diff --git a/lib/security.c b/lib/security.c index e62951adb..39a80ee32 100644 --- a/lib/security.c +++ b/lib/security.c @@ -1,9 +1,12 @@ -/* modified by Martin Hedenfalk for use in Curl - * last modified 2000-09-18 - * Even more obscurified to merge better into libcurl by Daniel Stenberg. - */ - -/* +/* This source code was modified by Martin Hedenfalk for + * use in Curl. His latest changes were done 2000-09-18. + * + * It has since been patched and modified a lot by Daniel Stenberg + * to make it better applied to curl conditions, and to make + * it not use globals, pollute name space and more. This source code awaits a + * rewrite to work around the paragraph 2 in the BSD licenses as explained + * below. + * * Copyright (c) 1998, 1999 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. @@ -33,8 +36,7 @@ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - */ + * SUCH DAMAGE. */ #include "setup.h" @@ -83,24 +85,22 @@ name_to_level(const char *name) return (enum protection_level)-1; } -static struct sec_client_mech *mechs[] = { +static struct Curl_sec_client_mech *mechs[] = { #ifdef KRB5 - &gss_client_mech, + /* not supported */ #endif #ifdef KRB4 - &krb4_client_mech, + &Curl_krb4_client_mech, #endif NULL }; -static struct sec_client_mech *mech; - int -sec_getc(struct connectdata *conn, FILE *F) +Curl_sec_getc(struct connectdata *conn, FILE *F) { if(conn->sec_complete && conn->data_prot) { char c; - if(sec_read(conn, fileno(F), &c, 1) <= 0) + if(Curl_sec_read(conn, fileno(F), &c, 1) <= 0) return EOF; return c; } @@ -159,8 +159,8 @@ sec_get_data(struct connectdata *conn, return 0; else if (b < 0) return -1; - buf->size = (*mech->decode)(conn->app_data, buf->data, len, - conn->data_prot, conn); + buf->size = (conn->mech->decode)(conn->app_data, buf->data, len, + conn->data_prot, conn); buf->index = 0; return 0; } @@ -194,7 +194,7 @@ buffer_write(struct krb4buffer *buf, void *data, size_t len) } int -sec_read(struct connectdata *conn, int fd, void *buffer, int length) +Curl_sec_read(struct connectdata *conn, int fd, void *buffer, int length) { size_t len; int rx = 0; @@ -233,7 +233,8 @@ sec_send(struct connectdata *conn, int fd, char *from, int length) { int bytes; void *buf; - bytes = (*mech->encode)(conn->app_data, from, length, conn->data_prot, &buf, conn); + bytes = (conn->mech->encode)(conn->app_data, from, length, conn->data_prot, + &buf, conn); bytes = htonl(bytes); block_write(fd, &bytes, sizeof(bytes)); block_write(fd, buf, ntohl(bytes)); @@ -242,26 +243,11 @@ sec_send(struct connectdata *conn, int fd, char *from, int length) } int -sec_fflush(struct connectdata *conn, FILE *F) +Curl_sec_fflush_fd(struct connectdata *conn, int fd) { if(conn->data_prot != prot_clear) { if(conn->out_buffer.index > 0){ - sec_write(conn, fileno(F), - conn->out_buffer.data, conn->out_buffer.index); - conn->out_buffer.index = 0; - } - sec_send(conn, fileno(F), NULL, 0); - } - fflush(F); - return 0; -} - -int -sec_fflush_fd(struct connectdata *conn, int fd) -{ - if(conn->data_prot != prot_clear) { - if(conn->out_buffer.index > 0){ - sec_write(conn, fd, + Curl_sec_write(conn, fd, conn->out_buffer.data, conn->out_buffer.index); conn->out_buffer.index = 0; } @@ -271,7 +257,7 @@ sec_fflush_fd(struct connectdata *conn, int fd) } int -sec_write(struct connectdata *conn, int fd, char *buffer, int length) +Curl_sec_write(struct connectdata *conn, int fd, char *buffer, int length) { int len = conn->buffer_size; int tx = 0; @@ -279,7 +265,7 @@ sec_write(struct connectdata *conn, int fd, char *buffer, int length) if(conn->data_prot == prot_clear) return write(fd, buffer, length); - len -= (*mech->overhead)(conn->app_data, conn->data_prot, len); + len -= (conn->mech->overhead)(conn->app_data, conn->data_prot, len); while(length){ if(length < len) len = length; @@ -292,7 +278,7 @@ sec_write(struct connectdata *conn, int fd, char *buffer, int length) } int -sec_vfprintf2(struct connectdata *conn, FILE *f, const char *fmt, va_list ap) +Curl_sec_vfprintf2(struct connectdata *conn, FILE *f, const char *fmt, va_list ap) { char *buf; int ret; @@ -307,18 +293,18 @@ sec_vfprintf2(struct connectdata *conn, FILE *f, const char *fmt, va_list ap) } int -sec_fprintf2(struct connectdata *conn, FILE *f, const char *fmt, ...) +Curl_sec_fprintf2(struct connectdata *conn, FILE *f, const char *fmt, ...) { int ret; va_list ap; va_start(ap, fmt); - ret = sec_vfprintf2(conn, f, fmt, ap); + ret = Curl_sec_vfprintf2(conn, f, fmt, ap); va_end(ap); return ret; } int -sec_putc(struct connectdata *conn, int c, FILE *F) +Curl_sec_putc(struct connectdata *conn, int c, FILE *F) { char ch = c; if(conn->data_prot == prot_clear) @@ -326,14 +312,14 @@ sec_putc(struct connectdata *conn, int c, FILE *F) buffer_write(&conn->out_buffer, &ch, 1); if(c == '\n' || conn->out_buffer.index >= 1024 /* XXX */) { - sec_write(conn, fileno(F), conn->out_buffer.data, conn->out_buffer.index); + Curl_sec_write(conn, fileno(F), conn->out_buffer.data, conn->out_buffer.index); conn->out_buffer.index = 0; } return c; } int -sec_read_msg(struct connectdata *conn, char *s, int level) +Curl_sec_read_msg(struct connectdata *conn, char *s, int level) { int len; char *buf; @@ -342,7 +328,7 @@ sec_read_msg(struct connectdata *conn, char *s, int level) buf = malloc(strlen(s)); len = Curl_base64_decode(s + 4, buf); /* XXX */ - len = (*mech->decode)(conn->app_data, buf, len, level, conn); + len = (conn->mech->decode)(conn->app_data, buf, len, level, conn); if(len < 0) return -1; @@ -361,7 +347,7 @@ sec_read_msg(struct connectdata *conn, char *s, int level) /* modified to return how many bytes written, or -1 on error ***/ int -sec_vfprintf(struct connectdata *conn, FILE *f, const char *fmt, va_list ap) +Curl_sec_vfprintf(struct connectdata *conn, FILE *f, const char *fmt, va_list ap) { int ret = 0; char *buf; @@ -371,9 +357,9 @@ sec_vfprintf(struct connectdata *conn, FILE *f, const char *fmt, va_list ap) return vfprintf(f, fmt, ap); buf = aprintf(fmt, ap); - len = (*mech->encode)(conn->app_data, buf, strlen(buf), - conn->command_prot, &enc, - conn); + len = (conn->mech->encode)(conn->app_data, buf, strlen(buf), + conn->command_prot, &enc, + conn); free(buf); if(len < 0) { failf(conn->data, "Failed to encode command.\n"); @@ -383,60 +369,36 @@ sec_vfprintf(struct connectdata *conn, FILE *f, const char *fmt, va_list ap) failf(conn->data, "Out of memory base64-encoding.\n"); return -1; } -#ifdef FTP_SERVER - if(command_prot == prot_safe) - fprintf(f, "631 %s\r\n", buf); - else if(command_prot == prot_private) - fprintf(f, "632 %s\r\n", buf); - else if(command_prot == prot_confidential) - fprintf(f, "633 %s\r\n", buf); -#else if(conn->command_prot == prot_safe) ret = fprintf(f, "MIC %s", buf); else if(conn->command_prot == prot_private) ret = fprintf(f, "ENC %s", buf); else if(conn->command_prot == prot_confidential) ret = fprintf(f, "CONF %s", buf); -#endif + free(buf); return ret; } int -sec_fprintf(struct connectdata *conn, FILE *f, const char *fmt, ...) +Curl_sec_fprintf(struct connectdata *conn, FILE *f, const char *fmt, ...) { va_list ap; int ret; va_start(ap, fmt); - ret = sec_vfprintf(conn, f, fmt, ap); + ret = Curl_sec_vfprintf(conn, f, fmt, ap); va_end(ap); return ret; } -/* end common stuff */ -#ifdef FTP_SERVER - -/* snip */ - -#else /* FTP_SERVER */ - -#if 0 -void -sec_status(void) +enum protection_level +Curl_set_command_prot(struct connectdata *conn, enum protection_level level) { - if(conn->sec_complete){ - printf("Using %s for authentication.\n", mech->name); - printf("Using %s command channel.\n", level_to_name(command_prot)); - printf("Using %s data channel.\n", level_to_name(data_prot)); - if(buffer_size > 0) - printf("Protection buffer size: %lu.\n", - (unsigned long)buffer_size); - }else{ - printf("Not using any security mechanism.\n"); - } + enum protection_level old = conn->command_prot; + conn->command_prot = level; + return old; } -#endif static int sec_prot_internal(struct connectdata *conn, int level) @@ -486,59 +448,8 @@ sec_prot_internal(struct connectdata *conn, int level) return 0; } -enum protection_level -set_command_prot(struct connectdata *conn, enum protection_level level) -{ - enum protection_level old = conn->command_prot; - conn->command_prot = level; - return old; -} - -#if 0 void -sec_prot(int argc, char **argv) -{ - int level = -1; - - if(argc < 2 || argc > 3) - goto usage; - if(!sec_complete) { - printf("No security data exchange has taken place.\n"); - code = -1; - return; - } - level = name_to_level(argv[argc - 1]); - - if(level == -1) - goto usage; - - if((*mech->check_prot)(conn->app_data, level)) { - printf("%s does not implement %s protection.\n", - mech->name, level_to_name(level)); - code = -1; - return; - } - - if(argc == 2 || strncasecmp(argv[1], "data", strlen(argv[1])) == 0) { - if(sec_prot_internal(level) < 0){ - code = -1; - return; - } - } else if(strncasecmp(argv[1], "command", strlen(argv[1])) == 0) - set_command_prot(level); - else - goto usage; - code = 0; - return; - usage: - printf("usage: %s [command|data] [clear|safe|confidential|private]\n", - argv[0]); - code = -1; -} -#endif - -void -sec_set_protection_level(struct connectdata *conn) +Curl_sec_set_protection_level(struct connectdata *conn) { if(conn->sec_complete && conn->data_prot != conn->request_data_prot) sec_prot_internal(conn, conn->request_data_prot); @@ -546,7 +457,7 @@ sec_set_protection_level(struct connectdata *conn) int -sec_request_prot(struct connectdata *conn, const char *level) +Curl_sec_request_prot(struct connectdata *conn, const char *level) { int l = name_to_level(level); if(l == -1) @@ -556,10 +467,10 @@ sec_request_prot(struct connectdata *conn, const char *level) } int -sec_login(struct connectdata *conn) +Curl_sec_login(struct connectdata *conn) { int ret; - struct sec_client_mech **m; + struct Curl_sec_client_mech **m; ssize_t nread; struct UrlData *data=conn->data; @@ -610,7 +521,7 @@ sec_login(struct connectdata *conn) /* mechanism is supposed to output error string */ return -1; } - mech = *m; + conn->mech = *m; conn->sec_complete = 1; conn->command_prot = prot_safe; break; @@ -620,19 +531,18 @@ sec_login(struct connectdata *conn) } void -sec_end(struct connectdata *conn) +Curl_sec_end(struct connectdata *conn) { - if (mech != NULL) { - if(mech->end) - (*mech->end)(conn->app_data); - memset(conn->app_data, 0, mech->size); - free(conn->app_data); - conn->app_data = NULL; - } - conn->sec_complete = 0; - conn->data_prot = (enum protection_level)0; + if (conn->mech != NULL) { + if(conn->mech->end) + (conn->mech->end)(conn->app_data); + memset(conn->app_data, 0, conn->mech->size); + free(conn->app_data); + conn->app_data = NULL; + } + conn->sec_complete = 0; + conn->data_prot = (enum protection_level)0; + conn->mech=NULL; } -#endif /* FTP_SERVER */ - #endif /* KRB4 */