On 25.04.2015 21:30, Daniel Stenberg wrote: > On Thu, 23 Apr 2015, LRN wrote: > >> The only hunk that needed to change was the one that adds #include "rawstr.h" >> Even without this hunk the code compiles, albeit with warnings (implicit >> declarations of raw string functions). >> Even with this hunk i still get *some* warnings: > > Sorry, I don't mean to be annoying, but since you provided this fine update, > could I also bother you to fix the remaining warnings? It'd get the the patch > merge ready, and will make the process smoother... I'd be grateful! > Here it is. Fixed a typo in the docs ("a the" -> "the"). Added the prototype to sspi.h. Fits there well enough. Added a cast to (const char*).
Patch should apply to 7.42.0 with small offset. Note that i've hacked the patch together manually, it's not from git format-patch. -- O< ascii ribbon - stop html email! - www.asciiribbon.org
From a69b2a723dcd03cdf74a836b77abc9e9b59bd907 Mon Sep 17 00:00:00 2001 From: Grant Pannell <gr...@pannell.net.au> Date: Sat, 21 Feb 2015 17:12:11 +1030 Subject: [PATCH] sasl_sspi: Populate the domain from the realm in the challenge message if the user does not specify DOMAIN\User format --- lib/curl_sasl.c | 12 +++++---- lib/curl_sasl.h | 11 ++++++++ lib/curl_sasl_sspi.c | 76 +++++++++++++++++++++++++++++++++++++++++++++++++++- 3 files changed, 93 insertions(+), 6 deletions(-) diff --git a/lib/curl_sasl.c b/lib/curl_sasl.c index 4591edb..2ce94d3 100644 --- a/lib/curl_sasl.c +++ b/lib/curl_sasl.c @@ -78,9 +78,6 @@ const struct { #define DIGEST_QOP_VALUE_STRING_AUTH_INT "auth-int" #define DIGEST_QOP_VALUE_STRING_AUTH_CONF "auth-conf" -#define DIGEST_MAX_VALUE_LENGTH 256 -#define DIGEST_MAX_CONTENT_LENGTH 1024 - /* The CURL_OUTPUT_DIGEST_CONV macro below is for non-ASCII machines. It converts digest text to ASCII so the MD5 will be correct for what ultimately goes over the network. @@ -92,13 +89,16 @@ const struct { return result; \ } +#endif + +#if !defined(CURL_DISABLE_CRYPTO_AUTH) /* * Returns 0 on success and then the buffers are filled in fine. * * Non-zero means failure to parse. */ -static int sasl_digest_get_pair(const char *str, char *value, char *content, - const char **endptr) +int sasl_digest_get_pair(const char *str, char *value, char *content, + const char **endptr) { int c; bool starts_with_quote = FALSE; @@ -159,7 +159,9 @@ static int sasl_digest_get_pair(const char *str, char *value, char *content, return 0; /* all is fine! */ } +#endif +#if !defined(CURL_DISABLE_CRYPTO_AUTH) && !defined(USE_WINDOWS_SSPI) /* Convert md5 chunk to RFC2617 (section 3.1.3) -suitable ascii string*/ static void sasl_digest_md5_to_ascii(unsigned char *source, /* 16 bytes */ unsigned char *dest) /* 33 bytes */ diff --git a/lib/curl_sasl.h b/lib/curl_sasl.h index 0dc7377..88c04ee 100644 --- a/lib/curl_sasl.h +++ b/lib/curl_sasl.h @@ -65,6 +65,11 @@ struct kerberos5data; #define SASL_MECH_STRING_NTLM "NTLM" #define SASL_MECH_STRING_XOAUTH2 "XOAUTH2" +#if !defined(CURL_DISABLE_CRYPTO_AUTH) +#define DIGEST_MAX_VALUE_LENGTH 256 +#define DIGEST_MAX_CONTENT_LENGTH 1024 +#endif + enum { CURLDIGESTALGO_MD5, CURLDIGESTALGO_MD5SESS @@ -136,6 +141,12 @@ char *Curl_sasl_build_spn(const char *service, const char *instance); TCHAR *Curl_sasl_build_spn(const char *service, const char *instance); #endif +#if defined(USE_WINDOWS_SSPI) +/* This is used to extract the realm from a challenge message */ +int sasl_digest_get_pair(const char *str, char *value, char *content, + const char **endptr); +#endif + #if defined(HAVE_GSSAPI) char *Curl_sasl_build_gssapi_spn(const char *service, const char *host); #endif diff --git a/lib/curl_sspi.h b/lib/curl_sspi.h --- a/lib/curl_sspi.h +++ b/lib/curl_sspi.h @@ -43,6 +43,10 @@ CURLcode Curl_sspi_global_init(void); void Curl_sspi_global_cleanup(void); +/* This is used to populate the domain in a SSPI identity structure */ +CURLcode Curl_override_sspi_http_realm(const char *chlg, + SEC_WINNT_AUTH_IDENTITY *identity); + /* This is used to generate an SSPI identity structure */ CURLcode Curl_create_sspi_identity(const char *userp, const char *passwdp, SEC_WINNT_AUTH_IDENTITY *identity); diff --git a/lib/curl_sasl_sspi.c b/lib/curl_sasl_sspi.c index 0509b75..698fff9 100644 --- a/lib/curl_sasl_sspi.c +++ b/lib/curl_sasl_sspi.c @@ -40,6 +40,7 @@ #include "sendf.h" #include "strdup.h" #include "curl_printf.h" +#include "rawstr.h" /* The last #include files should be: */ #include "curl_memory.h" @@ -276,6 +277,75 @@ CURLcode Curl_sasl_create_digest_md5_message(struct SessionHandle *data, } /* +* Curl_override_sspi_http_realm() +* +* This is used to populate the domain in a SSPI identity structure +* The realm is extracted from the challenge message and used as the +* domain if it is not already explicitly set. +* +* Parameters: +* +* chlg [in] - The challenge message. +* identity [in/out] - The identity structure. +* +* Returns CURLE_OK on success. +*/ +CURLcode Curl_override_sspi_http_realm (const char *chlg, + SEC_WINNT_AUTH_IDENTITY *identity) +{ + xcharp_u domain, dup_domain; + + /* If domain is blank or unset, check challenge message for realm */ + if (!identity->Domain || !identity->DomainLength) + { + for (;;) { + char value[DIGEST_MAX_VALUE_LENGTH]; + char content[DIGEST_MAX_CONTENT_LENGTH]; + + /* Pass all additional spaces here */ + while (*chlg && ISSPACE(*chlg)) + chlg++; + + /* Extract a value=content pair */ + if (!sasl_digest_get_pair(chlg, value, content, &chlg)) { + if (Curl_raw_equal(value, "realm")) { + + /* Setup identity's domain and length */ + domain.tchar_ptr = Curl_convert_UTF8_to_tchar((char *)content); + if (!domain.tchar_ptr) + return CURLE_OUT_OF_MEMORY; + dup_domain.tchar_ptr = _tcsdup(domain.tchar_ptr); + if (!dup_domain.tchar_ptr) { + Curl_unicodefree(domain.tchar_ptr); + return CURLE_OUT_OF_MEMORY; + } + identity->Domain = dup_domain.tbyte_ptr; + identity->DomainLength = curlx_uztoul(_tcslen(dup_domain.tchar_ptr)); + dup_domain.tchar_ptr = NULL; + + Curl_unicodefree(domain.tchar_ptr); + } + else { + /* unknown specifier, ignore it! */ + } + } + else + break; /* we're done here */ + + /* Pass all additional spaces here */ + while (*chlg && ISSPACE(*chlg)) + chlg++; + + /* Allow the list to be comma-separated */ + if (',' == *chlg) + chlg++; + } + } + + return CURLE_OK; +} + +/* * Curl_sasl_decode_digest_http_message() * * This is used to decode a HTTP DIGEST challenge message into the seperate @@ -373,7 +443,12 @@ CURLcode Curl_sasl_create_digest_http_message(struct SessionHandle *data, if(userp && *userp) { /* Populate our identity structure */ - if(Curl_create_sspi_identity(userp, passwdp, &identity)) + if (Curl_create_sspi_identity(userp, passwdp, &identity)) + return CURLE_OUT_OF_MEMORY; + + /* Populate our identity domain */ + if (Curl_override_sspi_http_realm((const char*)digest->input_token, + &identity)) return CURLE_OUT_OF_MEMORY; /* Allow proper cleanup of the identity structure */
0x922360B0.asc
Description: application/pgp-keys
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------- List admin: http://cool.haxx.se/list/listinfo/curl-library Etiquette: http://curl.haxx.se/mail/etiquette.html