diff options
Diffstat (limited to 'lib/krb5.c')
-rw-r--r-- | lib/krb5.c | 136 |
1 files changed, 70 insertions, 66 deletions
diff --git a/lib/krb5.c b/lib/krb5.c index 5b921d9c0..ab25718e1 100644 --- a/lib/krb5.c +++ b/lib/krb5.c @@ -132,15 +132,15 @@ krb5_encode(void *app_data, const void *from, int length, int level, void **to, /* shut gcc up */ conn = NULL; - /* NOTE that the cast is safe, neither of the krb5, gnu gss and heimdal + /* NOTE that the cast is safe, neither of the krb5, gnu gss and heimdal * libraries modify the input buffer in gss_seal() */ dec.value = (void*)from; dec.length = length; maj = gss_seal(&min, *context, - level == prot_private, - GSS_C_QOP_DEFAULT, - &dec, &state, &enc); + level == prot_private, + GSS_C_QOP_DEFAULT, + &dec, &state, &enc); if(maj != GSS_S_COMPLETE) return -1; @@ -178,10 +178,12 @@ krb5_auth(void *app_data, struct connectdata *conn) chan.initiator_addrtype = GSS_C_AF_INET; chan.initiator_address.length = l - 4; - chan.initiator_address.value = &((struct sockaddr_in *)LOCAL_ADDR)->sin_addr.s_addr; + chan.initiator_address.value = + &((struct sockaddr_in *)LOCAL_ADDR)->sin_addr.s_addr; chan.acceptor_addrtype = GSS_C_AF_INET; chan.acceptor_address.length = l - 4; - chan.acceptor_address.value = &((struct sockaddr_in *)REMOTE_ADDR)->sin_addr.s_addr; + chan.acceptor_address.value = + &((struct sockaddr_in *)REMOTE_ADDR)->sin_addr.s_addr; chan.application_data.length = 0; chan.application_data.value = NULL; @@ -192,12 +194,12 @@ krb5_auth(void *app_data, struct connectdata *conn) result = Curl_ftpsendf(conn, "AUTH GSSAPI"); if(result) - return -2; + return -2; if(Curl_GetFTPResponse(&nread, conn, NULL)) - return -1; + return -1; if(data->state.buffer[0] != '3') - return -1; + return -1; } gssbuf.value = data->state.buffer; @@ -206,8 +208,8 @@ krb5_auth(void *app_data, struct connectdata *conn) if(maj != GSS_S_COMPLETE) { gss_release_name(&min, &gssname); if(service == srv_host) { - Curl_failf(data, "Error importing service name %s", gssbuf.value); - return AUTH_ERROR; + Curl_failf(data, "Error importing service name %s", gssbuf.value); + return AUTH_ERROR; } service = srv_host; continue; @@ -224,69 +226,71 @@ krb5_auth(void *app_data, struct connectdata *conn) do { ret = AUTH_OK; maj = gss_init_sec_context(&min, - GSS_C_NO_CREDENTIAL, - context, - gssname, - GSS_C_NO_OID, - GSS_C_MUTUAL_FLAG | GSS_C_REPLAY_FLAG, - 0, - &chan, - gssresp, - NULL, - &gssbuf, - NULL, - NULL); + GSS_C_NO_CREDENTIAL, + context, + gssname, + GSS_C_NO_OID, + GSS_C_MUTUAL_FLAG | GSS_C_REPLAY_FLAG, + 0, + &chan, + gssresp, + NULL, + &gssbuf, + NULL, + NULL); if(gssresp) { - free(_gssresp.value); - gssresp = NULL; + free(_gssresp.value); + gssresp = NULL; } if(maj != GSS_S_COMPLETE && maj != GSS_S_CONTINUE_NEEDED) { - Curl_infof(data, "Error creating security context"); - ret = AUTH_ERROR; - break; + Curl_infof(data, "Error creating security context"); + ret = AUTH_ERROR; + break; } if(gssbuf.length != 0) { - if(Curl_base64_encode(data, (char *)gssbuf.value, gssbuf.length, &p) < 1) { - Curl_infof(data, "Out of memory base64-encoding"); - ret = AUTH_CONTINUE; - break; - } - - result = Curl_ftpsendf(conn, "ADAT %s", p); - - free(p); - - if(result) { - ret = -2; - break; - } - - if(Curl_GetFTPResponse(&nread, conn, NULL)) { - ret = -1; - break; - } - - if(data->state.buffer[0] != '2' && data->state.buffer[0] != '3'){ - Curl_infof(data, "Server didn't accept auth data\n"); - ret = AUTH_ERROR; - break; - } - - p = data->state.buffer + 4; - p = strstr(p, "ADAT="); - if(p) { - _gssresp.length = Curl_base64_decode(p + 5, (unsigned char **)&_gssresp.value); - if(_gssresp.length < 1) { - Curl_failf(data, "Out of memory base64-encoding"); - ret = AUTH_CONTINUE; - break; - } - } - - gssresp = &_gssresp; + if(Curl_base64_encode(data, (char *)gssbuf.value, gssbuf.length, &p) + < 1) { + Curl_infof(data, "Out of memory base64-encoding"); + ret = AUTH_CONTINUE; + break; + } + + result = Curl_ftpsendf(conn, "ADAT %s", p); + + free(p); + + if(result) { + ret = -2; + break; + } + + if(Curl_GetFTPResponse(&nread, conn, NULL)) { + ret = -1; + break; + } + + if(data->state.buffer[0] != '2' && data->state.buffer[0] != '3'){ + Curl_infof(data, "Server didn't accept auth data\n"); + ret = AUTH_ERROR; + break; + } + + p = data->state.buffer + 4; + p = strstr(p, "ADAT="); + if(p) { + _gssresp.length = Curl_base64_decode(p + 5, (unsigned char **) + &_gssresp.value); + if(_gssresp.length < 1) { + Curl_failf(data, "Out of memory base64-encoding"); + ret = AUTH_CONTINUE; + break; + } + } + + gssresp = &_gssresp; } } while(maj == GSS_S_CONTINUE_NEEDED); |