sasl: Fixed Kerberos V5 inclusion when CURL_DISABLE_CRYPTO_AUTH is used

Typically the USE_WINDOWS_SSPI definition would not be used when the CURL_DISABLE_CRYPTO_AUTH define is, however, it is still a valid build configuration and, as such, the SASL Kerberos V5 (GSSAPI) authentication data structures and functions would incorrectly be used when they shouldn't be. Introduced a new USE_KRB5 definition that takes into account the use of CURL_DISABLE_CRYPTO_AUTH like USE_SPNEGO and USE_NTLM do.
2024-12-21 23:58:49 -05:00 · 2014-11-02 00:24:32 +00:00 · 2014-11-02 00:24:32 +00:00 · b6821dbb91
commit b6821dbb91
parent b04eef1318
8 changed files with 27 additions and 18 deletions
--- a/lib/curl_sasl.c
+++ b/lib/curl_sasl.c
@ -53,7 +53,7 @@
 /* The last #include file should be: */
 #include "memdebug.h"

-#if defined(USE_WINDOWS_SSPI)
+#if defined(USE_KRB5)
 extern void Curl_sasl_gssapi_cleanup(struct kerberos5data *krb5);
 #endif

@ -722,7 +722,7 @@ CURLcode Curl_sasl_create_xoauth2_message(struct SessionHandle *data,
 */
 void Curl_sasl_cleanup(struct connectdata *conn, unsigned int authused)
 {
-#if defined(USE_WINDOWS_SSPI)
+#if defined(USE_KRB5)
  /* Cleanup the gssapi structure */
  if(authused == SASL_MECH_GSSAPI) {
    Curl_sasl_gssapi_cleanup(&conn->krb5);
--- a/lib/curl_sasl.h
+++ b/lib/curl_sasl.h
@ -28,7 +28,7 @@ struct SessionHandle;
 struct connectdata;
 struct ntlmdata;

-#if defined(USE_WINDOWS_SSPI)
+#if defined(USE_KRB5)
 struct kerberos5data;
 #endif

@ -123,7 +123,7 @@ CURLcode Curl_sasl_create_ntlm_type3_message(struct SessionHandle *data,

 #endif /* USE_NTLM */

-#if defined(USE_WINDOWS_SSPI)
+#if defined(USE_KRB5)
 /* This is used to generate a base64 encoded GSSAPI (Kerberos V5) user token
   message */
 CURLcode Curl_sasl_create_gssapi_user_message(struct SessionHandle *data,
@ -142,7 +142,7 @@ CURLcode Curl_sasl_create_gssapi_security_message(struct SessionHandle *data,
                                                  struct kerberos5data *krb5,
                                                  char **outptr,
                                                  size_t *outlen);
-#endif
+#endif /* USE_KRB5 */

 /* This is used to generate a base64 encoded XOAUTH2 authentication message
   containing the user name and bearer token */
--- a/lib/curl_sasl_sspi.c
+++ b/lib/curl_sasl_sspi.c
@ -44,7 +44,9 @@
 /* The last #include file should be: */
 #include "memdebug.h"

+#if defined(USE_KRB5)
 void Curl_sasl_gssapi_cleanup(struct kerberos5data *krb5);
+#endif

 /*
 * Curl_sasl_build_spn()
@ -269,9 +271,9 @@ CURLcode Curl_sasl_create_digest_md5_message(struct SessionHandle *data,

  return result;
 }
-
 #endif /* !CURL_DISABLE_CRYPTO_AUTH */

+#if defined(USE_KRB5)
 /*
 * Curl_sasl_create_gssapi_user_message()
 *
@ -703,5 +705,6 @@ void Curl_sasl_gssapi_cleanup(struct kerberos5data *krb5)
  /* Reset any variables */
  krb5->token_max = 0;
 }
+#endif /* USE_KRB5 */

 #endif /* USE_WINDOWS_SSPI */
--- a/lib/curl_setup.h
+++ b/lib/curl_setup.h
@ -608,12 +608,18 @@ int netware_init(void);
 #define USE_SSL    /* SSL support has been enabled */
 #endif

+/* Single point where USE_SPNEGO definition might be defined */
 #if !defined(CURL_DISABLE_CRYPTO_AUTH) && \
    (defined(HAVE_GSSAPI) || defined(USE_WINDOWS_SSPI))
 #define USE_SPNEGO
 #endif

-/* Single point where USE_NTLM definition might be done */
+/* Single point where USE_KRB5 definition might be defined */
+#if !defined(CURL_DISABLE_CRYPTO_AUTH) && defined(USE_WINDOWS_SSPI)
+#define USE_KRB5
+#endif
+
+/* Single point where USE_NTLM definition might be defined */
 #if !defined(CURL_DISABLE_HTTP) && !defined(CURL_DISABLE_NTLM) && \
    !defined(CURL_DISABLE_CRYPTO_AUTH)
 #if defined(USE_SSLEAY) || defined(USE_WINDOWS_SSPI) || \
--- a/lib/imap.c
+++ b/lib/imap.c
@ -1300,7 +1300,7 @@ static CURLcode imap_state_auth_ntlm_type2msg_resp(struct connectdata *conn,
 }
 #endif

-#if defined(USE_WINDOWS_SSPI)
+#if defined(USE_KRB5)
 /* For AUTHENTICATE GSSAPI (without initial response) responses */
 static CURLcode imap_state_auth_gssapi_resp(struct connectdata *conn,
                                            int imapcode,
@ -1911,7 +1911,7 @@ static CURLcode imap_statemach_act(struct connectdata *conn)
      break;
 #endif

-#if defined(USE_WINDOWS_SSPI)
+#if defined(USE_KRB5)
    case IMAP_AUTHENTICATE_GSSAPI:
      result = imap_state_auth_gssapi_resp(conn, imapcode, imapc->state);
      break;
@ -2803,7 +2803,7 @@ static CURLcode imap_calc_sasl_details(struct connectdata *conn,

  /* Calculate the supported authentication mechanism, by decreasing order of
     security, as well as the initial response where appropriate */
-#if defined(USE_WINDOWS_SSPI)
+#if defined(USE_KRB5)
    if((imapc->authmechs & SASL_MECH_GSSAPI) &&
       (imapc->prefmech & SASL_MECH_GSSAPI)) {
    imapc->mutual_auth = FALSE; /* TODO: Calculate mutual authentication */
--- a/lib/pop3.c
+++ b/lib/pop3.c
@ -1131,7 +1131,7 @@ static CURLcode pop3_state_auth_ntlm_type2msg_resp(struct connectdata *conn,
 }
 #endif

-#if defined(USE_WINDOWS_SSPI)
+#if defined(USE_KRB5)
 /* For AUTH GSSAPI (without initial response) responses */
 static CURLcode pop3_state_auth_gssapi_resp(struct connectdata *conn,
                                            int pop3code,
@ -1591,7 +1591,7 @@ static CURLcode pop3_statemach_act(struct connectdata *conn)
      break;
 #endif

-#if defined(USE_WINDOWS_SSPI)
+#if defined(USE_KRB5)
    case POP3_AUTH_GSSAPI:
      result = pop3_state_auth_gssapi_resp(conn, pop3code, pop3c->state);
      break;
@ -2121,7 +2121,7 @@ static CURLcode pop3_calc_sasl_details(struct connectdata *conn,

  /* Calculate the supported authentication mechanism, by decreasing order of
     security, as well as the initial response where appropriate */
-#if defined(USE_WINDOWS_SSPI)
+#if defined(USE_KRB5)
  if((pop3c->authmechs & SASL_MECH_GSSAPI) &&
      (pop3c->prefmech & SASL_MECH_GSSAPI)) {
    pop3c->mutual_auth = FALSE; /* TODO: Calculate mutual authentication */
--- a/lib/smtp.c
+++ b/lib/smtp.c
@ -1150,7 +1150,7 @@ static CURLcode smtp_state_auth_ntlm_type2msg_resp(struct connectdata *conn,
 }
 #endif

-#if defined(USE_WINDOWS_SSPI)
+#if defined(USE_KRB5)
 /* For AUTH GSSAPI (without initial response) responses */
 static CURLcode smtp_state_auth_gssapi_resp(struct connectdata *conn,
                                            int smtpcode,
@ -1630,7 +1630,7 @@ static CURLcode smtp_statemach_act(struct connectdata *conn)
      break;
 #endif

-#if defined(USE_WINDOWS_SSPI)
+#if defined(USE_KRB5)
    case SMTP_AUTH_GSSAPI:
      result = smtp_state_auth_gssapi_resp(conn, smtpcode, smtpc->state);
      break;
@ -2221,7 +2221,7 @@ static CURLcode smtp_calc_sasl_details(struct connectdata *conn,

  /* Calculate the supported authentication mechanism, by decreasing order of
     security, as well as the initial response where appropriate */
-#if defined(USE_WINDOWS_SSPI)
+#if defined(USE_KRB5)
  if((smtpc->authmechs & SASL_MECH_GSSAPI) &&
     (smtpc->prefmech & SASL_MECH_GSSAPI)) {
    smtpc->mutual_auth = FALSE; /* TODO: Calculate mutual authentication */
--- a/lib/urldata.h
+++ b/lib/urldata.h
@ -419,7 +419,7 @@ typedef enum {
 #endif

 /* Struct used for GSSAPI (Kerberos V5) authentication */
-#if defined(USE_WINDOWS_SSPI)
+#if defined(USE_KRB5)
 struct kerberos5data {
  CredHandle *credentials;
  CtxtHandle *context;
@ -980,7 +980,7 @@ struct connectdata {
  struct sockaddr_in local_addr;
 #endif

-#if defined(USE_WINDOWS_SSPI) /* Consider moving some of the above GSS-API */
+#if defined(USE_KRB5)         /* Consider moving some of the above GSS-API */
  struct kerberos5data krb5;  /* variables into the structure definition, */
 #endif                        /* however, some of them are ftp specific. */