Kristian Monsen | 5ab5018 | 2010-05-14 18:53:44 +0100 | [diff] [blame] | 1 | /*************************************************************************** |
| 2 | * _ _ ____ _ |
| 3 | * Project ___| | | | _ \| | |
| 4 | * / __| | | | |_) | | |
| 5 | * | (__| |_| | _ <| |___ |
| 6 | * \___|\___/|_| \_\_____| |
| 7 | * |
Alex Deymo | d15eaac | 2016-06-28 14:49:26 -0700 | [diff] [blame] | 8 | * Copyright (C) 1998 - 2016, Daniel Stenberg, <daniel@haxx.se>, et al. |
Kristian Monsen | 5ab5018 | 2010-05-14 18:53:44 +0100 | [diff] [blame] | 9 | * |
| 10 | * This software is licensed as described in the file COPYING, which |
| 11 | * you should have received as part of this distribution. The terms |
Alex Deymo | d15eaac | 2016-06-28 14:49:26 -0700 | [diff] [blame] | 12 | * are also available at https://curl.haxx.se/docs/copyright.html. |
Kristian Monsen | 5ab5018 | 2010-05-14 18:53:44 +0100 | [diff] [blame] | 13 | * |
| 14 | * You may opt to use, copy, modify, merge, publish, distribute and/or sell |
| 15 | * copies of the Software, and permit persons to whom the Software is |
| 16 | * furnished to do so, under the terms of the COPYING file. |
| 17 | * |
| 18 | * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY |
| 19 | * KIND, either express or implied. |
| 20 | * |
| 21 | ***************************************************************************/ |
Kristian Monsen | 5ab5018 | 2010-05-14 18:53:44 +0100 | [diff] [blame] | 22 | |
Bertrand SIMONNET | e6cd738 | 2015-07-01 15:39:44 -0700 | [diff] [blame] | 23 | #include "curl_setup.h" |
Kristian Monsen | 5ab5018 | 2010-05-14 18:53:44 +0100 | [diff] [blame] | 24 | |
Alex Deymo | d15eaac | 2016-06-28 14:49:26 -0700 | [diff] [blame] | 25 | #if !defined(CURL_DISABLE_HTTP) && defined(USE_SPNEGO) |
Kristian Monsen | 5ab5018 | 2010-05-14 18:53:44 +0100 | [diff] [blame] | 26 | |
| 27 | #include "urldata.h" |
| 28 | #include "sendf.h" |
Kristian Monsen | 5ab5018 | 2010-05-14 18:53:44 +0100 | [diff] [blame] | 29 | #include "http_negotiate.h" |
Alex Deymo | d15eaac | 2016-06-28 14:49:26 -0700 | [diff] [blame] | 30 | #include "vauth/vauth.h" |
Bertrand SIMONNET | e6cd738 | 2015-07-01 15:39:44 -0700 | [diff] [blame] | 31 | |
Alex Deymo | d15eaac | 2016-06-28 14:49:26 -0700 | [diff] [blame] | 32 | /* The last 3 #include files should be in this order */ |
| 33 | #include "curl_printf.h" |
Kristian Monsen | 5ab5018 | 2010-05-14 18:53:44 +0100 | [diff] [blame] | 34 | #include "curl_memory.h" |
Kristian Monsen | 5ab5018 | 2010-05-14 18:53:44 +0100 | [diff] [blame] | 35 | #include "memdebug.h" |
| 36 | |
Bertrand SIMONNET | e6cd738 | 2015-07-01 15:39:44 -0700 | [diff] [blame] | 37 | CURLcode Curl_input_negotiate(struct connectdata *conn, bool proxy, |
| 38 | const char *header) |
Kristian Monsen | 5ab5018 | 2010-05-14 18:53:44 +0100 | [diff] [blame] | 39 | { |
Elliott Hughes | cee0338 | 2017-06-23 12:17:18 -0700 | [diff] [blame] | 40 | CURLcode result; |
Alex Deymo | e3149cc | 2016-10-05 11:18:42 -0700 | [diff] [blame] | 41 | struct Curl_easy *data = conn->data; |
Bertrand SIMONNET | e6cd738 | 2015-07-01 15:39:44 -0700 | [diff] [blame] | 42 | size_t len; |
Kristian Monsen | 5ab5018 | 2010-05-14 18:53:44 +0100 | [diff] [blame] | 43 | |
Alex Deymo | d15eaac | 2016-06-28 14:49:26 -0700 | [diff] [blame] | 44 | /* Point to the username, password, service and host */ |
| 45 | const char *userp; |
| 46 | const char *passwdp; |
| 47 | const char *service; |
| 48 | const char *host; |
| 49 | |
| 50 | /* Point to the correct struct with this */ |
| 51 | struct negotiatedata *neg_ctx; |
| 52 | |
| 53 | if(proxy) { |
Elliott Hughes | cee0338 | 2017-06-23 12:17:18 -0700 | [diff] [blame] | 54 | userp = conn->http_proxy.user; |
| 55 | passwdp = conn->http_proxy.passwd; |
Alex Deymo | d15eaac | 2016-06-28 14:49:26 -0700 | [diff] [blame] | 56 | service = data->set.str[STRING_PROXY_SERVICE_NAME] ? |
| 57 | data->set.str[STRING_PROXY_SERVICE_NAME] : "HTTP"; |
Elliott Hughes | cee0338 | 2017-06-23 12:17:18 -0700 | [diff] [blame] | 58 | host = conn->http_proxy.host.name; |
Alex Deymo | d15eaac | 2016-06-28 14:49:26 -0700 | [diff] [blame] | 59 | neg_ctx = &data->state.proxyneg; |
| 60 | } |
| 61 | else { |
| 62 | userp = conn->user; |
| 63 | passwdp = conn->passwd; |
| 64 | service = data->set.str[STRING_SERVICE_NAME] ? |
| 65 | data->set.str[STRING_SERVICE_NAME] : "HTTP"; |
| 66 | host = conn->host.name; |
| 67 | neg_ctx = &data->state.negotiate; |
Kristian Monsen | 5ab5018 | 2010-05-14 18:53:44 +0100 | [diff] [blame] | 68 | } |
| 69 | |
Alex Deymo | d15eaac | 2016-06-28 14:49:26 -0700 | [diff] [blame] | 70 | /* Not set means empty */ |
| 71 | if(!userp) |
| 72 | userp = ""; |
Kristian Monsen | 5ab5018 | 2010-05-14 18:53:44 +0100 | [diff] [blame] | 73 | |
Alex Deymo | d15eaac | 2016-06-28 14:49:26 -0700 | [diff] [blame] | 74 | if(!passwdp) |
| 75 | passwdp = ""; |
Bertrand SIMONNET | e6cd738 | 2015-07-01 15:39:44 -0700 | [diff] [blame] | 76 | |
Alex Deymo | d15eaac | 2016-06-28 14:49:26 -0700 | [diff] [blame] | 77 | /* Obtain the input token, if any */ |
Bertrand SIMONNET | e6cd738 | 2015-07-01 15:39:44 -0700 | [diff] [blame] | 78 | header += strlen("Negotiate"); |
Kristian Monsen | 5ab5018 | 2010-05-14 18:53:44 +0100 | [diff] [blame] | 79 | while(*header && ISSPACE(*header)) |
| 80 | header++; |
| 81 | |
| 82 | len = strlen(header); |
Alex Deymo | d15eaac | 2016-06-28 14:49:26 -0700 | [diff] [blame] | 83 | if(!len) { |
| 84 | /* Is this the first call in a new negotiation? */ |
| 85 | if(neg_ctx->context) { |
| 86 | /* The server rejected our authentication and hasn't suppled any more |
| 87 | negotiation mechanisms */ |
| 88 | return CURLE_LOGIN_DENIED; |
Bertrand SIMONNET | e6cd738 | 2015-07-01 15:39:44 -0700 | [diff] [blame] | 89 | } |
Kristian Monsen | 5ab5018 | 2010-05-14 18:53:44 +0100 | [diff] [blame] | 90 | } |
| 91 | |
Elliott Hughes | 1ef06ba | 2018-05-30 15:43:58 -0700 | [diff] [blame] | 92 | /* Initialize the security context and decode our challenge */ |
Elliott Hughes | cee0338 | 2017-06-23 12:17:18 -0700 | [diff] [blame] | 93 | result = Curl_auth_decode_spnego_message(data, userp, passwdp, service, |
| 94 | host, header, neg_ctx); |
| 95 | |
| 96 | if(result) |
| 97 | Curl_auth_spnego_cleanup(neg_ctx); |
| 98 | |
| 99 | return result; |
Kristian Monsen | 5ab5018 | 2010-05-14 18:53:44 +0100 | [diff] [blame] | 100 | } |
| 101 | |
Kristian Monsen | 5ab5018 | 2010-05-14 18:53:44 +0100 | [diff] [blame] | 102 | CURLcode Curl_output_negotiate(struct connectdata *conn, bool proxy) |
| 103 | { |
Alex Deymo | d15eaac | 2016-06-28 14:49:26 -0700 | [diff] [blame] | 104 | struct negotiatedata *neg_ctx = proxy ? &conn->data->state.proxyneg : |
Kristian Monsen | 5ab5018 | 2010-05-14 18:53:44 +0100 | [diff] [blame] | 105 | &conn->data->state.negotiate; |
Alex Deymo | d15eaac | 2016-06-28 14:49:26 -0700 | [diff] [blame] | 106 | char *base64 = NULL; |
Bertrand SIMONNET | e6cd738 | 2015-07-01 15:39:44 -0700 | [diff] [blame] | 107 | size_t len = 0; |
Lucas Eckels | 9bd90e6 | 2012-08-06 15:07:02 -0700 | [diff] [blame] | 108 | char *userp; |
Bertrand SIMONNET | e6cd738 | 2015-07-01 15:39:44 -0700 | [diff] [blame] | 109 | CURLcode result; |
Kristian Monsen | 5ab5018 | 2010-05-14 18:53:44 +0100 | [diff] [blame] | 110 | |
Alex Deymo | d15eaac | 2016-06-28 14:49:26 -0700 | [diff] [blame] | 111 | result = Curl_auth_create_spnego_message(conn->data, neg_ctx, &base64, &len); |
| 112 | if(result) |
Bertrand SIMONNET | e6cd738 | 2015-07-01 15:39:44 -0700 | [diff] [blame] | 113 | return result; |
Kristian Monsen | 5ab5018 | 2010-05-14 18:53:44 +0100 | [diff] [blame] | 114 | |
Bertrand SIMONNET | e6cd738 | 2015-07-01 15:39:44 -0700 | [diff] [blame] | 115 | userp = aprintf("%sAuthorization: Negotiate %s\r\n", proxy ? "Proxy-" : "", |
Alex Deymo | d15eaac | 2016-06-28 14:49:26 -0700 | [diff] [blame] | 116 | base64); |
| 117 | |
Bertrand SIMONNET | e6cd738 | 2015-07-01 15:39:44 -0700 | [diff] [blame] | 118 | if(proxy) { |
| 119 | Curl_safefree(conn->allocptr.proxyuserpwd); |
Lucas Eckels | 9bd90e6 | 2012-08-06 15:07:02 -0700 | [diff] [blame] | 120 | conn->allocptr.proxyuserpwd = userp; |
Bertrand SIMONNET | e6cd738 | 2015-07-01 15:39:44 -0700 | [diff] [blame] | 121 | } |
| 122 | else { |
| 123 | Curl_safefree(conn->allocptr.userpwd); |
Lucas Eckels | 9bd90e6 | 2012-08-06 15:07:02 -0700 | [diff] [blame] | 124 | conn->allocptr.userpwd = userp; |
Bertrand SIMONNET | e6cd738 | 2015-07-01 15:39:44 -0700 | [diff] [blame] | 125 | } |
| 126 | |
Alex Deymo | d15eaac | 2016-06-28 14:49:26 -0700 | [diff] [blame] | 127 | free(base64); |
Bertrand SIMONNET | e6cd738 | 2015-07-01 15:39:44 -0700 | [diff] [blame] | 128 | |
Lucas Eckels | 9bd90e6 | 2012-08-06 15:07:02 -0700 | [diff] [blame] | 129 | return (userp == NULL) ? CURLE_OUT_OF_MEMORY : CURLE_OK; |
Kristian Monsen | 5ab5018 | 2010-05-14 18:53:44 +0100 | [diff] [blame] | 130 | } |
| 131 | |
Alex Deymo | e3149cc | 2016-10-05 11:18:42 -0700 | [diff] [blame] | 132 | void Curl_cleanup_negotiate(struct Curl_easy *data) |
Kristian Monsen | 5ab5018 | 2010-05-14 18:53:44 +0100 | [diff] [blame] | 133 | { |
Alex Deymo | d15eaac | 2016-06-28 14:49:26 -0700 | [diff] [blame] | 134 | Curl_auth_spnego_cleanup(&data->state.negotiate); |
| 135 | Curl_auth_spnego_cleanup(&data->state.proxyneg); |
Kristian Monsen | 5ab5018 | 2010-05-14 18:53:44 +0100 | [diff] [blame] | 136 | } |
| 137 | |
Alex Deymo | d15eaac | 2016-06-28 14:49:26 -0700 | [diff] [blame] | 138 | #endif /* !CURL_DISABLE_HTTP && USE_SPNEGO */ |