summaryrefslogtreecommitdiffstats
path: root/Utilities/cmcurl/lib/vauth
diff options
context:
space:
mode:
Diffstat (limited to 'Utilities/cmcurl/lib/vauth')
-rw-r--r--Utilities/cmcurl/lib/vauth/cleartext.c70
-rw-r--r--Utilities/cmcurl/lib/vauth/cram.c65
-rw-r--r--Utilities/cmcurl/lib/vauth/digest.c62
-rw-r--r--Utilities/cmcurl/lib/vauth/digest_sspi.c54
-rw-r--r--Utilities/cmcurl/lib/vauth/gsasl.c124
-rw-r--r--Utilities/cmcurl/lib/vauth/krb5_gssapi.c100
-rw-r--r--Utilities/cmcurl/lib/vauth/krb5_sspi.c115
-rw-r--r--Utilities/cmcurl/lib/vauth/ntlm.c190
-rw-r--r--Utilities/cmcurl/lib/vauth/ntlm_sspi.c58
-rw-r--r--Utilities/cmcurl/lib/vauth/oauth2.c53
-rw-r--r--Utilities/cmcurl/lib/vauth/vauth.c25
-rw-r--r--Utilities/cmcurl/lib/vauth/vauth.h89
12 files changed, 422 insertions, 583 deletions
diff --git a/Utilities/cmcurl/lib/vauth/cleartext.c b/Utilities/cmcurl/lib/vauth/cleartext.c
index 620dba0..d17e16f 100644
--- a/Utilities/cmcurl/lib/vauth/cleartext.c
+++ b/Utilities/cmcurl/lib/vauth/cleartext.c
@@ -5,7 +5,7 @@
* | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____|
*
- * Copyright (C) 1998 - 2020, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2021, Daniel Stenberg, <daniel@haxx.se>, et al.
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
@@ -32,7 +32,6 @@
#include "urldata.h"
#include "vauth/vauth.h"
-#include "curl_base64.h"
#include "curl_md5.h"
#include "warnless.h"
#include "strtok.h"
@@ -51,31 +50,24 @@
*
* Parameters:
*
- * data [in] - The session handle.
* authzid [in] - The authorization identity.
* authcid [in] - The authentication identity.
* passwd [in] - The password.
- * outptr [in/out] - The address where a pointer to newly allocated memory
- * holding the result will be stored upon completion.
- * outlen [out] - The length of the output message.
+ * out [out] - The result storage.
*
* Returns CURLE_OK on success.
*/
-CURLcode Curl_auth_create_plain_message(struct Curl_easy *data,
- const char *authzid,
+CURLcode Curl_auth_create_plain_message(const char *authzid,
const char *authcid,
const char *passwd,
- char **outptr, size_t *outlen)
+ struct bufref *out)
{
- CURLcode result;
char *plainauth;
+ size_t plainlen;
size_t zlen;
size_t clen;
size_t plen;
- size_t plainlen;
- *outlen = 0;
- *outptr = NULL;
zlen = (authzid == NULL ? 0 : strlen(authzid));
clen = strlen(authcid);
plen = strlen(passwd);
@@ -86,23 +78,20 @@ CURLcode Curl_auth_create_plain_message(struct Curl_easy *data,
return CURLE_OUT_OF_MEMORY;
plainlen = zlen + clen + plen + 2;
- plainauth = malloc(plainlen);
+ plainauth = malloc(plainlen + 1);
if(!plainauth)
return CURLE_OUT_OF_MEMORY;
/* Calculate the reply */
- if(zlen != 0)
+ if(zlen)
memcpy(plainauth, authzid, zlen);
plainauth[zlen] = '\0';
memcpy(plainauth + zlen + 1, authcid, clen);
plainauth[zlen + clen + 1] = '\0';
memcpy(plainauth + zlen + clen + 2, passwd, plen);
-
- /* Base64 encode the reply */
- result = Curl_base64_encode(data, plainauth, plainlen, outptr, outlen);
- free(plainauth);
-
- return result;
+ plainauth[plainlen] = '\0';
+ Curl_bufref_set(out, plainauth, plainlen, curl_free);
+ return CURLE_OK;
}
/*
@@ -113,34 +102,15 @@ CURLcode Curl_auth_create_plain_message(struct Curl_easy *data,
*
* Parameters:
*
- * data [in] - The session handle.
* valuep [in] - The user name or user's password.
- * outptr [in/out] - The address where a pointer to newly allocated memory
- * holding the result will be stored upon completion.
- * outlen [out] - The length of the output message.
+ * out [out] - The result storage.
*
* Returns CURLE_OK on success.
*/
-CURLcode Curl_auth_create_login_message(struct Curl_easy *data,
- const char *valuep, char **outptr,
- size_t *outlen)
+CURLcode Curl_auth_create_login_message(const char *valuep, struct bufref *out)
{
- size_t vlen = strlen(valuep);
-
- if(!vlen) {
- /* Calculate an empty reply */
- *outptr = strdup("=");
- if(*outptr) {
- *outlen = (size_t) 1;
- return CURLE_OK;
- }
-
- *outlen = 0;
- return CURLE_OUT_OF_MEMORY;
- }
-
- /* Base64 encode the value */
- return Curl_base64_encode(data, valuep, vlen, outptr, outlen);
+ Curl_bufref_set(out, valuep, strlen(valuep), NULL);
+ return CURLE_OK;
}
/*
@@ -151,20 +121,16 @@ CURLcode Curl_auth_create_login_message(struct Curl_easy *data,
*
* Parameters:
*
- * data [in] - The session handle.
* user [in] - The user name.
- * outptr [in/out] - The address where a pointer to newly allocated memory
- * holding the result will be stored upon completion.
- * outlen [out] - The length of the output message.
+ * out [out] - The result storage.
*
* Returns CURLE_OK on success.
*/
-CURLcode Curl_auth_create_external_message(struct Curl_easy *data,
- const char *user, char **outptr,
- size_t *outlen)
+CURLcode Curl_auth_create_external_message(const char *user,
+ struct bufref *out)
{
/* This is the same formatting as the login message */
- return Curl_auth_create_login_message(data, user, outptr, outlen);
+ return Curl_auth_create_login_message(user, out);
}
#endif /* if no users */
diff --git a/Utilities/cmcurl/lib/vauth/cram.c b/Utilities/cmcurl/lib/vauth/cram.c
index 1a37625..9ddb0ac 100644
--- a/Utilities/cmcurl/lib/vauth/cram.c
+++ b/Utilities/cmcurl/lib/vauth/cram.c
@@ -5,7 +5,7 @@
* | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____|
*
- * Copyright (C) 1998 - 2020, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2021, Daniel Stenberg, <daniel@haxx.se>, et al.
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
@@ -30,7 +30,6 @@
#include "urldata.h"
#include "vauth/vauth.h"
-#include "curl_base64.h"
#include "curl_hmac.h"
#include "curl_md5.h"
#include "warnless.h"
@@ -40,69 +39,31 @@
#include "curl_memory.h"
#include "memdebug.h"
-/*
- * Curl_auth_decode_cram_md5_message()
- *
- * This is used to decode an already encoded CRAM-MD5 challenge message.
- *
- * Parameters:
- *
- * chlg64 [in] - The base64 encoded challenge message.
- * outptr [in/out] - The address where a pointer to newly allocated memory
- * holding the result will be stored upon completion.
- * outlen [out] - The length of the output message.
- *
- * Returns CURLE_OK on success.
- */
-CURLcode Curl_auth_decode_cram_md5_message(const char *chlg64, char **outptr,
- size_t *outlen)
-{
- CURLcode result = CURLE_OK;
- size_t chlg64len = strlen(chlg64);
-
- *outptr = NULL;
- *outlen = 0;
-
- /* Decode the challenge if necessary */
- if(chlg64len && *chlg64 != '=')
- result = Curl_base64_decode(chlg64, (unsigned char **) outptr, outlen);
-
- return result;
-}
/*
* Curl_auth_create_cram_md5_message()
*
- * This is used to generate an already encoded CRAM-MD5 response message ready
- * for sending to the recipient.
+ * This is used to generate a CRAM-MD5 response message ready for sending to
+ * the recipient.
*
* Parameters:
*
- * data [in] - The session handle.
* chlg [in] - The challenge.
* userp [in] - The user name.
* passwdp [in] - The user's password.
- * outptr [in/out] - The address where a pointer to newly allocated memory
- * holding the result will be stored upon completion.
- * outlen [out] - The length of the output message.
+ * out [out] - The result storage.
*
* Returns CURLE_OK on success.
*/
-CURLcode Curl_auth_create_cram_md5_message(struct Curl_easy *data,
- const char *chlg,
+CURLcode Curl_auth_create_cram_md5_message(const struct bufref *chlg,
const char *userp,
const char *passwdp,
- char **outptr, size_t *outlen)
+ struct bufref *out)
{
- CURLcode result = CURLE_OK;
- size_t chlglen = 0;
struct HMAC_context *ctxt;
unsigned char digest[MD5_DIGEST_LEN];
char *response;
- if(chlg)
- chlglen = strlen(chlg);
-
/* Compute the digest using the password as the key */
ctxt = Curl_HMAC_init(Curl_HMAC_MD5,
(const unsigned char *) passwdp,
@@ -111,9 +72,9 @@ CURLcode Curl_auth_create_cram_md5_message(struct Curl_easy *data,
return CURLE_OUT_OF_MEMORY;
/* Update the digest with the given challenge */
- if(chlglen > 0)
- Curl_HMAC_update(ctxt, (const unsigned char *) chlg,
- curlx_uztoui(chlglen));
+ if(Curl_bufref_len(chlg))
+ Curl_HMAC_update(ctxt, Curl_bufref_ptr(chlg),
+ curlx_uztoui(Curl_bufref_len(chlg)));
/* Finalise the digest */
Curl_HMAC_final(ctxt, digest);
@@ -127,12 +88,8 @@ CURLcode Curl_auth_create_cram_md5_message(struct Curl_easy *data,
if(!response)
return CURLE_OUT_OF_MEMORY;
- /* Base64 encode the response */
- result = Curl_base64_encode(data, response, 0, outptr, outlen);
-
- free(response);
-
- return result;
+ Curl_bufref_set(out, response, strlen(response), curl_free);
+ return CURLE_OK;
}
#endif /* !CURL_DISABLE_CRYPTO_AUTH */
diff --git a/Utilities/cmcurl/lib/vauth/digest.c b/Utilities/cmcurl/lib/vauth/digest.c
index 559852f..a04ffab 100644
--- a/Utilities/cmcurl/lib/vauth/digest.c
+++ b/Utilities/cmcurl/lib/vauth/digest.c
@@ -5,7 +5,7 @@
* | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____|
*
- * Copyright (C) 1998 - 2020, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2021, Daniel Stenberg, <daniel@haxx.se>, et al.
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
@@ -254,7 +254,7 @@ static CURLcode auth_digest_get_qop_values(const char *options, int *value)
*
* Parameters:
*
- * chlg64 [in] - The base64 encoded challenge message.
+ * chlgref [in] - The challenge message.
* nonce [in/out] - The buffer where the nonce will be stored.
* nlen [in] - The length of the nonce buffer.
* realm [in/out] - The buffer where the realm will be stored.
@@ -266,55 +266,35 @@ static CURLcode auth_digest_get_qop_values(const char *options, int *value)
*
* Returns CURLE_OK on success.
*/
-static CURLcode auth_decode_digest_md5_message(const char *chlg64,
+static CURLcode auth_decode_digest_md5_message(const struct bufref *chlgref,
char *nonce, size_t nlen,
char *realm, size_t rlen,
char *alg, size_t alen,
char *qop, size_t qlen)
{
- CURLcode result = CURLE_OK;
- unsigned char *chlg = NULL;
- size_t chlglen = 0;
- size_t chlg64len = strlen(chlg64);
-
- /* Decode the base-64 encoded challenge message */
- if(chlg64len && *chlg64 != '=') {
- result = Curl_base64_decode(chlg64, &chlg, &chlglen);
- if(result)
- return result;
- }
+ const char *chlg = (const char *) Curl_bufref_ptr(chlgref);
/* Ensure we have a valid challenge message */
- if(!chlg)
+ if(!Curl_bufref_len(chlgref))
return CURLE_BAD_CONTENT_ENCODING;
/* Retrieve nonce string from the challenge */
- if(!auth_digest_get_key_value((char *) chlg, "nonce=\"", nonce, nlen,
- '\"')) {
- free(chlg);
+ if(!auth_digest_get_key_value(chlg, "nonce=\"", nonce, nlen, '\"'))
return CURLE_BAD_CONTENT_ENCODING;
- }
/* Retrieve realm string from the challenge */
- if(!auth_digest_get_key_value((char *) chlg, "realm=\"", realm, rlen,
- '\"')) {
+ if(!auth_digest_get_key_value(chlg, "realm=\"", realm, rlen, '\"')) {
/* Challenge does not have a realm, set empty string [RFC2831] page 6 */
strcpy(realm, "");
}
/* Retrieve algorithm string from the challenge */
- if(!auth_digest_get_key_value((char *) chlg, "algorithm=", alg, alen, ',')) {
- free(chlg);
+ if(!auth_digest_get_key_value(chlg, "algorithm=", alg, alen, ','))
return CURLE_BAD_CONTENT_ENCODING;
- }
/* Retrieve qop-options string from the challenge */
- if(!auth_digest_get_key_value((char *) chlg, "qop=\"", qop, qlen, '\"')) {
- free(chlg);
+ if(!auth_digest_get_key_value(chlg, "qop=\"", qop, qlen, '\"'))
return CURLE_BAD_CONTENT_ENCODING;
- }
-
- free(chlg);
return CURLE_OK;
}
@@ -342,22 +322,20 @@ bool Curl_auth_is_digest_supported(void)
* Parameters:
*
* data [in] - The session handle.
- * chlg64 [in] - The base64 encoded challenge message.
+ * chlg [in] - The challenge message.
* userp [in] - The user name.
* passwdp [in] - The user's password.
* service [in] - The service type such as http, smtp, pop or imap.
- * outptr [in/out] - The address where a pointer to newly allocated memory
- * holding the result will be stored upon completion.
- * outlen [out] - The length of the output message.
+ * out [out] - The result storage.
*
* Returns CURLE_OK on success.
*/
CURLcode Curl_auth_create_digest_md5_message(struct Curl_easy *data,
- const char *chlg64,
+ const struct bufref *chlg,
const char *userp,
const char *passwdp,
const char *service,
- char **outptr, size_t *outlen)
+ struct bufref *out)
{
size_t i;
struct MD5_context *ctxt;
@@ -378,9 +356,10 @@ CURLcode Curl_auth_create_digest_md5_message(struct Curl_easy *data,
char *spn = NULL;
/* Decode the challenge message */
- CURLcode result = auth_decode_digest_md5_message(chlg64, nonce,
- sizeof(nonce), realm,
- sizeof(realm), algorithm,
+ CURLcode result = auth_decode_digest_md5_message(chlg,
+ nonce, sizeof(nonce),
+ realm, sizeof(realm),
+ algorithm,
sizeof(algorithm),
qop_options,
sizeof(qop_options));
@@ -500,11 +479,8 @@ CURLcode Curl_auth_create_digest_md5_message(struct Curl_easy *data,
if(!response)
return CURLE_OUT_OF_MEMORY;
- /* Base64 encode the response */
- result = Curl_base64_encode(data, response, 0, outptr, outlen);
-
- free(response);
-
+ /* Return the response. */
+ Curl_bufref_set(out, response, strlen(response), curl_free);
return result;
}
diff --git a/Utilities/cmcurl/lib/vauth/digest_sspi.c b/Utilities/cmcurl/lib/vauth/digest_sspi.c
index dad947a..2602ffd 100644
--- a/Utilities/cmcurl/lib/vauth/digest_sspi.c
+++ b/Utilities/cmcurl/lib/vauth/digest_sspi.c
@@ -6,7 +6,7 @@
* \___|\___/|_| \_\_____|
*
* Copyright (C) 2014 - 2016, Steve Holme, <steve_holme@hotmail.com>.
- * Copyright (C) 2015 - 2020, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 2015 - 2021, Daniel Stenberg, <daniel@haxx.se>, et al.
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
@@ -32,7 +32,6 @@
#include "vauth/vauth.h"
#include "vauth/digest.h"
#include "urldata.h"
-#include "curl_base64.h"
#include "warnless.h"
#include "curl_multibyte.h"
#include "sendf.h"
@@ -79,28 +78,24 @@ bool Curl_auth_is_digest_supported(void)
* Parameters:
*
* data [in] - The session handle.
- * chlg64 [in] - The base64 encoded challenge message.
+ * chlg [in] - The challenge message.
* userp [in] - The user name in the format User or Domain\User.
* passwdp [in] - The user's password.
* service [in] - The service type such as http, smtp, pop or imap.
- * outptr [in/out] - The address where a pointer to newly allocated memory
- * holding the result will be stored upon completion.
- * outlen [out] - The length of the output message.
+ * out [out] - The result storage.
*
* Returns CURLE_OK on success.
*/
CURLcode Curl_auth_create_digest_md5_message(struct Curl_easy *data,
- const char *chlg64,
+ const struct bufref *chlg,
const char *userp,
const char *passwdp,
const char *service,
- char **outptr, size_t *outlen)
+ struct bufref *out)
{
CURLcode result = CURLE_OK;
TCHAR *spn = NULL;
- size_t chlglen = 0;
size_t token_max = 0;
- unsigned char *input_token = NULL;
unsigned char *output_token = NULL;
CredHandle credentials;
CtxtHandle context;
@@ -115,17 +110,9 @@ CURLcode Curl_auth_create_digest_md5_message(struct Curl_easy *data,
unsigned long attrs;
TimeStamp expiry; /* For Windows 9x compatibility of SSPI calls */
- /* Decode the base-64 encoded challenge message */
- if(strlen(chlg64) && *chlg64 != '=') {
- result = Curl_base64_decode(chlg64, &input_token, &chlglen);
- if(result)
- return result;
- }
-
/* Ensure we have a valid challenge message */
- if(!input_token) {
+ if(!Curl_bufref_len(chlg)) {
infof(data, "DIGEST-MD5 handshake failure (empty challenge message)\n");
-
return CURLE_BAD_CONTENT_ENCODING;
}
@@ -133,8 +120,6 @@ CURLcode Curl_auth_create_digest_md5_message(struct Curl_easy *data,
status = s_pSecFn->QuerySecurityPackageInfo((TCHAR *) TEXT(SP_NAME_DIGEST),
&SecurityPackage);
if(status != SEC_E_OK) {
- free(input_token);
-
failf(data, "SSPI: couldn't get auth info");
return CURLE_AUTH_ERROR;
}
@@ -146,18 +131,13 @@ CURLcode Curl_auth_create_digest_md5_message(struct Curl_easy *data,
/* Allocate our response buffer */
output_token = malloc(token_max);
- if(!output_token) {
- free(input_token);
-
+ if(!output_token)
return CURLE_OUT_OF_MEMORY;
- }
/* Generate our SPN */
spn = Curl_auth_build_spn(service, data->conn->host.name, NULL);
if(!spn) {
free(output_token);
- free(input_token);
-
return CURLE_OUT_OF_MEMORY;
}
@@ -167,8 +147,6 @@ CURLcode Curl_auth_create_digest_md5_message(struct Curl_easy *data,
if(result) {
free(spn);
free(output_token);
- free(input_token);
-
return result;
}
@@ -190,8 +168,6 @@ CURLcode Curl_auth_create_digest_md5_message(struct Curl_easy *data,
Curl_sspi_free_identity(p_identity);
free(spn);
free(output_token);
- free(input_token);
-
return CURLE_LOGIN_DENIED;
}
@@ -200,8 +176,8 @@ CURLcode Curl_auth_create_digest_md5_message(struct Curl_easy *data,
chlg_desc.cBuffers = 1;
chlg_desc.pBuffers = &chlg_buf;
chlg_buf.BufferType = SECBUFFER_TOKEN;
- chlg_buf.pvBuffer = input_token;
- chlg_buf.cbBuffer = curlx_uztoul(chlglen);
+ chlg_buf.pvBuffer = (void *) Curl_bufref_ptr(chlg);
+ chlg_buf.cbBuffer = curlx_uztoul(Curl_bufref_len(chlg));
/* Setup the response "output" security buffer */
resp_desc.ulVersion = SECBUFFER_VERSION;
@@ -227,7 +203,6 @@ CURLcode Curl_auth_create_digest_md5_message(struct Curl_easy *data,
Curl_sspi_free_identity(p_identity);
free(spn);
free(output_token);
- free(input_token);
if(status == SEC_E_INSUFFICIENT_MEMORY)
return CURLE_OUT_OF_MEMORY;
@@ -238,9 +213,8 @@ CURLcode Curl_auth_create_digest_md5_message(struct Curl_easy *data,
return CURLE_AUTH_ERROR;
}
- /* Base64 encode the response */
- result = Curl_base64_encode(data, (char *) output_token, resp_buf.cbBuffer,
- outptr, outlen);
+ /* Return the response. */
+ Curl_bufref_set(out, output_token, resp_buf.cbBuffer, curl_free);
/* Free our handles */
s_pSecFn->DeleteSecurityContext(&context);
@@ -252,12 +226,6 @@ CURLcode Curl_auth_create_digest_md5_message(struct Curl_easy *data,
/* Free the SPN */
free(spn);
- /* Free the response buffer */
- free(output_token);
-
- /* Free the decoded challenge message */
- free(input_token);
-
return result;
}
diff --git a/Utilities/cmcurl/lib/vauth/gsasl.c b/Utilities/cmcurl/lib/vauth/gsasl.c
new file mode 100644
index 0000000..40fef53
--- /dev/null
+++ b/Utilities/cmcurl/lib/vauth/gsasl.c
@@ -0,0 +1,124 @@
+/***************************************************************************
+ * _ _ ____ _
+ * Project ___| | | | _ \| |
+ * / __| | | | |_) | |
+ * | (__| |_| | _ <| |___
+ * \___|\___/|_| \_\_____|
+ *
+ * Copyright (C) 2020 - 2021, Simon Josefsson, <simon@josefsson.org>, et al.
+ *
+ * This software is licensed as described in the file COPYING, which
+ * you should have received as part of this distribution. The terms
+ * are also available at https://curl.se/docs/copyright.html.
+ *
+ * You may opt to use, copy, modify, merge, publish, distribute and/or sell
+ * copies of the Software, and permit persons to whom the Software is
+ * furnished to do so, under the terms of the COPYING file.
+ *
+ * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
+ * KIND, either express or implied.
+ *
+ * RFC5802 SCRAM-SHA-1 authentication
+ *
+ ***************************************************************************/
+
+#include "curl_setup.h"
+
+#ifdef USE_GSASL
+
+#include <curl/curl.h>
+
+#include "vauth/vauth.h"
+#include "urldata.h"
+#include "sendf.h"
+
+#include <gsasl.h>
+
+/* The last #include files should be: */
+#include "curl_memory.h"
+#include "memdebug.h"
+
+bool Curl_auth_gsasl_is_supported(struct Curl_easy *data,
+ const char *mech,
+ struct gsasldata *gsasl)
+{
+ int res;
+
+ res = gsasl_init(&gsasl->ctx);
+ if(res != GSASL_OK) {
+ failf(data, "gsasl init: %s\n", gsasl_strerror(res));
+ return FALSE;
+ }
+
+ res = gsasl_client_start(gsasl->ctx, mech, &gsasl->client);
+ if(res != GSASL_OK) {
+ gsasl_done(gsasl->ctx);
+ return FALSE;
+ }
+
+ return true;
+}
+
+CURLcode Curl_auth_gsasl_start(struct Curl_easy *data,
+ const char *userp,
+ const char *passwdp,
+ struct gsasldata *gsasl)
+{
+#if GSASL_VERSION_NUMBER >= 0x010b00
+ int res;
+ res =
+#endif
+ gsasl_property_set(gsasl->client, GSASL_AUTHID, userp);
+#if GSASL_VERSION_NUMBER >= 0x010b00
+ if(res != GSASL_OK) {
+ failf(data, "setting AUTHID failed: %s\n", gsasl_strerror(res));
+ return CURLE_OUT_OF_MEMORY;
+ }
+#endif
+
+#if GSASL_VERSION_NUMBER >= 0x010b00
+ res =
+#endif
+ gsasl_property_set(gsasl->client, GSASL_PASSWORD, passwdp);
+#if GSASL_VERSION_NUMBER >= 0x010b00
+ if(res != GSASL_OK) {
+ failf(data, "setting PASSWORD failed: %s\n", gsasl_strerror(res));
+ return CURLE_OUT_OF_MEMORY;
+ }
+#endif
+
+ (void)data;
+
+ return CURLE_OK;
+}
+
+CURLcode Curl_auth_gsasl_token(struct Curl_easy *data,
+ const struct bufref *chlg,
+ struct gsasldata *gsasl,
+ struct bufref *out)
+{
+ int res;
+ char *response;
+ size_t outlen;
+
+ res = gsasl_step(gsasl->client,
+ (const char *) Curl_bufref_ptr(chlg), Curl_bufref_len(chlg),
+ &response, &outlen);
+ if(res != GSASL_OK && res != GSASL_NEEDS_MORE) {
+ failf(data, "GSASL step: %s\n", gsasl_strerror(res));
+ return CURLE_BAD_CONTENT_ENCODING;
+ }
+
+ Curl_bufref_set(out, response, outlen, gsasl_free);
+ return CURLE_OK;
+}
+
+void Curl_auth_gsasl_cleanup(struct gsasldata *gsasl)
+{
+ gsasl_finish(gsasl->client);
+ gsasl->client = NULL;
+
+ gsasl_done(gsasl->ctx);
+ gsasl->ctx = NULL;
+}
+#endif
diff --git a/Utilities/cmcurl/lib/vauth/krb5_gssapi.c b/Utilities/cmcurl/lib/vauth/krb5_gssapi.c
index 0412815..b43982b 100644
--- a/Utilities/cmcurl/lib/vauth/krb5_gssapi.c
+++ b/Utilities/cmcurl/lib/vauth/krb5_gssapi.c
@@ -6,7 +6,7 @@
* \___|\___/|_| \_\_____|
*
* Copyright (C) 2014 - 2019, Steve Holme, <steve_holme@hotmail.com>.
- * Copyright (C) 2015 - 2020, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 2015 - 2021, Daniel Stenberg, <daniel@haxx.se>, et al.
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
@@ -32,7 +32,6 @@
#include "vauth/vauth.h"
#include "curl_sasl.h"
#include "urldata.h"
-#include "curl_base64.h"
#include "curl_gssapi.h"
#include "sendf.h"
#include "curl_printf.h"
@@ -70,12 +69,9 @@ bool Curl_auth_is_gssapi_supported(void)
* host [in[ - The host name.
* mutual_auth [in] - Flag specifying whether or not mutual authentication
* is enabled.
- * chlg64 [in] - Pointer to the optional base64 encoded challenge
- * message.
+ * chlg [in] - Optional challenge message.
* krb5 [in/out] - The Kerberos 5 data struct being used and modified.
- * outptr [in/out] - The address where a pointer to newly allocated memory
- * holding the result will be stored upon completion.
- * outlen [out] - The length of the output message.
+ * out [out] - The result storage.
*
* Returns CURLE_OK on success.
*/
@@ -85,13 +81,11 @@ CURLcode Curl_auth_create_gssapi_user_message(struct Curl_easy *data,
const char *service,
const char *host,
const bool mutual_auth,
- const char *chlg64,
+ const struct bufref *chlg,
struct kerberos5data *krb5,
- char **outptr, size_t *outlen)
+ struct bufref *out)
{
CURLcode result = CURLE_OK;
- size_t chlglen = 0;
- unsigned char *chlg = NULL;
OM_uint32 major_status;
OM_uint32 minor_status;
OM_uint32 unused_status;
@@ -127,24 +121,13 @@ CURLcode Curl_auth_create_gssapi_user_message(struct Curl_easy *data,
free(spn);
}
- if(chlg64 && *chlg64) {
- /* Decode the base-64 encoded challenge message */
- if(*chlg64 != '=') {
- result = Curl_base64_decode(chlg64, &chlg, &chlglen);
- if(result)
- return result;
- }
-
- /* Ensure we have a valid challenge message */
- if(!chlg) {
+ if(chlg) {
+ if(!Curl_bufref_len(chlg)) {
infof(data, "GSSAPI handshake failure (empty challenge message)\n");
-
return CURLE_BAD_CONTENT_ENCODING;
}
-
- /* Setup the challenge "input" security buffer */
- input_token.value = chlg;
- input_token.length = chlglen;
+ input_token.value = (void *) Curl_bufref_ptr(chlg);
+ input_token.length = Curl_bufref_len(chlg);
}
major_status = Curl_gss_init_sec_context(data,
@@ -158,9 +141,6 @@ CURLcode Curl_auth_create_gssapi_user_message(struct Curl_easy *data,
mutual_auth,
NULL);
- /* Free the decoded challenge as it is not required anymore */
- free(input_token.value);
-
if(GSS_ERROR(major_status)) {
if(output_token.value)
gss_release_buffer(&unused_status, &output_token);
@@ -172,17 +152,11 @@ CURLcode Curl_auth_create_gssapi_user_message(struct Curl_easy *data,
}
if(output_token.value && output_token.length) {
- /* Base64 encode the response */
- result = Curl_base64_encode(data, (char *) output_token.value,
- output_token.length, outptr, outlen);
-
+ result = Curl_bufref_memdup(out, output_token.value, output_token.length);
gss_release_buffer(&unused_status, &output_token);
}
- else if(mutual_auth) {
- *outptr = strdup("");
- if(!*outptr)
- result = CURLE_OUT_OF_MEMORY;
- }
+ else
+ Curl_bufref_set(out, mutual_auth? "": NULL, 0, NULL);
return result;
}
@@ -196,24 +170,19 @@ CURLcode Curl_auth_create_gssapi_user_message(struct Curl_easy *data,
* Parameters:
*
* data [in] - The session handle.
- * chlg64 [in] - Pointer to the optional base64 encoded challenge message.
+ * chlg [in] - Optional challenge message.
* krb5 [in/out] - The Kerberos 5 data struct being used and modified.
- * outptr [in/out] - The address where a pointer to newly allocated memory
- * holding the result will be stored upon completion.
- * outlen [out] - The length of the output message.
+ * out [out] - The result storage.
*
* Returns CURLE_OK on success.
*/
CURLcode Curl_auth_create_gssapi_security_message(struct Curl_easy *data,
- const char *chlg64,
+ const struct bufref *chlg,
struct kerberos5data *krb5,
- char **outptr,
- size_t *outlen)
+ struct bufref *out)
{
CURLcode result = CURLE_OK;
- size_t chlglen = 0;
size_t messagelen = 0;
- unsigned char *chlg = NULL;
unsigned char *message = NULL;
OM_uint32 major_status;
OM_uint32 minor_status;
@@ -228,17 +197,9 @@ CURLcode Curl_auth_create_gssapi_security_message(struct Curl_easy *data,
gss_name_t username = GSS_C_NO_NAME;
gss_buffer_desc username_token;
- /* Decode the base-64 encoded input message */
- if(strlen(chlg64) && *chlg64 != '=') {
- result = Curl_base64_decode(chlg64, &chlg, &chlglen);
- if(result)
- return result;
- }
-
/* Ensure we have a valid challenge message */
- if(!chlg) {
+ if(!Curl_bufref_len(chlg)) {
infof(data, "GSSAPI handshake failure (empty security message)\n");
-
return CURLE_BAD_CONTENT_ENCODING;
}
@@ -249,9 +210,6 @@ CURLcode Curl_auth_create_gssapi_security_message(struct Curl_easy *data,
if(GSS_ERROR(major_status)) {
Curl_gss_log_error(data, "gss_inquire_context() failed: ",
major_status, minor_status);
-
- free(chlg);
-
return CURLE_AUTH_ERROR;
}
@@ -261,15 +219,12 @@ CURLcode Curl_auth_create_gssapi_security_message(struct Curl_easy *data,
if(GSS_ERROR(major_status)) {
Curl_gss_log_error(data, "gss_display_name() failed: ",
major_status, minor_status);
-
- free(chlg);
-
return CURLE_AUTH_ERROR;
}
/* Setup the challenge "input" security buffer */
- input_token.value = chlg;
- input_token.length = chlglen;
+ input_token.value = (void *) Curl_bufref_ptr(chlg);
+ input_token.length = Curl_bufref_len(chlg);
/* Decrypt the inbound challenge and obtain the qop */
major_status = gss_unwrap(&minor_status, krb5->context, &input_token,
@@ -277,27 +232,20 @@ CURLcode Curl_auth_create_gssapi_security_message(struct Curl_easy *data,
if(GSS_ERROR(major_status)) {
Curl_gss_log_error(data, "gss_unwrap() failed: ",
major_status, minor_status);
-
gss_release_buffer(&unused_status, &username_token);
- free(chlg);
-
return CURLE_BAD_CONTENT_ENCODING;
}
/* Not 4 octets long so fail as per RFC4752 Section 3.1 */
if(output_token.length != 4) {
infof(data, "GSSAPI handshake failure (invalid security data)\n");
-
gss_release_buffer(&unused_status, &username_token);
- free(chlg);
-
return CURLE_BAD_CONTENT_ENCODING;
}
/* Copy the data out and free the challenge as it is not required anymore */
memcpy(&indata, output_token.value, 4);
gss_release_buffer(&unused_status, &output_token);
- free(chlg);
/* Extract the security layer */
sec_layer = indata & 0x000000FF;
@@ -305,7 +253,6 @@ CURLcode Curl_auth_create_gssapi_security_message(struct Curl_easy *data,
infof(data, "GSSAPI handshake failure (invalid security layer)\n");
gss_release_buffer(&unused_status, &username_token);
-
return CURLE_BAD_CONTENT_ENCODING;
}
@@ -323,7 +270,6 @@ CURLcode Curl_auth_create_gssapi_security_message(struct Curl_easy *data,
message = malloc(messagelen);
if(!message) {
gss_release_buffer(&unused_status, &username_token);
-
return CURLE_OUT_OF_MEMORY;
}
@@ -352,16 +298,12 @@ CURLcode Curl_auth_create_gssapi_security_message(struct Curl_easy *data,
if(GSS_ERROR(major_status)) {
Curl_gss_log_error(data, "gss_wrap() failed: ",
major_status, minor_status);
-
free(message);
-
return CURLE_AUTH_ERROR;
}
- /* Base64 encode the response */
- result = Curl_base64_encode(data, (char *) output_token.value,
- output_token.length, outptr, outlen);
-
+ /* Return the response. */
+ result = Curl_bufref_memdup(out, output_token.value, output_token.length);
/* Free the output buffer */
gss_release_buffer(&unused_status, &output_token);
diff --git a/Utilities/cmcurl/lib/vauth/krb5_sspi.c b/Utilities/cmcurl/lib/vauth/krb5_sspi.c
index b2d1635..e110644 100644
--- a/Utilities/cmcurl/lib/vauth/krb5_sspi.c
+++ b/Utilities/cmcurl/lib/vauth/krb5_sspi.c
@@ -5,7 +5,7 @@
* | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____|
*
- * Copyright (C) 2014 - 2020, Steve Holme, <steve_holme@hotmail.com>.
+ * Copyright (C) 2014 - 2021, Steve Holme, <steve_holme@hotmail.com>.
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
@@ -30,7 +30,6 @@
#include "vauth/vauth.h"
#include "urldata.h"
-#include "curl_base64.h"
#include "warnless.h"
#include "curl_multibyte.h"
#include "sendf.h"
@@ -81,11 +80,9 @@ bool Curl_auth_is_gssapi_supported(void)
* host [in] - The host name.
* mutual_auth [in] - Flag specifying whether or not mutual authentication
* is enabled.
- * chlg64 [in] - The optional base64 encoded challenge message.
+ * chlg [in] - Optional challenge message.
* krb5 [in/out] - The Kerberos 5 data struct being used and modified.
- * outptr [in/out] - The address where a pointer to newly allocated memory
- * holding the result will be stored upon completion.
- * outlen [out] - The length of the output message.
+ * out [out] - The result storage.
*
* Returns CURLE_OK on success.
*/
@@ -95,13 +92,11 @@ CURLcode Curl_auth_create_gssapi_user_message(struct Curl_easy *data,
const char *service,
const char *host,
const bool mutual_auth,
- const char *chlg64,
+ const struct bufref *chlg,
struct kerberos5data *krb5,
- char **outptr, size_t *outlen)
+ struct bufref *out)
{
CURLcode result = CURLE_OK;
- size_t chlglen = 0;
- unsigned char *chlg = NULL;
CtxtHandle context;
PSecPkgInfo SecurityPackage;
SecBuffer chlg_buf;
@@ -176,18 +171,9 @@ CURLcode Curl_auth_create_gssapi_user_message(struct Curl_easy *data,
return CURLE_OUT_OF_MEMORY;
}
- if(chlg64 && *chlg64) {
- /* Decode the base-64 encoded challenge message */
- if(*chlg64 != '=') {
- result = Curl_base64_decode(chlg64, &chlg, &chlglen);
- if(result)
- return result;
- }
-
- /* Ensure we have a valid challenge message */
- if(!chlg) {
+ if(chlg) {
+ if(!Curl_bufref_len(chlg)) {
infof(data, "GSSAPI handshake failure (empty challenge message)\n");
-
return CURLE_BAD_CONTENT_ENCODING;
}
@@ -196,8 +182,8 @@ CURLcode Curl_auth_create_gssapi_user_message(struct Curl_easy *data,
chlg_desc.cBuffers = 1;
chlg_desc.pBuffers = &chlg_buf;
chlg_buf.BufferType = SECBUFFER_TOKEN;
- chlg_buf.pvBuffer = chlg;
- chlg_buf.cbBuffer = curlx_uztoul(chlglen);
+ chlg_buf.pvBuffer = (void *) Curl_bufref_ptr(chlg);
+ chlg_buf.cbBuffer = curlx_uztoul(Curl_bufref_len(chlg));
}
/* Setup the response "output" security buffer */
@@ -220,16 +206,11 @@ CURLcode Curl_auth_create_gssapi_user_message(struct Curl_easy *data,
&resp_desc, &attrs,
&expiry);
- /* Free the decoded challenge as it is not required anymore */
- free(chlg);
-
- if(status == SEC_E_INSUFFICIENT_MEMORY) {
+ if(status == SEC_E_INSUFFICIENT_MEMORY)
return CURLE_OUT_OF_MEMORY;
- }
- if(status != SEC_E_OK && status != SEC_I_CONTINUE_NEEDED) {
+ if(status != SEC_E_OK && status != SEC_I_CONTINUE_NEEDED)
return CURLE_AUTH_ERROR;
- }
if(memcmp(&context, krb5->context, sizeof(context))) {
s_pSecFn->DeleteSecurityContext(krb5->context);
@@ -238,15 +219,12 @@ CURLcode Curl_auth_create_gssapi_user_message(struct Curl_easy *data,
}
if(resp_buf.cbBuffer) {
- /* Base64 encode the response */
- result = Curl_base64_encode(data, (char *) resp_buf.pvBuffer,
- resp_buf.cbBuffer, outptr, outlen);
- }
- else if(mutual_auth) {
- *outptr = strdup("");
- if(!*outptr)
- result = CURLE_OUT_OF_MEMORY;
+ result = Curl_bufref_memdup(out, resp_buf.pvBuffer, resp_buf.cbBuffer);
}
+ else if(mutual_auth)
+ Curl_bufref_set(out, "", 0, NULL);
+ else
+ Curl_bufref_set(out, NULL, 0, NULL);
return result;
}
@@ -260,26 +238,20 @@ CURLcode Curl_auth_create_gssapi_user_message(struct Curl_easy *data,
* Parameters:
*
* data [in] - The session handle.
- * chlg64 [in] - The optional base64 encoded challenge message.
+ * chlg [in] - The optional challenge message.
* krb5 [in/out] - The Kerberos 5 data struct being used and modified.
- * outptr [in/out] - The address where a pointer to newly allocated memory
- * holding the result will be stored upon completion.
- * outlen [out] - The length of the output message.
+ * out [out] - The result storage.
*
* Returns CURLE_OK on success.
*/
CURLcode Curl_auth_create_gssapi_security_message(struct Curl_easy *data,
- const char *chlg64,
+ const struct bufref *chlg,
struct kerberos5data *krb5,
- char **outptr,
- size_t *outlen)
+ struct bufref *out)
{
- CURLcode result = CURLE_OK;
size_t offset = 0;
- size_t chlglen = 0;
size_t messagelen = 0;
size_t appdatalen = 0;
- unsigned char *chlg = NULL;
unsigned char *trailer = NULL;
unsigned char *message = NULL;
unsigned char *padding = NULL;
@@ -298,17 +270,9 @@ CURLcode Curl_auth_create_gssapi_security_message(struct Curl_easy *data,
SECURITY_STATUS status;
char *user_name;
- /* Decode the base-64 encoded input message */
- if(strlen(chlg64) && *chlg64 != '=') {
- result = Curl_base64_decode(chlg64, &chlg, &chlglen);
- if(result)
- return result;
- }
-
/* Ensure we have a valid challenge message */
- if(!chlg) {
+ if(!Curl_bufref_len(chlg)) {
infof(data, "GSSAPI handshake failure (empty security message)\n");
-
return CURLE_BAD_CONTENT_ENCODING;
}
@@ -316,35 +280,31 @@ CURLcode Curl_auth_create_gssapi_security_message(struct Curl_easy *data,
status = s_pSecFn->QueryContextAttributes(krb5->context,
SECPKG_ATTR_SIZES,
&sizes);
- if(status != SEC_E_OK) {
- free(chlg);
- if(status == SEC_E_INSUFFICIENT_MEMORY)
- return CURLE_OUT_OF_MEMORY;
+ if(status == SEC_E_INSUFFICIENT_MEMORY)
+ return CURLE_OUT_OF_MEMORY;
+ if(status != SEC_E_OK)
return CURLE_AUTH_ERROR;
- }
/* Get the fully qualified username back from the context */
status = s_pSecFn->QueryCredentialsAttributes(krb5->credentials,
SECPKG_CRED_ATTR_NAMES,
&names);
- if(status != SEC_E_OK) {
- free(chlg);
- if(status == SEC_E_INSUFFICIENT_MEMORY)
- return CURLE_OUT_OF_MEMORY;
+ if(status == SEC_E_INSUFFICIENT_MEMORY)
+ return CURLE_OUT_OF_MEMORY;
+ if(status != SEC_E_OK)
return CURLE_AUTH_ERROR;
- }
/* Setup the "input" security buffer */
input_desc.ulVersion = SECBUFFER_VERSION;
input_desc.cBuffers = 2;
input_desc.pBuffers = input_buf;
input_buf[0].BufferType = SECBUFFER_STREAM;
- input_buf[0].pvBuffer = chlg;
- input_buf[0].cbBuffer = curlx_uztoul(chlglen);
+ input_buf[0].pvBuffer = (void *) Curl_bufref_ptr(chlg);
+ input_buf[0].cbBuffer = curlx_uztoul(Curl_bufref_len(chlg));
input_buf[1].BufferType = SECBUFFER_DATA;
input_buf[1].pvBuffer = NULL;
input_buf[1].cbBuffer = 0;
@@ -353,31 +313,23 @@ CURLcode Curl_auth_create_gssapi_security_message(struct Curl_easy *data,
status = s_pSecFn->DecryptMessage(krb5->context, &input_desc, 0, &qop);
if(status != SEC_E_OK) {
infof(data, "GSSAPI handshake failure (empty security message)\n");
-
- free(chlg);
-
return CURLE_BAD_CONTENT_ENCODING;
}
/* Not 4 octets long so fail as per RFC4752 Section 3.1 */
if(input_buf[1].cbBuffer != 4) {
infof(data, "GSSAPI handshake failure (invalid security data)\n");
-
- free(chlg);
-
return CURLE_BAD_CONTENT_ENCODING;
}
/* Copy the data out and free the challenge as it is not required anymore */
memcpy(&indata, input_buf[1].pvBuffer, 4);
s_pSecFn->FreeContextBuffer(input_buf[1].pvBuffer);
- free(chlg);
/* Extract the security layer */
sec_layer = indata & 0x000000FF;
if(!(sec_layer & KERB_WRAP_NO_ENCRYPT)) {
infof(data, "GSSAPI handshake failure (invalid security layer)\n");
-
return CURLE_BAD_CONTENT_ENCODING;
}
@@ -479,17 +431,14 @@ CURLcode Curl_auth_create_gssapi_security_message(struct Curl_easy *data,
offset += wrap_buf[1].cbBuffer;
memcpy(appdata + offset, wrap_buf[2].pvBuffer, wrap_buf[2].cbBuffer);
- /* Base64 encode the response */
- result = Curl_base64_encode(data, (char *) appdata, appdatalen, outptr,
- outlen);
-
/* Free all of our local buffers */
- free(appdata);
free(padding);
free(message);
free(trailer);
- return result;
+ /* Return the response. */
+ Curl_bufref_set(out, appdata, appdatalen, curl_free);
+ return CURLE_OK;
}
/*
diff --git a/Utilities/cmcurl/lib/vauth/ntlm.c b/Utilities/cmcurl/lib/vauth/ntlm.c
index a3117f3..47e5357 100644
--- a/Utilities/cmcurl/lib/vauth/ntlm.c
+++ b/Utilities/cmcurl/lib/vauth/ntlm.c
@@ -5,7 +5,7 @@
* | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____|
*
- * Copyright (C) 1998 - 2020, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2021, Daniel Stenberg, <daniel@haxx.se>, et al.
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
@@ -36,7 +36,6 @@
#include "urldata.h"
#include "non-ascii.h"
#include "sendf.h"
-#include "curl_base64.h"
#include "curl_ntlm_core.h"
#include "curl_gethostname.h"
#include "curl_multibyte.h"
@@ -64,10 +63,6 @@
/* "NTLMSSP" signature is always in ASCII regardless of the platform */
#define NTLMSSP_SIGNATURE "\x4e\x54\x4c\x4d\x53\x53\x50"
-#define SHORTPAIR(x) ((int)((x) & 0xff)), ((int)(((x) >> 8) & 0xff))
-#define LONGQUARTET(x) ((int)((x) & 0xff)), ((int)(((x) >> 8) & 0xff)), \
- ((int)(((x) >> 16) & 0xff)), ((int)(((x) >> 24) & 0xff))
-
#if DEBUG_ME
# define DEBUG_OUT(x) x
static void ntlm_print_flags(FILE *handle, unsigned long flags)
@@ -161,31 +156,31 @@ static void ntlm_print_hex(FILE *handle, const char *buf, size_t len)
* Parameters:
*
* data [in] - The session handle.
- * buffer [in] - The decoded type-2 message.
- * size [in] - The input buffer size, at least 32 bytes.
+ * type2ref [in] - The type-2 message.
* ntlm [in/out] - The NTLM data struct being used and modified.
*
* Returns CURLE_OK on success.
*/
static CURLcode ntlm_decode_type2_target(struct Curl_easy *data,
- unsigned char *buffer,
- size_t size,
+ const struct bufref *type2ref,
struct ntlmdata *ntlm)
{
unsigned short target_info_len = 0;
unsigned int target_info_offset = 0;
+ const unsigned char *type2 = Curl_bufref_ptr(type2ref);
+ size_t type2len = Curl_bufref_len(type2ref);
#if defined(CURL_DISABLE_VERBOSE_STRINGS)
(void) data;
#endif
- if(size >= 48) {
- target_info_len = Curl_read16_le(&buffer[40]);
- target_info_offset = Curl_read32_le(&buffer[44]);
+ if(type2len >= 48) {
+ target_info_len = Curl_read16_le(&type2[40]);
+ target_info_offset = Curl_read32_le(&type2[44]);
if(target_info_len > 0) {
- if((target_info_offset >= size) ||
- ((target_info_offset + target_info_len) > size) ||
- (target_info_offset < 48)) {
+ if((target_info_offset > type2len) ||
+ (target_info_offset + target_info_len) > type2len ||
+ target_info_offset < 48) {
infof(data, "NTLM handshake failure (bad type-2 message). "
"Target Info Offset Len is set incorrect by the peer\n");
return CURLE_BAD_CONTENT_ENCODING;
@@ -196,7 +191,7 @@ static CURLcode ntlm_decode_type2_target(struct Curl_easy *data,
if(!ntlm->target_info)
return CURLE_OUT_OF_MEMORY;
- memcpy(ntlm->target_info, &buffer[target_info_offset], target_info_len);
+ memcpy(ntlm->target_info, &type2[target_info_offset], target_info_len);
}
}
@@ -238,21 +233,20 @@ bool Curl_auth_is_ntlm_supported(void)
/*
* Curl_auth_decode_ntlm_type2_message()
*
- * This is used to decode an already encoded NTLM type-2 message. The message
- * is first decoded from a base64 string into a raw NTLM message and checked
- * for validity before the appropriate data for creating a type-3 message is
- * written to the given NTLM data structure.
+ * This is used to decode an NTLM type-2 message. The raw NTLM message is
+ * checked * for validity before the appropriate data for creating a type-3
+ * message is * written to the given NTLM data structure.
*
* Parameters:
*
* data [in] - The session handle.
- * type2msg [in] - The base64 encoded type-2 message.
+ * type2ref [in] - The type-2 message.
* ntlm [in/out] - The NTLM data struct being used and modified.
*
* Returns CURLE_OK on success.
*/
CURLcode Curl_auth_decode_ntlm_type2_message(struct Curl_easy *data,
- const char *type2msg,
+ const struct bufref *type2ref,
struct ntlmdata *ntlm)
{
static const char type2_marker[] = { 0x02, 0x00, 0x00, 0x00 };
@@ -274,8 +268,8 @@ CURLcode Curl_auth_decode_ntlm_type2_message(struct Curl_easy *data,
*/
CURLcode result = CURLE_OK;
- unsigned char *type2 = NULL;
- size_t type2_len = 0;
+ const unsigned char *type2 = Curl_bufref_ptr(type2ref);
+ size_t type2len = Curl_bufref_len(type2ref);
#if defined(NTLM_NEEDS_NSS_INIT)
/* Make sure the crypto backend is initialized */
@@ -286,26 +280,12 @@ CURLcode Curl_auth_decode_ntlm_type2_message(struct Curl_easy *data,
(void)data;
#endif
- /* Decode the base-64 encoded type-2 message */
- if(strlen(type2msg) && *type2msg != '=') {
- result = Curl_base64_decode(type2msg, &type2, &type2_len);
- if(result)
- return result;
- }
-
- /* Ensure we have a valid type-2 message */
- if(!type2) {
- infof(data, "NTLM handshake failure (empty type-2 message)\n");
- return CURLE_BAD_CONTENT_ENCODING;
- }
-
ntlm->flags = 0;
- if((type2_len < 32) ||
+ if((type2len < 32) ||
(memcmp(type2, NTLMSSP_SIGNATURE, 8) != 0) ||
(memcmp(type2 + 8, type2_marker, sizeof(type2_marker)) != 0)) {
/* This was not a good enough type-2 message */
- free(type2);
infof(data, "NTLM handshake failure (bad type-2 message)\n");
return CURLE_BAD_CONTENT_ENCODING;
}
@@ -314,9 +294,8 @@ CURLcode Curl_auth_decode_ntlm_type2_message(struct Curl_easy *data,
memcpy(ntlm->nonce, &type2[24], 8);
if(ntlm->flags & NTLMFLAG_NEGOTIATE_TARGET_INFO) {
- result = ntlm_decode_type2_target(data, type2, type2_len, ntlm);
+ result = ntlm_decode_type2_target(data, type2ref, ntlm);
if(result) {
- free(type2);
infof(data, "NTLM handshake failure (bad type-2 message)\n");
return result;
}
@@ -331,8 +310,6 @@ CURLcode Curl_auth_decode_ntlm_type2_message(struct Curl_easy *data,
fprintf(stderr, "**** Header %s\n ", header);
});
- free(type2);
-
return result;
}
@@ -350,8 +327,8 @@ static void unicodecpy(unsigned char *dest, const char *src, size_t length)
/*
* Curl_auth_create_ntlm_type1_message()
*
- * This is used to generate an already encoded NTLM type-1 message ready for
- * sending to the recipient using the appropriate compile time crypto API.
+ * This is used to generate an NTLM type-1 message ready for sending to the
+ * recipient using the appropriate compile time crypto API.
*
* Parameters:
*
@@ -361,9 +338,7 @@ static void unicodecpy(unsigned char *dest, const char *src, size_t length)
* service [in] - The service type such as http, smtp, pop or imap.
* host [in] - The host name.
* ntlm [in/out] - The NTLM data struct being used and modified.
- * outptr [in/out] - The address where a pointer to newly allocated memory
- * holding the result will be stored upon completion.
- * outlen [out] - The length of the output message.
+ * out [out] - The result storage.
*
* Returns CURLE_OK on success.
*/
@@ -373,7 +348,7 @@ CURLcode Curl_auth_create_ntlm_type1_message(struct Curl_easy *data,
const char *service,
const char *hostname,
struct ntlmdata *ntlm,
- char **outptr, size_t *outlen)
+ struct bufref *out)
{
/* NTLM type-1 message structure:
@@ -391,7 +366,7 @@ CURLcode Curl_auth_create_ntlm_type1_message(struct Curl_easy *data,
size_t size;
- unsigned char ntlmbuf[NTLM_BUFSIZE];
+ char *ntlmbuf;
const char *host = ""; /* empty */
const char *domain = ""; /* empty */
size_t hostlen = 0;
@@ -399,6 +374,7 @@ CURLcode Curl_auth_create_ntlm_type1_message(struct Curl_easy *data,
size_t hostoff = 0;
size_t domoff = hostoff + hostlen; /* This is 0: remember that host and
domain are empty */
+ (void)data;
(void)userp;
(void)passwdp;
(void)service,
@@ -407,43 +383,46 @@ CURLcode Curl_auth_create_ntlm_type1_message(struct Curl_easy *data,
/* Clean up any former leftovers and initialise to defaults */
Curl_auth_cleanup_ntlm(ntlm);
-#if defined(USE_NTRESPONSES) && defined(USE_NTLM2SESSION)
+#if defined(USE_NTRESPONSES) && \
+ (defined(USE_NTLM2SESSION) || defined(USE_NTLM_V2))
#define NTLM2FLAG NTLMFLAG_NEGOTIATE_NTLM2_KEY
#else
#define NTLM2FLAG 0
#endif
- msnprintf((char *)ntlmbuf, NTLM_BUFSIZE,
- NTLMSSP_SIGNATURE "%c"
- "\x01%c%c%c" /* 32-bit type = 1 */
- "%c%c%c%c" /* 32-bit NTLM flag field */
- "%c%c" /* domain length */
- "%c%c" /* domain allocated space */
- "%c%c" /* domain name offset */
- "%c%c" /* 2 zeroes */
- "%c%c" /* host length */
- "%c%c" /* host allocated space */
- "%c%c" /* host name offset */
- "%c%c" /* 2 zeroes */
- "%s" /* host name */
- "%s", /* domain string */
- 0, /* trailing zero */
- 0, 0, 0, /* part of type-1 long */
-
- LONGQUARTET(NTLMFLAG_NEGOTIATE_OEM |
- NTLMFLAG_REQUEST_TARGET |
- NTLMFLAG_NEGOTIATE_NTLM_KEY |
- NTLM2FLAG |
- NTLMFLAG_NEGOTIATE_ALWAYS_SIGN),
- SHORTPAIR(domlen),
- SHORTPAIR(domlen),
- SHORTPAIR(domoff),
- 0, 0,
- SHORTPAIR(hostlen),
- SHORTPAIR(hostlen),
- SHORTPAIR(hostoff),
- 0, 0,
- host, /* this is empty */
- domain /* this is empty */);
+ ntlmbuf = aprintf(NTLMSSP_SIGNATURE "%c"
+ "\x01%c%c%c" /* 32-bit type = 1 */
+ "%c%c%c%c" /* 32-bit NTLM flag field */
+ "%c%c" /* domain length */
+ "%c%c" /* domain allocated space */
+ "%c%c" /* domain name offset */
+ "%c%c" /* 2 zeroes */
+ "%c%c" /* host length */
+ "%c%c" /* host allocated space */
+ "%c%c" /* host name offset */
+ "%c%c" /* 2 zeroes */
+ "%s" /* host name */
+ "%s", /* domain string */
+ 0, /* trailing zero */
+ 0, 0, 0, /* part of type-1 long */
+
+ LONGQUARTET(NTLMFLAG_NEGOTIATE_OEM |
+ NTLMFLAG_REQUEST_TARGET |
+ NTLMFLAG_NEGOTIATE_NTLM_KEY |
+ NTLM2FLAG |
+ NTLMFLAG_NEGOTIATE_ALWAYS_SIGN),
+ SHORTPAIR(domlen),
+ SHORTPAIR(domlen),
+ SHORTPAIR(domoff),
+ 0, 0,
+ SHORTPAIR(hostlen),
+ SHORTPAIR(hostlen),
+ SHORTPAIR(hostoff),
+ 0, 0,
+ host, /* this is empty */
+ domain /* this is empty */);
+
+ if(!ntlmbuf)
+ return CURLE_OUT_OF_MEMORY;
/* Initial packet length */
size = 32 + hostlen + domlen;
@@ -470,8 +449,8 @@ CURLcode Curl_auth_create_ntlm_type1_message(struct Curl_easy *data,
fprintf(stderr, "\n****\n");
});
- /* Return with binary blob encoded into base64 */
- return Curl_base64_encode(data, (char *)ntlmbuf, size, outptr, outlen);
+ Curl_bufref_set(out, ntlmbuf, size, curl_free);
+ return CURLE_OK;
}
/*
@@ -486,9 +465,7 @@ CURLcode Curl_auth_create_ntlm_type1_message(struct Curl_easy *data,
* userp [in] - The user name in the format User or Domain\User.
* passwdp [in] - The user's password.
* ntlm [in/out] - The NTLM data struct being used and modified.
- * outptr [in/out] - The address where a pointer to newly allocated memory
- * holding the result will be stored upon completion.
- * outlen [out] - The length of the output message.
+ * out [out] - The result storage.
*
* Returns CURLE_OK on success.
*/
@@ -496,7 +473,7 @@ CURLcode Curl_auth_create_ntlm_type3_message(struct Curl_easy *data,
const char *userp,
const char *passwdp,
struct ntlmdata *ntlm,
- char **outptr, size_t *outlen)
+ struct bufref *out)
{
/* NTLM type-3 message structure:
@@ -563,12 +540,20 @@ CURLcode Curl_auth_create_ntlm_type3_message(struct Curl_easy *data,
hostlen = strlen(host);
}
-#if defined(USE_NTRESPONSES) && defined(USE_NTLM_V2)
+#if defined(USE_NTRESPONSES) && \
+ (defined(USE_NTLM2SESSION) || defined(USE_NTLM_V2))
+ /* We don't support NTLM2 or extended security if we don't have
+ USE_NTRESPONSES */
if(ntlm->flags & NTLMFLAG_NEGOTIATE_NTLM2_KEY) {
+# if defined(USE_NTLM_V2)
unsigned char ntbuffer[0x18];
unsigned char entropy[8];
unsigned char ntlmv2hash[0x18];
+ /* Full NTLM version 2
+ Although this cannot be negotiated, it is used here if available, as
+ servers featuring extended security are likely supporting also
+ NTLMv2. */
result = Curl_rand(data, entropy, 8);
if(result)
return result;
@@ -595,21 +580,14 @@ CURLcode Curl_auth_create_ntlm_type3_message(struct Curl_easy *data,
return result;
ptr_ntresp = ntlmv2resp;
- }
- else
-#endif
-
-#if defined(USE_NTRESPONSES) && defined(USE_NTLM2SESSION)
-
-#define CURL_MD5_DIGEST_LENGTH 16 /* fixed size */
-
- /* We don't support NTLM2 if we don't have USE_NTRESPONSES */
- if(ntlm->flags & NTLMFLAG_NEGOTIATE_NTLM_KEY) {
+# else /* defined(USE_NTLM_V2) */
unsigned char ntbuffer[0x18];
unsigned char tmp[0x18];
- unsigned char md5sum[CURL_MD5_DIGEST_LENGTH];
+ unsigned char md5sum[MD5_DIGEST_LEN];
unsigned char entropy[8];
+ /* NTLM version 1 with extended security. */
+
/* Need to create 8 bytes random data */
result = Curl_rand(data, entropy, 8);
if(result)
@@ -639,6 +617,7 @@ CURLcode Curl_auth_create_ntlm_type3_message(struct Curl_easy *data,
/* NTLM v2 session security is a misnomer because it is not NTLM v2.
It is NTLM v1 using the extended session security that is also
in NTLM v2 */
+# endif /* defined(USE_NTLM_V2) */
}
else
#endif
@@ -649,6 +628,8 @@ CURLcode Curl_auth_create_ntlm_type3_message(struct Curl_easy *data,
#endif
unsigned char lmbuffer[0x18];
+ /* NTLM version 1 */
+
#ifdef USE_NTRESPONSES
result = Curl_ntlm_core_mk_nt_hash(data, passwdp, ntbuffer);
if(result)
@@ -662,6 +643,7 @@ CURLcode Curl_auth_create_ntlm_type3_message(struct Curl_easy *data,
return result;
Curl_ntlm_core_lm_resp(lmbuffer, &ntlm->nonce[0], lmresp);
+ ntlm->flags &= ~NTLMFLAG_NEGOTIATE_NTLM2_KEY;
/* A safer but less compatible alternative is:
* Curl_ntlm_core_lm_resp(ntbuffer, &ntlm->nonce[0], lmresp);
@@ -845,8 +827,8 @@ CURLcode Curl_auth_create_ntlm_type3_message(struct Curl_easy *data,
if(result)
return CURLE_CONV_FAILED;
- /* Return with binary blob encoded into base64 */
- result = Curl_base64_encode(data, (char *)ntlmbuf, size, outptr, outlen);
+ /* Return the binary blob. */
+ result = Curl_bufref_memdup(out, ntlmbuf, size);
Curl_auth_cleanup_ntlm(ntlm);
diff --git a/Utilities/cmcurl/lib/vauth/ntlm_sspi.c b/Utilities/cmcurl/lib/vauth/ntlm_sspi.c
index 07dc973..1b1a176 100644
--- a/Utilities/cmcurl/lib/vauth/ntlm_sspi.c
+++ b/Utilities/cmcurl/lib/vauth/ntlm_sspi.c
@@ -5,7 +5,7 @@
* | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____|
*
- * Copyright (C) 1998 - 2020, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2021, Daniel Stenberg, <daniel@haxx.se>, et al.
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
@@ -28,7 +28,6 @@
#include "vauth/vauth.h"
#include "urldata.h"
-#include "curl_base64.h"
#include "curl_ntlm_core.h"
#include "warnless.h"
#include "curl_multibyte.h"
@@ -78,9 +77,7 @@ bool Curl_auth_is_ntlm_supported(void)
* service [in] - The service type such as http, smtp, pop or imap.
* host [in] - The host name.
* ntlm [in/out] - The NTLM data struct being used and modified.
- * outptr [in/out] - The address where a pointer to newly allocated memory
- * holding the result will be stored upon completion.
- * outlen [out] - The length of the output message.
+ * out [out] - The result storage.
*
* Returns CURLE_OK on success.
*/
@@ -90,7 +87,7 @@ CURLcode Curl_auth_create_ntlm_type1_message(struct Curl_easy *data,
const char *service,
const char *host,
struct ntlmdata *ntlm,
- char **outptr, size_t *outlen)
+ struct bufref *out)
{
PSecPkgInfo SecurityPackage;
SecBuffer type_1_buf;
@@ -181,9 +178,9 @@ CURLcode Curl_auth_create_ntlm_type1_message(struct Curl_easy *data,
else if(status != SEC_E_OK && status != SEC_I_CONTINUE_NEEDED)
return CURLE_AUTH_ERROR;
- /* Base64 encode the response */
- return Curl_base64_encode(data, (char *) ntlm->output_token,
- type_1_buf.cbBuffer, outptr, outlen);
+ /* Return the response. */
+ Curl_bufref_set(out, ntlm->output_token, type_1_buf.cbBuffer, NULL);
+ return CURLE_OK;
}
/*
@@ -194,42 +191,34 @@ CURLcode Curl_auth_create_ntlm_type1_message(struct Curl_easy *data,
* Parameters:
*
* data [in] - The session handle.
- * type2msg [in] - The base64 encoded type-2 message.
+ * type2 [in] - The type-2 message.
* ntlm [in/out] - The NTLM data struct being used and modified.
*
* Returns CURLE_OK on success.
*/
CURLcode Curl_auth_decode_ntlm_type2_message(struct Curl_easy *data,
- const char *type2msg,
+ const struct bufref *type2,
struct ntlmdata *ntlm)
{
- CURLcode result = CURLE_OK;
- unsigned char *type2 = NULL;
- size_t type2_len = 0;
-
#if defined(CURL_DISABLE_VERBOSE_STRINGS)
(void) data;
#endif
- /* Decode the base-64 encoded type-2 message */
- if(strlen(type2msg) && *type2msg != '=') {
- result = Curl_base64_decode(type2msg, &type2, &type2_len);
- if(result)
- return result;
- }
-
/* Ensure we have a valid type-2 message */
- if(!type2) {
+ if(!Curl_bufref_len(type2)) {
infof(data, "NTLM handshake failure (empty type-2 message)\n");
-
return CURLE_BAD_CONTENT_ENCODING;
}
- /* Simply store the challenge for use later */
- ntlm->input_token = type2;
- ntlm->input_token_len = type2_len;
+ /* Store the challenge for later use */
+ ntlm->input_token = malloc(Curl_bufref_len(type2) + 1);
+ if(!ntlm->input_token)
+ return CURLE_OUT_OF_MEMORY;
+ memcpy(ntlm->input_token, Curl_bufref_ptr(type2), Curl_bufref_len(type2));
+ ntlm->input_token[Curl_bufref_len(type2)] = '\0';
+ ntlm->input_token_len = Curl_bufref_len(type2);
- return result;
+ return CURLE_OK;
}
/*
@@ -245,9 +234,7 @@ CURLcode Curl_auth_decode_ntlm_type2_message(struct Curl_easy *data,
* userp [in] - The user name in the format User or Domain\User.
* passwdp [in] - The user's password.
* ntlm [in/out] - The NTLM data struct being used and modified.
- * outptr [in/out] - The address where a pointer to newly allocated memory
- * holding the result will be stored upon completion.
- * outlen [out] - The length of the output message.
+ * out [out] - The result storage.
*
* Returns CURLE_OK on success.
*/
@@ -255,7 +242,7 @@ CURLcode Curl_auth_create_ntlm_type3_message(struct Curl_easy *data,
const char *userp,
const char *passwdp,
struct ntlmdata *ntlm,
- char **outptr, size_t *outlen)
+ struct bufref *out)
{
CURLcode result = CURLE_OK;
SecBuffer type_2_bufs[2];
@@ -331,12 +318,9 @@ CURLcode Curl_auth_create_ntlm_type3_message(struct Curl_easy *data,
return CURLE_AUTH_ERROR;
}
- /* Base64 encode the response */
- result = Curl_base64_encode(data, (char *) ntlm->output_token,
- type_3_buf.cbBuffer, outptr, outlen);
-
+ /* Return the response. */
+ result = Curl_bufref_memdup(out, ntlm->output_token, type_3_buf.cbBuffer);
Curl_auth_cleanup_ntlm(ntlm);
-
return result;
}
diff --git a/Utilities/cmcurl/lib/vauth/oauth2.c b/Utilities/cmcurl/lib/vauth/oauth2.c
index ca5842a..a5f16a0 100644
--- a/Utilities/cmcurl/lib/vauth/oauth2.c
+++ b/Utilities/cmcurl/lib/vauth/oauth2.c
@@ -5,7 +5,7 @@
* | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____|
*
- * Copyright (C) 1998 - 2020, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2021, Daniel Stenberg, <daniel@haxx.se>, et al.
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
@@ -31,7 +31,6 @@
#include "urldata.h"
#include "vauth/vauth.h"
-#include "curl_base64.h"
#include "warnless.h"
#include "curl_printf.h"
@@ -42,31 +41,26 @@
/*
* Curl_auth_create_oauth_bearer_message()
*
- * This is used to generate an already encoded OAuth 2.0 message ready for
- * sending to the recipient.
+ * This is used to generate an OAuth 2.0 message ready for sending to the
+ * recipient.
*
* Parameters:
*
- * data[in] - The session handle.
* user[in] - The user name.
* host[in] - The host name.
* port[in] - The port(when not Port 80).
* bearer[in] - The bearer token.
- * outptr[in / out] - The address where a pointer to newly allocated memory
- * holding the result will be stored upon completion.
- * outlen[out] - The length of the output message.
+ * out[out] - The result storage.
*
* Returns CURLE_OK on success.
*/
-CURLcode Curl_auth_create_oauth_bearer_message(struct Curl_easy *data,
- const char *user,
+CURLcode Curl_auth_create_oauth_bearer_message(const char *user,
const char *host,
const long port,
const char *bearer,
- char **outptr, size_t *outlen)
+ struct bufref *out)
{
- CURLcode result = CURLE_OK;
- char *oauth = NULL;
+ char *oauth;
/* Generate the message */
if(port == 0 || port == 80)
@@ -78,49 +72,34 @@ CURLcode Curl_auth_create_oauth_bearer_message(struct Curl_easy *data,
if(!oauth)
return CURLE_OUT_OF_MEMORY;
- /* Base64 encode the reply */
- result = Curl_base64_encode(data, oauth, strlen(oauth), outptr, outlen);
-
- free(oauth);
-
- return result;
+ Curl_bufref_set(out, oauth, strlen(oauth), curl_free);
+ return CURLE_OK;
}
/*
* Curl_auth_create_xoauth_bearer_message()
*
- * This is used to generate an already encoded XOAuth 2.0 message ready for
- * sending to the recipient.
+ * This is used to generate a XOAuth 2.0 message ready for * sending to the
+ * recipient.
*
* Parameters:
*
- * data[in] - The session handle.
* user[in] - The user name.
* bearer[in] - The bearer token.
- * outptr[in / out] - The address where a pointer to newly allocated memory
- * holding the result will be stored upon completion.
- * outlen[out] - The length of the output message.
+ * out[out] - The result storage.
*
* Returns CURLE_OK on success.
*/
-CURLcode Curl_auth_create_xoauth_bearer_message(struct Curl_easy *data,
- const char *user,
+CURLcode Curl_auth_create_xoauth_bearer_message(const char *user,
const char *bearer,
- char **outptr, size_t *outlen)
+ struct bufref *out)
{
- CURLcode result = CURLE_OK;
-
/* Generate the message */
char *xoauth = aprintf("user=%s\1auth=Bearer %s\1\1", user, bearer);
if(!xoauth)
return CURLE_OUT_OF_MEMORY;
- /* Base64 encode the reply */
- result = Curl_base64_encode(data, xoauth, strlen(xoauth), outptr, outlen);
-
- free(xoauth);
-
- return result;
+ Curl_bufref_set(out, xoauth, strlen(xoauth), curl_free);
+ return CURLE_OK;
}
#endif /* disabled, no users */
-
diff --git a/Utilities/cmcurl/lib/vauth/vauth.c b/Utilities/cmcurl/lib/vauth/vauth.c
index 129b8f8..3624fb0 100644
--- a/Utilities/cmcurl/lib/vauth/vauth.c
+++ b/Utilities/cmcurl/lib/vauth/vauth.c
@@ -5,7 +5,7 @@
* | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____|
*
- * Copyright (C) 2014 - 2020, Steve Holme, <steve_holme@hotmail.com>.
+ * Copyright (C) 2014 - 2021, Steve Holme, <steve_holme@hotmail.com>.
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
@@ -72,6 +72,7 @@ TCHAR *Curl_auth_build_spn(const char *service, const char *host,
{
char *utf8_spn = NULL;
TCHAR *tchar_spn = NULL;
+ TCHAR *dupe_tchar_spn = NULL;
(void) realm;
@@ -84,23 +85,19 @@ TCHAR *Curl_auth_build_spn(const char *service, const char *host,
/* Generate our UTF8 based SPN */
utf8_spn = aprintf("%s/%s", service, host);
- if(!utf8_spn) {
+ if(!utf8_spn)
return NULL;
- }
- /* Allocate our TCHAR based SPN */
+ /* Allocate and return a TCHAR based SPN. Since curlx_convert_UTF8_to_tchar
+ must be freed by curlx_unicodefree we'll dupe the result so that the
+ pointer this function returns can be normally free'd. */
tchar_spn = curlx_convert_UTF8_to_tchar(utf8_spn);
- if(!tchar_spn) {
- free(utf8_spn);
-
+ free(utf8_spn);
+ if(!tchar_spn)
return NULL;
- }
-
- /* Release the UTF8 variant when operating with Unicode */
- curlx_unicodefree(utf8_spn);
-
- /* Return our newly allocated SPN */
- return tchar_spn;
+ dupe_tchar_spn = _tcsdup(tchar_spn);
+ curlx_unicodefree(tchar_spn);
+ return dupe_tchar_spn;
}
#endif /* USE_WINDOWS_SSPI */
diff --git a/Utilities/cmcurl/lib/vauth/vauth.h b/Utilities/cmcurl/lib/vauth/vauth.h
index f25cfc3..ec5b000 100644
--- a/Utilities/cmcurl/lib/vauth/vauth.h
+++ b/Utilities/cmcurl/lib/vauth/vauth.h
@@ -7,7 +7,7 @@
* | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____|
*
- * Copyright (C) 2014 - 2020, Steve Holme, <steve_holme@hotmail.com>.
+ * Copyright (C) 2014 - 2021, Steve Holme, <steve_holme@hotmail.com>.
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
@@ -24,6 +24,8 @@
#include <curl/curl.h>
+#include "bufref.h"
+
struct Curl_easy;
#if !defined(CURL_DISABLE_CRYPTO_AUTH)
@@ -42,6 +44,10 @@ struct kerberos5data;
struct negotiatedata;
#endif
+#if defined(USE_GSASL)
+struct gsasldata;
+#endif
+
#if defined(USE_WINDOWS_SSPI)
#define GSS_ERROR(status) ((status) & 0x80000000)
#endif
@@ -58,45 +64,37 @@ TCHAR *Curl_auth_build_spn(const char *service, const char *host,
/* This is used to test if the user contains a Windows domain name */
bool Curl_auth_user_contains_domain(const char *user);
-/* This is used to generate a base64 encoded PLAIN cleartext message */
-CURLcode Curl_auth_create_plain_message(struct Curl_easy *data,
- const char *authzid,
+/* This is used to generate a PLAIN cleartext message */
+CURLcode Curl_auth_create_plain_message(const char *authzid,
const char *authcid,
const char *passwd,
- char **outptr, size_t *outlen);
+ struct bufref *out);
-/* This is used to generate a base64 encoded LOGIN cleartext message */
-CURLcode Curl_auth_create_login_message(struct Curl_easy *data,
- const char *valuep, char **outptr,
- size_t *outlen);
+/* This is used to generate a LOGIN cleartext message */
+CURLcode Curl_auth_create_login_message(const char *value,
+ struct bufref *out);
-/* This is used to generate a base64 encoded EXTERNAL cleartext message */
-CURLcode Curl_auth_create_external_message(struct Curl_easy *data,
- const char *user, char **outptr,
- size_t *outlen);
+/* This is used to generate an EXTERNAL cleartext message */
+CURLcode Curl_auth_create_external_message(const char *user,
+ struct bufref *out);
#if !defined(CURL_DISABLE_CRYPTO_AUTH)
-/* This is used to decode a CRAM-MD5 challenge message */
-CURLcode Curl_auth_decode_cram_md5_message(const char *chlg64, char **outptr,
- size_t *outlen);
-
/* This is used to generate a CRAM-MD5 response message */
-CURLcode Curl_auth_create_cram_md5_message(struct Curl_easy *data,
- const char *chlg,
+CURLcode Curl_auth_create_cram_md5_message(const struct bufref *chlg,
const char *userp,
const char *passwdp,
- char **outptr, size_t *outlen);
+ struct bufref *out);
/* This is used to evaluate if DIGEST is supported */
bool Curl_auth_is_digest_supported(void);
/* This is used to generate a base64 encoded DIGEST-MD5 response message */
CURLcode Curl_auth_create_digest_md5_message(struct Curl_easy *data,
- const char *chlg64,
+ const struct bufref *chlg,
const char *userp,
const char *passwdp,
const char *service,
- char **outptr, size_t *outlen);
+ struct bufref *out);
/* This is used to decode a HTTP DIGEST challenge message */
CURLcode Curl_auth_decode_digest_http_message(const char *chlg,
@@ -115,6 +113,27 @@ CURLcode Curl_auth_create_digest_http_message(struct Curl_easy *data,
void Curl_auth_digest_cleanup(struct digestdata *digest);
#endif /* !CURL_DISABLE_CRYPTO_AUTH */
+#ifdef USE_GSASL
+/* This is used to evaluate if MECH is supported by gsasl */
+bool Curl_auth_gsasl_is_supported(struct Curl_easy *data,
+ const char *mech,
+ struct gsasldata *gsasl);
+/* This is used to start a gsasl method */
+CURLcode Curl_auth_gsasl_start(struct Curl_easy *data,
+ const char *userp,
+ const char *passwdp,
+ struct gsasldata *gsasl);
+
+/* This is used to process and generate a new SASL token */
+CURLcode Curl_auth_gsasl_token(struct Curl_easy *data,
+ const struct bufref *chlg,
+ struct gsasldata *gsasl,
+ struct bufref *out);
+
+/* This is used to clean up the gsasl specific data */
+void Curl_auth_gsasl_cleanup(struct gsasldata *digest);
+#endif
+
#if defined(USE_NTLM)
/* This is used to evaluate if NTLM is supported */
bool Curl_auth_is_ntlm_supported(void);
@@ -126,12 +145,11 @@ CURLcode Curl_auth_create_ntlm_type1_message(struct Curl_easy *data,
const char *service,
const char *host,
struct ntlmdata *ntlm,
- char **outptr,
- size_t *outlen);
+ struct bufref *out);
/* This is used to decode a base64 encoded NTLM type-2 message */
CURLcode Curl_auth_decode_ntlm_type2_message(struct Curl_easy *data,
- const char *type2msg,
+ const struct bufref *type2,
struct ntlmdata *ntlm);
/* This is used to generate a base64 encoded NTLM type-3 message */
@@ -139,25 +157,23 @@ CURLcode Curl_auth_create_ntlm_type3_message(struct Curl_easy *data,
const char *userp,
const char *passwdp,
struct ntlmdata *ntlm,
- char **outptr, size_t *outlen);
+ struct bufref *out);
/* This is used to clean up the NTLM specific data */
void Curl_auth_cleanup_ntlm(struct ntlmdata *ntlm);
#endif /* USE_NTLM */
/* This is used to generate a base64 encoded OAuth 2.0 message */
-CURLcode Curl_auth_create_oauth_bearer_message(struct Curl_easy *data,
- const char *user,
+CURLcode Curl_auth_create_oauth_bearer_message(const char *user,
const char *host,
const long port,
const char *bearer,
- char **outptr, size_t *outlen);
+ struct bufref *out);
/* This is used to generate a base64 encoded XOAuth 2.0 message */
-CURLcode Curl_auth_create_xoauth_bearer_message(struct Curl_easy *data,
- const char *user,
+CURLcode Curl_auth_create_xoauth_bearer_message(const char *user,
const char *bearer,
- char **outptr, size_t *outlen);
+ struct bufref *out);
#if defined(USE_KERBEROS5)
/* This is used to evaluate if GSSAPI (Kerberos V5) is supported */
@@ -171,17 +187,16 @@ CURLcode Curl_auth_create_gssapi_user_message(struct Curl_easy *data,
const char *service,
const char *host,
const bool mutual,
- const char *chlg64,
+ const struct bufref *chlg,
struct kerberos5data *krb5,
- char **outptr, size_t *outlen);
+ struct bufref *out);
/* This is used to generate a base64 encoded GSSAPI (Kerberos V5) security
token message */
CURLcode Curl_auth_create_gssapi_security_message(struct Curl_easy *data,
- const char *input,
+ const struct bufref *chlg,
struct kerberos5data *krb5,
- char **outptr,
- size_t *outlen);
+ struct bufref *out);
/* This is used to clean up the GSSAPI specific data */
void Curl_auth_cleanup_gssapi(struct kerberos5data *krb5);
generated by cgit v0.12 at 2024-11-10 11:41:11 (GMT)