28 #if defined(HAVE_GSSAPI) && defined(USE_KERBEROS5) 53 bool Curl_auth_is_gssapi_supported(
void)
87 const bool mutual_auth,
89 struct kerberos5data *krb5,
90 char **outptr,
size_t *outlen)
94 unsigned char *chlg = NULL;
112 spn_token.
value = spn;
113 spn_token.
length = strlen(spn);
119 Curl_gss_log_error(data,
"gss_import_name() failed: ",
120 major_status, minor_status);
130 if(chlg64 && *chlg64) {
140 infof(data,
"GSSAPI handshake failure (empty challenge message)\n");
146 input_token.
value = chlg;
147 input_token.
length = chlglen;
150 major_status = Curl_gss_init_sec_context(data,
165 if(output_token.
value)
168 Curl_gss_log_error(data,
"gss_init_sec_context() failed: ",
169 major_status, minor_status);
177 output_token.
length, outptr, outlen);
181 else if(mutual_auth) {
209 struct kerberos5data *krb5,
215 size_t messagelen = 0;
216 unsigned char *chlg = NULL;
217 unsigned char *message = NULL;
224 unsigned int outdata = 0;
226 unsigned int sec_layer = 0;
227 unsigned int max_size = 0;
232 if(strlen(chlg64) && *chlg64 !=
'=') {
240 infof(data,
"GSSAPI handshake failure (empty security message)\n");
247 &username, NULL, NULL, NULL, NULL,
250 Curl_gss_log_error(data,
"gss_inquire_context() failed: ",
251 major_status, minor_status);
260 &username_token, NULL);
262 Curl_gss_log_error(data,
"gss_display_name() failed: ",
263 major_status, minor_status);
271 input_token.
value = chlg;
272 input_token.
length = chlglen;
275 major_status =
gss_unwrap(&minor_status, krb5->context, &input_token,
276 &output_token, NULL, &qop);
278 Curl_gss_log_error(data,
"gss_unwrap() failed: ",
279 major_status, minor_status);
288 if(output_token.
length != 4) {
289 infof(data,
"GSSAPI handshake failure (invalid security data)\n");
303 sec_layer = indata & 0x000000FF;
304 if(!(sec_layer & GSSAUTH_P_NONE)) {
305 infof(data,
"GSSAPI handshake failure (invalid security layer)\n");
313 max_size = ntohl(indata & 0xFFFFFF00);
322 messagelen =
sizeof(outdata) + username_token.
length + 1;
323 message =
malloc(messagelen);
335 outdata = htonl(max_size) | sec_layer;
336 memcpy(message, &outdata,
sizeof(outdata));
337 memcpy(message +
sizeof(outdata), username_token.
value,
339 message[messagelen - 1] =
'\0';
345 input_token.
value = message;
346 input_token.
length = messagelen;
349 major_status =
gss_wrap(&minor_status, krb5->context, 0,
353 Curl_gss_log_error(data,
"gss_wrap() failed: ",
354 major_status, minor_status);
363 output_token.
length, outptr, outlen);
384 void Curl_auth_gssapi_cleanup(
struct kerberos5data *krb5)
OM_uint32 gss_release_buffer(OM_uint32 *min, gss_buffer_t buffer)
#define GSS_C_NO_CHANNEL_BINDINGS
CURLcode Curl_base64_decode(const char *src, unsigned char **outptr, size_t *outlen)
CURLcode Curl_base64_encode(struct Curl_easy *data, const char *inputbuff, size_t insize, char **outptr, size_t *outlen)
OM_uint32 gss_display_name(OM_uint32 *min, gss_const_name_t input_name, gss_buffer_t output_name_buffer, gss_OID *output_name_type)
struct gss_name_t_desc_struct * gss_name_t
UNITTEST_START int result
#define GSS_C_NT_HOSTBASED_SERVICE
memcpy(filename, filename1, strlen(filename1))
static struct input indata[NUM_HANDLES]
#define GSS_ERROR(status)
OM_uint32 gss_release_name(OM_uint32 *min, gss_name_t *input_name)
char * Curl_auth_build_spn(const char *service, const char *host, const char *realm)
#define gss_delete_sec_context
OM_uint32 gss_unwrap(OM_uint32 *min, gss_const_ctx_id_t context_handle, const gss_buffer_t input_message_buffer, gss_buffer_t output_message_buffer, int *conf_state, gss_qop_t *qop_state)
OM_uint32 gss_inquire_context(OM_uint32 *min, gss_const_ctx_id_t context_handle, gss_name_t *src_name, gss_name_t *targ_name, OM_uint32 *lifetime_rec, gss_OID *mech_type, OM_uint32 *ctx_flags, int *locally_initiated, int *open_context)
#define GSS_C_EMPTY_BUFFER
OM_uint32 gss_wrap(OM_uint32 *min, gss_const_ctx_id_t context_handle, int conf_req_flag, gss_qop_t qop_req, const gss_buffer_t input_message_buffer, int *conf_state, gss_buffer_t output_message_buffer)
#define GSS_C_QOP_DEFAULT