1 /* GSSAPI/krb5 support for FTP - loosely based on old krb4.c
2 *
3 * Copyright (c) 1995, 1996, 1997, 1998, 1999 Kungliga Tekniska Högskolan
4 * (Royal Institute of Technology, Stockholm, Sweden).
5 * Copyright (C) Daniel Stenberg
6 * All rights reserved.
7 *
8 * SPDX-License-Identifier: BSD-3-Clause
9 *
10 * Redistribution and use in source and binary forms, with or without
11 * modification, are permitted provided that the following conditions
12 * are met:
13 *
14 * 1. Redistributions of source code must retain the above copyright
15 * notice, this list of conditions and the following disclaimer.
16 *
17 * 2. Redistributions in binary form must reproduce the above copyright
18 * notice, this list of conditions and the following disclaimer in the
19 * documentation and/or other materials provided with the distribution.
20 *
21 * 3. Neither the name of the Institute nor the names of its contributors
22 * may be used to endorse or promote products derived from this software
23 * without specific prior written permission.
24 *
25 * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
26 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
27 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
28 * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
29 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
30 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
31 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
32 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
33 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
34 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
35 * SUCH DAMAGE. */
36
37 #include "curl_setup.h"
38
39 #if defined(HAVE_GSSAPI) && !defined(CURL_DISABLE_FTP)
40
41 #ifdef HAVE_NETDB_H
42 #include <netdb.h>
43 #endif
44 #ifdef HAVE_ARPA_INET_H
45 #include <arpa/inet.h>
46 #endif
47
48 #include "urldata.h"
49 #include "cfilters.h"
50 #include "cf-socket.h"
51 #include "curl_base64.h"
52 #include "ftp.h"
53 #include "curl_gssapi.h"
54 #include "sendf.h"
55 #include "transfer.h"
56 #include "curl_krb5.h"
57 #include "warnless.h"
58 #include "strcase.h"
59 #include "strdup.h"
60
61 /* The last 3 #include files should be in this order */
62 #include "curl_printf.h"
63 #include "curl_memory.h"
64 #include "memdebug.h"
65
66 #if defined(__GNUC__) && defined(__APPLE__)
67 #pragma GCC diagnostic push
68 #pragma GCC diagnostic ignored "-Wdeprecated-declarations"
69 #endif
70
ftpsend(struct Curl_easy * data,struct connectdata * conn,const char * cmd)71 static CURLcode ftpsend(struct Curl_easy *data, struct connectdata *conn,
72 const char *cmd)
73 {
74 size_t bytes_written;
75 #define SBUF_SIZE 1024
76 char s[SBUF_SIZE];
77 size_t write_len;
78 char *sptr = s;
79 CURLcode result = CURLE_OK;
80 #ifdef HAVE_GSSAPI
81 unsigned char data_sec = conn->data_prot;
82 #endif
83
84 DEBUGASSERT(cmd);
85
86 write_len = strlen(cmd);
87 if(!write_len || write_len > (sizeof(s) -3))
88 return CURLE_BAD_FUNCTION_ARGUMENT;
89
90 memcpy(&s, cmd, write_len);
91 strcpy(&s[write_len], "\r\n"); /* append a trailing CRLF */
92 write_len += 2;
93 bytes_written = 0;
94
95 for(;;) {
96 #ifdef HAVE_GSSAPI
97 conn->data_prot = PROT_CMD;
98 #endif
99 result = Curl_xfer_send(data, sptr, write_len, FALSE, &bytes_written);
100 #ifdef HAVE_GSSAPI
101 DEBUGASSERT(data_sec > PROT_NONE && data_sec < PROT_LAST);
102 conn->data_prot = data_sec;
103 #endif
104
105 if(result)
106 break;
107
108 Curl_debug(data, CURLINFO_HEADER_OUT, sptr, bytes_written);
109
110 if(bytes_written != write_len) {
111 write_len -= bytes_written;
112 sptr += bytes_written;
113 }
114 else
115 break;
116 }
117
118 return result;
119 }
120
121 static int
krb5_init(void * app_data)122 krb5_init(void *app_data)
123 {
124 gss_ctx_id_t *context = app_data;
125 /* Make sure our context is initialized for krb5_end. */
126 *context = GSS_C_NO_CONTEXT;
127 return 0;
128 }
129
130 static int
krb5_check_prot(void * app_data,int level)131 krb5_check_prot(void *app_data, int level)
132 {
133 (void)app_data; /* unused */
134 if(level == PROT_CONFIDENTIAL)
135 return -1;
136 return 0;
137 }
138
139 static int
krb5_decode(void * app_data,void * buf,int len,int level UNUSED_PARAM,struct connectdata * conn UNUSED_PARAM)140 krb5_decode(void *app_data, void *buf, int len,
141 int level UNUSED_PARAM,
142 struct connectdata *conn UNUSED_PARAM)
143 {
144 gss_ctx_id_t *context = app_data;
145 OM_uint32 maj, min;
146 gss_buffer_desc enc, dec;
147
148 (void)level;
149 (void)conn;
150
151 enc.value = buf;
152 enc.length = len;
153 maj = gss_unwrap(&min, *context, &enc, &dec, NULL, NULL);
154 if(maj != GSS_S_COMPLETE)
155 return -1;
156
157 memcpy(buf, dec.value, dec.length);
158 len = curlx_uztosi(dec.length);
159 gss_release_buffer(&min, &dec);
160
161 return len;
162 }
163
164 static int
krb5_encode(void * app_data,const void * from,int length,int level,void ** to)165 krb5_encode(void *app_data, const void *from, int length, int level, void **to)
166 {
167 gss_ctx_id_t *context = app_data;
168 gss_buffer_desc dec, enc;
169 OM_uint32 maj, min;
170 int state;
171 int len;
172
173 /* NOTE that the cast is safe, neither of the krb5, gnu gss and heimdal
174 * libraries modify the input buffer in gss_wrap()
175 */
176 dec.value = (void *)from;
177 dec.length = (size_t)length;
178 maj = gss_wrap(&min, *context,
179 level == PROT_PRIVATE,
180 GSS_C_QOP_DEFAULT,
181 &dec, &state, &enc);
182
183 if(maj != GSS_S_COMPLETE)
184 return -1;
185
186 /* malloc a new buffer, in case gss_release_buffer does not work as
187 expected */
188 *to = malloc(enc.length);
189 if(!*to)
190 return -1;
191 memcpy(*to, enc.value, enc.length);
192 len = curlx_uztosi(enc.length);
193 gss_release_buffer(&min, &enc);
194 return len;
195 }
196
197 static int
krb5_auth(void * app_data,struct Curl_easy * data,struct connectdata * conn)198 krb5_auth(void *app_data, struct Curl_easy *data, struct connectdata *conn)
199 {
200 int ret = AUTH_OK;
201 char *p;
202 const char *host = conn->host.name;
203 ssize_t nread;
204 curl_socklen_t l = sizeof(conn->local_addr);
205 CURLcode result;
206 const char *service = data->set.str[STRING_SERVICE_NAME] ?
207 data->set.str[STRING_SERVICE_NAME] :
208 "ftp";
209 const char *srv_host = "host";
210 gss_buffer_desc input_buffer, output_buffer, *gssresp;
211 gss_buffer_desc _gssresp = GSS_C_EMPTY_BUFFER;
212 OM_uint32 maj, min;
213 gss_name_t gssname;
214 gss_ctx_id_t *context = app_data;
215 struct gss_channel_bindings_struct chan;
216 size_t base64_sz = 0;
217 struct sockaddr_in *remote_addr =
218 (struct sockaddr_in *)(void *)&conn->remote_addr->curl_sa_addr;
219 char *stringp;
220
221 if(getsockname(conn->sock[FIRSTSOCKET],
222 (struct sockaddr *)&conn->local_addr, &l) < 0)
223 perror("getsockname()");
224
225 chan.initiator_addrtype = GSS_C_AF_INET;
226 chan.initiator_address.length = l - 4;
227 chan.initiator_address.value = &conn->local_addr.sin_addr.s_addr;
228 chan.acceptor_addrtype = GSS_C_AF_INET;
229 chan.acceptor_address.length = l - 4;
230 chan.acceptor_address.value = &remote_addr->sin_addr.s_addr;
231 chan.application_data.length = 0;
232 chan.application_data.value = NULL;
233
234 /* this loop will execute twice (once for service, once for host) */
235 for(;;) {
236 /* this really should not be repeated here, but cannot help it */
237 if(service == srv_host) {
238 result = ftpsend(data, conn, "AUTH GSSAPI");
239 if(result)
240 return -2;
241
242 if(Curl_GetFTPResponse(data, &nread, NULL))
243 return -1;
244 else {
245 struct pingpong *pp = &conn->proto.ftpc.pp;
246 char *line = Curl_dyn_ptr(&pp->recvbuf);
247 if(line[0] != '3')
248 return -1;
249 }
250 }
251
252 stringp = aprintf("%s@%s", service, host);
253 if(!stringp)
254 return -2;
255
256 input_buffer.value = stringp;
257 input_buffer.length = strlen(stringp);
258 maj = gss_import_name(&min, &input_buffer, GSS_C_NT_HOSTBASED_SERVICE,
259 &gssname);
260 free(stringp);
261 if(maj != GSS_S_COMPLETE) {
262 gss_release_name(&min, &gssname);
263 if(service == srv_host) {
264 failf(data, "Error importing service name %s@%s", service, host);
265 return AUTH_ERROR;
266 }
267 service = srv_host;
268 continue;
269 }
270 /* We pass NULL as |output_name_type| to avoid a leak. */
271 gss_display_name(&min, gssname, &output_buffer, NULL);
272 infof(data, "Trying against %s", (char *)output_buffer.value);
273 gssresp = GSS_C_NO_BUFFER;
274 *context = GSS_C_NO_CONTEXT;
275
276 do {
277 /* Release the buffer at each iteration to avoid leaking: the first time
278 we are releasing the memory from gss_display_name. The last item is
279 taken care by a final gss_release_buffer. */
280 gss_release_buffer(&min, &output_buffer);
281 ret = AUTH_OK;
282 maj = Curl_gss_init_sec_context(data,
283 &min,
284 context,
285 gssname,
286 &Curl_krb5_mech_oid,
287 &chan,
288 gssresp,
289 &output_buffer,
290 TRUE,
291 NULL);
292
293 if(gssresp) {
294 free(_gssresp.value);
295 gssresp = NULL;
296 }
297
298 if(GSS_ERROR(maj)) {
299 infof(data, "Error creating security context");
300 ret = AUTH_ERROR;
301 break;
302 }
303
304 if(output_buffer.length) {
305 char *cmd;
306
307 result = Curl_base64_encode((char *)output_buffer.value,
308 output_buffer.length, &p, &base64_sz);
309 if(result) {
310 infof(data, "base64-encoding: %s", curl_easy_strerror(result));
311 ret = AUTH_ERROR;
312 break;
313 }
314
315 cmd = aprintf("ADAT %s", p);
316 if(cmd)
317 result = ftpsend(data, conn, cmd);
318 else
319 result = CURLE_OUT_OF_MEMORY;
320
321 free(p);
322 free(cmd);
323
324 if(result) {
325 ret = -2;
326 break;
327 }
328
329 if(Curl_GetFTPResponse(data, &nread, NULL)) {
330 ret = -1;
331 break;
332 }
333 else {
334 struct pingpong *pp = &conn->proto.ftpc.pp;
335 size_t len = Curl_dyn_len(&pp->recvbuf);
336 p = Curl_dyn_ptr(&pp->recvbuf);
337 if((len < 4) || (p[0] != '2' && p[0] != '3')) {
338 infof(data, "Server did not accept auth data");
339 ret = AUTH_ERROR;
340 break;
341 }
342 }
343
344 _gssresp.value = NULL; /* make sure it is initialized */
345 _gssresp.length = 0;
346 p += 4; /* over '789 ' */
347 p = strstr(p, "ADAT=");
348 if(p) {
349 unsigned char *outptr;
350 size_t outlen;
351 result = Curl_base64_decode(p + 5, &outptr, &outlen);
352 if(result) {
353 failf(data, "base64-decoding: %s", curl_easy_strerror(result));
354 ret = AUTH_CONTINUE;
355 break;
356 }
357 _gssresp.value = outptr;
358 _gssresp.length = outlen;
359 }
360
361 gssresp = &_gssresp;
362 }
363 } while(maj == GSS_S_CONTINUE_NEEDED);
364
365 gss_release_name(&min, &gssname);
366 gss_release_buffer(&min, &output_buffer);
367
368 if(gssresp)
369 free(_gssresp.value);
370
371 if(ret == AUTH_OK || service == srv_host)
372 break;
373
374 service = srv_host;
375 }
376 return ret;
377 }
378
krb5_end(void * app_data)379 static void krb5_end(void *app_data)
380 {
381 OM_uint32 min;
382 gss_ctx_id_t *context = app_data;
383 if(*context != GSS_C_NO_CONTEXT) {
384 OM_uint32 maj = gss_delete_sec_context(&min, context, GSS_C_NO_BUFFER);
385 (void)maj;
386 DEBUGASSERT(maj == GSS_S_COMPLETE);
387 }
388 }
389
390 static const struct Curl_sec_client_mech Curl_krb5_client_mech = {
391 "GSSAPI",
392 sizeof(gss_ctx_id_t),
393 krb5_init,
394 krb5_auth,
395 krb5_end,
396 krb5_check_prot,
397
398 krb5_encode,
399 krb5_decode
400 };
401
402 static const struct {
403 unsigned char level;
404 const char *name;
405 } level_names[] = {
406 { PROT_CLEAR, "clear" },
407 { PROT_SAFE, "safe" },
408 { PROT_CONFIDENTIAL, "confidential" },
409 { PROT_PRIVATE, "private" }
410 };
411
name_to_level(const char * name)412 static unsigned char name_to_level(const char *name)
413 {
414 int i;
415 for(i = 0; i < (int)sizeof(level_names)/(int)sizeof(level_names[0]); i++)
416 if(curl_strequal(name, level_names[i].name))
417 return level_names[i].level;
418 return PROT_NONE;
419 }
420
421 /* Convert a protocol |level| to its char representation.
422 We take an int to catch programming mistakes. */
level_to_char(int level)423 static char level_to_char(int level)
424 {
425 switch(level) {
426 case PROT_CLEAR:
427 return 'C';
428 case PROT_SAFE:
429 return 'S';
430 case PROT_CONFIDENTIAL:
431 return 'E';
432 case PROT_PRIVATE:
433 return 'P';
434 case PROT_CMD:
435 default:
436 /* Those 2 cases should not be reached! */
437 break;
438 }
439 DEBUGASSERT(0);
440 /* Default to the most secure alternative. */
441 return 'P';
442 }
443
444 /* Send an FTP command defined by |message| and the optional arguments. The
445 function returns the ftp_code. If an error occurs, -1 is returned. */
446 static int ftp_send_command(struct Curl_easy *data, const char *message, ...)
447 CURL_PRINTF(2, 3);
448
ftp_send_command(struct Curl_easy * data,const char * message,...)449 static int ftp_send_command(struct Curl_easy *data, const char *message, ...)
450 {
451 int ftp_code;
452 ssize_t nread = 0;
453 va_list args;
454 char print_buffer[50];
455
456 va_start(args, message);
457 mvsnprintf(print_buffer, sizeof(print_buffer), message, args);
458 va_end(args);
459
460 if(ftpsend(data, data->conn, print_buffer)) {
461 ftp_code = -1;
462 }
463 else {
464 if(Curl_GetFTPResponse(data, &nread, &ftp_code))
465 ftp_code = -1;
466 }
467
468 (void)nread; /* Unused */
469 return ftp_code;
470 }
471
472 /* Read |len| from the socket |fd| and store it in |to|. Return a CURLcode
473 saying whether an error occurred or CURLE_OK if |len| was read. */
474 static CURLcode
socket_read(struct Curl_easy * data,int sockindex,void * to,size_t len)475 socket_read(struct Curl_easy *data, int sockindex, void *to, size_t len)
476 {
477 char *to_p = to;
478 CURLcode result;
479 ssize_t nread = 0;
480
481 while(len > 0) {
482 result = Curl_conn_recv(data, sockindex, to_p, len, &nread);
483 if(nread > 0) {
484 len -= nread;
485 to_p += nread;
486 }
487 else {
488 if(result == CURLE_AGAIN)
489 continue;
490 return result;
491 }
492 }
493 return CURLE_OK;
494 }
495
496
497 /* Write |len| bytes from the buffer |to| to the socket |fd|. Return a
498 CURLcode saying whether an error occurred or CURLE_OK if |len| was
499 written. */
500 static CURLcode
socket_write(struct Curl_easy * data,int sockindex,const void * to,size_t len)501 socket_write(struct Curl_easy *data, int sockindex, const void *to,
502 size_t len)
503 {
504 const char *to_p = to;
505 CURLcode result;
506 size_t written;
507
508 while(len > 0) {
509 result = Curl_conn_send(data, sockindex, to_p, len, FALSE, &written);
510 if(!result && written > 0) {
511 len -= written;
512 to_p += written;
513 }
514 else {
515 if(result == CURLE_AGAIN)
516 continue;
517 return result;
518 }
519 }
520 return CURLE_OK;
521 }
522
read_data(struct Curl_easy * data,int sockindex,struct krb5buffer * buf)523 static CURLcode read_data(struct Curl_easy *data, int sockindex,
524 struct krb5buffer *buf)
525 {
526 struct connectdata *conn = data->conn;
527 int len;
528 CURLcode result;
529 int nread;
530
531 result = socket_read(data, sockindex, &len, sizeof(len));
532 if(result)
533 return result;
534
535 if(len) {
536 len = (int)ntohl((uint32_t)len);
537 if(len > CURL_MAX_INPUT_LENGTH)
538 return CURLE_TOO_LARGE;
539
540 Curl_dyn_reset(&buf->buf);
541 }
542 else
543 return CURLE_RECV_ERROR;
544
545 do {
546 char buffer[1024];
547 nread = CURLMIN(len, (int)sizeof(buffer));
548 result = socket_read(data, sockindex, buffer, (size_t)nread);
549 if(result)
550 return result;
551 result = Curl_dyn_addn(&buf->buf, buffer, nread);
552 if(result)
553 return result;
554 len -= nread;
555 } while(len);
556 /* this decodes the dynbuf *in place* */
557 nread = conn->mech->decode(conn->app_data,
558 Curl_dyn_ptr(&buf->buf),
559 len, conn->data_prot, conn);
560 if(nread < 0)
561 return CURLE_RECV_ERROR;
562 Curl_dyn_setlen(&buf->buf, nread);
563 buf->index = 0;
564 return CURLE_OK;
565 }
566
567 static size_t
buffer_read(struct krb5buffer * buf,void * data,size_t len)568 buffer_read(struct krb5buffer *buf, void *data, size_t len)
569 {
570 size_t size = Curl_dyn_len(&buf->buf);
571 if(size - buf->index < len)
572 len = size - buf->index;
573 memcpy(data, Curl_dyn_ptr(&buf->buf) + buf->index, len);
574 buf->index += len;
575 return len;
576 }
577
578 /* Matches Curl_recv signature */
sec_recv(struct Curl_easy * data,int sockindex,char * buffer,size_t len,CURLcode * err)579 static ssize_t sec_recv(struct Curl_easy *data, int sockindex,
580 char *buffer, size_t len, CURLcode *err)
581 {
582 size_t bytes_read;
583 size_t total_read = 0;
584 struct connectdata *conn = data->conn;
585
586 *err = CURLE_OK;
587
588 /* Handle clear text response. */
589 if(conn->sec_complete == 0 || conn->data_prot == PROT_CLEAR) {
590 ssize_t nread;
591 *err = Curl_conn_recv(data, sockindex, buffer, len, &nread);
592 return nread;
593 }
594
595 if(conn->in_buffer.eof_flag) {
596 conn->in_buffer.eof_flag = 0;
597 return 0;
598 }
599
600 bytes_read = buffer_read(&conn->in_buffer, buffer, len);
601 len -= bytes_read;
602 total_read += bytes_read;
603 buffer += bytes_read;
604
605 while(len > 0) {
606 if(read_data(data, sockindex, &conn->in_buffer))
607 return -1;
608 if(Curl_dyn_len(&conn->in_buffer.buf) == 0) {
609 if(bytes_read > 0)
610 conn->in_buffer.eof_flag = 1;
611 return bytes_read;
612 }
613 bytes_read = buffer_read(&conn->in_buffer, buffer, len);
614 len -= bytes_read;
615 total_read += bytes_read;
616 buffer += bytes_read;
617 }
618 return total_read;
619 }
620
621 /* Send |length| bytes from |from| to the |sockindex| socket taking care of
622 encoding and negotiating with the server. |from| can be NULL. */
do_sec_send(struct Curl_easy * data,struct connectdata * conn,int sockindex,const char * from,int length)623 static void do_sec_send(struct Curl_easy *data, struct connectdata *conn,
624 int sockindex, const char *from, int length)
625 {
626 int bytes, htonl_bytes; /* 32-bit integers for htonl */
627 char *buffer = NULL;
628 char *cmd_buffer;
629 size_t cmd_size = 0;
630 CURLcode error;
631 enum protection_level prot_level = conn->data_prot;
632 bool iscmd = (prot_level == PROT_CMD);
633
634 DEBUGASSERT(prot_level > PROT_NONE && prot_level < PROT_LAST);
635
636 if(iscmd) {
637 if(!strncmp(from, "PASS ", 5) || !strncmp(from, "ACCT ", 5))
638 prot_level = PROT_PRIVATE;
639 else
640 prot_level = conn->command_prot;
641 }
642 bytes = conn->mech->encode(conn->app_data, from, length, (int)prot_level,
643 (void **)&buffer);
644 if(!buffer || bytes <= 0)
645 return; /* error */
646
647 if(iscmd) {
648 error = Curl_base64_encode(buffer, curlx_sitouz(bytes),
649 &cmd_buffer, &cmd_size);
650 if(error) {
651 free(buffer);
652 return; /* error */
653 }
654 if(cmd_size > 0) {
655 static const char *enc = "ENC ";
656 static const char *mic = "MIC ";
657 if(prot_level == PROT_PRIVATE)
658 socket_write(data, sockindex, enc, 4);
659 else
660 socket_write(data, sockindex, mic, 4);
661
662 socket_write(data, sockindex, cmd_buffer, cmd_size);
663 socket_write(data, sockindex, "\r\n", 2);
664 infof(data, "Send: %s%s", prot_level == PROT_PRIVATE ? enc : mic,
665 cmd_buffer);
666 free(cmd_buffer);
667 }
668 }
669 else {
670 htonl_bytes = (int)htonl((OM_uint32)bytes);
671 socket_write(data, sockindex, &htonl_bytes, sizeof(htonl_bytes));
672 socket_write(data, sockindex, buffer, curlx_sitouz(bytes));
673 }
674 free(buffer);
675 }
676
sec_write(struct Curl_easy * data,struct connectdata * conn,int sockindex,const char * buffer,size_t length)677 static ssize_t sec_write(struct Curl_easy *data, struct connectdata *conn,
678 int sockindex, const char *buffer, size_t length)
679 {
680 ssize_t tx = 0, len = conn->buffer_size;
681
682 if(len <= 0)
683 len = length;
684 while(length) {
685 if(length < (size_t)len)
686 len = length;
687
688 do_sec_send(data, conn, sockindex, buffer, curlx_sztosi(len));
689 length -= len;
690 buffer += len;
691 tx += len;
692 }
693 return tx;
694 }
695
696 /* Matches Curl_send signature */
sec_send(struct Curl_easy * data,int sockindex,const void * buffer,size_t len,bool eos,CURLcode * err)697 static ssize_t sec_send(struct Curl_easy *data, int sockindex,
698 const void *buffer, size_t len, bool eos,
699 CURLcode *err)
700 {
701 struct connectdata *conn = data->conn;
702 (void)eos; /* unused */
703 *err = CURLE_OK;
704 return sec_write(data, conn, sockindex, buffer, len);
705 }
706
Curl_sec_read_msg(struct Curl_easy * data,struct connectdata * conn,char * buffer,enum protection_level level)707 int Curl_sec_read_msg(struct Curl_easy *data, struct connectdata *conn,
708 char *buffer, enum protection_level level)
709 {
710 /* decoded_len should be size_t or ssize_t but conn->mech->decode returns an
711 int */
712 int decoded_len;
713 char *buf;
714 int ret_code = 0;
715 size_t decoded_sz = 0;
716 CURLcode error;
717
718 (void) data;
719
720 if(!conn->mech)
721 /* not initialized, return error */
722 return -1;
723
724 DEBUGASSERT(level > PROT_NONE && level < PROT_LAST);
725
726 error = Curl_base64_decode(buffer + 4, (unsigned char **)&buf, &decoded_sz);
727 if(error || decoded_sz == 0)
728 return -1;
729
730 if(decoded_sz > (size_t)INT_MAX) {
731 free(buf);
732 return -1;
733 }
734 decoded_len = curlx_uztosi(decoded_sz);
735
736 decoded_len = conn->mech->decode(conn->app_data, buf, decoded_len,
737 (int)level, conn);
738 if(decoded_len <= 0) {
739 free(buf);
740 return -1;
741 }
742
743 {
744 buf[decoded_len] = '\n';
745 Curl_debug(data, CURLINFO_HEADER_IN, buf, decoded_len + 1);
746 }
747
748 buf[decoded_len] = '\0';
749 if(decoded_len <= 3)
750 /* suspiciously short */
751 return 0;
752
753 if(buf[3] != '-')
754 ret_code = atoi(buf);
755
756 if(buf[decoded_len - 1] == '\n')
757 buf[decoded_len - 1] = '\0';
758 strcpy(buffer, buf);
759 free(buf);
760 return ret_code;
761 }
762
sec_set_protection_level(struct Curl_easy * data)763 static int sec_set_protection_level(struct Curl_easy *data)
764 {
765 int code;
766 struct connectdata *conn = data->conn;
767 unsigned char level = conn->request_data_prot;
768
769 DEBUGASSERT(level > PROT_NONE && level < PROT_LAST);
770
771 if(!conn->sec_complete) {
772 infof(data, "Trying to change the protection level after the"
773 " completion of the data exchange.");
774 return -1;
775 }
776
777 /* Bail out if we try to set up the same level */
778 if(conn->data_prot == level)
779 return 0;
780
781 if(level) {
782 char *pbsz;
783 unsigned int buffer_size = 1 << 20; /* 1048576 */
784 struct pingpong *pp = &conn->proto.ftpc.pp;
785 char *line;
786
787 code = ftp_send_command(data, "PBSZ %u", buffer_size);
788 if(code < 0)
789 return -1;
790
791 if(code/100 != 2) {
792 failf(data, "Failed to set the protection's buffer size.");
793 return -1;
794 }
795 conn->buffer_size = buffer_size;
796
797 line = Curl_dyn_ptr(&pp->recvbuf);
798 pbsz = strstr(line, "PBSZ=");
799 if(pbsz) {
800 /* stick to default value if the check fails */
801 if(ISDIGIT(pbsz[5]))
802 buffer_size = (unsigned int)atoi(&pbsz[5]);
803 if(buffer_size < conn->buffer_size)
804 conn->buffer_size = buffer_size;
805 }
806 }
807
808 /* Now try to negotiate the protection level. */
809 code = ftp_send_command(data, "PROT %c", level_to_char(level));
810
811 if(code < 0)
812 return -1;
813
814 if(code/100 != 2) {
815 failf(data, "Failed to set the protection level.");
816 return -1;
817 }
818
819 conn->data_prot = level;
820 if(level == PROT_PRIVATE)
821 conn->command_prot = level;
822
823 return 0;
824 }
825
826 int
Curl_sec_request_prot(struct connectdata * conn,const char * level)827 Curl_sec_request_prot(struct connectdata *conn, const char *level)
828 {
829 unsigned char l = name_to_level(level);
830 if(l == PROT_NONE)
831 return -1;
832 DEBUGASSERT(l > PROT_NONE && l < PROT_LAST);
833 conn->request_data_prot = l;
834 return 0;
835 }
836
choose_mech(struct Curl_easy * data,struct connectdata * conn)837 static CURLcode choose_mech(struct Curl_easy *data, struct connectdata *conn)
838 {
839 int ret;
840 void *tmp_allocation;
841 const struct Curl_sec_client_mech *mech = &Curl_krb5_client_mech;
842
843 tmp_allocation = realloc(conn->app_data, mech->size);
844 if(!tmp_allocation) {
845 failf(data, "Failed realloc of size %zu", mech->size);
846 mech = NULL;
847 return CURLE_OUT_OF_MEMORY;
848 }
849 conn->app_data = tmp_allocation;
850
851 if(mech->init) {
852 ret = mech->init(conn->app_data);
853 if(ret) {
854 infof(data, "Failed initialization for %s. Skipping it.",
855 mech->name);
856 return CURLE_FAILED_INIT;
857 }
858 Curl_dyn_init(&conn->in_buffer.buf, CURL_MAX_INPUT_LENGTH);
859 }
860
861 infof(data, "Trying mechanism %s...", mech->name);
862 ret = ftp_send_command(data, "AUTH %s", mech->name);
863 if(ret < 0)
864 return CURLE_COULDNT_CONNECT;
865
866 if(ret/100 != 3) {
867 switch(ret) {
868 case 504:
869 infof(data, "Mechanism %s is not supported by the server (server "
870 "returned ftp code: 504).", mech->name);
871 break;
872 case 534:
873 infof(data, "Mechanism %s was rejected by the server (server returned "
874 "ftp code: 534).", mech->name);
875 break;
876 default:
877 if(ret/100 == 5) {
878 infof(data, "server does not support the security extensions");
879 return CURLE_USE_SSL_FAILED;
880 }
881 break;
882 }
883 return CURLE_LOGIN_DENIED;
884 }
885
886 /* Authenticate */
887 ret = mech->auth(conn->app_data, data, conn);
888
889 if(ret != AUTH_CONTINUE) {
890 if(ret != AUTH_OK) {
891 /* Mechanism has dumped the error to stderr, do not error here. */
892 return CURLE_USE_SSL_FAILED;
893 }
894 DEBUGASSERT(ret == AUTH_OK);
895
896 conn->mech = mech;
897 conn->sec_complete = 1;
898 conn->recv[FIRSTSOCKET] = sec_recv;
899 conn->send[FIRSTSOCKET] = sec_send;
900 conn->recv[SECONDARYSOCKET] = sec_recv;
901 conn->send[SECONDARYSOCKET] = sec_send;
902 conn->command_prot = PROT_SAFE;
903 /* Set the requested protection level */
904 /* BLOCKING */
905 (void)sec_set_protection_level(data);
906 }
907
908 return CURLE_OK;
909 }
910
911 CURLcode
Curl_sec_login(struct Curl_easy * data,struct connectdata * conn)912 Curl_sec_login(struct Curl_easy *data, struct connectdata *conn)
913 {
914 return choose_mech(data, conn);
915 }
916
917
918 void
Curl_sec_end(struct connectdata * conn)919 Curl_sec_end(struct connectdata *conn)
920 {
921 if(conn->mech && conn->mech->end)
922 conn->mech->end(conn->app_data);
923 Curl_safefree(conn->app_data);
924 Curl_dyn_free(&conn->in_buffer.buf);
925 conn->in_buffer.index = 0;
926 conn->in_buffer.eof_flag = 0;
927 conn->sec_complete = 0;
928 conn->data_prot = PROT_CLEAR;
929 conn->mech = NULL;
930 }
931
932 #if defined(__GNUC__) && defined(__APPLE__)
933 #pragma GCC diagnostic pop
934 #endif
935
936 #endif /* HAVE_GSSAPI && !CURL_DISABLE_FTP */
937