aboutsummaryrefslogtreecommitdiff
path: root/lib/krb5.c
diff options
context:
space:
mode:
Diffstat (limited to 'lib/krb5.c')
-rw-r--r--lib/krb5.c136
1 files changed, 70 insertions, 66 deletions
diff --git a/lib/krb5.c b/lib/krb5.c
index 5b921d9c0..ab25718e1 100644
--- a/lib/krb5.c
+++ b/lib/krb5.c
@@ -132,15 +132,15 @@ krb5_encode(void *app_data, const void *from, int length, int level, void **to,
/* shut gcc up */
conn = NULL;
- /* NOTE that the cast is safe, neither of the krb5, gnu gss and heimdal
+ /* NOTE that the cast is safe, neither of the krb5, gnu gss and heimdal
* libraries modify the input buffer in gss_seal()
*/
dec.value = (void*)from;
dec.length = length;
maj = gss_seal(&min, *context,
- level == prot_private,
- GSS_C_QOP_DEFAULT,
- &dec, &state, &enc);
+ level == prot_private,
+ GSS_C_QOP_DEFAULT,
+ &dec, &state, &enc);
if(maj != GSS_S_COMPLETE)
return -1;
@@ -178,10 +178,12 @@ krb5_auth(void *app_data, struct connectdata *conn)
chan.initiator_addrtype = GSS_C_AF_INET;
chan.initiator_address.length = l - 4;
- chan.initiator_address.value = &((struct sockaddr_in *)LOCAL_ADDR)->sin_addr.s_addr;
+ chan.initiator_address.value =
+ &((struct sockaddr_in *)LOCAL_ADDR)->sin_addr.s_addr;
chan.acceptor_addrtype = GSS_C_AF_INET;
chan.acceptor_address.length = l - 4;
- chan.acceptor_address.value = &((struct sockaddr_in *)REMOTE_ADDR)->sin_addr.s_addr;
+ chan.acceptor_address.value =
+ &((struct sockaddr_in *)REMOTE_ADDR)->sin_addr.s_addr;
chan.application_data.length = 0;
chan.application_data.value = NULL;
@@ -192,12 +194,12 @@ krb5_auth(void *app_data, struct connectdata *conn)
result = Curl_ftpsendf(conn, "AUTH GSSAPI");
if(result)
- return -2;
+ return -2;
if(Curl_GetFTPResponse(&nread, conn, NULL))
- return -1;
+ return -1;
if(data->state.buffer[0] != '3')
- return -1;
+ return -1;
}
gssbuf.value = data->state.buffer;
@@ -206,8 +208,8 @@ krb5_auth(void *app_data, struct connectdata *conn)
if(maj != GSS_S_COMPLETE) {
gss_release_name(&min, &gssname);
if(service == srv_host) {
- Curl_failf(data, "Error importing service name %s", gssbuf.value);
- return AUTH_ERROR;
+ Curl_failf(data, "Error importing service name %s", gssbuf.value);
+ return AUTH_ERROR;
}
service = srv_host;
continue;
@@ -224,69 +226,71 @@ krb5_auth(void *app_data, struct connectdata *conn)
do {
ret = AUTH_OK;
maj = gss_init_sec_context(&min,
- GSS_C_NO_CREDENTIAL,
- context,
- gssname,
- GSS_C_NO_OID,
- GSS_C_MUTUAL_FLAG | GSS_C_REPLAY_FLAG,
- 0,
- &chan,
- gssresp,
- NULL,
- &gssbuf,
- NULL,
- NULL);
+ GSS_C_NO_CREDENTIAL,
+ context,
+ gssname,
+ GSS_C_NO_OID,
+ GSS_C_MUTUAL_FLAG | GSS_C_REPLAY_FLAG,
+ 0,
+ &chan,
+ gssresp,
+ NULL,
+ &gssbuf,
+ NULL,
+ NULL);
if(gssresp) {
- free(_gssresp.value);
- gssresp = NULL;
+ free(_gssresp.value);
+ gssresp = NULL;
}
if(maj != GSS_S_COMPLETE && maj != GSS_S_CONTINUE_NEEDED) {
- Curl_infof(data, "Error creating security context");
- ret = AUTH_ERROR;
- break;
+ Curl_infof(data, "Error creating security context");
+ ret = AUTH_ERROR;
+ break;
}
if(gssbuf.length != 0) {
- if(Curl_base64_encode(data, (char *)gssbuf.value, gssbuf.length, &p) < 1) {
- Curl_infof(data, "Out of memory base64-encoding");
- ret = AUTH_CONTINUE;
- break;
- }
-
- result = Curl_ftpsendf(conn, "ADAT %s", p);
-
- free(p);
-
- if(result) {
- ret = -2;
- break;
- }
-
- if(Curl_GetFTPResponse(&nread, conn, NULL)) {
- ret = -1;
- break;
- }
-
- if(data->state.buffer[0] != '2' && data->state.buffer[0] != '3'){
- Curl_infof(data, "Server didn't accept auth data\n");
- ret = AUTH_ERROR;
- break;
- }
-
- p = data->state.buffer + 4;
- p = strstr(p, "ADAT=");
- if(p) {
- _gssresp.length = Curl_base64_decode(p + 5, (unsigned char **)&_gssresp.value);
- if(_gssresp.length < 1) {
- Curl_failf(data, "Out of memory base64-encoding");
- ret = AUTH_CONTINUE;
- break;
- }
- }
-
- gssresp = &_gssresp;
+ if(Curl_base64_encode(data, (char *)gssbuf.value, gssbuf.length, &p)
+ < 1) {
+ Curl_infof(data, "Out of memory base64-encoding");
+ ret = AUTH_CONTINUE;
+ break;
+ }
+
+ result = Curl_ftpsendf(conn, "ADAT %s", p);
+
+ free(p);
+
+ if(result) {
+ ret = -2;
+ break;
+ }
+
+ if(Curl_GetFTPResponse(&nread, conn, NULL)) {
+ ret = -1;
+ break;
+ }
+
+ if(data->state.buffer[0] != '2' && data->state.buffer[0] != '3'){
+ Curl_infof(data, "Server didn't accept auth data\n");
+ ret = AUTH_ERROR;
+ break;
+ }
+
+ p = data->state.buffer + 4;
+ p = strstr(p, "ADAT=");
+ if(p) {
+ _gssresp.length = Curl_base64_decode(p + 5, (unsigned char **)
+ &_gssresp.value);
+ if(_gssresp.length < 1) {
+ Curl_failf(data, "Out of memory base64-encoding");
+ ret = AUTH_CONTINUE;
+ break;
+ }
+ }
+
+ gssresp = &_gssresp;
}
} while(maj == GSS_S_CONTINUE_NEEDED);