search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Resync
[CMakeLuaTailorHgBridge.git] / CMakeLua / Utilities / cmcurl-7.19.0 / lib / security.c
blobbec751045e275ee4f5e839aff2f4406b26f8374d
1 /* This source code was modified by Martin Hedenfalk <mhe@stacken.kth.se> for
2 * use in Curl. His latest changes were done 2000-09-18.
3 *
4 * It has since been patched and modified a lot by Daniel Stenberg
5 * <daniel@haxx.se> to make it better applied to curl conditions, and to make
6 * it not use globals, pollute name space and more. This source code awaits a
7 * rewrite to work around the paragraph 2 in the BSD licenses as explained
8 * below.
9 *
10 * Copyright (c) 1998, 1999 Kungliga Tekniska Högskolan
11 * (Royal Institute of Technology, Stockholm, Sweden).
12 *
13 * Copyright (C) 2001 - 2008, Daniel Stenberg, <daniel@haxx.se>, et al.
14 *
15 * All rights reserved.
16 *
17 * Redistribution and use in source and binary forms, with or without
18 * modification, are permitted provided that the following conditions
19 * are met:
20 *
21 * 1. Redistributions of source code must retain the above copyright
22 * notice, this list of conditions and the following disclaimer.
23 *
24 * 2. Redistributions in binary form must reproduce the above copyright
25 * notice, this list of conditions and the following disclaimer in the
26 * documentation and/or other materials provided with the distribution.
27 *
28 * 3. Neither the name of the Institute nor the names of its contributors
29 * may be used to endorse or promote products derived from this software
30 * without specific prior written permission.
31 *
32 * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
33 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
34 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
35 * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
36 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
37 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
38 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
39 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
40 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
41 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
42 * SUCH DAMAGE. */
43
44 #include "setup.h"
45
46 #ifndef CURL_DISABLE_FTP
47 #if defined(HAVE_KRB4) || defined(HAVE_GSSAPI)
48
49 #define _MPRINTF_REPLACE /* we want curl-functions instead of native ones */
50 #include <curl/mprintf.h>
51
52 #include <stdlib.h>
53 #include <string.h>
54
55 #ifdef HAVE_NETDB_H
56 #include <netdb.h>
57 #endif
58
59 #ifdef HAVE_UNISTD_H
60 #include <unistd.h>
61 #endif
62
63 #include "urldata.h"
64 #include "krb4.h"
65 #include "curl_base64.h"
66 #include "sendf.h"
67 #include "ftp.h"
68 #include "memory.h"
69
70 /* The last #include file should be: */
71 #include "memdebug.h"
72
73 static const struct {
74 enum protection_level level;
75 const char *name;
76 } level_names[] = {
77 { prot_clear, "clear" },
78 { prot_safe, "safe" },
79 { prot_confidential, "confidential" },
80 { prot_private, "private" }
81 };
82
83 static enum protection_level
84 name_to_level(const char *name)
85 {
86 int i;
87 for(i = 0; i < (int)sizeof(level_names)/(int)sizeof(level_names[0]); i++)
88 if(curl_strnequal(level_names[i].name, name, strlen(name)))
89 return level_names[i].level;
90 return (enum protection_level)-1;
91 }
92
93 static const struct Curl_sec_client_mech * const mechs[] = {
94 #ifdef HAVE_GSSAPI
95 &Curl_krb5_client_mech,
96 #endif
97 #ifdef HAVE_KRB4
98 &Curl_krb4_client_mech,
99 #endif
100 NULL
101 };
102
103 int
104 Curl_sec_getc(struct connectdata *conn, FILE *F)
105 {
106 if(conn->sec_complete && conn->data_prot) {
107 char c;
108 if(Curl_sec_read(conn, fileno(F), &c, 1) <= 0)
109 return EOF;
110 return c;
111 }
112 else
113 return getc(F);
114 }
115
116 static int
117 block_read(int fd, void *buf, size_t len)
118 {
119 unsigned char *p = buf;
120 int b;
121 while(len) {
122 b = read(fd, p, len);
123 if(b == 0)
124 return 0;
125 else if(b < 0 && (errno == EINTR || errno == EAGAIN))
126 continue;
127 else if(b < 0)
128 return -1;
129 len -= b;
130 p += b;
131 }
132 return p - (unsigned char*)buf;
133 }
134
135 static int
136 block_write(int fd, const void *buf, size_t len)
137 {
138 const unsigned char *p = buf;
139 int b;
140 while(len) {
141 b = write(fd, p, len);
142 if(b < 0 && (errno == EINTR || errno == EAGAIN))
143 continue;
144 else if(b < 0)
145 return -1;
146 len -= b;
147 p += b;
148 }
149 return p - (unsigned char*)buf;
150 }
151
152 static int
153 sec_get_data(struct connectdata *conn,
154 int fd, struct krb4buffer *buf)
155 {
156 int len;
157 int b;
158
159 b = block_read(fd, &len, sizeof(len));
160 if(b == 0)
161 return 0;
162 else if(b < 0)
163 return -1;
164 len = ntohl(len);
165 buf->data = realloc(buf->data, len);
166 b = buf->data ? block_read(fd, buf->data, len) : -1;
167 if(b == 0)
168 return 0;
169 else if(b < 0)
170 return -1;
171 buf->size = (conn->mech->decode)(conn->app_data, buf->data, len,
172 conn->data_prot, conn);
173 buf->index = 0;
174 return 0;
175 }
176
177 static size_t
178 buffer_read(struct krb4buffer *buf, void *data, size_t len)
179 {
180 if(buf->size - buf->index < len)
181 len = buf->size - buf->index;
182 memcpy(data, (char*)buf->data + buf->index, len);
183 buf->index += len;
184 return len;
185 }
186
187 static size_t
188 buffer_write(struct krb4buffer *buf, void *data, size_t len)
189 {
190 if(buf->index + len > buf->size) {
191 void *tmp;
192 if(buf->data == NULL)
193 tmp = malloc(1024);
194 else
195 tmp = realloc(buf->data, buf->index + len);
196 if(tmp == NULL)
197 return -1;
198 buf->data = tmp;
199 buf->size = buf->index + len;
200 }
201 memcpy((char*)buf->data + buf->index, data, len);
202 buf->index += len;
203 return len;
204 }
205
206 int
207 Curl_sec_read(struct connectdata *conn, int fd, void *buffer, int length)
208 {
209 size_t len;
210 int rx = 0;
211
212 if(conn->sec_complete == 0 || conn->data_prot == 0)
213 return read(fd, buffer, length);
214
215 if(conn->in_buffer.eof_flag){
216 conn->in_buffer.eof_flag = 0;
217 return 0;
218 }
219
220 len = buffer_read(&conn->in_buffer, buffer, length);
221 length -= len;
222 rx += len;
223 buffer = (char*)buffer + len;
224
225 while(length) {
226 if(sec_get_data(conn, fd, &conn->in_buffer) < 0)
227 return -1;
228 if(conn->in_buffer.size == 0) {
229 if(rx)
230 conn->in_buffer.eof_flag = 1;
231 return rx;
232 }
233 len = buffer_read(&conn->in_buffer, buffer, length);
234 length -= len;
235 rx += len;
236 buffer = (char*)buffer + len;
237 }
238 return rx;
239 }
240
241 static int
242 sec_send(struct connectdata *conn, int fd, const char *from, int length)
243 {
244 int bytes;
245 void *buf;
246 enum protection_level protlevel = conn->data_prot;
247 int iscmd = protlevel == prot_cmd;
248
249 if(iscmd) {
250 if(!strncmp(from, "PASS ", 5) || !strncmp(from, "ACCT ", 5))
251 protlevel = prot_private;
252 else
253 protlevel = conn->command_prot;
254 }
255 bytes = (conn->mech->encode)(conn->app_data, from, length, protlevel,
256 &buf, conn);
257 if(iscmd) {
258 char *cmdbuf;
259
260 bytes = Curl_base64_encode(conn->data, (char *)buf, bytes, &cmdbuf);
261 if(bytes > 0) {
262 if(protlevel == prot_private)
263 block_write(fd, "ENC ", 4);
264 else
265 block_write(fd, "MIC ", 4);
266 block_write(fd, cmdbuf, bytes);
267 block_write(fd, "\r\n", 2);
268 Curl_infof(conn->data, "%s %s\n",
269 protlevel == prot_private ? "ENC" : "MIC", cmdbuf);
270 free(cmdbuf);
271 }
272 }
273 else {
274 bytes = htonl(bytes);
275 block_write(fd, &bytes, sizeof(bytes));
276 block_write(fd, buf, ntohl(bytes));
277 }
278 free(buf);
279 return length;
280 }
281
282 int
283 Curl_sec_fflush_fd(struct connectdata *conn, int fd)
284 {
285 if(conn->data_prot != prot_clear) {
286 if(conn->out_buffer.index > 0){
287 Curl_sec_write(conn, fd,
288 conn->out_buffer.data, conn->out_buffer.index);
289 conn->out_buffer.index = 0;
290 }
291 sec_send(conn, fd, NULL, 0);
292 }
293 return 0;
294 }
295
296 int
297 Curl_sec_write(struct connectdata *conn, int fd, const char *buffer, int length)
298 {
299 int len = conn->buffer_size;
300 int tx = 0;
301
302 if(conn->data_prot == prot_clear)
303 return write(fd, buffer, length);
304
305 len -= (conn->mech->overhead)(conn->app_data, conn->data_prot, len);
306 if(len <= 0)
307 len = length;
308 while(length){
309 if(length < len)
310 len = length;
311 sec_send(conn, fd, buffer, len);
312 length -= len;
313 buffer += len;
314 tx += len;
315 }
316 return tx;
317 }
318
319 ssize_t
320 Curl_sec_send(struct connectdata *conn, int num, const char *buffer, int length)
321 {
322 curl_socket_t fd = conn->sock[num];
323 return (ssize_t)Curl_sec_write(conn, fd, buffer, length);
324 }
325
326 int
327 Curl_sec_putc(struct connectdata *conn, int c, FILE *F)
328 {
329 char ch = c;
330 if(conn->data_prot == prot_clear)
331 return putc(c, F);
332
333 buffer_write(&conn->out_buffer, &ch, 1);
334 if(c == '\n' || conn->out_buffer.index >= 1024 /* XXX */) {
335 Curl_sec_write(conn, fileno(F), conn->out_buffer.data,
336 conn->out_buffer.index);
337 conn->out_buffer.index = 0;
338 }
339 return c;
340 }
341
342 int
343 Curl_sec_read_msg(struct connectdata *conn, char *s, int level)
344 {
345 int len;
346 unsigned char *buf;
347 int code;
348
349 len = Curl_base64_decode(s + 4, &buf); /* XXX */
350 if(len > 0)
351 len = (conn->mech->decode)(conn->app_data, buf, len, level, conn);
352 else
353 return -1;
354
355 if(len < 0) {
356 free(buf);
357 return -1;
358 }
359
360 if(conn->data->set.verbose) {
361 buf[len] = '\n';
362 Curl_debug(conn->data, CURLINFO_HEADER_IN, (char *)buf, len + 1, conn);
363 }
364
365 buf[len] = '\0';
366
367 if(buf[3] == '-')
368 code = 0;
369 else
370 sscanf((char *)buf, "%d", &code);
371 if(buf[len-1] == '\n')
372 buf[len-1] = '\0';
373 strcpy(s, (char *)buf);
374 free(buf);
375 return code;
376 }
377
378 enum protection_level
379 Curl_set_command_prot(struct connectdata *conn, enum protection_level level)
380 {
381 enum protection_level old = conn->command_prot;
382 conn->command_prot = level;
383 return old;
384 }
385
386 static int
387 sec_prot_internal(struct connectdata *conn, int level)
388 {
389 char *p;
390 unsigned int s = 1048576;
391 ssize_t nread;
392
393 if(!conn->sec_complete){
394 infof(conn->data, "No security data exchange has taken place.\n");
395 return -1;
396 }
397
398 if(level){
399 int code;
400 if(Curl_ftpsendf(conn, "PBSZ %u", s))
401 return -1;
402
403 if(Curl_GetFTPResponse(&nread, conn, &code))
404 return -1;
405
406 if(code/100 != 2){
407 failf(conn->data, "Failed to set protection buffer size.");
408 return -1;
409 }
410 conn->buffer_size = s;
411
412 p = strstr(conn->data->state.buffer, "PBSZ=");
413 if(p)
414 sscanf(p, "PBSZ=%u", &s);
415 if(s < conn->buffer_size)
416 conn->buffer_size = s;
417 }
418
419 if(Curl_ftpsendf(conn, "PROT %c", level["CSEP"]))
420 return -1;
421
422 if(Curl_GetFTPResponse(&nread, conn, NULL))
423 return -1;
424
425 if(conn->data->state.buffer[0] != '2'){
426 failf(conn->data, "Failed to set protection level.");
427 return -1;
428 }
429
430 conn->data_prot = (enum protection_level)level;
431 if(level == prot_private)
432 conn->command_prot = (enum protection_level)level;
433 return 0;
434 }
435
436 void
437 Curl_sec_set_protection_level(struct connectdata *conn)
438 {
439 if(conn->sec_complete && conn->data_prot != conn->request_data_prot)
440 sec_prot_internal(conn, conn->request_data_prot);
441 }
442
443
444 int
445 Curl_sec_request_prot(struct connectdata *conn, const char *level)
446 {
447 int l = name_to_level(level);
448 if(l == -1)
449 return -1;
450 conn->request_data_prot = (enum protection_level)l;
451 return 0;
452 }
453
454 int
455 Curl_sec_login(struct connectdata *conn)
456 {
457 int ret;
458 const struct Curl_sec_client_mech * const *m;
459 ssize_t nread;
460 struct SessionHandle *data=conn->data;
461 int ftpcode;
462
463 for(m = mechs; *m && (*m)->name; m++) {
464 void *tmp;
465
466 tmp = realloc(conn->app_data, (*m)->size);
467 if(tmp == NULL) {
468 failf (data, "realloc %u failed", (*m)->size);
469 return -1;
470 }
471 conn->app_data = tmp;
472
473 if((*m)->init && (*(*m)->init)(conn->app_data) != 0) {
474 infof(data, "Skipping %s...\n", (*m)->name);
475 continue;
476 }
477 infof(data, "Trying %s...\n", (*m)->name);
478
479 if(Curl_ftpsendf(conn, "AUTH %s", (*m)->name))
480 return -1;
481
482 if(Curl_GetFTPResponse(&nread, conn, &ftpcode))
483 return -1;
484
485 if(conn->data->state.buffer[0] != '3'){
486 switch(ftpcode) {
487 case 504:
488 infof(data,
489 "%s is not supported by the server.\n", (*m)->name);
490 break;
491 case 534:
492 infof(data, "%s rejected as security mechanism.\n", (*m)->name);
493 break;
494 default:
495 if(conn->data->state.buffer[0] == '5') {
496 infof(data, "The server doesn't support the FTP "
497 "security extensions.\n");
498 return -1;
499 }
500 break;
501 }
502 continue;
503 }
504
505 ret = (*(*m)->auth)(conn->app_data, conn);
506
507 if(ret == AUTH_CONTINUE)
508 continue;
509 else if(ret != AUTH_OK){
510 /* mechanism is supposed to output error string */
511 return -1;
512 }
513 conn->mech = *m;
514 conn->sec_complete = 1;
515 conn->command_prot = prot_safe;
516 /* Set the requested protection level */
517 /* BLOCKING */
518 Curl_sec_set_protection_level(conn);
519 break;
520 }
521
522 return *m == NULL;
523 }
524
525 void
526 Curl_sec_end(struct connectdata *conn)
527 {
528 if(conn->mech != NULL) {
529 if(conn->mech->end)
530 (conn->mech->end)(conn->app_data);
531 memset(conn->app_data, 0, conn->mech->size);
532 free(conn->app_data);
533 conn->app_data = NULL;
534 }
535 conn->sec_complete = 0;
536 conn->data_prot = (enum protection_level)0;
537 conn->mech=NULL;
538 }
539
540 #endif /* HAVE_KRB4 */
541 #endif /* CURL_DISABLE_FTP */
Intermediate bridge repo between official CMake (CVS) and CMakeLua (Mercurial)