Lines Matching +full:- +full:- +full:without +full:- +full:gssapi
1 /* GSSAPI/krb5 support for FTP - loosely based on old krb4.c
8 * SPDX-License-Identifier: BSD-3-Clause
10 * Redistribution and use in source and binary forms, with or without
23 * without specific prior written permission.
50 #include "cf-socket.h"
76 unsigned char data_sec = conn->data_prot; in ftpsend()
82 if(!write_len || write_len > (sizeof(s) -3)) in ftpsend()
92 conn->data_prot = PROT_CMD; in ftpsend()
97 conn->data_prot = data_sec; in ftpsend()
106 write_len -= bytes_written; in ftpsend()
130 return -1; in krb5_check_prot()
150 return -1; in krb5_decode()
179 return -1; in krb5_encode()
185 return -1; in krb5_encode()
197 const char *host = conn->host.name; in krb5_auth()
199 curl_socklen_t l = sizeof(conn->local_addr); in krb5_auth()
201 const char *service = data->set.str[STRING_SERVICE_NAME] ? in krb5_auth()
202 data->set.str[STRING_SERVICE_NAME] : in krb5_auth()
212 (struct sockaddr_in *)(void *)&conn->remote_addr->sa_addr; in krb5_auth()
215 if(getsockname(conn->sock[FIRSTSOCKET], in krb5_auth()
216 (struct sockaddr *)&conn->local_addr, &l) < 0) in krb5_auth()
220 chan.initiator_address.length = l - 4; in krb5_auth()
221 chan.initiator_address.value = &conn->local_addr.sin_addr.s_addr; in krb5_auth()
223 chan.acceptor_address.length = l - 4; in krb5_auth()
224 chan.acceptor_address.value = &remote_addr->sin_addr.s_addr; in krb5_auth()
232 result = ftpsend(data, conn, "AUTH GSSAPI"); in krb5_auth()
234 return -2; in krb5_auth()
237 return -1; in krb5_auth()
239 struct pingpong *pp = &conn->proto.ftpc.pp; in krb5_auth()
240 char *line = Curl_dyn_ptr(&pp->recvbuf); in krb5_auth()
242 return -1; in krb5_auth()
248 return -2; in krb5_auth()
304 infof(data, "base64-encoding: %s", curl_easy_strerror(result)); in krb5_auth()
319 ret = -2; in krb5_auth()
324 ret = -1; in krb5_auth()
328 struct pingpong *pp = &conn->proto.ftpc.pp; in krb5_auth()
329 size_t len = Curl_dyn_len(&pp->recvbuf); in krb5_auth()
330 p = Curl_dyn_ptr(&pp->recvbuf); in krb5_auth()
346 failf(data, "base64-decoding: %s", curl_easy_strerror(result)); in krb5_auth()
382 "GSSAPI",
436 function returns the ftp_code. If an error occurs, -1 is returned. */
451 if(ftpsend(data, data->conn, print_buffer)) { in ftp_send_command()
452 ftp_code = -1; in ftp_send_command()
456 ftp_code = -1; in ftp_send_command()
475 len -= nread; in socket_read()
502 len -= written; in socket_write()
517 struct connectdata *conn = data->conn; in read_data()
531 Curl_dyn_reset(&buf->buf); in read_data()
542 result = Curl_dyn_addn(&buf->buf, buffer, nread); in read_data()
545 len -= nread; in read_data()
548 nread = conn->mech->decode(conn->app_data, in read_data()
549 Curl_dyn_ptr(&buf->buf), in read_data()
550 len, conn->data_prot, conn); in read_data()
553 Curl_dyn_setlen(&buf->buf, nread); in read_data()
554 buf->index = 0; in read_data()
561 size_t size = Curl_dyn_len(&buf->buf); in buffer_read()
562 if(size - buf->index < len) in buffer_read()
563 len = size - buf->index; in buffer_read()
564 memcpy(data, Curl_dyn_ptr(&buf->buf) + buf->index, len); in buffer_read()
565 buf->index += len; in buffer_read()
575 struct connectdata *conn = data->conn; in sec_recv()
580 if(conn->sec_complete == 0 || conn->data_prot == PROT_CLEAR) { in sec_recv()
586 if(conn->in_buffer.eof_flag) { in sec_recv()
587 conn->in_buffer.eof_flag = 0; in sec_recv()
591 bytes_read = buffer_read(&conn->in_buffer, buffer, len); in sec_recv()
592 len -= bytes_read; in sec_recv()
597 if(read_data(data, sockindex, &conn->in_buffer)) in sec_recv()
598 return -1; in sec_recv()
599 if(Curl_dyn_len(&conn->in_buffer.buf) == 0) { in sec_recv()
601 conn->in_buffer.eof_flag = 1; in sec_recv()
604 bytes_read = buffer_read(&conn->in_buffer, buffer, len); in sec_recv()
605 len -= bytes_read; in sec_recv()
617 int bytes, htonl_bytes; /* 32-bit integers for htonl */ in do_sec_send()
622 enum protection_level prot_level = conn->data_prot; in do_sec_send()
631 prot_level = conn->command_prot; in do_sec_send()
633 bytes = conn->mech->encode(conn->app_data, from, length, prot_level, in do_sec_send()
671 ssize_t tx = 0, len = conn->buffer_size; in sec_write()
680 length -= len; in sec_write()
691 struct connectdata *conn = data->conn; in sec_send()
692 curl_socket_t fd = conn->sock[sockindex]; in sec_send()
700 /* decoded_len should be size_t or ssize_t but conn->mech->decode returns an in Curl_sec_read_msg()
710 if(!conn->mech) in Curl_sec_read_msg()
712 return -1; in Curl_sec_read_msg()
718 return -1; in Curl_sec_read_msg()
722 return -1; in Curl_sec_read_msg()
726 decoded_len = conn->mech->decode(conn->app_data, buf, decoded_len, in Curl_sec_read_msg()
730 return -1; in Curl_sec_read_msg()
743 if(buf[3] != '-') in Curl_sec_read_msg()
746 if(buf[decoded_len - 1] == '\n') in Curl_sec_read_msg()
747 buf[decoded_len - 1] = '\0'; in Curl_sec_read_msg()
756 struct connectdata *conn = data->conn; in sec_set_protection_level()
757 unsigned char level = conn->request_data_prot; in sec_set_protection_level()
761 if(!conn->sec_complete) { in sec_set_protection_level()
764 return -1; in sec_set_protection_level()
768 if(conn->data_prot == level) in sec_set_protection_level()
774 struct pingpong *pp = &conn->proto.ftpc.pp; in sec_set_protection_level()
779 return -1; in sec_set_protection_level()
783 return -1; in sec_set_protection_level()
785 conn->buffer_size = buffer_size; in sec_set_protection_level()
787 line = Curl_dyn_ptr(&pp->recvbuf); in sec_set_protection_level()
793 if(buffer_size < conn->buffer_size) in sec_set_protection_level()
794 conn->buffer_size = buffer_size; in sec_set_protection_level()
802 return -1; in sec_set_protection_level()
806 return -1; in sec_set_protection_level()
809 conn->data_prot = level; in sec_set_protection_level()
811 conn->command_prot = level; in sec_set_protection_level()
821 return -1; in Curl_sec_request_prot()
823 conn->request_data_prot = l; in Curl_sec_request_prot()
833 tmp_allocation = realloc(conn->app_data, mech->size); in choose_mech()
835 failf(data, "Failed realloc of size %zu", mech->size); in choose_mech()
839 conn->app_data = tmp_allocation; in choose_mech()
841 if(mech->init) { in choose_mech()
842 ret = mech->init(conn->app_data); in choose_mech()
845 mech->name); in choose_mech()
848 Curl_dyn_init(&conn->in_buffer.buf, CURL_MAX_INPUT_LENGTH); in choose_mech()
851 infof(data, "Trying mechanism %s...", mech->name); in choose_mech()
852 ret = ftp_send_command(data, "AUTH %s", mech->name); in choose_mech()
860 "returned ftp code: 504).", mech->name); in choose_mech()
864 "ftp code: 534).", mech->name); in choose_mech()
877 ret = mech->auth(conn->app_data, data, conn); in choose_mech()
886 conn->mech = mech; in choose_mech()
887 conn->sec_complete = 1; in choose_mech()
888 conn->recv[FIRSTSOCKET] = sec_recv; in choose_mech()
889 conn->send[FIRSTSOCKET] = sec_send; in choose_mech()
890 conn->recv[SECONDARYSOCKET] = sec_recv; in choose_mech()
891 conn->send[SECONDARYSOCKET] = sec_send; in choose_mech()
892 conn->command_prot = PROT_SAFE; in choose_mech()
911 if(conn->mech && conn->mech->end) in Curl_sec_end()
912 conn->mech->end(conn->app_data); in Curl_sec_end()
913 Curl_safefree(conn->app_data); in Curl_sec_end()
914 Curl_dyn_free(&conn->in_buffer.buf); in Curl_sec_end()
915 conn->in_buffer.index = 0; in Curl_sec_end()
916 conn->in_buffer.eof_flag = 0; in Curl_sec_end()
917 conn->sec_complete = 0; in Curl_sec_end()
918 conn->data_prot = PROT_CLEAR; in Curl_sec_end()
919 conn->mech = NULL; in Curl_sec_end()