lib/http_negotiate.c

   1 /***************************************************************************
   2  *                                  _   _ ____  _
   3  *  Project                     ___| | | |  _ \| |
   4  *                             / __| | | | |_) | |
   5  *                            | (__| |_| |  _ <| |___
   6  *                             \___|\___/|_| \_\_____|
   7  *
   8  * Copyright (C) 1998 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al.
   9  *
  10  * This software is licensed as described in the file COPYING, which
  11  * you should have received as part of this distribution. The terms
  12  * are also available at http://curl.haxx.se/docs/copyright.html.
  13  *
  14  * You may opt to use, copy, modify, merge, publish, distribute and/or sell
  15  * copies of the Software, and permit persons to whom the Software is
  16  * furnished to do so, under the terms of the COPYING file.
  17  *
  18  * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
  19  * KIND, either express or implied.
  20  *
  21  ***************************************************************************/
  22
  23 #include "curl_setup.h"
  24
  25 #ifdef HAVE_GSSAPI
  26
  27 #if !defined(CURL_DISABLE_HTTP) && defined(USE_SPNEGO)
  28
  29 #ifdef HAVE_OLD_GSSMIT
  30 #define GSS_C_NT_HOSTBASED_SERVICE gss_nt_service_name
  31 #define NCOMPAT 1
  32 #endif
  33
  34 #include "urldata.h"
  35 #include "sendf.h"
  36 #include "curl_gssapi.h"
  37 #include "rawstr.h"
  38 #include "curl_base64.h"
  39 #include "http_negotiate.h"
  40 #include "curl_memory.h"
  41 #include "url.h"
  42
  43 #define _MPRINTF_REPLACE /* use our functions only */
  44 #include <curl/mprintf.h>
  45
  46 /* The last #include file should be: */
  47 #include "memdebug.h"
  48
  49 static int
  50 get_gss_name(struct connectdata *conn, bool proxy, gss_name_t *server)
  51 {
  52   OM_uint32 major_status, minor_status;
  53   gss_buffer_desc token = GSS_C_EMPTY_BUFFER;
  54   char name[2048];
  55   const char* service = "HTTP";
  56
  57   token.length = strlen(service) + 1 + strlen(proxy ? conn->proxy.name :
  58                                               conn->host.name) + 1;
  59   if(token.length + 1 > sizeof(name))
  60     return EMSGSIZE;
  61
  62   snprintf(name, sizeof(name), "%s@%s", service, proxy ? conn->proxy.name :
  63            conn->host.name);
  64
  65   token.value = (void *) name;
  66   major_status = gss_import_name(&minor_status,
  67                                  &token,
  68                                  GSS_C_NT_HOSTBASED_SERVICE,
  69                                  server);
  70
  71   return GSS_ERROR(major_status) ? -1 : 0;
  72 }
  73
  74 /* returning zero (0) means success, everything else is treated as "failure"
  75    with no care exactly what the failure was */
  76 int Curl_input_negotiate(struct connectdata *conn, bool proxy,
  77                          const char *header)
  78 {
  79   struct SessionHandle *data = conn->data;
  80   struct negotiatedata *neg_ctx = proxy?&data->state.proxyneg:
  81     &data->state.negotiate;
  82   OM_uint32 major_status, minor_status, discard_st;
  83   gss_buffer_desc input_token = GSS_C_EMPTY_BUFFER;
  84   gss_buffer_desc output_token = GSS_C_EMPTY_BUFFER;
  85   int ret;
  86   size_t len;
  87   size_t rawlen = 0;
  88   CURLcode result;
  89
  90   if(neg_ctx->context && neg_ctx->status == GSS_S_COMPLETE) {
  91     /* We finished successfully our part of authentication, but server
  92      * rejected it (since we're again here). Exit with an error since we
  93      * can't invent anything better */
  94     Curl_cleanup_negotiate(data);
  95     return -1;
  96   }
  97
  98   if(neg_ctx->server_name == NULL &&
  99       (ret = get_gss_name(conn, proxy, &neg_ctx->server_name)))
 100     return ret;
 101
 102   header += strlen("Negotiate");
 103   while(*header && ISSPACE(*header))
 104     header++;
 105
 106   len = strlen(header);
 107   if(len > 0) {
 108     result = Curl_base64_decode(header, (unsigned char **)&input_token.value,
 109                                 &rawlen);
 110     if(result || rawlen == 0)
 111       return -1;
 112     input_token.length = rawlen;
 113
 114     DEBUGASSERT(input_token.value != NULL);
 115   }
 116
 117   major_status = Curl_gss_init_sec_context(data,
 118                                            &minor_status,
 119                                            &neg_ctx->context,
 120                                            neg_ctx->server_name,
 121                                            &Curl_spnego_mech_oid,
 122                                            GSS_C_NO_CHANNEL_BINDINGS,
 123                                            &input_token,
 124                                            &output_token,
 125                                            TRUE,
 126                                            NULL);
 127   Curl_safefree(input_token.value);
 128
 129   neg_ctx->status = major_status;
 130   if(GSS_ERROR(major_status)) {
 131     if(output_token.value)
 132       gss_release_buffer(&discard_st, &output_token);
 133     Curl_gss_log_error(conn->data, minor_status,
 134                        "gss_init_sec_context() failed: ");
 135     return -1;
 136   }
 137
 138   if(!output_token.value || !output_token.length) {
 139     if(output_token.value)
 140       gss_release_buffer(&discard_st, &output_token);
 141     return -1;
 142   }
 143
 144   neg_ctx->output_token = output_token;
 145   return 0;
 146 }
 147
 148
 149 CURLcode Curl_output_negotiate(struct connectdata *conn, bool proxy)
 150 {
 151   struct negotiatedata *neg_ctx = proxy?&conn->data->state.proxyneg:
 152     &conn->data->state.negotiate;
 153   char *encoded = NULL;
 154   size_t len = 0;
 155   char *userp;
 156   CURLcode result;
 157   OM_uint32 discard_st;
 158
 159   result = Curl_base64_encode(conn->data,
 160                               neg_ctx->output_token.value,
 161                               neg_ctx->output_token.length,
 162                               &encoded, &len);
 163   if(result) {
 164     gss_release_buffer(&discard_st, &neg_ctx->output_token);
 165     neg_ctx->output_token.value = NULL;
 166     neg_ctx->output_token.length = 0;
 167     return result;
 168   }
 169
 170   if(!encoded || !len) {
 171     gss_release_buffer(&discard_st, &neg_ctx->output_token);
 172     neg_ctx->output_token.value = NULL;
 173     neg_ctx->output_token.length = 0;
 174     return CURLE_REMOTE_ACCESS_DENIED;
 175   }
 176
 177   userp = aprintf("%sAuthorization: Negotiate %s\r\n", proxy ? "Proxy-" : "",
 178                   encoded);
 179   if(proxy) {
 180     Curl_safefree(conn->allocptr.proxyuserpwd);
 181     conn->allocptr.proxyuserpwd = userp;
 182   }
 183   else {
 184     Curl_safefree(conn->allocptr.userpwd);
 185     conn->allocptr.userpwd = userp;
 186   }
 187
 188   Curl_safefree(encoded);
 189
 190   return (userp == NULL) ? CURLE_OUT_OF_MEMORY : CURLE_OK;
 191 }
 192
 193 static void cleanup(struct negotiatedata *neg_ctx)
 194 {
 195   OM_uint32 minor_status;
 196   if(neg_ctx->context != GSS_C_NO_CONTEXT)
 197     gss_delete_sec_context(&minor_status, &neg_ctx->context, GSS_C_NO_BUFFER);
 198
 199   if(neg_ctx->output_token.value)
 200     gss_release_buffer(&minor_status, &neg_ctx->output_token);
 201
 202   if(neg_ctx->server_name != GSS_C_NO_NAME)
 203     gss_release_name(&minor_status, &neg_ctx->server_name);
 204
 205   memset(neg_ctx, 0, sizeof(*neg_ctx));
 206 }
 207
 208 void Curl_cleanup_negotiate(struct SessionHandle *data)
 209 {
 210   cleanup(&data->state.negotiate);
 211   cleanup(&data->state.proxyneg);
 212 }
 213
 214 #endif /* !CURL_DISABLE_HTTP && USE_SPNEGO */
 215
 216 #endif /* HAVE_GSSAPI */