socks_sspi.c: further cleanup
This commit is contained in:
Yang Tse
parent
38f05cea46
commit
1e8e6057ea
@ -76,7 +76,7 @@ CURLcode Curl_SOCKS5_gssapi_negotiate(int sockindex,
|
|||||||
ssize_t written;
|
ssize_t written;
|
||||||
int result;
|
int result;
|
||||||
/* Needs GSSAPI authentication */
|
/* Needs GSSAPI authentication */
|
||||||
SECURITY_STATUS sspi_status;
|
SECURITY_STATUS status;
|
||||||
unsigned long sspi_ret_flags = 0;
|
unsigned long sspi_ret_flags = 0;
|
||||||
int gss_enc;
|
int gss_enc;
|
||||||
SecBuffer sspi_send_token, sspi_recv_token, sspi_w_token[3];
|
SecBuffer sspi_send_token, sspi_recv_token, sspi_w_token[3];
|
||||||
@ -139,7 +139,7 @@ CURLcode Curl_SOCKS5_gssapi_negotiate(int sockindex,
|
|||||||
cred_handle.dwLower = 0;
|
cred_handle.dwLower = 0;
|
||||||
cred_handle.dwUpper = 0;
|
cred_handle.dwUpper = 0;
|
||||||
|
|
||||||
sspi_status = s_pSecFn->AcquireCredentialsHandleA( NULL,
|
status = s_pSecFn->AcquireCredentialsHandleA(NULL,
|
||||||
(char *)"Kerberos",
|
(char *)"Kerberos",
|
||||||
SECPKG_CRED_OUTBOUND,
|
SECPKG_CRED_OUTBOUND,
|
||||||
NULL,
|
NULL,
|
||||||
@ -149,10 +149,9 @@ CURLcode Curl_SOCKS5_gssapi_negotiate(int sockindex,
|
|||||||
&cred_handle,
|
&cred_handle,
|
||||||
&expiry);
|
&expiry);
|
||||||
|
|
||||||
if(check_sspi_err(conn, sspi_status, "AcquireCredentialsHandleA")) {
|
if(check_sspi_err(conn, status, "AcquireCredentialsHandleA")) {
|
||||||
failf(data, "Failed to acquire credentials.");
|
failf(data, "Failed to acquire credentials.");
|
||||||
free(service_name);
|
Curl_safefree(service_name);
|
||||||
service_name=NULL;
|
|
||||||
s_pSecFn->FreeCredentialsHandle(&cred_handle);
|
s_pSecFn->FreeCredentialsHandle(&cred_handle);
|
||||||
return CURLE_COULDNT_CONNECT;
|
return CURLE_COULDNT_CONNECT;
|
||||||
}
|
}
|
||||||
@ -161,8 +160,7 @@ CURLcode Curl_SOCKS5_gssapi_negotiate(int sockindex,
|
|||||||
/* errors, keep sending it... */
|
/* errors, keep sending it... */
|
||||||
for(;;) {
|
for(;;) {
|
||||||
|
|
||||||
sspi_status = s_pSecFn->InitializeSecurityContextA(
|
status = s_pSecFn->InitializeSecurityContextA(&cred_handle,
|
||||||
&cred_handle,
|
|
||||||
context_handle,
|
context_handle,
|
||||||
service_name,
|
service_name,
|
||||||
ISC_REQ_MUTUAL_AUTH |
|
ISC_REQ_MUTUAL_AUTH |
|
||||||
@ -184,9 +182,8 @@ CURLcode Curl_SOCKS5_gssapi_negotiate(int sockindex,
|
|||||||
sspi_recv_token.cbBuffer = 0;
|
sspi_recv_token.cbBuffer = 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
if(check_sspi_err(conn, sspi_status, "InitializeSecurityContextA")) {
|
if(check_sspi_err(conn, status, "InitializeSecurityContextA")) {
|
||||||
free(service_name);
|
Curl_safefree(service_name);
|
||||||
service_name=NULL;
|
|
||||||
s_pSecFn->FreeCredentialsHandle(&cred_handle);
|
s_pSecFn->FreeCredentialsHandle(&cred_handle);
|
||||||
s_pSecFn->DeleteSecurityContext(&sspi_context);
|
s_pSecFn->DeleteSecurityContext(&sspi_context);
|
||||||
s_pSecFn->FreeContextBuffer(sspi_recv_token.pvBuffer);
|
s_pSecFn->FreeContextBuffer(sspi_recv_token.pvBuffer);
|
||||||
@ -203,8 +200,7 @@ CURLcode Curl_SOCKS5_gssapi_negotiate(int sockindex,
|
|||||||
code = Curl_write_plain(conn, sock, (char *)socksreq, 4, &written);
|
code = Curl_write_plain(conn, sock, (char *)socksreq, 4, &written);
|
||||||
if((code != CURLE_OK) || (4 != written)) {
|
if((code != CURLE_OK) || (4 != written)) {
|
||||||
failf(data, "Failed to send SSPI authentication request.");
|
failf(data, "Failed to send SSPI authentication request.");
|
||||||
free(service_name);
|
Curl_safefree(service_name);
|
||||||
service_name=NULL;
|
|
||||||
s_pSecFn->FreeContextBuffer(sspi_send_token.pvBuffer);
|
s_pSecFn->FreeContextBuffer(sspi_send_token.pvBuffer);
|
||||||
s_pSecFn->FreeContextBuffer(sspi_recv_token.pvBuffer);
|
s_pSecFn->FreeContextBuffer(sspi_recv_token.pvBuffer);
|
||||||
s_pSecFn->FreeCredentialsHandle(&cred_handle);
|
s_pSecFn->FreeCredentialsHandle(&cred_handle);
|
||||||
@ -216,8 +212,7 @@ CURLcode Curl_SOCKS5_gssapi_negotiate(int sockindex,
|
|||||||
sspi_send_token.cbBuffer, &written);
|
sspi_send_token.cbBuffer, &written);
|
||||||
if((code != CURLE_OK) || (sspi_send_token.cbBuffer != (size_t)written)) {
|
if((code != CURLE_OK) || (sspi_send_token.cbBuffer != (size_t)written)) {
|
||||||
failf(data, "Failed to send SSPI authentication token.");
|
failf(data, "Failed to send SSPI authentication token.");
|
||||||
free(service_name);
|
Curl_safefree(service_name);
|
||||||
service_name=NULL;
|
|
||||||
s_pSecFn->FreeContextBuffer(sspi_send_token.pvBuffer);
|
s_pSecFn->FreeContextBuffer(sspi_send_token.pvBuffer);
|
||||||
s_pSecFn->FreeContextBuffer(sspi_recv_token.pvBuffer);
|
s_pSecFn->FreeContextBuffer(sspi_recv_token.pvBuffer);
|
||||||
s_pSecFn->FreeCredentialsHandle(&cred_handle);
|
s_pSecFn->FreeCredentialsHandle(&cred_handle);
|
||||||
@ -233,7 +228,8 @@ CURLcode Curl_SOCKS5_gssapi_negotiate(int sockindex,
|
|||||||
s_pSecFn->FreeContextBuffer(sspi_recv_token.pvBuffer);
|
s_pSecFn->FreeContextBuffer(sspi_recv_token.pvBuffer);
|
||||||
sspi_recv_token.pvBuffer = NULL;
|
sspi_recv_token.pvBuffer = NULL;
|
||||||
sspi_recv_token.cbBuffer = 0;
|
sspi_recv_token.cbBuffer = 0;
|
||||||
if(sspi_status != SEC_I_CONTINUE_NEEDED) break;
|
if(status != SEC_I_CONTINUE_NEEDED)
|
||||||
|
break;
|
||||||
|
|
||||||
/* analyse response */
|
/* analyse response */
|
||||||
|
|
||||||
@ -248,8 +244,7 @@ CURLcode Curl_SOCKS5_gssapi_negotiate(int sockindex,
|
|||||||
result = Curl_blockread_all(conn, sock, (char *)socksreq, 4, &actualread);
|
result = Curl_blockread_all(conn, sock, (char *)socksreq, 4, &actualread);
|
||||||
if(result != CURLE_OK || actualread != 4) {
|
if(result != CURLE_OK || actualread != 4) {
|
||||||
failf(data, "Failed to receive SSPI authentication response.");
|
failf(data, "Failed to receive SSPI authentication response.");
|
||||||
free(service_name);
|
Curl_safefree(service_name);
|
||||||
service_name=NULL;
|
|
||||||
s_pSecFn->FreeCredentialsHandle(&cred_handle);
|
s_pSecFn->FreeCredentialsHandle(&cred_handle);
|
||||||
s_pSecFn->DeleteSecurityContext(&sspi_context);
|
s_pSecFn->DeleteSecurityContext(&sspi_context);
|
||||||
return CURLE_COULDNT_CONNECT;
|
return CURLE_COULDNT_CONNECT;
|
||||||
@ -259,8 +254,7 @@ CURLcode Curl_SOCKS5_gssapi_negotiate(int sockindex,
|
|||||||
if(socksreq[1] == 255) { /* status / message type */
|
if(socksreq[1] == 255) { /* status / message type */
|
||||||
failf(data, "User was rejected by the SOCKS5 server (%d %d).",
|
failf(data, "User was rejected by the SOCKS5 server (%d %d).",
|
||||||
socksreq[0], socksreq[1]);
|
socksreq[0], socksreq[1]);
|
||||||
free(service_name);
|
Curl_safefree(service_name);
|
||||||
service_name=NULL;
|
|
||||||
s_pSecFn->FreeCredentialsHandle(&cred_handle);
|
s_pSecFn->FreeCredentialsHandle(&cred_handle);
|
||||||
s_pSecFn->DeleteSecurityContext(&sspi_context);
|
s_pSecFn->DeleteSecurityContext(&sspi_context);
|
||||||
return CURLE_COULDNT_CONNECT;
|
return CURLE_COULDNT_CONNECT;
|
||||||
@ -269,8 +263,7 @@ CURLcode Curl_SOCKS5_gssapi_negotiate(int sockindex,
|
|||||||
if(socksreq[1] != 1) { /* status / messgae type */
|
if(socksreq[1] != 1) { /* status / messgae type */
|
||||||
failf(data, "Invalid SSPI authentication response type (%d %d).",
|
failf(data, "Invalid SSPI authentication response type (%d %d).",
|
||||||
socksreq[0], socksreq[1]);
|
socksreq[0], socksreq[1]);
|
||||||
free(service_name);
|
Curl_safefree(service_name);
|
||||||
service_name=NULL;
|
|
||||||
s_pSecFn->FreeCredentialsHandle(&cred_handle);
|
s_pSecFn->FreeCredentialsHandle(&cred_handle);
|
||||||
s_pSecFn->DeleteSecurityContext(&sspi_context);
|
s_pSecFn->DeleteSecurityContext(&sspi_context);
|
||||||
return CURLE_COULDNT_CONNECT;
|
return CURLE_COULDNT_CONNECT;
|
||||||
@ -283,8 +276,7 @@ CURLcode Curl_SOCKS5_gssapi_negotiate(int sockindex,
|
|||||||
sspi_recv_token.pvBuffer = malloc(us_length);
|
sspi_recv_token.pvBuffer = malloc(us_length);
|
||||||
|
|
||||||
if(!sspi_recv_token.pvBuffer) {
|
if(!sspi_recv_token.pvBuffer) {
|
||||||
free(service_name);
|
Curl_safefree(service_name);
|
||||||
service_name=NULL;
|
|
||||||
s_pSecFn->FreeCredentialsHandle(&cred_handle);
|
s_pSecFn->FreeCredentialsHandle(&cred_handle);
|
||||||
s_pSecFn->DeleteSecurityContext(&sspi_context);
|
s_pSecFn->DeleteSecurityContext(&sspi_context);
|
||||||
return CURLE_OUT_OF_MEMORY;
|
return CURLE_OUT_OF_MEMORY;
|
||||||
@ -294,8 +286,7 @@ CURLcode Curl_SOCKS5_gssapi_negotiate(int sockindex,
|
|||||||
|
|
||||||
if(result != CURLE_OK || actualread != us_length) {
|
if(result != CURLE_OK || actualread != us_length) {
|
||||||
failf(data, "Failed to receive SSPI authentication token.");
|
failf(data, "Failed to receive SSPI authentication token.");
|
||||||
free(service_name);
|
Curl_safefree(service_name);
|
||||||
service_name=NULL;
|
|
||||||
s_pSecFn->FreeContextBuffer(sspi_recv_token.pvBuffer);
|
s_pSecFn->FreeContextBuffer(sspi_recv_token.pvBuffer);
|
||||||
s_pSecFn->FreeCredentialsHandle(&cred_handle);
|
s_pSecFn->FreeCredentialsHandle(&cred_handle);
|
||||||
s_pSecFn->DeleteSecurityContext(&sspi_context);
|
s_pSecFn->DeleteSecurityContext(&sspi_context);
|
||||||
@ -305,15 +296,14 @@ CURLcode Curl_SOCKS5_gssapi_negotiate(int sockindex,
|
|||||||
context_handle = &sspi_context;
|
context_handle = &sspi_context;
|
||||||
}
|
}
|
||||||
|
|
||||||
free(service_name);
|
Curl_safefree(service_name);
|
||||||
service_name=NULL;
|
|
||||||
|
|
||||||
/* Everything is good so far, user was authenticated! */
|
/* Everything is good so far, user was authenticated! */
|
||||||
sspi_status = s_pSecFn->QueryCredentialsAttributes( &cred_handle,
|
status = s_pSecFn->QueryCredentialsAttributes(&cred_handle,
|
||||||
SECPKG_CRED_ATTR_NAMES,
|
SECPKG_CRED_ATTR_NAMES,
|
||||||
&names);
|
&names);
|
||||||
s_pSecFn->FreeCredentialsHandle(&cred_handle);
|
s_pSecFn->FreeCredentialsHandle(&cred_handle);
|
||||||
if(check_sspi_err(conn, sspi_status, "QueryCredentialAttributes")) {
|
if(check_sspi_err(conn, status, "QueryCredentialAttributes")) {
|
||||||
s_pSecFn->DeleteSecurityContext(&sspi_context);
|
s_pSecFn->DeleteSecurityContext(&sspi_context);
|
||||||
s_pSecFn->FreeContextBuffer(names.sUserName);
|
s_pSecFn->FreeContextBuffer(names.sUserName);
|
||||||
failf(data, "Failed to determine user name.");
|
failf(data, "Failed to determine user name.");
|
||||||
@ -375,10 +365,10 @@ CURLcode Curl_SOCKS5_gssapi_negotiate(int sockindex,
|
|||||||
memcpy(socksreq+2, &us_length, sizeof(short));
|
memcpy(socksreq+2, &us_length, sizeof(short));
|
||||||
}
|
}
|
||||||
else {
|
else {
|
||||||
sspi_status = s_pSecFn->QueryContextAttributesA( &sspi_context,
|
status = s_pSecFn->QueryContextAttributesA(&sspi_context,
|
||||||
SECPKG_ATTR_SIZES,
|
SECPKG_ATTR_SIZES,
|
||||||
&sspi_sizes);
|
&sspi_sizes);
|
||||||
if(check_sspi_err(conn, sspi_status, "QueryContextAttributesA")) {
|
if(check_sspi_err(conn, status, "QueryContextAttributesA")) {
|
||||||
s_pSecFn->DeleteSecurityContext(&sspi_context);
|
s_pSecFn->DeleteSecurityContext(&sspi_context);
|
||||||
failf(data, "Failed to query security context attributes.");
|
failf(data, "Failed to query security context attributes.");
|
||||||
return CURLE_COULDNT_CONNECT;
|
return CURLE_COULDNT_CONNECT;
|
||||||
@ -411,11 +401,11 @@ CURLcode Curl_SOCKS5_gssapi_negotiate(int sockindex,
|
|||||||
s_pSecFn->DeleteSecurityContext(&sspi_context);
|
s_pSecFn->DeleteSecurityContext(&sspi_context);
|
||||||
return CURLE_OUT_OF_MEMORY;
|
return CURLE_OUT_OF_MEMORY;
|
||||||
}
|
}
|
||||||
sspi_status = s_pSecFn->EncryptMessage( &sspi_context,
|
status = s_pSecFn->EncryptMessage(&sspi_context,
|
||||||
KERB_WRAP_NO_ENCRYPT,
|
KERB_WRAP_NO_ENCRYPT,
|
||||||
&wrap_desc,
|
&wrap_desc,
|
||||||
0);
|
0);
|
||||||
if(check_sspi_err(conn, sspi_status, "EncryptMessage")) {
|
if(check_sspi_err(conn, status, "EncryptMessage")) {
|
||||||
s_pSecFn->FreeContextBuffer(sspi_w_token[0].pvBuffer);
|
s_pSecFn->FreeContextBuffer(sspi_w_token[0].pvBuffer);
|
||||||
s_pSecFn->FreeContextBuffer(sspi_w_token[1].pvBuffer);
|
s_pSecFn->FreeContextBuffer(sspi_w_token[1].pvBuffer);
|
||||||
s_pSecFn->FreeContextBuffer(sspi_w_token[2].pvBuffer);
|
s_pSecFn->FreeContextBuffer(sspi_w_token[2].pvBuffer);
|
||||||
@ -537,12 +527,12 @@ CURLcode Curl_SOCKS5_gssapi_negotiate(int sockindex,
|
|||||||
sspi_w_token[1].cbBuffer = 0;
|
sspi_w_token[1].cbBuffer = 0;
|
||||||
sspi_w_token[1].pvBuffer = NULL;
|
sspi_w_token[1].pvBuffer = NULL;
|
||||||
|
|
||||||
sspi_status = s_pSecFn->DecryptMessage( &sspi_context,
|
status = s_pSecFn->DecryptMessage(&sspi_context,
|
||||||
&wrap_desc,
|
&wrap_desc,
|
||||||
0,
|
0,
|
||||||
&qop);
|
&qop);
|
||||||
|
|
||||||
if(check_sspi_err(conn, sspi_status, "DecryptMessage")) {
|
if(check_sspi_err(conn, status, "DecryptMessage")) {
|
||||||
s_pSecFn->FreeContextBuffer(sspi_w_token[0].pvBuffer);
|
s_pSecFn->FreeContextBuffer(sspi_w_token[0].pvBuffer);
|
||||||
s_pSecFn->FreeContextBuffer(sspi_w_token[1].pvBuffer);
|
s_pSecFn->FreeContextBuffer(sspi_w_token[1].pvBuffer);
|
||||||
s_pSecFn->DeleteSecurityContext(&sspi_context);
|
s_pSecFn->DeleteSecurityContext(&sspi_context);
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user