1 /***************************************************************************
2 * _ _ ____ _
3 * Project ___| | | | _ \| |
4 * / __| | | | |_) | |
5 * | (__| |_| | _ <| |___
6 * \___|\___/|_| \_\_____|
7 *
8 * Copyright (C) 2011 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al.
9 *
10 * This software is licensed as described in the file COPYING, which
11 * you should have received as part of this distribution. The terms
12 * are also available at http://curl.haxx.se/docs/copyright.html.
13 *
14 * You may opt to use, copy, modify, merge, publish, distribute and/or sell
15 * copies of the Software, and permit persons to whom the Software is
16 * furnished to do so, under the terms of the COPYING file.
17 *
18 * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
19 * KIND, either express or implied.
20 *
21 ***************************************************************************/
22
23 #include "curl_setup.h"
24
25 #ifdef HAVE_GSSAPI
26
27 #include "curl_gssapi.h"
28 #include "sendf.h"
29
30 static const char spnego_oid_bytes[] = "\x2b\x06\x01\x05\x05\x02";
31 gss_OID_desc Curl_spnego_mech_oid = { 6, &spnego_oid_bytes };
32 static const char krb5_oid_bytes[] = "\x2a\x86\x48\x86\xf7\x12\x01\x02\x02";
33 gss_OID_desc Curl_krb5_mech_oid = { 9, &krb5_oid_bytes };
34
Curl_gss_init_sec_context(struct SessionHandle * data,OM_uint32 * minor_status,gss_ctx_id_t * context,gss_name_t target_name,gss_OID mech_type,gss_channel_bindings_t input_chan_bindings,gss_buffer_t input_token,gss_buffer_t output_token,const bool mutual_auth,OM_uint32 * ret_flags)35 OM_uint32 Curl_gss_init_sec_context(
36 struct SessionHandle *data,
37 OM_uint32 *minor_status,
38 gss_ctx_id_t *context,
39 gss_name_t target_name,
40 gss_OID mech_type,
41 gss_channel_bindings_t input_chan_bindings,
42 gss_buffer_t input_token,
43 gss_buffer_t output_token,
44 const bool mutual_auth,
45 OM_uint32 *ret_flags)
46 {
47 OM_uint32 req_flags = GSS_C_REPLAY_FLAG;
48
49 if(mutual_auth)
50 req_flags |= GSS_C_MUTUAL_FLAG;
51
52 if(data->set.gssapi_delegation & CURLGSSAPI_DELEGATION_POLICY_FLAG) {
53 #ifdef GSS_C_DELEG_POLICY_FLAG
54 req_flags |= GSS_C_DELEG_POLICY_FLAG;
55 #else
56 infof(data, "warning: support for CURLGSSAPI_DELEGATION_POLICY_FLAG not "
57 "compiled in\n");
58 #endif
59 }
60
61 if(data->set.gssapi_delegation & CURLGSSAPI_DELEGATION_FLAG)
62 req_flags |= GSS_C_DELEG_FLAG;
63
64 return gss_init_sec_context(minor_status,
65 GSS_C_NO_CREDENTIAL, /* cred_handle */
66 context,
67 target_name,
68 mech_type,
69 req_flags,
70 0, /* time_req */
71 input_chan_bindings,
72 input_token,
73 NULL, /* actual_mech_type */
74 output_token,
75 ret_flags,
76 NULL /* time_rec */);
77 }
78
79 /*
80 * Curl_gss_log_error()
81 *
82 * This is used to log a GSS-API error status.
83 *
84 * Parameters:
85 *
86 * data [in] - The session handle.
87 * status [in] - The status code.
88 * prefix [in] - The prefix of the log message.
89 */
Curl_gss_log_error(struct SessionHandle * data,OM_uint32 status,const char * prefix)90 void Curl_gss_log_error(struct SessionHandle *data, OM_uint32 status,
91 const char *prefix)
92 {
93 OM_uint32 maj_stat;
94 OM_uint32 min_stat;
95 OM_uint32 msg_ctx = 0;
96 gss_buffer_desc status_string;
97 char buf[1024];
98 size_t len;
99
100 snprintf(buf, sizeof(buf), "%s", prefix);
101 len = strlen(buf);
102 do {
103 maj_stat = gss_display_status(&min_stat,
104 status,
105 GSS_C_MECH_CODE,
106 GSS_C_NO_OID,
107 &msg_ctx,
108 &status_string);
109 if(sizeof(buf) > len + status_string.length + 1) {
110 snprintf(buf + len, sizeof(buf) - len,
111 ": %s", (char*)status_string.value);
112 len += status_string.length;
113 }
114 gss_release_buffer(&min_stat, &status_string);
115 } while(!GSS_ERROR(maj_stat) && msg_ctx != 0);
116
117 infof(data, "%s\n", buf);
118 }
119
120 #endif /* HAVE_GSSAPI */
121