diff options
-rw-r--r-- | lib/http.c | 7 | ||||
-rw-r--r-- | lib/http_negotiate.c | 28 | ||||
-rw-r--r-- | lib/http_negotiate.h | 6 | ||||
-rw-r--r-- | lib/http_negotiate_sspi.c | 36 |
4 files changed, 39 insertions, 38 deletions
diff --git a/lib/http.c b/lib/http.c index ee0a9a481..d65acacca 100644 --- a/lib/http.c +++ b/lib/http.c @@ -5,7 +5,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 1998 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al. + * Copyright (C) 1998 - 2015, Daniel Stenberg, <daniel@haxx.se>, et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -834,14 +834,13 @@ CURLcode Curl_http_input_auth(struct connectdata *conn, bool proxy, while(*auth) { #ifdef USE_SPNEGO if(checkprefix("Negotiate", auth)) { - int neg; *availp |= CURLAUTH_NEGOTIATE; authp->avail |= CURLAUTH_NEGOTIATE; if(authp->picked == CURLAUTH_NEGOTIATE) { if(negdata->state == GSS_AUTHSENT || negdata->state == GSS_AUTHNONE) { - neg = Curl_input_negotiate(conn, proxy, auth); - if(neg == 0) { + CURLcode result = Curl_input_negotiate(conn, proxy, auth); + if(!result) { DEBUGASSERT(!data->req.newurl); data->req.newurl = strdup(data->change.url); if(!data->req.newurl) diff --git a/lib/http_negotiate.c b/lib/http_negotiate.c index 5967022b5..6e882a337 100644 --- a/lib/http_negotiate.c +++ b/lib/http_negotiate.c @@ -64,10 +64,8 @@ get_gss_name(struct connectdata *conn, bool proxy, gss_name_t *server) return GSS_ERROR(major_status) ? -1 : 0; } -/* returning zero (0) means success, everything else is treated as "failure" - with no care exactly what the failure was */ -int Curl_input_negotiate(struct connectdata *conn, bool proxy, - const char *header) +CURLcode Curl_input_negotiate(struct connectdata *conn, bool proxy, + const char *header) { struct SessionHandle *data = conn->data; struct negotiatedata *neg_ctx = proxy?&data->state.proxyneg: @@ -85,12 +83,12 @@ int Curl_input_negotiate(struct connectdata *conn, bool proxy, * rejected it (since we're again here). Exit with an error since we * can't invent anything better */ Curl_cleanup_negotiate(data); - return -1; + return CURLE_LOGIN_DENIED; } if(neg_ctx->server_name == NULL && - (ret = get_gss_name(conn, proxy, &neg_ctx->server_name))) - return ret; + get_gss_name(conn, proxy, &neg_ctx->server_name)) + return CURLE_OUT_OF_MEMORY; header += strlen("Negotiate"); while(*header && ISSPACE(*header)) @@ -100,8 +98,12 @@ int Curl_input_negotiate(struct connectdata *conn, bool proxy, if(len > 0) { result = Curl_base64_decode(header, (unsigned char **)&input_token.value, &rawlen); - if(result || rawlen == 0) - return -1; + if(result) + return result; + + if(!rawlen) + return CURLE_BAD_CONTENT_ENCODING; + input_token.length = rawlen; DEBUGASSERT(input_token.value != NULL); @@ -125,19 +127,19 @@ int Curl_input_negotiate(struct connectdata *conn, bool proxy, gss_release_buffer(&discard_st, &output_token); Curl_gss_log_error(conn->data, minor_status, "gss_init_sec_context() failed: "); - return -1; + return CURLE_OUT_OF_MEMORY; } if(!output_token.value || !output_token.length) { if(output_token.value) gss_release_buffer(&discard_st, &output_token); - return -1; + return CURLE_OUT_OF_MEMORY; } neg_ctx->output_token = output_token; - return 0; -} + return CURLE_OK; +} CURLcode Curl_output_negotiate(struct connectdata *conn, bool proxy) { diff --git a/lib/http_negotiate.h b/lib/http_negotiate.h index f7efe8cdd..a8eb98016 100644 --- a/lib/http_negotiate.h +++ b/lib/http_negotiate.h @@ -7,7 +7,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 1998 - 2011, Daniel Stenberg, <daniel@haxx.se>, et al. + * Copyright (C) 1998 - 2015, Daniel Stenberg, <daniel@haxx.se>, et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -25,8 +25,8 @@ #ifdef USE_SPNEGO /* this is for Negotiate header input */ -int Curl_input_negotiate(struct connectdata *conn, bool proxy, - const char *header); +CURLcode Curl_input_negotiate(struct connectdata *conn, bool proxy, + const char *header); /* this is for creating Negotiate header output */ CURLcode Curl_output_negotiate(struct connectdata *conn, bool proxy); diff --git a/lib/http_negotiate_sspi.c b/lib/http_negotiate_sspi.c index 99e8f3899..7afd60957 100644 --- a/lib/http_negotiate_sspi.c +++ b/lib/http_negotiate_sspi.c @@ -42,10 +42,8 @@ /* The last #include file should be: */ #include "memdebug.h" -/* returning zero (0) means success, everything else is treated as "failure" - with no care exactly what the failure was */ -int Curl_input_negotiate(struct connectdata *conn, bool proxy, - const char *header) +CURLcode Curl_input_negotiate(struct connectdata *conn, bool proxy, + const char *header) { BYTE *input_token = NULL; SecBufferDesc out_buff_desc; @@ -88,20 +86,20 @@ int Curl_input_negotiate(struct connectdata *conn, bool proxy, * rejected it (since we're again here). Exit with an error since we * can't invent anything better */ Curl_cleanup_negotiate(conn->data); - return -1; + return CURLE_LOGIN_DENIED; } if(!neg_ctx->server_name) { /* Check proxy auth requested but no given proxy name */ if(proxy && !conn->proxy.name) - return -1; + return CURLE_BAD_FUNCTION_ARGUMENT; /* Generate our SPN */ neg_ctx->server_name = Curl_sasl_build_spn("HTTP", proxy ? conn->proxy.name : conn->host.name); if(!neg_ctx->server_name) - return -1; + return CURLE_OUT_OF_MEMORY; } if(!neg_ctx->output_token) { @@ -110,7 +108,7 @@ int Curl_input_negotiate(struct connectdata *conn, bool proxy, TEXT(SP_NAME_NEGOTIATE), &SecurityPackage); if(status != SEC_E_OK) - return -1; + return CURLE_NOT_BUILT_IN; /* Allocate input and output buffers according to the max token size as indicated by the security package */ @@ -130,7 +128,7 @@ int Curl_input_negotiate(struct connectdata *conn, bool proxy, if(neg_ctx->context) { /* The server rejected our authentication and hasn't suppled any more negotiation mechanisms */ - return -1; + return CURLE_LOGIN_DENIED; } /* We have to acquire credentials and allocate memory for the context */ @@ -138,13 +136,13 @@ int Curl_input_negotiate(struct connectdata *conn, bool proxy, neg_ctx->context = malloc(sizeof(CtxtHandle)); if(!neg_ctx->credentials || !neg_ctx->context) - return -1; + return CURLE_OUT_OF_MEMORY; if(userp && *userp) { /* Populate our identity structure */ result = Curl_create_sspi_identity(userp, passwdp, &neg_ctx->identity); if(result) - return -1; + return result; /* Allow proper cleanup of the identity structure */ neg_ctx->p_identity = &neg_ctx->identity; @@ -161,14 +159,17 @@ int Curl_input_negotiate(struct connectdata *conn, bool proxy, neg_ctx->p_identity, NULL, NULL, neg_ctx->credentials, &expiry); if(neg_ctx->status != SEC_E_OK) - return -1; + return CURLE_LOGIN_DENIED; } else { result = Curl_base64_decode(header, (unsigned char **)&input_token, &input_token_len); - if(result || !input_token_len) - return -1; + if(result) + return result; + + if(!input_token_len) + return CURLE_BAD_CONTENT_ENCODING; } /* Setup the "output" security buffer */ @@ -207,22 +208,21 @@ int Curl_input_negotiate(struct connectdata *conn, bool proxy, Curl_safefree(input_token); if(GSS_ERROR(neg_ctx->status)) - return -1; + return CURLE_OUT_OF_MEMORY; if(neg_ctx->status == SEC_I_COMPLETE_NEEDED || neg_ctx->status == SEC_I_COMPLETE_AND_CONTINUE) { neg_ctx->status = s_pSecFn->CompleteAuthToken(neg_ctx->context, &out_buff_desc); if(GSS_ERROR(neg_ctx->status)) - return -1; + return CURLE_RECV_ERROR; } neg_ctx->output_token_length = out_sec_buff.cbBuffer; - return 0; + return CURLE_OK; } - CURLcode Curl_output_negotiate(struct connectdata *conn, bool proxy) { struct negotiatedata *neg_ctx = proxy?&conn->data->state.proxyneg: |