lib/http_negotiate.c

   1 /***************************************************************************
   2  *                                  _   _ ____  _
   3  *  Project                     ___| | | |  _ \| |
   4  *                             / __| | | | |_) | |
   5  *                            | (__| |_| |  _ <| |___
   6  *                             \___|\___/|_| \_\_____|
   7  *
   8  * Copyright (C) 1998 - 2015, Daniel Stenberg, <daniel@haxx.se>, et al.
   9  *
  10  * This software is licensed as described in the file COPYING, which
  11  * you should have received as part of this distribution. The terms
  12  * are also available at http://curl.haxx.se/docs/copyright.html.
  13  *
  14  * You may opt to use, copy, modify, merge, publish, distribute and/or sell
  15  * copies of the Software, and permit persons to whom the Software is
  16  * furnished to do so, under the terms of the COPYING file.
  17  *
  18  * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
  19  * KIND, either express or implied.
  20  *
  21  ***************************************************************************/
  22
  23 #include "curl_setup.h"
  24
  25 #if defined(HAVE_GSSAPI) && !defined(CURL_DISABLE_HTTP) && defined(USE_SPNEGO)
  26
  27 #include "urldata.h"
  28 #include "sendf.h"
  29 #include "curl_gssapi.h"
  30 #include "rawstr.h"
  31 #include "curl_base64.h"
  32 #include "http_negotiate.h"
  33 #include "curl_memory.h"
  34 #include "url.h"
  35
  36 #define _MPRINTF_REPLACE /* use our functions only */
  37 #include <curl/mprintf.h>
  38
  39 /* The last #include file should be: */
  40 #include "memdebug.h"
  41
  42 static int
  43 get_gss_name(struct connectdata *conn, bool proxy, gss_name_t *server)
  44 {
  45   OM_uint32 major_status, minor_status;
  46   gss_buffer_desc token = GSS_C_EMPTY_BUFFER;
  47   char name[2048];
  48   const char* service = "HTTP";
  49
  50   token.length = strlen(service) + 1 + strlen(proxy ? conn->proxy.name :
  51                                               conn->host.name) + 1;
  52   if(token.length + 1 > sizeof(name))
  53     return EMSGSIZE;
  54
  55   snprintf(name, sizeof(name), "%s@%s", service, proxy ? conn->proxy.name :
  56            conn->host.name);
  57
  58   token.value = (void *) name;
  59   major_status = gss_import_name(&minor_status,
  60                                  &token,
  61                                  GSS_C_NT_HOSTBASED_SERVICE,
  62                                  server);
  63
  64   return GSS_ERROR(major_status) ? -1 : 0;
  65 }
  66
  67 /* returning zero (0) means success, everything else is treated as "failure"
  68    with no care exactly what the failure was */
  69 int Curl_input_negotiate(struct connectdata *conn, bool proxy,
  70                          const char *header)
  71 {
  72   struct SessionHandle *data = conn->data;
  73   struct negotiatedata *neg_ctx = proxy?&data->state.proxyneg:
  74     &data->state.negotiate;
  75   OM_uint32 major_status, minor_status, discard_st;
  76   gss_buffer_desc input_token = GSS_C_EMPTY_BUFFER;
  77   gss_buffer_desc output_token = GSS_C_EMPTY_BUFFER;
  78   int ret;
  79   size_t len;
  80   size_t rawlen = 0;
  81   CURLcode result;
  82
  83   if(neg_ctx->context && neg_ctx->status == GSS_S_COMPLETE) {
  84     /* We finished successfully our part of authentication, but server
  85      * rejected it (since we're again here). Exit with an error since we
  86      * can't invent anything better */
  87     Curl_cleanup_negotiate(data);
  88     return -1;
  89   }
  90
  91   if(neg_ctx->server_name == NULL &&
  92       (ret = get_gss_name(conn, proxy, &neg_ctx->server_name)))
  93     return ret;
  94
  95   header += strlen("Negotiate");
  96   while(*header && ISSPACE(*header))
  97     header++;
  98
  99   len = strlen(header);
 100   if(len > 0) {
 101     result = Curl_base64_decode(header, (unsigned char **)&input_token.value,
 102                                 &rawlen);
 103     if(result || rawlen == 0)
 104       return -1;
 105     input_token.length = rawlen;
 106
 107     DEBUGASSERT(input_token.value != NULL);
 108   }
 109
 110   major_status = Curl_gss_init_sec_context(data,
 111                                            &minor_status,
 112                                            &neg_ctx->context,
 113                                            neg_ctx->server_name,
 114                                            &Curl_spnego_mech_oid,
 115                                            GSS_C_NO_CHANNEL_BINDINGS,
 116                                            &input_token,
 117                                            &output_token,
 118                                            TRUE,
 119                                            NULL);
 120   Curl_safefree(input_token.value);
 121
 122   neg_ctx->status = major_status;
 123   if(GSS_ERROR(major_status)) {
 124     if(output_token.value)
 125       gss_release_buffer(&discard_st, &output_token);
 126     Curl_gss_log_error(conn->data, minor_status,
 127                        "gss_init_sec_context() failed: ");
 128     return -1;
 129   }
 130
 131   if(!output_token.value || !output_token.length) {
 132     if(output_token.value)
 133       gss_release_buffer(&discard_st, &output_token);
 134     return -1;
 135   }
 136
 137   neg_ctx->output_token = output_token;
 138   return 0;
 139 }
 140
 141
 142 CURLcode Curl_output_negotiate(struct connectdata *conn, bool proxy)
 143 {
 144   struct negotiatedata *neg_ctx = proxy?&conn->data->state.proxyneg:
 145     &conn->data->state.negotiate;
 146   char *encoded = NULL;
 147   size_t len = 0;
 148   char *userp;
 149   CURLcode result;
 150   OM_uint32 discard_st;
 151
 152   result = Curl_base64_encode(conn->data,
 153                               neg_ctx->output_token.value,
 154                               neg_ctx->output_token.length,
 155                               &encoded, &len);
 156   if(result) {
 157     gss_release_buffer(&discard_st, &neg_ctx->output_token);
 158     neg_ctx->output_token.value = NULL;
 159     neg_ctx->output_token.length = 0;
 160     return result;
 161   }
 162
 163   if(!encoded || !len) {
 164     gss_release_buffer(&discard_st, &neg_ctx->output_token);
 165     neg_ctx->output_token.value = NULL;
 166     neg_ctx->output_token.length = 0;
 167     return CURLE_REMOTE_ACCESS_DENIED;
 168   }
 169
 170   userp = aprintf("%sAuthorization: Negotiate %s\r\n", proxy ? "Proxy-" : "",
 171                   encoded);
 172   if(proxy) {
 173     Curl_safefree(conn->allocptr.proxyuserpwd);
 174     conn->allocptr.proxyuserpwd = userp;
 175   }
 176   else {
 177     Curl_safefree(conn->allocptr.userpwd);
 178     conn->allocptr.userpwd = userp;
 179   }
 180
 181   Curl_safefree(encoded);
 182
 183   return (userp == NULL) ? CURLE_OUT_OF_MEMORY : CURLE_OK;
 184 }
 185
 186 static void cleanup(struct negotiatedata *neg_ctx)
 187 {
 188   OM_uint32 minor_status;
 189   if(neg_ctx->context != GSS_C_NO_CONTEXT)
 190     gss_delete_sec_context(&minor_status, &neg_ctx->context, GSS_C_NO_BUFFER);
 191
 192   if(neg_ctx->output_token.value)
 193     gss_release_buffer(&minor_status, &neg_ctx->output_token);
 194
 195   if(neg_ctx->server_name != GSS_C_NO_NAME)
 196     gss_release_name(&minor_status, &neg_ctx->server_name);
 197
 198   memset(neg_ctx, 0, sizeof(*neg_ctx));
 199 }
 200
 201 void Curl_cleanup_negotiate(struct SessionHandle *data)
 202 {
 203   cleanup(&data->state.negotiate);
 204   cleanup(&data->state.proxyneg);
 205 }
 206
 207 #endif /* HAVE_GSSAPI && !CURL_DISABLE_HTTP && USE_SPNEGO */