1
0
mirror of https://github.com/moparisthebest/curl synced 2024-12-22 08:08:50 -05:00

sasl: Fixed Kerberos V5 inclusion when CURL_DISABLE_CRYPTO_AUTH is used

Typically the USE_WINDOWS_SSPI definition would not be used when the
CURL_DISABLE_CRYPTO_AUTH define is, however, it is still a valid build
configuration and, as such, the SASL Kerberos V5 (GSSAPI) authentication
data structures and functions would incorrectly be used when they
shouldn't be.

Introduced a new USE_KRB5 definition that takes into account the use of
CURL_DISABLE_CRYPTO_AUTH like USE_SPNEGO and USE_NTLM do.
This commit is contained in:
Steve Holme 2014-11-02 00:24:32 +00:00
parent b04eef1318
commit b6821dbb91
8 changed files with 27 additions and 18 deletions

View File

@ -53,7 +53,7 @@
/* The last #include file should be: */ /* The last #include file should be: */
#include "memdebug.h" #include "memdebug.h"
#if defined(USE_WINDOWS_SSPI) #if defined(USE_KRB5)
extern void Curl_sasl_gssapi_cleanup(struct kerberos5data *krb5); extern void Curl_sasl_gssapi_cleanup(struct kerberos5data *krb5);
#endif #endif
@ -722,7 +722,7 @@ CURLcode Curl_sasl_create_xoauth2_message(struct SessionHandle *data,
*/ */
void Curl_sasl_cleanup(struct connectdata *conn, unsigned int authused) void Curl_sasl_cleanup(struct connectdata *conn, unsigned int authused)
{ {
#if defined(USE_WINDOWS_SSPI) #if defined(USE_KRB5)
/* Cleanup the gssapi structure */ /* Cleanup the gssapi structure */
if(authused == SASL_MECH_GSSAPI) { if(authused == SASL_MECH_GSSAPI) {
Curl_sasl_gssapi_cleanup(&conn->krb5); Curl_sasl_gssapi_cleanup(&conn->krb5);

View File

@ -28,7 +28,7 @@ struct SessionHandle;
struct connectdata; struct connectdata;
struct ntlmdata; struct ntlmdata;
#if defined(USE_WINDOWS_SSPI) #if defined(USE_KRB5)
struct kerberos5data; struct kerberos5data;
#endif #endif
@ -123,7 +123,7 @@ CURLcode Curl_sasl_create_ntlm_type3_message(struct SessionHandle *data,
#endif /* USE_NTLM */ #endif /* USE_NTLM */
#if defined(USE_WINDOWS_SSPI) #if defined(USE_KRB5)
/* This is used to generate a base64 encoded GSSAPI (Kerberos V5) user token /* This is used to generate a base64 encoded GSSAPI (Kerberos V5) user token
message */ message */
CURLcode Curl_sasl_create_gssapi_user_message(struct SessionHandle *data, CURLcode Curl_sasl_create_gssapi_user_message(struct SessionHandle *data,
@ -142,7 +142,7 @@ CURLcode Curl_sasl_create_gssapi_security_message(struct SessionHandle *data,
struct kerberos5data *krb5, struct kerberos5data *krb5,
char **outptr, char **outptr,
size_t *outlen); size_t *outlen);
#endif #endif /* USE_KRB5 */
/* This is used to generate a base64 encoded XOAUTH2 authentication message /* This is used to generate a base64 encoded XOAUTH2 authentication message
containing the user name and bearer token */ containing the user name and bearer token */

View File

@ -44,7 +44,9 @@
/* The last #include file should be: */ /* The last #include file should be: */
#include "memdebug.h" #include "memdebug.h"
#if defined(USE_KRB5)
void Curl_sasl_gssapi_cleanup(struct kerberos5data *krb5); void Curl_sasl_gssapi_cleanup(struct kerberos5data *krb5);
#endif
/* /*
* Curl_sasl_build_spn() * Curl_sasl_build_spn()
@ -269,9 +271,9 @@ CURLcode Curl_sasl_create_digest_md5_message(struct SessionHandle *data,
return result; return result;
} }
#endif /* !CURL_DISABLE_CRYPTO_AUTH */ #endif /* !CURL_DISABLE_CRYPTO_AUTH */
#if defined(USE_KRB5)
/* /*
* Curl_sasl_create_gssapi_user_message() * Curl_sasl_create_gssapi_user_message()
* *
@ -703,5 +705,6 @@ void Curl_sasl_gssapi_cleanup(struct kerberos5data *krb5)
/* Reset any variables */ /* Reset any variables */
krb5->token_max = 0; krb5->token_max = 0;
} }
#endif /* USE_KRB5 */
#endif /* USE_WINDOWS_SSPI */ #endif /* USE_WINDOWS_SSPI */

View File

@ -608,12 +608,18 @@ int netware_init(void);
#define USE_SSL /* SSL support has been enabled */ #define USE_SSL /* SSL support has been enabled */
#endif #endif
/* Single point where USE_SPNEGO definition might be defined */
#if !defined(CURL_DISABLE_CRYPTO_AUTH) && \ #if !defined(CURL_DISABLE_CRYPTO_AUTH) && \
(defined(HAVE_GSSAPI) || defined(USE_WINDOWS_SSPI)) (defined(HAVE_GSSAPI) || defined(USE_WINDOWS_SSPI))
#define USE_SPNEGO #define USE_SPNEGO
#endif #endif
/* Single point where USE_NTLM definition might be done */ /* Single point where USE_KRB5 definition might be defined */
#if !defined(CURL_DISABLE_CRYPTO_AUTH) && defined(USE_WINDOWS_SSPI)
#define USE_KRB5
#endif
/* Single point where USE_NTLM definition might be defined */
#if !defined(CURL_DISABLE_HTTP) && !defined(CURL_DISABLE_NTLM) && \ #if !defined(CURL_DISABLE_HTTP) && !defined(CURL_DISABLE_NTLM) && \
!defined(CURL_DISABLE_CRYPTO_AUTH) !defined(CURL_DISABLE_CRYPTO_AUTH)
#if defined(USE_SSLEAY) || defined(USE_WINDOWS_SSPI) || \ #if defined(USE_SSLEAY) || defined(USE_WINDOWS_SSPI) || \

View File

@ -1300,7 +1300,7 @@ static CURLcode imap_state_auth_ntlm_type2msg_resp(struct connectdata *conn,
} }
#endif #endif
#if defined(USE_WINDOWS_SSPI) #if defined(USE_KRB5)
/* For AUTHENTICATE GSSAPI (without initial response) responses */ /* For AUTHENTICATE GSSAPI (without initial response) responses */
static CURLcode imap_state_auth_gssapi_resp(struct connectdata *conn, static CURLcode imap_state_auth_gssapi_resp(struct connectdata *conn,
int imapcode, int imapcode,
@ -1911,7 +1911,7 @@ static CURLcode imap_statemach_act(struct connectdata *conn)
break; break;
#endif #endif
#if defined(USE_WINDOWS_SSPI) #if defined(USE_KRB5)
case IMAP_AUTHENTICATE_GSSAPI: case IMAP_AUTHENTICATE_GSSAPI:
result = imap_state_auth_gssapi_resp(conn, imapcode, imapc->state); result = imap_state_auth_gssapi_resp(conn, imapcode, imapc->state);
break; break;
@ -2803,7 +2803,7 @@ static CURLcode imap_calc_sasl_details(struct connectdata *conn,
/* Calculate the supported authentication mechanism, by decreasing order of /* Calculate the supported authentication mechanism, by decreasing order of
security, as well as the initial response where appropriate */ security, as well as the initial response where appropriate */
#if defined(USE_WINDOWS_SSPI) #if defined(USE_KRB5)
if((imapc->authmechs & SASL_MECH_GSSAPI) && if((imapc->authmechs & SASL_MECH_GSSAPI) &&
(imapc->prefmech & SASL_MECH_GSSAPI)) { (imapc->prefmech & SASL_MECH_GSSAPI)) {
imapc->mutual_auth = FALSE; /* TODO: Calculate mutual authentication */ imapc->mutual_auth = FALSE; /* TODO: Calculate mutual authentication */

View File

@ -1131,7 +1131,7 @@ static CURLcode pop3_state_auth_ntlm_type2msg_resp(struct connectdata *conn,
} }
#endif #endif
#if defined(USE_WINDOWS_SSPI) #if defined(USE_KRB5)
/* For AUTH GSSAPI (without initial response) responses */ /* For AUTH GSSAPI (without initial response) responses */
static CURLcode pop3_state_auth_gssapi_resp(struct connectdata *conn, static CURLcode pop3_state_auth_gssapi_resp(struct connectdata *conn,
int pop3code, int pop3code,
@ -1591,7 +1591,7 @@ static CURLcode pop3_statemach_act(struct connectdata *conn)
break; break;
#endif #endif
#if defined(USE_WINDOWS_SSPI) #if defined(USE_KRB5)
case POP3_AUTH_GSSAPI: case POP3_AUTH_GSSAPI:
result = pop3_state_auth_gssapi_resp(conn, pop3code, pop3c->state); result = pop3_state_auth_gssapi_resp(conn, pop3code, pop3c->state);
break; break;
@ -2121,7 +2121,7 @@ static CURLcode pop3_calc_sasl_details(struct connectdata *conn,
/* Calculate the supported authentication mechanism, by decreasing order of /* Calculate the supported authentication mechanism, by decreasing order of
security, as well as the initial response where appropriate */ security, as well as the initial response where appropriate */
#if defined(USE_WINDOWS_SSPI) #if defined(USE_KRB5)
if((pop3c->authmechs & SASL_MECH_GSSAPI) && if((pop3c->authmechs & SASL_MECH_GSSAPI) &&
(pop3c->prefmech & SASL_MECH_GSSAPI)) { (pop3c->prefmech & SASL_MECH_GSSAPI)) {
pop3c->mutual_auth = FALSE; /* TODO: Calculate mutual authentication */ pop3c->mutual_auth = FALSE; /* TODO: Calculate mutual authentication */

View File

@ -1150,7 +1150,7 @@ static CURLcode smtp_state_auth_ntlm_type2msg_resp(struct connectdata *conn,
} }
#endif #endif
#if defined(USE_WINDOWS_SSPI) #if defined(USE_KRB5)
/* For AUTH GSSAPI (without initial response) responses */ /* For AUTH GSSAPI (without initial response) responses */
static CURLcode smtp_state_auth_gssapi_resp(struct connectdata *conn, static CURLcode smtp_state_auth_gssapi_resp(struct connectdata *conn,
int smtpcode, int smtpcode,
@ -1630,7 +1630,7 @@ static CURLcode smtp_statemach_act(struct connectdata *conn)
break; break;
#endif #endif
#if defined(USE_WINDOWS_SSPI) #if defined(USE_KRB5)
case SMTP_AUTH_GSSAPI: case SMTP_AUTH_GSSAPI:
result = smtp_state_auth_gssapi_resp(conn, smtpcode, smtpc->state); result = smtp_state_auth_gssapi_resp(conn, smtpcode, smtpc->state);
break; break;
@ -2221,7 +2221,7 @@ static CURLcode smtp_calc_sasl_details(struct connectdata *conn,
/* Calculate the supported authentication mechanism, by decreasing order of /* Calculate the supported authentication mechanism, by decreasing order of
security, as well as the initial response where appropriate */ security, as well as the initial response where appropriate */
#if defined(USE_WINDOWS_SSPI) #if defined(USE_KRB5)
if((smtpc->authmechs & SASL_MECH_GSSAPI) && if((smtpc->authmechs & SASL_MECH_GSSAPI) &&
(smtpc->prefmech & SASL_MECH_GSSAPI)) { (smtpc->prefmech & SASL_MECH_GSSAPI)) {
smtpc->mutual_auth = FALSE; /* TODO: Calculate mutual authentication */ smtpc->mutual_auth = FALSE; /* TODO: Calculate mutual authentication */

View File

@ -419,7 +419,7 @@ typedef enum {
#endif #endif
/* Struct used for GSSAPI (Kerberos V5) authentication */ /* Struct used for GSSAPI (Kerberos V5) authentication */
#if defined(USE_WINDOWS_SSPI) #if defined(USE_KRB5)
struct kerberos5data { struct kerberos5data {
CredHandle *credentials; CredHandle *credentials;
CtxtHandle *context; CtxtHandle *context;
@ -980,7 +980,7 @@ struct connectdata {
struct sockaddr_in local_addr; struct sockaddr_in local_addr;
#endif #endif
#if defined(USE_WINDOWS_SSPI) /* Consider moving some of the above GSS-API */ #if defined(USE_KRB5) /* Consider moving some of the above GSS-API */
struct kerberos5data krb5; /* variables into the structure definition, */ struct kerberos5data krb5; /* variables into the structure definition, */
#endif /* however, some of them are ftp specific. */ #endif /* however, some of them are ftp specific. */