projects / external / curl.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
tizen 2.3.1 release
[external/curl.git] / lib / krb5.c
diff --git a/lib/krb5.c b/lib/krb5.c
index cedab16..f0cb3f1 100644 (file)
--- a/lib/krb5.c
+++ b/lib/krb5.c
@@ -1,8 +1,8 @@
 /* GSSAPI/krb5 support for FTP - loosely based on old krb4.c
  *
- * Copyright (c) 1995, 1996, 1997, 1998, 1999, 2010 Kungliga Tekniska Högskolan
+ * Copyright (c) 1995, 1996, 1997, 1998, 1999, 2013 Kungliga Tekniska Högskolan
  * (Royal Institute of Technology, Stockholm, Sweden).
- * Copyright (c) 2004 - 2009 Daniel Stenberg
+ * Copyright (c) 2004 - 2015 Daniel Stenberg
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
@@ -32,39 +32,22 @@
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.  */
 
-#include "setup.h"
+#include "curl_setup.h"
 
-#ifndef CURL_DISABLE_FTP
-#ifdef HAVE_GSSAPI
+#if defined(HAVE_GSSAPI) && !defined(CURL_DISABLE_FTP)
 
-#ifdef HAVE_OLD_GSSMIT
-#define GSS_C_NT_HOSTBASED_SERVICE gss_nt_service_name
-#endif
-
-#include <stdlib.h>
 #ifdef HAVE_NETDB_H
 #include <netdb.h>
 #endif
-#include <string.h>
-
-#ifdef HAVE_GSSGNU
-#  include <gss.h>
-#elif defined HAVE_GSSMIT
-   /* MIT style */
-#  include <gssapi/gssapi.h>
-#  include <gssapi/gssapi_generic.h>
-#  include <gssapi/gssapi_krb5.h>
-#else
-   /* Heimdal-style */
-#  include <gssapi.h>
-#endif
 
 #include "urldata.h"
 #include "curl_base64.h"
 #include "ftp.h"
+#include "curl_gssapi.h"
 #include "sendf.h"
-#include "krb4.h"
+#include "curl_sec.h"
 #include "curl_memory.h"
+#include "warnless.h"
 
 #define _MPRINTF_REPLACE /* use our functions only */
 #include <curl/mprintf.h>
@@ -94,16 +77,16 @@ krb5_check_prot(void *app_data, int level)
 }
 
 static int
-krb5_decode(void *app_data, void *buf, int len, int level,
-            struct connectdata *conn)
+krb5_decode(void *app_data, void *buf, int len,
+            int level UNUSED_PARAM,
+            struct connectdata *conn UNUSED_PARAM)
 {
   gss_ctx_id_t *context = app_data;
   OM_uint32 maj, min;
   gss_buffer_desc enc, dec;
 
-  /* shut gcc up */
-  level = 0;
-  conn = NULL;
+  (void)level;
+  (void)conn;
 
   enc.value = buf;
   enc.length = len;
@@ -115,7 +98,7 @@ krb5_decode(void *app_data, void *buf, int len, int level,
   }
 
   memcpy(buf, dec.value, dec.length);
-  len = dec.length;
+  len = curlx_uztosi(dec.length);
   gss_release_buffer(&min, &dec);
 
   return len;
@@ -124,16 +107,15 @@ krb5_decode(void *app_data, void *buf, int len, int level,
 static int
 krb5_overhead(void *app_data, int level, int len)
 {
-  /* no arguments are used, just init them to prevent compiler warnings */
-  app_data = NULL;
-  level = 0;
-  len = 0;
+  /* no arguments are used */
+  (void)app_data;
+  (void)level;
+  (void)len;
   return 0;
 }
 
 static int
-krb5_encode(void *app_data, const void *from, int length, int level, void **to,
-            struct connectdata *conn)
+krb5_encode(void *app_data, const void *from, int length, int level, void **to)
 {
   gss_ctx_id_t *context = app_data;
   gss_buffer_desc dec, enc;
@@ -141,9 +123,6 @@ krb5_encode(void *app_data, const void *from, int length, int level, void **to,
   int state;
   int len;
 
-  /* shut gcc up */
-  conn = NULL;
-
   /* NOTE that the cast is safe, neither of the krb5, gnu gss and heimdal
    * libraries modify the input buffer in gss_seal()
    */
@@ -157,12 +136,13 @@ krb5_encode(void *app_data, const void *from, int length, int level, void **to,
   if(maj != GSS_S_COMPLETE)
     return -1;
 
-  /* malloc a new buffer, in case gss_release_buffer doesn't work as expected */
+  /* malloc a new buffer, in case gss_release_buffer doesn't work as
+     expected */
   *to = malloc(enc.length);
   if(!*to)
     return -1;
   memcpy(*to, enc.value, enc.length);
-  len = enc.length;
+  len = curlx_uztosi(enc.length);
   gss_release_buffer(&min, &enc);
   return len;
 }
@@ -183,6 +163,7 @@ krb5_auth(void *app_data, struct connectdata *conn)
   gss_name_t gssname;
   gss_ctx_id_t *context = app_data;
   struct gss_channel_bindings_struct chan;
+  size_t base64_sz = 0;
 
   if(getsockname(conn->sock[FIRSTSOCKET],
                  (struct sockaddr *)LOCAL_ADDR, &l) < 0)
@@ -200,7 +181,7 @@ krb5_auth(void *app_data, struct connectdata *conn)
   chan.application_data.value = NULL;
 
   /* this loop will execute twice (once for service, once for host) */
-  while(1) {
+  for(;;) {
     /* this really shouldn't be repeated here, but can't help it */
     if(service == srv_host) {
       result = Curl_ftpsendf(conn, "AUTH GSSAPI");
@@ -222,7 +203,8 @@ krb5_auth(void *app_data, struct connectdata *conn)
     if(maj != GSS_S_COMPLETE) {
       gss_release_name(&min, &gssname);
       if(service == srv_host) {
-        Curl_failf(data, "Error importing service name %s", input_buffer.value);
+        Curl_failf(data, "Error importing service name %s",
+                   input_buffer.value);
         return AUTH_ERROR;
       }
       service = srv_host;
@@ -240,19 +222,16 @@ krb5_auth(void *app_data, struct connectdata *conn)
          taken care by a final gss_release_buffer. */
       gss_release_buffer(&min, &output_buffer);
       ret = AUTH_OK;
-      maj = gss_init_sec_context(&min,
-                                 GSS_C_NO_CREDENTIAL,
-                                 context,
-                                 gssname,
-                                 GSS_C_NO_OID,
-                                 GSS_C_MUTUAL_FLAG | GSS_C_REPLAY_FLAG,
-                                 0,
-                                 &chan,
-                                 gssresp,
-                                 NULL,
-                                 &output_buffer,
-                                 NULL,
-                                 NULL);
+      maj = Curl_gss_init_sec_context(data,
+                                      &min,
+                                      context,
+                                      gssname,
+                                      &Curl_krb5_mech_oid,
+                                      &chan,
+                                      gssresp,
+                                      &output_buffer,
+                                      TRUE,
+                                      NULL);
 
       if(gssresp) {
         free(_gssresp.value);
@@ -266,9 +245,10 @@ krb5_auth(void *app_data, struct connectdata *conn)
       }
 
       if(output_buffer.length != 0) {
-        if(Curl_base64_encode(data, (char *)output_buffer.value,
-                              output_buffer.length, &p) < 1) {
-          Curl_infof(data, "Out of memory base64-encoding\n");
+        result = Curl_base64_encode(data, (char *)output_buffer.value,
+                                    output_buffer.length, &p, &base64_sz);
+        if(result) {
+          Curl_infof(data,"base64-encoding: %s\n", curl_easy_strerror(result));
           ret = AUTH_CONTINUE;
           break;
         }
@@ -287,7 +267,7 @@ krb5_auth(void *app_data, struct connectdata *conn)
           break;
         }
 
-        if(data->state.buffer[0] != '2' && data->state.buffer[0] != '3'){
+        if(data->state.buffer[0] != '2' && data->state.buffer[0] != '3') {
           Curl_infof(data, "Server didn't accept auth data\n");
           ret = AUTH_ERROR;
           break;
@@ -296,10 +276,11 @@ krb5_auth(void *app_data, struct connectdata *conn)
         p = data->state.buffer + 4;
         p = strstr(p, "ADAT=");
         if(p) {
-          _gssresp.length = Curl_base64_decode(p + 5, (unsigned char **)
-                                               &_gssresp.value);
-          if(_gssresp.length < 1) {
-            Curl_failf(data, "Out of memory base64-encoding\n");
+          result = Curl_base64_decode(p + 5,
+                                      (unsigned char **)&_gssresp.value,
+                                      &_gssresp.length);
+          if(result) {
+            Curl_failf(data,"base64-decoding: %s", curl_easy_strerror(result));
             ret = AUTH_CONTINUE;
             break;
           }
@@ -325,10 +306,13 @@ krb5_auth(void *app_data, struct connectdata *conn)
 
 static void krb5_end(void *app_data)
 {
-    OM_uint32 maj, min;
+    OM_uint32 min;
     gss_ctx_id_t *context = app_data;
-    if (*context != GSS_C_NO_CONTEXT) {
-      maj = gss_delete_sec_context(&min, context, GSS_C_NO_BUFFER);
+    if(*context != GSS_C_NO_CONTEXT) {
+#ifdef DEBUGBUILD
+      OM_uint32 maj =
+#endif
+      gss_delete_sec_context(&min, context, GSS_C_NO_BUFFER);
       DEBUGASSERT(maj == GSS_S_COMPLETE);
     }
 }
@@ -345,5 +329,4 @@ struct Curl_sec_client_mech Curl_krb5_client_mech = {
     krb5_decode
 };
 
-#endif /* HAVE_GSSAPI */
-#endif /* CURL_DISABLE_FTP */
+#endif /* HAVE_GSSAPI && !CURL_DISABLE_FTP */
Domain: Network & Connectivity / Data Network;