sasl: Fixed Kerberos V5 inclusion when CURL_DISABLE_CRYPTO_AUTH is used
Typically the USE_WINDOWS_SSPI definition would not be used when the CURL_DISABLE_CRYPTO_AUTH define is, however, it is still a valid build configuration and, as such, the SASL Kerberos V5 (GSSAPI) authentication data structures and functions would incorrectly be used when they shouldn't be. Introduced a new USE_KRB5 definition that takes into account the use of CURL_DISABLE_CRYPTO_AUTH like USE_SPNEGO and USE_NTLM do.
This commit is contained in:
		| @@ -53,7 +53,7 @@ | |||||||
| /* The last #include file should be: */ | /* The last #include file should be: */ | ||||||
| #include "memdebug.h" | #include "memdebug.h" | ||||||
|  |  | ||||||
| #if defined(USE_WINDOWS_SSPI) | #if defined(USE_KRB5) | ||||||
| extern void Curl_sasl_gssapi_cleanup(struct kerberos5data *krb5); | extern void Curl_sasl_gssapi_cleanup(struct kerberos5data *krb5); | ||||||
| #endif | #endif | ||||||
|  |  | ||||||
| @@ -722,7 +722,7 @@ CURLcode Curl_sasl_create_xoauth2_message(struct SessionHandle *data, | |||||||
|  */ |  */ | ||||||
| void Curl_sasl_cleanup(struct connectdata *conn, unsigned int authused) | void Curl_sasl_cleanup(struct connectdata *conn, unsigned int authused) | ||||||
| { | { | ||||||
| #if defined(USE_WINDOWS_SSPI) | #if defined(USE_KRB5) | ||||||
|   /* Cleanup the gssapi structure */ |   /* Cleanup the gssapi structure */ | ||||||
|   if(authused == SASL_MECH_GSSAPI) { |   if(authused == SASL_MECH_GSSAPI) { | ||||||
|     Curl_sasl_gssapi_cleanup(&conn->krb5); |     Curl_sasl_gssapi_cleanup(&conn->krb5); | ||||||
|   | |||||||
| @@ -28,7 +28,7 @@ struct SessionHandle; | |||||||
| struct connectdata; | struct connectdata; | ||||||
| struct ntlmdata; | struct ntlmdata; | ||||||
|  |  | ||||||
| #if defined(USE_WINDOWS_SSPI) | #if defined(USE_KRB5) | ||||||
| struct kerberos5data; | struct kerberos5data; | ||||||
| #endif | #endif | ||||||
|  |  | ||||||
| @@ -123,7 +123,7 @@ CURLcode Curl_sasl_create_ntlm_type3_message(struct SessionHandle *data, | |||||||
|  |  | ||||||
| #endif /* USE_NTLM */ | #endif /* USE_NTLM */ | ||||||
|  |  | ||||||
| #if defined(USE_WINDOWS_SSPI) | #if defined(USE_KRB5) | ||||||
| /* This is used to generate a base64 encoded GSSAPI (Kerberos V5) user token | /* This is used to generate a base64 encoded GSSAPI (Kerberos V5) user token | ||||||
|    message */ |    message */ | ||||||
| CURLcode Curl_sasl_create_gssapi_user_message(struct SessionHandle *data, | CURLcode Curl_sasl_create_gssapi_user_message(struct SessionHandle *data, | ||||||
| @@ -142,7 +142,7 @@ CURLcode Curl_sasl_create_gssapi_security_message(struct SessionHandle *data, | |||||||
|                                                   struct kerberos5data *krb5, |                                                   struct kerberos5data *krb5, | ||||||
|                                                   char **outptr, |                                                   char **outptr, | ||||||
|                                                   size_t *outlen); |                                                   size_t *outlen); | ||||||
| #endif | #endif /* USE_KRB5 */ | ||||||
|  |  | ||||||
| /* This is used to generate a base64 encoded XOAUTH2 authentication message | /* This is used to generate a base64 encoded XOAUTH2 authentication message | ||||||
|    containing the user name and bearer token */ |    containing the user name and bearer token */ | ||||||
|   | |||||||
| @@ -44,7 +44,9 @@ | |||||||
| /* The last #include file should be: */ | /* The last #include file should be: */ | ||||||
| #include "memdebug.h" | #include "memdebug.h" | ||||||
|  |  | ||||||
|  | #if defined(USE_KRB5) | ||||||
| void Curl_sasl_gssapi_cleanup(struct kerberos5data *krb5); | void Curl_sasl_gssapi_cleanup(struct kerberos5data *krb5); | ||||||
|  | #endif | ||||||
|  |  | ||||||
| /* | /* | ||||||
|  * Curl_sasl_build_spn() |  * Curl_sasl_build_spn() | ||||||
| @@ -269,9 +271,9 @@ CURLcode Curl_sasl_create_digest_md5_message(struct SessionHandle *data, | |||||||
|  |  | ||||||
|   return result; |   return result; | ||||||
| } | } | ||||||
|  |  | ||||||
| #endif /* !CURL_DISABLE_CRYPTO_AUTH */ | #endif /* !CURL_DISABLE_CRYPTO_AUTH */ | ||||||
|  |  | ||||||
|  | #if defined(USE_KRB5) | ||||||
| /* | /* | ||||||
|  * Curl_sasl_create_gssapi_user_message() |  * Curl_sasl_create_gssapi_user_message() | ||||||
|  * |  * | ||||||
| @@ -703,5 +705,6 @@ void Curl_sasl_gssapi_cleanup(struct kerberos5data *krb5) | |||||||
|   /* Reset any variables */ |   /* Reset any variables */ | ||||||
|   krb5->token_max = 0; |   krb5->token_max = 0; | ||||||
| } | } | ||||||
|  | #endif /* USE_KRB5 */ | ||||||
|  |  | ||||||
| #endif /* USE_WINDOWS_SSPI */ | #endif /* USE_WINDOWS_SSPI */ | ||||||
|   | |||||||
| @@ -608,12 +608,18 @@ int netware_init(void); | |||||||
| #define USE_SSL    /* SSL support has been enabled */ | #define USE_SSL    /* SSL support has been enabled */ | ||||||
| #endif | #endif | ||||||
|  |  | ||||||
|  | /* Single point where USE_SPNEGO definition might be defined */ | ||||||
| #if !defined(CURL_DISABLE_CRYPTO_AUTH) && \ | #if !defined(CURL_DISABLE_CRYPTO_AUTH) && \ | ||||||
|     (defined(HAVE_GSSAPI) || defined(USE_WINDOWS_SSPI)) |     (defined(HAVE_GSSAPI) || defined(USE_WINDOWS_SSPI)) | ||||||
| #define USE_SPNEGO | #define USE_SPNEGO | ||||||
| #endif | #endif | ||||||
|  |  | ||||||
| /* Single point where USE_NTLM definition might be done */ | /* Single point where USE_KRB5 definition might be defined */ | ||||||
|  | #if !defined(CURL_DISABLE_CRYPTO_AUTH) && defined(USE_WINDOWS_SSPI) | ||||||
|  | #define USE_KRB5 | ||||||
|  | #endif | ||||||
|  |  | ||||||
|  | /* Single point where USE_NTLM definition might be defined */ | ||||||
| #if !defined(CURL_DISABLE_HTTP) && !defined(CURL_DISABLE_NTLM) && \ | #if !defined(CURL_DISABLE_HTTP) && !defined(CURL_DISABLE_NTLM) && \ | ||||||
|     !defined(CURL_DISABLE_CRYPTO_AUTH) |     !defined(CURL_DISABLE_CRYPTO_AUTH) | ||||||
| #if defined(USE_SSLEAY) || defined(USE_WINDOWS_SSPI) || \ | #if defined(USE_SSLEAY) || defined(USE_WINDOWS_SSPI) || \ | ||||||
|   | |||||||
| @@ -1300,7 +1300,7 @@ static CURLcode imap_state_auth_ntlm_type2msg_resp(struct connectdata *conn, | |||||||
| } | } | ||||||
| #endif | #endif | ||||||
|  |  | ||||||
| #if defined(USE_WINDOWS_SSPI) | #if defined(USE_KRB5) | ||||||
| /* For AUTHENTICATE GSSAPI (without initial response) responses */ | /* For AUTHENTICATE GSSAPI (without initial response) responses */ | ||||||
| static CURLcode imap_state_auth_gssapi_resp(struct connectdata *conn, | static CURLcode imap_state_auth_gssapi_resp(struct connectdata *conn, | ||||||
|                                             int imapcode, |                                             int imapcode, | ||||||
| @@ -1911,7 +1911,7 @@ static CURLcode imap_statemach_act(struct connectdata *conn) | |||||||
|       break; |       break; | ||||||
| #endif | #endif | ||||||
|  |  | ||||||
| #if defined(USE_WINDOWS_SSPI) | #if defined(USE_KRB5) | ||||||
|     case IMAP_AUTHENTICATE_GSSAPI: |     case IMAP_AUTHENTICATE_GSSAPI: | ||||||
|       result = imap_state_auth_gssapi_resp(conn, imapcode, imapc->state); |       result = imap_state_auth_gssapi_resp(conn, imapcode, imapc->state); | ||||||
|       break; |       break; | ||||||
| @@ -2803,7 +2803,7 @@ static CURLcode imap_calc_sasl_details(struct connectdata *conn, | |||||||
|  |  | ||||||
|   /* Calculate the supported authentication mechanism, by decreasing order of |   /* Calculate the supported authentication mechanism, by decreasing order of | ||||||
|      security, as well as the initial response where appropriate */ |      security, as well as the initial response where appropriate */ | ||||||
| #if defined(USE_WINDOWS_SSPI) | #if defined(USE_KRB5) | ||||||
|     if((imapc->authmechs & SASL_MECH_GSSAPI) && |     if((imapc->authmechs & SASL_MECH_GSSAPI) && | ||||||
|        (imapc->prefmech & SASL_MECH_GSSAPI)) { |        (imapc->prefmech & SASL_MECH_GSSAPI)) { | ||||||
|     imapc->mutual_auth = FALSE; /* TODO: Calculate mutual authentication */ |     imapc->mutual_auth = FALSE; /* TODO: Calculate mutual authentication */ | ||||||
|   | |||||||
| @@ -1131,7 +1131,7 @@ static CURLcode pop3_state_auth_ntlm_type2msg_resp(struct connectdata *conn, | |||||||
| } | } | ||||||
| #endif | #endif | ||||||
|  |  | ||||||
| #if defined(USE_WINDOWS_SSPI) | #if defined(USE_KRB5) | ||||||
| /* For AUTH GSSAPI (without initial response) responses */ | /* For AUTH GSSAPI (without initial response) responses */ | ||||||
| static CURLcode pop3_state_auth_gssapi_resp(struct connectdata *conn, | static CURLcode pop3_state_auth_gssapi_resp(struct connectdata *conn, | ||||||
|                                             int pop3code, |                                             int pop3code, | ||||||
| @@ -1591,7 +1591,7 @@ static CURLcode pop3_statemach_act(struct connectdata *conn) | |||||||
|       break; |       break; | ||||||
| #endif | #endif | ||||||
|  |  | ||||||
| #if defined(USE_WINDOWS_SSPI) | #if defined(USE_KRB5) | ||||||
|     case POP3_AUTH_GSSAPI: |     case POP3_AUTH_GSSAPI: | ||||||
|       result = pop3_state_auth_gssapi_resp(conn, pop3code, pop3c->state); |       result = pop3_state_auth_gssapi_resp(conn, pop3code, pop3c->state); | ||||||
|       break; |       break; | ||||||
| @@ -2121,7 +2121,7 @@ static CURLcode pop3_calc_sasl_details(struct connectdata *conn, | |||||||
|  |  | ||||||
|   /* Calculate the supported authentication mechanism, by decreasing order of |   /* Calculate the supported authentication mechanism, by decreasing order of | ||||||
|      security, as well as the initial response where appropriate */ |      security, as well as the initial response where appropriate */ | ||||||
| #if defined(USE_WINDOWS_SSPI) | #if defined(USE_KRB5) | ||||||
|   if((pop3c->authmechs & SASL_MECH_GSSAPI) && |   if((pop3c->authmechs & SASL_MECH_GSSAPI) && | ||||||
|       (pop3c->prefmech & SASL_MECH_GSSAPI)) { |       (pop3c->prefmech & SASL_MECH_GSSAPI)) { | ||||||
|     pop3c->mutual_auth = FALSE; /* TODO: Calculate mutual authentication */ |     pop3c->mutual_auth = FALSE; /* TODO: Calculate mutual authentication */ | ||||||
|   | |||||||
| @@ -1150,7 +1150,7 @@ static CURLcode smtp_state_auth_ntlm_type2msg_resp(struct connectdata *conn, | |||||||
| } | } | ||||||
| #endif | #endif | ||||||
|  |  | ||||||
| #if defined(USE_WINDOWS_SSPI) | #if defined(USE_KRB5) | ||||||
| /* For AUTH GSSAPI (without initial response) responses */ | /* For AUTH GSSAPI (without initial response) responses */ | ||||||
| static CURLcode smtp_state_auth_gssapi_resp(struct connectdata *conn, | static CURLcode smtp_state_auth_gssapi_resp(struct connectdata *conn, | ||||||
|                                             int smtpcode, |                                             int smtpcode, | ||||||
| @@ -1630,7 +1630,7 @@ static CURLcode smtp_statemach_act(struct connectdata *conn) | |||||||
|       break; |       break; | ||||||
| #endif | #endif | ||||||
|  |  | ||||||
| #if defined(USE_WINDOWS_SSPI) | #if defined(USE_KRB5) | ||||||
|     case SMTP_AUTH_GSSAPI: |     case SMTP_AUTH_GSSAPI: | ||||||
|       result = smtp_state_auth_gssapi_resp(conn, smtpcode, smtpc->state); |       result = smtp_state_auth_gssapi_resp(conn, smtpcode, smtpc->state); | ||||||
|       break; |       break; | ||||||
| @@ -2221,7 +2221,7 @@ static CURLcode smtp_calc_sasl_details(struct connectdata *conn, | |||||||
|  |  | ||||||
|   /* Calculate the supported authentication mechanism, by decreasing order of |   /* Calculate the supported authentication mechanism, by decreasing order of | ||||||
|      security, as well as the initial response where appropriate */ |      security, as well as the initial response where appropriate */ | ||||||
| #if defined(USE_WINDOWS_SSPI) | #if defined(USE_KRB5) | ||||||
|   if((smtpc->authmechs & SASL_MECH_GSSAPI) && |   if((smtpc->authmechs & SASL_MECH_GSSAPI) && | ||||||
|      (smtpc->prefmech & SASL_MECH_GSSAPI)) { |      (smtpc->prefmech & SASL_MECH_GSSAPI)) { | ||||||
|     smtpc->mutual_auth = FALSE; /* TODO: Calculate mutual authentication */ |     smtpc->mutual_auth = FALSE; /* TODO: Calculate mutual authentication */ | ||||||
|   | |||||||
| @@ -419,7 +419,7 @@ typedef enum { | |||||||
| #endif | #endif | ||||||
|  |  | ||||||
| /* Struct used for GSSAPI (Kerberos V5) authentication */ | /* Struct used for GSSAPI (Kerberos V5) authentication */ | ||||||
| #if defined(USE_WINDOWS_SSPI) | #if defined(USE_KRB5) | ||||||
| struct kerberos5data { | struct kerberos5data { | ||||||
|   CredHandle *credentials; |   CredHandle *credentials; | ||||||
|   CtxtHandle *context; |   CtxtHandle *context; | ||||||
| @@ -980,7 +980,7 @@ struct connectdata { | |||||||
|   struct sockaddr_in local_addr; |   struct sockaddr_in local_addr; | ||||||
| #endif | #endif | ||||||
|  |  | ||||||
| #if defined(USE_WINDOWS_SSPI) /* Consider moving some of the above GSS-API */ | #if defined(USE_KRB5)         /* Consider moving some of the above GSS-API */ | ||||||
|   struct kerberos5data krb5;  /* variables into the structure definition, */ |   struct kerberos5data krb5;  /* variables into the structure definition, */ | ||||||
| #endif                        /* however, some of them are ftp specific. */ | #endif                        /* however, some of them are ftp specific. */ | ||||||
|  |  | ||||||
|   | |||||||
		Reference in New Issue
	
	Block a user
	 Steve Holme
					Steve Holme