struct Cookie *Curl_cookie_getlist(struct CookieInfo *c, const char *host, const char *path, bool secure) { struct Cookie *newco; struct Cookie *co; time_t now = time(NULL); struct Cookie *mainco=NULL; size_t matches = 0; if(!c || !c->cookies) return NULL; /* no cookie struct or no cookies in the struct */ co = c->cookies; while(co) { /* only process this cookie if it is not expired or had no expire date AND that if the cookie requires we're secure we must only continue if we are! */ if((!co->expires || (co->expires > now)) && (co->secure?secure:TRUE)) { /* now check if the domain is correct */ if(!co->domain || (co->tailmatch && tailmatch(co->domain, host)) || (!co->tailmatch && Curl_raw_equal(host, co->domain)) ) { /* the right part of the host matches the domain stuff in the cookie data */ /* now check the left part of the path with the cookies path requirement */ if(!co->path || /* not using checkprefix() because matching should be case-sensitive */ !strncmp(co->path, path, strlen(co->path)) ) { /* and now, we know this is a match and we should create an entry for the return-linked-list */ newco = malloc(sizeof(struct Cookie)); if(newco) { /* first, copy the whole source cookie: */ memcpy(newco, co, sizeof(struct Cookie)); /* then modify our next */ newco->next = mainco; /* point the main to us */ mainco = newco; matches++; } else { fail: /* failure, clear up the allocated chain and return NULL */ while(mainco) { co = mainco->next; free(mainco); mainco = co; } return NULL; } } } } co = co->next; } if(matches) { /* Now we need to make sure that if there is a name appearing more than once, the longest specified path version comes first. To make this the swiftest way, we just sort them all based on path length. */ struct Cookie **array; size_t i; /* alloc an array and store all cookie pointers */ array = malloc(sizeof(struct Cookie *) * matches); if(!array) goto fail; co = mainco; for(i=0; co; co = co->next) array[i++] = co; /* now sort the cookie pointers in path length order */ qsort(array, matches, sizeof(struct Cookie *), cookie_sort); /* remake the linked list order according to the new order */ mainco = array[0]; /* start here */ for(i=0; i<matches-1; i++) array[i]->next = array[i+1]; array[matches-1]->next = NULL; /* terminate the list */ free(array); /* remove the temporary data again */ } return mainco; /* return the new list */ }
CURLcode Curl_output_digest(struct connectdata *conn, bool proxy, const unsigned char *request, const unsigned char *uripath) { /* We have a Digest setup for this, use it! Now, to get all the details for this sorted out, I must urge you dear friend to read up on the RFC2617 section 3.2.2, */ unsigned char md5buf[16]; /* 16 bytes/128 bits */ unsigned char request_digest[33]; unsigned char *md5this; unsigned char *ha1; unsigned char ha2[33];/* 32 digits and 1 zero byte */ char cnoncebuf[33]; char *cnonce = NULL; size_t cnonce_sz = 0; char *tmp = NULL; struct timeval now; char **allocuserpwd; const char *userp; const char *passwdp; struct auth *authp; struct SessionHandle *data = conn->data; struct digestdata *d; CURLcode rc; /* The CURL_OUTPUT_DIGEST_CONV macro below is for non-ASCII machines. It converts digest text to ASCII so the MD5 will be correct for what ultimately goes over the network. */ #define CURL_OUTPUT_DIGEST_CONV(a, b) \ rc = Curl_convert_to_network(a, (char *)b, strlen((const char*)b)); \ if(rc != CURLE_OK) { \ free(b); \ return rc; \ } if(proxy) { d = &data->state.proxydigest; allocuserpwd = &conn->allocptr.proxyuserpwd; userp = conn->proxyuser; passwdp = conn->proxypasswd; authp = &data->state.authproxy; } else { d = &data->state.digest; allocuserpwd = &conn->allocptr.userpwd; userp = conn->user; passwdp = conn->passwd; authp = &data->state.authhost; } if(*allocuserpwd) { Curl_safefree(*allocuserpwd); *allocuserpwd = NULL; } /* not set means empty */ if(!userp) userp=""; if(!passwdp) passwdp=""; if(!d->nonce) { authp->done = FALSE; return CURLE_OK; } authp->done = TRUE; if(!d->nc) d->nc = 1; if(!d->cnonce) { /* Generate a cnonce */ now = Curl_tvnow(); snprintf(cnoncebuf, sizeof(cnoncebuf), "%32ld", (long)now.tv_sec + now.tv_usec); rc = Curl_base64_encode(data, cnoncebuf, strlen(cnoncebuf), &cnonce, &cnonce_sz); if(rc) return rc; d->cnonce = cnonce; } /* if the algorithm is "MD5" or unspecified (which then defaults to MD5): A1 = unq(username-value) ":" unq(realm-value) ":" passwd if the algorithm is "MD5-sess" then: A1 = H( unq(username-value) ":" unq(realm-value) ":" passwd ) ":" unq(nonce-value) ":" unq(cnonce-value) */ md5this = (unsigned char *) aprintf("%s:%s:%s", userp, d->realm, passwdp); if(!md5this) return CURLE_OUT_OF_MEMORY; CURL_OUTPUT_DIGEST_CONV(data, md5this); /* convert on non-ASCII machines */ Curl_md5it(md5buf, md5this); free(md5this); /* free this again */ ha1 = malloc(33); /* 32 digits and 1 zero byte */ if(!ha1) return CURLE_OUT_OF_MEMORY; md5_to_ascii(md5buf, ha1); if(d->algo == CURLDIGESTALGO_MD5SESS) { /* nonce and cnonce are OUTSIDE the hash */ tmp = aprintf("%s:%s:%s", ha1, d->nonce, d->cnonce); if(!tmp) return CURLE_OUT_OF_MEMORY; CURL_OUTPUT_DIGEST_CONV(data, tmp); /* convert on non-ASCII machines */ Curl_md5it(md5buf, (unsigned char *)tmp); free(tmp); /* free this again */ md5_to_ascii(md5buf, ha1); } /* If the "qop" directive's value is "auth" or is unspecified, then A2 is: A2 = Method ":" digest-uri-value If the "qop" value is "auth-int", then A2 is: A2 = Method ":" digest-uri-value ":" H(entity-body) (The "Method" value is the HTTP request method as specified in section 5.1.1 of RFC 2616) */ /* So IE browsers < v7 cut off the URI part at the query part when they evaluate the MD5 and some (IIS?) servers work with them so we may need to do the Digest IE-style. Note that the different ways cause different MD5 sums to get sent. Apache servers can be set to do the Digest IE-style automatically using the BrowserMatch feature: http://httpd.apache.org/docs/2.2/mod/mod_auth_digest.html#msie Further details on Digest implementation differences: http://www.fngtps.com/2006/09/http-authentication */ if(authp->iestyle && ((tmp = strchr((char *)uripath, '?')) != NULL)) { md5this = (unsigned char *)aprintf("%s:%.*s", request, curlx_sztosi(tmp - (char *)uripath), uripath); } else md5this = (unsigned char *)aprintf("%s:%s", request, uripath); if(!md5this) { free(ha1); return CURLE_OUT_OF_MEMORY; } if(d->qop && Curl_raw_equal(d->qop, "auth-int")) { /* We don't support auth-int at the moment. I can't see a easy way to get entity-body here */ /* TODO: Append H(entity-body)*/ } CURL_OUTPUT_DIGEST_CONV(data, md5this); /* convert on non-ASCII machines */ Curl_md5it(md5buf, md5this); free(md5this); /* free this again */ md5_to_ascii(md5buf, ha2); if(d->qop) { md5this = (unsigned char *)aprintf("%s:%s:%08x:%s:%s:%s", ha1, d->nonce, d->nc, d->cnonce, d->qop, ha2); } else { md5this = (unsigned char *)aprintf("%s:%s:%s", ha1, d->nonce, ha2); } free(ha1); if(!md5this) return CURLE_OUT_OF_MEMORY; CURL_OUTPUT_DIGEST_CONV(data, md5this); /* convert on non-ASCII machines */ Curl_md5it(md5buf, md5this); free(md5this); /* free this again */ md5_to_ascii(md5buf, request_digest); /* for test case 64 (snooped from a Mozilla 1.3a request) Authorization: Digest username="******", realm="testrealm", \ nonce="1053604145", uri="/64", response="c55f7f30d83d774a3d2dcacf725abaca" */ if(d->qop) { *allocuserpwd = aprintf( "%sAuthorization: Digest " "username=\"%s\", " "realm=\"%s\", " "nonce=\"%s\", " "uri=\"%s\", " "cnonce=\"%s\", " "nc=%08x, " "qop=%s, " "response=\"%s\"", proxy?"Proxy-":"", userp, d->realm, d->nonce, uripath, /* this is the PATH part of the URL */ d->cnonce, d->nc, d->qop, request_digest); if(Curl_raw_equal(d->qop, "auth")) d->nc++; /* The nc (from RFC) has to be a 8 hex digit number 0 padded which tells to the server how many times you are using the same nonce in the qop=auth mode. */ } else { *allocuserpwd = aprintf( "%sAuthorization: Digest " "username=\"%s\", " "realm=\"%s\", " "nonce=\"%s\", " "uri=\"%s\", " "response=\"%s\"", proxy?"Proxy-":"", userp, d->realm, d->nonce, uripath, /* this is the PATH part of the URL */ request_digest); } if(!*allocuserpwd) return CURLE_OUT_OF_MEMORY; /* Add optional fields */ if(d->opaque) { /* append opaque */ tmp = aprintf("%s, opaque=\"%s\"", *allocuserpwd, d->opaque); if(!tmp) return CURLE_OUT_OF_MEMORY; free(*allocuserpwd); *allocuserpwd = tmp; } if(d->algorithm) { /* append algorithm */ tmp = aprintf("%s, algorithm=\"%s\"", *allocuserpwd, d->algorithm); if(!tmp) return CURLE_OUT_OF_MEMORY; free(*allocuserpwd); *allocuserpwd = tmp; } /* append CRLF + zero (3 bytes) to the userpwd header */ tmp = realloc(*allocuserpwd, strlen(*allocuserpwd) + 3); if(!tmp) return CURLE_OUT_OF_MEMORY; strcat(tmp, "\r\n"); *allocuserpwd = tmp; return CURLE_OK; }
struct Cookie * Curl_cookie_add(struct SessionHandle *data, /* The 'data' pointer here may be NULL at times, and thus must only be used very carefully for things that can deal with data being NULL. Such as infof() and similar */ struct CookieInfo *c, bool httpheader, /* TRUE if HTTP header-style line */ char *lineptr, /* first character of the line */ const char *domain, /* default domain */ const char *path) /* full path used when this cookie is set, used to get default path for the cookie unless set */ { struct Cookie *clist; char name[MAX_NAME]; struct Cookie *co; struct Cookie *lastc=NULL; time_t now = time(NULL); bool replace_old = FALSE; bool badcookie = FALSE; /* cookies are good by default. mmmmm yummy */ #ifdef CURL_DISABLE_VERBOSE_STRINGS (void)data; #endif /* First, alloc and init a new struct for it */ co = calloc(1, sizeof(struct Cookie)); if(!co) return NULL; /* bail out if we're this low on memory */ if(httpheader) { /* This line was read off a HTTP-header */ const char *ptr; const char *semiptr; char *what; what = malloc(MAX_COOKIE_LINE); if(!what) { free(co); return NULL; } semiptr=strchr(lineptr, ';'); /* first, find a semicolon */ while(*lineptr && ISBLANK(*lineptr)) lineptr++; ptr = lineptr; do { /* we have a <what>=<this> pair or a stand-alone word here */ name[0]=what[0]=0; /* init the buffers */ if(1 <= sscanf(ptr, "%" MAX_NAME_TXT "[^;\r\n =]=%" MAX_COOKIE_LINE_TXT "[^;\r\n]", name, what)) { /* Use strstore() below to properly deal with received cookie headers that have the same string property set more than once, and then we use the last one. */ const char *whatptr; bool done = FALSE; bool sep; size_t len=strlen(what); const char *endofn = &ptr[ strlen(name) ]; /* skip trailing spaces in name */ while(*endofn && ISBLANK(*endofn)) endofn++; /* name ends with a '=' ? */ sep = (*endofn == '=')?TRUE:FALSE; /* Strip off trailing whitespace from the 'what' */ while(len && ISBLANK(what[len-1])) { what[len-1]=0; len--; } /* Skip leading whitespace from the 'what' */ whatptr=what; while(*whatptr && ISBLANK(*whatptr)) whatptr++; if(!len) { /* this was a "<name>=" with no content, and we must allow 'secure' and 'httponly' specified this weirdly */ done = TRUE; if(Curl_raw_equal("secure", name)) co->secure = TRUE; else if(Curl_raw_equal("httponly", name)) co->httponly = TRUE; else if(sep) /* there was a '=' so we're not done parsing this field */ done = FALSE; } if(done) ; else if(Curl_raw_equal("path", name)) { strstore(&co->path, whatptr); if(!co->path) { badcookie = TRUE; /* out of memory bad */ break; } } else if(Curl_raw_equal("domain", name)) { /* note that this name may or may not have a preceding dot, but we don't care about that, we treat the names the same anyway */ const char *domptr=whatptr; const char *nextptr; int dotcount=1; /* Count the dots, we need to make sure that there are enough of them. */ if('.' == whatptr[0]) /* don't count the initial dot, assume it */ domptr++; do { nextptr = strchr(domptr, '.'); if(nextptr) { if(domptr != nextptr) dotcount++; domptr = nextptr+1; } } while(nextptr); /* The original Netscape cookie spec defined that this domain name MUST have three dots (or two if one of the seven holy TLDs), but it seems that these kinds of cookies are in use "out there" so we cannot be that strict. I've therefore lowered the check to not allow less than two dots. */ if(dotcount < 2) { /* Received and skipped a cookie with a domain using too few dots. */ badcookie=TRUE; /* mark this as a bad cookie */ infof(data, "skipped cookie with illegal dotcount domain: %s\n", whatptr); } else { /* Now, we make sure that our host is within the given domain, or the given domain is not valid and thus cannot be set. */ if('.' == whatptr[0]) whatptr++; /* ignore preceding dot */ if(!domain || tailmatch(whatptr, domain)) { const char *tailptr=whatptr; if(tailptr[0] == '.') tailptr++; strstore(&co->domain, tailptr); /* don't prefix w/dots internally */ if(!co->domain) { badcookie = TRUE; break; } co->tailmatch=TRUE; /* we always do that if the domain name was given */ } else { /* we did not get a tailmatch and then the attempted set domain is not a domain to which the current host belongs. Mark as bad. */ badcookie=TRUE; infof(data, "skipped cookie with bad tailmatch domain: %s\n", whatptr); } } } else if(Curl_raw_equal("version", name)) { strstore(&co->version, whatptr); if(!co->version) { badcookie = TRUE; break; } } else if(Curl_raw_equal("max-age", name)) { /* Defined in RFC2109: Optional. The Max-Age attribute defines the lifetime of the cookie, in seconds. The delta-seconds value is a decimal non- negative integer. After delta-seconds seconds elapse, the client should discard the cookie. A value of zero means the cookie should be discarded immediately. */ strstore(&co->maxage, whatptr); if(!co->maxage) { badcookie = TRUE; break; } co->expires = strtol((*co->maxage=='\"')?&co->maxage[1]:&co->maxage[0],NULL,10) + (long)now; } else if(Curl_raw_equal("expires", name)) { strstore(&co->expirestr, whatptr); if(!co->expirestr) { badcookie = TRUE; break; } /* Note that if the date couldn't get parsed for whatever reason, the cookie will be treated as a session cookie */ co->expires = curl_getdate(what, &now); /* Session cookies have expires set to 0 so if we get that back from the date parser let's add a second to make it a non-session cookie */ if(co->expires == 0) co->expires = 1; else if(co->expires < 0) co->expires = 0; } else if(!co->name) { co->name = strdup(name); co->value = strdup(whatptr); if(!co->name || !co->value) { badcookie = TRUE; break; } } /* else this is the second (or more) name we don't know about! */ } else { /* this is an "illegal" <what>=<this> pair */ } if(!semiptr || !*semiptr) { /* we already know there are no more cookies */ semiptr = NULL; continue; } ptr=semiptr+1; while(*ptr && ISBLANK(*ptr)) ptr++; semiptr=strchr(ptr, ';'); /* now, find the next semicolon */ if(!semiptr && *ptr) /* There are no more semicolons, but there's a final name=value pair coming up */ semiptr=strchr(ptr, '\0'); } while(semiptr); if(!badcookie && !co->domain) { if(domain) { /* no domain was given in the header line, set the default */ co->domain=strdup(domain); if(!co->domain) badcookie = TRUE; } } if(!badcookie && !co->path && path) { /* No path was given in the header line, set the default. Note that the passed-in path to this function MAY have a '?' and following part that MUST not be stored as part of the path. */ char *queryp = strchr(path, '?'); /* queryp is where the interesting part of the path ends, so now we want to the find the last */ char *endslash; if(!queryp) endslash = strrchr(path, '/'); else endslash = memrchr(path, '/', (size_t)(queryp - path)); if(endslash) { size_t pathlen = (size_t)(endslash-path+1); /* include ending slash */ co->path=malloc(pathlen+1); /* one extra for the zero byte */ if(co->path) { memcpy(co->path, path, pathlen); co->path[pathlen]=0; /* zero terminate */ } else badcookie = TRUE; } } free(what); if(badcookie || !co->name) { /* we didn't get a cookie name or a bad one, this is an illegal line, bail out */ freecookie(co); return NULL; } } else { /* This line is NOT a HTTP header style line, we do offer support for reading the odd netscape cookies-file format here */ char *ptr; char *firstptr; char *tok_buf=NULL; int fields; /* IE introduced HTTP-only cookies to prevent XSS attacks. Cookies marked with httpOnly after the domain name are not accessible from javascripts, but since curl does not operate at javascript level, we include them anyway. In Firefox's cookie files, these lines are preceded with #HttpOnly_ and then everything is as usual, so we skip 10 characters of the line.. */ if(strncmp(lineptr, "#HttpOnly_", 10) == 0) { lineptr += 10; co->httponly = TRUE; } if(lineptr[0]=='#') { /* don't even try the comments */ free(co); return NULL; } /* strip off the possible end-of-line characters */ ptr=strchr(lineptr, '\r'); if(ptr) *ptr=0; /* clear it */ ptr=strchr(lineptr, '\n'); if(ptr) *ptr=0; /* clear it */ firstptr=strtok_r(lineptr, "\t", &tok_buf); /* tokenize it on the TAB */ /* Here's a quick check to eliminate normal HTTP-headers from this */ if(!firstptr || strchr(firstptr, ':')) { free(co); return NULL; } /* Now loop through the fields and init the struct we already have allocated */ for(ptr=firstptr, fields=0; ptr && !badcookie; ptr=strtok_r(NULL, "\t", &tok_buf), fields++) { switch(fields) { case 0: if(ptr[0]=='.') /* skip preceding dots */ ptr++; co->domain = strdup(ptr); if(!co->domain) badcookie = TRUE; break; case 1: /* This field got its explanation on the 23rd of May 2001 by Andrés García: flag: A TRUE/FALSE value indicating if all machines within a given domain can access the variable. This value is set automatically by the browser, depending on the value you set for the domain. As far as I can see, it is set to true when the cookie says .domain.com and to false when the domain is complete www.domain.com */ co->tailmatch = Curl_raw_equal(ptr, "TRUE")?TRUE:FALSE; break; case 2: /* It turns out, that sometimes the file format allows the path field to remain not filled in, we try to detect this and work around it! Andrés García made us aware of this... */ if(strcmp("TRUE", ptr) && strcmp("FALSE", ptr)) { /* only if the path doesn't look like a boolean option! */ co->path = strdup(ptr); if(!co->path) badcookie = TRUE; break; } /* this doesn't look like a path, make one up! */ co->path = strdup("/"); if(!co->path) badcookie = TRUE; fields++; /* add a field and fall down to secure */ /* FALLTHROUGH */ case 3: co->secure = Curl_raw_equal(ptr, "TRUE")?TRUE:FALSE; break; case 4: co->expires = curlx_strtoofft(ptr, NULL, 10); break; case 5: co->name = strdup(ptr); if(!co->name) badcookie = TRUE; break; case 6: co->value = strdup(ptr); if(!co->value) badcookie = TRUE; break; } } if(6 == fields) { /* we got a cookie with blank contents, fix it */ co->value = strdup(""); if(!co->value) badcookie = TRUE; else fields++; } if(!badcookie && (7 != fields)) /* we did not find the sufficient number of fields */ badcookie = TRUE; if(badcookie) { freecookie(co); return NULL; } } if(!c->running && /* read from a file */ c->newsession && /* clean session cookies */ !co->expires) { /* this is a session cookie since it doesn't expire! */ freecookie(co); return NULL; } co->livecookie = c->running; /* now, we have parsed the incoming line, we must now check if this superceeds an already existing cookie, which it may if the previous have the same domain and path as this */ clist = c->cookies; replace_old = FALSE; while(clist) { if(Curl_raw_equal(clist->name, co->name)) { /* the names are identical */ if(clist->domain && co->domain) { if(Curl_raw_equal(clist->domain, co->domain)) /* The domains are identical */ replace_old=TRUE; } else if(!clist->domain && !co->domain) replace_old = TRUE; if(replace_old) { /* the domains were identical */ if(clist->path && co->path) { if(Curl_raw_equal(clist->path, co->path)) { replace_old = TRUE; } else replace_old = FALSE; } else if(!clist->path && !co->path) replace_old = TRUE; else replace_old = FALSE; } if(replace_old && !co->livecookie && clist->livecookie) { /* Both cookies matched fine, except that the already present cookie is "live", which means it was set from a header, while the new one isn't "live" and thus only read from a file. We let live cookies stay alive */ /* Free the newcomer and get out of here! */ freecookie(co); return NULL; } if(replace_old) { co->next = clist->next; /* get the next-pointer first */ /* then free all the old pointers */ free(clist->name); if(clist->value) free(clist->value); if(clist->domain) free(clist->domain); if(clist->path) free(clist->path); if(clist->expirestr) free(clist->expirestr); if(clist->version) free(clist->version); if(clist->maxage) free(clist->maxage); *clist = *co; /* then store all the new data */ free(co); /* free the newly alloced memory */ co = clist; /* point to the previous struct instead */ /* We have replaced a cookie, now skip the rest of the list but make sure the 'lastc' pointer is properly set */ do { lastc = clist; clist = clist->next; } while(clist); break; } } lastc = clist; clist = clist->next; } if(c->running) /* Only show this when NOT reading the cookies from a file */ infof(data, "%s cookie %s=\"%s\" for domain %s, path %s, " "expire %" FORMAT_OFF_T "\n", replace_old?"Replaced":"Added", co->name, co->value, co->domain, co->path, co->expires); if(!replace_old) { /* then make the last item point on this new one */ if(lastc) lastc->next = co; else c->cookies = co; } c->numcookies++; /* one more cookie in the jar */ return co; }
static SECStatus set_ciphers(struct SessionHandle *data, PRFileDesc * model, char *cipher_list) { unsigned int i; PRBool cipher_state[NUM_OF_CIPHERS]; PRBool found; char *cipher; SECStatus rv; /* First disable all ciphers. This uses a different max value in case * NSS adds more ciphers later we don't want them available by * accident */ for(i=0; i<SSL_NumImplementedCiphers; i++) { SSL_CipherPrefSet(model, SSL_ImplementedCiphers[i], SSL_NOT_ALLOWED); } /* Set every entry in our list to false */ for(i=0; i<NUM_OF_CIPHERS; i++) { cipher_state[i] = PR_FALSE; } cipher = cipher_list; while(cipher_list && (cipher_list[0])) { while((*cipher) && (ISSPACE(*cipher))) ++cipher; if((cipher_list = strchr(cipher, ','))) { *cipher_list++ = '\0'; } found = PR_FALSE; for(i=0; i<NUM_OF_CIPHERS; i++) { if(Curl_raw_equal(cipher, cipherlist[i].name)) { cipher_state[i] = PR_TRUE; found = PR_TRUE; break; } } if(found == PR_FALSE) { failf(data, "Unknown cipher in list: %s", cipher); return SECFailure; } if(cipher_list) { cipher = cipher_list; } } /* Finally actually enable the selected ciphers */ for(i=0; i<NUM_OF_CIPHERS; i++) { rv = SSL_CipherPrefSet(model, cipherlist[i].num, cipher_state[i]); if(rv != SECSuccess) { failf(data, "cipher-suite not supported by NSS: %s", cipherlist[i].name); return SECFailure; } } return SECSuccess; }
CURLdigest Curl_input_digest(struct connectdata *conn, bool proxy, const char *header) /* rest of the *-authenticate: header */ { char *token = NULL; char *tmp = NULL; bool foundAuth = FALSE; bool foundAuthInt = FALSE; struct SessionHandle *data=conn->data; bool before = FALSE; /* got a nonce before */ struct digestdata *d; if(proxy) { d = &data->state.proxydigest; } else { d = &data->state.digest; } /* skip initial whitespaces */ while(*header && ISSPACE(*header)) header++; if(checkprefix("Digest", header)) { header += strlen("Digest"); /* If we already have received a nonce, keep that in mind */ if(d->nonce) before = TRUE; /* clear off any former leftovers and init to defaults */ digest_cleanup_one(d); for(;;) { char value[MAX_VALUE_LENGTH]; char content[MAX_CONTENT_LENGTH]; while(*header && ISSPACE(*header)) header++; /* extract a value=content pair */ if(!get_pair(header, value, content, &header)) { if(Curl_raw_equal(value, "nonce")) { d->nonce = strdup(content); if(!d->nonce) return CURLDIGEST_NOMEM; } else if(Curl_raw_equal(value, "stale")) { if(Curl_raw_equal(content, "true")) { d->stale = TRUE; d->nc = 1; /* we make a new nonce now */ } } else if(Curl_raw_equal(value, "realm")) { d->realm = strdup(content); if(!d->realm) return CURLDIGEST_NOMEM; } else if(Curl_raw_equal(value, "opaque")) { d->opaque = strdup(content); if(!d->opaque) return CURLDIGEST_NOMEM; } else if(Curl_raw_equal(value, "qop")) { char *tok_buf; /* tokenize the list and choose auth if possible, use a temporary clone of the buffer since strtok_r() ruins it */ tmp = strdup(content); if(!tmp) return CURLDIGEST_NOMEM; token = strtok_r(tmp, ",", &tok_buf); while(token != NULL) { if(Curl_raw_equal(token, "auth")) { foundAuth = TRUE; } else if(Curl_raw_equal(token, "auth-int")) { foundAuthInt = TRUE; } token = strtok_r(NULL, ",", &tok_buf); } free(tmp); /*select only auth o auth-int. Otherwise, ignore*/ if(foundAuth) { d->qop = strdup("auth"); if(!d->qop) return CURLDIGEST_NOMEM; } else if(foundAuthInt) { d->qop = strdup("auth-int"); if(!d->qop) return CURLDIGEST_NOMEM; } } else if(Curl_raw_equal(value, "algorithm")) { d->algorithm = strdup(content); if(!d->algorithm) return CURLDIGEST_NOMEM; if(Curl_raw_equal(content, "MD5-sess")) d->algo = CURLDIGESTALGO_MD5SESS; else if(Curl_raw_equal(content, "MD5")) d->algo = CURLDIGESTALGO_MD5; else return CURLDIGEST_BADALGO; } else { /* unknown specifier, ignore it! */ } } else break; /* we're done here */ /* pass all additional spaces here */ while(*header && ISSPACE(*header)) header++; if(',' == *header) /* allow the list to be comma-separated */ header++; } /* We had a nonce since before, and we got another one now without 'stale=true'. This means we provided bad credentials in the previous request */ if(before && !d->stale) return CURLDIGEST_BAD; /* We got this header without a nonce, that's a bad Digest line! */ if(!d->nonce) return CURLDIGEST_BAD; } else /* else not a digest, get out */ return CURLDIGEST_NONE; return CURLDIGEST_FINE; }
/* * Curl_sasl_decode_digest_http_message() * * This is used to decode a HTTP DIGEST challenge message into the seperate * attributes. * * Parameters: * * chlg [in] - The challenge message. * digest [in/out] - The digest data struct being used and modified. * * Returns CURLE_OK on success. */ CURLcode Curl_sasl_decode_digest_http_message(const char *chlg, struct digestdata *digest) { bool before = FALSE; /* got a nonce before */ bool foundAuth = FALSE; bool foundAuthInt = FALSE; char *token = NULL; char *tmp = NULL; /* If we already have received a nonce, keep that in mind */ if(digest->nonce) before = TRUE; /* Clean up any former leftovers and initialise to defaults */ Curl_sasl_digest_cleanup(digest); for(;;) { char value[DIGEST_MAX_VALUE_LENGTH]; char content[DIGEST_MAX_CONTENT_LENGTH]; /* Pass all additional spaces here */ while(*chlg && ISSPACE(*chlg)) chlg++; /* Extract a value=content pair */ if(!sasl_digest_get_pair(chlg, value, content, &chlg)) { if(Curl_raw_equal(value, "nonce")) { digest->nonce = strdup(content); if(!digest->nonce) return CURLE_OUT_OF_MEMORY; } else if(Curl_raw_equal(value, "stale")) { if(Curl_raw_equal(content, "true")) { digest->stale = TRUE; digest->nc = 1; /* we make a new nonce now */ } } else if(Curl_raw_equal(value, "realm")) { digest->realm = strdup(content); if(!digest->realm) return CURLE_OUT_OF_MEMORY; } else if(Curl_raw_equal(value, "opaque")) { digest->opaque = strdup(content); if(!digest->opaque) return CURLE_OUT_OF_MEMORY; } else if(Curl_raw_equal(value, "qop")) { char *tok_buf; /* Tokenize the list and choose auth if possible, use a temporary clone of the buffer since strtok_r() ruins it */ tmp = strdup(content); if(!tmp) return CURLE_OUT_OF_MEMORY; token = strtok_r(tmp, ",", &tok_buf); while(token != NULL) { if(Curl_raw_equal(token, DIGEST_QOP_VALUE_STRING_AUTH)) { foundAuth = TRUE; } else if(Curl_raw_equal(token, DIGEST_QOP_VALUE_STRING_AUTH_INT)) { foundAuthInt = TRUE; } token = strtok_r(NULL, ",", &tok_buf); } free(tmp); /* Select only auth or auth-int. Otherwise, ignore */ if(foundAuth) { digest->qop = strdup(DIGEST_QOP_VALUE_STRING_AUTH); if(!digest->qop) return CURLE_OUT_OF_MEMORY; } else if(foundAuthInt) { digest->qop = strdup(DIGEST_QOP_VALUE_STRING_AUTH_INT); if(!digest->qop) return CURLE_OUT_OF_MEMORY; } } else if(Curl_raw_equal(value, "algorithm")) { digest->algorithm = strdup(content); if(!digest->algorithm) return CURLE_OUT_OF_MEMORY; if(Curl_raw_equal(content, "MD5-sess")) digest->algo = CURLDIGESTALGO_MD5SESS; else if(Curl_raw_equal(content, "MD5")) digest->algo = CURLDIGESTALGO_MD5; else return CURLE_BAD_CONTENT_ENCODING; } else { /* unknown specifier, ignore it! */ } } else break; /* we're done here */ /* Pass all additional spaces here */ while(*chlg && ISSPACE(*chlg)) chlg++; /* Allow the list to be comma-separated */ if(',' == *chlg) chlg++; } /* We had a nonce since before, and we got another one now without 'stale=true'. This means we provided bad credentials in the previous request */ if(before && !digest->stale) return CURLE_BAD_CONTENT_ENCODING; /* We got this header without a nonce, that's a bad Digest line! */ if(!digest->nonce) return CURLE_BAD_CONTENT_ENCODING; return CURLE_OK; }
/* * Curl_sasl_create_digest_http_message() * * This is used to generate a HTTP DIGEST response message ready for sending * to the recipient. * * Parameters: * * data [in] - The session handle. * userp [in] - The user name. * passdwp [in] - The user's password. * request [in] - The HTTP request. * uripath [in] - The path of the HTTP uri. * digest [in/out] - The digest data struct being used and modified. * outptr [in/out] - The address where a pointer to newly allocated memory * holding the result will be stored upon completion. * outlen [out] - The length of the output message. * * Returns CURLE_OK on success. */ CURLcode Curl_sasl_create_digest_http_message(struct SessionHandle *data, const char *userp, const char *passwdp, const unsigned char *request, const unsigned char *uripath, struct digestdata *digest, char **outptr, size_t *outlen) { CURLcode result; unsigned char md5buf[16]; /* 16 bytes/128 bits */ unsigned char request_digest[33]; unsigned char *md5this; unsigned char ha1[33];/* 32 digits and 1 zero byte */ unsigned char ha2[33];/* 32 digits and 1 zero byte */ char cnoncebuf[33]; char *cnonce = NULL; size_t cnonce_sz = 0; char *userp_quoted; char *response = NULL; char *tmp = NULL; if(!digest->nc) digest->nc = 1; if(!digest->cnonce) { snprintf(cnoncebuf, sizeof(cnoncebuf), "%08x%08x%08x%08x", Curl_rand(data), Curl_rand(data), Curl_rand(data), Curl_rand(data)); result = Curl_base64_encode(data, cnoncebuf, strlen(cnoncebuf), &cnonce, &cnonce_sz); if(result) return result; digest->cnonce = cnonce; } /* if the algorithm is "MD5" or unspecified (which then defaults to MD5): A1 = unq(username-value) ":" unq(realm-value) ":" passwd if the algorithm is "MD5-sess" then: A1 = H( unq(username-value) ":" unq(realm-value) ":" passwd ) ":" unq(nonce-value) ":" unq(cnonce-value) */ md5this = (unsigned char *) aprintf("%s:%s:%s", userp, digest->realm, passwdp); if(!md5this) return CURLE_OUT_OF_MEMORY; CURL_OUTPUT_DIGEST_CONV(data, md5this); /* convert on non-ASCII machines */ Curl_md5it(md5buf, md5this); free(md5this); sasl_digest_md5_to_ascii(md5buf, ha1); if(digest->algo == CURLDIGESTALGO_MD5SESS) { /* nonce and cnonce are OUTSIDE the hash */ tmp = aprintf("%s:%s:%s", ha1, digest->nonce, digest->cnonce); if(!tmp) return CURLE_OUT_OF_MEMORY; CURL_OUTPUT_DIGEST_CONV(data, tmp); /* convert on non-ASCII machines */ Curl_md5it(md5buf, (unsigned char *)tmp); free(tmp); sasl_digest_md5_to_ascii(md5buf, ha1); } /* If the "qop" directive's value is "auth" or is unspecified, then A2 is: A2 = Method ":" digest-uri-value If the "qop" value is "auth-int", then A2 is: A2 = Method ":" digest-uri-value ":" H(entity-body) (The "Method" value is the HTTP request method as specified in section 5.1.1 of RFC 2616) */ md5this = (unsigned char *)aprintf("%s:%s", request, uripath); if(digest->qop && Curl_raw_equal(digest->qop, "auth-int")) { /* We don't support auth-int for PUT or POST at the moment. TODO: replace md5 of empty string with entity-body for PUT/POST */ unsigned char *md5this2 = (unsigned char *) aprintf("%s:%s", md5this, "d41d8cd98f00b204e9800998ecf8427e"); free(md5this); md5this = md5this2; } if(!md5this) return CURLE_OUT_OF_MEMORY; CURL_OUTPUT_DIGEST_CONV(data, md5this); /* convert on non-ASCII machines */ Curl_md5it(md5buf, md5this); free(md5this); sasl_digest_md5_to_ascii(md5buf, ha2); if(digest->qop) { md5this = (unsigned char *)aprintf("%s:%s:%08x:%s:%s:%s", ha1, digest->nonce, digest->nc, digest->cnonce, digest->qop, ha2); } else { md5this = (unsigned char *)aprintf("%s:%s:%s", ha1, digest->nonce, ha2); } if(!md5this) return CURLE_OUT_OF_MEMORY; CURL_OUTPUT_DIGEST_CONV(data, md5this); /* convert on non-ASCII machines */ Curl_md5it(md5buf, md5this); free(md5this); sasl_digest_md5_to_ascii(md5buf, request_digest); /* for test case 64 (snooped from a Mozilla 1.3a request) Authorization: Digest username="******", realm="testrealm", \ nonce="1053604145", uri="/64", response="c55f7f30d83d774a3d2dcacf725abaca" Digest parameters are all quoted strings. Username which is provided by the user will need double quotes and backslashes within it escaped. For the other fields, this shouldn't be an issue. realm, nonce, and opaque are copied as is from the server, escapes and all. cnonce is generated with web-safe characters. uri is already percent encoded. nc is 8 hex characters. algorithm and qop with standard values only contain web-safe chracters. */ userp_quoted = sasl_digest_string_quoted(userp); if(!userp_quoted) return CURLE_OUT_OF_MEMORY; if(digest->qop) { response = aprintf("username=\"%s\", " "realm=\"%s\", " "nonce=\"%s\", " "uri=\"%s\", " "cnonce=\"%s\", " "nc=%08x, " "qop=%s, " "response=\"%s\"", userp_quoted, digest->realm, digest->nonce, uripath, digest->cnonce, digest->nc, digest->qop, request_digest); if(Curl_raw_equal(digest->qop, "auth")) digest->nc++; /* The nc (from RFC) has to be a 8 hex digit number 0 padded which tells to the server how many times you are using the same nonce in the qop=auth mode */ } else { response = aprintf("username=\"%s\", " "realm=\"%s\", " "nonce=\"%s\", " "uri=\"%s\", " "response=\"%s\"", userp_quoted, digest->realm, digest->nonce, uripath, request_digest); } free(userp_quoted); if(!response) return CURLE_OUT_OF_MEMORY; /* Add the optional fields */ if(digest->opaque) { /* Append the opaque */ tmp = aprintf("%s, opaque=\"%s\"", response, digest->opaque); free(response); if(!tmp) return CURLE_OUT_OF_MEMORY; response = tmp; } if(digest->algorithm) { /* Append the algorithm */ tmp = aprintf("%s, algorithm=\"%s\"", response, digest->algorithm); free(response); if(!tmp) return CURLE_OUT_OF_MEMORY; response = tmp; } /* Return the output */ *outptr = response; *outlen = strlen(response); return CURLE_OK; }
struct Cookie *Curl_cookie_getlist(struct CookieInfo *c, const char *host, const char *path, bool secure) { struct Cookie *newco; struct Cookie *co; time_t now = time(NULL); struct Cookie *mainco=NULL; if(!c || !c->cookies) return NULL; /* no cookie struct or no cookies in the struct */ co = c->cookies; while(co) { /* only process this cookie if it is not expired or had no expire date AND that if the cookie requires we're secure we must only continue if we are! */ if( (!co->expires || (co->expires > now)) && (co->secure?secure:TRUE) ) { /* now check if the domain is correct */ if(!co->domain || (co->tailmatch && tailmatch(co->domain, host)) || (!co->tailmatch && Curl_raw_equal(host, co->domain)) ) { /* the right part of the host matches the domain stuff in the cookie data */ /* now check the left part of the path with the cookies path requirement */ if(!co->path || /* not using checkprefix() because matching should be case-sensitive */ !strncmp(co->path, path, strlen(co->path)) ) { /* and now, we know this is a match and we should create an entry for the return-linked-list */ newco = (struct Cookie*) malloc(sizeof(struct Cookie)); if(newco) { /* first, copy the whole source cookie: */ memcpy(newco, co, sizeof(struct Cookie)); /* then modify our next */ newco->next = mainco; /* point the main to us */ mainco = newco; } else { /* failure, clear up the allocated chain and return NULL */ while(mainco) { co = mainco->next; free(mainco); mainco = co; } return NULL; } } } } co = co->next; } return mainco; /* return the new list */ }
static CURLcode Curl_ldap(struct connectdata *conn, bool *done) { CURLcode status = CURLE_OK; int rc = 0; LDAP *server = NULL; LDAPURLDesc *ludp = NULL; LDAPMessage *result = NULL; LDAPMessage *entryIterator; int num = 0; struct SessionHandle *data=conn->data; int ldap_proto = LDAP_VERSION3; int ldap_ssl = 0; char *val_b64 = NULL; size_t val_b64_sz = 0; curl_off_t dlsize = 0; #ifdef LDAP_OPT_NETWORK_TIMEOUT struct timeval ldap_timeout = {10,0}; /* 10 sec connection/search timeout */ #endif *done = TRUE; /* unconditionally */ infof(data, "LDAP local: LDAP Vendor = %s ; LDAP Version = %d\n", LDAP_VENDOR_NAME, LDAP_VENDOR_VERSION); infof(data, "LDAP local: %s\n", data->change.url); #ifdef HAVE_LDAP_URL_PARSE rc = ldap_url_parse(data->change.url, &ludp); #else rc = _ldap_url_parse(conn, &ludp); #endif if(rc != 0) { failf(data, "LDAP local: %s", ldap_err2string(rc)); status = CURLE_LDAP_INVALID_URL; goto quit; } /* Get the URL scheme ( either ldap or ldaps ) */ if(conn->given->flags & PROTOPT_SSL) ldap_ssl = 1; infof(data, "LDAP local: trying to establish %s connection\n", ldap_ssl ? "encrypted" : "cleartext"); #ifdef LDAP_OPT_NETWORK_TIMEOUT ldap_set_option(NULL, LDAP_OPT_NETWORK_TIMEOUT, &ldap_timeout); #endif ldap_set_option(NULL, LDAP_OPT_PROTOCOL_VERSION, &ldap_proto); if(ldap_ssl) { #ifdef HAVE_LDAP_SSL #ifdef CURL_LDAP_WIN /* Win32 LDAP SDK doesn't support insecure mode without CA! */ server = ldap_sslinit(conn->host.name, (int)conn->port, 1); ldap_set_option(server, LDAP_OPT_SSL, LDAP_OPT_ON); #else int ldap_option; char* ldap_ca = data->set.str[STRING_SSL_CAFILE]; #if defined(CURL_HAS_NOVELL_LDAPSDK) rc = ldapssl_client_init(NULL, NULL); if(rc != LDAP_SUCCESS) { failf(data, "LDAP local: ldapssl_client_init %s", ldap_err2string(rc)); status = CURLE_SSL_CERTPROBLEM; goto quit; } if(data->set.ssl.verifypeer) { /* Novell SDK supports DER or BASE64 files. */ int cert_type = LDAPSSL_CERT_FILETYPE_B64; if((data->set.str[STRING_CERT_TYPE]) && (Curl_raw_equal(data->set.str[STRING_CERT_TYPE], "DER"))) cert_type = LDAPSSL_CERT_FILETYPE_DER; if(!ldap_ca) { failf(data, "LDAP local: ERROR %s CA cert not set!", (cert_type == LDAPSSL_CERT_FILETYPE_DER ? "DER" : "PEM")); status = CURLE_SSL_CERTPROBLEM; goto quit; } infof(data, "LDAP local: using %s CA cert '%s'\n", (cert_type == LDAPSSL_CERT_FILETYPE_DER ? "DER" : "PEM"), ldap_ca); rc = ldapssl_add_trusted_cert(ldap_ca, cert_type); if(rc != LDAP_SUCCESS) { failf(data, "LDAP local: ERROR setting %s CA cert: %s", (cert_type == LDAPSSL_CERT_FILETYPE_DER ? "DER" : "PEM"), ldap_err2string(rc)); status = CURLE_SSL_CERTPROBLEM; goto quit; } ldap_option = LDAPSSL_VERIFY_SERVER; } else ldap_option = LDAPSSL_VERIFY_NONE; rc = ldapssl_set_verify_mode(ldap_option); if(rc != LDAP_SUCCESS) { failf(data, "LDAP local: ERROR setting cert verify mode: %s", ldap_err2string(rc)); status = CURLE_SSL_CERTPROBLEM; goto quit; } server = ldapssl_init(conn->host.name, (int)conn->port, 1); if(server == NULL) { failf(data, "LDAP local: Cannot connect to %s:%hu", conn->host.name, conn->port); status = CURLE_COULDNT_CONNECT; goto quit; } #elif defined(LDAP_OPT_X_TLS) if(data->set.ssl.verifypeer) { /* OpenLDAP SDK supports BASE64 files. */ if((data->set.str[STRING_CERT_TYPE]) && (!Curl_raw_equal(data->set.str[STRING_CERT_TYPE], "PEM"))) { failf(data, "LDAP local: ERROR OpenLDAP only supports PEM cert-type!"); status = CURLE_SSL_CERTPROBLEM; goto quit; } if(!ldap_ca) { failf(data, "LDAP local: ERROR PEM CA cert not set!"); status = CURLE_SSL_CERTPROBLEM; goto quit; } infof(data, "LDAP local: using PEM CA cert: %s\n", ldap_ca); rc = ldap_set_option(NULL, LDAP_OPT_X_TLS_CACERTFILE, ldap_ca); if(rc != LDAP_SUCCESS) { failf(data, "LDAP local: ERROR setting PEM CA cert: %s", ldap_err2string(rc)); status = CURLE_SSL_CERTPROBLEM; goto quit; } ldap_option = LDAP_OPT_X_TLS_DEMAND; } else ldap_option = LDAP_OPT_X_TLS_NEVER; rc = ldap_set_option(NULL, LDAP_OPT_X_TLS_REQUIRE_CERT, &ldap_option); if(rc != LDAP_SUCCESS) { failf(data, "LDAP local: ERROR setting cert verify mode: %s", ldap_err2string(rc)); status = CURLE_SSL_CERTPROBLEM; goto quit; } server = ldap_init(conn->host.name, (int)conn->port); if(server == NULL) { failf(data, "LDAP local: Cannot connect to %s:%hu", conn->host.name, conn->port); status = CURLE_COULDNT_CONNECT; goto quit; } ldap_option = LDAP_OPT_X_TLS_HARD; rc = ldap_set_option(server, LDAP_OPT_X_TLS, &ldap_option); if(rc != LDAP_SUCCESS) { failf(data, "LDAP local: ERROR setting SSL/TLS mode: %s", ldap_err2string(rc)); status = CURLE_SSL_CERTPROBLEM; goto quit; } /* rc = ldap_start_tls_s(server, NULL, NULL); if(rc != LDAP_SUCCESS) { failf(data, "LDAP local: ERROR starting SSL/TLS mode: %s", ldap_err2string(rc)); status = CURLE_SSL_CERTPROBLEM; goto quit; } */ #else /* we should probably never come up to here since configure should check in first place if we can support LDAP SSL/TLS */ failf(data, "LDAP local: SSL/TLS not supported with this version " "of the OpenLDAP toolkit\n"); status = CURLE_SSL_CERTPROBLEM; goto quit; #endif #endif #endif /* CURL_LDAP_USE_SSL */ } else { server = ldap_init(conn->host.name, (int)conn->port); if(server == NULL) { failf(data, "LDAP local: Cannot connect to %s:%hu", conn->host.name, conn->port); status = CURLE_COULDNT_CONNECT; goto quit; } } #ifdef CURL_LDAP_WIN ldap_set_option(server, LDAP_OPT_PROTOCOL_VERSION, &ldap_proto); #endif rc = ldap_simple_bind_s(server, conn->bits.user_passwd ? conn->user : NULL, conn->bits.user_passwd ? conn->passwd : NULL); if(!ldap_ssl && rc != 0) { ldap_proto = LDAP_VERSION2; ldap_set_option(server, LDAP_OPT_PROTOCOL_VERSION, &ldap_proto); rc = ldap_simple_bind_s(server, conn->bits.user_passwd ? conn->user : NULL, conn->bits.user_passwd ? conn->passwd : NULL); } if(rc != 0) { failf(data, "LDAP local: ldap_simple_bind_s %s", ldap_err2string(rc)); status = CURLE_LDAP_CANNOT_BIND; goto quit; } rc = ldap_search_s(server, ludp->lud_dn, ludp->lud_scope, ludp->lud_filter, ludp->lud_attrs, 0, &result); if(rc != 0 && rc != LDAP_SIZELIMIT_EXCEEDED) { failf(data, "LDAP remote: %s", ldap_err2string(rc)); status = CURLE_LDAP_SEARCH_FAILED; goto quit; } for(num = 0, entryIterator = ldap_first_entry(server, result); entryIterator; entryIterator = ldap_next_entry(server, entryIterator), num++) { BerElement *ber = NULL; char *attribute; /*! suspicious that this isn't 'const' */ char *dn = ldap_get_dn(server, entryIterator); int i; Curl_client_write(conn, CLIENTWRITE_BODY, (char *)"DN: ", 4); Curl_client_write(conn, CLIENTWRITE_BODY, (char *)dn, 0); Curl_client_write(conn, CLIENTWRITE_BODY, (char *)"\n", 1); dlsize += strlen(dn)+5; for(attribute = ldap_first_attribute(server, entryIterator, &ber); attribute; attribute = ldap_next_attribute(server, entryIterator, ber)) { BerValue **vals = ldap_get_values_len(server, entryIterator, attribute); if(vals != NULL) { for(i = 0; (vals[i] != NULL); i++) { Curl_client_write(conn, CLIENTWRITE_BODY, (char *)"\t", 1); Curl_client_write(conn, CLIENTWRITE_BODY, (char *) attribute, 0); Curl_client_write(conn, CLIENTWRITE_BODY, (char *)": ", 2); dlsize += strlen(attribute)+3; if((strlen(attribute) > 7) && (strcmp(";binary", (char *)attribute + (strlen((char *)attribute) - 7)) == 0)) { /* Binary attribute, encode to base64. */ CURLcode error = Curl_base64_encode(data, vals[i]->bv_val, vals[i]->bv_len, &val_b64, &val_b64_sz); if(error) { ldap_value_free_len(vals); ldap_memfree(attribute); ldap_memfree(dn); if(ber) ber_free(ber, 0); status = error; goto quit; } if(val_b64_sz > 0) { Curl_client_write(conn, CLIENTWRITE_BODY, val_b64, val_b64_sz); free(val_b64); dlsize += val_b64_sz; } } else { Curl_client_write(conn, CLIENTWRITE_BODY, vals[i]->bv_val, vals[i]->bv_len); dlsize += vals[i]->bv_len; } Curl_client_write(conn, CLIENTWRITE_BODY, (char *)"\n", 0); dlsize++; } /* Free memory used to store values */ ldap_value_free_len(vals); } Curl_client_write(conn, CLIENTWRITE_BODY, (char *)"\n", 1); dlsize++; Curl_pgrsSetDownloadCounter(data, dlsize); ldap_memfree(attribute); } ldap_memfree(dn); if(ber) ber_free(ber, 0); } quit: if(result) { ldap_msgfree(result); LDAP_TRACE (("Received %d entries\n", num)); } if(rc == LDAP_SIZELIMIT_EXCEEDED) infof(data, "There are more than %d entries\n", num); if(ludp) ldap_free_urldesc(ludp); if(server) ldap_unbind_s(server); #if defined(HAVE_LDAP_SSL) && defined(CURL_HAS_NOVELL_LDAPSDK) if(ldap_ssl) ldapssl_client_deinit(); #endif /* HAVE_LDAP_SSL && CURL_HAS_NOVELL_LDAPSDK */ /* no data to transfer */ Curl_setup_transfer(conn, -1, -1, FALSE, NULL, -1, NULL); conn->bits.close = TRUE; return status; }
CURLcode Curl_output_digest(struct connectdata *conn, bool proxy, const unsigned char *request, const unsigned char *uripath) { /* We have a Digest setup for this, use it! Now, to get all the details for this sorted out, I must urge you dear friend to read up on the RFC2617 section 3.2.2, */ size_t urilen; unsigned char md5buf[16]; /* 16 bytes/128 bits */ unsigned char request_digest[33]; unsigned char *md5this; unsigned char ha1[33];/* 32 digits and 1 zero byte */ unsigned char ha2[33];/* 32 digits and 1 zero byte */ char cnoncebuf[33]; char *cnonce = NULL; size_t cnonce_sz = 0; char *tmp = NULL; char **allocuserpwd; size_t userlen; const char *userp; char *userp_quoted; const char *passwdp; struct auth *authp; struct SessionHandle *data = conn->data; struct digestdata *d; CURLcode result; /* The CURL_OUTPUT_DIGEST_CONV macro below is for non-ASCII machines. It converts digest text to ASCII so the MD5 will be correct for what ultimately goes over the network. */ #define CURL_OUTPUT_DIGEST_CONV(a, b) \ result = Curl_convert_to_network(a, (char *)b, strlen((const char*)b)); \ if(result) { \ free(b); \ return result; \ } if(proxy) { d = &data->state.proxydigest; allocuserpwd = &conn->allocptr.proxyuserpwd; userp = conn->proxyuser; passwdp = conn->proxypasswd; authp = &data->state.authproxy; } else { d = &data->state.digest; allocuserpwd = &conn->allocptr.userpwd; userp = conn->user; passwdp = conn->passwd; authp = &data->state.authhost; } Curl_safefree(*allocuserpwd); /* not set means empty */ if(!userp) userp=""; if(!passwdp) passwdp=""; if(!d->nonce) { authp->done = FALSE; return CURLE_OK; } authp->done = TRUE; if(!d->nc) d->nc = 1; if(!d->cnonce) { snprintf(cnoncebuf, sizeof(cnoncebuf), "%08x%08x%08x%08x", Curl_rand(data), Curl_rand(data), Curl_rand(data), Curl_rand(data)); result = Curl_base64_encode(data, cnoncebuf, strlen(cnoncebuf), &cnonce, &cnonce_sz); if(result) return result; d->cnonce = cnonce; } /* if the algorithm is "MD5" or unspecified (which then defaults to MD5): A1 = unq(username-value) ":" unq(realm-value) ":" passwd if the algorithm is "MD5-sess" then: A1 = H( unq(username-value) ":" unq(realm-value) ":" passwd ) ":" unq(nonce-value) ":" unq(cnonce-value) */ md5this = (unsigned char *) aprintf("%s:%s:%s", userp, d->realm, passwdp); if(!md5this) return CURLE_OUT_OF_MEMORY; CURL_OUTPUT_DIGEST_CONV(data, md5this); /* convert on non-ASCII machines */ Curl_md5it(md5buf, md5this); Curl_safefree(md5this); md5_to_ascii(md5buf, ha1); if(d->algo == CURLDIGESTALGO_MD5SESS) { /* nonce and cnonce are OUTSIDE the hash */ tmp = aprintf("%s:%s:%s", ha1, d->nonce, d->cnonce); if(!tmp) return CURLE_OUT_OF_MEMORY; CURL_OUTPUT_DIGEST_CONV(data, tmp); /* convert on non-ASCII machines */ Curl_md5it(md5buf, (unsigned char *)tmp); Curl_safefree(tmp); md5_to_ascii(md5buf, ha1); } /* If the "qop" directive's value is "auth" or is unspecified, then A2 is: A2 = Method ":" digest-uri-value If the "qop" value is "auth-int", then A2 is: A2 = Method ":" digest-uri-value ":" H(entity-body) (The "Method" value is the HTTP request method as specified in section 5.1.1 of RFC 2616) */ /* So IE browsers < v7 cut off the URI part at the query part when they evaluate the MD5 and some (IIS?) servers work with them so we may need to do the Digest IE-style. Note that the different ways cause different MD5 sums to get sent. Apache servers can be set to do the Digest IE-style automatically using the BrowserMatch feature: http://httpd.apache.org/docs/2.2/mod/mod_auth_digest.html#msie Further details on Digest implementation differences: http://www.fngtps.com/2006/09/http-authentication */ if(authp->iestyle && ((tmp = strchr((char *)uripath, '?')) != NULL)) urilen = tmp - (char *)uripath; else urilen = strlen((char *)uripath); md5this = (unsigned char *)aprintf("%s:%.*s", request, urilen, uripath); if(d->qop && Curl_raw_equal(d->qop, "auth-int")) { /* We don't support auth-int for PUT or POST at the moment. TODO: replace md5 of empty string with entity-body for PUT/POST */ unsigned char *md5this2 = (unsigned char *) aprintf("%s:%s", md5this, "d41d8cd98f00b204e9800998ecf8427e"); Curl_safefree(md5this); md5this = md5this2; } if(!md5this) return CURLE_OUT_OF_MEMORY; CURL_OUTPUT_DIGEST_CONV(data, md5this); /* convert on non-ASCII machines */ Curl_md5it(md5buf, md5this); Curl_safefree(md5this); md5_to_ascii(md5buf, ha2); if(d->qop) { md5this = (unsigned char *)aprintf("%s:%s:%08x:%s:%s:%s", ha1, d->nonce, d->nc, d->cnonce, d->qop, ha2); } else { md5this = (unsigned char *)aprintf("%s:%s:%s", ha1, d->nonce, ha2); } if(!md5this) return CURLE_OUT_OF_MEMORY; CURL_OUTPUT_DIGEST_CONV(data, md5this); /* convert on non-ASCII machines */ Curl_md5it(md5buf, md5this); Curl_safefree(md5this); md5_to_ascii(md5buf, request_digest); /* for test case 64 (snooped from a Mozilla 1.3a request) Authorization: Digest username="******", realm="testrealm", \ nonce="1053604145", uri="/64", response="c55f7f30d83d774a3d2dcacf725abaca" Digest parameters are all quoted strings. Username which is provided by the user will need double quotes and backslashes within it escaped. For the other fields, this shouldn't be an issue. realm, nonce, and opaque are copied as is from the server, escapes and all. cnonce is generated with web-safe characters. uri is already percent encoded. nc is 8 hex characters. algorithm and qop with standard values only contain web-safe chracters. */ userp_quoted = string_quoted(userp); if(!userp_quoted) return CURLE_OUT_OF_MEMORY; if(d->qop) { *allocuserpwd = aprintf( "%sAuthorization: Digest " "username=\"%s\", " "realm=\"%s\", " "nonce=\"%s\", " "uri=\"%.*s\", " "cnonce=\"%s\", " "nc=%08x, " "qop=%s, " "response=\"%s\"", proxy?"Proxy-":"", userp_quoted, d->realm, d->nonce, urilen, uripath, /* this is the PATH part of the URL */ d->cnonce, d->nc, d->qop, request_digest); if(Curl_raw_equal(d->qop, "auth")) d->nc++; /* The nc (from RFC) has to be a 8 hex digit number 0 padded which tells to the server how many times you are using the same nonce in the qop=auth mode. */ } else { *allocuserpwd = aprintf( "%sAuthorization: Digest " "username=\"%s\", " "realm=\"%s\", " "nonce=\"%s\", " "uri=\"%.*s\", " "response=\"%s\"", proxy?"Proxy-":"", userp_quoted, d->realm, d->nonce, urilen, uripath, /* this is the PATH part of the URL */ request_digest); } Curl_safefree(userp_quoted); if(!*allocuserpwd) return CURLE_OUT_OF_MEMORY; /* Add optional fields */ if(d->opaque) { /* append opaque */ tmp = aprintf("%s, opaque=\"%s\"", *allocuserpwd, d->opaque); if(!tmp) return CURLE_OUT_OF_MEMORY; free(*allocuserpwd); *allocuserpwd = tmp; } if(d->algorithm) { /* append algorithm */ tmp = aprintf("%s, algorithm=\"%s\"", *allocuserpwd, d->algorithm); if(!tmp) return CURLE_OUT_OF_MEMORY; free(*allocuserpwd); *allocuserpwd = tmp; } /* append CRLF + zero (3 bytes) to the userpwd header */ userlen = strlen(*allocuserpwd); tmp = realloc(*allocuserpwd, userlen + 3); if(!tmp) return CURLE_OUT_OF_MEMORY; strcpy(&tmp[userlen], "\r\n"); /* append the data */ *allocuserpwd = tmp; return CURLE_OK; }
/* returns -1 on failure, 0 if the host is found, 1 is the host isn't found */ int Curl_parsenetrc(const char *host, char *login, char *password, char *netrcfile) { FILE *file; int retcode = 1; int specific_login = (login[0] != 0); char *home = NULL; bool home_alloc = FALSE; bool netrc_alloc = FALSE; int state = NOTHING; char state_login = 0; /* Found a login keyword */ char state_password = 0; /* Found a password keyword */ int state_our_login = FALSE; /* With specific_login, found *our* login name */ #define NETRC DOT_CHAR "netrc" #ifdef DEBUGBUILD { /* This is a hack to allow testing. * If compiled with --enable-debug and CURL_DEBUG_NETRC is defined, * then it's the path to a substitute .netrc for testing purposes *only* */ char *override = curl_getenv("CURL_DEBUG_NETRC"); if (override) { fprintf(stderr, "NETRC: overridden " NETRC " file: %s\n", override); netrcfile = override; netrc_alloc = TRUE; } } #endif /* DEBUGBUILD */ if (!netrcfile) { home = curl_getenv("HOME"); /* portable environment reader */ if (home) { home_alloc = TRUE; #if defined(HAVE_GETPWUID) && defined(HAVE_GETEUID) } else { struct passwd *pw; pw = getpwuid(geteuid()); if (pw) { #ifdef __VMS home = decc_translate_vms(pw->pw_dir); #else home = pw->pw_dir; #endif } #endif } if (!home) return -1; netrcfile = curl_maprintf("%s%s%s", home, DIR_CHAR, NETRC); if (!netrcfile) { if (home_alloc) free(home); return -1; } netrc_alloc = TRUE; } file = fopen(netrcfile, "r"); if (file) { char *tok; char *tok_buf; bool done = FALSE; char netrcbuffer[256]; int netrcbuffsize = (int)sizeof(netrcbuffer); while (!done && fgets(netrcbuffer, netrcbuffsize, file)) { tok = strtok_r(netrcbuffer, " \t\n", &tok_buf); while (!done && tok) { if (login[0] && password[0]) { done = TRUE; break; } switch (state) { case NOTHING: if (Curl_raw_equal("machine", tok)) { /* the next tok is the machine name, this is in itself the delimiter that starts the stuff entered for this machine, after this we need to search for 'login' and 'password'. */ state = HOSTFOUND; } break; case HOSTFOUND: if (Curl_raw_equal(host, tok)) { /* and yes, this is our host! */ state = HOSTVALID; #ifdef _NETRC_DEBUG fprintf(stderr, "HOST: %s\n", tok); #endif retcode = 0; /* we did find our host */ } else /* not our host */ state = NOTHING; break; case HOSTVALID: /* we are now parsing sub-keywords concerning "our" host */ if (state_login) { if (specific_login) { state_our_login = Curl_raw_equal(login, tok); } else { strncpy(login, tok, LOGINSIZE - 1); #ifdef _NETRC_DEBUG fprintf(stderr, "LOGIN: %s\n", login); #endif } state_login = 0; } else if (state_password) { if (state_our_login || !specific_login) { strncpy(password, tok, PASSWORDSIZE - 1); #ifdef _NETRC_DEBUG fprintf(stderr, "PASSWORD: %s\n", password); #endif } state_password = 0; } else if (Curl_raw_equal("login", tok)) state_login = 1; else if (Curl_raw_equal("password", tok)) state_password = 1; else if (Curl_raw_equal("machine", tok)) { /* ok, there's machine here go => */ state = HOSTFOUND; state_our_login = FALSE; } break; } /* switch (state) */ tok = strtok_r(NULL, " \t\n", &tok_buf); } /* while(tok) */ } /* while fgets() */ fclose(file); } if (home_alloc) free(home); if (netrc_alloc) free(netrcfile); return retcode; }
/* * @unittest: 1304 * * *loginp and *passwordp MUST be allocated if they aren't NULL when passed * in. */ int Curl_parsenetrc(const char *host, char **loginp, char **passwordp, char *netrcfile) { FILE *file; int retcode=1; int specific_login = (**loginp != 0); char *home = NULL; bool home_alloc = FALSE; bool netrc_alloc = FALSE; enum host_lookup_state state=NOTHING; char state_login=0; /* Found a login keyword */ char state_password=0; /* Found a password keyword */ int state_our_login=FALSE; /* With specific_login, found *our* login name */ #define NETRC DOT_CHAR "netrc" if(!netrcfile) { home = curl_getenv("HOME"); /* portable environment reader */ if(home) { home_alloc = TRUE; #if defined(HAVE_GETPWUID) && defined(HAVE_GETEUID) } else { struct passwd *pw; pw= getpwuid(geteuid()); if(pw) { home = pw->pw_dir; } #endif } if(!home) return -1; netrcfile = curl_maprintf("%s%s%s", home, DIR_CHAR, NETRC); if(!netrcfile) { if(home_alloc) free(home); return -1; } netrc_alloc = TRUE; } file = fopen(netrcfile, "r"); if(file) { char *tok; char *tok_buf; bool done=FALSE; char netrcbuffer[256]; int netrcbuffsize = sizeof(netrcbuffer); while(!done && fgets(netrcbuffer, netrcbuffsize, file)) { tok=strtok_r(netrcbuffer, " \t\n", &tok_buf); while(!done && tok) { if(**loginp && **passwordp) { done=TRUE; break; } switch(state) { case NOTHING: if(Curl_raw_equal("machine", tok)) { /* the next tok is the machine name, this is in itself the delimiter that starts the stuff entered for this machine, after this we need to search for 'login' and 'password'. */ state=HOSTFOUND; } break; case HOSTFOUND: if(Curl_raw_equal(host, tok)) { /* and yes, this is our host! */ state=HOSTVALID; retcode=0; /* we did find our host */ } else /* not our host */ state=NOTHING; break; case HOSTVALID: /* we are now parsing sub-keywords concerning "our" host */ if(state_login) { if(specific_login) { state_our_login = Curl_raw_equal(*loginp, tok); } else { free(*loginp); *loginp = strdup(tok); if(!*loginp) return -1; /* allocation failed */ } state_login=0; } else if(state_password) { if(state_our_login || !specific_login) { free(*passwordp); *passwordp = strdup(tok); if(!*passwordp) return -1; /* allocation failed */ } state_password=0; } else if(Curl_raw_equal("login", tok)) state_login=1; else if(Curl_raw_equal("password", tok)) state_password=1; else if(Curl_raw_equal("machine", tok)) { /* ok, there's machine here go => */ state = HOSTFOUND; state_our_login = FALSE; } break; } /* switch (state) */ tok = strtok_r(NULL, " \t\n", &tok_buf); } /* while(tok) */ } /* while fgets() */ fclose(file); } if(home_alloc) free(home); if(netrc_alloc) free(netrcfile); return retcode; }
static metalinkfile *new_metalinkfile(metalink_file_t *fileinfo) { metalinkfile *f; f = (metalinkfile*)malloc(sizeof(metalinkfile)); if(!f) return NULL; f->next = NULL; f->filename = strdup(fileinfo->name); if(!f->filename) { free(f); return NULL; } f->checksum = NULL; f->resource = NULL; if(fileinfo->checksums) { const metalink_digest_alias *digest_alias; for(digest_alias = digest_aliases; digest_alias->alias_name; ++digest_alias) { metalink_checksum_t **p; for(p = fileinfo->checksums; *p; ++p) { if(Curl_raw_equal(digest_alias->alias_name, (*p)->type) && check_hex_digest((*p)->hash, digest_alias->digest_def)) { f->checksum = new_metalink_checksum_from_hex_digest(digest_alias->digest_def, (*p)->hash); break; } } if(f->checksum) { break; } } } if(fileinfo->resources) { metalink_resource_t **p; metalink_resource root, *tail; root.next = NULL; tail = &root; for(p = fileinfo->resources; *p; ++p) { metalink_resource *res; /* Filter by type if it is non-NULL. In Metalink v3, type includes the type of the resource. In curl, we are only interested in HTTP, HTTPS and FTP. In addition to them, Metalink v3 file may contain bittorrent type URL, which points to the BitTorrent metainfo file. We ignore it here. In Metalink v4, type was deprecated and all fileinfo->resources point to the target file. BitTorrent metainfo file URL may be appeared in fileinfo->metaurls. */ if((*p)->type == NULL || Curl_raw_equal((*p)->type, "http") || Curl_raw_equal((*p)->type, "https") || Curl_raw_equal((*p)->type, "ftp") || Curl_raw_equal((*p)->type, "ftps")) { res = new_metalink_resource((*p)->url); tail->next = res; tail = res; } } f->resource = root.next; } return f; }
static CURLcode check_telnet_options(struct connectdata *conn) { struct curl_slist *head; struct curl_slist *beg; char option_keyword[128]; char option_arg[256]; struct SessionHandle *data = conn->data; struct TELNET *tn = (struct TELNET *)conn->data->state.proto.telnet; CURLcode result = CURLE_OK; int binary_option; /* Add the user name as an environment variable if it was given on the command line */ if(conn->bits.user_passwd) { snprintf(option_arg, sizeof(option_arg), "USER,%s", conn->user); beg = curl_slist_append(tn->telnet_vars, option_arg); if(!beg) { curl_slist_free_all(tn->telnet_vars); tn->telnet_vars = NULL; return CURLE_OUT_OF_MEMORY; } tn->telnet_vars = beg; tn->us_preferred[CURL_TELOPT_NEW_ENVIRON] = CURL_YES; } for(head = data->set.telnet_options; head; head=head->next) { if(sscanf(head->data, "%127[^= ]%*[ =]%255s", option_keyword, option_arg) == 2) { /* Terminal type */ if(Curl_raw_equal(option_keyword, "TTYPE")) { strncpy(tn->subopt_ttype, option_arg, 31); tn->subopt_ttype[31] = 0; /* String termination */ tn->us_preferred[CURL_TELOPT_TTYPE] = CURL_YES; continue; } /* Display variable */ if(Curl_raw_equal(option_keyword, "XDISPLOC")) { strncpy(tn->subopt_xdisploc, option_arg, 127); tn->subopt_xdisploc[127] = 0; /* String termination */ tn->us_preferred[CURL_TELOPT_XDISPLOC] = CURL_YES; continue; } /* Environment variable */ if(Curl_raw_equal(option_keyword, "NEW_ENV")) { beg = curl_slist_append(tn->telnet_vars, option_arg); if(!beg) { result = CURLE_OUT_OF_MEMORY; break; } tn->telnet_vars = beg; tn->us_preferred[CURL_TELOPT_NEW_ENVIRON] = CURL_YES; continue; } /* Window Size */ if(Curl_raw_equal(option_keyword, "WS")) { if(sscanf(option_arg, "%hu%*[xX]%hu", &tn->subopt_wsx, &tn->subopt_wsy) == 2) tn->us_preferred[CURL_TELOPT_NAWS] = CURL_YES; else { failf(data, "Syntax error in telnet option: %s", head->data); result = CURLE_TELNET_OPTION_SYNTAX; break; } continue; } /* To take care or not of the 8th bit in data exchange */ if(Curl_raw_equal(option_keyword, "BINARY")) { binary_option=atoi(option_arg); if(binary_option!=1) { tn->us_preferred[CURL_TELOPT_BINARY] = CURL_NO; tn->him_preferred[CURL_TELOPT_BINARY] = CURL_NO; } continue; } failf(data, "Unknown telnet option %s", head->data); result = CURLE_UNKNOWN_TELNET_OPTION; break; } else { failf(data, "Syntax error in telnet option: %s", head->data); result = CURLE_TELNET_OPTION_SYNTAX; break; } } if(result) { curl_slist_free_all(tn->telnet_vars); tn->telnet_vars = NULL; } return result; }