From 4adee1947c8016359fb7ae01dd3998166ea0101a Mon Sep 17 00:00:00 2001 From: Steve Holme Date: Sun, 13 Mar 2016 20:09:15 +0000 Subject: http_negotiate: Combine GSS-API and SSPI source files As the GSS-API and SSPI based source files are no longer library/API specific, following the extraction of that authentication code to the vauth directory, combine these files rather than maintain two separate versions. --- lib/Makefile.inc | 8 +-- lib/Makefile.vc6 | 1 - lib/http_negotiate.c | 34 ++++++++-- lib/http_negotiate_sspi.c | 135 ------------------------------------- packages/Symbian/group/libcurl.mmp | 10 +-- 5 files changed, 38 insertions(+), 150 deletions(-) delete mode 100644 lib/http_negotiate_sspi.c diff --git a/lib/Makefile.inc b/lib/Makefile.inc index b9bb7149f..ce15cff05 100644 --- a/lib/Makefile.inc +++ b/lib/Makefile.inc @@ -50,10 +50,10 @@ LIB_CFILES = file.c timeval.c base64.c hostip.c progress.c formdata.c \ curl_sspi.c slist.c nonblock.c curl_memrchr.c imap.c pop3.c smtp.c \ pingpong.c rtsp.c curl_threads.c warnless.c hmac.c curl_rtmp.c \ openldap.c curl_gethostname.c gopher.c idn_win32.c \ - http_negotiate_sspi.c http_proxy.c non-ascii.c asyn-ares.c \ - asyn-thread.c curl_gssapi.c curl_ntlm.c curl_ntlm_wb.c \ - curl_ntlm_core.c curl_sasl.c curl_multibyte.c hostcheck.c conncache.c \ - pipeline.c dotdot.c x509asn1.c http2.c smb.c curl_endian.c curl_des.c + http_proxy.c non-ascii.c asyn-ares.c asyn-thread.c curl_gssapi.c \ + curl_ntlm.c curl_ntlm_wb.c curl_ntlm_core.c curl_sasl.c \ + curl_multibyte.c hostcheck.c conncache.c pipeline.c dotdot.c \ + x509asn1.c http2.c smb.c curl_endian.c curl_des.c LIB_HFILES = arpa_telnet.h netrc.h file.h timeval.h hostip.h progress.h \ formdata.h cookie.h http.h sendf.h ftp.h url.h dict.h if2ip.h \ diff --git a/lib/Makefile.vc6 b/lib/Makefile.vc6 index b87350a7f..64b58392b 100644 --- a/lib/Makefile.vc6 +++ b/lib/Makefile.vc6 @@ -574,7 +574,6 @@ X_OBJS= \ $(DIROBJ)\http_chunks.obj \ $(DIROBJ)\http_digest.obj \ $(DIROBJ)\http_negotiate.obj \ - $(DIROBJ)\http_negotiate_sspi.obj \ $(DIROBJ)\http_proxy.obj \ $(DIROBJ)\idn_win32.obj \ $(DIROBJ)\if2ip.obj \ diff --git a/lib/http_negotiate.c b/lib/http_negotiate.c index 587ea2a1c..99a4dbdad 100644 --- a/lib/http_negotiate.c +++ b/lib/http_negotiate.c @@ -22,7 +22,7 @@ #include "curl_setup.h" -#if defined(HAVE_GSSAPI) && !defined(CURL_DISABLE_HTTP) && defined(USE_SPNEGO) +#if !defined(CURL_DISABLE_HTTP) && defined(USE_SPNEGO) #include "urldata.h" #include "sendf.h" @@ -39,8 +39,11 @@ CURLcode Curl_input_negotiate(struct connectdata *conn, bool proxy, const char *header) { struct SessionHandle *data = conn->data; + size_t len; - /* Point to the service and host */ + /* Point to the username, password, service and host */ + const char *userp; + const char *passwdp; const char *service; const char *host; @@ -48,29 +51,50 @@ CURLcode Curl_input_negotiate(struct connectdata *conn, bool proxy, struct negotiatedata *neg_ctx; if(proxy) { + userp = conn->proxyuser; + passwdp = conn->proxypasswd; service = data->set.str[STRING_PROXY_SERVICE_NAME]; host = conn->host.name; neg_ctx = &data->state.proxyneg; } else { + userp = conn->user; + passwdp = conn->passwd; service = data->set.str[STRING_SERVICE_NAME]; host = conn->proxy.name; neg_ctx = &data->state.negotiate; } + /* Not set means empty */ + if(!userp) + userp = ""; + + if(!passwdp) + passwdp = ""; + /* Obtain the input token, if any */ header += strlen("Negotiate"); while(*header && ISSPACE(*header)) header++; + len = strlen(header); + if(!len) { + /* Is this the first call in a new negotiation? */ + if(neg_ctx->context) { + /* The server rejected our authentication and hasn't suppled any more + negotiation mechanisms */ + return CURLE_LOGIN_DENIED; + } + } + /* Initilise the security context and decode our challenge */ - return Curl_auth_decode_spnego_message(data, NULL, NULL, service, host, + return Curl_auth_decode_spnego_message(data, userp, passwdp, service, host, header, neg_ctx); } CURLcode Curl_output_negotiate(struct connectdata *conn, bool proxy) { - struct negotiatedata *neg_ctx = proxy?&conn->data->state.proxyneg: + struct negotiatedata *neg_ctx = proxy ? &conn->data->state.proxyneg : &conn->data->state.negotiate; char *base64 = NULL; size_t len = 0; @@ -104,4 +128,4 @@ void Curl_cleanup_negotiate(struct SessionHandle *data) Curl_auth_spnego_cleanup(&data->state.proxyneg); } -#endif /* HAVE_GSSAPI && !CURL_DISABLE_HTTP && USE_SPNEGO */ +#endif /* !CURL_DISABLE_HTTP && USE_SPNEGO */ diff --git a/lib/http_negotiate_sspi.c b/lib/http_negotiate_sspi.c deleted file mode 100644 index c79b55102..000000000 --- a/lib/http_negotiate_sspi.c +++ /dev/null @@ -1,135 +0,0 @@ -/*************************************************************************** - * _ _ ____ _ - * Project ___| | | | _ \| | - * / __| | | | |_) | | - * | (__| |_| | _ <| |___ - * \___|\___/|_| \_\_____| - * - * Copyright (C) 1998 - 2016, Daniel Stenberg, , et al. - * - * This software is licensed as described in the file COPYING, which - * you should have received as part of this distribution. The terms - * are also available at https://curl.haxx.se/docs/copyright.html. - * - * You may opt to use, copy, modify, merge, publish, distribute and/or sell - * copies of the Software, and permit persons to whom the Software is - * furnished to do so, under the terms of the COPYING file. - * - * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY - * KIND, either express or implied. - * - ***************************************************************************/ - -#include "curl_setup.h" - -#ifdef USE_WINDOWS_SSPI - -#if !defined(CURL_DISABLE_HTTP) && defined(USE_SPNEGO) - -#include "urldata.h" -#include "sendf.h" -#include "rawstr.h" -#include "vauth/vauth.h" -#include "http_negotiate.h" -#include "curl_printf.h" - -/* The last #include files should be: */ -#include "curl_memory.h" -#include "memdebug.h" - -CURLcode Curl_input_negotiate(struct connectdata *conn, bool proxy, - const char *header) -{ - struct SessionHandle *data = conn->data; - size_t len; - - /* Point to the username, password, service and host */ - const char *userp; - const char *passwdp; - const char *service; - const char *host; - - /* Point to the correct struct with this */ - struct negotiatedata *neg_ctx; - - if(proxy) { - userp = conn->proxyuser; - passwdp = conn->proxypasswd; - service = data->set.str[STRING_PROXY_SERVICE_NAME]; - host = conn->host.name; - neg_ctx = &data->state.proxyneg; - } - else { - userp = conn->user; - passwdp = conn->passwd; - service = data->set.str[STRING_SERVICE_NAME]; - host = conn->proxy.name; - neg_ctx = &data->state.negotiate; - } - - /* Not set means empty */ - if(!userp) - userp = ""; - - if(!passwdp) - passwdp = ""; - - /* Obtain the input token, if any */ - header += strlen("Negotiate"); - while(*header && ISSPACE(*header)) - header++; - - len = strlen(header); - if(!len) { - /* Is this the first call in a new negotiation? */ - if(neg_ctx->context) { - /* The server rejected our authentication and hasn't suppled any more - negotiation mechanisms */ - return CURLE_LOGIN_DENIED; - } - } - - /* Initilise the security context and decode our challenge */ - return Curl_auth_decode_spnego_message(data, userp, passwdp, service, host, - header, neg_ctx); -} - -CURLcode Curl_output_negotiate(struct connectdata *conn, bool proxy) -{ - struct negotiatedata *neg_ctx = proxy?&conn->data->state.proxyneg: - &conn->data->state.negotiate; - char *base64 = NULL; - size_t len = 0; - char *userp; - CURLcode result; - - result = Curl_auth_create_spnego_message(conn->data, neg_ctx, &base64, &len); - if(result) - return result; - - userp = aprintf("%sAuthorization: Negotiate %s\r\n", proxy ? "Proxy-" : "", - base64); - - if(proxy) { - Curl_safefree(conn->allocptr.proxyuserpwd); - conn->allocptr.proxyuserpwd = userp; - } - else { - Curl_safefree(conn->allocptr.userpwd); - conn->allocptr.userpwd = userp; - } - - free(base64); - - return (userp == NULL) ? CURLE_OUT_OF_MEMORY : CURLE_OK; -} - -void Curl_cleanup_negotiate(struct SessionHandle *data) -{ - Curl_auth_spnego_cleanup(&data->state.negotiate); - Curl_auth_spnego_cleanup(&data->state.proxyneg); -} - -#endif /* !CURL_DISABLE_HTTP && USE_SPNEGO */ - -#endif /* USE_WINDOWS_SSPI */ diff --git a/packages/Symbian/group/libcurl.mmp b/packages/Symbian/group/libcurl.mmp index ec8e8d355..224eefbb7 100644 --- a/packages/Symbian/group/libcurl.mmp +++ b/packages/Symbian/group/libcurl.mmp @@ -35,11 +35,11 @@ SOURCE \ socks_sspi.c curl_sspi.c slist.c nonblock.c curl_memrchr.c imap.c \ pop3.c smtp.c pingpong.c rtsp.c curl_threads.c warnless.c hmac.c \ vtls/polarssl.c curl_rtmp.c openldap.c curl_gethostname.c gopher.c \ - vtls/axtls.c idn_win32.c http_negotiate_sspi.c vtls/cyassl.c \ - http_proxy.c non-ascii.c asyn-ares.c asyn-thread.c curl_gssapi.c \ - curl_ntlm.c curl_ntlm_wb.c curl_ntlm_core.c curl_sasl.c \ - vtls/schannel.c curl_multibyte.c vtls/darwinssl.c conncache.c \ - curl_sasl_sspi.c smb.c curl_endian.c curl_des.c \ + vtls/axtls.c idn_win32.c vtls/cyassl.c http_proxy.c non-ascii.c \ + asyn-ares.c asyn-thread.c curl_gssapi.c curl_ntlm.c curl_ntlm_wb.c \ + curl_ntlm_core.c curl_sasl.c vtls/schannel.c curl_multibyte.c \ + vtls/darwinssl.c conncache.c curl_sasl_sspi.c smb.c curl_endian.c \ + curl_des.c \ vauth/vauth.c vauth/cleartext.c vauth/cram.c vauth/digest.c \ vauth/digest_sspi.c vauth/krb5_gssapi.c vauth/krb5_sspi.c \ vauth/ntlm.c vauth/ntlm_sspi.c vauth/oauth2.c vauth/spnego_gssapi.c \ -- cgit v1.2.3