static
CURLFORMcode FormAdd(struct curl_httppost **httppost,
struct curl_httppost **last_post,
va_list params)
{
FormInfo *first_form, *current_form, *form = NULL;
CURLFORMcode return_value = CURL_FORMADD_OK;
const char *prevtype = NULL;
struct curl_httppost *post = NULL;
CURLformoption option;
struct curl_forms *forms = NULL;
char *array_value=NULL; /* value read from an array */
/* This is a state variable, that if TRUE means that we're parsing an
array that we got passed to us. If FALSE we're parsing the input
va_list arguments. */
bool array_state = FALSE;
/*
* We need to allocate the first struct to fill in.
*/
first_form = calloc(1, sizeof(struct FormInfo));
if(!first_form)
return CURL_FORMADD_MEMORY;
current_form = first_form;
/*
* Loop through all the options set. Break if we have an error to report.
*/
while(return_value == CURL_FORMADD_OK) {
/* first see if we have more parts of the array param */
if(array_state && forms) {
/* get the upcoming option from the given array */
option = forms->option;
array_value = (char *)forms->value;
forms++; /* advance this to next entry */
if(CURLFORM_END == option) {
/* end of array state */
array_state = FALSE;
continue;
}
}
else {
/* This is not array-state, get next option */
option = va_arg(params, CURLformoption);
if(CURLFORM_END == option)
break;
}
switch (option) {
case CURLFORM_ARRAY:
if(array_state)
/* we don't support an array from within an array */
return_value = CURL_FORMADD_ILLEGAL_ARRAY;
else {
forms = va_arg(params, struct curl_forms *);
if(forms)
array_state = TRUE;
else
return_value = CURL_FORMADD_NULL;
}
break;
/*
* Set the Name property.
*/
case CURLFORM_PTRNAME:
#ifdef CURL_DOES_CONVERSIONS
/* Treat CURLFORM_PTR like CURLFORM_COPYNAME so that libcurl will copy
* the data in all cases so that we'll have safe memory for the eventual
* conversion.
*/
#else
current_form->flags |= HTTPPOST_PTRNAME; /* fall through */
#endif
case CURLFORM_COPYNAME:
if(current_form->name)
return_value = CURL_FORMADD_OPTION_TWICE;
else {
char *name = array_state?
array_value:va_arg(params, char *);
if(name)
current_form->name = name; /* store for the moment */
else
return_value = CURL_FORMADD_NULL;
}
break;
case CURLFORM_NAMELENGTH:
if(current_form->namelength)
return_value = CURL_FORMADD_OPTION_TWICE;
else
current_form->namelength =
array_state?(size_t)array_value:(size_t)va_arg(params, long);
break;
/*
* Set the contents property.
*/
case CURLFORM_PTRCONTENTS:
current_form->flags |= HTTPPOST_PTRCONTENTS; /* fall through */
case CURLFORM_COPYCONTENTS:
if(current_form->value)
return_value = CURL_FORMADD_OPTION_TWICE;
else {
char *value =
array_state?array_value:va_arg(params, char *);
if(value)
current_form->value = value; /* store for the moment */
else
return_value = CURL_FORMADD_NULL;
}
break;
case CURLFORM_CONTENTSLENGTH:
current_form->contentslength =
array_state?(size_t)array_value:(size_t)va_arg(params, long);
break;
case CURLFORM_CONTENTLEN:
current_form->flags |= CURL_HTTPPOST_LARGE;
current_form->contentslength =
array_state?(curl_off_t)(size_t)array_value:va_arg(params, curl_off_t);
break;
/* Get contents from a given file name */
case CURLFORM_FILECONTENT:
if(current_form->flags & (HTTPPOST_PTRCONTENTS|HTTPPOST_READFILE))
return_value = CURL_FORMADD_OPTION_TWICE;
else {
const char *filename = array_state?
array_value:va_arg(params, char *);
if(filename) {
current_form->value = strdup(filename);
if(!current_form->value)
return_value = CURL_FORMADD_MEMORY;
else {
current_form->flags |= HTTPPOST_READFILE;
current_form->value_alloc = TRUE;
}
}
else
return_value = CURL_FORMADD_NULL;
}
break;
/* We upload a file */
case CURLFORM_FILE:
{
const char *filename = array_state?array_value:
va_arg(params, char *);
if(current_form->value) {
if(current_form->flags & HTTPPOST_FILENAME) {
if(filename) {
char *fname = strdup(filename);
if(!fname)
return_value = CURL_FORMADD_MEMORY;
else {
form = AddFormInfo(fname, NULL, current_form);
if(!form) {
free(fname);
return_value = CURL_FORMADD_MEMORY;
}
else {
form->value_alloc = TRUE;
current_form = form;
form = NULL;
}
}
}
else
return_value = CURL_FORMADD_NULL;
}
else
return_value = CURL_FORMADD_OPTION_TWICE;
}
else {
if(filename) {
current_form->value = strdup(filename);
if(!current_form->value)
return_value = CURL_FORMADD_MEMORY;
else {
current_form->flags |= HTTPPOST_FILENAME;
current_form->value_alloc = TRUE;
}
}
else
return_value = CURL_FORMADD_NULL;
}
break;
}
case CURLFORM_BUFFERPTR:
current_form->flags |= HTTPPOST_PTRBUFFER|HTTPPOST_BUFFER;
if(current_form->buffer)
return_value = CURL_FORMADD_OPTION_TWICE;
else {
char *buffer =
array_state?array_value:va_arg(params, char *);
if(buffer) {
current_form->buffer = buffer; /* store for the moment */
current_form->value = buffer; /* make it non-NULL to be accepted
as fine */
}
else
return_value = CURL_FORMADD_NULL;
}
break;
case CURLFORM_BUFFERLENGTH:
if(current_form->bufferlength)
return_value = CURL_FORMADD_OPTION_TWICE;
else
current_form->bufferlength =
array_state?(size_t)array_value:(size_t)va_arg(params, long);
break;
case CURLFORM_STREAM:
current_form->flags |= HTTPPOST_CALLBACK;
if(current_form->userp)
return_value = CURL_FORMADD_OPTION_TWICE;
else {
char *userp =
array_state?array_value:va_arg(params, char *);
if(userp) {
current_form->userp = userp;
current_form->value = userp; /* this isn't strictly true but we
derive a value from this later on
and we need this non-NULL to be
accepted as a fine form part */
}
else
return_value = CURL_FORMADD_NULL;
}
break;
case CURLFORM_CONTENTTYPE:
{
const char *contenttype =
array_state?array_value:va_arg(params, char *);
if(current_form->contenttype) {
if(current_form->flags & HTTPPOST_FILENAME) {
if(contenttype) {
char *type = strdup(contenttype);
if(!type)
return_value = CURL_FORMADD_MEMORY;
else {
form = AddFormInfo(NULL, type, current_form);
if(!form) {
free(type);
return_value = CURL_FORMADD_MEMORY;
}
else {
form->contenttype_alloc = TRUE;
current_form = form;
form = NULL;
}
}
}
else
return_value = CURL_FORMADD_NULL;
}
else
return_value = CURL_FORMADD_OPTION_TWICE;
}
else {
if(contenttype) {
current_form->contenttype = strdup(contenttype);
if(!current_form->contenttype)
return_value = CURL_FORMADD_MEMORY;
else
current_form->contenttype_alloc = TRUE;
}
else
return_value = CURL_FORMADD_NULL;
}
break;
}
case CURLFORM_CONTENTHEADER:
{
/* this "cast increases required alignment of target type" but
we consider it OK anyway */
struct curl_slist* list = array_state?
(struct curl_slist*)(void*)array_value:
va_arg(params, struct curl_slist*);
if(current_form->contentheader)
return_value = CURL_FORMADD_OPTION_TWICE;
else
current_form->contentheader = list;
break;
}
case CURLFORM_FILENAME:
case CURLFORM_BUFFER:
{
const char *filename = array_state?array_value:
va_arg(params, char *);
if(current_form->showfilename)
return_value = CURL_FORMADD_OPTION_TWICE;
else {
current_form->showfilename = strdup(filename);
if(!current_form->showfilename)
return_value = CURL_FORMADD_MEMORY;
else
current_form->showfilename_alloc = TRUE;
}
break;
}
default:
return_value = CURL_FORMADD_UNKNOWN_OPTION;
break;
}
}
if(CURL_FORMADD_OK != return_value) {
/* On error, free allocated fields for all nodes of the FormInfo linked
list without deallocating nodes. List nodes are deallocated later on */
FormInfo *ptr;
for(ptr = first_form; ptr != NULL; ptr = ptr->more) {
if(ptr->name_alloc) {
Curl_safefree(ptr->name);
ptr->name_alloc = FALSE;
}
if(ptr->value_alloc) {
Curl_safefree(ptr->value);
ptr->value_alloc = FALSE;
}
if(ptr->contenttype_alloc) {
Curl_safefree(ptr->contenttype);
ptr->contenttype_alloc = FALSE;
}
if(ptr->showfilename_alloc) {
Curl_safefree(ptr->showfilename);
ptr->showfilename_alloc = FALSE;
}
}
}
if(CURL_FORMADD_OK == return_value) {
/* go through the list, check for completeness and if everything is
* alright add the HttpPost item otherwise set return_value accordingly */
post = NULL;
for(form = first_form;
form != NULL;
form = form->more) {
if(((!form->name || !form->value) && !post) ||
( (form->contentslength) &&
(form->flags & HTTPPOST_FILENAME) ) ||
( (form->flags & HTTPPOST_FILENAME) &&
(form->flags & HTTPPOST_PTRCONTENTS) ) ||
( (!form->buffer) &&
(form->flags & HTTPPOST_BUFFER) &&
(form->flags & HTTPPOST_PTRBUFFER) ) ||
( (form->flags & HTTPPOST_READFILE) &&
(form->flags & HTTPPOST_PTRCONTENTS) )
) {
return_value = CURL_FORMADD_INCOMPLETE;
break;
}
else {
if(((form->flags & HTTPPOST_FILENAME) ||
(form->flags & HTTPPOST_BUFFER)) &&
!form->contenttype) {
char *f = form->flags & HTTPPOST_BUFFER?
form->showfilename : form->value;
/* our contenttype is missing */
form->contenttype = strdup(ContentTypeForFilename(f, prevtype));
if(!form->contenttype) {
return_value = CURL_FORMADD_MEMORY;
break;
}
form->contenttype_alloc = TRUE;
}
if(!(form->flags & HTTPPOST_PTRNAME) &&
(form == first_form) ) {
/* Note that there's small risk that form->name is NULL here if the
app passed in a bad combo, so we better check for that first. */
if(form->name) {
/* copy name (without strdup; possibly contains null characters) */
form->name = Curl_memdup(form->name, form->namelength?
form->namelength:
strlen(form->name)+1);
}
if(!form->name) {
return_value = CURL_FORMADD_MEMORY;
break;
}
form->name_alloc = TRUE;
}
if(!(form->flags & (HTTPPOST_FILENAME | HTTPPOST_READFILE |
HTTPPOST_PTRCONTENTS | HTTPPOST_PTRBUFFER |
HTTPPOST_CALLBACK)) && form->value) {
/* copy value (without strdup; possibly contains null characters) */
size_t clen = (size_t) form->contentslength;
if(!clen)
clen = strlen(form->value)+1;
form->value = Curl_memdup(form->value, clen);
if(!form->value) {
return_value = CURL_FORMADD_MEMORY;
break;
}
form->value_alloc = TRUE;
}
post = AddHttpPost(form->name, form->namelength,
form->value, form->contentslength,
form->buffer, form->bufferlength,
form->contenttype, form->flags,
form->contentheader, form->showfilename,
form->userp,
post, httppost,
last_post);
if(!post) {
return_value = CURL_FORMADD_MEMORY;
break;
}
if(form->contenttype)
prevtype = form->contenttype;
}
}
if(CURL_FORMADD_OK != return_value) {
/* On error, free allocated fields for nodes of the FormInfo linked
list which are not already owned by the httppost linked list
without deallocating nodes. List nodes are deallocated later on */
FormInfo *ptr;
for(ptr = form; ptr != NULL; ptr = ptr->more) {
if(ptr->name_alloc) {
Curl_safefree(ptr->name);
ptr->name_alloc = FALSE;
}
if(ptr->value_alloc) {
Curl_safefree(ptr->value);
ptr->value_alloc = FALSE;
}
if(ptr->contenttype_alloc) {
Curl_safefree(ptr->contenttype);
ptr->contenttype_alloc = FALSE;
}
if(ptr->showfilename_alloc) {
Curl_safefree(ptr->showfilename);
ptr->showfilename_alloc = FALSE;
}
}
}
}
/* Always deallocate FormInfo linked list nodes without touching node
fields given that these have either been deallocated or are owned
now by the httppost linked list */
while(first_form) {
FormInfo *ptr = first_form->more;
free(first_form);
first_form = ptr;
}
return return_value;
}
/*
* Output a Bearer Authorization header.
*/
CURLcode Curl_output_bearer(struct connectdata *conn,
bool proxy,
const unsigned char *request,
const unsigned char *uripath,
struct curl_oauth2_token *token)
{
char **allocuserpwd;
struct auth *authp;
struct SessionHandle *data = conn->data;
CURLcode rc;
/* The CURL_OUTPUT_BEARER_CONV macro below is for non-ASCII machines.
It converts digest text to ASCII so the MAC will be correct for
what ultimately goes over the network.
*/
#define CURL_OUTPUT_BEARER_CONV(a, b) \
rc = Curl_convert_to_network(a, (char *)b, strlen((const char*)b)); \
if(rc != CURLE_OK) { \
free(b); \
return rc; \
}
(void)request;
(void)uripath;
/* Check that we have the proper kind of token. */
if(token->token_type != CURL_OAUTH2_TOKEN_TYPE_BEARER) {
return CURLE_OAUTH2_TOKEN_MALFORMAT;
}
/* Select the right Authorization field to fill in depending on
whether we're talking to a proxy or the remote host. */
if(proxy) {
allocuserpwd = &conn->allocptr.proxyuserpwd;
authp = &data->state.authproxy;
}
else {
allocuserpwd = &conn->allocptr.userpwd;
authp = &data->state.authhost;
}
if(*allocuserpwd) {
Curl_safefree(*allocuserpwd);
*allocuserpwd = NULL;
}
authp->done = TRUE;
/* Produce the Authorization header. It is a very trivial header that
simply communicates the identifier of the bearer token. */
*allocuserpwd =
aprintf( "Authorization: Bearer %s\n", token->access_token);
if(!*allocuserpwd) {
return CURLE_OUT_OF_MEMORY;
}
CURL_OUTPUT_BEARER_CONV(data, allocuserpwd);
return CURLE_OK;
}
/*
* Curl_sasl_create_digest_http_message()
*
* This is used to generate a HTTP DIGEST response message ready for sending
* to the recipient.
*
* Parameters:
*
* data [in] - The session handle.
* userp [in] - The user name.
* passdwp [in] - The user's password.
* request [in] - The HTTP request.
* uripath [in] - The path of the HTTP uri.
* digest [in/out] - The digest data struct being used and modified.
* outptr [in/out] - The address where a pointer to newly allocated memory
* holding the result will be stored upon completion.
* outlen [out] - The length of the output message.
*
* Returns CURLE_OK on success.
*/
CURLcode Curl_sasl_create_digest_http_message(struct SessionHandle *data,
const char *userp,
const char *passwdp,
const unsigned char *request,
const unsigned char *uripath,
struct digestdata *digest,
char **outptr, size_t *outlen)
{
size_t token_max;
CredHandle credentials;
CtxtHandle context;
char *resp;
BYTE *output_token;
PSecPkgInfo SecurityPackage;
SEC_WINNT_AUTH_IDENTITY identity;
SEC_WINNT_AUTH_IDENTITY *p_identity;
SecBuffer chlg_buf[3];
SecBuffer resp_buf;
SecBufferDesc chlg_desc;
SecBufferDesc resp_desc;
SECURITY_STATUS status;
unsigned long attrs;
TimeStamp expiry; /* For Windows 9x compatibility of SSPI calls */
(void) data;
/* Query the security package for DigestSSP */
status = s_pSecFn->QuerySecurityPackageInfo((TCHAR *) TEXT(SP_NAME_DIGEST),
&SecurityPackage);
if(status != SEC_E_OK)
return CURLE_NOT_BUILT_IN;
token_max = SecurityPackage->cbMaxToken;
/* Release the package buffer as it is not required anymore */
s_pSecFn->FreeContextBuffer(SecurityPackage);
/* Allocate the output buffer according to the max token size as indicated
by the security package */
output_token = malloc(token_max);
if(!output_token)
return CURLE_OUT_OF_MEMORY;
if(userp && *userp) {
/* Populate our identity structure */
if(Curl_create_sspi_identity(userp, passwdp, &identity))
return CURLE_OUT_OF_MEMORY;
/* Allow proper cleanup of the identity structure */
p_identity = &identity;
}
else
/* Use the current Windows user */
p_identity = NULL;
/* Acquire our credentials handle */
status = s_pSecFn->AcquireCredentialsHandle(NULL,
(TCHAR *) TEXT(SP_NAME_DIGEST),
SECPKG_CRED_OUTBOUND, NULL,
p_identity, NULL, NULL,
&credentials, &expiry);
if(status != SEC_E_OK) {
Curl_safefree(output_token);
return CURLE_LOGIN_DENIED;
}
/* Setup the challenge "input" security buffer if present */
chlg_desc.ulVersion = SECBUFFER_VERSION;
chlg_desc.cBuffers = 3;
chlg_desc.pBuffers = chlg_buf;
chlg_buf[0].BufferType = SECBUFFER_TOKEN;
chlg_buf[0].pvBuffer = digest->input_token;
chlg_buf[0].cbBuffer = curlx_uztoul(digest->input_token_len);
chlg_buf[1].BufferType = SECBUFFER_PKG_PARAMS;
chlg_buf[1].pvBuffer = (void *)request;
chlg_buf[1].cbBuffer = curlx_uztoul(strlen((const char *) request));
chlg_buf[2].BufferType = SECBUFFER_PKG_PARAMS;
chlg_buf[2].pvBuffer = NULL;
chlg_buf[2].cbBuffer = 0;
/* Setup the response "output" security buffer */
resp_desc.ulVersion = SECBUFFER_VERSION;
resp_desc.cBuffers = 1;
resp_desc.pBuffers = &resp_buf;
resp_buf.BufferType = SECBUFFER_TOKEN;
resp_buf.pvBuffer = output_token;
resp_buf.cbBuffer = curlx_uztoul(token_max);
/* Generate our reponse message */
status = s_pSecFn->InitializeSecurityContext(&credentials, NULL,
(TCHAR *) uripath,
ISC_REQ_USE_HTTP_STYLE, 0, 0,
&chlg_desc, 0, &context,
&resp_desc, &attrs, &expiry);
if(status == SEC_I_COMPLETE_NEEDED ||
status == SEC_I_COMPLETE_AND_CONTINUE)
s_pSecFn->CompleteAuthToken(&credentials, &resp_desc);
else if(status != SEC_E_OK && status != SEC_I_CONTINUE_NEEDED) {
s_pSecFn->FreeCredentialsHandle(&credentials);
Curl_safefree(output_token);
return CURLE_OUT_OF_MEMORY;
}
resp = malloc(resp_buf.cbBuffer + 1);
if(!resp) {
s_pSecFn->DeleteSecurityContext(&context);
s_pSecFn->FreeCredentialsHandle(&credentials);
Curl_safefree(output_token);
return CURLE_OUT_OF_MEMORY;
}
/* Copy the generated reponse */
memcpy(resp, resp_buf.pvBuffer, resp_buf.cbBuffer);
resp[resp_buf.cbBuffer] = 0x00;
/* Return the response */
*outptr = resp;
*outlen = resp_buf.cbBuffer;
/* Free our handles */
s_pSecFn->DeleteSecurityContext(&context);
s_pSecFn->FreeCredentialsHandle(&credentials);
/* Free the identity structure */
Curl_sspi_free_identity(p_identity);
/* Free the response buffer */
Curl_safefree(output_token);
return CURLE_OK;
}
/*
* curl_easy_duphandle() is an external interface to allow duplication of a
* given input easy handle. The returned handle will be a new working handle
* with all options set exactly as the input source handle.
*/
CURL *curl_easy_duphandle(CURL *incurl)
{
struct SessionHandle *data=(struct SessionHandle *)incurl;
struct SessionHandle *outcurl = calloc(1, sizeof(struct SessionHandle));
if(NULL == outcurl)
goto fail;
/*
* We setup a few buffers we need. We should probably make them
* get setup on-demand in the code, as that would probably decrease
* the likeliness of us forgetting to init a buffer here in the future.
*/
outcurl->state.headerbuff = malloc(HEADERSIZE);
if(!outcurl->state.headerbuff)
goto fail;
outcurl->state.headersize = HEADERSIZE;
/* copy all userdefined values */
if(Curl_dupset(outcurl, data) != CURLE_OK)
goto fail;
/* the connection cache is setup on demand */
outcurl->state.conn_cache = NULL;
outcurl->state.lastconnect = NULL;
outcurl->progress.flags = data->progress.flags;
outcurl->progress.callback = data->progress.callback;
if(data->cookies) {
/* If cookies are enabled in the parent handle, we enable them
in the clone as well! */
outcurl->cookies = Curl_cookie_init(data,
data->cookies->filename,
outcurl->cookies,
data->set.cookiesession);
if(!outcurl->cookies)
goto fail;
}
/* duplicate all values in 'change' */
if(data->change.cookielist) {
outcurl->change.cookielist =
Curl_slist_duplicate(data->change.cookielist);
if(!outcurl->change.cookielist)
goto fail;
}
if(data->change.url) {
outcurl->change.url = strdup(data->change.url);
if(!outcurl->change.url)
goto fail;
outcurl->change.url_alloc = TRUE;
}
if(data->change.referer) {
outcurl->change.referer = strdup(data->change.referer);
if(!outcurl->change.referer)
goto fail;
outcurl->change.referer_alloc = TRUE;
}
/* Clone the resolver handle, if present, for the new handle */
if(Curl_resolver_duphandle(&outcurl->state.resolver,
data->state.resolver) != CURLE_OK)
goto fail;
Curl_convert_setup(outcurl);
Curl_easy_initHandleData(outcurl);
outcurl->magic = CURLEASY_MAGIC_NUMBER;
/* we reach this point and thus we are OK */
return outcurl;
fail:
if(outcurl) {
curl_slist_free_all(outcurl->change.cookielist);
outcurl->change.cookielist = NULL;
Curl_safefree(outcurl->state.headerbuff);
Curl_safefree(outcurl->change.url);
Curl_safefree(outcurl->change.referer);
Curl_freeset(outcurl);
free(outcurl);
}
return NULL;
}
/* return number of received (decrypted) bytes */
static ssize_t http2_send(struct connectdata *conn, int sockindex,
const void *mem, size_t len, CURLcode *err)
{
/*
* BIG TODO: Currently, we send request in this function, but this
* function is also used to send request body. It would be nice to
* add dedicated function for request.
*/
int rv;
struct http_conn *httpc = &conn->proto.httpc;
nghttp2_nv *nva;
size_t nheader;
size_t i;
size_t authority_idx;
char *hdbuf = (char*)mem;
char *end;
nghttp2_data_provider data_prd;
int32_t stream_id;
(void)sockindex;
infof(conn->data, "http2_send len=%zu\n", len);
if(httpc->stream_id != -1) {
/* If stream_id != -1, we have dispatched request HEADERS, and now
are going to send or sending request body in DATA frame */
httpc->upload_mem = mem;
httpc->upload_len = len;
nghttp2_session_resume_data(httpc->h2, httpc->stream_id);
rv = nghttp2_session_send(httpc->h2);
if(nghttp2_is_fatal(rv)) {
*err = CURLE_SEND_ERROR;
return -1;
}
return len - httpc->upload_len;
}
/* Calculate number of headers contained in [mem, mem + len) */
/* Here, we assume the curl http code generate *correct* HTTP header
field block */
nheader = 0;
for(i = 0; i < len; ++i) {
if(hdbuf[i] == 0x0a) {
++nheader;
}
}
/* We counted additional 2 \n in the first and last line. We need 3
new headers: :method, :path and :scheme. Therefore we need one
more space. */
nheader += 1;
nva = malloc(sizeof(nghttp2_nv) * nheader);
if(nva == NULL) {
*err = CURLE_OUT_OF_MEMORY;
return -1;
}
/* Extract :method, :path from request line */
end = strchr(hdbuf, ' ');
nva[0].name = (unsigned char *)":method";
nva[0].namelen = (uint16_t)strlen((char *)nva[0].name);
nva[0].value = (unsigned char *)hdbuf;
nva[0].valuelen = (uint16_t)(end - hdbuf);
nva[0].flags = NGHTTP2_NV_FLAG_NONE;
hdbuf = end + 1;
end = strchr(hdbuf, ' ');
nva[1].name = (unsigned char *)":path";
nva[1].namelen = (uint16_t)strlen((char *)nva[1].name);
nva[1].value = (unsigned char *)hdbuf;
nva[1].valuelen = (uint16_t)(end - hdbuf);
nva[1].flags = NGHTTP2_NV_FLAG_NONE;
nva[2].name = (unsigned char *)":scheme";
nva[2].namelen = (uint16_t)strlen((char *)nva[2].name);
if(conn->handler->flags & PROTOPT_SSL)
nva[2].value = (unsigned char *)"https";
else
nva[2].value = (unsigned char *)"http";
nva[2].valuelen = (uint16_t)strlen((char *)nva[2].value);
nva[2].flags = NGHTTP2_NV_FLAG_NONE;
hdbuf = strchr(hdbuf, 0x0a);
++hdbuf;
authority_idx = 0;
for(i = 3; i < nheader; ++i) {
end = strchr(hdbuf, ':');
assert(end);
if(end - hdbuf == 4 && Curl_raw_nequal("host", hdbuf, 4)) {
authority_idx = i;
nva[i].name = (unsigned char *)":authority";
nva[i].namelen = (uint16_t)strlen((char *)nva[i].name);
}
else {
nva[i].name = (unsigned char *)hdbuf;
nva[i].namelen = (uint16_t)(end - hdbuf);
}
hdbuf = end + 1;
for(; *hdbuf == ' '; ++hdbuf);
end = strchr(hdbuf, 0x0d);
assert(end);
nva[i].value = (unsigned char *)hdbuf;
nva[i].valuelen = (uint16_t)(end - hdbuf);
nva[i].flags = NGHTTP2_NV_FLAG_NONE;
hdbuf = end + 2;
/* Inspect Content-Length header field and retrieve the request
entity length so that we can set END_STREAM to the last DATA
frame. */
if(nva[i].namelen == 14 &&
Curl_raw_nequal("content-length", (char*)nva[i].name, 14)) {
size_t j;
for(j = 0; j < nva[i].valuelen; ++j) {
httpc->upload_left *= 10;
httpc->upload_left += nva[i].value[j] - '0';
}
infof(conn->data, "request content-length=%zu\n", httpc->upload_left);
}
}
/* :authority must come before non-pseudo header fields */
if(authority_idx != 0 && authority_idx != AUTHORITY_DST_IDX) {
nghttp2_nv authority = nva[authority_idx];
for(i = authority_idx; i > AUTHORITY_DST_IDX; --i) {
nva[i] = nva[i - 1];
}
nva[i] = authority;
}
switch(conn->data->set.httpreq) {
case HTTPREQ_POST:
case HTTPREQ_POST_FORM:
case HTTPREQ_PUT:
data_prd.read_callback = data_source_read_callback;
data_prd.source.ptr = NULL;
stream_id = nghttp2_submit_request(httpc->h2, NULL, nva, nheader,
&data_prd, NULL);
break;
default:
stream_id = nghttp2_submit_request(httpc->h2, NULL, nva, nheader,
NULL, NULL);
}
Curl_safefree(nva);
if(stream_id < 0) {
*err = CURLE_SEND_ERROR;
return -1;
}
httpc->stream_id = stream_id;
rv = nghttp2_session_send(httpc->h2);
if(rv != 0) {
*err = CURLE_SEND_ERROR;
return -1;
}
if(httpc->stream_id != -1) {
/* If whole HEADERS frame was sent off to the underlying socket,
the nghttp2 library calls data_source_read_callback. But only
it found that no data available, so it deferred the DATA
transmission. Which means that nghttp2_session_want_write()
returns 0 on http2_perform_getsock(), which results that no
writable socket check is performed. To workaround this, we
issue nghttp2_session_resume_data() here to bring back DATA
transmission from deferred state. */
nghttp2_session_resume_data(httpc->h2, httpc->stream_id);
}
return len;
}
static ssize_t
schannel_send(struct connectdata *conn, int sockindex,
const void *buf, size_t len, CURLcode *err)
{
ssize_t written = -1;
size_t data_len = 0;
unsigned char *data = NULL;
struct ssl_connect_data *connssl = &conn->ssl[sockindex];
SecBuffer outbuf[4];
SecBufferDesc outbuf_desc;
SECURITY_STATUS sspi_status = SEC_E_OK;
CURLcode code;
/* check if the maximum stream sizes were queried */
if(connssl->stream_sizes.cbMaximumMessage == 0) {
sspi_status = s_pSecFn->QueryContextAttributes(
&connssl->ctxt->ctxt_handle,
SECPKG_ATTR_STREAM_SIZES,
&connssl->stream_sizes);
if(sspi_status != SEC_E_OK) {
*err = CURLE_SEND_ERROR;
return -1;
}
}
/* check if the buffer is longer than the maximum message length */
if(len > connssl->stream_sizes.cbMaximumMessage) {
*err = CURLE_SEND_ERROR;
return -1;
}
/* calculate the complete message length and allocate a buffer for it */
data_len = connssl->stream_sizes.cbHeader + len +
connssl->stream_sizes.cbTrailer;
data = (unsigned char*) malloc(data_len);
if(data == NULL) {
*err = CURLE_OUT_OF_MEMORY;
return -1;
}
/* setup output buffers (header, data, trailer, empty) */
InitSecBuffer(&outbuf[0], SECBUFFER_STREAM_HEADER,
data, connssl->stream_sizes.cbHeader);
InitSecBuffer(&outbuf[1], SECBUFFER_DATA,
data + connssl->stream_sizes.cbHeader, len);
InitSecBuffer(&outbuf[2], SECBUFFER_STREAM_TRAILER,
data + connssl->stream_sizes.cbHeader + len,
connssl->stream_sizes.cbTrailer);
InitSecBuffer(&outbuf[3], SECBUFFER_EMPTY, NULL, 0);
InitSecBufferDesc(&outbuf_desc, outbuf, 4);
/* copy data into output buffer */
memcpy(outbuf[1].pvBuffer, buf, len);
/* http://msdn.microsoft.com/en-us/library/windows/desktop/aa375390.aspx */
sspi_status = s_pSecFn->EncryptMessage(&connssl->ctxt->ctxt_handle, 0,
&outbuf_desc, 0);
/* check if the message was encrypted */
if(sspi_status == SEC_E_OK) {
written = 0;
/* send the encrypted message including header, data and trailer */
len = outbuf[0].cbBuffer + outbuf[1].cbBuffer + outbuf[2].cbBuffer;
/*
It's important to send the full message which includes the header,
encrypted payload, and trailer. Until the client receives all the
data a coherent message has not been delivered and the client
can't read any of it.
If we wanted to buffer the unwritten encrypted bytes, we would
tell the client that all data it has requested to be sent has been
sent. The unwritten encrypted bytes would be the first bytes to
send on the next invocation.
Here's the catch with this - if we tell the client that all the
bytes have been sent, will the client call this method again to
send the buffered data? Looking at who calls this function, it
seems the answer is NO.
*/
/* send entire message or fail */
while(len > (size_t)written) {
ssize_t this_write;
long timeleft;
int what;
this_write = 0;
timeleft = Curl_timeleft(conn->data, NULL, TRUE);
if(timeleft < 0) {
/* we already got the timeout */
failf(conn->data, "schannel: timed out sending data "
"(bytes sent: %zd)", written);
*err = CURLE_OPERATION_TIMEDOUT;
written = -1;
break;
}
what = Curl_socket_ready(CURL_SOCKET_BAD, conn->sock[sockindex],
timeleft);
if(what < 0) {
/* fatal error */
failf(conn->data, "select/poll on SSL socket, errno: %d", SOCKERRNO);
*err = CURLE_SEND_ERROR;
written = -1;
break;
}
else if(0 == what) {
failf(conn->data, "schannel: timed out sending data "
"(bytes sent: %zd)", written);
*err = CURLE_OPERATION_TIMEDOUT;
written = -1;
break;
}
/* socket is writable */
code = Curl_write_plain(conn, conn->sock[sockindex], data + written,
len - written, &this_write);
if(code == CURLE_AGAIN)
continue;
else if(code != CURLE_OK) {
*err = code;
written = -1;
break;
}
written += this_write;
}
}
else if(sspi_status == SEC_E_INSUFFICIENT_MEMORY) {
*err = CURLE_OUT_OF_MEMORY;
}
else{
*err = CURLE_SEND_ERROR;
}
Curl_safefree(data);
if(len == (size_t)written)
/* Encrypted message including header, data and trailer entirely sent.
The return value is the number of unencrypted bytes that were sent. */
written = outbuf[1].cbBuffer;
return written;
}
/*
* Curl_ssh_connect() gets called from Curl_protocol_connect() to allow us to
* do protocol-specific actions at connect-time.
*/
CURLcode Curl_ssh_connect(struct connectdata *conn, bool *done)
{
int i;
struct SSHPROTO *ssh;
const char *fingerprint;
const char *authlist;
char *home;
char rsa_pub[PATH_MAX];
char rsa[PATH_MAX];
char tempHome[PATH_MAX];
curl_socket_t sock;
char *real_path;
char *working_path;
int working_path_len;
bool authed = FALSE;
CURLcode result;
struct SessionHandle *data = conn->data;
rsa_pub[0] = rsa[0] = '\0';
result = ssh_init(conn);
if (result)
return result;
ssh = data->reqdata.proto.ssh;
working_path = curl_easy_unescape(data, data->reqdata.path, 0,
&working_path_len);
if (!working_path)
return CURLE_OUT_OF_MEMORY;
#ifdef CURL_LIBSSH2_DEBUG
if (ssh->user) {
infof(data, "User: %s\n", ssh->user);
}
if (ssh->passwd) {
infof(data, "Password: %s\n", ssh->passwd);
}
#endif /* CURL_LIBSSH2_DEBUG */
sock = conn->sock[FIRSTSOCKET];
ssh->ssh_session = libssh2_session_init_ex(libssh2_malloc, libssh2_free,
libssh2_realloc, ssh);
if (ssh->ssh_session == NULL) {
failf(data, "Failure initialising ssh session\n");
Curl_safefree(ssh->path);
return CURLE_FAILED_INIT;
}
#ifdef CURL_LIBSSH2_DEBUG
infof(data, "SSH socket: %d\n", sock);
#endif /* CURL_LIBSSH2_DEBUG */
if (libssh2_session_startup(ssh->ssh_session, sock)) {
failf(data, "Failure establishing ssh session\n");
libssh2_session_free(ssh->ssh_session);
ssh->ssh_session = NULL;
Curl_safefree(ssh->path);
return CURLE_FAILED_INIT;
}
/*
* Before we authenticate we should check the hostkey's fingerprint against
* our known hosts. How that is handled (reading from file, whatever) is
* up to us. As for know not much is implemented, besides showing how to
* get the fingerprint.
*/
fingerprint = libssh2_hostkey_hash(ssh->ssh_session,
LIBSSH2_HOSTKEY_HASH_MD5);
#ifdef CURL_LIBSSH2_DEBUG
/* The fingerprint points to static storage (!), don't free() it. */
infof(data, "Fingerprint: ");
for (i = 0; i < 16; i++) {
infof(data, "%02X ", (unsigned char) fingerprint[i]);
}
infof(data, "\n");
#endif /* CURL_LIBSSH2_DEBUG */
/* TBD - methods to check the host keys need to be done */
/*
* Figure out authentication methods
* NB: As soon as we have provided a username to an openssh server we must
* never change it later. Thus, always specify the correct username here,
* even though the libssh2 docs kind of indicate that it should be possible
* to get a 'generic' list (not user-specific) of authentication methods,
* presumably with a blank username. That won't work in my experience.
* So always specify it here.
*/
authlist = libssh2_userauth_list(ssh->ssh_session, ssh->user,
strlen(ssh->user));
/*
* Check the supported auth types in the order I feel is most secure with the
* requested type of authentication
*/
if ((data->set.ssh_auth_types & CURLSSH_AUTH_PUBLICKEY) &&
(strstr(authlist, "publickey") != NULL)) {
/* To ponder about: should really the lib be messing about with the HOME
environment variable etc? */
home = curl_getenv("HOME");
if (data->set.ssh_public_key)
snprintf(rsa_pub, sizeof(rsa_pub), "%s", data->set.ssh_public_key);
else if (home)
snprintf(rsa_pub, sizeof(rsa_pub), "%s/.ssh/id_dsa.pub", home);
if (data->set.ssh_private_key)
snprintf(rsa, sizeof(rsa), "%s", data->set.ssh_private_key);
else if (home)
snprintf(rsa, sizeof(rsa), "%s/.ssh/id_dsa", home);
curl_free(home);
if (rsa_pub[0]) {
/* The function below checks if the files exists, no need to stat() here.
*/
if (libssh2_userauth_publickey_fromfile(ssh->ssh_session, ssh->user,
rsa_pub, rsa, "") == 0) {
authed = TRUE;
}
}
}
if (!authed &&
(data->set.ssh_auth_types & CURLSSH_AUTH_PASSWORD) &&
(strstr(authlist, "password") != NULL)) {
if (!libssh2_userauth_password(ssh->ssh_session, ssh->user, ssh->passwd))
authed = TRUE;
}
if (!authed && (data->set.ssh_auth_types & CURLSSH_AUTH_HOST) &&
(strstr(authlist, "hostbased") != NULL)) {
}
if (!authed && (data->set.ssh_auth_types & CURLSSH_AUTH_KEYBOARD)
&& (strstr(authlist, "keyboard-interactive") != NULL)) {
/* Authentication failed. Continue with keyboard-interactive now. */
if (libssh2_userauth_keyboard_interactive_ex(ssh->ssh_session, ssh->user,
strlen(ssh->user),
&kbd_callback) == 0) {
authed = TRUE;
}
}
if (!authed) {
failf(data, "Authentication failure\n");
libssh2_session_free(ssh->ssh_session);
ssh->ssh_session = NULL;
Curl_safefree(ssh->path);
return CURLE_FAILED_INIT;
}
/*
* At this point we have an authenticated ssh session.
*/
conn->sockfd = sock;
conn->writesockfd = CURL_SOCKET_BAD;
if (conn->protocol == PROT_SFTP) {
/*
* Start the libssh2 sftp session
*/
ssh->sftp_session = libssh2_sftp_init(ssh->ssh_session);
if (ssh->sftp_session == NULL) {
failf(data, "Failure initialising sftp session\n");
libssh2_sftp_shutdown(ssh->sftp_session);
ssh->sftp_session = NULL;
libssh2_session_free(ssh->ssh_session);
ssh->ssh_session = NULL;
return CURLE_FAILED_INIT;
}
/*
* Get the "home" directory
*/
i = libssh2_sftp_realpath(ssh->sftp_session, ".", tempHome, PATH_MAX-1);
if (i > 0) {
/* It seems that this string is not always NULL terminated */
tempHome[i] = '\0';
ssh->homedir = (char *)strdup(tempHome);
if (!ssh->homedir) {
libssh2_sftp_shutdown(ssh->sftp_session);
ssh->sftp_session = NULL;
libssh2_session_free(ssh->ssh_session);
ssh->ssh_session = NULL;
return CURLE_OUT_OF_MEMORY;
}
}
else {
/* Return the error type */
i = libssh2_sftp_last_error(ssh->sftp_session);
DEBUGF(infof(data, "error = %d\n", i));
}
}
/* Check for /~/ , indicating realative to the users home directory */
if (conn->protocol == PROT_SCP) {
real_path = (char *)malloc(working_path_len+1);
if (real_path == NULL) {
Curl_safefree(working_path);
libssh2_session_free(ssh->ssh_session);
ssh->ssh_session = NULL;
return CURLE_OUT_OF_MEMORY;
}
if (working_path[1] == '~')
/* It is referenced to the home directory, so strip the leading '/' */
memcpy(real_path, working_path+1, 1 + working_path_len-1);
else
memcpy(real_path, working_path, 1 + working_path_len);
}
else if (conn->protocol == PROT_SFTP) {
if (working_path[1] == '~') {
real_path = (char *)malloc(strlen(ssh->homedir) +
working_path_len + 1);
if (real_path == NULL) {
libssh2_sftp_shutdown(ssh->sftp_session);
ssh->sftp_session = NULL;
libssh2_session_free(ssh->ssh_session);
ssh->ssh_session = NULL;
Curl_safefree(working_path);
return CURLE_OUT_OF_MEMORY;
}
/* It is referenced to the home directory, so strip the leading '/' */
memcpy(real_path, ssh->homedir, strlen(ssh->homedir));
real_path[strlen(ssh->homedir)] = '/';
real_path[strlen(ssh->homedir)+1] = '\0';
if (working_path_len > 3) {
memcpy(real_path+strlen(ssh->homedir)+1, working_path + 3,
1 + working_path_len -3);
}
}
else {
real_path = (char *)malloc(working_path_len+1);
if (real_path == NULL) {
libssh2_session_free(ssh->ssh_session);
ssh->ssh_session = NULL;
Curl_safefree(working_path);
return CURLE_OUT_OF_MEMORY;
}
memcpy(real_path, working_path, 1+working_path_len);
}
}
else
return CURLE_FAILED_INIT;
Curl_safefree(working_path);
ssh->path = real_path;
*done = TRUE;
return CURLE_OK;
}
void free_config_fields(struct Configurable *config)
{
struct getout *urlnode;
if(config->easy) {
curl_easy_cleanup(config->easy);
config->easy = NULL;
}
Curl_safefree(config->random_file);
Curl_safefree(config->egd_file);
Curl_safefree(config->useragent);
Curl_safefree(config->cookie);
Curl_safefree(config->cookiejar);
Curl_safefree(config->cookiefile);
Curl_safefree(config->postfields);
Curl_safefree(config->referer);
Curl_safefree(config->headerfile);
Curl_safefree(config->ftpport);
Curl_safefree(config->iface);
Curl_safefree(config->range);
Curl_safefree(config->userpwd);
Curl_safefree(config->tls_username);
Curl_safefree(config->tls_password);
Curl_safefree(config->tls_authtype);
Curl_safefree(config->proxyuserpwd);
Curl_safefree(config->proxy);
Curl_safefree(config->dns_ipv6_addr);
Curl_safefree(config->dns_ipv4_addr);
Curl_safefree(config->dns_interface);
Curl_safefree(config->dns_servers);
Curl_safefree(config->noproxy);
Curl_safefree(config->mail_from);
curl_slist_free_all(config->mail_rcpt);
Curl_safefree(config->mail_auth);
Curl_safefree(config->netrc_file);
urlnode = config->url_list;
while(urlnode) {
struct getout *next = urlnode->next;
Curl_safefree(urlnode->url);
Curl_safefree(urlnode->outfile);
Curl_safefree(urlnode->infile);
Curl_safefree(urlnode);
urlnode = next;
}
config->url_list = NULL;
config->url_last = NULL;
config->url_get = NULL;
config->url_out = NULL;
Curl_safefree(config->cipher_list);
Curl_safefree(config->cert);
Curl_safefree(config->cert_type);
Curl_safefree(config->cacert);
Curl_safefree(config->capath);
Curl_safefree(config->crlfile);
Curl_safefree(config->key);
Curl_safefree(config->key_type);
Curl_safefree(config->key_passwd);
Curl_safefree(config->pubkey);
Curl_safefree(config->hostpubmd5);
Curl_safefree(config->engine);
Curl_safefree(config->customrequest);
Curl_safefree(config->krblevel);
Curl_safefree(config->trace_dump);
Curl_safefree(config->xoauth2_bearer);
config->trace_stream = NULL; /* closed elsewhere when appropriate */
Curl_safefree(config->writeout);
config->errors = NULL; /* closed elsewhere when appropriate */
curl_slist_free_all(config->quote);
curl_slist_free_all(config->postquote);
curl_slist_free_all(config->prequote);
curl_slist_free_all(config->headers);
if(config->httppost) {
curl_formfree(config->httppost);
config->httppost = NULL;
}
config->last_post = NULL;
curl_slist_free_all(config->telnet_options);
curl_slist_free_all(config->resolve);
Curl_safefree(config->socksproxy);
Curl_safefree(config->socks5_gssapi_service);
Curl_safefree(config->ftp_account);
Curl_safefree(config->ftp_alternative_to_user);
Curl_safefree(config->libcurl);
}
CURLcode Curl_proxyCONNECT(struct connectdata *conn,
int sockindex,
const char *hostname,
unsigned short remote_port)
{
int subversion=0;
struct SessionHandle *data=conn->data;
struct SingleRequest *k = &data->req;
CURLcode result;
long timeout =
data->set.timeout?data->set.timeout:PROXY_TIMEOUT; /* in milliseconds */
curl_socket_t tunnelsocket = conn->sock[sockindex];
curl_off_t cl=0;
bool closeConnection = FALSE;
bool chunked_encoding = FALSE;
long check;
#define SELECT_OK 0
#define SELECT_ERROR 1
#define SELECT_TIMEOUT 2
int error = SELECT_OK;
if(conn->tunnel_state[sockindex] == TUNNEL_COMPLETE)
return CURLE_OK; /* CONNECT is already completed */
conn->bits.proxy_connect_closed = FALSE;
do {
if(TUNNEL_INIT == conn->tunnel_state[sockindex]) {
/* BEGIN CONNECT PHASE */
char *host_port;
Curl_send_buffer *req_buffer;
infof(data, "Establish HTTP proxy tunnel to %s:%hu\n",
hostname, remote_port);
if(data->req.newurl) {
/* This only happens if we've looped here due to authentication
reasons, and we don't really use the newly cloned URL here
then. Just free() it. */
free(data->req.newurl);
data->req.newurl = NULL;
}
/* initialize a dynamic send-buffer */
req_buffer = Curl_add_buffer_init();
if(!req_buffer)
return CURLE_OUT_OF_MEMORY;
host_port = aprintf("%s:%hu", hostname, remote_port);
if(!host_port) {
free(req_buffer);
return CURLE_OUT_OF_MEMORY;
}
/* Setup the proxy-authorization header, if any */
result = Curl_http_output_auth(conn, "CONNECT", host_port, TRUE);
free(host_port);
if(CURLE_OK == result) {
char *host=(char *)"";
const char *proxyconn="";
const char *useragent="";
const char *http = (conn->proxytype == CURLPROXY_HTTP_1_0) ?
"1.0" : "1.1";
char *hostheader= /* host:port with IPv6 support */
aprintf("%s%s%s:%hu", conn->bits.ipv6_ip?"[":"",
hostname, conn->bits.ipv6_ip?"]":"",
remote_port);
if(!hostheader) {
free(req_buffer);
return CURLE_OUT_OF_MEMORY;
}
if(!Curl_checkheaders(data, "Host:")) {
host = aprintf("Host: %s\r\n", hostheader);
if(!host) {
free(hostheader);
free(req_buffer);
return CURLE_OUT_OF_MEMORY;
}
}
if(!Curl_checkheaders(data, "Proxy-Connection:"))
proxyconn = "Proxy-Connection: Keep-Alive\r\n";
if(!Curl_checkheaders(data, "User-Agent:") &&
data->set.str[STRING_USERAGENT])
useragent = conn->allocptr.uagent;
result =
Curl_add_bufferf(req_buffer,
"CONNECT %s HTTP/%s\r\n"
"%s" /* Host: */
"%s" /* Proxy-Authorization */
"%s" /* User-Agent */
"%s", /* Proxy-Connection */
hostheader,
http,
host,
conn->allocptr.proxyuserpwd?
conn->allocptr.proxyuserpwd:"",
useragent,
proxyconn);
if(host && *host)
free(host);
free(hostheader);
if(CURLE_OK == result)
result = Curl_add_custom_headers(conn, req_buffer);
if(CURLE_OK == result)
/* CRLF terminate the request */
result = Curl_add_bufferf(req_buffer, "\r\n");
if(CURLE_OK == result) {
/* Send the connect request to the proxy */
/* BLOCKING */
result =
Curl_add_buffer_send(req_buffer, conn,
&data->info.request_size, 0, sockindex);
}
req_buffer = NULL;
if(result)
failf(data, "Failed sending CONNECT to proxy");
}
Curl_safefree(req_buffer);
if(result)
return result;
conn->tunnel_state[sockindex] = TUNNEL_CONNECT;
/* now we've issued the CONNECT and we're waiting to hear back, return
and get called again polling-style */
return CURLE_OK;
} /* END CONNECT PHASE */
{ /* BEGIN NEGOTIATION PHASE */
size_t nread; /* total size read */
int perline; /* count bytes per line */
int keepon=TRUE;
ssize_t gotbytes;
char *ptr;
char *line_start;
ptr=data->state.buffer;
line_start = ptr;
nread=0;
perline=0;
keepon=TRUE;
while((nread<BUFSIZE) && (keepon && !error)) {
/* if timeout is requested, find out how much remaining time we have */
check = timeout - /* timeout time */
Curl_tvdiff(Curl_tvnow(), conn->now); /* spent time */
if(check <= 0) {
failf(data, "Proxy CONNECT aborted due to timeout");
error = SELECT_TIMEOUT; /* already too little time */
break;
}
/* loop every second at least, less if the timeout is near */
switch (Curl_socket_ready(tunnelsocket, CURL_SOCKET_BAD,
check<1000L?check:1000)) {
case -1: /* select() error, stop reading */
error = SELECT_ERROR;
failf(data, "Proxy CONNECT aborted due to select/poll error");
break;
case 0: /* timeout */
break;
default:
DEBUGASSERT(ptr+BUFSIZE-nread <= data->state.buffer+BUFSIZE+1);
result = Curl_read(conn, tunnelsocket, ptr, BUFSIZE-nread,
&gotbytes);
if(result==CURLE_AGAIN)
continue; /* go loop yourself */
else if(result)
keepon = FALSE;
else if(gotbytes <= 0) {
keepon = FALSE;
if(data->set.proxyauth && data->state.authproxy.avail) {
/* proxy auth was requested and there was proxy auth available,
then deem this as "mere" proxy disconnect */
conn->bits.proxy_connect_closed = TRUE;
}
else {
error = SELECT_ERROR;
failf(data, "Proxy CONNECT aborted");
}
}
else {
/*
* We got a whole chunk of data, which can be anything from one
* byte to a set of lines and possibly just a piece of the last
* line.
*/
int i;
nread += gotbytes;
if(keepon > TRUE) {
/* This means we are currently ignoring a response-body */
nread = 0; /* make next read start over in the read buffer */
ptr=data->state.buffer;
if(cl) {
/* A Content-Length based body: simply count down the counter
and make sure to break out of the loop when we're done! */
cl -= gotbytes;
if(cl<=0) {
keepon = FALSE;
break;
}
}
else {
/* chunked-encoded body, so we need to do the chunked dance
properly to know when the end of the body is reached */
CHUNKcode r;
ssize_t tookcareof=0;
/* now parse the chunked piece of data so that we can
properly tell when the stream ends */
r = Curl_httpchunk_read(conn, ptr, gotbytes, &tookcareof);
if(r == CHUNKE_STOP) {
/* we're done reading chunks! */
infof(data, "chunk reading DONE\n");
keepon = FALSE;
/* we did the full CONNECT treatment, go COMPLETE */
conn->tunnel_state[sockindex] = TUNNEL_COMPLETE;
}
else
infof(data, "Read %zd bytes of chunk, continue\n",
tookcareof);
}
}
else
for(i = 0; i < gotbytes; ptr++, i++) {
perline++; /* amount of bytes in this line so far */
if(*ptr == 0x0a) {
char letter;
int writetype;
/* convert from the network encoding */
result = Curl_convert_from_network(data, line_start,
perline);
/* Curl_convert_from_network calls failf if unsuccessful */
if(result)
return result;
/* output debug if that is requested */
if(data->set.verbose)
Curl_debug(data, CURLINFO_HEADER_IN,
line_start, (size_t)perline, conn);
/* send the header to the callback */
writetype = CLIENTWRITE_HEADER;
if(data->set.include_header)
writetype |= CLIENTWRITE_BODY;
result = Curl_client_write(conn, writetype, line_start,
perline);
data->info.header_size += (long)perline;
data->req.headerbytecount += (long)perline;
if(result)
return result;
/* Newlines are CRLF, so the CR is ignored as the line isn't
really terminated until the LF comes. Treat a following CR
as end-of-headers as well.*/
if(('\r' == line_start[0]) ||
('\n' == line_start[0])) {
/* end of response-headers from the proxy */
nread = 0; /* make next read start over in the read
buffer */
ptr=data->state.buffer;
if((407 == k->httpcode) && !data->state.authproblem) {
/* If we get a 407 response code with content length
when we have no auth problem, we must ignore the
whole response-body */
keepon = 2;
if(cl) {
infof(data, "Ignore %" FORMAT_OFF_T
" bytes of response-body\n", cl);
/* remove the remaining chunk of what we already
read */
cl -= (gotbytes - i);
if(cl<=0)
/* if the whole thing was already read, we are done!
*/
keepon=FALSE;
}
else if(chunked_encoding) {
CHUNKcode r;
/* We set ignorebody true here since the chunked
decoder function will acknowledge that. Pay
attention so that this is cleared again when this
function returns! */
k->ignorebody = TRUE;
infof(data, "%zd bytes of chunk left\n", gotbytes-i);
if(line_start[1] == '\n') {
/* this can only be a LF if the letter at index 0
was a CR */
line_start++;
i++;
}
/* now parse the chunked piece of data so that we can
properly tell when the stream ends */
r = Curl_httpchunk_read(conn, line_start+1,
gotbytes -i, &gotbytes);
if(r == CHUNKE_STOP) {
/* we're done reading chunks! */
infof(data, "chunk reading DONE\n");
keepon = FALSE;
/* we did the full CONNECT treatment, go to
COMPLETE */
conn->tunnel_state[sockindex] = TUNNEL_COMPLETE;
}
else
infof(data, "Read %zd bytes of chunk, continue\n",
gotbytes);
}
else {
/* without content-length or chunked encoding, we
can't keep the connection alive since the close is
the end signal so we bail out at once instead */
keepon=FALSE;
}
}
else {
keepon = FALSE;
if(200 == data->info.httpproxycode) {
if(gotbytes - (i+1))
failf(data, "Proxy CONNECT followed by %zd bytes "
"of opaque data. Data ignored (known bug #39)",
gotbytes - (i+1));
}
}
/* we did the full CONNECT treatment, go to COMPLETE */
conn->tunnel_state[sockindex] = TUNNEL_COMPLETE;
break; /* breaks out of for-loop, not switch() */
}
/* keep a backup of the position we are about to blank */
letter = line_start[perline];
line_start[perline]=0; /* zero terminate the buffer */
if((checkprefix("WWW-Authenticate:", line_start) &&
(401 == k->httpcode)) ||
(checkprefix("Proxy-authenticate:", line_start) &&
(407 == k->httpcode))) {
result = Curl_http_input_auth(conn, k->httpcode,
line_start);
if(result)
return result;
}
else if(checkprefix("Content-Length:", line_start)) {
cl = curlx_strtoofft(line_start +
strlen("Content-Length:"), NULL, 10);
}
else if(Curl_compareheader(line_start,
"Connection:", "close"))
closeConnection = TRUE;
else if(Curl_compareheader(line_start,
"Transfer-Encoding:",
"chunked")) {
infof(data, "CONNECT responded chunked\n");
chunked_encoding = TRUE;
/* init our chunky engine */
Curl_httpchunk_init(conn);
}
else if(Curl_compareheader(line_start,
"Proxy-Connection:", "close"))
closeConnection = TRUE;
else if(2 == sscanf(line_start, "HTTP/1.%d %d",
&subversion,
&k->httpcode)) {
/* store the HTTP code from the proxy */
data->info.httpproxycode = k->httpcode;
}
/* put back the letter we blanked out before */
line_start[perline]= letter;
perline=0; /* line starts over here */
line_start = ptr+1; /* this skips the zero byte we wrote */
}
}
}
break;
} /* switch */
if(Curl_pgrsUpdate(conn))
return CURLE_ABORTED_BY_CALLBACK;
} /* while there's buffer left and loop is requested */
if(error)
return CURLE_RECV_ERROR;
if(data->info.httpproxycode != 200) {
/* Deal with the possibly already received authenticate
headers. 'newurl' is set to a new URL if we must loop. */
result = Curl_http_auth_act(conn);
if(result)
return result;
if(conn->bits.close)
/* the connection has been marked for closure, most likely in the
Curl_http_auth_act() function and thus we can kill it at once
below
*/
closeConnection = TRUE;
}
if(closeConnection && data->req.newurl) {
/* Connection closed by server. Don't use it anymore */
Curl_closesocket(conn, conn->sock[sockindex]);
conn->sock[sockindex] = CURL_SOCKET_BAD;
break;
}
} /* END NEGOTIATION PHASE */
/* If we are supposed to continue and request a new URL, which basically
* means the HTTP authentication is still going on so if the tunnel
* is complete we start over in INIT state */
if(data->req.newurl &&
(TUNNEL_COMPLETE == conn->tunnel_state[sockindex])) {
conn->tunnel_state[sockindex] = TUNNEL_INIT;
infof(data, "TUNNEL_STATE switched to: %d\n",
conn->tunnel_state[sockindex]);
}
} while(data->req.newurl);
if(200 != data->req.httpcode) {
failf(data, "Received HTTP code %d from proxy after CONNECT",
data->req.httpcode);
if(closeConnection && data->req.newurl)
conn->bits.proxy_connect_closed = TRUE;
if(data->req.newurl) {
/* this won't be used anymore for the CONNECT so free it now */
free(data->req.newurl);
data->req.newurl = NULL;
}
/* to back to init state */
conn->tunnel_state[sockindex] = TUNNEL_INIT;
return CURLE_RECV_ERROR;
}
conn->tunnel_state[sockindex] = TUNNEL_COMPLETE;
/* If a proxy-authorization header was used for the proxy, then we should
make sure that it isn't accidentally used for the document request
after we've connected. So let's free and clear it here. */
Curl_safefree(conn->allocptr.proxyuserpwd);
conn->allocptr.proxyuserpwd = NULL;
data->state.authproxy.done = TRUE;
infof (data, "Proxy replied OK to CONNECT request\n");
data->req.ignorebody = FALSE; /* put it (back) to non-ignore state */
conn->bits.rewindaftersend = FALSE; /* make sure this isn't set for the
document request */
return CURLE_OK;
}
static CURLcode smtp_authenticate(struct connectdata *conn)
{
CURLcode result = CURLE_OK;
struct smtp_conn *smtpc = &conn->proto.smtpc;
char *initresp = NULL;
const char *mech = NULL;
size_t len = 0;
smtpstate state1 = SMTP_STOP;
smtpstate state2 = SMTP_STOP;
/* Check we have a username and password to authenticate with and end the
connect phase if we don't */
if(!conn->bits.user_passwd) {
state(conn, SMTP_STOP);
return result;
}
/* Check supported authentication mechanisms by decreasing order of
security */
#ifndef CURL_DISABLE_CRYPTO_AUTH
if(smtpc->authmechs & SASL_MECH_DIGEST_MD5) {
mech = "DIGEST-MD5";
state1 = SMTP_AUTH_DIGESTMD5;
smtpc->authused = SASL_MECH_DIGEST_MD5;
}
else if(smtpc->authmechs & SASL_MECH_CRAM_MD5) {
mech = "CRAM-MD5";
state1 = SMTP_AUTH_CRAMMD5;
smtpc->authused = SASL_MECH_CRAM_MD5;
}
else
#endif
#ifdef USE_NTLM
if(smtpc->authmechs & SASL_MECH_NTLM) {
mech = "NTLM";
state1 = SMTP_AUTH_NTLM;
state2 = SMTP_AUTH_NTLM_TYPE2MSG;
smtpc->authused = SASL_MECH_NTLM;
result = Curl_sasl_create_ntlm_type1_message(conn->user, conn->passwd,
&conn->ntlm,
&initresp, &len);
}
else
#endif
if(smtpc->authmechs & SASL_MECH_LOGIN) {
mech = "LOGIN";
state1 = SMTP_AUTH_LOGIN;
state2 = SMTP_AUTH_PASSWD;
smtpc->authused = SASL_MECH_LOGIN;
result = Curl_sasl_create_login_message(conn->data, conn->user,
&initresp, &len);
}
else if(smtpc->authmechs & SASL_MECH_PLAIN) {
mech = "PLAIN";
state1 = SMTP_AUTH_PLAIN;
state2 = SMTP_AUTH;
smtpc->authused = SASL_MECH_PLAIN;
result = Curl_sasl_create_plain_message(conn->data, conn->user,
conn->passwd, &initresp, &len);
}
else {
infof(conn->data, "No known authentication mechanisms supported!\n");
result = CURLE_LOGIN_DENIED; /* Other mechanisms not supported */
}
if(!result) {
if(initresp &&
strlen(mech) + len <= 512 - 8) { /* AUTH <mech> ...<crlf> */
result = Curl_pp_sendf(&smtpc->pp, "AUTH %s %s", mech, initresp);
if(!result)
state(conn, state2);
}
else {
result = Curl_pp_sendf(&smtpc->pp, "AUTH %s", mech);
if(!result)
state(conn, state1);
}
Curl_safefree(initresp);
}
return result;
}
/* Start the DO phase */
static CURLcode smtp_mail(struct connectdata *conn)
{
char *from = NULL;
char *auth = NULL;
char *size = NULL;
CURLcode result = CURLE_OK;
struct SessionHandle *data = conn->data;
/* Calculate the FROM parameter */
if(!data->set.str[STRING_MAIL_FROM])
/* Null reverse-path, RFC-2821, sect. 3.7 */
from = strdup("<>");
else if(data->set.str[STRING_MAIL_FROM][0] == '<')
from = aprintf("%s", data->set.str[STRING_MAIL_FROM]);
else
from = aprintf("<%s>", data->set.str[STRING_MAIL_FROM]);
if(!from)
return CURLE_OUT_OF_MEMORY;
/* Calculate the optional AUTH parameter */
if(data->set.str[STRING_MAIL_AUTH] && conn->proto.smtpc.authused) {
if(data->set.str[STRING_MAIL_AUTH][0] != '\0')
auth = aprintf("%s", data->set.str[STRING_MAIL_AUTH]);
else
/* Empty AUTH, RFC-2554, sect. 5 */
auth = strdup("<>");
if(!auth) {
Curl_safefree(from);
return CURLE_OUT_OF_MEMORY;
}
}
/* calculate the optional SIZE parameter */
if(conn->data->set.infilesize > 0) {
size = aprintf("%" FORMAT_OFF_T, data->set.infilesize);
if(!size) {
Curl_safefree(from);
Curl_safefree(auth);
return CURLE_OUT_OF_MEMORY;
}
}
/* Send the MAIL command */
if(!auth && !size)
result = Curl_pp_sendf(&conn->proto.smtpc.pp,
"MAIL FROM:%s", from);
else if(auth && !size)
result = Curl_pp_sendf(&conn->proto.smtpc.pp,
"MAIL FROM:%s AUTH=%s", from, auth);
else if(auth && size)
result = Curl_pp_sendf(&conn->proto.smtpc.pp,
"MAIL FROM:%s AUTH=%s SIZE=%s", from, auth, size);
else
result = Curl_pp_sendf(&conn->proto.smtpc.pp,
"MAIL FROM:%s SIZE=%s", from, size);
Curl_safefree(from);
Curl_safefree(auth);
Curl_safefree(size);
if(result)
return result;
state(conn, SMTP_MAIL);
return result;
}
/*
* file_connect() gets called from Curl_protocol_connect() to allow us to
* do protocol-specific actions at connect-time. We emulate a
* connect-then-transfer protocol and "connect" to the file here
*/
static CURLcode file_connect(struct connectdata *conn, bool *done)
{
struct SessionHandle *data = conn->data;
char *real_path = curl_easy_unescape(data, data->state.path, 0, NULL);
struct FILEPROTO *file;
int fd;
#ifdef DOS_FILESYSTEM
int i;
char *actual_path;
#endif
if(!real_path)
return CURLE_OUT_OF_MEMORY;
/* If there already is a protocol-specific struct allocated for this
sessionhandle, deal with it */
Curl_reset_reqproto(conn);
if(!data->state.proto.file) {
file = calloc(sizeof(struct FILEPROTO), 1);
if(!file) {
free(real_path);
return CURLE_OUT_OF_MEMORY;
}
data->state.proto.file = file;
}
else {
/* file is not a protocol that can deal with "persistancy" */
file = data->state.proto.file;
Curl_safefree(file->freepath);
if(file->fd != -1)
close(file->fd);
file->path = NULL;
file->freepath = NULL;
file->fd = -1;
}
#ifdef DOS_FILESYSTEM
/* If the first character is a slash, and there's
something that looks like a drive at the beginning of
the path, skip the slash. If we remove the initial
slash in all cases, paths without drive letters end up
relative to the current directory which isn't how
browsers work.
Some browsers accept | instead of : as the drive letter
separator, so we do too.
On other platforms, we need the slash to indicate an
absolute pathname. On Windows, absolute paths start
with a drive letter.
*/
actual_path = real_path;
if((actual_path[0] == '/') &&
actual_path[1] &&
(actual_path[2] == ':' || actual_path[2] == '|'))
{
actual_path[2] = ':';
actual_path++;
}
/* change path separators from '/' to '\\' for DOS, Windows and OS/2 */
for (i=0; actual_path[i] != '\0'; ++i)
if(actual_path[i] == '/')
actual_path[i] = '\\';
fd = open_readonly(actual_path, O_RDONLY|O_BINARY); /* no CR/LF translation */
file->path = actual_path;
#else
fd = open_readonly(real_path, O_RDONLY);
file->path = real_path;
#endif
file->freepath = real_path; /* free this when done */
file->fd = fd;
if(!data->set.upload && (fd == -1)) {
failf(data, "Couldn't open file %s", data->state.path);
file_done(conn, CURLE_FILE_COULDNT_READ_FILE, FALSE);
return CURLE_FILE_COULDNT_READ_FILE;
}
*done = TRUE;
return CURLE_OK;
}
CURLcode Curl_output_negotiate(struct connectdata *conn, bool proxy)
{
struct negotiatedata *neg_ctx = proxy?&conn->data->state.proxyneg:
&conn->data->state.negotiate;
char *encoded = NULL;
size_t len = 0;
char *userp;
CURLcode error;
OM_uint32 discard_st;
#ifdef HAVE_SPNEGO /* Handle SPNEGO */
if(checkprefix("Negotiate", neg_ctx->protocol)) {
ASN1_OBJECT *object = NULL;
unsigned char *responseToken = NULL;
size_t responseTokenLength = 0;
gss_buffer_desc spnegoToken = GSS_C_EMPTY_BUFFER;
responseToken = malloc(neg_ctx->output_token.length);
if(responseToken == NULL)
return CURLE_OUT_OF_MEMORY;
memcpy(responseToken, neg_ctx->output_token.value,
neg_ctx->output_token.length);
responseTokenLength = neg_ctx->output_token.length;
object = OBJ_txt2obj("1.2.840.113554.1.2.2", 1);
if(!object) {
Curl_safefree(responseToken);
return CURLE_OUT_OF_MEMORY;
}
if(!makeSpnegoInitialToken(object,
responseToken,
responseTokenLength,
(unsigned char**)&spnegoToken.value,
&spnegoToken.length)) {
Curl_safefree(responseToken);
ASN1_OBJECT_free(object);
infof(conn->data, "Make SPNEGO Initial Token failed\n");
}
else if(!spnegoToken.value || !spnegoToken.length) {
Curl_safefree(responseToken);
ASN1_OBJECT_free(object);
if(spnegoToken.value)
gss_release_buffer(&discard_st, &spnegoToken);
infof(conn->data, "Make SPNEGO Initial Token succeeded (NULL token)\n");
}
else {
Curl_safefree(responseToken);
ASN1_OBJECT_free(object);
gss_release_buffer(&discard_st, &neg_ctx->output_token);
neg_ctx->output_token.value = spnegoToken.value;
neg_ctx->output_token.length = spnegoToken.length;
infof(conn->data, "Make SPNEGO Initial Token succeeded\n");
}
}
#endif
error = Curl_base64_encode(conn->data,
neg_ctx->output_token.value,
neg_ctx->output_token.length,
&encoded, &len);
if(error) {
gss_release_buffer(&discard_st, &neg_ctx->output_token);
neg_ctx->output_token.value = NULL;
neg_ctx->output_token.length = 0;
return error;
}
if(!encoded || !len) {
gss_release_buffer(&discard_st, &neg_ctx->output_token);
neg_ctx->output_token.value = NULL;
neg_ctx->output_token.length = 0;
return CURLE_REMOTE_ACCESS_DENIED;
}
userp = aprintf("%sAuthorization: %s %s\r\n", proxy ? "Proxy-" : "",
neg_ctx->protocol, encoded);
if(proxy) {
Curl_safefree(conn->allocptr.proxyuserpwd);
conn->allocptr.proxyuserpwd = userp;
}
else {
Curl_safefree(conn->allocptr.userpwd);
conn->allocptr.userpwd = userp;
}
Curl_safefree(encoded);
Curl_cleanup_negotiate(conn->data);
return (userp == NULL) ? CURLE_OUT_OF_MEMORY : CURLE_OK;
}
/* returning zero (0) means success, everything else is treated as "failure"
with no care exactly what the failure was */
int Curl_input_negotiate(struct connectdata *conn, bool proxy,
const char *header)
{
struct SessionHandle *data = conn->data;
struct negotiatedata *neg_ctx = proxy?&data->state.proxyneg:
&data->state.negotiate;
OM_uint32 major_status, minor_status, discard_st;
gss_buffer_desc input_token = GSS_C_EMPTY_BUFFER;
gss_buffer_desc output_token = GSS_C_EMPTY_BUFFER;
int ret;
size_t len;
size_t rawlen = 0;
bool gss;
const char* protocol;
CURLcode error;
while(*header && ISSPACE(*header))
header++;
if(checkprefix("GSS-Negotiate", header)) {
protocol = "GSS-Negotiate";
gss = TRUE;
}
else if(checkprefix("Negotiate", header)) {
protocol = "Negotiate";
gss = FALSE;
}
else
return -1;
if(neg_ctx->context) {
if(neg_ctx->gss != gss) {
return -1;
}
}
else {
neg_ctx->protocol = protocol;
neg_ctx->gss = gss;
}
if(neg_ctx->context && neg_ctx->status == GSS_S_COMPLETE) {
/* We finished successfully our part of authentication, but server
* rejected it (since we're again here). Exit with an error since we
* can't invent anything better */
Curl_cleanup_negotiate(data);
return -1;
}
if(neg_ctx->server_name == NULL &&
(ret = get_gss_name(conn, proxy, &neg_ctx->server_name)))
return ret;
header += strlen(neg_ctx->protocol);
while(*header && ISSPACE(*header))
header++;
len = strlen(header);
if(len > 0) {
error = Curl_base64_decode(header,
(unsigned char **)&input_token.value, &rawlen);
if(error || rawlen == 0)
return -1;
input_token.length = rawlen;
DEBUGASSERT(input_token.value != NULL);
#ifdef HAVE_SPNEGO /* Handle SPNEGO */
if(checkprefix("Negotiate", header)) {
unsigned char *spnegoToken = NULL;
size_t spnegoTokenLength = 0;
gss_buffer_desc mechToken = GSS_C_EMPTY_BUFFER;
spnegoToken = malloc(input_token.length);
if(spnegoToken == NULL) {
Curl_safefree(input_token.value);
return CURLE_OUT_OF_MEMORY;
}
memcpy(spnegoToken, input_token.value, input_token.length);
spnegoTokenLength = input_token.length;
if(!parseSpnegoTargetToken(spnegoToken,
spnegoTokenLength,
NULL,
NULL,
(unsigned char**)&mechToken.value,
&mechToken.length,
NULL,
NULL)) {
Curl_safefree(spnegoToken);
infof(data, "Parse SPNEGO Target Token failed\n");
}
else if(!mechToken.value || !mechToken.length) {
Curl_safefree(spnegoToken);
if(mechToken.value)
gss_release_buffer(&discard_st, &mechToken);
infof(data, "Parse SPNEGO Target Token succeeded (NULL token)\n");
}
else {
Curl_safefree(spnegoToken);
Curl_safefree(input_token.value);
input_token.value = malloc(mechToken.length);
if(input_token.value == NULL) {
gss_release_buffer(&discard_st, &mechToken);
return CURLE_OUT_OF_MEMORY;
}
memcpy(input_token.value, mechToken.value, mechToken.length);
input_token.length = mechToken.length;
gss_release_buffer(&discard_st, &mechToken);
infof(data, "Parse SPNEGO Target Token succeeded\n");
}
}
#endif
}
major_status = Curl_gss_init_sec_context(data,
&minor_status,
&neg_ctx->context,
neg_ctx->server_name,
GSS_C_NO_CHANNEL_BINDINGS,
&input_token,
&output_token,
NULL);
Curl_safefree(input_token.value);
neg_ctx->status = major_status;
if(GSS_ERROR(major_status)) {
if(output_token.value)
gss_release_buffer(&discard_st, &output_token);
log_gss_error(conn, minor_status, "gss_init_sec_context() failed: ");
return -1;
}
if(!output_token.value || !output_token.length) {
if(output_token.value)
gss_release_buffer(&discard_st, &output_token);
return -1;
}
neg_ctx->output_token = output_token;
return 0;
}
static CURLcode verify_certificate(struct connectdata *conn, int sockindex)
{
SECURITY_STATUS status;
struct SessionHandle *data = conn->data;
struct ssl_connect_data *connssl = &conn->ssl[sockindex];
CURLcode result = CURLE_OK;
CERT_CONTEXT *pCertContextServer = NULL;
const CERT_CHAIN_CONTEXT *pChainContext = NULL;
status = s_pSecFn->QueryContextAttributes(&connssl->ctxt->ctxt_handle,
SECPKG_ATTR_REMOTE_CERT_CONTEXT,
&pCertContextServer);
if((status != SEC_E_OK) || (pCertContextServer == NULL)) {
failf(data, "schannel: Failed to read remote certificate context: %s",
Curl_sspi_strerror(conn, status));
result = CURLE_PEER_FAILED_VERIFICATION;
}
if(result == CURLE_OK) {
CERT_CHAIN_PARA ChainPara;
memset(&ChainPara, 0, sizeof(ChainPara));
ChainPara.cbSize = sizeof(ChainPara);
if(!CertGetCertificateChain(NULL,
pCertContextServer,
NULL,
pCertContextServer->hCertStore,
&ChainPara,
0,
NULL,
&pChainContext)) {
failf(data, "schannel: CertGetCertificateChain failed: %s",
Curl_sspi_strerror(conn, GetLastError()));
pChainContext = NULL;
result = CURLE_PEER_FAILED_VERIFICATION;
}
if(result == CURLE_OK) {
CERT_SIMPLE_CHAIN *pSimpleChain = pChainContext->rgpChain[0];
DWORD dwTrustErrorMask = ~(CERT_TRUST_IS_NOT_TIME_NESTED|
CERT_TRUST_REVOCATION_STATUS_UNKNOWN);
dwTrustErrorMask &= pSimpleChain->TrustStatus.dwErrorStatus;
if(dwTrustErrorMask) {
if(dwTrustErrorMask & CERT_TRUST_IS_PARTIAL_CHAIN)
failf(data, "schannel: CertGetCertificateChain trust error"
" CERT_TRUST_IS_PARTIAL_CHAIN");
if(dwTrustErrorMask & CERT_TRUST_IS_UNTRUSTED_ROOT)
failf(data, "schannel: CertGetCertificateChain trust error"
" CERT_TRUST_IS_UNTRUSTED_ROOT");
if(dwTrustErrorMask & CERT_TRUST_IS_NOT_TIME_VALID)
failf(data, "schannel: CertGetCertificateChain trust error"
" CERT_TRUST_IS_NOT_TIME_VALID");
failf(data, "schannel: CertGetCertificateChain error mask: 0x%08x",
dwTrustErrorMask);
result = CURLE_PEER_FAILED_VERIFICATION;
}
}
}
if(result == CURLE_OK) {
if(data->set.ssl.verifyhost == 1) {
infof(data, "warning: ignoring unsupported value (1) ssl.verifyhost\n");
}
else if(data->set.ssl.verifyhost == 2) {
WCHAR cert_hostname[128];
WCHAR *hostname = Curl_convert_UTF8_to_wchar(conn->host.name);
DWORD len;
len = CertGetNameStringW(pCertContextServer,
CERT_NAME_DNS_TYPE,
0,
NULL,
cert_hostname,
128);
if(len > 0 && cert_hostname[0] == '*') {
/* this is a wildcard cert. try matching the last len - 1 chars */
int hostname_len = strlen(conn->host.name);
if(wcsicmp(cert_hostname + 1, hostname + hostname_len - len + 2) != 0)
result = CURLE_PEER_FAILED_VERIFICATION;
}
else if(len == 0 || wcsicmp(hostname, cert_hostname) != 0) {
result = CURLE_PEER_FAILED_VERIFICATION;
}
if(result == CURLE_PEER_FAILED_VERIFICATION) {
const char *_cert_hostname;
_cert_hostname = Curl_convert_wchar_to_UTF8(cert_hostname);
failf(data, "schannel: CertGetNameString() certificate hostname "
"(%s) did not match connection (%s)",
_cert_hostname, conn->host.name);
Curl_safefree((void *)_cert_hostname);
}
Curl_safefree(hostname);
}
}
if(pChainContext)
CertFreeCertificateChain(pChainContext);
if(pCertContextServer)
CertFreeCertificateContext(pCertContextServer);
return result;
}
/*
* This is for creating ntlm header output
*/
CURLcode Curl_output_ntlm(struct connectdata *conn,
bool proxy)
{
char *base64 = NULL;
CURLcode error;
/* point to the address of the pointer that holds the string to send to the
server, which is for a plain host or for a HTTP proxy */
char **allocuserpwd;
/* point to the name and password for this */
const char *userp;
const char *passwdp;
/* point to the correct struct with this */
struct ntlmdata *ntlm;
struct auth *authp;
DEBUGASSERT(conn);
DEBUGASSERT(conn->data);
#ifdef USE_NSS
if(CURLE_OK != Curl_nss_force_init(conn->data))
return CURLE_OUT_OF_MEMORY;
#endif
if(proxy) {
allocuserpwd = &conn->allocptr.proxyuserpwd;
userp = conn->proxyuser;
passwdp = conn->proxypasswd;
ntlm = &conn->proxyntlm;
authp = &conn->data->state.authproxy;
}
else {
allocuserpwd = &conn->allocptr.userpwd;
userp = conn->user;
passwdp = conn->passwd;
ntlm = &conn->ntlm;
authp = &conn->data->state.authhost;
}
authp->done = FALSE;
/* not set means empty */
if(!userp)
userp = "";
if(!passwdp)
passwdp = "";
#ifdef USE_WINDOWS_SSPI
if(s_hSecDll == NULL) {
/* not thread safe and leaks - use curl_global_init() to avoid */
CURLcode err = Curl_sspi_global_init();
if(s_hSecDll == NULL)
return err;
}
#endif
switch(ntlm->state) {
case NTLMSTATE_TYPE1:
default: /* for the weird cases we (re)start here */
/* Create a type-1 message */
error = Curl_ntlm_create_type1_message(userp, passwdp, ntlm, &base64);
if(error)
return error;
if(base64) {
Curl_safefree(*allocuserpwd);
*allocuserpwd = aprintf("%sAuthorization: NTLM %s\r\n",
proxy ? "Proxy-" : "",
base64);
DEBUG_OUT(fprintf(stderr, "**** Header %s\n ", *allocuserpwd));
free(base64);
}
break;
case NTLMSTATE_TYPE2:
/* We already received the type-2 message, create a type-3 message */
error = Curl_ntlm_create_type3_message(conn->data, userp, passwdp,
ntlm, &base64);
if(error)
return error;
if(base64) {
Curl_safefree(*allocuserpwd);
*allocuserpwd = aprintf("%sAuthorization: NTLM %s\r\n",
proxy ? "Proxy-" : "",
base64);
DEBUG_OUT(fprintf(stderr, "**** %s\n ", *allocuserpwd));
free(base64);
ntlm->state = NTLMSTATE_TYPE3; /* we send a type-3 */
authp->done = TRUE;
}
break;
case NTLMSTATE_TYPE3:
/* connection is already authenticated,
* don't send a header in future requests */
if(*allocuserpwd) {
free(*allocuserpwd);
*allocuserpwd = NULL;
}
authp->done = TRUE;
break;
}
return CURLE_OK;
}
static CURLcode
schannel_connect_step2(struct connectdata *conn, int sockindex)
{
int i;
ssize_t nread = -1, written = -1;
struct SessionHandle *data = conn->data;
struct ssl_connect_data *connssl = &conn->ssl[sockindex];
SecBuffer outbuf[2];
SecBufferDesc outbuf_desc;
SecBuffer inbuf[2];
SecBufferDesc inbuf_desc;
SECURITY_STATUS sspi_status = SEC_E_OK;
TCHAR *host_name;
CURLcode code;
bool doread;
doread = (connssl->connecting_state != ssl_connect_2_writing)?TRUE:FALSE;
infof(data, "schannel: SSL/TLS connection with %s port %hu (step 2/3)\n",
conn->host.name, conn->remote_port);
/* buffer to store previously received and encrypted data */
if(connssl->encdata_buffer == NULL) {
connssl->encdata_offset = 0;
connssl->encdata_length = CURL_SCHANNEL_BUFFER_INIT_SIZE;
connssl->encdata_buffer = malloc(connssl->encdata_length);
if(connssl->encdata_buffer == NULL) {
failf(data, "schannel: unable to allocate memory");
return CURLE_OUT_OF_MEMORY;
}
}
/* if we need a bigger buffer to read a full message, increase buffer now */
if(connssl->encdata_length - connssl->encdata_offset <
CURL_SCHANNEL_BUFFER_FREE_SIZE) {
if(connssl->encdata_length >= CURL_SCHANNEL_BUFFER_MAX_SIZE) {
failf(data, "schannel: memory buffer size limit reached");
return CURLE_OUT_OF_MEMORY;
}
/* increase internal encrypted data buffer */
connssl->encdata_length *= CURL_SCHANNEL_BUFFER_STEP_FACTOR;
connssl->encdata_buffer = realloc(connssl->encdata_buffer,
connssl->encdata_length);
if(connssl->encdata_buffer == NULL) {
failf(data, "schannel: unable to re-allocate memory");
return CURLE_OUT_OF_MEMORY;
}
}
for(;;) {
if(doread) {
/* read encrypted handshake data from socket */
code = Curl_read_plain(conn->sock[sockindex],
(char *) (connssl->encdata_buffer + connssl->encdata_offset),
connssl->encdata_length - connssl->encdata_offset,
&nread);
if(code == CURLE_AGAIN) {
if(connssl->connecting_state != ssl_connect_2_writing)
connssl->connecting_state = ssl_connect_2_reading;
infof(data, "schannel: failed to receive handshake, "
"need more data\n");
return CURLE_OK;
}
else if((code != CURLE_OK) || (nread == 0)) {
failf(data, "schannel: failed to receive handshake, "
"SSL/TLS connection failed");
return CURLE_SSL_CONNECT_ERROR;
}
/* increase encrypted data buffer offset */
connssl->encdata_offset += nread;
}
infof(data, "schannel: encrypted data buffer: offset %zu length %zu\n",
connssl->encdata_offset, connssl->encdata_length);
/* setup input buffers */
InitSecBuffer(&inbuf[0], SECBUFFER_TOKEN, malloc(connssl->encdata_offset),
curlx_uztoul(connssl->encdata_offset));
InitSecBuffer(&inbuf[1], SECBUFFER_EMPTY, NULL, 0);
InitSecBufferDesc(&inbuf_desc, inbuf, 2);
/* setup output buffers */
InitSecBuffer(&outbuf[0], SECBUFFER_TOKEN, NULL, 0);
InitSecBuffer(&outbuf[1], SECBUFFER_ALERT, NULL, 0);
InitSecBufferDesc(&outbuf_desc, outbuf, 2);
if(inbuf[0].pvBuffer == NULL) {
failf(data, "schannel: unable to allocate memory");
return CURLE_OUT_OF_MEMORY;
}
/* copy received handshake data into input buffer */
memcpy(inbuf[0].pvBuffer, connssl->encdata_buffer,
connssl->encdata_offset);
#ifdef UNICODE
host_name = Curl_convert_UTF8_to_wchar(conn->host.name);
if(!host_name)
return CURLE_OUT_OF_MEMORY;
#else
host_name = conn->host.name;
#endif
/* http://msdn.microsoft.com/en-us/library/windows/desktop/aa375924.aspx */
sspi_status = s_pSecFn->InitializeSecurityContext(
&connssl->cred->cred_handle, &connssl->ctxt->ctxt_handle,
host_name, connssl->req_flags, 0, 0, &inbuf_desc, 0, NULL,
&outbuf_desc, &connssl->ret_flags, &connssl->ctxt->time_stamp);
#ifdef UNICODE
Curl_safefree(host_name);
#endif
/* free buffer for received handshake data */
Curl_safefree(inbuf[0].pvBuffer);
/* check if the handshake was incomplete */
if(sspi_status == SEC_E_INCOMPLETE_MESSAGE) {
connssl->connecting_state = ssl_connect_2_reading;
infof(data, "schannel: received incomplete message, need more data\n");
return CURLE_OK;
}
/* check if the handshake needs to be continued */
if(sspi_status == SEC_I_CONTINUE_NEEDED || sspi_status == SEC_E_OK) {
for(i = 0; i < 2; i++) {
/* search for handshake tokens that need to be send */
if(outbuf[i].BufferType == SECBUFFER_TOKEN && outbuf[i].cbBuffer > 0) {
infof(data, "schannel: sending next handshake data: "
"sending %lu bytes...\n", outbuf[i].cbBuffer);
/* send handshake token to server */
code = Curl_write_plain(conn, conn->sock[sockindex],
outbuf[i].pvBuffer, outbuf[i].cbBuffer,
&written);
if((code != CURLE_OK) || (outbuf[i].cbBuffer != (size_t)written)) {
failf(data, "schannel: failed to send next handshake data: "
"sent %zd of %lu bytes", written, outbuf[i].cbBuffer);
return CURLE_SSL_CONNECT_ERROR;
}
}
/* free obsolete buffer */
if(outbuf[i].pvBuffer != NULL) {
s_pSecFn->FreeContextBuffer(outbuf[i].pvBuffer);
}
}
}
else {
if(sspi_status == SEC_E_WRONG_PRINCIPAL)
failf(data, "schannel: SNI or certificate check failed: %s",
Curl_sspi_strerror(conn, sspi_status));
else
failf(data, "schannel: next InitializeSecurityContext failed: %s",
Curl_sspi_strerror(conn, sspi_status));
return CURLE_SSL_CONNECT_ERROR;
}
/* check if there was additional remaining encrypted data */
if(inbuf[1].BufferType == SECBUFFER_EXTRA && inbuf[1].cbBuffer > 0) {
infof(data, "schannel: encrypted data length: %lu\n", inbuf[1].cbBuffer);
/*
There are two cases where we could be getting extra data here:
1) If we're renegotiating a connection and the handshake is already
complete (from the server perspective), it can encrypted app data
(not handshake data) in an extra buffer at this point.
2) (sspi_status == SEC_I_CONTINUE_NEEDED) We are negotiating a
connection and this extra data is part of the handshake.
We should process the data immediately; waiting for the socket to
be ready may fail since the server is done sending handshake data.
*/
/* check if the remaining data is less than the total amount
and therefore begins after the already processed data */
if(connssl->encdata_offset > inbuf[1].cbBuffer) {
memmove(connssl->encdata_buffer,
(connssl->encdata_buffer + connssl->encdata_offset) -
inbuf[1].cbBuffer, inbuf[1].cbBuffer);
connssl->encdata_offset = inbuf[1].cbBuffer;
if(sspi_status == SEC_I_CONTINUE_NEEDED) {
doread = FALSE;
continue;
}
}
}
else {
connssl->encdata_offset = 0;
}
break;
}
/* check if the handshake needs to be continued */
if(sspi_status == SEC_I_CONTINUE_NEEDED) {
connssl->connecting_state = ssl_connect_2_reading;
return CURLE_OK;
}
/* check if the handshake is complete */
if(sspi_status == SEC_E_OK) {
connssl->connecting_state = ssl_connect_3;
infof(data, "schannel: SSL/TLS handshake complete\n");
}
#ifdef _WIN32_WCE
/* Windows CE doesn't do any server certificate validation.
We have to do it manually. */
if(data->set.ssl.verifypeer)
return verify_certificate(conn, sockindex);
#endif
return CURLE_OK;
}
CURLcode Curl_input_negotiate(struct connectdata *conn, bool proxy,
const char *header)
{
BYTE *input_token = NULL;
SecBufferDesc out_buff_desc;
SecBuffer out_sec_buff;
SecBufferDesc in_buff_desc;
SecBuffer in_sec_buff;
SECURITY_STATUS status;
unsigned long attrs;
TimeStamp expiry; /* For Windows 9x compatibility of SSPI calls */
size_t len = 0, input_token_len = 0;
CURLcode result;
/* Point to the username and password */
const char *userp;
const char *passwdp;
/* Point to the correct struct with this */
struct negotiatedata *neg_ctx;
if(proxy) {
userp = conn->proxyuser;
passwdp = conn->proxypasswd;
neg_ctx = &conn->data->state.proxyneg;
}
else {
userp = conn->user;
passwdp = conn->passwd;
neg_ctx = &conn->data->state.negotiate;
}
/* Not set means empty */
if(!userp)
userp = "";
if(!passwdp)
passwdp = "";
if(neg_ctx->context && neg_ctx->status == SEC_E_OK) {
/* We finished successfully our part of authentication, but server
* rejected it (since we're again here). Exit with an error since we
* can't invent anything better */
Curl_cleanup_negotiate(conn->data);
return CURLE_LOGIN_DENIED;
}
if(!neg_ctx->server_name) {
/* Check proxy auth requested but no given proxy name */
if(proxy && !conn->proxy.name)
return CURLE_BAD_FUNCTION_ARGUMENT;
/* Generate our SPN */
neg_ctx->server_name = Curl_sasl_build_spn("HTTP",
proxy ? conn->proxy.name :
conn->host.name);
if(!neg_ctx->server_name)
return CURLE_OUT_OF_MEMORY;
}
if(!neg_ctx->output_token) {
PSecPkgInfo SecurityPackage;
status = s_pSecFn->QuerySecurityPackageInfo((TCHAR *)
TEXT(SP_NAME_NEGOTIATE),
&SecurityPackage);
if(status != SEC_E_OK)
return CURLE_NOT_BUILT_IN;
/* Allocate input and output buffers according to the max token size
as indicated by the security package */
neg_ctx->token_max = SecurityPackage->cbMaxToken;
neg_ctx->output_token = malloc(neg_ctx->token_max);
s_pSecFn->FreeContextBuffer(SecurityPackage);
}
/* Obtain the input token, if any */
header += strlen("Negotiate");
while(*header && ISSPACE(*header))
header++;
len = strlen(header);
if(!len) {
/* Is this the first call in a new negotiation? */
if(neg_ctx->context) {
/* The server rejected our authentication and hasn't suppled any more
negotiation mechanisms */
return CURLE_LOGIN_DENIED;
}
/* We have to acquire credentials and allocate memory for the context */
neg_ctx->credentials = malloc(sizeof(CredHandle));
neg_ctx->context = malloc(sizeof(CtxtHandle));
if(!neg_ctx->credentials || !neg_ctx->context)
return CURLE_OUT_OF_MEMORY;
if(userp && *userp) {
/* Populate our identity structure */
result = Curl_create_sspi_identity(userp, passwdp, &neg_ctx->identity);
if(result)
return result;
/* Allow proper cleanup of the identity structure */
neg_ctx->p_identity = &neg_ctx->identity;
}
else
/* Use the current Windows user */
neg_ctx->p_identity = NULL;
/* Acquire our credientials handle */
neg_ctx->status =
s_pSecFn->AcquireCredentialsHandle(NULL,
(TCHAR *) TEXT(SP_NAME_NEGOTIATE),
SECPKG_CRED_OUTBOUND, NULL,
neg_ctx->p_identity, NULL, NULL,
neg_ctx->credentials, &expiry);
if(neg_ctx->status != SEC_E_OK)
return CURLE_LOGIN_DENIED;
}
else {
result = Curl_base64_decode(header,
(unsigned char **)&input_token,
&input_token_len);
if(result)
return result;
if(!input_token_len) {
infof(conn->data,
"Negotiate handshake failure (empty challenge message)\n");
return CURLE_BAD_CONTENT_ENCODING;
}
}
/* Setup the "output" security buffer */
out_buff_desc.ulVersion = SECBUFFER_VERSION;
out_buff_desc.cBuffers = 1;
out_buff_desc.pBuffers = &out_sec_buff;
out_sec_buff.BufferType = SECBUFFER_TOKEN;
out_sec_buff.pvBuffer = neg_ctx->output_token;
out_sec_buff.cbBuffer = curlx_uztoul(neg_ctx->token_max);
/* Setup the "input" security buffer if present */
if(input_token) {
in_buff_desc.ulVersion = SECBUFFER_VERSION;
in_buff_desc.cBuffers = 1;
in_buff_desc.pBuffers = &in_sec_buff;
in_sec_buff.BufferType = SECBUFFER_TOKEN;
in_sec_buff.pvBuffer = input_token;
in_sec_buff.cbBuffer = curlx_uztoul(input_token_len);
}
/* Generate our message */
neg_ctx->status = s_pSecFn->InitializeSecurityContext(
neg_ctx->credentials,
input_token ? neg_ctx->context : NULL,
neg_ctx->server_name,
ISC_REQ_CONFIDENTIALITY,
0,
SECURITY_NATIVE_DREP,
input_token ? &in_buff_desc : NULL,
0,
neg_ctx->context,
&out_buff_desc,
&attrs,
&expiry);
Curl_safefree(input_token);
if(GSS_ERROR(neg_ctx->status))
return CURLE_OUT_OF_MEMORY;
if(neg_ctx->status == SEC_I_COMPLETE_NEEDED ||
neg_ctx->status == SEC_I_COMPLETE_AND_CONTINUE) {
neg_ctx->status = s_pSecFn->CompleteAuthToken(neg_ctx->context,
&out_buff_desc);
if(GSS_ERROR(neg_ctx->status))
return CURLE_RECV_ERROR;
}
neg_ctx->output_token_length = out_sec_buff.cbBuffer;
return CURLE_OK;
}
static CURLcode gopher_do(struct connectdata *conn, bool *done)
{
CURLcode result=CURLE_OK;
struct SessionHandle *data=conn->data;
curl_socket_t sockfd = conn->sock[FIRSTSOCKET];
curl_off_t *bytecount = &data->req.bytecount;
char *path = data->state.path;
char *sel;
char *sel_org = NULL;
ssize_t amount, k;
*done = TRUE; /* unconditionally */
/* Create selector. Degenerate cases: / and /1 => convert to "" */
if(strlen(path) <= 2)
sel = (char *)"";
else {
char *newp;
size_t j, i;
int len;
/* Otherwise, drop / and the first character (i.e., item type) ... */
newp = path;
newp+=2;
/* ... then turn ? into TAB for search servers, Veronica, etc. ... */
j = strlen(newp);
for(i=0; i<j; i++)
if(newp[i] == '?')
newp[i] = '\x09';
/* ... and finally unescape */
sel = curl_easy_unescape(data, newp, 0, &len);
if(!sel)
return CURLE_OUT_OF_MEMORY;
sel_org = sel;
}
/* We use Curl_write instead of Curl_sendf to make sure the entire buffer is
sent, which could be sizeable with long selectors. */
k = curlx_uztosz(strlen(sel));
for(;;) {
result = Curl_write(conn, sockfd, sel, k, &amount);
if(CURLE_OK == result) { /* Which may not have written it all! */
result = Curl_client_write(conn, CLIENTWRITE_HEADER, sel, amount);
if(result) {
Curl_safefree(sel_org);
return result;
}
k -= amount;
sel += amount;
if(k < 1)
break; /* but it did write it all */
}
else {
failf(data, "Failed sending Gopher request");
Curl_safefree(sel_org);
return result;
}
/* Don't busyloop. The entire loop thing is a work-around as it causes a
BLOCKING behavior which is a NO-NO. This function should rather be
split up in a do and a doing piece where the pieces that aren't
possible to send now will be sent in the doing function repeatedly
until the entire request is sent.
Wait a while for the socket to be writable. Note that this doesn't
acknowledge the timeout.
*/
Curl_socket_ready(CURL_SOCKET_BAD, sockfd, 100);
}
Curl_safefree(sel_org);
/* We can use Curl_sendf to send the terminal \r\n relatively safely and
save allocing another string/doing another _write loop. */
result = Curl_sendf(sockfd, conn, "\r\n");
if(result != CURLE_OK) {
failf(data, "Failed sending Gopher request");
return result;
}
result = Curl_client_write(conn, CLIENTWRITE_HEADER, (char *)"\r\n", 2);
if(result)
return result;
Curl_setup_transfer(conn, FIRSTSOCKET, -1, FALSE, bytecount,
-1, NULL); /* no upload */
return CURLE_OK;
}
/*
* init_resolve_thread() starts a new thread that performs the actual
* resolve. This function returns before the resolve is done.
*
* Returns FALSE in case of failure, otherwise TRUE.
*/
static bool init_resolve_thread (struct connectdata *conn,
const char *hostname, int port,
const Curl_addrinfo *hints)
{
struct thread_data *td = calloc(sizeof(*td), 1);
HANDLE thread_and_event[2] = {0};
if (!td) {
SetLastError(ENOMEM);
return FALSE;
}
Curl_safefree(conn->async.hostname);
conn->async.hostname = strdup(hostname);
if (!conn->async.hostname) {
free(td);
SetLastError(ENOMEM);
return FALSE;
}
conn->async.port = port;
conn->async.done = FALSE;
conn->async.status = 0;
conn->async.dns = NULL;
conn->async.os_specific = (void*) td;
td->dummy_sock = CURL_SOCKET_BAD;
/* Create the mutex used to inform the resolver thread that we're
* still waiting, and take initial ownership.
*/
td->mutex_waiting = CreateMutex(NULL, TRUE, NULL);
if (td->mutex_waiting == NULL) {
Curl_destroy_thread_data(&conn->async);
SetLastError(EAGAIN);
return FALSE;
}
/* Create the event that the thread uses to inform us that it's
* done resolving. Do not signal it.
*/
td->event_resolved = CreateEvent(NULL, TRUE, FALSE, NULL);
if (td->event_resolved == NULL) {
Curl_destroy_thread_data(&conn->async);
SetLastError(EAGAIN);
return FALSE;
}
/* Create the mutex used to serialize access to event_terminated
* between us and resolver thread.
*/
td->mutex_terminate = CreateMutex(NULL, FALSE, NULL);
if (td->mutex_terminate == NULL) {
Curl_destroy_thread_data(&conn->async);
SetLastError(EAGAIN);
return FALSE;
}
/* Create the event used to signal thread that it should terminate.
*/
td->event_terminate = CreateEvent(NULL, TRUE, FALSE, NULL);
if (td->event_terminate == NULL) {
Curl_destroy_thread_data(&conn->async);
SetLastError(EAGAIN);
return FALSE;
}
/* Create the event used by thread to inform it has initialized its own data.
*/
td->event_thread_started = CreateEvent(NULL, TRUE, FALSE, NULL);
if (td->event_thread_started == NULL) {
Curl_destroy_thread_data(&conn->async);
SetLastError(EAGAIN);
return FALSE;
}
td->stderr_file = stderr;
#ifdef _WIN32_WCE
td->thread_hnd = (HANDLE) CreateThread(NULL, 0,
(LPTHREAD_START_ROUTINE) THREAD_FUNC,
conn, 0, &td->thread_id);
#else
td->thread_hnd = (HANDLE) _beginthreadex(NULL, 0, THREAD_FUNC,
conn, 0, &td->thread_id);
#endif
#ifdef CURLRES_IPV6
curlassert(hints);
td->hints = *hints;
#else
(void) hints;
#endif
if (!td->thread_hnd) {
SetLastError(errno);
TRACE(("_beginthreadex() failed; %s\n", Curl_strerror(conn,errno)));
Curl_destroy_thread_data(&conn->async);
return FALSE;
}
/* Waiting until the thread will initialize its data or it will exit due errors.
*/
thread_and_event[0] = td->thread_hnd;
thread_and_event[1] = td->event_thread_started;
if (WaitForMultipleObjects(sizeof(thread_and_event) /
sizeof(thread_and_event[0]),
thread_and_event, FALSE,
INFINITE) == WAIT_FAILED) {
/* The resolver thread has been created,
* most probably it works now - ignoring this "minor" error
*/
}
/* This socket is only to keep Curl_resolv_fdset() and select() happy;
* should never become signalled for read/write since it's unbound but
* Windows needs atleast 1 socket in select().
*/
td->dummy_sock = socket(AF_INET, SOCK_DGRAM, 0);
return TRUE;
}
/*
* curl_easy_reset() is an external interface that allows an app to re-
* initialize a session handle to the default values.
*/
void curl_easy_reset(CURL *curl)
{
struct SessionHandle *data = (struct SessionHandle *)curl;
Curl_safefree(data->reqdata.pathbuffer);
data->reqdata.pathbuffer=NULL;
Curl_safefree(data->reqdata.proto.generic);
data->reqdata.proto.generic=NULL;
/* zero out UserDefined data: */
memset(&data->set, 0, sizeof(struct UserDefined));
/* zero out Progress data: */
memset(&data->progress, 0, sizeof(struct Progress));
/* init Handle data */
Curl_easy_initHandleData(data);
/* The remainder of these calls have been taken from Curl_open() */
data->set.out = stdout; /* default output to stdout */
data->set.in = stdin; /* default input from stdin */
data->set.err = stderr; /* default stderr to stderr */
/* use fwrite as default function to store output */
data->set.fwrite = (curl_write_callback)fwrite;
/* use fread as default function to read input */
data->set.fread = (curl_read_callback)fread;
data->set.infilesize = -1; /* we don't know any size */
data->set.postfieldsize = -1;
data->state.current_speed = -1; /* init to negative == impossible */
data->set.httpreq = HTTPREQ_GET; /* Default HTTP request */
data->set.ftp_use_epsv = TRUE; /* FTP defaults to EPSV operations */
data->set.ftp_use_eprt = TRUE; /* FTP defaults to EPRT operations */
data->set.dns_cache_timeout = 60; /* Timeout every 60 seconds by default */
/* make libcurl quiet by default: */
data->set.hide_progress = TRUE; /* CURLOPT_NOPROGRESS changes these */
data->progress.flags |= PGRS_HIDE;
/* Set the default size of the SSL session ID cache */
data->set.ssl.numsessions = 5;
data->set.proxyport = 1080;
data->set.proxytype = CURLPROXY_HTTP; /* defaults to HTTP proxy */
data->set.httpauth = CURLAUTH_BASIC; /* defaults to basic */
data->set.proxyauth = CURLAUTH_BASIC; /* defaults to basic */
/*
* libcurl 7.10 introduced SSL verification *by default*! This needs to be
* switched off unless wanted.
*/
data->set.ssl.verifypeer = TRUE;
data->set.ssl.verifyhost = 2;
#ifdef CURL_CA_BUNDLE
/* This is our prefered CA cert bundle since install time */
data->set.ssl.CAfile = (char *)CURL_CA_BUNDLE;
#endif
}
CURLcode Curl_output_digest(struct connectdata *conn,
bool proxy,
const unsigned char *request,
const unsigned char *uripath)
{
/* We have a Digest setup for this, use it! Now, to get all the details for
this sorted out, I must urge you dear friend to read up on the RFC2617
section 3.2.2, */
unsigned char md5buf[16]; /* 16 bytes/128 bits */
unsigned char request_digest[33];
unsigned char *md5this;
unsigned char *ha1;
unsigned char ha2[33];/* 32 digits and 1 zero byte */
char cnoncebuf[7];
char *cnonce;
char *tmp = NULL;
struct timeval now;
char **allocuserpwd;
char *userp;
char *passwdp;
struct auth *authp;
struct SessionHandle *data = conn->data;
struct digestdata *d;
#ifdef CURL_DOES_CONVERSIONS
CURLcode rc;
/* The CURL_OUTPUT_DIGEST_CONV macro below is for non-ASCII machines.
It converts digest text to ASCII so the MD5 will be correct for
what ultimately goes over the network.
*/
#define CURL_OUTPUT_DIGEST_CONV(a, b) \
rc = Curl_convert_to_network(a, (char *)b, strlen((const char*)b)); \
if (rc != CURLE_OK) { \
free(b); \
return rc; \
}
#else
#define CURL_OUTPUT_DIGEST_CONV(a, b)
#endif /* CURL_DOES_CONVERSIONS */
if(proxy) {
d = &data->state.proxydigest;
allocuserpwd = &conn->allocptr.proxyuserpwd;
userp = conn->proxyuser;
passwdp = conn->proxypasswd;
authp = &data->state.authproxy;
}
else {
d = &data->state.digest;
allocuserpwd = &conn->allocptr.userpwd;
userp = conn->user;
passwdp = conn->passwd;
authp = &data->state.authhost;
}
if (*allocuserpwd) {
Curl_safefree(*allocuserpwd);
*allocuserpwd = NULL;
}
/* not set means empty */
if(!userp)
userp=(char *)"";
if(!passwdp)
passwdp=(char *)"";
if(!d->nonce) {
authp->done = FALSE;
return CURLE_OK;
}
authp->done = TRUE;
if(!d->nc)
d->nc = 1;
if(!d->cnonce) {
/* Generate a cnonce */
now = Curl_tvnow();
snprintf(cnoncebuf, sizeof(cnoncebuf), "%06ld", now.tv_sec);
if(Curl_base64_encode(data, cnoncebuf, strlen(cnoncebuf), &cnonce))
d->cnonce = cnonce;
else
return CURLE_OUT_OF_MEMORY;
}
/*
if the algorithm is "MD5" or unspecified (which then defaults to MD5):
A1 = unq(username-value) ":" unq(realm-value) ":" passwd
if the algorithm is "MD5-sess" then:
A1 = H( unq(username-value) ":" unq(realm-value) ":" passwd )
":" unq(nonce-value) ":" unq(cnonce-value)
*/
md5this = (unsigned char *)
aprintf("%s:%s:%s", userp, d->realm, passwdp);
if(!md5this)
return CURLE_OUT_OF_MEMORY;
CURL_OUTPUT_DIGEST_CONV(data, md5this); /* convert on non-ASCII machines */
Curl_md5it(md5buf, md5this);
free(md5this); /* free this again */
ha1 = (unsigned char *)malloc(33); /* 32 digits and 1 zero byte */
if(!ha1)
return CURLE_OUT_OF_MEMORY;
md5_to_ascii(md5buf, ha1);
if(d->algo == CURLDIGESTALGO_MD5SESS) {
/* nonce and cnonce are OUTSIDE the hash */
tmp = aprintf("%s:%s:%s", ha1, d->nonce, d->cnonce);
if(!tmp)
return CURLE_OUT_OF_MEMORY;
CURL_OUTPUT_DIGEST_CONV(data, tmp); /* convert on non-ASCII machines */
Curl_md5it(md5buf, (unsigned char *)tmp);
free(tmp); /* free this again */
md5_to_ascii(md5buf, ha1);
}
/*
If the "qop" directive's value is "auth" or is unspecified, then A2 is:
A2 = Method ":" digest-uri-value
If the "qop" value is "auth-int", then A2 is:
A2 = Method ":" digest-uri-value ":" H(entity-body)
(The "Method" value is the HTTP request method as specified in section
5.1.1 of RFC 2616)
*/
md5this = (unsigned char *)aprintf("%s:%s", request, uripath);
if(!md5this) {
free(ha1);
return CURLE_OUT_OF_MEMORY;
}
if (d->qop && strequal(d->qop, "auth-int")) {
/* We don't support auth-int at the moment. I can't see a easy way to get
entity-body here */
/* TODO: Append H(entity-body)*/
}
CURL_OUTPUT_DIGEST_CONV(data, md5this); /* convert on non-ASCII machines */
Curl_md5it(md5buf, md5this);
free(md5this); /* free this again */
md5_to_ascii(md5buf, ha2);
if (d->qop) {
md5this = (unsigned char *)aprintf("%s:%s:%08x:%s:%s:%s",
ha1,
d->nonce,
d->nc,
d->cnonce,
d->qop,
ha2);
}
else {
md5this = (unsigned char *)aprintf("%s:%s:%s",
ha1,
d->nonce,
ha2);
}
free(ha1);
if(!md5this)
return CURLE_OUT_OF_MEMORY;
CURL_OUTPUT_DIGEST_CONV(data, md5this); /* convert on non-ASCII machines */
Curl_md5it(md5buf, md5this);
free(md5this); /* free this again */
md5_to_ascii(md5buf, request_digest);
/* for test case 64 (snooped from a Mozilla 1.3a request)
Authorization: Digest username="******", realm="testrealm", \
nonce="1053604145", uri="/64", response="c55f7f30d83d774a3d2dcacf725abaca"
*/
if (d->qop) {
*allocuserpwd =
aprintf( "%sAuthorization: Digest "
"username=\"%s\", "
"realm=\"%s\", "
"nonce=\"%s\", "
"uri=\"%s\", "
"cnonce=\"%s\", "
"nc=%08x, "
"qop=\"%s\", "
"response=\"%s\"",
proxy?"Proxy-":"",
userp,
d->realm,
d->nonce,
uripath, /* this is the PATH part of the URL */
d->cnonce,
d->nc,
d->qop,
request_digest);
if(strequal(d->qop, "auth"))
d->nc++; /* The nc (from RFC) has to be a 8 hex digit number 0 padded
which tells to the server how many times you are using the
same nonce in the qop=auth mode. */
}
else {
*allocuserpwd =
aprintf( "%sAuthorization: Digest "
"username=\"%s\", "
"realm=\"%s\", "
"nonce=\"%s\", "
"uri=\"%s\", "
"response=\"%s\"",
proxy?"Proxy-":"",
userp,
d->realm,
d->nonce,
uripath, /* this is the PATH part of the URL */
request_digest);
}
if(!*allocuserpwd)
return CURLE_OUT_OF_MEMORY;
/* Add optional fields */
if(d->opaque) {
/* append opaque */
tmp = aprintf("%s, opaque=\"%s\"", *allocuserpwd, d->opaque);
if(!tmp)
return CURLE_OUT_OF_MEMORY;
free(*allocuserpwd);
*allocuserpwd = tmp;
}
if(d->algorithm) {
/* append algorithm */
tmp = aprintf("%s, algorithm=\"%s\"", *allocuserpwd, d->algorithm);
if(!tmp)
return CURLE_OUT_OF_MEMORY;
free(*allocuserpwd);
*allocuserpwd = tmp;
}
/* append CRLF to the userpwd header */
tmp = (char*) realloc(*allocuserpwd, strlen(*allocuserpwd) + 3 + 1);
if(!tmp)
return CURLE_OUT_OF_MEMORY;
strcat(tmp, "\r\n");
*allocuserpwd = tmp;
return CURLE_OK;
}
CURLcode Curl_pin_peer_pubkey(struct Curl_easy *data,
const char *pinnedpubkey,
const unsigned char *pubkey, size_t pubkeylen)
{
FILE *fp;
unsigned char *buf = NULL, *pem_ptr = NULL;
long filesize;
size_t size, pem_len;
CURLcode pem_read;
CURLcode result = CURLE_SSL_PINNEDPUBKEYNOTMATCH;
#ifdef curlssl_sha256sum
CURLcode encode;
size_t encodedlen, pinkeylen;
char *encoded, *pinkeycopy, *begin_pos, *end_pos;
unsigned char *sha256sumdigest = NULL;
#endif
/* if a path wasn't specified, don't pin */
if(!pinnedpubkey)
return CURLE_OK;
if(!pubkey || !pubkeylen)
return result;
/* only do this if pinnedpubkey starts with "sha256//", length 8 */
if(strncmp(pinnedpubkey, "sha256//", 8) == 0) {
#ifdef curlssl_sha256sum
/* compute sha256sum of public key */
sha256sumdigest = malloc(SHA256_DIGEST_LENGTH);
if(!sha256sumdigest)
return CURLE_OUT_OF_MEMORY;
curlssl_sha256sum(pubkey, pubkeylen,
sha256sumdigest, SHA256_DIGEST_LENGTH);
encode = Curl_base64_encode(data, (char *)sha256sumdigest,
SHA256_DIGEST_LENGTH, &encoded, &encodedlen);
Curl_safefree(sha256sumdigest);
if(encode)
return encode;
infof(data, "\t public key hash: sha256//%s\n", encoded);
/* it starts with sha256//, copy so we can modify it */
pinkeylen = strlen(pinnedpubkey) + 1;
pinkeycopy = malloc(pinkeylen);
if(!pinkeycopy) {
Curl_safefree(encoded);
return CURLE_OUT_OF_MEMORY;
}
memcpy(pinkeycopy, pinnedpubkey, pinkeylen);
/* point begin_pos to the copy, and start extracting keys */
begin_pos = pinkeycopy;
do {
end_pos = strstr(begin_pos, ";sha256//");
/*
* if there is an end_pos, null terminate,
* otherwise it'll go to the end of the original string
*/
if(end_pos)
end_pos[0] = '\0';
/* compare base64 sha256 digests, 8 is the length of "sha256//" */
if(encodedlen == strlen(begin_pos + 8) &&
!memcmp(encoded, begin_pos + 8, encodedlen)) {
result = CURLE_OK;
break;
}
/*
* change back the null-terminator we changed earlier,
* and look for next begin
*/
if(end_pos) {
end_pos[0] = ';';
begin_pos = strstr(end_pos, "sha256//");
}
} while(end_pos && begin_pos);
Curl_safefree(encoded);
Curl_safefree(pinkeycopy);
#else
/* without sha256 support, this cannot match */
(void)data;
#endif
return result;
}
fp = fopen(pinnedpubkey, "rb");
if(!fp)
return result;
do {
/* Determine the file's size */
if(fseek(fp, 0, SEEK_END))
break;
filesize = ftell(fp);
if(fseek(fp, 0, SEEK_SET))
break;
if(filesize < 0 || filesize > MAX_PINNED_PUBKEY_SIZE)
break;
/*
* if the size of our certificate is bigger than the file
* size then it can't match
*/
size = curlx_sotouz((curl_off_t) filesize);
if(pubkeylen > size)
break;
/*
* Allocate buffer for the pinned key
* With 1 additional byte for null terminator in case of PEM key
*/
buf = malloc(size + 1);
if(!buf)
break;
/* Returns number of elements read, which should be 1 */
if((int) fread(buf, size, 1, fp) != 1)
break;
/* If the sizes are the same, it can't be base64 encoded, must be der */
if(pubkeylen == size) {
if(!memcmp(pubkey, buf, pubkeylen))
result = CURLE_OK;
break;
}
/*
* Otherwise we will assume it's PEM and try to decode it
* after placing null terminator
*/
buf[size] = '\0';
pem_read = pubkey_pem_to_der((const char *)buf, &pem_ptr, &pem_len);
/* if it wasn't read successfully, exit */
if(pem_read)
break;
/*
* if the size of our certificate doesn't match the size of
* the decoded file, they can't be the same, otherwise compare
*/
if(pubkeylen == pem_len && !memcmp(pubkey, pem_ptr, pubkeylen))
result = CURLE_OK;
} while(0);
Curl_safefree(buf);
Curl_safefree(pem_ptr);
fclose(fp);
return result;
}
int formparse(struct Configurable *config,
const char *input,
struct curl_httppost **httppost,
struct curl_httppost **last_post,
bool literal_value)
{
/* nextarg MUST be a string in the format 'name=contents' and we'll
build a linked list with the info */
char name[256];
char *contents = NULL;
char major[128];
char minor[128];
char *contp;
const char *type = NULL;
char *sep;
char *sep2;
if((1 == sscanf(input, "%255[^=]=", name)) &&
((contp = strchr(input, '=')) != NULL)) {
/* the input was using the correct format */
/* Allocate the contents */
contents = strdup(contp+1);
if(!contents) {
fprintf(config->errors, "out of memory\n");
return 1;
}
contp = contents;
if('@' == contp[0] && !literal_value) {
/* we use the @-letter to indicate file name(s) */
struct multi_files *multi_start = NULL;
struct multi_files *multi_current = NULL;
contp++;
do {
/* since this was a file, it may have a content-type specifier
at the end too, or a filename. Or both. */
char *ptr;
char *filename = NULL;
sep = strchr(contp, FORM_TYPE_SEPARATOR);
sep2 = strchr(contp, FORM_FILE_SEPARATOR);
/* pick the closest */
if(sep2 && (sep2 < sep)) {
sep = sep2;
/* no type was specified! */
}
type = NULL;
if(sep) {
/* if we got here on a comma, don't do much */
if(FORM_FILE_SEPARATOR == *sep)
ptr = NULL;
else
ptr = sep+1;
*sep = '\0'; /* terminate file name at separator */
while(ptr && (FORM_FILE_SEPARATOR!= *ptr)) {
/* pass all white spaces */
while(ISSPACE(*ptr))
ptr++;
if(checkprefix("type=", ptr)) {
/* set type pointer */
type = &ptr[5];
/* verify that this is a fine type specifier */
if(2 != sscanf(type, "%127[^/]/%127[^;,\n]",
major, minor)) {
warnf(config, "Illegally formatted content-type field!\n");
Curl_safefree(contents);
FreeMultiInfo(&multi_start, &multi_current);
return 2; /* illegal content-type syntax! */
}
/* now point beyond the content-type specifier */
sep = (char *)type + strlen(major)+strlen(minor)+1;
/* there's a semicolon following - we check if it is a filename
specified and if not we simply assume that it is text that
the user wants included in the type and include that too up
to the next zero or semicolon. */
if((*sep==';') && !checkprefix(";filename=", sep)) {
sep2 = strchr(sep+1, ';');
if(sep2)
sep = sep2;
else
sep = sep + strlen(sep); /* point to end of string */
}
if(*sep) {
*sep = '\0'; /* zero terminate type string */
ptr = sep+1;
}
else
ptr = NULL; /* end */
}
else if(checkprefix("filename=", ptr)) {
filename = &ptr[9];
ptr = strchr(filename, FORM_TYPE_SEPARATOR);
if(!ptr) {
ptr = strchr(filename, FORM_FILE_SEPARATOR);
}
if(ptr) {
*ptr = '\0'; /* zero terminate */
ptr++;
}
}
else
/* confusion, bail out of loop */
break;
}
/* find the following comma */
if(ptr)
sep = strchr(ptr, FORM_FILE_SEPARATOR);
else
sep = NULL;
}
else {
sep = strchr(contp, FORM_FILE_SEPARATOR);
}
if(sep) {
/* the next file name starts here */
*sep = '\0';
sep++;
}
/* if type == NULL curl_formadd takes care of the problem */
if(!AddMultiFiles(contp, type, filename, &multi_start,
&multi_current)) {
warnf(config, "Error building form post!\n");
Curl_safefree(contents);
FreeMultiInfo(&multi_start, &multi_current);
return 3;
}
contp = sep; /* move the contents pointer to after the separator */
} while(sep && *sep); /* loop if there's another file name */
/* now we add the multiple files section */
if(multi_start) {
struct curl_forms *forms = NULL;
struct multi_files *ptr = multi_start;
unsigned int i, count = 0;
while(ptr) {
ptr = ptr->next;
++count;
}
forms = malloc((count+1)*sizeof(struct curl_forms));
if(!forms) {
fprintf(config->errors, "Error building form post!\n");
Curl_safefree(contents);
FreeMultiInfo(&multi_start, &multi_current);
return 4;
}
for(i = 0, ptr = multi_start; i < count; ++i, ptr = ptr->next) {
forms[i].option = ptr->form.option;
forms[i].value = ptr->form.value;
}
forms[count].option = CURLFORM_END;
FreeMultiInfo(&multi_start, &multi_current);
if(curl_formadd(httppost, last_post,
CURLFORM_COPYNAME, name,
CURLFORM_ARRAY, forms, CURLFORM_END) != 0) {
warnf(config, "curl_formadd failed!\n");
Curl_safefree(forms);
Curl_safefree(contents);
return 5;
}
Curl_safefree(forms);
}
}
else {
struct curl_forms info[4];
int i = 0;
char *ct = literal_value ? NULL : strstr(contp, ";type=");
info[i].option = CURLFORM_COPYNAME;
info[i].value = name;
i++;
if(ct) {
info[i].option = CURLFORM_CONTENTTYPE;
info[i].value = &ct[6];
i++;
ct[0] = '\0'; /* zero terminate here */
}
if(contp[0]=='<' && !literal_value) {
info[i].option = CURLFORM_FILECONTENT;
info[i].value = contp+1;
i++;
info[i].option = CURLFORM_END;
if(curl_formadd(httppost, last_post,
CURLFORM_ARRAY, info, CURLFORM_END ) != 0) {
warnf(config, "curl_formadd failed, possibly the file %s is bad!\n",
contp+1);
Curl_safefree(contents);
return 6;
}
}
else {
#ifdef CURL_DOES_CONVERSIONS
if(convert_to_network(contp, strlen(contp))) {
warnf(config, "curl_formadd failed!\n");
Curl_safefree(contents);
return 7;
}
#endif
info[i].option = CURLFORM_COPYCONTENTS;
info[i].value = contp;
i++;
info[i].option = CURLFORM_END;
if(curl_formadd(httppost, last_post,
CURLFORM_ARRAY, info, CURLFORM_END) != 0) {
warnf(config, "curl_formadd failed!\n");
Curl_safefree(contents);
return 8;
}
}
}
}
else {
warnf(config, "Illegally formatted input field!\n");
return 1;
}
Curl_safefree(contents);
return 0;
}
/*
* Output an HTTP MAC Authorization header.
*/
CURLcode Curl_output_mac(struct connectdata *conn,
bool proxy,
const unsigned char *request,
const unsigned char *uripath,
struct curl_oauth2_token *token)
{
/* Please refer to draft-ietf-oauth-v2-http-mac for all the juicy
details about HTTP MAC construction. */
struct timeval now;
char ts[12];
char nonce[33];
long nonceval = 0;
size_t noncesz = 0;
char *nreq = NULL;
char **allocuserpwd;
struct auth *authp;
struct SessionHandle *data = conn->data;
const char *hosthdr = NULL, *hosthdrp1 = NULL, *hosthdrp2 = NULL;
char *hostname = NULL;
unsigned long port = 0;
const char *ext = data->set.str[STRING_HTTP_MAC_EXT];
bool extprovided = (ext != 0);
char *extinfo;
const HMAC_params *params;
HMAC_context *ctxt;
char digest[32]; /* The max of result_len is enough. */
char *mac = NULL;
size_t macsz = 0;
CURLcode rc;
/* The CURL_OUTPUT_MAC_CONV macro below is for non-ASCII machines.
It converts digest text to ASCII so the MAC will be correct for
what ultimately goes over the network.
*/
#define CURL_OUTPUT_MAC_CONV(a, b) \
rc = Curl_convert_to_network(a, (char *)b, strlen((const char*)b)); \
if(rc != CURLE_OK) { \
free(b); \
goto cleanup; \
}
/* Check that we have the proper kind of token. */
if(token->token_type != CURL_OAUTH2_TOKEN_TYPE_MAC) {
return CURLE_OAUTH2_TOKEN_MALFORMAT;
}
/* Select the right Authorization field to fill in depending on
whether we're talking to a proxy or the remote host. */
if(proxy) {
allocuserpwd = &conn->allocptr.proxyuserpwd;
authp = &data->state.authproxy;
}
else {
allocuserpwd = &conn->allocptr.userpwd;
authp = &data->state.authhost;
}
if(*allocuserpwd) {
Curl_safefree(*allocuserpwd);
*allocuserpwd = NULL;
}
authp->done = TRUE;
/* Generate a timestamp from a monotically increasing source whose
origin does not change. */
now = curlx_tvgettimeofday();
#ifdef DELTA_EPOCH_IN_SECS
now.tv_sec -= DELTA_EPOCH_IN_SECS;
#endif
snprintf(ts, sizeof(ts) - 1, "%ld", (long)now.tv_sec);
ts[sizeof(ts) - 1] = '\0';
/* Generate a nonce that is unique for that timestamp */
nonceval = (long)now.tv_sec + now.tv_usec;
for(noncesz = 0; nonceval && noncesz < sizeof(nonce) - 1; ++noncesz) {
int base = "\x08\x10\x0a\x1a"[noncesz % 4];
nonce[noncesz] = "0123456789abcdefghijklmnopqrstuvwxyz"[nonceval % base];
nonceval /= base;
}
nonce[noncesz] = '\0';
/* Find hostname and port in headers, do not use the connection data. */
hosthdr = conn->allocptr.host;
if(!hosthdr) {
hosthdr = Curl_checkheaders(data, "Host:");
}
if(!hosthdr) {
rc = CURLE_HTTP_MAC_INVALID_HOST;
goto cleanup;
}
/* Copy the hostname port of the Host header. */
for(hosthdrp1 = hosthdr + 5; *hosthdrp1 && ISSPACE(*hosthdrp1); ++hosthdrp1);
for(hosthdrp2 = hosthdrp1; *hosthdrp2 && *hosthdrp2 != ':'
&& !ISSPACE(*hosthdrp2); ++hosthdrp2);
if(hosthdrp2 - hosthdrp1 == 0) {
rc = CURLE_HTTP_MAC_INVALID_HOST;
goto cleanup;
}
hostname = calloc(1, hosthdrp2 - hosthdrp1 + 1);
if(!hostname) {
rc = CURLE_OUT_OF_MEMORY;
goto cleanup;
}
strncpy(hostname, hosthdrp1, hosthdrp2 - hosthdrp1);
/* Check for a port in the Host header, and if we find it makes sure that
it is well formed. If not, take the connection's port. */
for(hosthdrp1 = hosthdrp2 = (hosthdrp2 + (*hosthdrp2 ? 1 : 0));
*hosthdrp2 && ISDIGIT(*hosthdrp2); ++hosthdrp2);
if(hosthdrp2 - hosthdrp1) {
char *rest;
port = strtoul(hosthdrp1, &rest, 10); /* Must be decimal */
if(rest != (hosthdrp1 + 1) && !*rest) {
if(port > 0xffff) { /* Single unix standard says port numbers are
* 16 bits long */
rc = CURLE_HTTP_MAC_INVALID_HOST;
goto cleanup;
}
}
}
else {
port = conn->remote_port;
}
/* Any non-space character found in the Host field after the hostname
and port makes that header invalid. */
for(; *hosthdrp2 && ISSPACE(*hosthdrp2); ++hosthdrp2);
if(*hosthdrp2) {
rc = CURLE_HTTP_MAC_INVALID_HOST;
goto cleanup;
}
/* Now generate the normalized request. See the I-D for details of the
fields that get into there. All fields are separated by a newline
defined as %0a (ASCII 10). If an "ext" field was not provided,
include an empty one. */
if(!ext) {
ext = "";
}
nreq = aprintf("%s\x0a%s\x0a%s\x0a%s\x0a%s\x0a%lu\x0a%s\x0a",
ts,
nonce,
request,
uripath,
hostname,
port,
ext);
if(!nreq) {
rc = CURLE_OUT_OF_MEMORY;
goto cleanup;
}
CURL_OUTPUT_MAC_CONV(data, nreq);
/* Pick appropriate parameters to run the HMAC on the normalized
request. */
switch (token->mac_token.mac_algo) {
case CURL_OAUTH2_MAC_ALGO_HMAC_SHA1:
params = Curl_HMAC_SHA1;
break;
case CURL_OAUTH2_MAC_ALGO_HMAC_SHA256:
params = Curl_HMAC_SHA256;
break;
default:
rc = CURLE_OAUTH2_TOKEN_MALFORMAT;
goto cleanup;
}
/* Compute the MAC using the MAC token key. */
ctxt = Curl_HMAC_init(params,
(const unsigned char *)token->mac_token.mac_key,
curlx_uztoui(strlen(token->mac_token.mac_key)));
if(!ctxt) {
rc = CURLE_OUT_OF_MEMORY;
goto cleanup;
}
/* Update the MAC with the normalized request. */
Curl_HMAC_update(ctxt, (const unsigned char *)nreq,
curlx_uztoui(strlen(nreq)));
/* Finalise the MAC */
Curl_HMAC_final(ctxt, (unsigned char *)digest);
/* Base64-encode the mac to produce the request MAC. */
rc = Curl_base64_encode(data, digest, (*params).hmac_resultlen,
&mac, &macsz);
if(rc)
goto cleanup;
/* Produce the Authorization header. The header contains the computed
MAC, of course, but also all the other information needed by a server
to run HMAC on the same normalized request. The server uses the same
MAC secret and algorithm since the client and server both have a copy
of the MAC token (identified here by the "id" field).
We omit the "ext" field if it was not given to us. We always put it
there if it was provided, even if it's empty. */
if(extprovided) {
extinfo = aprintf("ext=\"%s\", ", ext);
}
else {
extinfo = "";
}
*allocuserpwd =
aprintf( "Authorization: MAC "
"id=\"%s\", "
"ts=\"%s\", "
"nonce=\"%s\", "
"%s"
"mac=\"%s\"\n", token->access_token, ts, nonce, extinfo, mac);
if(!*allocuserpwd) {
rc = CURLE_OUT_OF_MEMORY;
goto cleanup;
}
CURL_OUTPUT_MAC_CONV(data, allocuserpwd);
rc = CURLE_OK;
/* Cleanup allocated memory. */
cleanup:
if(extprovided) Curl_safefree(extinfo);
Curl_safefree(mac);
Curl_safefree(hostname);
Curl_safefree(nreq);
return rc;
}
int Curl_schannel_shutdown(struct connectdata *conn, int sockindex)
{
/* See http://msdn.microsoft.com/en-us/library/windows/desktop/aa380138.aspx
* Shutting Down an Schannel Connection
*/
struct SessionHandle *data = conn->data;
struct ssl_connect_data *connssl = &conn->ssl[sockindex];
infof(data, "schannel: shutting down SSL/TLS connection with %s port %hu\n",
conn->host.name, conn->remote_port);
if(connssl->ctxt) {
SecBufferDesc BuffDesc;
SecBuffer Buffer;
SECURITY_STATUS sspi_status;
SecBuffer outbuf;
SecBufferDesc outbuf_desc;
CURLcode code;
TCHAR *host_name;
DWORD dwshut = SCHANNEL_SHUTDOWN;
InitSecBuffer(&Buffer, SECBUFFER_TOKEN, &dwshut, sizeof(dwshut));
InitSecBufferDesc(&BuffDesc, &Buffer, 1);
sspi_status = s_pSecFn->ApplyControlToken(&connssl->ctxt->ctxt_handle,
&BuffDesc);
if(sspi_status != SEC_E_OK)
failf(data, "schannel: ApplyControlToken failure: %s",
Curl_sspi_strerror(conn, sspi_status));
#ifdef UNICODE
host_name = Curl_convert_UTF8_to_wchar(conn->host.name);
if(!host_name)
return CURLE_OUT_OF_MEMORY;
#else
host_name = conn->host.name;
#endif
/* setup output buffer */
InitSecBuffer(&outbuf, SECBUFFER_EMPTY, NULL, 0);
InitSecBufferDesc(&outbuf_desc, &outbuf, 1);
sspi_status = s_pSecFn->InitializeSecurityContext(
&connssl->cred->cred_handle,
&connssl->ctxt->ctxt_handle,
host_name,
connssl->req_flags,
0,
0,
NULL,
0,
&connssl->ctxt->ctxt_handle,
&outbuf_desc,
&connssl->ret_flags,
&connssl->ctxt->time_stamp);
#ifdef UNICODE
Curl_safefree(host_name);
#endif
if((sspi_status == SEC_E_OK) || (sspi_status == SEC_I_CONTEXT_EXPIRED)) {
/* send close message which is in output buffer */
ssize_t written;
code = Curl_write_plain(conn, conn->sock[sockindex], outbuf.pvBuffer,
outbuf.cbBuffer, &written);
s_pSecFn->FreeContextBuffer(outbuf.pvBuffer);
if((code != CURLE_OK) || (outbuf.cbBuffer != (size_t)written)) {
infof(data, "schannel: failed to send close msg: %s"
" (bytes written: %zd)\n", curl_easy_strerror(code), written);
}
}
/* free SSPI Schannel API security context handle */
if(connssl->ctxt) {
s_pSecFn->DeleteSecurityContext(&connssl->ctxt->ctxt_handle);
Curl_safefree(connssl->ctxt);
}
}
/* free internal buffer for received encrypted data */
if(connssl->encdata_buffer != NULL) {
Curl_safefree(connssl->encdata_buffer);
connssl->encdata_length = 0;
connssl->encdata_offset = 0;
}
/* free internal buffer for received decrypted data */
if(connssl->decdata_buffer != NULL) {
Curl_safefree(connssl->decdata_buffer);
connssl->decdata_length = 0;
connssl->decdata_offset = 0;
}
return CURLE_OK;
}
/*
* Curl_sasl_create_digest_md5_message()
*
* This is used to generate an already encoded DIGEST-MD5 response message
* ready for sending to the recipient.
*
* Parameters:
*
* data [in] - The session handle.
* chlg64 [in] - Pointer to the base64 encoded challenge message.
* userp [in] - The user name.
* passdwp [in] - The user's password.
* service [in] - The service type such as www, smtp, pop or imap.
* outptr [in/out] - The address where a pointer to newly allocated memory
* holding the result will be stored upon completion.
* outlen [out] - The length of the output message.
*
* Returns CURLE_OK on success.
*/
CURLcode Curl_sasl_create_digest_md5_message(struct SessionHandle *data,
const char *chlg64,
const char *userp,
const char *passwdp,
const char *service,
char **outptr, size_t *outlen)
{
CURLcode result = CURLE_OK;
TCHAR *spn = NULL;
size_t chlglen = 0;
size_t token_max = 0;
unsigned char *input_token = NULL;
unsigned char *output_token = NULL;
CredHandle credentials;
CtxtHandle context;
PSecPkgInfo SecurityPackage;
SEC_WINNT_AUTH_IDENTITY identity;
SEC_WINNT_AUTH_IDENTITY *p_identity;
SecBuffer chlg_buf;
SecBuffer resp_buf;
SecBufferDesc chlg_desc;
SecBufferDesc resp_desc;
SECURITY_STATUS status;
unsigned long attrs;
TimeStamp expiry; /* For Windows 9x compatibility of SSPI calls */
/* Decode the base-64 encoded challenge message */
if(strlen(chlg64) && *chlg64 != '=') {
result = Curl_base64_decode(chlg64, &input_token, &chlglen);
if(result)
return result;
}
/* Ensure we have a valid challenge message */
if(!input_token)
return CURLE_BAD_CONTENT_ENCODING;
/* Query the security package for DigestSSP */
status = s_pSecFn->QuerySecurityPackageInfo((TCHAR *) TEXT(SP_NAME_DIGEST),
&SecurityPackage);
if(status != SEC_E_OK) {
Curl_safefree(input_token);
return CURLE_NOT_BUILT_IN;
}
token_max = SecurityPackage->cbMaxToken;
/* Release the package buffer as it is not required anymore */
s_pSecFn->FreeContextBuffer(SecurityPackage);
/* Allocate our response buffer */
output_token = malloc(token_max);
if(!output_token) {
Curl_safefree(input_token);
return CURLE_OUT_OF_MEMORY;
}
/* Generate our SPN */
spn = Curl_sasl_build_spn(service, data->easy_conn->host.name);
if(!spn) {
Curl_safefree(output_token);
Curl_safefree(input_token);
return CURLE_OUT_OF_MEMORY;
}
if(userp && *userp) {
/* Populate our identity structure */
result = Curl_create_sspi_identity(userp, passwdp, &identity);
if(result) {
Curl_safefree(spn);
Curl_safefree(output_token);
Curl_safefree(input_token);
return result;
}
/* Allow proper cleanup of the identity structure */
p_identity = &identity;
}
else
/* Use the current Windows user */
p_identity = NULL;
/* Acquire our credentials handle */
status = s_pSecFn->AcquireCredentialsHandle(NULL,
(TCHAR *) TEXT(SP_NAME_DIGEST),
SECPKG_CRED_OUTBOUND, NULL,
p_identity, NULL, NULL,
&credentials, &expiry);
if(status != SEC_E_OK) {
Curl_sspi_free_identity(p_identity);
Curl_safefree(spn);
Curl_safefree(output_token);
Curl_safefree(input_token);
return CURLE_LOGIN_DENIED;
}
/* Setup the challenge "input" security buffer */
chlg_desc.ulVersion = SECBUFFER_VERSION;
chlg_desc.cBuffers = 1;
chlg_desc.pBuffers = &chlg_buf;
chlg_buf.BufferType = SECBUFFER_TOKEN;
chlg_buf.pvBuffer = input_token;
chlg_buf.cbBuffer = curlx_uztoul(chlglen);
/* Setup the response "output" security buffer */
resp_desc.ulVersion = SECBUFFER_VERSION;
resp_desc.cBuffers = 1;
resp_desc.pBuffers = &resp_buf;
resp_buf.BufferType = SECBUFFER_TOKEN;
resp_buf.pvBuffer = output_token;
resp_buf.cbBuffer = curlx_uztoul(token_max);
/* Generate our response message */
status = s_pSecFn->InitializeSecurityContext(&credentials, NULL, spn,
0, 0, 0, &chlg_desc, 0,
&context, &resp_desc, &attrs,
&expiry);
if(status == SEC_I_COMPLETE_NEEDED ||
status == SEC_I_COMPLETE_AND_CONTINUE)
s_pSecFn->CompleteAuthToken(&credentials, &resp_desc);
else if(status != SEC_E_OK && status != SEC_I_CONTINUE_NEEDED) {
s_pSecFn->FreeCredentialsHandle(&credentials);
Curl_sspi_free_identity(p_identity);
Curl_safefree(spn);
Curl_safefree(output_token);
Curl_safefree(input_token);
return CURLE_RECV_ERROR;
}
/* Base64 encode the response */
result = Curl_base64_encode(data, (char *) output_token, resp_buf.cbBuffer,
outptr, outlen);
/* Free our handles */
s_pSecFn->DeleteSecurityContext(&context);
s_pSecFn->FreeCredentialsHandle(&credentials);
/* Free the identity structure */
Curl_sspi_free_identity(p_identity);
/* Free the SPN */
Curl_safefree(spn);
/* Free the response buffer */
Curl_safefree(output_token);
/* Free the decoded challenge message */
Curl_safefree(input_token);
return result;
}
static CURLcode
schannel_connect_step1(struct connectdata *conn, int sockindex)
{
ssize_t written = -1;
struct SessionHandle *data = conn->data;
struct ssl_connect_data *connssl = &conn->ssl[sockindex];
SecBuffer outbuf;
SecBufferDesc outbuf_desc;
SCHANNEL_CRED schannel_cred;
SECURITY_STATUS sspi_status = SEC_E_OK;
struct curl_schannel_cred *old_cred = NULL;
struct in_addr addr;
#ifdef ENABLE_IPV6
struct in6_addr addr6;
#endif
TCHAR *host_name;
CURLcode code;
infof(data, "schannel: SSL/TLS connection with %s port %hu (step 1/3)\n",
conn->host.name, conn->remote_port);
/* check for an existing re-usable credential handle */
if(!Curl_ssl_getsessionid(conn, (void**)&old_cred, NULL)) {
connssl->cred = old_cred;
infof(data, "schannel: re-using existing credential handle\n");
}
else {
/* setup Schannel API options */
memset(&schannel_cred, 0, sizeof(schannel_cred));
schannel_cred.dwVersion = SCHANNEL_CRED_VERSION;
if(data->set.ssl.verifypeer) {
#ifdef _WIN32_WCE
/* certificate validation on CE doesn't seem to work right; we'll
do it following a more manual process. */
schannel_cred.dwFlags = SCH_CRED_MANUAL_CRED_VALIDATION |
SCH_CRED_IGNORE_NO_REVOCATION_CHECK |
SCH_CRED_IGNORE_REVOCATION_OFFLINE;
#else
schannel_cred.dwFlags = SCH_CRED_AUTO_CRED_VALIDATION |
SCH_CRED_REVOCATION_CHECK_CHAIN;
#endif
infof(data, "schannel: checking server certificate revocation\n");
}
else {
schannel_cred.dwFlags = SCH_CRED_MANUAL_CRED_VALIDATION |
SCH_CRED_IGNORE_NO_REVOCATION_CHECK |
SCH_CRED_IGNORE_REVOCATION_OFFLINE;
infof(data, "schannel: disable server certificate revocation checks\n");
}
if(Curl_inet_pton(AF_INET, conn->host.name, &addr) ||
#ifdef ENABLE_IPV6
Curl_inet_pton(AF_INET6, conn->host.name, &addr6) ||
#endif
data->set.ssl.verifyhost < 2) {
schannel_cred.dwFlags |= SCH_CRED_NO_SERVERNAME_CHECK;
infof(data, "schannel: using IP address, disable SNI servername "
"check\n");
}
switch(data->set.ssl.version) {
case CURL_SSLVERSION_TLSv1:
schannel_cred.grbitEnabledProtocols = SP_PROT_TLS1_0_CLIENT |
SP_PROT_TLS1_1_CLIENT |
SP_PROT_TLS1_2_CLIENT;
break;
case CURL_SSLVERSION_SSLv3:
schannel_cred.grbitEnabledProtocols = SP_PROT_SSL3_CLIENT;
break;
case CURL_SSLVERSION_SSLv2:
schannel_cred.grbitEnabledProtocols = SP_PROT_SSL2_CLIENT;
break;
}
/* allocate memory for the re-usable credential handle */
connssl->cred = malloc(sizeof(struct curl_schannel_cred));
if(!connssl->cred) {
failf(data, "schannel: unable to allocate memory");
return CURLE_OUT_OF_MEMORY;
}
memset(connssl->cred, 0, sizeof(struct curl_schannel_cred));
/* http://msdn.microsoft.com/en-us/library/windows/desktop/aa374716.aspx */
sspi_status = s_pSecFn->AcquireCredentialsHandle(NULL, (void *)UNISP_NAME,
SECPKG_CRED_OUTBOUND, NULL, &schannel_cred, NULL, NULL,
&connssl->cred->cred_handle, &connssl->cred->time_stamp);
if(sspi_status != SEC_E_OK) {
if(sspi_status == SEC_E_WRONG_PRINCIPAL)
failf(data, "schannel: SNI or certificate check failed: %s",
Curl_sspi_strerror(conn, sspi_status));
else
failf(data, "schannel: AcquireCredentialsHandle failed: %s",
Curl_sspi_strerror(conn, sspi_status));
Curl_safefree(connssl->cred);
return CURLE_SSL_CONNECT_ERROR;
}
}
/* setup output buffer */
InitSecBuffer(&outbuf, SECBUFFER_EMPTY, NULL, 0);
InitSecBufferDesc(&outbuf_desc, &outbuf, 1);
/* setup request flags */
connssl->req_flags = ISC_REQ_SEQUENCE_DETECT | ISC_REQ_REPLAY_DETECT |
ISC_REQ_CONFIDENTIALITY | ISC_REQ_EXTENDED_ERROR |
ISC_REQ_ALLOCATE_MEMORY | ISC_REQ_STREAM;
/* allocate memory for the security context handle */
connssl->ctxt = malloc(sizeof(struct curl_schannel_ctxt));
if(!connssl->ctxt) {
failf(data, "schannel: unable to allocate memory");
return CURLE_OUT_OF_MEMORY;
}
memset(connssl->ctxt, 0, sizeof(struct curl_schannel_ctxt));
#ifdef UNICODE
host_name = Curl_convert_UTF8_to_wchar(conn->host.name);
if(!host_name)
return CURLE_OUT_OF_MEMORY;
#else
host_name = conn->host.name;
#endif
/* http://msdn.microsoft.com/en-us/library/windows/desktop/aa375924.aspx */
sspi_status = s_pSecFn->InitializeSecurityContext(
&connssl->cred->cred_handle, NULL, host_name,
connssl->req_flags, 0, 0, NULL, 0, &connssl->ctxt->ctxt_handle,
&outbuf_desc, &connssl->ret_flags, &connssl->ctxt->time_stamp);
#ifdef UNICODE
Curl_safefree(host_name);
#endif
if(sspi_status != SEC_I_CONTINUE_NEEDED) {
if(sspi_status == SEC_E_WRONG_PRINCIPAL)
failf(data, "schannel: SNI or certificate check failed: %s",
Curl_sspi_strerror(conn, sspi_status));
else
failf(data, "schannel: initial InitializeSecurityContext failed: %s",
Curl_sspi_strerror(conn, sspi_status));
Curl_safefree(connssl->ctxt);
return CURLE_SSL_CONNECT_ERROR;
}
infof(data, "schannel: sending initial handshake data: "
"sending %lu bytes...\n", outbuf.cbBuffer);
/* send initial handshake data which is now stored in output buffer */
code = Curl_write_plain(conn, conn->sock[sockindex], outbuf.pvBuffer,
outbuf.cbBuffer, &written);
s_pSecFn->FreeContextBuffer(outbuf.pvBuffer);
if((code != CURLE_OK) || (outbuf.cbBuffer != (size_t)written)) {
failf(data, "schannel: failed to send initial handshake data: "
"sent %zd of %lu bytes", written, outbuf.cbBuffer);
return CURLE_SSL_CONNECT_ERROR;
}
infof(data, "schannel: sent initial handshake data: "
"sent %zd bytes\n", written);
/* continue to second handshake step */
connssl->connecting_state = ssl_connect_2;
return CURLE_OK;
}
/*
* Curl_sasl_create_gssapi_user_message()
*
* This is used to generate an already encoded GSSAPI (Kerberos V5) user token
* message ready for sending to the recipient.
*
* Parameters:
*
* data [in] - The session handle.
* userp [in] - The user name.
* passdwp [in] - The user's password.
* service [in] - The service type such as www, smtp, pop or imap.
* mutual_auth [in] - Flag specifing whether or not mutual authentication
* is enabled.
* chlg64 [in] - Pointer to the optional base64 encoded challenge
* message.
* krb5 [in/out] - The gssapi data struct being used and modified.
* outptr [in/out] - The address where a pointer to newly allocated memory
* holding the result will be stored upon completion.
* outlen [out] - The length of the output message.
*
* Returns CURLE_OK on success.
*/
CURLcode Curl_sasl_create_gssapi_user_message(struct SessionHandle *data,
const char *userp,
const char *passwdp,
const char *service,
const bool mutual_auth,
const char *chlg64,
struct kerberos5data *krb5,
char **outptr, size_t *outlen)
{
CURLcode result = CURLE_OK;
size_t chlglen = 0;
unsigned char *chlg = NULL;
CtxtHandle context;
PSecPkgInfo SecurityPackage;
SecBuffer chlg_buf;
SecBuffer resp_buf;
SecBufferDesc chlg_desc;
SecBufferDesc resp_desc;
SECURITY_STATUS status;
unsigned long attrs;
TimeStamp expiry; /* For Windows 9x compatibility of SSPI calls */
if(!krb5->credentials) {
/* Query the security package for Kerberos */
status = s_pSecFn->QuerySecurityPackageInfo((TCHAR *)
TEXT(SP_NAME_KERBEROS),
&SecurityPackage);
if(status != SEC_E_OK) {
return CURLE_NOT_BUILT_IN;
}
krb5->token_max = SecurityPackage->cbMaxToken;
/* Release the package buffer as it is not required anymore */
s_pSecFn->FreeContextBuffer(SecurityPackage);
/* Allocate our response buffer */
krb5->output_token = malloc(krb5->token_max);
if(!krb5->output_token)
return CURLE_OUT_OF_MEMORY;
/* Generate our SPN */
krb5->spn = Curl_sasl_build_spn(service, data->easy_conn->host.name);
if(!krb5->spn)
return CURLE_OUT_OF_MEMORY;
if(userp && *userp) {
/* Populate our identity structure */
result = Curl_create_sspi_identity(userp, passwdp, &krb5->identity);
if(result)
return result;
/* Allow proper cleanup of the identity structure */
krb5->p_identity = &krb5->identity;
}
else
/* Use the current Windows user */
krb5->p_identity = NULL;
/* Allocate our credentials handle */
krb5->credentials = malloc(sizeof(CredHandle));
if(!krb5->credentials)
return CURLE_OUT_OF_MEMORY;
memset(krb5->credentials, 0, sizeof(CredHandle));
/* Acquire our credentials handle */
status = s_pSecFn->AcquireCredentialsHandle(NULL,
(TCHAR *)
TEXT(SP_NAME_KERBEROS),
SECPKG_CRED_OUTBOUND, NULL,
krb5->p_identity, NULL, NULL,
krb5->credentials, &expiry);
if(status != SEC_E_OK)
return CURLE_LOGIN_DENIED;
/* Allocate our new context handle */
krb5->context = malloc(sizeof(CtxtHandle));
if(!krb5->context)
return CURLE_OUT_OF_MEMORY;
memset(krb5->context, 0, sizeof(CtxtHandle));
}
else {
/* Decode the base-64 encoded challenge message */
if(strlen(chlg64) && *chlg64 != '=') {
result = Curl_base64_decode(chlg64, &chlg, &chlglen);
if(result)
return result;
}
/* Ensure we have a valid challenge message */
if(!chlg)
return CURLE_BAD_CONTENT_ENCODING;
/* Setup the challenge "input" security buffer */
chlg_desc.ulVersion = SECBUFFER_VERSION;
chlg_desc.cBuffers = 1;
chlg_desc.pBuffers = &chlg_buf;
chlg_buf.BufferType = SECBUFFER_TOKEN;
chlg_buf.pvBuffer = chlg;
chlg_buf.cbBuffer = curlx_uztoul(chlglen);
}
/* Setup the response "output" security buffer */
resp_desc.ulVersion = SECBUFFER_VERSION;
resp_desc.cBuffers = 1;
resp_desc.pBuffers = &resp_buf;
resp_buf.BufferType = SECBUFFER_TOKEN;
resp_buf.pvBuffer = krb5->output_token;
resp_buf.cbBuffer = curlx_uztoul(krb5->token_max);
/* Generate our challenge-response message */
status = s_pSecFn->InitializeSecurityContext(krb5->credentials,
chlg ? krb5->context : NULL,
krb5->spn,
(mutual_auth ?
ISC_REQ_MUTUAL_AUTH : 0),
0, SECURITY_NATIVE_DREP,
chlg ? &chlg_desc : NULL, 0,
&context,
&resp_desc, &attrs,
&expiry);
if(status != SEC_E_OK && status != SEC_I_CONTINUE_NEEDED) {
Curl_safefree(chlg);
return CURLE_RECV_ERROR;
}
if(memcmp(&context, krb5->context, sizeof(context))) {
s_pSecFn->DeleteSecurityContext(krb5->context);
memcpy(krb5->context, &context, sizeof(context));
}
if(resp_buf.cbBuffer) {
/* Base64 encode the response */
result = Curl_base64_encode(data, (char *)resp_buf.pvBuffer,
resp_buf.cbBuffer, outptr, outlen);
}
/* Free the decoded challenge */
Curl_safefree(chlg);
return result;
}
static CURLcode smtp_authenticate(struct connectdata *conn)
{
CURLcode result = CURLE_OK;
struct smtp_conn *smtpc = &conn->proto.smtpc;
char * initresp;
const char * mech;
size_t l;
smtpstate state1;
smtpstate state2;
if(!conn->bits.user_passwd)
state(conn, SMTP_STOP); /* End of connect phase. */
else {
initresp = (char *) NULL;
l = 1;
/* Check supported authentication mechanisms by decreasing order of
preference. */
mech = (const char *) NULL; /* Avoid compiler warnings. */
state1 = SMTP_STOP;
state2 = SMTP_STOP;
#ifndef CURL_DISABLE_CRYPTO_AUTH
if(smtpc->authmechs & SMTP_AUTH_CRAM_MD5) {
mech = "CRAM-MD5";
state1 = SMTP_AUTHCRAM;
}
else
#endif
if(smtpc->authmechs & SMTP_AUTH_PLAIN) {
mech = "PLAIN";
state1 = SMTP_AUTHPLAIN;
state2 = SMTP_AUTH;
l = smtp_auth_plain_data(conn, &initresp);
}
else if(smtpc->authmechs & SMTP_AUTH_LOGIN) {
mech = "LOGIN";
state1 = SMTP_AUTHLOGIN;
state2 = SMTP_AUTHPASSWD;
l = smtp_auth_login_user(conn, &initresp);
}
else {
infof(conn->data, "No known auth mechanisms supported!\n");
result = CURLE_LOGIN_DENIED; /* Other mechanisms not supported. */
}
if(!result) {
if(!l)
result = CURLE_OUT_OF_MEMORY;
else if(initresp &&
l + strlen(mech) <= 512 - 8) { /* AUTH <mech> ...<crlf> */
result = Curl_pp_sendf(&smtpc->pp, "AUTH %s %s", mech, initresp);
free(initresp);
if(!result)
state(conn, state2);
}
else {
Curl_safefree(initresp);
result = Curl_pp_sendf(&smtpc->pp, "AUTH %s", mech);
if(!result)
state(conn, state1);
}
}
}
return result;
}
