mirror of
https://github.com/moparisthebest/curl
synced 2024-12-22 08:08:50 -05:00
http_negotiate_sspi: Use a dynamic buffer for SPN generation
Updated to use a dynamic buffer for the SPN generation via the recently introduced Curl_sasl_build_spn() function rather than a fixed buffer of 1024 characters, which should have been more than enough, but by using the new function removes the need for another variable sname to do the wide character conversion in Unicode builds.
This commit is contained in:
parent
d01e30431c
commit
72945b856e
@ -31,6 +31,7 @@
|
|||||||
#include "rawstr.h"
|
#include "rawstr.h"
|
||||||
#include "warnless.h"
|
#include "warnless.h"
|
||||||
#include "curl_base64.h"
|
#include "curl_base64.h"
|
||||||
|
#include "curl_sasl.h"
|
||||||
#include "http_negotiate.h"
|
#include "http_negotiate.h"
|
||||||
#include "curl_memory.h"
|
#include "curl_memory.h"
|
||||||
#include "curl_multibyte.h"
|
#include "curl_multibyte.h"
|
||||||
@ -46,19 +47,16 @@ get_gss_name(struct connectdata *conn, bool proxy,
|
|||||||
struct negotiatedata *neg_ctx)
|
struct negotiatedata *neg_ctx)
|
||||||
{
|
{
|
||||||
const char* service = "HTTP";
|
const char* service = "HTTP";
|
||||||
size_t length;
|
|
||||||
|
|
||||||
if(proxy && !conn->proxy.name)
|
if(proxy && !conn->proxy.name)
|
||||||
/* proxy auth requested but no given proxy name, error out! */
|
/* proxy auth requested but no given proxy name, error out! */
|
||||||
return -1;
|
return -1;
|
||||||
|
|
||||||
length = strlen(service) + 1 + strlen(proxy ? conn->proxy.name :
|
neg_ctx->server_name = Curl_sasl_build_spn(service,
|
||||||
conn->host.name) + 1;
|
proxy ? conn->proxy.name :
|
||||||
if(length + 1 > sizeof(neg_ctx->server_name))
|
conn->host.name);
|
||||||
return EMSGSIZE;
|
if(!neg_ctx->server_name)
|
||||||
|
return -1;
|
||||||
snprintf(neg_ctx->server_name, sizeof(neg_ctx->server_name), "%s/%s",
|
|
||||||
service, proxy ? conn->proxy.name : conn->host.name);
|
|
||||||
|
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
@ -75,7 +73,6 @@ int Curl_input_negotiate(struct connectdata *conn, bool proxy,
|
|||||||
SecBuffer in_sec_buff;
|
SecBuffer in_sec_buff;
|
||||||
unsigned long context_attributes;
|
unsigned long context_attributes;
|
||||||
TimeStamp lifetime;
|
TimeStamp lifetime;
|
||||||
TCHAR *sname;
|
|
||||||
int ret;
|
int ret;
|
||||||
size_t len = 0, input_token_len = 0;
|
size_t len = 0, input_token_len = 0;
|
||||||
CURLcode error;
|
CURLcode error;
|
||||||
@ -113,7 +110,7 @@ int Curl_input_negotiate(struct connectdata *conn, bool proxy,
|
|||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
|
|
||||||
if(!strlen(neg_ctx->server_name)) {
|
if(!neg_ctx->server_name) {
|
||||||
ret = get_gss_name(conn, proxy, neg_ctx);
|
ret = get_gss_name(conn, proxy, neg_ctx);
|
||||||
if(ret)
|
if(ret)
|
||||||
return ret;
|
return ret;
|
||||||
@ -203,15 +200,11 @@ int Curl_input_negotiate(struct connectdata *conn, bool proxy,
|
|||||||
in_sec_buff.cbBuffer = curlx_uztoul(input_token_len);
|
in_sec_buff.cbBuffer = curlx_uztoul(input_token_len);
|
||||||
}
|
}
|
||||||
|
|
||||||
sname = Curl_convert_UTF8_to_tchar(neg_ctx->server_name);
|
|
||||||
if(!sname)
|
|
||||||
return CURLE_OUT_OF_MEMORY;
|
|
||||||
|
|
||||||
/* Generate our message */
|
/* Generate our message */
|
||||||
neg_ctx->status = s_pSecFn->InitializeSecurityContext(
|
neg_ctx->status = s_pSecFn->InitializeSecurityContext(
|
||||||
neg_ctx->credentials,
|
neg_ctx->credentials,
|
||||||
input_token ? neg_ctx->context : NULL,
|
input_token ? neg_ctx->context : NULL,
|
||||||
sname,
|
neg_ctx->server_name,
|
||||||
ISC_REQ_CONFIDENTIALITY,
|
ISC_REQ_CONFIDENTIALITY,
|
||||||
0,
|
0,
|
||||||
SECURITY_NATIVE_DREP,
|
SECURITY_NATIVE_DREP,
|
||||||
@ -222,7 +215,6 @@ int Curl_input_negotiate(struct connectdata *conn, bool proxy,
|
|||||||
&context_attributes,
|
&context_attributes,
|
||||||
&lifetime);
|
&lifetime);
|
||||||
|
|
||||||
Curl_unicodefree(sname);
|
|
||||||
Curl_safefree(input_token);
|
Curl_safefree(input_token);
|
||||||
|
|
||||||
if(GSS_ERROR(neg_ctx->status))
|
if(GSS_ERROR(neg_ctx->status))
|
||||||
@ -293,6 +285,8 @@ static void cleanup(struct negotiatedata *neg_ctx)
|
|||||||
neg_ctx->max_token_length = 0;
|
neg_ctx->max_token_length = 0;
|
||||||
Curl_safefree(neg_ctx->output_token);
|
Curl_safefree(neg_ctx->output_token);
|
||||||
|
|
||||||
|
Curl_safefree(neg_ctx->server_name);
|
||||||
|
|
||||||
Curl_sspi_free_identity(neg_ctx->p_identity);
|
Curl_sspi_free_identity(neg_ctx->p_identity);
|
||||||
neg_ctx->p_identity = NULL;
|
neg_ctx->p_identity = NULL;
|
||||||
}
|
}
|
||||||
|
@ -463,7 +463,7 @@ struct negotiatedata {
|
|||||||
CredHandle *credentials;
|
CredHandle *credentials;
|
||||||
SEC_WINNT_AUTH_IDENTITY identity;
|
SEC_WINNT_AUTH_IDENTITY identity;
|
||||||
SEC_WINNT_AUTH_IDENTITY *p_identity;
|
SEC_WINNT_AUTH_IDENTITY *p_identity;
|
||||||
char server_name[1024];
|
TCHAR *server_name;
|
||||||
size_t max_token_length;
|
size_t max_token_length;
|
||||||
BYTE *output_token;
|
BYTE *output_token;
|
||||||
size_t output_token_length;
|
size_t output_token_length;
|
||||||
|
Loading…
Reference in New Issue
Block a user