, keep sending it... */
|
||||||
for(;;) {
|
for(;;) {
|
||||||
gss_major_status = gss_init_sec_context(&gss_minor_status,
|
gss_major_status = Curl_gss_init_sec_context(&gss_minor_status,
|
||||||
GSS_C_NO_CREDENTIAL,
|
GSS_C_NO_CREDENTIAL,
|
||||||
&gss_context, server,
|
&gss_context, server,
|
||||||
GSS_C_NULL_OID,
|
GSS_C_NULL_OID,
|
||||||
GSS_C_MUTUAL_FLAG |
|
GSS_C_MUTUAL_FLAG |
|
||||||
GSS_C_REPLAY_FLAG,
|
GSS_C_REPLAY_FLAG,
|
||||||
0,
|
0,
|
||||||
NULL,
|
NULL,
|
||||||
gss_token,
|
gss_token,
|
||||||
NULL,
|
NULL,
|
||||||
&gss_send_token,
|
&gss_send_token,
|
||||||
&gss_ret_flags,
|
&gss_ret_flags,
|
||||||
NULL);
|
NULL);
|
||||||
|
|
||||||
if(gss_token != GSS_C_NO_BUFFER)
|
if(gss_token != GSS_C_NO_BUFFER)
|
||||||
gss_release_buffer(&gss_status, &gss_recv_token);
|
gss_release_buffer(&gss_status, &gss_recv_token);
|
||||||
|
Loading…
Reference in New Issue
Block a user