summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorIsaac Boukris <iboukris@gmail.com>2016-03-29 17:13:46 +0300
committerDaniel Stenberg <daniel@haxx.se>2016-03-29 16:51:29 +0200
commitd5fc6e14b0b4f240b3b225487637c265471a9fc7 (patch)
tree5d9f0520a606381977e3fd203c2212eb293587e9
parentd532645afdcdc06b504cf462b2bd1b78fa95948f (diff)
downloadcurl-d5fc6e14b0b4f240b3b225487637c265471a9fc7.tar.gz
GSS: make Curl_gss_log_error more verbose
Also display the GSS_C_GSS_CODE (major code) when specified instead of only GSS_C_MECH_CODE (minor code). In addition, the old code was printing a colon twice after the prefix and also miscalculated the length of the buffer in between calls to gss_display_status (the length of ": " was missing). Also, gss_buffer is not guaranteed to be NULL terminated and thus need to restrict reading by its length. Closes #738
-rw-r--r--lib/curl_gssapi.c61
-rw-r--r--lib/curl_gssapi.h4
-rw-r--r--lib/vauth/krb5_gssapi.c20
-rw-r--r--lib/vauth/spnego_gssapi.c7
4 files changed, 54 insertions, 38 deletions
diff --git a/lib/curl_gssapi.c b/lib/curl_gssapi.c
index 75af67036..6f9121e4e 100644
--- a/lib/curl_gssapi.c
+++ b/lib/curl_gssapi.c
@@ -5,7 +5,7 @@
* | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____|
*
- * Copyright (C) 2011 - 2015, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 2011 - 2016, Daniel Stenberg, <daniel@haxx.se>, et al.
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
@@ -76,45 +76,56 @@ OM_uint32 Curl_gss_init_sec_context(
NULL /* time_rec */);
}
-/*
- * Curl_gss_log_error()
- *
- * This is used to log a GSS-API error status.
- *
- * Parameters:
- *
- * data [in] - The session handle.
- * status [in] - The status code.
- * prefix [in] - The prefix of the log message.
- */
-void Curl_gss_log_error(struct SessionHandle *data, OM_uint32 status,
- const char *prefix)
-{
+#define GSS_LOG_BUFFER_LEN 1024
+static size_t display_gss_error(OM_uint32 status, int type,
+ char *buf, size_t len) {
OM_uint32 maj_stat;
OM_uint32 min_stat;
OM_uint32 msg_ctx = 0;
gss_buffer_desc status_string;
- char buf[1024];
- size_t len;
- snprintf(buf, sizeof(buf), "%s", prefix);
- len = strlen(buf);
do {
maj_stat = gss_display_status(&min_stat,
status,
- GSS_C_MECH_CODE,
+ type,
GSS_C_NO_OID,
&msg_ctx,
&status_string);
- if(sizeof(buf) > len + status_string.length + 1) {
- snprintf(buf + len, sizeof(buf) - len,
- ": %s", (char*)status_string.value);
- len += status_string.length;
+ if(GSS_LOG_BUFFER_LEN > len + status_string.length + 3) {
+ len += snprintf(buf + len, GSS_LOG_BUFFER_LEN - len,
+ "%.*s. ", (int)status_string.length,
+ (char*)status_string.value);
}
gss_release_buffer(&min_stat, &status_string);
} while(!GSS_ERROR(maj_stat) && msg_ctx != 0);
- infof(data, "%s\n", buf);
+ return len;
+}
+
+/*
+ * Curl_gss_log_error()
+ *
+ * This is used to log a GSS-API error status.
+ *
+ * Parameters:
+ *
+ * data [in] - The session handle.
+ * prefix [in] - The prefix of the log message.
+ * major [in] - The major status code.
+ * minor [in] - The minor status code.
+ */
+void Curl_gss_log_error(struct SessionHandle *data, const char *prefix,
+ OM_uint32 major, OM_uint32 minor)
+{
+ char buf[GSS_LOG_BUFFER_LEN];
+ size_t len = 0;
+
+ if(major != GSS_S_FAILURE)
+ len = display_gss_error(major, GSS_C_GSS_CODE, buf, len);
+
+ display_gss_error(minor, GSS_C_MECH_CODE, buf, len);
+
+ infof(data, "%s%s\n", prefix, buf);
}
#endif /* HAVE_GSSAPI */
diff --git a/lib/curl_gssapi.h b/lib/curl_gssapi.h
index c1642a8b6..42fd1e41d 100644
--- a/lib/curl_gssapi.h
+++ b/lib/curl_gssapi.h
@@ -56,8 +56,8 @@ OM_uint32 Curl_gss_init_sec_context(
OM_uint32 *ret_flags);
/* Helper to log a GSS-API error status */
-void Curl_gss_log_error(struct SessionHandle *data, OM_uint32 status,
- const char *prefix);
+void Curl_gss_log_error(struct SessionHandle *data, const char *prefix,
+ OM_uint32 major, OM_uint32 minor);
/* Provide some definitions missing in old headers */
#ifdef HAVE_OLD_GSSMIT
diff --git a/lib/vauth/krb5_gssapi.c b/lib/vauth/krb5_gssapi.c
index 20274a02d..87accd13e 100644
--- a/lib/vauth/krb5_gssapi.c
+++ b/lib/vauth/krb5_gssapi.c
@@ -101,7 +101,8 @@ CURLcode Curl_auth_create_gssapi_user_message(struct SessionHandle *data,
gss_major_status = gss_import_name(&gss_minor_status, &spn_token,
GSS_C_NT_HOSTBASED_SERVICE, &krb5->spn);
if(GSS_ERROR(gss_major_status)) {
- Curl_gss_log_error(data, gss_minor_status, "gss_import_name() failed: ");
+ Curl_gss_log_error(data, "gss_import_name() failed: ",
+ gss_major_status, gss_minor_status);
free(spn);
@@ -147,8 +148,8 @@ CURLcode Curl_auth_create_gssapi_user_message(struct SessionHandle *data,
if(output_token.value)
gss_release_buffer(&gss_status, &output_token);
- Curl_gss_log_error(data, gss_minor_status,
- "gss_init_sec_context() failed: ");
+ Curl_gss_log_error(data, "gss_init_sec_context() failed: ",
+ gss_major_status, gss_minor_status);
return CURLE_RECV_ERROR;
}
@@ -224,8 +225,8 @@ CURLcode Curl_auth_create_gssapi_security_message(struct SessionHandle *data,
&username, NULL, NULL, NULL, NULL,
NULL, NULL);
if(GSS_ERROR(gss_major_status)) {
- Curl_gss_log_error(data, gss_minor_status,
- "gss_inquire_context() failed: ");
+ Curl_gss_log_error(data, "gss_inquire_context() failed: ",
+ gss_major_status, gss_minor_status);
free(chlg);
@@ -236,7 +237,8 @@ CURLcode Curl_auth_create_gssapi_security_message(struct SessionHandle *data,
gss_major_status = gss_display_name(&gss_minor_status, username,
&username_token, NULL);
if(GSS_ERROR(gss_major_status)) {
- Curl_gss_log_error(data, gss_minor_status, "gss_display_name() failed: ");
+ Curl_gss_log_error(data, "gss_display_name() failed: ",
+ gss_major_status, gss_minor_status);
free(chlg);
@@ -251,7 +253,8 @@ CURLcode Curl_auth_create_gssapi_security_message(struct SessionHandle *data,
gss_major_status = gss_unwrap(&gss_minor_status, krb5->context, &input_token,
&output_token, NULL, &qop);
if(GSS_ERROR(gss_major_status)) {
- Curl_gss_log_error(data, gss_minor_status, "gss_unwrap() failed: ");
+ Curl_gss_log_error(data, "gss_unwrap() failed: ",
+ gss_major_status, gss_minor_status);
gss_release_buffer(&gss_status, &username_token);
free(chlg);
@@ -325,7 +328,8 @@ CURLcode Curl_auth_create_gssapi_security_message(struct SessionHandle *data,
GSS_C_QOP_DEFAULT, &input_token, NULL,
&output_token);
if(GSS_ERROR(gss_major_status)) {
- Curl_gss_log_error(data, gss_minor_status, "gss_wrap() failed: ");
+ Curl_gss_log_error(data, "gss_wrap() failed: ",
+ gss_major_status, gss_minor_status);
free(message);
diff --git a/lib/vauth/spnego_gssapi.c b/lib/vauth/spnego_gssapi.c
index 9aa96dfdb..2f50daaa5 100644
--- a/lib/vauth/spnego_gssapi.c
+++ b/lib/vauth/spnego_gssapi.c
@@ -102,7 +102,8 @@ CURLcode Curl_auth_decode_spnego_message(struct SessionHandle *data,
GSS_C_NT_HOSTBASED_SERVICE,
&nego->server_name);
if(GSS_ERROR(major_status)) {
- Curl_gss_log_error(data, minor_status, "gss_import_name() failed: ");
+ Curl_gss_log_error(data, "gss_import_name() failed: ",
+ major_status, minor_status);
free(spn);
@@ -150,8 +151,8 @@ CURLcode Curl_auth_decode_spnego_message(struct SessionHandle *data,
if(output_token.value)
gss_release_buffer(&unused_status, &output_token);
- Curl_gss_log_error(data, minor_status,
- "gss_init_sec_context() failed: ");
+ Curl_gss_log_error(data, "gss_init_sec_context() failed: ",
+ major_status, minor_status);
return CURLE_OUT_OF_MEMORY;
}