aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorSteve Holme <steve_holme@hotmail.com>2014-11-02 00:24:32 +0000
committerSteve Holme <steve_holme@hotmail.com>2014-11-02 00:35:16 +0000
commitb6821dbb91a7433d7451c1ad4cbd49cc4b8a71a9 (patch)
treeaa55f2ea79191187bd7d93d80618eb802b63b43b
parentb04eef13182dd3d26bf095758d27b13556583fab (diff)
sasl: Fixed Kerberos V5 inclusion when CURL_DISABLE_CRYPTO_AUTH is used
Typically the USE_WINDOWS_SSPI definition would not be used when the CURL_DISABLE_CRYPTO_AUTH define is, however, it is still a valid build configuration and, as such, the SASL Kerberos V5 (GSSAPI) authentication data structures and functions would incorrectly be used when they shouldn't be. Introduced a new USE_KRB5 definition that takes into account the use of CURL_DISABLE_CRYPTO_AUTH like USE_SPNEGO and USE_NTLM do.
-rw-r--r--lib/curl_sasl.c4
-rw-r--r--lib/curl_sasl.h6
-rw-r--r--lib/curl_sasl_sspi.c5
-rw-r--r--lib/curl_setup.h8
-rw-r--r--lib/imap.c6
-rw-r--r--lib/pop3.c6
-rw-r--r--lib/smtp.c6
-rw-r--r--lib/urldata.h4
8 files changed, 27 insertions, 18 deletions
diff --git a/lib/curl_sasl.c b/lib/curl_sasl.c
index 7e2b8afaf..3bf973d95 100644
--- a/lib/curl_sasl.c
+++ b/lib/curl_sasl.c
@@ -53,7 +53,7 @@
/* The last #include file should be: */
#include "memdebug.h"
-#if defined(USE_WINDOWS_SSPI)
+#if defined(USE_KRB5)
extern void Curl_sasl_gssapi_cleanup(struct kerberos5data *krb5);
#endif
@@ -722,7 +722,7 @@ CURLcode Curl_sasl_create_xoauth2_message(struct SessionHandle *data,
*/
void Curl_sasl_cleanup(struct connectdata *conn, unsigned int authused)
{
-#if defined(USE_WINDOWS_SSPI)
+#if defined(USE_KRB5)
/* Cleanup the gssapi structure */
if(authused == SASL_MECH_GSSAPI) {
Curl_sasl_gssapi_cleanup(&conn->krb5);
diff --git a/lib/curl_sasl.h b/lib/curl_sasl.h
index e56fa1a5f..68ef5526c 100644
--- a/lib/curl_sasl.h
+++ b/lib/curl_sasl.h
@@ -28,7 +28,7 @@ struct SessionHandle;
struct connectdata;
struct ntlmdata;
-#if defined(USE_WINDOWS_SSPI)
+#if defined(USE_KRB5)
struct kerberos5data;
#endif
@@ -123,7 +123,7 @@ CURLcode Curl_sasl_create_ntlm_type3_message(struct SessionHandle *data,
#endif /* USE_NTLM */
-#if defined(USE_WINDOWS_SSPI)
+#if defined(USE_KRB5)
/* This is used to generate a base64 encoded GSSAPI (Kerberos V5) user token
message */
CURLcode Curl_sasl_create_gssapi_user_message(struct SessionHandle *data,
@@ -142,7 +142,7 @@ CURLcode Curl_sasl_create_gssapi_security_message(struct SessionHandle *data,
struct kerberos5data *krb5,
char **outptr,
size_t *outlen);
-#endif
+#endif /* USE_KRB5 */
/* This is used to generate a base64 encoded XOAUTH2 authentication message
containing the user name and bearer token */
diff --git a/lib/curl_sasl_sspi.c b/lib/curl_sasl_sspi.c
index 21edcd65d..9ae6f5d91 100644
--- a/lib/curl_sasl_sspi.c
+++ b/lib/curl_sasl_sspi.c
@@ -44,7 +44,9 @@
/* The last #include file should be: */
#include "memdebug.h"
+#if defined(USE_KRB5)
void Curl_sasl_gssapi_cleanup(struct kerberos5data *krb5);
+#endif
/*
* Curl_sasl_build_spn()
@@ -269,9 +271,9 @@ CURLcode Curl_sasl_create_digest_md5_message(struct SessionHandle *data,
return result;
}
-
#endif /* !CURL_DISABLE_CRYPTO_AUTH */
+#if defined(USE_KRB5)
/*
* Curl_sasl_create_gssapi_user_message()
*
@@ -703,5 +705,6 @@ void Curl_sasl_gssapi_cleanup(struct kerberos5data *krb5)
/* Reset any variables */
krb5->token_max = 0;
}
+#endif /* USE_KRB5 */
#endif /* USE_WINDOWS_SSPI */
diff --git a/lib/curl_setup.h b/lib/curl_setup.h
index 353b15fcb..a20aab19b 100644
--- a/lib/curl_setup.h
+++ b/lib/curl_setup.h
@@ -608,12 +608,18 @@ int netware_init(void);
#define USE_SSL /* SSL support has been enabled */
#endif
+/* Single point where USE_SPNEGO definition might be defined */
#if !defined(CURL_DISABLE_CRYPTO_AUTH) && \
(defined(HAVE_GSSAPI) || defined(USE_WINDOWS_SSPI))
#define USE_SPNEGO
#endif
-/* Single point where USE_NTLM definition might be done */
+/* Single point where USE_KRB5 definition might be defined */
+#if !defined(CURL_DISABLE_CRYPTO_AUTH) && defined(USE_WINDOWS_SSPI)
+#define USE_KRB5
+#endif
+
+/* Single point where USE_NTLM definition might be defined */
#if !defined(CURL_DISABLE_HTTP) && !defined(CURL_DISABLE_NTLM) && \
!defined(CURL_DISABLE_CRYPTO_AUTH)
#if defined(USE_SSLEAY) || defined(USE_WINDOWS_SSPI) || \
diff --git a/lib/imap.c b/lib/imap.c
index ee1bad295..4a0419a18 100644
--- a/lib/imap.c
+++ b/lib/imap.c
@@ -1300,7 +1300,7 @@ static CURLcode imap_state_auth_ntlm_type2msg_resp(struct connectdata *conn,
}
#endif
-#if defined(USE_WINDOWS_SSPI)
+#if defined(USE_KRB5)
/* For AUTHENTICATE GSSAPI (without initial response) responses */
static CURLcode imap_state_auth_gssapi_resp(struct connectdata *conn,
int imapcode,
@@ -1911,7 +1911,7 @@ static CURLcode imap_statemach_act(struct connectdata *conn)
break;
#endif
-#if defined(USE_WINDOWS_SSPI)
+#if defined(USE_KRB5)
case IMAP_AUTHENTICATE_GSSAPI:
result = imap_state_auth_gssapi_resp(conn, imapcode, imapc->state);
break;
@@ -2803,7 +2803,7 @@ static CURLcode imap_calc_sasl_details(struct connectdata *conn,
/* Calculate the supported authentication mechanism, by decreasing order of
security, as well as the initial response where appropriate */
-#if defined(USE_WINDOWS_SSPI)
+#if defined(USE_KRB5)
if((imapc->authmechs & SASL_MECH_GSSAPI) &&
(imapc->prefmech & SASL_MECH_GSSAPI)) {
imapc->mutual_auth = FALSE; /* TODO: Calculate mutual authentication */
diff --git a/lib/pop3.c b/lib/pop3.c
index 13528e3d5..03d737ef2 100644
--- a/lib/pop3.c
+++ b/lib/pop3.c
@@ -1131,7 +1131,7 @@ static CURLcode pop3_state_auth_ntlm_type2msg_resp(struct connectdata *conn,
}
#endif
-#if defined(USE_WINDOWS_SSPI)
+#if defined(USE_KRB5)
/* For AUTH GSSAPI (without initial response) responses */
static CURLcode pop3_state_auth_gssapi_resp(struct connectdata *conn,
int pop3code,
@@ -1591,7 +1591,7 @@ static CURLcode pop3_statemach_act(struct connectdata *conn)
break;
#endif
-#if defined(USE_WINDOWS_SSPI)
+#if defined(USE_KRB5)
case POP3_AUTH_GSSAPI:
result = pop3_state_auth_gssapi_resp(conn, pop3code, pop3c->state);
break;
@@ -2121,7 +2121,7 @@ static CURLcode pop3_calc_sasl_details(struct connectdata *conn,
/* Calculate the supported authentication mechanism, by decreasing order of
security, as well as the initial response where appropriate */
-#if defined(USE_WINDOWS_SSPI)
+#if defined(USE_KRB5)
if((pop3c->authmechs & SASL_MECH_GSSAPI) &&
(pop3c->prefmech & SASL_MECH_GSSAPI)) {
pop3c->mutual_auth = FALSE; /* TODO: Calculate mutual authentication */
diff --git a/lib/smtp.c b/lib/smtp.c
index 6d1aa0120..448b040c7 100644
--- a/lib/smtp.c
+++ b/lib/smtp.c
@@ -1150,7 +1150,7 @@ static CURLcode smtp_state_auth_ntlm_type2msg_resp(struct connectdata *conn,
}
#endif
-#if defined(USE_WINDOWS_SSPI)
+#if defined(USE_KRB5)
/* For AUTH GSSAPI (without initial response) responses */
static CURLcode smtp_state_auth_gssapi_resp(struct connectdata *conn,
int smtpcode,
@@ -1630,7 +1630,7 @@ static CURLcode smtp_statemach_act(struct connectdata *conn)
break;
#endif
-#if defined(USE_WINDOWS_SSPI)
+#if defined(USE_KRB5)
case SMTP_AUTH_GSSAPI:
result = smtp_state_auth_gssapi_resp(conn, smtpcode, smtpc->state);
break;
@@ -2221,7 +2221,7 @@ static CURLcode smtp_calc_sasl_details(struct connectdata *conn,
/* Calculate the supported authentication mechanism, by decreasing order of
security, as well as the initial response where appropriate */
-#if defined(USE_WINDOWS_SSPI)
+#if defined(USE_KRB5)
if((smtpc->authmechs & SASL_MECH_GSSAPI) &&
(smtpc->prefmech & SASL_MECH_GSSAPI)) {
smtpc->mutual_auth = FALSE; /* TODO: Calculate mutual authentication */
diff --git a/lib/urldata.h b/lib/urldata.h
index 83d190453..5a65c4a74 100644
--- a/lib/urldata.h
+++ b/lib/urldata.h
@@ -419,7 +419,7 @@ typedef enum {
#endif
/* Struct used for GSSAPI (Kerberos V5) authentication */
-#if defined(USE_WINDOWS_SSPI)
+#if defined(USE_KRB5)
struct kerberos5data {
CredHandle *credentials;
CtxtHandle *context;
@@ -980,7 +980,7 @@ struct connectdata {
struct sockaddr_in local_addr;
#endif
-#if defined(USE_WINDOWS_SSPI) /* Consider moving some of the above GSS-API */
+#if defined(USE_KRB5) /* Consider moving some of the above GSS-API */
struct kerberos5data krb5; /* variables into the structure definition, */
#endif /* however, some of them are ftp specific. */