1
0
mirror of https://github.com/moparisthebest/curl synced 2024-12-21 23:58:49 -05:00

While inspecting the Negotiate code, I noticed how the proxy auth was using

the same state struct as the host auth, so both could never be used at the
same time! I fixed it (without being able to check) to use two separate
structs to allow authentication using Negotiate on host and proxy
simultanouesly.
This commit is contained in:
Daniel Stenberg 2007-11-20 23:17:08 +00:00
parent e2b2a84497
commit b6575ce0b0
5 changed files with 37 additions and 18 deletions

11
CHANGES
View File

@ -7,7 +7,18 @@
Changelog
Daniel S (21 Nov 2007)
- While inspecting the Negotiate code, I noticed how the proxy auth was using
the same state struct as the host auth, so both could never be used at the
same time! I fixed it (without being able to check) to use two separate
structs to allow authentication using Negotiate on host and proxy
simultanouesly.
Daniel S (20 Nov 2007)
- Emil Romanus pointed out a bug that made an easy handle get the cookie
engine activated when set to use a share (even if the share doesn't share
cookies). I fixed it.
- Fixed a very long-lasting mprintf() bug that occured when we did "%.*s%s",
since the second %s would then wrongly used the numerical precision argument
instead and crash.

View File

@ -24,6 +24,8 @@ This release includes the following bugfixes:
o variable wrapping when using debug callback and the HTTP request wasn't sent
in one go
o SSL connections with NSS done with the multi-interface
o setting a share no longer activates cookies
o Negotiate now works on auth and proxy simultanouesly
This release includes the following known bugs:
@ -42,6 +44,7 @@ This release would not have looked like this without help, code, reports and
advice from friends like these:
Dan Fandrich, Gisle Vanem, Toby Peterson, Yang Tse, Daniel Black,
Robin Johnson, Michal Marek, Ates Goral, Andres Garcia, Rob Crittenden
Robin Johnson, Michal Marek, Ates Goral, Andres Garcia, Rob Crittenden,
Emil Romanus
Thanks! (and sorry if I forgot to mention someone)

View File

@ -1,9 +1,6 @@
To be addressed before 7.17.2 (planned release: December 2007)
=============================
106 - Share interface force-enable the cookie parser
http://curl.haxx.se/mail/lib-2007-11/0234.html
107 - resolve the type= thing for FTP URLs over HTTP proxies
108 -

View File

@ -51,7 +51,8 @@
static int
get_gss_name(struct connectdata *conn, bool proxy, gss_name_t *server)
{
struct negotiatedata *neg_ctx = &conn->data->state.negotiate;
struct negotiatedata *neg_ctx = proxy?&conn->data->state.proxyneg:
&conn->data->state.negotiate;
OM_uint32 major_status, minor_status;
gss_buffer_desc token = GSS_C_EMPTY_BUFFER;
char name[2048];
@ -98,12 +99,12 @@ log_gss_error(struct connectdata *conn, OM_uint32 error_status, char *prefix)
snprintf(buf, sizeof(buf), "%s", prefix);
len = strlen(buf);
do {
maj_stat = gss_display_status (&min_stat,
error_status,
GSS_C_MECH_CODE,
GSS_C_NO_OID,
&msg_ctx,
&status_string);
maj_stat = gss_display_status(&min_stat,
error_status,
GSS_C_MECH_CODE,
GSS_C_NO_OID,
&msg_ctx,
&status_string);
if(sizeof(buf) > len + status_string.length + 1) {
snprintf(buf + len, sizeof(buf) - len,
": %s", (char*) status_string.value);
@ -118,7 +119,8 @@ log_gss_error(struct connectdata *conn, OM_uint32 error_status, char *prefix)
int Curl_input_negotiate(struct connectdata *conn, bool proxy,
const char *header)
{
struct negotiatedata *neg_ctx = &conn->data->state.negotiate;
struct negotiatedata *neg_ctx = proxy?&conn->data->state.proxyneg:
&conn->data->state.negotiate;
OM_uint32 major_status, minor_status, minor_status2;
gss_buffer_desc input_token = GSS_C_EMPTY_BUFFER;
gss_buffer_desc output_token = GSS_C_EMPTY_BUFFER;
@ -251,13 +253,14 @@ int Curl_input_negotiate(struct connectdata *conn, bool proxy,
CURLcode Curl_output_negotiate(struct connectdata *conn, bool proxy)
{
struct negotiatedata *neg_ctx = &conn->data->state.negotiate;
struct negotiatedata *neg_ctx = proxy?&conn->data->state.proxyneg:
&conn->data->state.negotiate;
OM_uint32 minor_status;
char *encoded = NULL;
int len;
#ifdef HAVE_SPNEGO /* Handle SPNEGO */
if(checkprefix("Negotiate",neg_ctx->protocol)) {
if(checkprefix("Negotiate", neg_ctx->protocol)) {
ASN1_OBJECT * object = NULL;
int rc = 1;
unsigned char * spnegoToken = NULL;
@ -310,11 +313,9 @@ CURLcode Curl_output_negotiate(struct connectdata *conn, bool proxy)
return (conn->allocptr.userpwd == NULL) ? CURLE_OUT_OF_MEMORY : CURLE_OK;
}
void Curl_cleanup_negotiate(struct SessionHandle *data)
static void cleanup(struct negotiatedata *neg_ctx)
{
OM_uint32 minor_status;
struct negotiatedata *neg_ctx = &data->state.negotiate;
if(neg_ctx->context != GSS_C_NO_CONTEXT)
gss_delete_sec_context(&minor_status, &neg_ctx->context, GSS_C_NO_BUFFER);
@ -327,6 +328,12 @@ void Curl_cleanup_negotiate(struct SessionHandle *data)
memset(neg_ctx, 0, sizeof(*neg_ctx));
}
void Curl_cleanup_negotiate(struct SessionHandle *data)
{
cleanup(&data->state.negotiate);
cleanup(&data->state.proxyneg);
}
#endif
#endif

View File

@ -1199,7 +1199,8 @@ struct UrlState {
struct digestdata proxydigest; /* state data for proxy Digest auth */
#ifdef HAVE_GSSAPI
struct negotiatedata negotiate; /* state data for Negotiate auth */
struct negotiatedata negotiate; /* state data for host Negotiate auth */
struct negotiatedata proxyneg; /* state data for proxy Negotiate auth */
#endif
struct auth authhost; /* auth details for host */