Revert "Update to 7.40.1"
[platform/upstream/curl.git] / lib / http_negotiate.c
index c584e28..53df30e 100644 (file)
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2007, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2013, Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
  * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
  * KIND, either express or implied.
  *
- * $Id$
  ***************************************************************************/
-#include "setup.h"
+
+#include "curl_setup.h"
 
 #ifdef HAVE_GSSAPI
-#ifdef HAVE_GSSMIT
+#ifdef HAVE_OLD_GSSMIT
 #define GSS_C_NT_HOSTBASED_SERVICE gss_nt_service_name
+#define NCOMPAT 1
 #endif
 
 #ifndef CURL_DISABLE_HTTP
- /* -- WIN32 approved -- */
-#include <stdio.h>
-#include <string.h>
-#include <stdarg.h>
-#include <stdlib.h>
-#include <ctype.h>
 
 #include "urldata.h"
 #include "sendf.h"
-#include "strequal.h"
-#include "base64.h"
+#include "curl_gssapi.h"
+#include "rawstr.h"
+#include "curl_base64.h"
 #include "http_negotiate.h"
-#include "memory.h"
+#include "curl_memory.h"
+#include "url.h"
+
+#ifdef HAVE_SPNEGO
+#  include <spnegohelp.h>
+#  ifdef USE_SSLEAY
+#    ifdef USE_OPENSSL
+#      include <openssl/objects.h>
+#    else
+#      include <objects.h>
+#    endif
+#  else
+#    error "Can't compile SPNEGO support without OpenSSL."
+#  endif
+#endif
 
 #define _MPRINTF_REPLACE /* use our functions only */
 #include <curl/mprintf.h>
@@ -88,7 +98,8 @@ get_gss_name(struct connectdata *conn, bool proxy, gss_name_t *server)
 }
 
 static void
-log_gss_error(struct connectdata *conn, OM_uint32 error_status, char *prefix)
+log_gss_error(struct connectdata *conn, OM_uint32 error_status,
+              const char *prefix)
 {
   OM_uint32 maj_stat, min_stat;
   OM_uint32 msg_ctx = 0;
@@ -113,24 +124,27 @@ log_gss_error(struct connectdata *conn, OM_uint32 error_status, char *prefix)
     gss_release_buffer(&min_stat, &status_string);
   } while(!GSS_ERROR(maj_stat) && msg_ctx != 0);
 
-  infof(conn->data, "%s", buf);
+  infof(conn->data, "%s\n", buf);
 }
 
+/* returning zero (0) means success, everything else is treated as "failure"
+   with no care exactly what the failure was */
 int Curl_input_negotiate(struct connectdata *conn, bool proxy,
                          const char *header)
 {
-  struct negotiatedata *neg_ctx = proxy?&conn->data->state.proxyneg:
-    &conn->data->state.negotiate;
-  OM_uint32 major_status, minor_status, minor_status2;
+  struct SessionHandle *data = conn->data;
+  struct negotiatedata *neg_ctx = proxy?&data->state.proxyneg:
+    &data->state.negotiate;
+  OM_uint32 major_status, minor_status, discard_st;
   gss_buffer_desc input_token = GSS_C_EMPTY_BUFFER;
   gss_buffer_desc output_token = GSS_C_EMPTY_BUFFER;
   int ret;
   size_t len;
+  size_t rawlen = 0;
   bool gss;
   const char* protocol;
+  CURLcode error;
 
-  while(*header && ISSPACE(*header))
-    header++;
   if(checkprefix("GSS-Negotiate", header)) {
     protocol = "GSS-Negotiate";
     gss = TRUE;
@@ -153,10 +167,10 @@ int Curl_input_negotiate(struct connectdata *conn, bool proxy,
   }
 
   if(neg_ctx->context && neg_ctx->status == GSS_S_COMPLETE) {
-    /* We finished succesfully our part of authentication, but server
+    /* We finished successfully our part of authentication, but server
      * rejected it (since we're again here). Exit with an error since we
      * can't invent anything better */
-    Curl_cleanup_negotiate(conn->data);
+    Curl_cleanup_negotiate(data);
     return -1;
   }
 
@@ -170,83 +184,87 @@ int Curl_input_negotiate(struct connectdata *conn, bool proxy,
 
   len = strlen(header);
   if(len > 0) {
-    int rawlen = Curl_base64_decode(header,
-                                    (unsigned char **)&input_token.value);
-    if(rawlen < 0)
+    error = Curl_base64_decode(header,
+                               (unsigned char **)&input_token.value, &rawlen);
+    if(error || rawlen == 0)
       return -1;
     input_token.length = rawlen;
 
+    DEBUGASSERT(input_token.value != NULL);
+
 #ifdef HAVE_SPNEGO /* Handle SPNEGO */
     if(checkprefix("Negotiate", header)) {
-        ASN1_OBJECT *   object            = NULL;
-        int             rc                = 1;
-        unsigned char * spnegoToken       = NULL;
-        size_t          spnegoTokenLength = 0;
-        unsigned char * mechToken         = NULL;
-        size_t          mechTokenLength   = 0;
-
-        spnegoToken = malloc(input_token.length);
-        if(input_token.value == NULL)
-          return ENOMEM;
-        spnegoTokenLength = input_token.length;
-
-        object = OBJ_txt2obj ("1.2.840.113554.1.2.2", 1);
-        if(!parseSpnegoTargetToken(spnegoToken,
-                                    spnegoTokenLength,
-                                    NULL,
-                                    NULL,
-                                    &mechToken,
-                                    &mechTokenLength,
-                                    NULL,
-                                    NULL)) {
-          free(spnegoToken);
-          spnegoToken = NULL;
-          infof(conn->data, "Parse SPNEGO Target Token failed\n");
-        }
-        else {
-          free(input_token.value);
-          input_token.value = NULL;
-          input_token.value = malloc(mechTokenLength);
-          memcpy(input_token.value, mechToken,mechTokenLength);
-          input_token.length = mechTokenLength;
-          free(mechToken);
-          mechToken = NULL;
-          infof(conn->data, "Parse SPNEGO Target Token succeeded\n");
+      unsigned char  *spnegoToken       = NULL;
+      size_t          spnegoTokenLength = 0;
+      gss_buffer_desc mechToken         = GSS_C_EMPTY_BUFFER;
+
+      spnegoToken = malloc(input_token.length);
+      if(spnegoToken == NULL) {
+        Curl_safefree(input_token.value);
+        return CURLE_OUT_OF_MEMORY;
+      }
+      memcpy(spnegoToken, input_token.value, input_token.length);
+      spnegoTokenLength = input_token.length;
+
+      if(!parseSpnegoTargetToken(spnegoToken,
+                                 spnegoTokenLength,
+                                 NULL,
+                                 NULL,
+                                 (unsigned char**)&mechToken.value,
+                                 &mechToken.length,
+                                 NULL,
+                                 NULL)) {
+        Curl_safefree(spnegoToken);
+        infof(data, "Parse SPNEGO Target Token failed\n");
+      }
+      else if(!mechToken.value || !mechToken.length) {
+        Curl_safefree(spnegoToken);
+        if(mechToken.value)
+          gss_release_buffer(&discard_st, &mechToken);
+        infof(data, "Parse SPNEGO Target Token succeeded (NULL token)\n");
+      }
+      else {
+        Curl_safefree(spnegoToken);
+        Curl_safefree(input_token.value);
+        input_token.value = malloc(mechToken.length);
+        if(input_token.value == NULL) {
+          gss_release_buffer(&discard_st, &mechToken);
+          return CURLE_OUT_OF_MEMORY;
         }
+        memcpy(input_token.value, mechToken.value, mechToken.length);
+        input_token.length = mechToken.length;
+        gss_release_buffer(&discard_st, &mechToken);
+        infof(data, "Parse SPNEGO Target Token succeeded\n");
+      }
     }
 #endif
   }
 
-  major_status = gss_init_sec_context(&minor_status,
-                                      GSS_C_NO_CREDENTIAL,
-                                      &neg_ctx->context,
-                                      neg_ctx->server_name,
-                                      GSS_C_NO_OID,
-                                      GSS_C_DELEG_FLAG,
-                                      0,
-                                      GSS_C_NO_CHANNEL_BINDINGS,
-                                      &input_token,
-                                      NULL,
-                                      &output_token,
-                                      NULL,
-                                      NULL);
-  if(input_token.length > 0)
-    gss_release_buffer(&minor_status2, &input_token);
+  major_status = Curl_gss_init_sec_context(data,
+                                           &minor_status,
+                                           &neg_ctx->context,
+                                           neg_ctx->server_name,
+                                           GSS_C_NO_CHANNEL_BINDINGS,
+                                           &input_token,
+                                           &output_token,
+                                           NULL);
+  Curl_safefree(input_token.value);
+
   neg_ctx->status = major_status;
   if(GSS_ERROR(major_status)) {
-    /* Curl_cleanup_negotiate(conn->data) ??? */
-    log_gss_error(conn, minor_status,
-                  (char *)"gss_init_sec_context() failed: ");
+    if(output_token.value)
+      gss_release_buffer(&discard_st, &output_token);
+    log_gss_error(conn, minor_status, "gss_init_sec_context() failed: ");
     return -1;
   }
 
-  if(output_token.length == 0) {
+  if(!output_token.value || !output_token.length) {
+    if(output_token.value)
+      gss_release_buffer(&discard_st, &output_token);
     return -1;
   }
 
   neg_ctx->output_token = output_token;
-  /* conn->bits.close = FALSE; */
-
   return 0;
 }
 
@@ -255,62 +273,91 @@ CURLcode Curl_output_negotiate(struct connectdata *conn, bool proxy)
 {
   struct negotiatedata *neg_ctx = proxy?&conn->data->state.proxyneg:
     &conn->data->state.negotiate;
-  OM_uint32 minor_status;
   char *encoded = NULL;
-  int len;
+  size_t len = 0;
+  char *userp;
+  CURLcode error;
+  OM_uint32 discard_st;
 
 #ifdef HAVE_SPNEGO /* Handle SPNEGO */
   if(checkprefix("Negotiate", neg_ctx->protocol)) {
-    ASN1_OBJECT *   object            = NULL;
-    int             rc                = 1;
-    unsigned char * spnegoToken       = NULL;
-    size_t          spnegoTokenLength = 0;
-    unsigned char * responseToken       = NULL;
+    ASN1_OBJECT    *object              = NULL;
+    unsigned char  *responseToken       = NULL;
     size_t          responseTokenLength = 0;
+    gss_buffer_desc spnegoToken         = GSS_C_EMPTY_BUFFER;
 
     responseToken = malloc(neg_ctx->output_token.length);
-    if( responseToken == NULL)
+    if(responseToken == NULL)
       return CURLE_OUT_OF_MEMORY;
     memcpy(responseToken, neg_ctx->output_token.value,
            neg_ctx->output_token.length);
     responseTokenLength = neg_ctx->output_token.length;
 
-    object=OBJ_txt2obj ("1.2.840.113554.1.2.2", 1);
-    if(!makeSpnegoInitialToken (object,
-                                 responseToken,
-                                 responseTokenLength,
-                                 &spnegoToken,
-                                 &spnegoTokenLength)) {
-      free(responseToken);
-      responseToken = NULL;
+    object = OBJ_txt2obj("1.2.840.113554.1.2.2", 1);
+    if(!object) {
+      Curl_safefree(responseToken);
+      return CURLE_OUT_OF_MEMORY;
+    }
+
+    if(!makeSpnegoInitialToken(object,
+                               responseToken,
+                               responseTokenLength,
+                               (unsigned char**)&spnegoToken.value,
+                               &spnegoToken.length)) {
+      Curl_safefree(responseToken);
+      ASN1_OBJECT_free(object);
       infof(conn->data, "Make SPNEGO Initial Token failed\n");
     }
+    else if(!spnegoToken.value || !spnegoToken.length) {
+      Curl_safefree(responseToken);
+      ASN1_OBJECT_free(object);
+      if(spnegoToken.value)
+        gss_release_buffer(&discard_st, &spnegoToken);
+      infof(conn->data, "Make SPNEGO Initial Token succeeded (NULL token)\n");
+    }
     else {
-      free(neg_ctx->output_token.value);
-      responseToken = NULL;
-      neg_ctx->output_token.value = malloc(spnegoTokenLength);
-      memcpy(neg_ctx->output_token.value, spnegoToken,spnegoTokenLength);
-      neg_ctx->output_token.length = spnegoTokenLength;
-      free(spnegoToken);
-      spnegoToken = NULL;
+      Curl_safefree(responseToken);
+      ASN1_OBJECT_free(object);
+      gss_release_buffer(&discard_st, &neg_ctx->output_token);
+      neg_ctx->output_token.value = spnegoToken.value;
+      neg_ctx->output_token.length = spnegoToken.length;
       infof(conn->data, "Make SPNEGO Initial Token succeeded\n");
     }
   }
 #endif
-  len = Curl_base64_encode(conn->data,
-                           neg_ctx->output_token.value,
-                           neg_ctx->output_token.length,
-                           &encoded);
-
-  if(len == 0)
-    return CURLE_OUT_OF_MEMORY;
-
-  conn->allocptr.userpwd =
-    aprintf("%sAuthorization: %s %s\r\n", proxy ? "Proxy-" : "",
-            neg_ctx->protocol, encoded);
-  free(encoded);
-  gss_release_buffer(&minor_status, &neg_ctx->output_token);
-  return (conn->allocptr.userpwd == NULL) ? CURLE_OUT_OF_MEMORY : CURLE_OK;
+  error = Curl_base64_encode(conn->data,
+                             neg_ctx->output_token.value,
+                             neg_ctx->output_token.length,
+                             &encoded, &len);
+  if(error) {
+    gss_release_buffer(&discard_st, &neg_ctx->output_token);
+    neg_ctx->output_token.value = NULL;
+    neg_ctx->output_token.length = 0;
+    return error;
+  }
+
+  if(!encoded || !len) {
+    gss_release_buffer(&discard_st, &neg_ctx->output_token);
+    neg_ctx->output_token.value = NULL;
+    neg_ctx->output_token.length = 0;
+    return CURLE_REMOTE_ACCESS_DENIED;
+  }
+
+  userp = aprintf("%sAuthorization: %s %s\r\n", proxy ? "Proxy-" : "",
+                  neg_ctx->protocol, encoded);
+  if(proxy) {
+    Curl_safefree(conn->allocptr.proxyuserpwd);
+    conn->allocptr.proxyuserpwd = userp;
+  }
+  else {
+    Curl_safefree(conn->allocptr.userpwd);
+    conn->allocptr.userpwd = userp;
+  }
+
+  Curl_safefree(encoded);
+  Curl_cleanup_negotiate(conn->data);
+
+  return (userp == NULL) ? CURLE_OUT_OF_MEMORY : CURLE_OK;
 }
 
 static void cleanup(struct negotiatedata *neg_ctx)
@@ -319,7 +366,7 @@ static void cleanup(struct negotiatedata *neg_ctx)
   if(neg_ctx->context != GSS_C_NO_CONTEXT)
     gss_delete_sec_context(&minor_status, &neg_ctx->context, GSS_C_NO_BUFFER);
 
-  if(neg_ctx->output_token.length != 0)
+  if(neg_ctx->output_token.value)
     gss_release_buffer(&minor_status, &neg_ctx->output_token);
 
   if(neg_ctx->server_name != GSS_C_NO_NAME)