diff options
Diffstat (limited to 'lib/krb5.c')
| -rw-r--r-- | lib/krb5.c | 104 |
1 files changed, 48 insertions, 56 deletions
diff --git a/lib/krb5.c b/lib/krb5.c index cedab1657..1e99c709e 100644 --- a/lib/krb5.c +++ b/lib/krb5.c @@ -1,8 +1,8 @@ /* GSSAPI/krb5 support for FTP - loosely based on old krb4.c * - * Copyright (c) 1995, 1996, 1997, 1998, 1999, 2010 Kungliga Tekniska Högskolan + * Copyright (c) 1995, 1996, 1997, 1998, 1999 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). - * Copyright (c) 2004 - 2009 Daniel Stenberg + * Copyright (c) 2004 - 2012 Daniel Stenberg * All rights reserved. * * Redistribution and use in source and binary forms, with or without @@ -32,39 +32,28 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. */ -#include "setup.h" +#include "curl_setup.h" #ifndef CURL_DISABLE_FTP #ifdef HAVE_GSSAPI #ifdef HAVE_OLD_GSSMIT #define GSS_C_NT_HOSTBASED_SERVICE gss_nt_service_name +#define NCOMPAT 1 #endif -#include <stdlib.h> #ifdef HAVE_NETDB_H #include <netdb.h> #endif -#include <string.h> - -#ifdef HAVE_GSSGNU -# include <gss.h> -#elif defined HAVE_GSSMIT - /* MIT style */ -# include <gssapi/gssapi.h> -# include <gssapi/gssapi_generic.h> -# include <gssapi/gssapi_krb5.h> -#else - /* Heimdal-style */ -# include <gssapi.h> -#endif #include "urldata.h" #include "curl_base64.h" #include "ftp.h" +#include "curl_gssapi.h" #include "sendf.h" #include "krb4.h" #include "curl_memory.h" +#include "warnless.h" #define _MPRINTF_REPLACE /* use our functions only */ #include <curl/mprintf.h> @@ -94,16 +83,16 @@ krb5_check_prot(void *app_data, int level) } static int -krb5_decode(void *app_data, void *buf, int len, int level, - struct connectdata *conn) +krb5_decode(void *app_data, void *buf, int len, + int level UNUSED_PARAM, + struct connectdata *conn UNUSED_PARAM) { gss_ctx_id_t *context = app_data; OM_uint32 maj, min; gss_buffer_desc enc, dec; - /* shut gcc up */ - level = 0; - conn = NULL; + (void)level; + (void)conn; enc.value = buf; enc.length = len; @@ -115,7 +104,7 @@ krb5_decode(void *app_data, void *buf, int len, int level, } memcpy(buf, dec.value, dec.length); - len = dec.length; + len = curlx_uztosi(dec.length); gss_release_buffer(&min, &dec); return len; @@ -124,16 +113,16 @@ krb5_decode(void *app_data, void *buf, int len, int level, static int krb5_overhead(void *app_data, int level, int len) { - /* no arguments are used, just init them to prevent compiler warnings */ - app_data = NULL; - level = 0; - len = 0; + /* no arguments are used */ + (void)app_data; + (void)level; + (void)len; return 0; } static int krb5_encode(void *app_data, const void *from, int length, int level, void **to, - struct connectdata *conn) + struct connectdata *conn UNUSED_PARAM) { gss_ctx_id_t *context = app_data; gss_buffer_desc dec, enc; @@ -157,12 +146,13 @@ krb5_encode(void *app_data, const void *from, int length, int level, void **to, if(maj != GSS_S_COMPLETE) return -1; - /* malloc a new buffer, in case gss_release_buffer doesn't work as expected */ + /* malloc a new buffer, in case gss_release_buffer doesn't work as + expected */ *to = malloc(enc.length); if(!*to) return -1; memcpy(*to, enc.value, enc.length); - len = enc.length; + len = curlx_uztosi(enc.length); gss_release_buffer(&min, &enc); return len; } @@ -183,6 +173,7 @@ krb5_auth(void *app_data, struct connectdata *conn) gss_name_t gssname; gss_ctx_id_t *context = app_data; struct gss_channel_bindings_struct chan; + size_t base64_sz = 0; if(getsockname(conn->sock[FIRSTSOCKET], (struct sockaddr *)LOCAL_ADDR, &l) < 0) @@ -200,7 +191,7 @@ krb5_auth(void *app_data, struct connectdata *conn) chan.application_data.value = NULL; /* this loop will execute twice (once for service, once for host) */ - while(1) { + for(;;) { /* this really shouldn't be repeated here, but can't help it */ if(service == srv_host) { result = Curl_ftpsendf(conn, "AUTH GSSAPI"); @@ -222,7 +213,8 @@ krb5_auth(void *app_data, struct connectdata *conn) if(maj != GSS_S_COMPLETE) { gss_release_name(&min, &gssname); if(service == srv_host) { - Curl_failf(data, "Error importing service name %s", input_buffer.value); + Curl_failf(data, "Error importing service name %s", + input_buffer.value); return AUTH_ERROR; } service = srv_host; @@ -240,19 +232,14 @@ krb5_auth(void *app_data, struct connectdata *conn) taken care by a final gss_release_buffer. */ gss_release_buffer(&min, &output_buffer); ret = AUTH_OK; - maj = gss_init_sec_context(&min, - GSS_C_NO_CREDENTIAL, - context, - gssname, - GSS_C_NO_OID, - GSS_C_MUTUAL_FLAG | GSS_C_REPLAY_FLAG, - 0, - &chan, - gssresp, - NULL, - &output_buffer, - NULL, - NULL); + maj = Curl_gss_init_sec_context(data, + &min, + context, + gssname, + &chan, + gssresp, + &output_buffer, + NULL); if(gssresp) { free(_gssresp.value); @@ -266,9 +253,10 @@ krb5_auth(void *app_data, struct connectdata *conn) } if(output_buffer.length != 0) { - if(Curl_base64_encode(data, (char *)output_buffer.value, - output_buffer.length, &p) < 1) { - Curl_infof(data, "Out of memory base64-encoding\n"); + result = Curl_base64_encode(data, (char *)output_buffer.value, + output_buffer.length, &p, &base64_sz); + if(result) { + Curl_infof(data,"base64-encoding: %s\n", curl_easy_strerror(result)); ret = AUTH_CONTINUE; break; } @@ -287,7 +275,7 @@ krb5_auth(void *app_data, struct connectdata *conn) break; } - if(data->state.buffer[0] != '2' && data->state.buffer[0] != '3'){ + if(data->state.buffer[0] != '2' && data->state.buffer[0] != '3') { Curl_infof(data, "Server didn't accept auth data\n"); ret = AUTH_ERROR; break; @@ -296,10 +284,11 @@ krb5_auth(void *app_data, struct connectdata *conn) p = data->state.buffer + 4; p = strstr(p, "ADAT="); if(p) { - _gssresp.length = Curl_base64_decode(p + 5, (unsigned char **) - &_gssresp.value); - if(_gssresp.length < 1) { - Curl_failf(data, "Out of memory base64-encoding\n"); + result = Curl_base64_decode(p + 5, + (unsigned char **)&_gssresp.value, + &_gssresp.length); + if(result) { + Curl_failf(data,"base64-decoding: %s", curl_easy_strerror(result)); ret = AUTH_CONTINUE; break; } @@ -325,10 +314,13 @@ krb5_auth(void *app_data, struct connectdata *conn) static void krb5_end(void *app_data) { - OM_uint32 maj, min; + OM_uint32 min; gss_ctx_id_t *context = app_data; - if (*context != GSS_C_NO_CONTEXT) { - maj = gss_delete_sec_context(&min, context, GSS_C_NO_BUFFER); + if(*context != GSS_C_NO_CONTEXT) { +#ifdef DEBUGBUILD + OM_uint32 maj = +#endif + gss_delete_sec_context(&min, context, GSS_C_NO_BUFFER); DEBUGASSERT(maj == GSS_S_COMPLETE); } } |