aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorSteve Holme <steve_holme@hotmail.com>2013-10-30 21:33:28 +0000
committerSteve Holme <steve_holme@hotmail.com>2013-10-31 19:15:33 +0000
commitcdccb422671aebd198ed338ac6111cfde303f1cc (patch)
tree1eeb292f1e4dbf4ca04cb590261d74b59ecf240f
parent753d44fa001ebfa940d3d1273451573af4cb41b1 (diff)
http: Added authentication message header value extraction
...following recent changes to Curl_base64_decode() rather than trying to parse a header line for the authentication mechanisms which is CRLF terminated and inline zero terminate it.
-rw-r--r--lib/curl_ntlm.c4
-rw-r--r--lib/http.c64
-rw-r--r--lib/http_digest.c4
3 files changed, 32 insertions, 40 deletions
diff --git a/lib/curl_ntlm.c b/lib/curl_ntlm.c
index 4d126a573..389ff66c8 100644
--- a/lib/curl_ntlm.c
+++ b/lib/curl_ntlm.c
@@ -77,10 +77,6 @@ CURLcode Curl_input_ntlm(struct connectdata *conn,
ntlm = proxy ? &conn->proxyntlm : &conn->ntlm;
- /* skip initial whitespaces */
- while(*header && ISSPACE(*header))
- header++;
-
if(checkprefix("NTLM", header)) {
header += strlen("NTLM");
diff --git a/lib/http.c b/lib/http.c
index 3b18c6311..55a8166de 100644
--- a/lib/http.c
+++ b/lib/http.c
@@ -701,7 +701,7 @@ Curl_http_output_auth(struct connectdata *conn,
CURLcode Curl_http_input_auth(struct connectdata *conn,
int httpcode,
- const char *header) /* the first non-space */
+ const char *auth) /* the first non-space */
{
/*
* This resource requires authentication
@@ -709,24 +709,17 @@ CURLcode Curl_http_input_auth(struct connectdata *conn,
struct SessionHandle *data = conn->data;
unsigned long *availp;
- const char *start;
struct auth *authp;
if(httpcode == 407) {
- start = header+strlen("Proxy-authenticate:");
availp = &data->info.proxyauthavail;
authp = &data->state.authproxy;
}
else {
- start = header+strlen("WWW-Authenticate:");
availp = &data->info.httpauthavail;
authp = &data->state.authhost;
}
- /* pass all white spaces */
- while(*start && ISSPACE(*start))
- start++;
-
/*
* Here we check if we want the specific single authentication (using ==) and
* if we do, we initiate usage of it.
@@ -744,10 +737,10 @@ CURLcode Curl_http_input_auth(struct connectdata *conn,
*
*/
- while(*start) {
+ while(*auth) {
#ifdef USE_HTTP_NEGOTIATE
- if(checkprefix("GSS-Negotiate", start) ||
- checkprefix("Negotiate", start)) {
+ if(checkprefix("GSS-Negotiate", auth) ||
+ checkprefix("Negotiate", auth)) {
int neg;
*availp |= CURLAUTH_GSSNEGOTIATE;
authp->avail |= CURLAUTH_GSSNEGOTIATE;
@@ -760,7 +753,7 @@ CURLcode Curl_http_input_auth(struct connectdata *conn,
data->state.authproblem = TRUE;
}
else {
- neg = Curl_input_negotiate(conn, (bool)(httpcode == 407), start);
+ neg = Curl_input_negotiate(conn, (bool)(httpcode == 407), auth);
if(neg == 0) {
DEBUGASSERT(!data->req.newurl);
data->req.newurl = strdup(data->change.url);
@@ -779,14 +772,14 @@ CURLcode Curl_http_input_auth(struct connectdata *conn,
#endif
#ifdef USE_NTLM
/* NTLM support requires the SSL crypto libs */
- if(checkprefix("NTLM", start)) {
+ if(checkprefix("NTLM", auth)) {
*availp |= CURLAUTH_NTLM;
authp->avail |= CURLAUTH_NTLM;
if(authp->picked == CURLAUTH_NTLM ||
authp->picked == CURLAUTH_NTLM_WB) {
/* NTLM authentication is picked and activated */
CURLcode ntlm =
- Curl_input_ntlm(conn, (httpcode == 407)?TRUE:FALSE, start);
+ Curl_input_ntlm(conn, (httpcode == 407)?TRUE:FALSE, auth);
if(CURLE_OK == ntlm) {
data->state.authproblem = FALSE;
#ifdef NTLM_WB_ENABLED
@@ -798,14 +791,14 @@ CURLcode Curl_http_input_auth(struct connectdata *conn,
/* Get the challenge-message which will be passed to
* ntlm_auth for generating the type 3 message later */
- while(*start && ISSPACE(*start))
- start++;
- if(checkprefix("NTLM", start)) {
- start += strlen("NTLM");
- while(*start && ISSPACE(*start))
- start++;
- if(*start)
- if((conn->challenge_header = strdup(start)) == NULL)
+ while(*auth && ISSPACE(*auth))
+ auth++;
+ if(checkprefix("NTLM", auth)) {
+ auth += strlen("NTLM");
+ while(*auth && ISSPACE(*auth))
+ auth++;
+ if(*auth)
+ if((conn->challenge_header = strdup(auth)) == NULL)
return CURLE_OUT_OF_MEMORY;
}
}
@@ -820,7 +813,7 @@ CURLcode Curl_http_input_auth(struct connectdata *conn,
else
#endif
#ifndef CURL_DISABLE_CRYPTO_AUTH
- if(checkprefix("Digest", start)) {
+ if(checkprefix("Digest", auth)) {
if((authp->avail & CURLAUTH_DIGEST) != 0) {
infof(data, "Ignoring duplicate digest auth header.\n");
}
@@ -833,7 +826,7 @@ CURLcode Curl_http_input_auth(struct connectdata *conn,
* authentication isn't activated yet, as we need to store the
* incoming data from this header in case we are gonna use
* Digest. */
- dig = Curl_input_digest(conn, (httpcode == 407)?TRUE:FALSE, start);
+ dig = Curl_input_digest(conn, (httpcode == 407)?TRUE:FALSE, auth);
if(CURLDIGEST_FINE != dig) {
infof(data, "Authentication problem. Ignoring this.\n");
@@ -843,7 +836,7 @@ CURLcode Curl_http_input_auth(struct connectdata *conn,
}
else
#endif
- if(checkprefix("Basic", start)) {
+ if(checkprefix("Basic", auth)) {
*availp |= CURLAUTH_BASIC;
authp->avail |= CURLAUTH_BASIC;
if(authp->picked == CURLAUTH_BASIC) {
@@ -857,12 +850,12 @@ CURLcode Curl_http_input_auth(struct connectdata *conn,
}
/* there may be multiple methods on one line, so keep reading */
- while(*start && *start != ',') /* read up to the next comma */
- start++;
- if(*start == ',') /* if we're on a comma, skip it */
- start++;
- while(*start && ISSPACE(*start))
- start++;
+ while(*auth && *auth != ',') /* read up to the next comma */
+ auth++;
+ if(*auth == ',') /* if we're on a comma, skip it */
+ auth++;
+ while(*auth && ISSPACE(*auth))
+ auth++;
}
return CURLE_OK;
}
@@ -3455,7 +3448,14 @@ CURLcode Curl_http_readwrite_headers(struct SessionHandle *data,
(401 == k->httpcode)) ||
(checkprefix("Proxy-authenticate:", k->p) &&
(407 == k->httpcode))) {
- result = Curl_http_input_auth(conn, k->httpcode, k->p);
+ char *auth = copy_header_value(k->p);
+ if(!auth)
+ return CURLE_OUT_OF_MEMORY;
+
+ result = Curl_http_input_auth(conn, k->httpcode, auth);
+
+ Curl_safefree(auth);
+
if(result)
return result;
}
diff --git a/lib/http_digest.c b/lib/http_digest.c
index f50f8033f..e2e611337 100644
--- a/lib/http_digest.c
+++ b/lib/http_digest.c
@@ -141,10 +141,6 @@ CURLdigest Curl_input_digest(struct connectdata *conn,
d = &data->state.digest;
}
- /* skip initial whitespaces */
- while(*header && ISSPACE(*header))
- header++;
-
if(checkprefix("Digest", header)) {
header += strlen("Digest");