From b6575ce0b0fa74626c136a96b411f7baaca9c55b Mon Sep 17 00:00:00 2001 From: Daniel Stenberg Date: Tue, 20 Nov 2007 23:17:08 +0000 Subject: While inspecting the Negotiate code, I noticed how the proxy auth was using the same state struct as the host auth, so both could never be used at the same time! I fixed it (without being able to check) to use two separate structs to allow authentication using Negotiate on host and proxy simultanouesly. --- CHANGES | 11 +++++++++++ RELEASE-NOTES | 5 ++++- TODO-RELEASE | 3 --- lib/http_negotiate.c | 33 ++++++++++++++++++++------------- lib/urldata.h | 3 ++- 5 files changed, 37 insertions(+), 18 deletions(-) diff --git a/CHANGES b/CHANGES index 19074e2c3..0b63a6fe0 100644 --- a/CHANGES +++ b/CHANGES @@ -7,7 +7,18 @@ Changelog +Daniel S (21 Nov 2007) +- While inspecting the Negotiate code, I noticed how the proxy auth was using + the same state struct as the host auth, so both could never be used at the + same time! I fixed it (without being able to check) to use two separate + structs to allow authentication using Negotiate on host and proxy + simultanouesly. + Daniel S (20 Nov 2007) +- Emil Romanus pointed out a bug that made an easy handle get the cookie + engine activated when set to use a share (even if the share doesn't share + cookies). I fixed it. + - Fixed a very long-lasting mprintf() bug that occured when we did "%.*s%s", since the second %s would then wrongly used the numerical precision argument instead and crash. diff --git a/RELEASE-NOTES b/RELEASE-NOTES index 7fa596273..c20c81d1a 100644 --- a/RELEASE-NOTES +++ b/RELEASE-NOTES @@ -24,6 +24,8 @@ This release includes the following bugfixes: o variable wrapping when using debug callback and the HTTP request wasn't sent in one go o SSL connections with NSS done with the multi-interface + o setting a share no longer activates cookies + o Negotiate now works on auth and proxy simultanouesly This release includes the following known bugs: @@ -42,6 +44,7 @@ This release would not have looked like this without help, code, reports and advice from friends like these: Dan Fandrich, Gisle Vanem, Toby Peterson, Yang Tse, Daniel Black, - Robin Johnson, Michal Marek, Ates Goral, Andres Garcia, Rob Crittenden + Robin Johnson, Michal Marek, Ates Goral, Andres Garcia, Rob Crittenden, + Emil Romanus Thanks! (and sorry if I forgot to mention someone) diff --git a/TODO-RELEASE b/TODO-RELEASE index 4817a7b3e..2911a3d1e 100644 --- a/TODO-RELEASE +++ b/TODO-RELEASE @@ -1,9 +1,6 @@ To be addressed before 7.17.2 (planned release: December 2007) ============================= -106 - Share interface force-enable the cookie parser - http://curl.haxx.se/mail/lib-2007-11/0234.html - 107 - resolve the type= thing for FTP URLs over HTTP proxies 108 - diff --git a/lib/http_negotiate.c b/lib/http_negotiate.c index 5e88dc0a0..c584e28a6 100644 --- a/lib/http_negotiate.c +++ b/lib/http_negotiate.c @@ -51,7 +51,8 @@ static int get_gss_name(struct connectdata *conn, bool proxy, gss_name_t *server) { - struct negotiatedata *neg_ctx = &conn->data->state.negotiate; + struct negotiatedata *neg_ctx = proxy?&conn->data->state.proxyneg: + &conn->data->state.negotiate; OM_uint32 major_status, minor_status; gss_buffer_desc token = GSS_C_EMPTY_BUFFER; char name[2048]; @@ -98,12 +99,12 @@ log_gss_error(struct connectdata *conn, OM_uint32 error_status, char *prefix) snprintf(buf, sizeof(buf), "%s", prefix); len = strlen(buf); do { - maj_stat = gss_display_status (&min_stat, - error_status, - GSS_C_MECH_CODE, - GSS_C_NO_OID, - &msg_ctx, - &status_string); + maj_stat = gss_display_status(&min_stat, + error_status, + GSS_C_MECH_CODE, + GSS_C_NO_OID, + &msg_ctx, + &status_string); if(sizeof(buf) > len + status_string.length + 1) { snprintf(buf + len, sizeof(buf) - len, ": %s", (char*) status_string.value); @@ -118,7 +119,8 @@ log_gss_error(struct connectdata *conn, OM_uint32 error_status, char *prefix) int Curl_input_negotiate(struct connectdata *conn, bool proxy, const char *header) { - struct negotiatedata *neg_ctx = &conn->data->state.negotiate; + struct negotiatedata *neg_ctx = proxy?&conn->data->state.proxyneg: + &conn->data->state.negotiate; OM_uint32 major_status, minor_status, minor_status2; gss_buffer_desc input_token = GSS_C_EMPTY_BUFFER; gss_buffer_desc output_token = GSS_C_EMPTY_BUFFER; @@ -251,13 +253,14 @@ int Curl_input_negotiate(struct connectdata *conn, bool proxy, CURLcode Curl_output_negotiate(struct connectdata *conn, bool proxy) { - struct negotiatedata *neg_ctx = &conn->data->state.negotiate; + struct negotiatedata *neg_ctx = proxy?&conn->data->state.proxyneg: + &conn->data->state.negotiate; OM_uint32 minor_status; char *encoded = NULL; int len; #ifdef HAVE_SPNEGO /* Handle SPNEGO */ - if(checkprefix("Negotiate",neg_ctx->protocol)) { + if(checkprefix("Negotiate", neg_ctx->protocol)) { ASN1_OBJECT * object = NULL; int rc = 1; unsigned char * spnegoToken = NULL; @@ -310,11 +313,9 @@ CURLcode Curl_output_negotiate(struct connectdata *conn, bool proxy) return (conn->allocptr.userpwd == NULL) ? CURLE_OUT_OF_MEMORY : CURLE_OK; } -void Curl_cleanup_negotiate(struct SessionHandle *data) +static void cleanup(struct negotiatedata *neg_ctx) { OM_uint32 minor_status; - struct negotiatedata *neg_ctx = &data->state.negotiate; - if(neg_ctx->context != GSS_C_NO_CONTEXT) gss_delete_sec_context(&minor_status, &neg_ctx->context, GSS_C_NO_BUFFER); @@ -327,6 +328,12 @@ void Curl_cleanup_negotiate(struct SessionHandle *data) memset(neg_ctx, 0, sizeof(*neg_ctx)); } +void Curl_cleanup_negotiate(struct SessionHandle *data) +{ + cleanup(&data->state.negotiate); + cleanup(&data->state.proxyneg); +} + #endif #endif diff --git a/lib/urldata.h b/lib/urldata.h index 84aca5a61..beee01064 100644 --- a/lib/urldata.h +++ b/lib/urldata.h @@ -1199,7 +1199,8 @@ struct UrlState { struct digestdata proxydigest; /* state data for proxy Digest auth */ #ifdef HAVE_GSSAPI - struct negotiatedata negotiate; /* state data for Negotiate auth */ + struct negotiatedata negotiate; /* state data for host Negotiate auth */ + struct negotiatedata proxyneg; /* state data for proxy Negotiate auth */ #endif struct auth authhost; /* auth details for host */ -- cgit v1.2.3