* | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____|
*
- * Copyright (C) 2014, Steve Holme, <steve_holme@hotmail.com>.
+ * Copyright (C) 2014 - 2016, Steve Holme, <steve_holme@hotmail.com>.
+ * Copyright (C) 2015, Daniel Stenberg, <daniel@haxx.se>, et al.
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
- * are also available at http://curl.haxx.se/docs/copyright.html.
+ * are also available at https://curl.haxx.se/docs/copyright.html.
*
* You may opt to use, copy, modify, merge, publish, distribute and/or sell
* copies of the Software, and permit persons to whom the Software is
#if defined(HAVE_GSSAPI) && defined(USE_KERBEROS5)
-#ifdef HAVE_OLD_GSSMIT
-#define GSS_C_NT_HOSTBASED_SERVICE gss_nt_service_name
-#define NCOMPAT 1
-#endif
-
-#define GSSAUTH_P_NONE 1
-#define GSSAUTH_P_INTEGRITY 2
-#define GSSAUTH_P_PRIVACY 4
-
#include <curl/curl.h>
#include "curl_sasl.h"
#include "urldata.h"
#include "curl_base64.h"
#include "curl_gssapi.h"
-#include "curl_memory.h"
#include "sendf.h"
+#include "curl_printf.h"
-#define _MPRINTF_REPLACE /* use our functions only */
-#include <curl/mprintf.h>
-
-/* The last #include file should be: */
+/* The last #include files should be: */
+#include "curl_memory.h"
#include "memdebug.h"
/*
* Curl_sasl_build_gssapi_spn()
*
-* This is used to build a SPN string in the format service@host.
+* This is used to build a SPN string in the format service@instance.
*
* Parameters:
*
-* serivce [in] - The service type such as www, smtp, pop or imap.
-* host [in] - The host name or realm.
+* service [in] - The service type such as www, smtp, pop or imap.
+* instance [in] - The host name or realm.
*
* Returns a pointer to the newly allocated SPN.
*/
-static char *Curl_sasl_build_gssapi_spn(const char *service, const char *host)
+char *Curl_sasl_build_gssapi_spn(const char *service, const char *instance)
{
/* Generate and return our SPN */
- return aprintf("%s@%s", service, host);
+ return aprintf("%s@%s", service, instance);
}
/*
* is enabled.
* chlg64 [in] - Pointer to the optional base64 encoded challenge
* message.
- * krb5 [in/out] - The gssapi data struct being used and modified.
+ * krb5 [in/out] - The Kerberos 5 data struct being used and modified.
* outptr [in/out] - The address where a pointer to newly allocated memory
* holding the result will be stored upon completion.
* outlen [out] - The length of the output message.
/* Import the SPN */
gss_major_status = gss_import_name(&gss_minor_status, &spn_token,
- gss_nt_service_name, &krb5->spn);
+ GSS_C_NT_HOSTBASED_SERVICE, &krb5->spn);
if(GSS_ERROR(gss_major_status)) {
Curl_gss_log_error(data, gss_minor_status, "gss_import_name() failed: ");
+ free(spn);
+
return CURLE_OUT_OF_MEMORY;
}
+
+ free(spn);
}
else {
/* Decode the base-64 encoded challenge message */
mutual_auth,
NULL);
- Curl_safefree(input_token.value);
+ free(input_token.value);
if(GSS_ERROR(gss_major_status)) {
if(output_token.value)
*
* data [in] - The session handle.
* chlg64 [in] - Pointer to the optional base64 encoded challenge message.
- * krb5 [in/out] - The gssapi data struct being used and modified.
+ * krb5 [in/out] - The Kerberos 5 data struct being used and modified.
* outptr [in/out] - The address where a pointer to newly allocated memory
* holding the result will be stored upon completion.
* outlen [out] - The length of the output message.
Curl_gss_log_error(data, gss_minor_status,
"gss_inquire_context() failed: ");
- Curl_safefree(chlg);
+ free(chlg);
return CURLE_OUT_OF_MEMORY;
}
if(GSS_ERROR(gss_major_status)) {
Curl_gss_log_error(data, gss_minor_status, "gss_display_name() failed: ");
- Curl_safefree(chlg);
+ free(chlg);
return CURLE_OUT_OF_MEMORY;
}
Curl_gss_log_error(data, gss_minor_status, "gss_unwrap() failed: ");
gss_release_buffer(&gss_status, &username_token);
- Curl_safefree(chlg);
+ free(chlg);
return CURLE_BAD_CONTENT_ENCODING;
}
infof(data, "GSSAPI handshake failure (invalid security data)\n");
gss_release_buffer(&gss_status, &username_token);
- Curl_safefree(chlg);
+ free(chlg);
return CURLE_BAD_CONTENT_ENCODING;
}
/* Copy the data out and free the challenge as it is not required anymore */
memcpy(&indata, output_token.value, 4);
gss_release_buffer(&gss_status, &output_token);
- Curl_safefree(chlg);
+ free(chlg);
/* Extract the security layer */
sec_layer = indata & 0x000000FF;
if(GSS_ERROR(gss_major_status)) {
Curl_gss_log_error(data, gss_minor_status, "gss_wrap() failed: ");
- Curl_safefree(message);
+ free(message);
return CURLE_OUT_OF_MEMORY;
}
gss_release_buffer(&gss_status, &output_token);
/* Free the message buffer */
- Curl_safefree(message);
+ free(message);
return result;
}
/*
* Curl_sasl_gssapi_cleanup()
*
- * This is used to clean up the gssapi specific data.
+ * This is used to clean up the GSSAPI (Kerberos V5) specific data.
*
* Parameters:
*
- * krb5 [in/out] - The kerberos 5 data struct being cleaned up.
+ * krb5 [in/out] - The Kerberos 5 data struct being cleaned up.
*
*/
void Curl_sasl_gssapi_cleanup(struct kerberos5data *krb5)