diff options
Diffstat (limited to 'lib')
| -rw-r--r-- | lib/Makefile.netware | 14 | ||||
| -rw-r--r-- | lib/curl_gssapi.h | 13 | ||||
| -rw-r--r-- | lib/curl_sasl_gssapi.c | 14 | ||||
| -rw-r--r-- | lib/ftp.c | 63 | ||||
| -rw-r--r-- | lib/ftp.h | 11 | ||||
| -rw-r--r-- | lib/http_negotiate.c | 15 | ||||
| -rw-r--r-- | lib/krb5.c | 13 | ||||
| -rw-r--r-- | lib/socks_gssapi.c | 18 | ||||
| -rw-r--r-- | lib/vtls/nss.c | 4 |
9 files changed, 77 insertions, 88 deletions
diff --git a/lib/Makefile.netware b/lib/Makefile.netware index 802959ce9..2cd754a70 100644 --- a/lib/Makefile.netware +++ b/lib/Makefile.netware @@ -214,6 +214,11 @@ WITH_SSL = else ifeq ($(findstring -ssl,$(CFG)),-ssl) WITH_SSL = 1 +ifeq ($(findstring -srp,$(CFG)),-srp) +ifeq "$(wildcard $(OPENSSL_PATH)/outinc_nw_$(LIBARCH_L)/openssl/srp.h)" "$(OPENSSL_PATH)/outinc_nw_$(LIBARCH_L)/openssl/srp.h" +WITH_SRP = 1 +endif +endif endif endif ifeq ($(findstring -zlib,$(CFG)),-zlib) @@ -638,6 +643,10 @@ ifdef WITH_SSL @echo $(DL)#define HAVE_LIBSSL 1$(DL) >> $@ @echo $(DL)#define HAVE_LIBCRYPTO 1$(DL) >> $@ @echo $(DL)#define OPENSSL_NO_KRB5 1$(DL) >> $@ +ifdef WITH_SRP + @echo $(DL)#define HAVE_SSLEAY_SRP 1$(DL) >> $@ + @echo $(DL)#define USE_TLS_SRP 1$(DL) >> $@ +endif ifdef WITH_SPNEGO @echo $(DL)#define HAVE_SPNEGO 1$(DL) >> $@ endif @@ -690,6 +699,11 @@ ifdef WITH_SSL else @echo SSL support: no endif +ifdef WITH_SRP + @echo SRP support: enabled +else + @echo SRP support: no +endif ifdef WITH_SSH2 @echo SSH2 support: enabled (libssh2) else diff --git a/lib/curl_gssapi.h b/lib/curl_gssapi.h index 35e4b2484..19aab64e6 100644 --- a/lib/curl_gssapi.h +++ b/lib/curl_gssapi.h @@ -7,7 +7,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 2011 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al. + * Copyright (C) 2011 - 2015, Daniel Stenberg, <daniel@haxx.se>, et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -59,6 +59,17 @@ OM_uint32 Curl_gss_init_sec_context( void Curl_gss_log_error(struct SessionHandle *data, OM_uint32 status, const char *prefix); +/* Provide some definitions missing in old headers */ +#ifdef HAVE_OLD_GSSMIT +#define GSS_C_NT_HOSTBASED_SERVICE gss_nt_service_name +#define NCOMPAT 1 +#endif + +/* Define our privacy and integrity protection values */ +#define GSSAUTH_P_NONE 1 +#define GSSAUTH_P_INTEGRITY 2 +#define GSSAUTH_P_PRIVACY 4 + #endif /* HAVE_GSSAPI */ #endif /* HEADER_CURL_GSSAPI_H */ diff --git a/lib/curl_sasl_gssapi.c b/lib/curl_sasl_gssapi.c index 6dda0e907..d8f811961 100644 --- a/lib/curl_sasl_gssapi.c +++ b/lib/curl_sasl_gssapi.c @@ -5,7 +5,8 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 2014, Steve Holme, <steve_holme@hotmail.com>. + * Copyright (C) 2014 - 2015, Steve Holme, <steve_holme@hotmail.com>. + * Copyright (C) 2015, Daniel Stenberg, <daniel@haxx.se>, et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -26,15 +27,6 @@ #if defined(HAVE_GSSAPI) && defined(USE_KERBEROS5) -#ifdef HAVE_OLD_GSSMIT -#define GSS_C_NT_HOSTBASED_SERVICE gss_nt_service_name -#define NCOMPAT 1 -#endif - -#define GSSAUTH_P_NONE 1 -#define GSSAUTH_P_INTEGRITY 2 -#define GSSAUTH_P_PRIVACY 4 - #include <curl/curl.h> #include "curl_sasl.h" @@ -126,7 +118,7 @@ CURLcode Curl_sasl_create_gssapi_user_message(struct SessionHandle *data, /* Import the SPN */ gss_major_status = gss_import_name(&gss_minor_status, &spn_token, - gss_nt_service_name, &krb5->spn); + GSS_C_NT_HOSTBASED_SERVICE, &krb5->spn); if(GSS_ERROR(gss_major_status)) { Curl_gss_log_error(data, gss_minor_status, "gss_import_name() failed: "); @@ -5,7 +5,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 1998 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al. + * Copyright (C) 1998 - 2015, Daniel Stenberg, <daniel@haxx.se>, et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -294,10 +294,10 @@ static void freedirs(struct ftp_conn *ftpc) ftpc->dirs = NULL; ftpc->dirdepth = 0; } - if(ftpc->file) { - free(ftpc->file); - ftpc->file = NULL; - } + Curl_safefree(ftpc->file); + + /* no longer of any use */ + Curl_safefree(ftpc->newhost); } /* Returns non-zero if the given string contains CR (\r) or LF (\n), @@ -1815,6 +1815,13 @@ static CURLcode ftp_state_quote(struct connectdata *conn, static CURLcode ftp_epsv_disable(struct connectdata *conn) { CURLcode result = CURLE_OK; + + if(conn->bits.ipv6) { + /* We can't disable EPSV when doing IPv6, so this is instead a fail */ + failf(conn->data, "Failed EPSV attempt, exiting\n"); + return CURLE_FTP_WEIRD_SERVER_REPLY; + } + infof(conn->data, "Failed EPSV attempt. Disabling EPSV\n"); /* disable it for next transfer */ conn->bits.ftp_use_epsv = FALSE; @@ -1917,6 +1924,9 @@ static CURLcode ftp_state_pasv_resp(struct connectdata *conn, unsigned short connectport; /* the local port connect() should use! */ char *str=&data->state.buffer[4]; /* start on the first letter */ + /* if we come here again, make sure the former name is cleared */ + Curl_safefree(ftpc->newhost); + if((ftpc->count1 == 0) && (ftpcode == 229)) { /* positive EPSV response */ @@ -1949,18 +1959,10 @@ static CURLcode ftp_state_pasv_resp(struct connectdata *conn, if(ptr) { ftpc->newport = (unsigned short)(num & 0xffff); - if(conn->bits.tunnel_proxy || - conn->proxytype == CURLPROXY_SOCKS5 || - conn->proxytype == CURLPROXY_SOCKS5_HOSTNAME || - conn->proxytype == CURLPROXY_SOCKS4 || - conn->proxytype == CURLPROXY_SOCKS4A) - /* proxy tunnel -> use other host info because ip_addr_str is the - proxy address not the ftp host */ - snprintf(ftpc->newhost, sizeof(ftpc->newhost), "%s", - conn->host.name); - else - /* use the same IP we are already connected to */ - snprintf(ftpc->newhost, NEWHOST_BUFSIZE, "%s", conn->ip_addr_str); + /* use the original host name again */ + ftpc->newhost = strdup(conn->host.name); + if(!ftpc->newhost) + return CURLE_OUT_OF_MEMORY; } } else @@ -2001,26 +2003,21 @@ static CURLcode ftp_state_pasv_resp(struct connectdata *conn, /* we got OK from server */ if(data->set.ftp_skip_ip) { - /* told to ignore the remotely given IP but instead use the one we used + /* told to ignore the remotely given IP but instead use the host we used for the control connection */ - infof(data, "Skips %d.%d.%d.%d for data connection, uses %s instead\n", + infof(data, "Skip %d.%d.%d.%d for data connection, re-use %s instead\n", ip[0], ip[1], ip[2], ip[3], - conn->ip_addr_str); - if(conn->bits.tunnel_proxy || - conn->proxytype == CURLPROXY_SOCKS5 || - conn->proxytype == CURLPROXY_SOCKS5_HOSTNAME || - conn->proxytype == CURLPROXY_SOCKS4 || - conn->proxytype == CURLPROXY_SOCKS4A) - /* proxy tunnel -> use other host info because ip_addr_str is the - proxy address not the ftp host */ - snprintf(ftpc->newhost, sizeof(ftpc->newhost), "%s", conn->host.name); - else - snprintf(ftpc->newhost, sizeof(ftpc->newhost), "%s", - conn->ip_addr_str); + conn->host.name); + + /* use the original host name again */ + ftpc->newhost = strdup(conn->host.name); } else - snprintf(ftpc->newhost, sizeof(ftpc->newhost), - "%d.%d.%d.%d", ip[0], ip[1], ip[2], ip[3]); + ftpc->newhost = aprintf("%d.%d.%d.%d", ip[0], ip[1], ip[2], ip[3]); + + if(!ftpc->newhost) + return CURLE_OUT_OF_MEMORY; + ftpc->newport = (unsigned short)(((port[0]<<8) + port[1]) & 0xffff); } else if(ftpc->count1 == 0) { @@ -7,7 +7,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 1998 - 2013, Daniel Stenberg, <daniel@haxx.se>, et al. + * Copyright (C) 1998 - 2015, Daniel Stenberg, <daniel@haxx.se>, et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -147,11 +147,10 @@ struct ftp_conn { curl_off_t known_filesize; /* file size is different from -1, if wildcard LIST parsing was done and wc_statemach set it */ - /* newhost must be able to hold a full IP-style address in ASCII, which - in the IPv6 case means 5*8-1 = 39 letters */ -#define NEWHOST_BUFSIZE 48 - char newhost[NEWHOST_BUFSIZE]; /* this is the pair to connect the DATA... */ - unsigned short newport; /* connection to */ + /* newhost is the (allocated) IP addr or host name to connect the data + connection to */ + char *newhost; /* this is the pair to connect the DATA... */ + unsigned short newport; /* connection to */ }; diff --git a/lib/http_negotiate.c b/lib/http_negotiate.c index 97d0cb762..5967022b5 100644 --- a/lib/http_negotiate.c +++ b/lib/http_negotiate.c @@ -5,7 +5,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 1998 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al. + * Copyright (C) 1998 - 2015, Daniel Stenberg, <daniel@haxx.se>, et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -22,14 +22,7 @@ #include "curl_setup.h" -#ifdef HAVE_GSSAPI - -#if !defined(CURL_DISABLE_HTTP) && defined(USE_SPNEGO) - -#ifdef HAVE_OLD_GSSMIT -#define GSS_C_NT_HOSTBASED_SERVICE gss_nt_service_name -#define NCOMPAT 1 -#endif +#if defined(HAVE_GSSAPI) && !defined(CURL_DISABLE_HTTP) && defined(USE_SPNEGO) #include "urldata.h" #include "sendf.h" @@ -211,6 +204,4 @@ void Curl_cleanup_negotiate(struct SessionHandle *data) cleanup(&data->state.proxyneg); } -#endif /* !CURL_DISABLE_HTTP && USE_SPNEGO */ - -#endif /* HAVE_GSSAPI */ +#endif /* HAVE_GSSAPI && !CURL_DISABLE_HTTP && USE_SPNEGO */ diff --git a/lib/krb5.c b/lib/krb5.c index a0d7bb4f0..f0cb3f196 100644 --- a/lib/krb5.c +++ b/lib/krb5.c @@ -2,7 +2,7 @@ * * Copyright (c) 1995, 1996, 1997, 1998, 1999, 2013 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). - * Copyright (c) 2004 - 2014 Daniel Stenberg + * Copyright (c) 2004 - 2015 Daniel Stenberg * All rights reserved. * * Redistribution and use in source and binary forms, with or without @@ -34,13 +34,7 @@ #include "curl_setup.h" -#ifndef CURL_DISABLE_FTP -#ifdef HAVE_GSSAPI - -#ifdef HAVE_OLD_GSSMIT -#define GSS_C_NT_HOSTBASED_SERVICE gss_nt_service_name -#define NCOMPAT 1 -#endif +#if defined(HAVE_GSSAPI) && !defined(CURL_DISABLE_FTP) #ifdef HAVE_NETDB_H #include <netdb.h> @@ -335,5 +329,4 @@ struct Curl_sec_client_mech Curl_krb5_client_mech = { krb5_decode }; -#endif /* HAVE_GSSAPI */ -#endif /* CURL_DISABLE_FTP */ +#endif /* HAVE_GSSAPI && !CURL_DISABLE_FTP */ diff --git a/lib/socks_gssapi.c b/lib/socks_gssapi.c index f195c1a0e..8a016d09e 100644 --- a/lib/socks_gssapi.c +++ b/lib/socks_gssapi.c @@ -6,7 +6,7 @@ * \___|\___/|_| \_\_____| * * Copyright (C) 2009, 2011, Markus Moeller, <markus_moeller@compuserve.com> - * Copyright (C) 2012 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al. + * Copyright (C) 2012 - 2015, Daniel Stenberg, <daniel@haxx.se>, et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -23,16 +23,7 @@ #include "curl_setup.h" -#ifndef CURL_DISABLE_PROXY - -#ifdef HAVE_GSSAPI -#ifdef HAVE_OLD_GSSMIT -#define GSS_C_NT_HOSTBASED_SERVICE gss_nt_service_name -#define NCOMPAT 1 -#endif -#ifndef gss_nt_service_name -#define gss_nt_service_name GSS_C_NT_HOSTBASED_SERVICE -#endif +#if defined(HAVE_GSSAPI) && !defined(CURL_DISABLE_PROXY) #include "curl_gssapi.h" #include "urldata.h" @@ -162,7 +153,7 @@ CURLcode Curl_SOCKS5_gssapi_negotiate(int sockindex, serviceptr, conn->proxy.name); gss_major_status = gss_import_name(&gss_minor_status, &service, - gss_nt_service_name, &server); + GSS_C_NT_HOSTBASED_SERVICE, &server); } gss_release_buffer(&gss_status, &service); /* clear allocated memory */ @@ -530,6 +521,5 @@ CURLcode Curl_SOCKS5_gssapi_negotiate(int sockindex, return CURLE_OK; } -#endif -#endif /* CURL_DISABLE_PROXY */ +#endif /* HAVE_GSSAPI && !CURL_DISABLE_PROXY */ diff --git a/lib/vtls/nss.c b/lib/vtls/nss.c index dd83a9d68..37fe48079 100644 --- a/lib/vtls/nss.c +++ b/lib/vtls/nss.c @@ -5,7 +5,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 1998 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al. + * Copyright (C) 1998 - 2015, Daniel Stenberg, <daniel@haxx.se>, et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -659,6 +659,8 @@ static void HandshakeCallback(PRFileDesc *sock, void *arg) unsigned int buflen; SSLNextProtoState state; + struct ssl_connect_data *connssl = &conn->ssl[FIRSTSOCKET]; + if(!conn->data->set.ssl_enable_npn && !conn->data->set.ssl_enable_alpn) { return; } |