From def69c30879c0246bccb02d79e06b937e39d0ba4 Mon Sep 17 00:00:00 2001 From: Daniel Stenberg Date: Thu, 21 Sep 2000 08:46:14 +0000 Subject: new for kerberos support --- lib/security.c | 641 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 641 insertions(+) create mode 100644 lib/security.c (limited to 'lib/security.c') diff --git a/lib/security.c b/lib/security.c new file mode 100644 index 000000000..81ce35ed8 --- /dev/null +++ b/lib/security.c @@ -0,0 +1,641 @@ +/* modified by Martin Hedenfalk for use in Curl + * last modified 2000-09-18 + * Even more obscurified to merge better into libcurl by Daniel Stenberg. + */ + +/* + * Copyright (c) 1998, 1999 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "setup.h" + +#include + +#ifdef KRB4 + +#include "security.h" +#include +#include +#include +#include "base64_krb.h" + +#define min(a, b) ((a) < (b) ? (a) : (b)) + +static struct { + enum protection_level level; + const char *name; +} level_names[] = { + { prot_clear, "clear" }, + { prot_safe, "safe" }, + { prot_confidential, "confidential" }, + { prot_private, "private" } +}; + +static const char * +level_to_name(enum protection_level level) +{ + int i; + for(i = 0; i < sizeof(level_names) / sizeof(level_names[0]); i++) + if(level_names[i].level == level) + return level_names[i].name; + return "unknown"; +} + +#ifndef FTP_SERVER /* not used in server */ +static enum protection_level +name_to_level(const char *name) +{ + int i; + for(i = 0; i < sizeof(level_names) / sizeof(level_names[0]); i++) + if(!strncasecmp(level_names[i].name, name, strlen(name))) + return level_names[i].level; + return (enum protection_level)-1; +} +#endif + +#ifdef FTP_SERVER + +static struct sec_server_mech *mechs[] = { +#ifdef KRB5 + &gss_server_mech, +#endif +#ifdef KRB4 + &krb4_server_mech, +#endif + NULL +}; + +static struct sec_server_mech *mech; + +#else + +static struct sec_client_mech *mechs[] = { +#ifdef KRB5 + &gss_client_mech, +#endif +#ifdef KRB4 + &krb4_client_mech, +#endif + NULL +}; + +static struct sec_client_mech *mech; + +#endif + +int +sec_getc(struct connectdata *conn, FILE *F) +{ + if(conn->sec_complete && conn->data_prot) { + char c; + if(sec_read(conn, fileno(F), &c, 1) <= 0) + return EOF; + return c; + } else + return getc(F); +} + +static int +block_read(int fd, void *buf, size_t len) +{ + unsigned char *p = buf; + int b; + while(len) { + b = read(fd, p, len); + if (b == 0) + return 0; + else if (b < 0) + return -1; + len -= b; + p += b; + } + return p - (unsigned char*)buf; +} + +static int +block_write(int fd, void *buf, size_t len) +{ + unsigned char *p = buf; + int b; + while(len) { + b = write(fd, p, len); + if(b < 0) + return -1; + len -= b; + p += b; + } + return p - (unsigned char*)buf; +} + +static int +sec_get_data(struct connectdata *conn, + int fd, struct krb4buffer *buf, int level) +{ + int len; + int b; + + b = block_read(fd, &len, sizeof(len)); + if (b == 0) + return 0; + else if (b < 0) + return -1; + len = ntohl(len); + buf->data = realloc(buf->data, len); + b = block_read(fd, buf->data, len); + if (b == 0) + return 0; + else if (b < 0) + return -1; + buf->size = (*mech->decode)(conn->app_data, buf->data, len, + conn->data_prot, conn); + buf->index = 0; + return 0; +} + +static size_t +buffer_read(struct krb4buffer *buf, void *data, size_t len) +{ + len = min(len, buf->size - buf->index); + memcpy(data, (char*)buf->data + buf->index, len); + buf->index += len; + return len; +} + +static size_t +buffer_write(struct krb4buffer *buf, void *data, size_t len) +{ + if(buf->index + len > buf->size) { + void *tmp; + if(buf->data == NULL) + tmp = malloc(1024); + else + tmp = realloc(buf->data, buf->index + len); + if(tmp == NULL) + return -1; + buf->data = tmp; + buf->size = buf->index + len; + } + memcpy((char*)buf->data + buf->index, data, len); + buf->index += len; + return len; +} + +int +sec_read(struct connectdata *conn, int fd, void *buffer, int length) +{ + size_t len; + int rx = 0; + + if(conn->sec_complete == 0 || conn->data_prot == 0) + return read(fd, buffer, length); + + if(conn->in_buffer.eof_flag){ + conn->in_buffer.eof_flag = 0; + return 0; + } + + len = buffer_read(&conn->in_buffer, buffer, length); + length -= len; + rx += len; + buffer = (char*)buffer + len; + + while(length) { + if(sec_get_data(conn, fd, &conn->in_buffer, conn->data_prot) < 0) + return -1; + if(conn->in_buffer.size == 0) { + if(rx) + conn->in_buffer.eof_flag = 1; + return rx; + } + len = buffer_read(&conn->in_buffer, buffer, length); + length -= len; + rx += len; + buffer = (char*)buffer + len; + } + return rx; +} + +static int +sec_send(struct connectdata *conn, int fd, char *from, int length) +{ + int bytes; + void *buf; + bytes = (*mech->encode)(conn->app_data, from, length, conn->data_prot, &buf, conn); + bytes = htonl(bytes); + block_write(fd, &bytes, sizeof(bytes)); + block_write(fd, buf, ntohl(bytes)); + free(buf); + return length; +} + +int +sec_fflush(struct connectdata *conn, FILE *F) +{ + if(conn->data_prot != prot_clear) { + if(conn->out_buffer.index > 0){ + sec_write(conn, fileno(F), + conn->out_buffer.data, conn->out_buffer.index); + conn->out_buffer.index = 0; + } + sec_send(conn, fileno(F), NULL, 0); + } + fflush(F); + return 0; +} + +int +sec_write(struct connectdata *conn, int fd, char *buffer, int length) +{ + int len = conn->buffer_size; + int tx = 0; + + if(conn->data_prot == prot_clear) + return write(fd, buffer, length); + + len -= (*mech->overhead)(conn->app_data, conn->data_prot, len); + while(length){ + if(length < len) + len = length; + sec_send(conn, fd, buffer, len); + length -= len; + buffer += len; + tx += len; + } + return tx; +} + +int +sec_vfprintf2(struct connectdata *conn, FILE *f, const char *fmt, va_list ap) +{ + char *buf; + int ret; + if(conn->data_prot == prot_clear) + return vfprintf(f, fmt, ap); + else { + buf = maprintf(fmt, ap); + ret = buffer_write(&conn->out_buffer, buf, strlen(buf)); + free(buf); + return ret; + } +} + +int +sec_fprintf2(struct connectdata *conn, FILE *f, const char *fmt, ...) +{ + int ret; + va_list ap; + va_start(ap, fmt); + ret = sec_vfprintf2(conn, f, fmt, ap); + va_end(ap); + return ret; +} + +int +sec_putc(struct connectdata *conn, int c, FILE *F) +{ + char ch = c; + if(conn->data_prot == prot_clear) + return putc(c, F); + + buffer_write(&conn->out_buffer, &ch, 1); + if(c == '\n' || conn->out_buffer.index >= 1024 /* XXX */) { + sec_write(conn, fileno(F), conn->out_buffer.data, conn->out_buffer.index); + conn->out_buffer.index = 0; + } + return c; +} + +int +sec_read_msg(struct connectdata *conn, char *s, int level) +{ + int len; + char *buf; + int code; + + buf = malloc(strlen(s)); + len = base64_decode(s + 4, buf); /* XXX */ + + len = (*mech->decode)(conn->app_data, buf, len, level, conn); + if(len < 0) + return -1; + + buf[len] = '\0'; + + if(buf[3] == '-') + code = 0; + else + sscanf(buf, "%d", &code); + if(buf[len-1] == '\n') + buf[len-1] = '\0'; + strcpy(s, buf); + free(buf); + return code; +} + +/* modified to return how many bytes written, or -1 on error ***/ +int +sec_vfprintf(struct connectdata *conn, FILE *f, const char *fmt, va_list ap) +{ + int ret = 0; + char *buf; + void *enc; + int len; + if(!conn->sec_complete) + return vfprintf(f, fmt, ap); + + buf = maprintf(fmt, ap); + len = (*mech->encode)(conn->app_data, buf, strlen(buf), + conn->command_prot, &enc, + conn); + free(buf); + if(len < 0) { + failf(conn->data, "Failed to encode command.\n"); + return -1; + } + if(base64_encode(enc, len, &buf) < 0){ + failf(conn->data, "Out of memory base64-encoding.\n"); + return -1; + } +#ifdef FTP_SERVER + if(command_prot == prot_safe) + fprintf(f, "631 %s\r\n", buf); + else if(command_prot == prot_private) + fprintf(f, "632 %s\r\n", buf); + else if(command_prot == prot_confidential) + fprintf(f, "633 %s\r\n", buf); +#else + if(conn->command_prot == prot_safe) + ret = fprintf(f, "MIC %s", buf); + else if(conn->command_prot == prot_private) + ret = fprintf(f, "ENC %s", buf); + else if(conn->command_prot == prot_confidential) + ret = fprintf(f, "CONF %s", buf); +#endif + free(buf); + return ret; +} + +int +sec_fprintf(struct connectdata *conn, FILE *f, const char *fmt, ...) +{ + va_list ap; + int ret; + va_start(ap, fmt); + ret = sec_vfprintf(conn, f, fmt, ap); + va_end(ap); + return ret; +} + +/* end common stuff */ + +#ifdef FTP_SERVER + +/* snip */ + +#else /* FTP_SERVER */ + +#if 0 +void +sec_status(void) +{ + if(conn->sec_complete){ + printf("Using %s for authentication.\n", mech->name); + printf("Using %s command channel.\n", level_to_name(command_prot)); + printf("Using %s data channel.\n", level_to_name(data_prot)); + if(buffer_size > 0) + printf("Protection buffer size: %lu.\n", + (unsigned long)buffer_size); + }else{ + printf("Not using any security mechanism.\n"); + } +} +#endif + +static int +sec_prot_internal(struct connectdata *conn, int level) +{ + int ret; + char *p; + unsigned int s = 1048576; + size_t nread; + + if(!conn->sec_complete){ + infof(conn->data, "No security data exchange has taken place.\n"); + return -1; + } + + if(level){ + ftpsendf(conn->data->firstsocket, conn, + "PBSZ %u", s); + /* wait for feedback */ + nread = GetLastResponse(conn->data->firstsocket, + conn->data->buffer, conn); + if(nread < 0) + return /*CURLE_OPERATION_TIMEOUTED*/-1; + if(/*ret != COMPLETE*/conn->data->buffer[0] != '2'){ + failf(conn->data, "Failed to set protection buffer size.\n"); + return -1; + } + conn->buffer_size = s; + p = strstr(/*reply_string*/conn->data->buffer, "PBSZ="); + if(p) + sscanf(p, "PBSZ=%u", &s); + if(s < conn->buffer_size) + conn->buffer_size = s; + } + + ftpsendf(conn->data->firstsocket, conn, + "PROT %c", level["CSEP"]); + /* wait for feedback */ + nread = GetLastResponse(conn->data->firstsocket, + conn->data->buffer, conn); + if(nread < 0) + return /*CURLE_OPERATION_TIMEOUTED*/-1; + if(/*ret != COMPLETE*/conn->data->buffer[0] != '2'){ + failf(conn->data, "Failed to set protection level.\n"); + return -1; + } + + conn->data_prot = (enum protection_level)level; + return 0; +} + +enum protection_level +set_command_prot(struct connectdata *conn, enum protection_level level) +{ + enum protection_level old = conn->command_prot; + conn->command_prot = level; + return old; +} + +#if 0 +void +sec_prot(int argc, char **argv) +{ + int level = -1; + + if(argc < 2 || argc > 3) + goto usage; + if(!sec_complete) { + printf("No security data exchange has taken place.\n"); + code = -1; + return; + } + level = name_to_level(argv[argc - 1]); + + if(level == -1) + goto usage; + + if((*mech->check_prot)(conn->app_data, level)) { + printf("%s does not implement %s protection.\n", + mech->name, level_to_name(level)); + code = -1; + return; + } + + if(argc == 2 || strncasecmp(argv[1], "data", strlen(argv[1])) == 0) { + if(sec_prot_internal(level) < 0){ + code = -1; + return; + } + } else if(strncasecmp(argv[1], "command", strlen(argv[1])) == 0) + set_command_prot(level); + else + goto usage; + code = 0; + return; + usage: + printf("usage: %s [command|data] [clear|safe|confidential|private]\n", + argv[0]); + code = -1; +} +#endif + +void +sec_set_protection_level(struct connectdata *conn) +{ + if(conn->sec_complete && conn->data_prot != conn->request_data_prot) + sec_prot_internal(conn, conn->request_data_prot); +} + + +int +sec_request_prot(struct connectdata *conn, char *level) +{ + int l = name_to_level(level); + if(l == -1) + return -1; + conn->request_data_prot = (enum protection_level)l; + return 0; +} + +int +sec_login(struct connectdata *conn) +{ + int ret; + struct sec_client_mech **m; + size_t nread; + struct UrlData *data=conn->data; + + for(m = mechs; *m && (*m)->name; m++) { + void *tmp; + + tmp = realloc(conn->app_data, (*m)->size); + if (tmp == NULL) { + failf (data, "realloc %u failed", (*m)->size); + return -1; + } + conn->app_data = tmp; + + if((*m)->init && (*(*m)->init)(conn->app_data) != 0) { + infof(data, "Skipping %s...\n", (*m)->name); + continue; + } + infof(data, "Trying %s...\n", (*m)->name); + /*ret = command("AUTH %s", (*m)->name);***/ + ftpsendf(conn->data->firstsocket, conn, + "AUTH %s", (*m)->name); + /* wait for feedback */ + nread = GetLastResponse(conn->data->firstsocket, + conn->data->buffer, conn); + if(nread < 0) + return /*CURLE_OPERATION_TIMEOUTED*/-1; + if(/*ret != CONTINUE*/conn->data->buffer[0] != '3'){ + if(/*code == 504*/strncmp(conn->data->buffer,"504",3) == 0) { + infof(data, + "%s is not supported by the server.\n", (*m)->name); + } + else if(/*code == 534*/strncmp(conn->data->buffer,"534",3) == 0) { + infof(data, "%s rejected as security mechanism.\n", (*m)->name); + } + else if(/*ret == ERROR*/conn->data->buffer[0] == '5') { + infof(data, "The server doesn't support the FTP " + "security extensions.\n"); + return -1; + } + continue; + } + + ret = (*(*m)->auth)(conn->app_data, /*host***/conn); + + if(ret == AUTH_CONTINUE) + continue; + else if(ret != AUTH_OK){ + /* mechanism is supposed to output error string */ + return -1; + } + mech = *m; + conn->sec_complete = 1; + conn->command_prot = prot_safe; + break; + } + + return *m == NULL; +} + +void +sec_end(struct connectdata *conn) +{ + if (mech != NULL) { + if(mech->end) + (*mech->end)(conn->app_data); + memset(conn->app_data, 0, mech->size); + free(conn->app_data); + conn->app_data = NULL; + } + conn->sec_complete = 0; + conn->data_prot = (enum protection_level)0; +} + +#endif /* FTP_SERVER */ + +#endif /* KRB4 */ -- cgit v1.2.1 From 1dac7f4d055242c66a8d87d77ae6b697f090d54a Mon Sep 17 00:00:00 2001 From: Daniel Stenberg Date: Mon, 25 Sep 2000 22:15:56 +0000 Subject: Martin Hedenfalk added sec_fflush_fd() --- lib/security.c | 14 ++++++++++++++ 1 file changed, 14 insertions(+) (limited to 'lib/security.c') diff --git a/lib/security.c b/lib/security.c index 81ce35ed8..793169f00 100644 --- a/lib/security.c +++ b/lib/security.c @@ -272,6 +272,20 @@ sec_fflush(struct connectdata *conn, FILE *F) return 0; } +int +sec_fflush_fd(struct connectdata *conn, int fd) +{ + if(conn->data_prot != prot_clear) { + if(conn->out_buffer.index > 0){ + sec_write(conn, fd, + conn->out_buffer.data, conn->out_buffer.index); + conn->out_buffer.index = 0; + } + sec_send(conn, fd, NULL, 0); + } + return 0; +} + int sec_write(struct connectdata *conn, int fd, char *buffer, int length) { -- cgit v1.2.1 From 91bda5650c780808d195c5e884f43a8dde2a1f95 Mon Sep 17 00:00:00 2001 From: Daniel Stenberg Date: Thu, 28 Sep 2000 10:36:31 +0000 Subject: include base64.h instead of base64_krb.h --- lib/security.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'lib/security.c') diff --git a/lib/security.c b/lib/security.c index 793169f00..20a77f172 100644 --- a/lib/security.c +++ b/lib/security.c @@ -38,15 +38,15 @@ #include "setup.h" -#include - #ifdef KRB4 +#include + #include "security.h" #include #include #include -#include "base64_krb.h" +#include "base64.h" #define min(a, b) ((a) < (b) ? (a) : (b)) -- cgit v1.2.1 From 0f8facb49b45a711fa7832c68260a5b45b362922 Mon Sep 17 00:00:00 2001 From: Daniel Stenberg Date: Mon, 9 Oct 2000 11:12:34 +0000 Subject: added memory debugging include file --- lib/security.c | 4 ++++ 1 file changed, 4 insertions(+) (limited to 'lib/security.c') diff --git a/lib/security.c b/lib/security.c index 20a77f172..47b134159 100644 --- a/lib/security.c +++ b/lib/security.c @@ -47,6 +47,10 @@ #include #include #include "base64.h" +/* The last #include file should be: */ +#ifdef MALLOCDEBUG +#include "memdebug.h" +#endif #define min(a, b) ((a) < (b) ? (a) : (b)) -- cgit v1.2.1 From 4031104404c6ceed5e57134125dcdb6cac51c564 Mon Sep 17 00:00:00 2001 From: Daniel Stenberg Date: Fri, 5 Jan 2001 10:11:41 +0000 Subject: Internal symbols that aren't static are now prefixed with 'Curl_' --- lib/security.c | 42 ++++++++++++++++++++++++++---------------- 1 file changed, 26 insertions(+), 16 deletions(-) (limited to 'lib/security.c') diff --git a/lib/security.c b/lib/security.c index 47b134159..ced5e7d38 100644 --- a/lib/security.c +++ b/lib/security.c @@ -40,13 +40,22 @@ #ifdef KRB4 +#define _MPRINTF_REPLACE /* we want curl-functions instead of native ones */ #include #include "security.h" #include #include #include + +#ifdef HAVE_UNISTD_H +#include +#endif + #include "base64.h" +#include "sendf.h" +#include "ftp.h" + /* The last #include file should be: */ #ifdef MALLOCDEBUG #include "memdebug.h" @@ -64,6 +73,7 @@ static struct { { prot_private, "private" } }; +#if 0 static const char * level_to_name(enum protection_level level) { @@ -73,6 +83,7 @@ level_to_name(enum protection_level level) return level_names[i].name; return "unknown"; } +#endif #ifndef FTP_SERVER /* not used in server */ static enum protection_level @@ -319,7 +330,7 @@ sec_vfprintf2(struct connectdata *conn, FILE *f, const char *fmt, va_list ap) if(conn->data_prot == prot_clear) return vfprintf(f, fmt, ap); else { - buf = maprintf(fmt, ap); + buf = aprintf(fmt, ap); ret = buffer_write(&conn->out_buffer, buf, strlen(buf)); free(buf); return ret; @@ -360,7 +371,7 @@ sec_read_msg(struct connectdata *conn, char *s, int level) int code; buf = malloc(strlen(s)); - len = base64_decode(s + 4, buf); /* XXX */ + len = Curl_base64_decode(s + 4, buf); /* XXX */ len = (*mech->decode)(conn->app_data, buf, len, level, conn); if(len < 0) @@ -390,7 +401,7 @@ sec_vfprintf(struct connectdata *conn, FILE *f, const char *fmt, va_list ap) if(!conn->sec_complete) return vfprintf(f, fmt, ap); - buf = maprintf(fmt, ap); + buf = aprintf(fmt, ap); len = (*mech->encode)(conn->app_data, buf, strlen(buf), conn->command_prot, &enc, conn); @@ -399,7 +410,7 @@ sec_vfprintf(struct connectdata *conn, FILE *f, const char *fmt, va_list ap) failf(conn->data, "Failed to encode command.\n"); return -1; } - if(base64_encode(enc, len, &buf) < 0){ + if(Curl_base64_encode(enc, len, &buf) < 0){ failf(conn->data, "Out of memory base64-encoding.\n"); return -1; } @@ -461,7 +472,6 @@ sec_status(void) static int sec_prot_internal(struct connectdata *conn, int level) { - int ret; char *p; unsigned int s = 1048576; size_t nread; @@ -472,11 +482,11 @@ sec_prot_internal(struct connectdata *conn, int level) } if(level){ - ftpsendf(conn->data->firstsocket, conn, - "PBSZ %u", s); + Curl_ftpsendf(conn->data->firstsocket, conn, + "PBSZ %u", s); /* wait for feedback */ - nread = GetLastResponse(conn->data->firstsocket, - conn->data->buffer, conn); + nread = Curl_GetFTPResponse(conn->data->firstsocket, + conn->data->buffer, conn, NULL); if(nread < 0) return /*CURLE_OPERATION_TIMEOUTED*/-1; if(/*ret != COMPLETE*/conn->data->buffer[0] != '2'){ @@ -491,11 +501,11 @@ sec_prot_internal(struct connectdata *conn, int level) conn->buffer_size = s; } - ftpsendf(conn->data->firstsocket, conn, - "PROT %c", level["CSEP"]); + Curl_ftpsendf(conn->data->firstsocket, conn, + "PROT %c", level["CSEP"]); /* wait for feedback */ - nread = GetLastResponse(conn->data->firstsocket, - conn->data->buffer, conn); + nread = Curl_GetFTPResponse(conn->data->firstsocket, + conn->data->buffer, conn, NULL); if(nread < 0) return /*CURLE_OPERATION_TIMEOUTED*/-1; if(/*ret != COMPLETE*/conn->data->buffer[0] != '2'){ @@ -600,11 +610,11 @@ sec_login(struct connectdata *conn) } infof(data, "Trying %s...\n", (*m)->name); /*ret = command("AUTH %s", (*m)->name);***/ - ftpsendf(conn->data->firstsocket, conn, + Curl_ftpsendf(conn->data->firstsocket, conn, "AUTH %s", (*m)->name); /* wait for feedback */ - nread = GetLastResponse(conn->data->firstsocket, - conn->data->buffer, conn); + nread = Curl_GetFTPResponse(conn->data->firstsocket, + conn->data->buffer, conn, NULL); if(nread < 0) return /*CURLE_OPERATION_TIMEOUTED*/-1; if(/*ret != CONTINUE*/conn->data->buffer[0] != '3'){ -- cgit v1.2.1 From a1d6ad26100bc493c7b04f1301b1634b7f5aa8b4 Mon Sep 17 00:00:00 2001 From: Daniel Stenberg Date: Tue, 20 Feb 2001 17:35:51 +0000 Subject: multiple connection support initial commit --- lib/security.c | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) (limited to 'lib/security.c') diff --git a/lib/security.c b/lib/security.c index ced5e7d38..98553a6ba 100644 --- a/lib/security.c +++ b/lib/security.c @@ -482,10 +482,10 @@ sec_prot_internal(struct connectdata *conn, int level) } if(level){ - Curl_ftpsendf(conn->data->firstsocket, conn, + Curl_ftpsendf(conn->firstsocket, conn, "PBSZ %u", s); /* wait for feedback */ - nread = Curl_GetFTPResponse(conn->data->firstsocket, + nread = Curl_GetFTPResponse(conn->firstsocket, conn->data->buffer, conn, NULL); if(nread < 0) return /*CURLE_OPERATION_TIMEOUTED*/-1; @@ -501,10 +501,10 @@ sec_prot_internal(struct connectdata *conn, int level) conn->buffer_size = s; } - Curl_ftpsendf(conn->data->firstsocket, conn, + Curl_ftpsendf(conn->firstsocket, conn, "PROT %c", level["CSEP"]); /* wait for feedback */ - nread = Curl_GetFTPResponse(conn->data->firstsocket, + nread = Curl_GetFTPResponse(conn->firstsocket, conn->data->buffer, conn, NULL); if(nread < 0) return /*CURLE_OPERATION_TIMEOUTED*/-1; @@ -610,10 +610,10 @@ sec_login(struct connectdata *conn) } infof(data, "Trying %s...\n", (*m)->name); /*ret = command("AUTH %s", (*m)->name);***/ - Curl_ftpsendf(conn->data->firstsocket, conn, + Curl_ftpsendf(conn->firstsocket, conn, "AUTH %s", (*m)->name); /* wait for feedback */ - nread = Curl_GetFTPResponse(conn->data->firstsocket, + nread = Curl_GetFTPResponse(conn->firstsocket, conn->data->buffer, conn, NULL); if(nread < 0) return /*CURLE_OPERATION_TIMEOUTED*/-1; -- cgit v1.2.1 From 8e1f95ac7dd4844e4a0175dba0221d66ac44eaab Mon Sep 17 00:00:00 2001 From: Daniel Stenberg Date: Tue, 14 Aug 2001 08:32:50 +0000 Subject: cleaned up some picky compiler warnings and indented the code curl style --- lib/security.c | 263 +++++++++++++++++++++++++-------------------------------- 1 file changed, 116 insertions(+), 147 deletions(-) (limited to 'lib/security.c') diff --git a/lib/security.c b/lib/security.c index 98553a6ba..e62951adb 100644 --- a/lib/security.c +++ b/lib/security.c @@ -73,45 +73,15 @@ static struct { { prot_private, "private" } }; -#if 0 -static const char * -level_to_name(enum protection_level level) -{ - int i; - for(i = 0; i < sizeof(level_names) / sizeof(level_names[0]); i++) - if(level_names[i].level == level) - return level_names[i].name; - return "unknown"; -} -#endif - -#ifndef FTP_SERVER /* not used in server */ static enum protection_level name_to_level(const char *name) { - int i; - for(i = 0; i < sizeof(level_names) / sizeof(level_names[0]); i++) - if(!strncasecmp(level_names[i].name, name, strlen(name))) - return level_names[i].level; - return (enum protection_level)-1; + int i; + for(i = 0; i < (int)sizeof(level_names)/(int)sizeof(level_names[0]); i++) + if(!strncasecmp(level_names[i].name, name, strlen(name))) + return level_names[i].level; + return (enum protection_level)-1; } -#endif - -#ifdef FTP_SERVER - -static struct sec_server_mech *mechs[] = { -#ifdef KRB5 - &gss_server_mech, -#endif -#ifdef KRB4 - &krb4_server_mech, -#endif - NULL -}; - -static struct sec_server_mech *mech; - -#else static struct sec_client_mech *mechs[] = { #ifdef KRB5 @@ -125,8 +95,6 @@ static struct sec_client_mech *mechs[] = { static struct sec_client_mech *mech; -#endif - int sec_getc(struct connectdata *conn, FILE *F) { @@ -135,49 +103,50 @@ sec_getc(struct connectdata *conn, FILE *F) if(sec_read(conn, fileno(F), &c, 1) <= 0) return EOF; return c; - } else + } + else return getc(F); } static int block_read(int fd, void *buf, size_t len) { - unsigned char *p = buf; - int b; - while(len) { - b = read(fd, p, len); - if (b == 0) - return 0; - else if (b < 0) - return -1; - len -= b; - p += b; - } - return p - (unsigned char*)buf; + unsigned char *p = buf; + int b; + while(len) { + b = read(fd, p, len); + if (b == 0) + return 0; + else if (b < 0) + return -1; + len -= b; + p += b; + } + return p - (unsigned char*)buf; } static int block_write(int fd, void *buf, size_t len) { - unsigned char *p = buf; - int b; - while(len) { - b = write(fd, p, len); - if(b < 0) - return -1; - len -= b; - p += b; - } - return p - (unsigned char*)buf; + unsigned char *p = buf; + int b; + while(len) { + b = write(fd, p, len); + if(b < 0) + return -1; + len -= b; + p += b; + } + return p - (unsigned char*)buf; } static int sec_get_data(struct connectdata *conn, - int fd, struct krb4buffer *buf, int level) + int fd, struct krb4buffer *buf) { int len; int b; - + b = block_read(fd, &len, sizeof(len)); if (b == 0) return 0; @@ -244,7 +213,7 @@ sec_read(struct connectdata *conn, int fd, void *buffer, int length) buffer = (char*)buffer + len; while(length) { - if(sec_get_data(conn, fd, &conn->in_buffer, conn->data_prot) < 0) + if(sec_get_data(conn, fd, &conn->in_buffer) < 0) return -1; if(conn->in_buffer.size == 0) { if(rx) @@ -472,49 +441,49 @@ sec_status(void) static int sec_prot_internal(struct connectdata *conn, int level) { - char *p; - unsigned int s = 1048576; - size_t nread; + char *p; + unsigned int s = 1048576; + ssize_t nread; - if(!conn->sec_complete){ - infof(conn->data, "No security data exchange has taken place.\n"); - return -1; - } - - if(level){ - Curl_ftpsendf(conn->firstsocket, conn, - "PBSZ %u", s); - /* wait for feedback */ - nread = Curl_GetFTPResponse(conn->firstsocket, - conn->data->buffer, conn, NULL); - if(nread < 0) - return /*CURLE_OPERATION_TIMEOUTED*/-1; - if(/*ret != COMPLETE*/conn->data->buffer[0] != '2'){ - failf(conn->data, "Failed to set protection buffer size.\n"); - return -1; - } - conn->buffer_size = s; - p = strstr(/*reply_string*/conn->data->buffer, "PBSZ="); - if(p) - sscanf(p, "PBSZ=%u", &s); - if(s < conn->buffer_size) - conn->buffer_size = s; - } + if(!conn->sec_complete){ + infof(conn->data, "No security data exchange has taken place.\n"); + return -1; + } + if(level){ Curl_ftpsendf(conn->firstsocket, conn, - "PROT %c", level["CSEP"]); + "PBSZ %u", s); /* wait for feedback */ nread = Curl_GetFTPResponse(conn->firstsocket, conn->data->buffer, conn, NULL); if(nread < 0) return /*CURLE_OPERATION_TIMEOUTED*/-1; if(/*ret != COMPLETE*/conn->data->buffer[0] != '2'){ - failf(conn->data, "Failed to set protection level.\n"); + failf(conn->data, "Failed to set protection buffer size.\n"); return -1; } + conn->buffer_size = s; + p = strstr(/*reply_string*/conn->data->buffer, "PBSZ="); + if(p) + sscanf(p, "PBSZ=%u", &s); + if(s < conn->buffer_size) + conn->buffer_size = s; + } + + Curl_ftpsendf(conn->firstsocket, conn, + "PROT %c", level["CSEP"]); + /* wait for feedback */ + nread = Curl_GetFTPResponse(conn->firstsocket, + conn->data->buffer, conn, NULL); + if(nread < 0) + return /*CURLE_OPERATION_TIMEOUTED*/-1; + if(/*ret != COMPLETE*/conn->data->buffer[0] != '2'){ + failf(conn->data, "Failed to set protection level.\n"); + return -1; + } - conn->data_prot = (enum protection_level)level; - return 0; + conn->data_prot = (enum protection_level)level; + return 0; } enum protection_level @@ -577,7 +546,7 @@ sec_set_protection_level(struct connectdata *conn) int -sec_request_prot(struct connectdata *conn, char *level) +sec_request_prot(struct connectdata *conn, const char *level) { int l = name_to_level(level); if(l == -1) @@ -589,65 +558,65 @@ sec_request_prot(struct connectdata *conn, char *level) int sec_login(struct connectdata *conn) { - int ret; - struct sec_client_mech **m; - size_t nread; - struct UrlData *data=conn->data; + int ret; + struct sec_client_mech **m; + ssize_t nread; + struct UrlData *data=conn->data; - for(m = mechs; *m && (*m)->name; m++) { - void *tmp; + for(m = mechs; *m && (*m)->name; m++) { + void *tmp; - tmp = realloc(conn->app_data, (*m)->size); - if (tmp == NULL) { - failf (data, "realloc %u failed", (*m)->size); - return -1; - } - conn->app_data = tmp; + tmp = realloc(conn->app_data, (*m)->size); + if (tmp == NULL) { + failf (data, "realloc %u failed", (*m)->size); + return -1; + } + conn->app_data = tmp; - if((*m)->init && (*(*m)->init)(conn->app_data) != 0) { - infof(data, "Skipping %s...\n", (*m)->name); - continue; - } - infof(data, "Trying %s...\n", (*m)->name); - /*ret = command("AUTH %s", (*m)->name);***/ - Curl_ftpsendf(conn->firstsocket, conn, - "AUTH %s", (*m)->name); - /* wait for feedback */ - nread = Curl_GetFTPResponse(conn->firstsocket, - conn->data->buffer, conn, NULL); - if(nread < 0) - return /*CURLE_OPERATION_TIMEOUTED*/-1; - if(/*ret != CONTINUE*/conn->data->buffer[0] != '3'){ - if(/*code == 504*/strncmp(conn->data->buffer,"504",3) == 0) { - infof(data, - "%s is not supported by the server.\n", (*m)->name); - } - else if(/*code == 534*/strncmp(conn->data->buffer,"534",3) == 0) { - infof(data, "%s rejected as security mechanism.\n", (*m)->name); - } - else if(/*ret == ERROR*/conn->data->buffer[0] == '5') { - infof(data, "The server doesn't support the FTP " - "security extensions.\n"); - return -1; - } - continue; - } + if((*m)->init && (*(*m)->init)(conn->app_data) != 0) { + infof(data, "Skipping %s...\n", (*m)->name); + continue; + } + infof(data, "Trying %s...\n", (*m)->name); + /*ret = command("AUTH %s", (*m)->name);***/ + Curl_ftpsendf(conn->firstsocket, conn, + "AUTH %s", (*m)->name); + /* wait for feedback */ + nread = Curl_GetFTPResponse(conn->firstsocket, + conn->data->buffer, conn, NULL); + if(nread < 0) + return /*CURLE_OPERATION_TIMEOUTED*/-1; + if(/*ret != CONTINUE*/conn->data->buffer[0] != '3'){ + if(/*code == 504*/strncmp(conn->data->buffer,"504",3) == 0) { + infof(data, + "%s is not supported by the server.\n", (*m)->name); + } + else if(/*code == 534*/strncmp(conn->data->buffer,"534",3) == 0) { + infof(data, "%s rejected as security mechanism.\n", (*m)->name); + } + else if(/*ret == ERROR*/conn->data->buffer[0] == '5') { + infof(data, "The server doesn't support the FTP " + "security extensions.\n"); + return -1; + } + continue; + } - ret = (*(*m)->auth)(conn->app_data, /*host***/conn); + ret = (*(*m)->auth)(conn->app_data, /*host***/conn); - if(ret == AUTH_CONTINUE) - continue; - else if(ret != AUTH_OK){ - /* mechanism is supposed to output error string */ - return -1; - } - mech = *m; - conn->sec_complete = 1; - conn->command_prot = prot_safe; - break; + if(ret == AUTH_CONTINUE) + continue; + else if(ret != AUTH_OK){ + /* mechanism is supposed to output error string */ + return -1; } + mech = *m; + conn->sec_complete = 1; + conn->command_prot = prot_safe; + break; + } - return *m == NULL; + return *m == NULL; } void -- cgit v1.2.1 From a2688b6ca1cd78383c925c464225a38b7006b8cb Mon Sep 17 00:00:00 2001 From: Daniel Stenberg Date: Fri, 17 Aug 2001 10:11:46 +0000 Subject: removed dead/unused code removed use of global variables removed name space pollutions (added Curl_ prefixes) --- lib/security.c | 208 ++++++++++++++++----------------------------------------- 1 file changed, 59 insertions(+), 149 deletions(-) (limited to 'lib/security.c') diff --git a/lib/security.c b/lib/security.c index e62951adb..39a80ee32 100644 --- a/lib/security.c +++ b/lib/security.c @@ -1,9 +1,12 @@ -/* modified by Martin Hedenfalk for use in Curl - * last modified 2000-09-18 - * Even more obscurified to merge better into libcurl by Daniel Stenberg. - */ - -/* +/* This source code was modified by Martin Hedenfalk for + * use in Curl. His latest changes were done 2000-09-18. + * + * It has since been patched and modified a lot by Daniel Stenberg + * to make it better applied to curl conditions, and to make + * it not use globals, pollute name space and more. This source code awaits a + * rewrite to work around the paragraph 2 in the BSD licenses as explained + * below. + * * Copyright (c) 1998, 1999 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. @@ -33,8 +36,7 @@ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - */ + * SUCH DAMAGE. */ #include "setup.h" @@ -83,24 +85,22 @@ name_to_level(const char *name) return (enum protection_level)-1; } -static struct sec_client_mech *mechs[] = { +static struct Curl_sec_client_mech *mechs[] = { #ifdef KRB5 - &gss_client_mech, + /* not supported */ #endif #ifdef KRB4 - &krb4_client_mech, + &Curl_krb4_client_mech, #endif NULL }; -static struct sec_client_mech *mech; - int -sec_getc(struct connectdata *conn, FILE *F) +Curl_sec_getc(struct connectdata *conn, FILE *F) { if(conn->sec_complete && conn->data_prot) { char c; - if(sec_read(conn, fileno(F), &c, 1) <= 0) + if(Curl_sec_read(conn, fileno(F), &c, 1) <= 0) return EOF; return c; } @@ -159,8 +159,8 @@ sec_get_data(struct connectdata *conn, return 0; else if (b < 0) return -1; - buf->size = (*mech->decode)(conn->app_data, buf->data, len, - conn->data_prot, conn); + buf->size = (conn->mech->decode)(conn->app_data, buf->data, len, + conn->data_prot, conn); buf->index = 0; return 0; } @@ -194,7 +194,7 @@ buffer_write(struct krb4buffer *buf, void *data, size_t len) } int -sec_read(struct connectdata *conn, int fd, void *buffer, int length) +Curl_sec_read(struct connectdata *conn, int fd, void *buffer, int length) { size_t len; int rx = 0; @@ -233,7 +233,8 @@ sec_send(struct connectdata *conn, int fd, char *from, int length) { int bytes; void *buf; - bytes = (*mech->encode)(conn->app_data, from, length, conn->data_prot, &buf, conn); + bytes = (conn->mech->encode)(conn->app_data, from, length, conn->data_prot, + &buf, conn); bytes = htonl(bytes); block_write(fd, &bytes, sizeof(bytes)); block_write(fd, buf, ntohl(bytes)); @@ -242,26 +243,11 @@ sec_send(struct connectdata *conn, int fd, char *from, int length) } int -sec_fflush(struct connectdata *conn, FILE *F) +Curl_sec_fflush_fd(struct connectdata *conn, int fd) { if(conn->data_prot != prot_clear) { if(conn->out_buffer.index > 0){ - sec_write(conn, fileno(F), - conn->out_buffer.data, conn->out_buffer.index); - conn->out_buffer.index = 0; - } - sec_send(conn, fileno(F), NULL, 0); - } - fflush(F); - return 0; -} - -int -sec_fflush_fd(struct connectdata *conn, int fd) -{ - if(conn->data_prot != prot_clear) { - if(conn->out_buffer.index > 0){ - sec_write(conn, fd, + Curl_sec_write(conn, fd, conn->out_buffer.data, conn->out_buffer.index); conn->out_buffer.index = 0; } @@ -271,7 +257,7 @@ sec_fflush_fd(struct connectdata *conn, int fd) } int -sec_write(struct connectdata *conn, int fd, char *buffer, int length) +Curl_sec_write(struct connectdata *conn, int fd, char *buffer, int length) { int len = conn->buffer_size; int tx = 0; @@ -279,7 +265,7 @@ sec_write(struct connectdata *conn, int fd, char *buffer, int length) if(conn->data_prot == prot_clear) return write(fd, buffer, length); - len -= (*mech->overhead)(conn->app_data, conn->data_prot, len); + len -= (conn->mech->overhead)(conn->app_data, conn->data_prot, len); while(length){ if(length < len) len = length; @@ -292,7 +278,7 @@ sec_write(struct connectdata *conn, int fd, char *buffer, int length) } int -sec_vfprintf2(struct connectdata *conn, FILE *f, const char *fmt, va_list ap) +Curl_sec_vfprintf2(struct connectdata *conn, FILE *f, const char *fmt, va_list ap) { char *buf; int ret; @@ -307,18 +293,18 @@ sec_vfprintf2(struct connectdata *conn, FILE *f, const char *fmt, va_list ap) } int -sec_fprintf2(struct connectdata *conn, FILE *f, const char *fmt, ...) +Curl_sec_fprintf2(struct connectdata *conn, FILE *f, const char *fmt, ...) { int ret; va_list ap; va_start(ap, fmt); - ret = sec_vfprintf2(conn, f, fmt, ap); + ret = Curl_sec_vfprintf2(conn, f, fmt, ap); va_end(ap); return ret; } int -sec_putc(struct connectdata *conn, int c, FILE *F) +Curl_sec_putc(struct connectdata *conn, int c, FILE *F) { char ch = c; if(conn->data_prot == prot_clear) @@ -326,14 +312,14 @@ sec_putc(struct connectdata *conn, int c, FILE *F) buffer_write(&conn->out_buffer, &ch, 1); if(c == '\n' || conn->out_buffer.index >= 1024 /* XXX */) { - sec_write(conn, fileno(F), conn->out_buffer.data, conn->out_buffer.index); + Curl_sec_write(conn, fileno(F), conn->out_buffer.data, conn->out_buffer.index); conn->out_buffer.index = 0; } return c; } int -sec_read_msg(struct connectdata *conn, char *s, int level) +Curl_sec_read_msg(struct connectdata *conn, char *s, int level) { int len; char *buf; @@ -342,7 +328,7 @@ sec_read_msg(struct connectdata *conn, char *s, int level) buf = malloc(strlen(s)); len = Curl_base64_decode(s + 4, buf); /* XXX */ - len = (*mech->decode)(conn->app_data, buf, len, level, conn); + len = (conn->mech->decode)(conn->app_data, buf, len, level, conn); if(len < 0) return -1; @@ -361,7 +347,7 @@ sec_read_msg(struct connectdata *conn, char *s, int level) /* modified to return how many bytes written, or -1 on error ***/ int -sec_vfprintf(struct connectdata *conn, FILE *f, const char *fmt, va_list ap) +Curl_sec_vfprintf(struct connectdata *conn, FILE *f, const char *fmt, va_list ap) { int ret = 0; char *buf; @@ -371,9 +357,9 @@ sec_vfprintf(struct connectdata *conn, FILE *f, const char *fmt, va_list ap) return vfprintf(f, fmt, ap); buf = aprintf(fmt, ap); - len = (*mech->encode)(conn->app_data, buf, strlen(buf), - conn->command_prot, &enc, - conn); + len = (conn->mech->encode)(conn->app_data, buf, strlen(buf), + conn->command_prot, &enc, + conn); free(buf); if(len < 0) { failf(conn->data, "Failed to encode command.\n"); @@ -383,60 +369,36 @@ sec_vfprintf(struct connectdata *conn, FILE *f, const char *fmt, va_list ap) failf(conn->data, "Out of memory base64-encoding.\n"); return -1; } -#ifdef FTP_SERVER - if(command_prot == prot_safe) - fprintf(f, "631 %s\r\n", buf); - else if(command_prot == prot_private) - fprintf(f, "632 %s\r\n", buf); - else if(command_prot == prot_confidential) - fprintf(f, "633 %s\r\n", buf); -#else if(conn->command_prot == prot_safe) ret = fprintf(f, "MIC %s", buf); else if(conn->command_prot == prot_private) ret = fprintf(f, "ENC %s", buf); else if(conn->command_prot == prot_confidential) ret = fprintf(f, "CONF %s", buf); -#endif + free(buf); return ret; } int -sec_fprintf(struct connectdata *conn, FILE *f, const char *fmt, ...) +Curl_sec_fprintf(struct connectdata *conn, FILE *f, const char *fmt, ...) { va_list ap; int ret; va_start(ap, fmt); - ret = sec_vfprintf(conn, f, fmt, ap); + ret = Curl_sec_vfprintf(conn, f, fmt, ap); va_end(ap); return ret; } -/* end common stuff */ - -#ifdef FTP_SERVER - -/* snip */ - -#else /* FTP_SERVER */ -#if 0 -void -sec_status(void) +enum protection_level +Curl_set_command_prot(struct connectdata *conn, enum protection_level level) { - if(conn->sec_complete){ - printf("Using %s for authentication.\n", mech->name); - printf("Using %s command channel.\n", level_to_name(command_prot)); - printf("Using %s data channel.\n", level_to_name(data_prot)); - if(buffer_size > 0) - printf("Protection buffer size: %lu.\n", - (unsigned long)buffer_size); - }else{ - printf("Not using any security mechanism.\n"); - } + enum protection_level old = conn->command_prot; + conn->command_prot = level; + return old; } -#endif static int sec_prot_internal(struct connectdata *conn, int level) @@ -486,59 +448,8 @@ sec_prot_internal(struct connectdata *conn, int level) return 0; } -enum protection_level -set_command_prot(struct connectdata *conn, enum protection_level level) -{ - enum protection_level old = conn->command_prot; - conn->command_prot = level; - return old; -} - -#if 0 void -sec_prot(int argc, char **argv) -{ - int level = -1; - - if(argc < 2 || argc > 3) - goto usage; - if(!sec_complete) { - printf("No security data exchange has taken place.\n"); - code = -1; - return; - } - level = name_to_level(argv[argc - 1]); - - if(level == -1) - goto usage; - - if((*mech->check_prot)(conn->app_data, level)) { - printf("%s does not implement %s protection.\n", - mech->name, level_to_name(level)); - code = -1; - return; - } - - if(argc == 2 || strncasecmp(argv[1], "data", strlen(argv[1])) == 0) { - if(sec_prot_internal(level) < 0){ - code = -1; - return; - } - } else if(strncasecmp(argv[1], "command", strlen(argv[1])) == 0) - set_command_prot(level); - else - goto usage; - code = 0; - return; - usage: - printf("usage: %s [command|data] [clear|safe|confidential|private]\n", - argv[0]); - code = -1; -} -#endif - -void -sec_set_protection_level(struct connectdata *conn) +Curl_sec_set_protection_level(struct connectdata *conn) { if(conn->sec_complete && conn->data_prot != conn->request_data_prot) sec_prot_internal(conn, conn->request_data_prot); @@ -546,7 +457,7 @@ sec_set_protection_level(struct connectdata *conn) int -sec_request_prot(struct connectdata *conn, const char *level) +Curl_sec_request_prot(struct connectdata *conn, const char *level) { int l = name_to_level(level); if(l == -1) @@ -556,10 +467,10 @@ sec_request_prot(struct connectdata *conn, const char *level) } int -sec_login(struct connectdata *conn) +Curl_sec_login(struct connectdata *conn) { int ret; - struct sec_client_mech **m; + struct Curl_sec_client_mech **m; ssize_t nread; struct UrlData *data=conn->data; @@ -610,7 +521,7 @@ sec_login(struct connectdata *conn) /* mechanism is supposed to output error string */ return -1; } - mech = *m; + conn->mech = *m; conn->sec_complete = 1; conn->command_prot = prot_safe; break; @@ -620,19 +531,18 @@ sec_login(struct connectdata *conn) } void -sec_end(struct connectdata *conn) +Curl_sec_end(struct connectdata *conn) { - if (mech != NULL) { - if(mech->end) - (*mech->end)(conn->app_data); - memset(conn->app_data, 0, mech->size); - free(conn->app_data); - conn->app_data = NULL; - } - conn->sec_complete = 0; - conn->data_prot = (enum protection_level)0; + if (conn->mech != NULL) { + if(conn->mech->end) + (conn->mech->end)(conn->app_data); + memset(conn->app_data, 0, conn->mech->size); + free(conn->app_data); + conn->app_data = NULL; + } + conn->sec_complete = 0; + conn->data_prot = (enum protection_level)0; + conn->mech=NULL; } -#endif /* FTP_SERVER */ - #endif /* KRB4 */ -- cgit v1.2.1 From 0ece1b5c34c049a3226f7dd793cf75e470c46e4d Mon Sep 17 00:00:00 2001 From: Daniel Stenberg Date: Thu, 30 Aug 2001 22:48:34 +0000 Subject: Major rename and redesign of the internal "backbone" structs. Details will be posted in a minute to the libcurl list. --- lib/security.c | 22 +++++++++++----------- 1 file changed, 11 insertions(+), 11 deletions(-) (limited to 'lib/security.c') diff --git a/lib/security.c b/lib/security.c index 39a80ee32..88b89b0fa 100644 --- a/lib/security.c +++ b/lib/security.c @@ -417,15 +417,15 @@ sec_prot_internal(struct connectdata *conn, int level) "PBSZ %u", s); /* wait for feedback */ nread = Curl_GetFTPResponse(conn->firstsocket, - conn->data->buffer, conn, NULL); + conn->data.set->buffer, conn, NULL); if(nread < 0) return /*CURLE_OPERATION_TIMEOUTED*/-1; - if(/*ret != COMPLETE*/conn->data->buffer[0] != '2'){ + if(/*ret != COMPLETE*/conn->data.set->buffer[0] != '2'){ failf(conn->data, "Failed to set protection buffer size.\n"); return -1; } conn->buffer_size = s; - p = strstr(/*reply_string*/conn->data->buffer, "PBSZ="); + p = strstr(/*reply_string*/conn->data.set->buffer, "PBSZ="); if(p) sscanf(p, "PBSZ=%u", &s); if(s < conn->buffer_size) @@ -436,10 +436,10 @@ sec_prot_internal(struct connectdata *conn, int level) "PROT %c", level["CSEP"]); /* wait for feedback */ nread = Curl_GetFTPResponse(conn->firstsocket, - conn->data->buffer, conn, NULL); + conn->data.set->buffer, conn, NULL); if(nread < 0) return /*CURLE_OPERATION_TIMEOUTED*/-1; - if(/*ret != COMPLETE*/conn->data->buffer[0] != '2'){ + if(/*ret != COMPLETE*/conn->data.set->buffer[0] != '2'){ failf(conn->data, "Failed to set protection level.\n"); return -1; } @@ -472,7 +472,7 @@ Curl_sec_login(struct connectdata *conn) int ret; struct Curl_sec_client_mech **m; ssize_t nread; - struct UrlData *data=conn->data; + struct SessionHandle *data=conn->data; for(m = mechs; *m && (*m)->name; m++) { void *tmp; @@ -494,18 +494,18 @@ Curl_sec_login(struct connectdata *conn) "AUTH %s", (*m)->name); /* wait for feedback */ nread = Curl_GetFTPResponse(conn->firstsocket, - conn->data->buffer, conn, NULL); + conn->data.set->buffer, conn, NULL); if(nread < 0) return /*CURLE_OPERATION_TIMEOUTED*/-1; - if(/*ret != CONTINUE*/conn->data->buffer[0] != '3'){ - if(/*code == 504*/strncmp(conn->data->buffer,"504",3) == 0) { + if(/*ret != CONTINUE*/conn->data.set->buffer[0] != '3'){ + if(/*code == 504*/strncmp(conn->data.set->buffer,"504",3) == 0) { infof(data, "%s is not supported by the server.\n", (*m)->name); } - else if(/*code == 534*/strncmp(conn->data->buffer,"534",3) == 0) { + else if(/*code == 534*/strncmp(conn->data.set->buffer,"534",3) == 0) { infof(data, "%s rejected as security mechanism.\n", (*m)->name); } - else if(/*ret == ERROR*/conn->data->buffer[0] == '5') { + else if(/*ret == ERROR*/conn->data.set->buffer[0] == '5') { infof(data, "The server doesn't support the FTP " "security extensions.\n"); return -1; -- cgit v1.2.1 From 47e7a3e678f34fe0af57b3fdde292f9191f16df5 Mon Sep 17 00:00:00 2001 From: Daniel Stenberg Date: Thu, 30 Aug 2001 22:59:58 +0000 Subject: a few more struct fixes --- lib/security.c | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) (limited to 'lib/security.c') diff --git a/lib/security.c b/lib/security.c index 88b89b0fa..616f9e04a 100644 --- a/lib/security.c +++ b/lib/security.c @@ -417,15 +417,15 @@ sec_prot_internal(struct connectdata *conn, int level) "PBSZ %u", s); /* wait for feedback */ nread = Curl_GetFTPResponse(conn->firstsocket, - conn->data.set->buffer, conn, NULL); + conn->data->state.buffer, conn, NULL); if(nread < 0) return /*CURLE_OPERATION_TIMEOUTED*/-1; - if(/*ret != COMPLETE*/conn->data.set->buffer[0] != '2'){ + if(/*ret != COMPLETE*/conn->data->state.buffer[0] != '2'){ failf(conn->data, "Failed to set protection buffer size.\n"); return -1; } conn->buffer_size = s; - p = strstr(/*reply_string*/conn->data.set->buffer, "PBSZ="); + p = strstr(/*reply_string*/conn->data->state.buffer, "PBSZ="); if(p) sscanf(p, "PBSZ=%u", &s); if(s < conn->buffer_size) @@ -436,10 +436,10 @@ sec_prot_internal(struct connectdata *conn, int level) "PROT %c", level["CSEP"]); /* wait for feedback */ nread = Curl_GetFTPResponse(conn->firstsocket, - conn->data.set->buffer, conn, NULL); + conn->data->state.buffer, conn, NULL); if(nread < 0) return /*CURLE_OPERATION_TIMEOUTED*/-1; - if(/*ret != COMPLETE*/conn->data.set->buffer[0] != '2'){ + if(/*ret != COMPLETE*/conn->data->state.buffer[0] != '2'){ failf(conn->data, "Failed to set protection level.\n"); return -1; } @@ -494,18 +494,18 @@ Curl_sec_login(struct connectdata *conn) "AUTH %s", (*m)->name); /* wait for feedback */ nread = Curl_GetFTPResponse(conn->firstsocket, - conn->data.set->buffer, conn, NULL); + conn->data->state.buffer, conn, NULL); if(nread < 0) return /*CURLE_OPERATION_TIMEOUTED*/-1; - if(/*ret != CONTINUE*/conn->data.set->buffer[0] != '3'){ - if(/*code == 504*/strncmp(conn->data.set->buffer,"504",3) == 0) { + if(/*ret != CONTINUE*/conn->data->state.buffer[0] != '3'){ + if(/*code == 504*/strncmp(conn->data->state.buffer,"504",3) == 0) { infof(data, "%s is not supported by the server.\n", (*m)->name); } - else if(/*code == 534*/strncmp(conn->data.set->buffer,"534",3) == 0) { + else if(/*code == 534*/strncmp(conn->data->state.buffer,"534",3) == 0) { infof(data, "%s rejected as security mechanism.\n", (*m)->name); } - else if(/*ret == ERROR*/conn->data.set->buffer[0] == '5') { + else if(/*ret == ERROR*/conn->data->state.buffer[0] == '5') { infof(data, "The server doesn't support the FTP " "security extensions.\n"); return -1; -- cgit v1.2.1 From 6147879837a53d22c9be04e7a4fc315a297ba2b3 Mon Sep 17 00:00:00 2001 From: Sterling Hughes Date: Fri, 7 Sep 2001 04:01:32 +0000 Subject: Added formatting sections for emacs and vim --- lib/security.c | 8 ++++++++ 1 file changed, 8 insertions(+) (limited to 'lib/security.c') diff --git a/lib/security.c b/lib/security.c index 616f9e04a..8be86850d 100644 --- a/lib/security.c +++ b/lib/security.c @@ -546,3 +546,11 @@ Curl_sec_end(struct connectdata *conn) } #endif /* KRB4 */ + +/* + * local variables: + * eval: (load-file "../curl-mode.el") + * end: + * vim600: et sw=2 ts=2 sts=2 tw=78 fdm=marker + * vim<600: et sw=2 ts=2 sts=2 tw=78 + */ -- cgit v1.2.1 From ae2ecfc5cb29b03364c76308617facf844487030 Mon Sep 17 00:00:00 2001 From: Daniel Stenberg Date: Fri, 28 Sep 2001 09:15:19 +0000 Subject: removed the socket argument from some functions that always passed in the same socket and it was available from the passed-in struct anyway! --- lib/security.c | 14 ++++++-------- 1 file changed, 6 insertions(+), 8 deletions(-) (limited to 'lib/security.c') diff --git a/lib/security.c b/lib/security.c index 8be86850d..c1ac5fdf8 100644 --- a/lib/security.c +++ b/lib/security.c @@ -413,11 +413,10 @@ sec_prot_internal(struct connectdata *conn, int level) } if(level){ - Curl_ftpsendf(conn->firstsocket, conn, + Curl_ftpsendf(conn, "PBSZ %u", s); /* wait for feedback */ - nread = Curl_GetFTPResponse(conn->firstsocket, - conn->data->state.buffer, conn, NULL); + nread = Curl_GetFTPResponse(conn->data->state.buffer, conn, NULL); if(nread < 0) return /*CURLE_OPERATION_TIMEOUTED*/-1; if(/*ret != COMPLETE*/conn->data->state.buffer[0] != '2'){ @@ -432,12 +431,11 @@ sec_prot_internal(struct connectdata *conn, int level) conn->buffer_size = s; } - Curl_ftpsendf(conn->firstsocket, conn, - "PROT %c", level["CSEP"]); + Curl_ftpsendf(conn, "PROT %c", level["CSEP"]); /* wait for feedback */ - nread = Curl_GetFTPResponse(conn->firstsocket, - conn->data->state.buffer, conn, NULL); + nread = Curl_GetFTPResponse(conn->data->state.buffer, conn, NULL); if(nread < 0) + return /*CURLE_OPERATION_TIMEOUTED*/-1; if(/*ret != COMPLETE*/conn->data->state.buffer[0] != '2'){ failf(conn->data, "Failed to set protection level.\n"); @@ -490,7 +488,7 @@ Curl_sec_login(struct connectdata *conn) } infof(data, "Trying %s...\n", (*m)->name); /*ret = command("AUTH %s", (*m)->name);***/ - Curl_ftpsendf(conn->firstsocket, conn, + Curl_ftpsendf(conn, "AUTH %s", (*m)->name); /* wait for feedback */ nread = Curl_GetFTPResponse(conn->firstsocket, -- cgit v1.2.1 From 09da2c176735ab52beb3731028f4dfd5fd321255 Mon Sep 17 00:00:00 2001 From: Daniel Stenberg Date: Fri, 28 Sep 2001 09:19:35 +0000 Subject: fixed the missing getftpresponse edits --- lib/security.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) (limited to 'lib/security.c') diff --git a/lib/security.c b/lib/security.c index c1ac5fdf8..63591f134 100644 --- a/lib/security.c +++ b/lib/security.c @@ -491,8 +491,7 @@ Curl_sec_login(struct connectdata *conn) Curl_ftpsendf(conn, "AUTH %s", (*m)->name); /* wait for feedback */ - nread = Curl_GetFTPResponse(conn->firstsocket, - conn->data->state.buffer, conn, NULL); + nread = Curl_GetFTPResponse(conn->data->state.buffer, conn, NULL); if(nread < 0) return /*CURLE_OPERATION_TIMEOUTED*/-1; if(/*ret != CONTINUE*/conn->data->state.buffer[0] != '3'){ -- cgit v1.2.1 From 88e21894c7ccc38384004aa2aba2dd5123fc1f15 Mon Sep 17 00:00:00 2001 From: Daniel Stenberg Date: Fri, 28 Sep 2001 09:25:59 +0000 Subject: improved readability slightly --- lib/security.c | 54 +++++++++++++++++++++++++++++------------------------- 1 file changed, 29 insertions(+), 25 deletions(-) (limited to 'lib/security.c') diff --git a/lib/security.c b/lib/security.c index 63591f134..61faa3128 100644 --- a/lib/security.c +++ b/lib/security.c @@ -413,18 +413,18 @@ sec_prot_internal(struct connectdata *conn, int level) } if(level){ - Curl_ftpsendf(conn, - "PBSZ %u", s); - /* wait for feedback */ + Curl_ftpsendf(conn, "PBSZ %u", s); nread = Curl_GetFTPResponse(conn->data->state.buffer, conn, NULL); if(nread < 0) - return /*CURLE_OPERATION_TIMEOUTED*/-1; - if(/*ret != COMPLETE*/conn->data->state.buffer[0] != '2'){ + return -1; + + if(conn->data->state.buffer[0] != '2'){ failf(conn->data, "Failed to set protection buffer size.\n"); return -1; } conn->buffer_size = s; - p = strstr(/*reply_string*/conn->data->state.buffer, "PBSZ="); + + p = strstr(conn->data->state.buffer, "PBSZ="); if(p) sscanf(p, "PBSZ=%u", &s); if(s < conn->buffer_size) @@ -432,12 +432,11 @@ sec_prot_internal(struct connectdata *conn, int level) } Curl_ftpsendf(conn, "PROT %c", level["CSEP"]); - /* wait for feedback */ nread = Curl_GetFTPResponse(conn->data->state.buffer, conn, NULL); if(nread < 0) + return -1; - return /*CURLE_OPERATION_TIMEOUTED*/-1; - if(/*ret != COMPLETE*/conn->data->state.buffer[0] != '2'){ + if(conn->data->state.buffer[0] != '2'){ failf(conn->data, "Failed to set protection level.\n"); return -1; } @@ -471,6 +470,7 @@ Curl_sec_login(struct connectdata *conn) struct Curl_sec_client_mech **m; ssize_t nread; struct SessionHandle *data=conn->data; + int ftpcode; for(m = mechs; *m && (*m)->name; m++) { void *tmp; @@ -487,30 +487,34 @@ Curl_sec_login(struct connectdata *conn) continue; } infof(data, "Trying %s...\n", (*m)->name); - /*ret = command("AUTH %s", (*m)->name);***/ - Curl_ftpsendf(conn, - "AUTH %s", (*m)->name); - /* wait for feedback */ - nread = Curl_GetFTPResponse(conn->data->state.buffer, conn, NULL); + + Curl_ftpsendf(conn, "AUTH %s", (*m)->name); + + nread = Curl_GetFTPResponse(conn->data->state.buffer, conn, &ftpcode); if(nread < 0) - return /*CURLE_OPERATION_TIMEOUTED*/-1; - if(/*ret != CONTINUE*/conn->data->state.buffer[0] != '3'){ - if(/*code == 504*/strncmp(conn->data->state.buffer,"504",3) == 0) { + return -1; + + if(conn->data->state.buffer[0] != '3'){ + switch(ftpcode) { + case 504: infof(data, "%s is not supported by the server.\n", (*m)->name); - } - else if(/*code == 534*/strncmp(conn->data->state.buffer,"534",3) == 0) { + break; + case 534: infof(data, "%s rejected as security mechanism.\n", (*m)->name); - } - else if(/*ret == ERROR*/conn->data->state.buffer[0] == '5') { - infof(data, "The server doesn't support the FTP " - "security extensions.\n"); - return -1; + break; + default: + if(conn->data->state.buffer[0] == '5') { + infof(data, "The server doesn't support the FTP " + "security extensions.\n"); + return -1; + } + break; } continue; } - ret = (*(*m)->auth)(conn->app_data, /*host***/conn); + ret = (*(*m)->auth)(conn->app_data, conn); if(ret == AUTH_CONTINUE) continue; -- cgit v1.2.1 From 8e91d5de8e4e17ce3d4936cc91171d09726e7bb3 Mon Sep 17 00:00:00 2001 From: Sterling Hughes Date: Thu, 11 Oct 2001 09:32:19 +0000 Subject: looks nicer and is better compatible with older vim versions --- lib/security.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'lib/security.c') diff --git a/lib/security.c b/lib/security.c index 61faa3128..c39f2a0b6 100644 --- a/lib/security.c +++ b/lib/security.c @@ -552,6 +552,6 @@ Curl_sec_end(struct connectdata *conn) * local variables: * eval: (load-file "../curl-mode.el") * end: - * vim600: et sw=2 ts=2 sts=2 tw=78 fdm=marker - * vim<600: et sw=2 ts=2 sts=2 tw=78 + * vim600: fdm=marker + * vim: et sw=2 ts=2 sts=2 tw=78 */ -- cgit v1.2.1 From 4118c68df18b505483e073b56c8450ad1642f691 Mon Sep 17 00:00:00 2001 From: Daniel Stenberg Date: Wed, 31 Oct 2001 15:06:38 +0000 Subject: check Curl_ftpsendf return codes --- lib/security.c | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) (limited to 'lib/security.c') diff --git a/lib/security.c b/lib/security.c index c39f2a0b6..2a92d0bc9 100644 --- a/lib/security.c +++ b/lib/security.c @@ -413,7 +413,9 @@ sec_prot_internal(struct connectdata *conn, int level) } if(level){ - Curl_ftpsendf(conn, "PBSZ %u", s); + if(Curl_ftpsendf(conn, "PBSZ %u", s)) + return -1; + nread = Curl_GetFTPResponse(conn->data->state.buffer, conn, NULL); if(nread < 0) return -1; @@ -431,7 +433,9 @@ sec_prot_internal(struct connectdata *conn, int level) conn->buffer_size = s; } - Curl_ftpsendf(conn, "PROT %c", level["CSEP"]); + if(Curl_ftpsendf(conn, "PROT %c", level["CSEP"])) + return -1; + nread = Curl_GetFTPResponse(conn->data->state.buffer, conn, NULL); if(nread < 0) return -1; @@ -488,7 +492,8 @@ Curl_sec_login(struct connectdata *conn) } infof(data, "Trying %s...\n", (*m)->name); - Curl_ftpsendf(conn, "AUTH %s", (*m)->name); + if(Curl_ftpsendf(conn, "AUTH %s", (*m)->name)) + return -1; nread = Curl_GetFTPResponse(conn->data->state.buffer, conn, &ftpcode); if(nread < 0) -- cgit v1.2.1 From e1922617883d5a70a282ed0e9e756a27eeed6bba Mon Sep 17 00:00:00 2001 From: Daniel Stenberg Date: Tue, 11 Dec 2001 13:13:01 +0000 Subject: failf() calls should not have newlines in the message string! --- lib/security.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) (limited to 'lib/security.c') diff --git a/lib/security.c b/lib/security.c index 2a92d0bc9..1be54c8b8 100644 --- a/lib/security.c +++ b/lib/security.c @@ -362,11 +362,11 @@ Curl_sec_vfprintf(struct connectdata *conn, FILE *f, const char *fmt, va_list ap conn); free(buf); if(len < 0) { - failf(conn->data, "Failed to encode command.\n"); + failf(conn->data, "Failed to encode command."); return -1; } if(Curl_base64_encode(enc, len, &buf) < 0){ - failf(conn->data, "Out of memory base64-encoding.\n"); + failf(conn->data, "Out of memory base64-encoding."); return -1; } if(conn->command_prot == prot_safe) @@ -421,7 +421,7 @@ sec_prot_internal(struct connectdata *conn, int level) return -1; if(conn->data->state.buffer[0] != '2'){ - failf(conn->data, "Failed to set protection buffer size.\n"); + failf(conn->data, "Failed to set protection buffer size."); return -1; } conn->buffer_size = s; @@ -441,7 +441,7 @@ sec_prot_internal(struct connectdata *conn, int level) return -1; if(conn->data->state.buffer[0] != '2'){ - failf(conn->data, "Failed to set protection level.\n"); + failf(conn->data, "Failed to set protection level."); return -1; } -- cgit v1.2.1 From 08ef208fb78fb2eabc5cec08c23e74e251eac898 Mon Sep 17 00:00:00 2001 From: Daniel Stenberg Date: Tue, 11 Jun 2002 11:13:01 +0000 Subject: added disable-[protocol] support, largely provided by Miklos Nemeth --- lib/security.c | 2 ++ 1 file changed, 2 insertions(+) (limited to 'lib/security.c') diff --git a/lib/security.c b/lib/security.c index 1be54c8b8..06dec3258 100644 --- a/lib/security.c +++ b/lib/security.c @@ -40,6 +40,7 @@ #include "setup.h" +#ifndef CURL_DISABLE_FTP #ifdef KRB4 #define _MPRINTF_REPLACE /* we want curl-functions instead of native ones */ @@ -552,6 +553,7 @@ Curl_sec_end(struct connectdata *conn) } #endif /* KRB4 */ +#endif /* CURL_DISABLE_FTP */ /* * local variables: -- cgit v1.2.1 From d0b97f7e1fc0460080883155ab6ce65e27f59c6d Mon Sep 17 00:00:00 2001 From: Daniel Stenberg Date: Tue, 3 Dec 2002 10:25:31 +0000 Subject: Curl_GetFTPResponse() takes a different set of parameters and now return a proper CURLcode. The default timeout for reading one response is now also possible to change while running. --- lib/security.c | 12 +++++------- 1 file changed, 5 insertions(+), 7 deletions(-) (limited to 'lib/security.c') diff --git a/lib/security.c b/lib/security.c index 06dec3258..653772ab3 100644 --- a/lib/security.c +++ b/lib/security.c @@ -414,14 +414,14 @@ sec_prot_internal(struct connectdata *conn, int level) } if(level){ + int code; if(Curl_ftpsendf(conn, "PBSZ %u", s)) return -1; - nread = Curl_GetFTPResponse(conn->data->state.buffer, conn, NULL); - if(nread < 0) + if(Curl_GetFTPResponse(&nread, conn, &code)) return -1; - if(conn->data->state.buffer[0] != '2'){ + if(code/100 != '2'){ failf(conn->data, "Failed to set protection buffer size."); return -1; } @@ -437,8 +437,7 @@ sec_prot_internal(struct connectdata *conn, int level) if(Curl_ftpsendf(conn, "PROT %c", level["CSEP"])) return -1; - nread = Curl_GetFTPResponse(conn->data->state.buffer, conn, NULL); - if(nread < 0) + if(Curl_GetFTPResponse(&nread, conn, NULL)) return -1; if(conn->data->state.buffer[0] != '2'){ @@ -496,8 +495,7 @@ Curl_sec_login(struct connectdata *conn) if(Curl_ftpsendf(conn, "AUTH %s", (*m)->name)) return -1; - nread = Curl_GetFTPResponse(conn->data->state.buffer, conn, &ftpcode); - if(nread < 0) + if(Curl_GetFTPResponse(&nread, conn, &ftpcode)) return -1; if(conn->data->state.buffer[0] != '3'){ -- cgit v1.2.1 From a15133f5cf8ea20f623c49e829d4a0a519913b39 Mon Sep 17 00:00:00 2001 From: Daniel Stenberg Date: Thu, 9 Jan 2003 11:50:34 +0000 Subject: removed unused code --- lib/security.c | 76 ++-------------------------------------------------------- 1 file changed, 2 insertions(+), 74 deletions(-) (limited to 'lib/security.c') diff --git a/lib/security.c b/lib/security.c index 653772ab3..c8add6991 100644 --- a/lib/security.c +++ b/lib/security.c @@ -278,32 +278,6 @@ Curl_sec_write(struct connectdata *conn, int fd, char *buffer, int length) return tx; } -int -Curl_sec_vfprintf2(struct connectdata *conn, FILE *f, const char *fmt, va_list ap) -{ - char *buf; - int ret; - if(conn->data_prot == prot_clear) - return vfprintf(f, fmt, ap); - else { - buf = aprintf(fmt, ap); - ret = buffer_write(&conn->out_buffer, buf, strlen(buf)); - free(buf); - return ret; - } -} - -int -Curl_sec_fprintf2(struct connectdata *conn, FILE *f, const char *fmt, ...) -{ - int ret; - va_list ap; - va_start(ap, fmt); - ret = Curl_sec_vfprintf2(conn, f, fmt, ap); - va_end(ap); - return ret; -} - int Curl_sec_putc(struct connectdata *conn, int c, FILE *F) { @@ -313,7 +287,8 @@ Curl_sec_putc(struct connectdata *conn, int c, FILE *F) buffer_write(&conn->out_buffer, &ch, 1); if(c == '\n' || conn->out_buffer.index >= 1024 /* XXX */) { - Curl_sec_write(conn, fileno(F), conn->out_buffer.data, conn->out_buffer.index); + Curl_sec_write(conn, fileno(F), conn->out_buffer.data, + conn->out_buffer.index); conn->out_buffer.index = 0; } return c; @@ -346,53 +321,6 @@ Curl_sec_read_msg(struct connectdata *conn, char *s, int level) return code; } -/* modified to return how many bytes written, or -1 on error ***/ -int -Curl_sec_vfprintf(struct connectdata *conn, FILE *f, const char *fmt, va_list ap) -{ - int ret = 0; - char *buf; - void *enc; - int len; - if(!conn->sec_complete) - return vfprintf(f, fmt, ap); - - buf = aprintf(fmt, ap); - len = (conn->mech->encode)(conn->app_data, buf, strlen(buf), - conn->command_prot, &enc, - conn); - free(buf); - if(len < 0) { - failf(conn->data, "Failed to encode command."); - return -1; - } - if(Curl_base64_encode(enc, len, &buf) < 0){ - failf(conn->data, "Out of memory base64-encoding."); - return -1; - } - if(conn->command_prot == prot_safe) - ret = fprintf(f, "MIC %s", buf); - else if(conn->command_prot == prot_private) - ret = fprintf(f, "ENC %s", buf); - else if(conn->command_prot == prot_confidential) - ret = fprintf(f, "CONF %s", buf); - - free(buf); - return ret; -} - -int -Curl_sec_fprintf(struct connectdata *conn, FILE *f, const char *fmt, ...) -{ - va_list ap; - int ret; - va_start(ap, fmt); - ret = Curl_sec_vfprintf(conn, f, fmt, ap); - va_end(ap); - return ret; -} - - enum protection_level Curl_set_command_prot(struct connectdata *conn, enum protection_level level) { -- cgit v1.2.1 From a7c72b7abf1213c471f3fd11e6b8e3a37d526f60 Mon Sep 17 00:00:00 2001 From: Daniel Stenberg Date: Wed, 29 Jan 2003 10:14:20 +0000 Subject: removed the local variables for emacs and vim, use the new sample.emacs way for emacs, and vim users should provide a similar non-polluting style --- lib/security.c | 8 -------- 1 file changed, 8 deletions(-) (limited to 'lib/security.c') diff --git a/lib/security.c b/lib/security.c index c8add6991..079975154 100644 --- a/lib/security.c +++ b/lib/security.c @@ -480,11 +480,3 @@ Curl_sec_end(struct connectdata *conn) #endif /* KRB4 */ #endif /* CURL_DISABLE_FTP */ - -/* - * local variables: - * eval: (load-file "../curl-mode.el") - * end: - * vim600: fdm=marker - * vim: et sw=2 ts=2 sts=2 tw=78 - */ -- cgit v1.2.1 From 308bc9d919d57388f269c473778ea7f6a331d1c5 Mon Sep 17 00:00:00 2001 From: Daniel Stenberg Date: Thu, 26 Jun 2003 11:22:12 +0000 Subject: use CURLDEBUG instead of MALLOCDEBUG for preprocessor conditions --- lib/security.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'lib/security.c') diff --git a/lib/security.c b/lib/security.c index 079975154..1c83a18f9 100644 --- a/lib/security.c +++ b/lib/security.c @@ -60,7 +60,7 @@ #include "ftp.h" /* The last #include file should be: */ -#ifdef MALLOCDEBUG +#ifdef CURLDEBUG #include "memdebug.h" #endif -- cgit v1.2.1 From 800052dc50ace9748f607afc8f451afac948736b Mon Sep 17 00:00:00 2001 From: Daniel Stenberg Date: Tue, 2 Dec 2003 13:27:29 +0000 Subject: use the HAVE_KRB4 define instead of just KRB4 --- lib/security.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'lib/security.c') diff --git a/lib/security.c b/lib/security.c index 1c83a18f9..16746cdc9 100644 --- a/lib/security.c +++ b/lib/security.c @@ -41,7 +41,7 @@ #include "setup.h" #ifndef CURL_DISABLE_FTP -#ifdef KRB4 +#ifdef HAVE_KRB4 #define _MPRINTF_REPLACE /* we want curl-functions instead of native ones */ #include @@ -90,7 +90,7 @@ static struct Curl_sec_client_mech *mechs[] = { #ifdef KRB5 /* not supported */ #endif -#ifdef KRB4 +#ifdef HAVE_KRB4 &Curl_krb4_client_mech, #endif NULL @@ -478,5 +478,5 @@ Curl_sec_end(struct connectdata *conn) conn->mech=NULL; } -#endif /* KRB4 */ +#endif /* HAVE_KRB4 */ #endif /* CURL_DISABLE_FTP */ -- cgit v1.2.1 From bbafb2eb27954c34967f91c705e74cc0c186970d Mon Sep 17 00:00:00 2001 From: Daniel Stenberg Date: Tue, 11 May 2004 11:30:23 +0000 Subject: curl_global_init_mem() allows the memory functions to be replaced. memory.h is included everywhere for this. --- lib/security.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) (limited to 'lib/security.c') diff --git a/lib/security.c b/lib/security.c index 16746cdc9..f1af44201 100644 --- a/lib/security.c +++ b/lib/security.c @@ -58,11 +58,10 @@ #include "base64.h" #include "sendf.h" #include "ftp.h" +#include "memory.h" /* The last #include file should be: */ -#ifdef CURLDEBUG #include "memdebug.h" -#endif #define min(a, b) ((a) < (b) ? (a) : (b)) -- cgit v1.2.1 From 6c3759d78d885d3675094671a8bde9ff41c9a8cc Mon Sep 17 00:00:00 2001 From: Daniel Stenberg Date: Wed, 30 Jun 2004 11:51:24 +0000 Subject: removed trailing whitespace, free a missing malloc when returning error --- lib/security.c | 80 ++++++++++++++++++++++++++++++---------------------------- 1 file changed, 41 insertions(+), 39 deletions(-) (limited to 'lib/security.c') diff --git a/lib/security.c b/lib/security.c index f1af44201..41dfa7311 100644 --- a/lib/security.c +++ b/lib/security.c @@ -10,22 +10,22 @@ * Copyright (c) 1998, 1999 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: - * + * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. - * + * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. - * + * * 3. Neither the name of the Institute nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. - * + * * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE @@ -75,7 +75,7 @@ static struct { { prot_private, "private" } }; -static enum protection_level +static enum protection_level name_to_level(const char *name) { int i; @@ -146,7 +146,7 @@ sec_get_data(struct connectdata *conn, { int len; int b; - + b = block_read(fd, &len, sizeof(len)); if (b == 0) return 0; @@ -206,12 +206,12 @@ Curl_sec_read(struct connectdata *conn, int fd, void *buffer, int length) conn->in_buffer.eof_flag = 0; return 0; } - + len = buffer_read(&conn->in_buffer, buffer, length); length -= len; rx += len; buffer = (char*)buffer + len; - + while(length) { if(sec_get_data(conn, fd, &conn->in_buffer) < 0) return -1; @@ -261,7 +261,7 @@ Curl_sec_write(struct connectdata *conn, int fd, char *buffer, int length) { int len = conn->buffer_size; int tx = 0; - + if(conn->data_prot == prot_clear) return write(fd, buffer, length); @@ -283,7 +283,7 @@ Curl_sec_putc(struct connectdata *conn, int c, FILE *F) char ch = c; if(conn->data_prot == prot_clear) return putc(c, F); - + buffer_write(&conn->out_buffer, &ch, 1); if(c == '\n' || conn->out_buffer.index >= 1024 /* XXX */) { Curl_sec_write(conn, fileno(F), conn->out_buffer.data, @@ -296,36 +296,38 @@ Curl_sec_putc(struct connectdata *conn, int c, FILE *F) int Curl_sec_read_msg(struct connectdata *conn, char *s, int level) { - int len; - char *buf; - int code; - - buf = malloc(strlen(s)); - len = Curl_base64_decode(s + 4, buf); /* XXX */ - - len = (conn->mech->decode)(conn->app_data, buf, len, level, conn); - if(len < 0) - return -1; - - buf[len] = '\0'; - - if(buf[3] == '-') - code = 0; - else - sscanf(buf, "%d", &code); - if(buf[len-1] == '\n') - buf[len-1] = '\0'; - strcpy(s, buf); + int len; + char *buf; + int code; + + buf = malloc(strlen(s)); + len = Curl_base64_decode(s + 4, buf); /* XXX */ + + len = (conn->mech->decode)(conn->app_data, buf, len, level, conn); + if(len < 0) { free(buf); - return code; + return -1; + } + + buf[len] = '\0'; + + if(buf[3] == '-') + code = 0; + else + sscanf(buf, "%d", &code); + if(buf[len-1] == '\n') + buf[len-1] = '\0'; + strcpy(s, buf); + free(buf); + return code; } enum protection_level Curl_set_command_prot(struct connectdata *conn, enum protection_level level) { - enum protection_level old = conn->command_prot; - conn->command_prot = level; - return old; + enum protection_level old = conn->command_prot; + conn->command_prot = level; + return old; } static int @@ -371,7 +373,7 @@ sec_prot_internal(struct connectdata *conn, int level) failf(conn->data, "Failed to set protection level."); return -1; } - + conn->data_prot = (enum protection_level)level; return 0; } @@ -412,7 +414,7 @@ Curl_sec_login(struct connectdata *conn) return -1; } conn->app_data = tmp; - + if((*m)->init && (*(*m)->init)(conn->app_data) != 0) { infof(data, "Skipping %s...\n", (*m)->name); continue; @@ -446,7 +448,7 @@ Curl_sec_login(struct connectdata *conn) } ret = (*(*m)->auth)(conn->app_data, conn); - + if(ret == AUTH_CONTINUE) continue; else if(ret != AUTH_OK){ @@ -458,7 +460,7 @@ Curl_sec_login(struct connectdata *conn) conn->command_prot = prot_safe; break; } - + return *m == NULL; } -- cgit v1.2.1 From 39af394a1c3ae1d8ac71ad263a7c524988702c2e Mon Sep 17 00:00:00 2001 From: Daniel Stenberg Date: Wed, 6 Oct 2004 07:50:18 +0000 Subject: removed tabs and trailing whitespace from source --- lib/security.c | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) (limited to 'lib/security.c') diff --git a/lib/security.c b/lib/security.c index 41dfa7311..3b2a39213 100644 --- a/lib/security.c +++ b/lib/security.c @@ -178,15 +178,15 @@ static size_t buffer_write(struct krb4buffer *buf, void *data, size_t len) { if(buf->index + len > buf->size) { - void *tmp; - if(buf->data == NULL) - tmp = malloc(1024); - else - tmp = realloc(buf->data, buf->index + len); - if(tmp == NULL) - return -1; - buf->data = tmp; - buf->size = buf->index + len; + void *tmp; + if(buf->data == NULL) + tmp = malloc(1024); + else + tmp = realloc(buf->data, buf->index + len); + if(tmp == NULL) + return -1; + buf->data = tmp; + buf->size = buf->index + len; } memcpy((char*)buf->data + buf->index, data, len); buf->index += len; -- cgit v1.2.1 From 62f97f1817379f448ce069add864bbd9f93806a1 Mon Sep 17 00:00:00 2001 From: Daniel Stenberg Date: Thu, 7 Oct 2004 22:56:24 +0000 Subject: use curl_strnequal(), not strncasecmp() --- lib/security.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'lib/security.c') diff --git a/lib/security.c b/lib/security.c index 3b2a39213..e87a5144b 100644 --- a/lib/security.c +++ b/lib/security.c @@ -80,7 +80,7 @@ name_to_level(const char *name) { int i; for(i = 0; i < (int)sizeof(level_names)/(int)sizeof(level_names[0]); i++) - if(!strncasecmp(level_names[i].name, name, strlen(name))) + if(curl_strnequal(level_names[i].name, name, strlen(name))) return level_names[i].level; return (enum protection_level)-1; } -- cgit v1.2.1 From 1ba47e7af9edfa682faba73df8bf0dc240facb19 Mon Sep 17 00:00:00 2001 From: Dan Fandrich Date: Wed, 15 Dec 2004 01:38:25 +0000 Subject: Add 'const' to immutable arrays. --- lib/security.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'lib/security.c') diff --git a/lib/security.c b/lib/security.c index e87a5144b..f34729b55 100644 --- a/lib/security.c +++ b/lib/security.c @@ -65,7 +65,7 @@ #define min(a, b) ((a) < (b) ? (a) : (b)) -static struct { +static const struct { enum protection_level level; const char *name; } level_names[] = { @@ -85,7 +85,7 @@ name_to_level(const char *name) return (enum protection_level)-1; } -static struct Curl_sec_client_mech *mechs[] = { +static const struct Curl_sec_client_mech *mechs[] = { #ifdef KRB5 /* not supported */ #endif @@ -400,7 +400,7 @@ int Curl_sec_login(struct connectdata *conn) { int ret; - struct Curl_sec_client_mech **m; + const struct Curl_sec_client_mech **m; ssize_t nread; struct SessionHandle *data=conn->data; int ftpcode; -- cgit v1.2.1 From a28b32aa45e5f4ce9d2bc85a840884336dd87f27 Mon Sep 17 00:00:00 2001 From: Dan Fandrich Date: Wed, 15 Dec 2004 02:32:04 +0000 Subject: Make some arrays of pointers const, too. --- lib/security.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'lib/security.c') diff --git a/lib/security.c b/lib/security.c index f34729b55..64c55b3ba 100644 --- a/lib/security.c +++ b/lib/security.c @@ -85,7 +85,7 @@ name_to_level(const char *name) return (enum protection_level)-1; } -static const struct Curl_sec_client_mech *mechs[] = { +static const struct Curl_sec_client_mech * const mechs[] = { #ifdef KRB5 /* not supported */ #endif @@ -400,7 +400,7 @@ int Curl_sec_login(struct connectdata *conn) { int ret; - const struct Curl_sec_client_mech **m; + const struct Curl_sec_client_mech * const *m; ssize_t nread; struct SessionHandle *data=conn->data; int ftpcode; -- cgit v1.2.1 From f8b4ba80e0b6c53620084108b59aed95d16a26ec Mon Sep 17 00:00:00 2001 From: Daniel Stenberg Date: Tue, 22 Feb 2005 12:20:30 +0000 Subject: krb4 fixed --- lib/security.c | 14 ++++++++------ 1 file changed, 8 insertions(+), 6 deletions(-) (limited to 'lib/security.c') diff --git a/lib/security.c b/lib/security.c index 64c55b3ba..c1df26c05 100644 --- a/lib/security.c +++ b/lib/security.c @@ -297,13 +297,15 @@ int Curl_sec_read_msg(struct connectdata *conn, char *s, int level) { int len; - char *buf; + unsigned char *buf; int code; - buf = malloc(strlen(s)); - len = Curl_base64_decode(s + 4, buf); /* XXX */ + len = Curl_base64_decode(s + 4, &buf); /* XXX */ + if(len > 0) + len = (conn->mech->decode)(conn->app_data, buf, len, level, conn); + else + return -1; - len = (conn->mech->decode)(conn->app_data, buf, len, level, conn); if(len < 0) { free(buf); return -1; @@ -314,10 +316,10 @@ Curl_sec_read_msg(struct connectdata *conn, char *s, int level) if(buf[3] == '-') code = 0; else - sscanf(buf, "%d", &code); + sscanf((char *)buf, "%d", &code); if(buf[len-1] == '\n') buf[len-1] = '\0'; - strcpy(s, buf); + strcpy(s, (char *)buf); free(buf); return code; } -- cgit v1.2.1 From 62970da6752495421543bddcefd0b8eedd6cbb13 Mon Sep 17 00:00:00 2001 From: Daniel Stenberg Date: Mon, 14 Mar 2005 00:00:45 +0000 Subject: Removed security.h since it shadows an include file mingw needs when building for SSPI support. The contents of the file has been moved into the krb4.h file. --- lib/security.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'lib/security.c') diff --git a/lib/security.c b/lib/security.c index c1df26c05..865ed23ca 100644 --- a/lib/security.c +++ b/lib/security.c @@ -46,7 +46,6 @@ #define _MPRINTF_REPLACE /* we want curl-functions instead of native ones */ #include -#include "security.h" #include #include #include @@ -55,6 +54,8 @@ #include #endif +#include "urldata.h" +#include "krb4.h" #include "base64.h" #include "sendf.h" #include "ftp.h" -- cgit v1.2.1 From be0d17e812053bddd99e1d330c429399f17aee44 Mon Sep 17 00:00:00 2001 From: Daniel Stenberg Date: Sat, 11 Nov 2006 21:34:43 +0000 Subject: cleaned up Curl_write() and the sub functions it uses for various protocols. They all now return ssize_t to Curl_write(). Unfortunately, Curl_read() is in a sorrier state but it too would benefit from a similar cleanup. --- lib/security.c | 7 +++++++ 1 file changed, 7 insertions(+) (limited to 'lib/security.c') diff --git a/lib/security.c b/lib/security.c index 865ed23ca..4c9aed812 100644 --- a/lib/security.c +++ b/lib/security.c @@ -278,6 +278,13 @@ Curl_sec_write(struct connectdata *conn, int fd, char *buffer, int length) return tx; } +ssize_t +Curl_sec_send(struct connectdata *conn, int num, char *buffer, int length) +{ + curl_socket_t fd = conn->sock[num]; + return (ssize_t)Curl_sec_write(conn, fd, buffer, length); +} + int Curl_sec_putc(struct connectdata *conn, int c, FILE *F) { -- cgit v1.2.1 From 54967d2a3ab5559631407f7b7f67ef48c2dda6dd Mon Sep 17 00:00:00 2001 From: Daniel Stenberg Date: Sun, 1 Jul 2007 22:01:18 +0000 Subject: Thomas J. Moore provided a patch that introduces Kerberos5 support in libcurl. This also makes the options change name to --krb (from --krb4) and CURLOPT_KRBLEVEL (from CURLOPT_KRB4LEVEL) but the old names are still --- lib/security.c | 61 ++++++++++++++++++++++++++++++++++++++++++++++++---------- 1 file changed, 51 insertions(+), 10 deletions(-) (limited to 'lib/security.c') diff --git a/lib/security.c b/lib/security.c index 4c9aed812..5aa6ebfb5 100644 --- a/lib/security.c +++ b/lib/security.c @@ -41,7 +41,7 @@ #include "setup.h" #ifndef CURL_DISABLE_FTP -#ifdef HAVE_KRB4 +#if defined(HAVE_KRB4) || defined(HAVE_GSSAPI) #define _MPRINTF_REPLACE /* we want curl-functions instead of native ones */ #include @@ -87,8 +87,8 @@ name_to_level(const char *name) } static const struct Curl_sec_client_mech * const mechs[] = { -#ifdef KRB5 - /* not supported */ +#ifdef HAVE_GSSAPI + &Curl_krb5_client_mech, #endif #ifdef HAVE_KRB4 &Curl_krb4_client_mech, @@ -118,6 +118,8 @@ block_read(int fd, void *buf, size_t len) b = read(fd, p, len); if (b == 0) return 0; + else if (b < 0 && (errno == EINTR || errno == EAGAIN)) + continue; else if (b < 0) return -1; len -= b; @@ -133,7 +135,9 @@ block_write(int fd, void *buf, size_t len) int b; while(len) { b = write(fd, p, len); - if(b < 0) + if (b < 0 && (errno == EINTR || errno == EAGAIN)) + continue; + else if(b < 0) return -1; len -= b; p += b; @@ -155,7 +159,7 @@ sec_get_data(struct connectdata *conn, return -1; len = ntohl(len); buf->data = realloc(buf->data, len); - b = block_read(fd, buf->data, len); + b = buf->data ? block_read(fd, buf->data, len) : -1; if (b == 0) return 0; else if (b < 0) @@ -234,11 +238,36 @@ sec_send(struct connectdata *conn, int fd, char *from, int length) { int bytes; void *buf; - bytes = (conn->mech->encode)(conn->app_data, from, length, conn->data_prot, + enum protection_level protlevel = conn->data_prot; + int iscmd = protlevel == prot_cmd; + + if(iscmd) { + if(!strncmp(from, "PASS ", 5) || !strncmp(from, "ACCT ", 5)) + protlevel = prot_private; + else + protlevel = conn->command_prot; + } + bytes = (conn->mech->encode)(conn->app_data, from, length, protlevel, &buf, conn); - bytes = htonl(bytes); - block_write(fd, &bytes, sizeof(bytes)); - block_write(fd, buf, ntohl(bytes)); + if(iscmd) { + char *cmdbuf; + + bytes = Curl_base64_encode(conn->data, (char *)buf, bytes, &cmdbuf); + if(bytes > 0) { + if(protlevel == prot_private) + block_write(fd, "ENC ", 4); + else + block_write(fd, "MIC ", 4); + block_write(fd, cmdbuf, bytes); + block_write(fd, "\r\n", 2); + Curl_infof(conn->data, "%s %s\n", protlevel == prot_private ? "ENC" : "MIC", cmdbuf); + free(cmdbuf); + } + } else { + bytes = htonl(bytes); + block_write(fd, &bytes, sizeof(bytes)); + block_write(fd, buf, ntohl(bytes)); + } free(buf); return length; } @@ -267,6 +296,8 @@ Curl_sec_write(struct connectdata *conn, int fd, char *buffer, int length) return write(fd, buffer, length); len -= (conn->mech->overhead)(conn->app_data, conn->data_prot, len); + if(len <= 0) + len = length; while(length){ if(length < len) len = length; @@ -319,6 +350,11 @@ Curl_sec_read_msg(struct connectdata *conn, char *s, int level) return -1; } + if(conn->data->set.verbose) { + buf[len] = '\n'; + Curl_debug(conn->data, CURLINFO_HEADER_IN, (char *)buf, len + 1, conn); + } + buf[len] = '\0'; if(buf[3] == '-') @@ -360,7 +396,7 @@ sec_prot_internal(struct connectdata *conn, int level) if(Curl_GetFTPResponse(&nread, conn, &code)) return -1; - if(code/100 != '2'){ + if(code/100 != 2){ failf(conn->data, "Failed to set protection buffer size."); return -1; } @@ -385,6 +421,8 @@ sec_prot_internal(struct connectdata *conn, int level) } conn->data_prot = (enum protection_level)level; + if(level == prot_private) + conn->command_prot = (enum protection_level)level; return 0; } @@ -468,6 +506,9 @@ Curl_sec_login(struct connectdata *conn) conn->mech = *m; conn->sec_complete = 1; conn->command_prot = prot_safe; + /* Set the requested protection level */ + /* BLOCKING */ + Curl_sec_set_protection_level(conn); break; } -- cgit v1.2.1 From 74ad8516d713b208b54cee4abd0bc19cfb4a4307 Mon Sep 17 00:00:00 2001 From: Daniel Stenberg Date: Fri, 6 Jul 2007 22:14:29 +0000 Subject: Thomas J. Moore made it build with less warnings --- lib/security.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'lib/security.c') diff --git a/lib/security.c b/lib/security.c index 5aa6ebfb5..cd644e596 100644 --- a/lib/security.c +++ b/lib/security.c @@ -129,9 +129,9 @@ block_read(int fd, void *buf, size_t len) } static int -block_write(int fd, void *buf, size_t len) +block_write(int fd, const void *buf, size_t len) { - unsigned char *p = buf; + const unsigned char *p = buf; int b; while(len) { b = write(fd, p, len); -- cgit v1.2.1 From cbd1a77ec24e397d05f20c6de106625676343c9d Mon Sep 17 00:00:00 2001 From: Daniel Stenberg Date: Wed, 7 Nov 2007 09:21:35 +0000 Subject: if () => if() while () => while() and some other minor re-indentings --- lib/security.c | 135 ++++++++++++++++++++++++++++++--------------------------- 1 file changed, 70 insertions(+), 65 deletions(-) (limited to 'lib/security.c') diff --git a/lib/security.c b/lib/security.c index cd644e596..0454f094c 100644 --- a/lib/security.c +++ b/lib/security.c @@ -9,6 +9,9 @@ * * Copyright (c) 1998, 1999 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). + * + * Copyright (C) 2001 - 2007, Daniel Stenberg, , et al. + * * All rights reserved. * * Redistribution and use in source and binary forms, with or without @@ -67,13 +70,13 @@ #define min(a, b) ((a) < (b) ? (a) : (b)) static const struct { - enum protection_level level; - const char *name; + enum protection_level level; + const char *name; } level_names[] = { - { prot_clear, "clear" }, - { prot_safe, "safe" }, - { prot_confidential, "confidential" }, - { prot_private, "private" } + { prot_clear, "clear" }, + { prot_safe, "safe" }, + { prot_confidential, "confidential" }, + { prot_private, "private" } }; static enum protection_level @@ -88,12 +91,12 @@ name_to_level(const char *name) static const struct Curl_sec_client_mech * const mechs[] = { #ifdef HAVE_GSSAPI - &Curl_krb5_client_mech, + &Curl_krb5_client_mech, #endif #ifdef HAVE_KRB4 - &Curl_krb4_client_mech, + &Curl_krb4_client_mech, #endif - NULL + NULL }; int @@ -116,11 +119,11 @@ block_read(int fd, void *buf, size_t len) int b; while(len) { b = read(fd, p, len); - if (b == 0) + if(b == 0) return 0; - else if (b < 0 && (errno == EINTR || errno == EAGAIN)) + else if(b < 0 && (errno == EINTR || errno == EAGAIN)) continue; - else if (b < 0) + else if(b < 0) return -1; len -= b; p += b; @@ -135,7 +138,7 @@ block_write(int fd, const void *buf, size_t len) int b; while(len) { b = write(fd, p, len); - if (b < 0 && (errno == EINTR || errno == EAGAIN)) + if(b < 0 && (errno == EINTR || errno == EAGAIN)) continue; else if(b < 0) return -1; @@ -153,16 +156,16 @@ sec_get_data(struct connectdata *conn, int b; b = block_read(fd, &len, sizeof(len)); - if (b == 0) + if(b == 0) return 0; - else if (b < 0) + else if(b < 0) return -1; len = ntohl(len); buf->data = realloc(buf->data, len); b = buf->data ? block_read(fd, buf->data, len) : -1; - if (b == 0) + if(b == 0) return 0; - else if (b < 0) + else if(b < 0) return -1; buf->size = (conn->mech->decode)(conn->app_data, buf->data, len, conn->data_prot, conn); @@ -173,64 +176,64 @@ sec_get_data(struct connectdata *conn, static size_t buffer_read(struct krb4buffer *buf, void *data, size_t len) { - len = min(len, buf->size - buf->index); - memcpy(data, (char*)buf->data + buf->index, len); - buf->index += len; - return len; + len = min(len, buf->size - buf->index); + memcpy(data, (char*)buf->data + buf->index, len); + buf->index += len; + return len; } static size_t buffer_write(struct krb4buffer *buf, void *data, size_t len) { - if(buf->index + len > buf->size) { - void *tmp; - if(buf->data == NULL) - tmp = malloc(1024); - else - tmp = realloc(buf->data, buf->index + len); - if(tmp == NULL) - return -1; - buf->data = tmp; - buf->size = buf->index + len; - } - memcpy((char*)buf->data + buf->index, data, len); - buf->index += len; - return len; + if(buf->index + len > buf->size) { + void *tmp; + if(buf->data == NULL) + tmp = malloc(1024); + else + tmp = realloc(buf->data, buf->index + len); + if(tmp == NULL) + return -1; + buf->data = tmp; + buf->size = buf->index + len; + } + memcpy((char*)buf->data + buf->index, data, len); + buf->index += len; + return len; } int Curl_sec_read(struct connectdata *conn, int fd, void *buffer, int length) { - size_t len; - int rx = 0; + size_t len; + int rx = 0; - if(conn->sec_complete == 0 || conn->data_prot == 0) - return read(fd, buffer, length); + if(conn->sec_complete == 0 || conn->data_prot == 0) + return read(fd, buffer, length); - if(conn->in_buffer.eof_flag){ - conn->in_buffer.eof_flag = 0; - return 0; - } + if(conn->in_buffer.eof_flag){ + conn->in_buffer.eof_flag = 0; + return 0; + } + + len = buffer_read(&conn->in_buffer, buffer, length); + length -= len; + rx += len; + buffer = (char*)buffer + len; + while(length) { + if(sec_get_data(conn, fd, &conn->in_buffer) < 0) + return -1; + if(conn->in_buffer.size == 0) { + if(rx) + conn->in_buffer.eof_flag = 1; + return rx; + } len = buffer_read(&conn->in_buffer, buffer, length); length -= len; rx += len; buffer = (char*)buffer + len; - - while(length) { - if(sec_get_data(conn, fd, &conn->in_buffer) < 0) - return -1; - if(conn->in_buffer.size == 0) { - if(rx) - conn->in_buffer.eof_flag = 1; - return rx; - } - len = buffer_read(&conn->in_buffer, buffer, length); - length -= len; - rx += len; - buffer = (char*)buffer + len; - } - return rx; + } + return rx; } static int @@ -255,15 +258,17 @@ sec_send(struct connectdata *conn, int fd, char *from, int length) bytes = Curl_base64_encode(conn->data, (char *)buf, bytes, &cmdbuf); if(bytes > 0) { if(protlevel == prot_private) - block_write(fd, "ENC ", 4); + block_write(fd, "ENC ", 4); else - block_write(fd, "MIC ", 4); + block_write(fd, "MIC ", 4); block_write(fd, cmdbuf, bytes); block_write(fd, "\r\n", 2); - Curl_infof(conn->data, "%s %s\n", protlevel == prot_private ? "ENC" : "MIC", cmdbuf); + Curl_infof(conn->data, "%s %s\n", + protlevel == prot_private ? "ENC" : "MIC", cmdbuf); free(cmdbuf); } - } else { + } + else { bytes = htonl(bytes); block_write(fd, &bytes, sizeof(bytes)); block_write(fd, buf, ntohl(bytes)); @@ -278,7 +283,7 @@ Curl_sec_fflush_fd(struct connectdata *conn, int fd) if(conn->data_prot != prot_clear) { if(conn->out_buffer.index > 0){ Curl_sec_write(conn, fd, - conn->out_buffer.data, conn->out_buffer.index); + conn->out_buffer.data, conn->out_buffer.index); conn->out_buffer.index = 0; } sec_send(conn, fd, NULL, 0); @@ -457,7 +462,7 @@ Curl_sec_login(struct connectdata *conn) void *tmp; tmp = realloc(conn->app_data, (*m)->size); - if (tmp == NULL) { + if(tmp == NULL) { failf (data, "realloc %u failed", (*m)->size); return -1; } @@ -518,7 +523,7 @@ Curl_sec_login(struct connectdata *conn) void Curl_sec_end(struct connectdata *conn) { - if (conn->mech != NULL) { + if(conn->mech != NULL) { if(conn->mech->end) (conn->mech->end)(conn->app_data); memset(conn->app_data, 0, conn->mech->size); -- cgit v1.2.1 From e2b82b4325e2726a802b6202f2d011fb4988e41d Mon Sep 17 00:00:00 2001 From: Michal Marek Date: Fri, 9 May 2008 11:27:54 +0000 Subject: - Make Curl_write and it's callees accept a const pointer, in preparation of tetetest's patch for curl_easy_send() --- lib/security.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'lib/security.c') diff --git a/lib/security.c b/lib/security.c index 0454f094c..a07da0b1e 100644 --- a/lib/security.c +++ b/lib/security.c @@ -237,7 +237,7 @@ Curl_sec_read(struct connectdata *conn, int fd, void *buffer, int length) } static int -sec_send(struct connectdata *conn, int fd, char *from, int length) +sec_send(struct connectdata *conn, int fd, const char *from, int length) { int bytes; void *buf; @@ -292,7 +292,7 @@ Curl_sec_fflush_fd(struct connectdata *conn, int fd) } int -Curl_sec_write(struct connectdata *conn, int fd, char *buffer, int length) +Curl_sec_write(struct connectdata *conn, int fd, const char *buffer, int length) { int len = conn->buffer_size; int tx = 0; @@ -315,7 +315,7 @@ Curl_sec_write(struct connectdata *conn, int fd, char *buffer, int length) } ssize_t -Curl_sec_send(struct connectdata *conn, int num, char *buffer, int length) +Curl_sec_send(struct connectdata *conn, int num, const char *buffer, int length) { curl_socket_t fd = conn->sock[num]; return (ssize_t)Curl_sec_write(conn, fd, buffer, length); -- cgit v1.2.1 From 4aa176c1275108c3d75cea4cac6d2aa96c1623b4 Mon Sep 17 00:00:00 2001 From: Dan Fandrich Date: Thu, 22 May 2008 19:44:10 +0000 Subject: Fixed some include file problems on Windows reported by David Rosenstrauch --- lib/security.c | 3 +++ 1 file changed, 3 insertions(+) (limited to 'lib/security.c') diff --git a/lib/security.c b/lib/security.c index a07da0b1e..60585a45e 100644 --- a/lib/security.c +++ b/lib/security.c @@ -51,7 +51,10 @@ #include #include + +#ifdef HAVE_NETDB_H #include +#endif #ifdef HAVE_UNISTD_H #include -- cgit v1.2.1 From d6f8f1606850c8d814dec0dd65818960af88bbca Mon Sep 17 00:00:00 2001 From: Yang Tse Date: Mon, 26 May 2008 01:59:00 +0000 Subject: fix: preprocessor complaining about macro redefinition --- lib/security.c | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) (limited to 'lib/security.c') diff --git a/lib/security.c b/lib/security.c index 60585a45e..da1e2fdde 100644 --- a/lib/security.c +++ b/lib/security.c @@ -10,7 +10,7 @@ * Copyright (c) 1998, 1999 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * - * Copyright (C) 2001 - 2007, Daniel Stenberg, , et al. + * Copyright (C) 2001 - 2008, Daniel Stenberg, , et al. * * All rights reserved. * @@ -70,8 +70,6 @@ /* The last #include file should be: */ #include "memdebug.h" -#define min(a, b) ((a) < (b) ? (a) : (b)) - static const struct { enum protection_level level; const char *name; @@ -179,7 +177,8 @@ sec_get_data(struct connectdata *conn, static size_t buffer_read(struct krb4buffer *buf, void *data, size_t len) { - len = min(len, buf->size - buf->index); + if(buf->size - buf->index < len) + len = buf->size - buf->index; memcpy(data, (char*)buf->data + buf->index, len); buf->index += len; return len; -- cgit v1.2.1 From ac18b471d253f8d5c69d1044a59753f32bcd663f Mon Sep 17 00:00:00 2001 From: Yang Tse Date: Sun, 17 Aug 2008 00:25:38 +0000 Subject: libcurl internal base64.h header file renamed to curl_base64.h --- lib/security.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'lib/security.c') diff --git a/lib/security.c b/lib/security.c index da1e2fdde..bec751045 100644 --- a/lib/security.c +++ b/lib/security.c @@ -62,7 +62,7 @@ #include "urldata.h" #include "krb4.h" -#include "base64.h" +#include "curl_base64.h" #include "sendf.h" #include "ftp.h" #include "memory.h" -- cgit v1.2.1 From bab5183820dbd2e0ea9ee4f0442844291d05c90e Mon Sep 17 00:00:00 2001 From: Dan Fandrich Date: Thu, 23 Oct 2008 01:20:57 +0000 Subject: Created Curl_raw_nequal() which does a C-locale string case comparison. Changed checkprefix() to use it and those instances of strnequal() that compare host names or other protocol strings that are defined to be independent of case in the C locale. This should fix a few more Turkish locale problems. --- lib/security.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'lib/security.c') diff --git a/lib/security.c b/lib/security.c index bec751045..01143938a 100644 --- a/lib/security.c +++ b/lib/security.c @@ -85,7 +85,7 @@ name_to_level(const char *name) { int i; for(i = 0; i < (int)sizeof(level_names)/(int)sizeof(level_names[0]); i++) - if(curl_strnequal(level_names[i].name, name, strlen(name))) + if(checkprefix(name, level_names[i].name)) return level_names[i].level; return (enum protection_level)-1; } -- cgit v1.2.1 From 6c14c96e71cbfa9ad94bb6e6d2c9cf232e4d3a9a Mon Sep 17 00:00:00 2001 From: Daniel Stenberg Date: Thu, 23 Oct 2008 08:06:47 +0000 Subject: added include to make the krb4 code compile again --- lib/security.c | 1 + 1 file changed, 1 insertion(+) (limited to 'lib/security.c') diff --git a/lib/security.c b/lib/security.c index 01143938a..cc2c917e9 100644 --- a/lib/security.c +++ b/lib/security.c @@ -66,6 +66,7 @@ #include "sendf.h" #include "ftp.h" #include "memory.h" +#include "strequal.h" /* The last #include file should be: */ #include "memdebug.h" -- cgit v1.2.1 From b701ea36a723b2d7700e23ae53e2c3145dfe7bda Mon Sep 17 00:00:00 2001 From: Daniel Stenberg Date: Thu, 23 Oct 2008 11:49:19 +0000 Subject: moved the Curl_raw_ functions into the new lib/rawstr.c file for easier curlx_ inclusion by the curl tool without colliding with the curl_strequal functions. --- lib/security.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'lib/security.c') diff --git a/lib/security.c b/lib/security.c index cc2c917e9..3a9642ae4 100644 --- a/lib/security.c +++ b/lib/security.c @@ -66,7 +66,7 @@ #include "sendf.h" #include "ftp.h" #include "memory.h" -#include "strequal.h" +#include "rawstr.h" /* The last #include file should be: */ #include "memdebug.h" -- cgit v1.2.1 From 484d549ecef3ee44dff4bbca418b5ace20629502 Mon Sep 17 00:00:00 2001 From: Dan Fandrich Date: Sun, 2 Nov 2008 05:01:39 +0000 Subject: Marked with TODO comments a number of problems in the Kerberos code detected while investigating the issue in http://curl.haxx.se/mail/lib-2008-09/0262.html I'm hesitant to fix them because I have no way of testing the result. --- lib/security.c | 4 ++++ 1 file changed, 4 insertions(+) (limited to 'lib/security.c') diff --git a/lib/security.c b/lib/security.c index 3a9642ae4..7f6f3da0a 100644 --- a/lib/security.c +++ b/lib/security.c @@ -101,6 +101,7 @@ static const struct Curl_sec_client_mech * const mechs[] = { NULL }; +/* TODO: This function isn't actually used anywhere and should be removed */ int Curl_sec_getc(struct connectdata *conn, FILE *F) { @@ -124,6 +125,7 @@ block_read(int fd, void *buf, size_t len) if(b == 0) return 0; else if(b < 0 && (errno == EINTR || errno == EAGAIN)) + /* TODO: this will busy loop in the EAGAIN case */ continue; else if(b < 0) return -1; @@ -163,6 +165,8 @@ sec_get_data(struct connectdata *conn, else if(b < 0) return -1; len = ntohl(len); + /* TODO: This realloc will cause a memory leak in an out of memory + * condition */ buf->data = realloc(buf->data, len); b = buf->data ? block_read(fd, buf->data, len) : -1; if(b == 0) -- cgit v1.2.1 From 33a3753c3f41d546ebf3350685eb7201d25783f4 Mon Sep 17 00:00:00 2001 From: Yang Tse Date: Tue, 21 Apr 2009 11:46:16 +0000 Subject: libcurl's memory.h renamed to curl_memory.h --- lib/security.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'lib/security.c') diff --git a/lib/security.c b/lib/security.c index 7f6f3da0a..17ac3686d 100644 --- a/lib/security.c +++ b/lib/security.c @@ -10,7 +10,7 @@ * Copyright (c) 1998, 1999 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * - * Copyright (C) 2001 - 2008, Daniel Stenberg, , et al. + * Copyright (C) 2001 - 2009, Daniel Stenberg, , et al. * * All rights reserved. * @@ -65,7 +65,7 @@ #include "curl_base64.h" #include "sendf.h" #include "ftp.h" -#include "memory.h" +#include "curl_memory.h" #include "rawstr.h" /* The last #include file should be: */ -- cgit v1.2.1 From 4e75c708741abeac51fc5b4b456a7b8fcd81f97a Mon Sep 17 00:00:00 2001 From: Daniel Stenberg Date: Sat, 11 Jul 2009 09:57:54 +0000 Subject: silence a compiler warning --- lib/security.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'lib/security.c') diff --git a/lib/security.c b/lib/security.c index 17ac3686d..03fc67966 100644 --- a/lib/security.c +++ b/lib/security.c @@ -331,7 +331,7 @@ Curl_sec_send(struct connectdata *conn, int num, const char *buffer, int length) int Curl_sec_putc(struct connectdata *conn, int c, FILE *F) { - char ch = c; + char ch = (char)c; if(conn->data_prot == prot_clear) return putc(c, F); -- cgit v1.2.1 From d64bd82bdcb169d0647a80f00068cedd761f8163 Mon Sep 17 00:00:00 2001 From: Howard Chu Date: Fri, 7 May 2010 15:05:34 +0200 Subject: sendrecv: split the I/O handling into private handler Howard Chu brought the bulk work of this patch that properly moves out the sending and recving of data to the parts of the code that are properly responsible for the various ways of doing so. Daniel Stenberg assisted with polishing a few bits and fixed some minor flaws in the original patch. Another upside of this patch is that we now abuse CURLcodes less with the "magic" -1 return codes and instead use CURLE_AGAIN more consistently. --- lib/security.c | 102 +++++++++++++++------------------------------------------ 1 file changed, 27 insertions(+), 75 deletions(-) (limited to 'lib/security.c') diff --git a/lib/security.c b/lib/security.c index 03fc67966..03b1be251 100644 --- a/lib/security.c +++ b/lib/security.c @@ -10,7 +10,7 @@ * Copyright (c) 1998, 1999 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * - * Copyright (C) 2001 - 2009, Daniel Stenberg, , et al. + * Copyright (C) 2001 - 2010, Daniel Stenberg, , et al. * * All rights reserved. * @@ -101,20 +101,6 @@ static const struct Curl_sec_client_mech * const mechs[] = { NULL }; -/* TODO: This function isn't actually used anywhere and should be removed */ -int -Curl_sec_getc(struct connectdata *conn, FILE *F) -{ - if(conn->sec_complete && conn->data_prot) { - char c; - if(Curl_sec_read(conn, fileno(F), &c, 1) <= 0) - return EOF; - return c; - } - else - return getc(F); -} - static int block_read(int fd, void *buf, size_t len) { @@ -189,35 +175,16 @@ buffer_read(struct krb4buffer *buf, void *data, size_t len) return len; } -static size_t -buffer_write(struct krb4buffer *buf, void *data, size_t len) -{ - if(buf->index + len > buf->size) { - void *tmp; - if(buf->data == NULL) - tmp = malloc(1024); - else - tmp = realloc(buf->data, buf->index + len); - if(tmp == NULL) - return -1; - buf->data = tmp; - buf->size = buf->index + len; - } - memcpy((char*)buf->data + buf->index, data, len); - buf->index += len; - return len; -} - -int -Curl_sec_read(struct connectdata *conn, int fd, void *buffer, int length) +static ssize_t sec_read(struct connectdata *conn, int num, + char *buffer, size_t length, CURLcode *err) { size_t len; int rx = 0; + curl_socket_t fd = conn->sock[num]; - if(conn->sec_complete == 0 || conn->data_prot == 0) - return read(fd, buffer, length); + *err = CURLE_OK; - if(conn->in_buffer.eof_flag){ + if(conn->in_buffer.eof_flag) { conn->in_buffer.eof_flag = 0; return 0; } @@ -284,29 +251,12 @@ sec_send(struct connectdata *conn, int fd, const char *from, int length) return length; } -int -Curl_sec_fflush_fd(struct connectdata *conn, int fd) -{ - if(conn->data_prot != prot_clear) { - if(conn->out_buffer.index > 0){ - Curl_sec_write(conn, fd, - conn->out_buffer.data, conn->out_buffer.index); - conn->out_buffer.index = 0; - } - sec_send(conn, fd, NULL, 0); - } - return 0; -} - -int -Curl_sec_write(struct connectdata *conn, int fd, const char *buffer, int length) +static ssize_t sec_write(struct connectdata *conn, int fd, + const char *buffer, int length) { int len = conn->buffer_size; int tx = 0; - if(conn->data_prot == prot_clear) - return write(fd, buffer, length); - len -= (conn->mech->overhead)(conn->app_data, conn->data_prot, len); if(len <= 0) len = length; @@ -321,27 +271,25 @@ Curl_sec_write(struct connectdata *conn, int fd, const char *buffer, int length) return tx; } -ssize_t -Curl_sec_send(struct connectdata *conn, int num, const char *buffer, int length) +int +Curl_sec_fflush_fd(struct connectdata *conn, int fd) { - curl_socket_t fd = conn->sock[num]; - return (ssize_t)Curl_sec_write(conn, fd, buffer, length); + if(conn->data_prot != prot_clear) { + if(conn->out_buffer.index > 0){ + sec_write(conn, fd, conn->out_buffer.data, conn->out_buffer.index); + conn->out_buffer.index = 0; + } + sec_send(conn, fd, NULL, 0); + } + return 0; } -int -Curl_sec_putc(struct connectdata *conn, int c, FILE *F) +static ssize_t _sec_send(struct connectdata *conn, int num, + const void *buffer, size_t length, CURLcode *err) { - char ch = (char)c; - if(conn->data_prot == prot_clear) - return putc(c, F); - - buffer_write(&conn->out_buffer, &ch, 1); - if(c == '\n' || conn->out_buffer.index >= 1024 /* XXX */) { - Curl_sec_write(conn, fileno(F), conn->out_buffer.data, - conn->out_buffer.index); - conn->out_buffer.index = 0; - } - return c; + curl_socket_t fd = conn->sock[num]; + *err = CURLE_OK; + return sec_write(conn, fd, buffer, length); } int @@ -517,6 +465,10 @@ Curl_sec_login(struct connectdata *conn) } conn->mech = *m; conn->sec_complete = 1; + if (conn->data_prot != prot_clear) { + conn->recv = sec_read; + conn->send = _sec_send; + } conn->command_prot = prot_safe; /* Set the requested protection level */ /* BLOCKING */ -- cgit v1.2.1 From bc8fc9803fbd0fa9daf0dba796d42d03faf49120 Mon Sep 17 00:00:00 2001 From: Howard Chu Date: Tue, 11 May 2010 22:48:38 +0200 Subject: sendrecv: make them two pairs of send/recv to properly deal with FTPS FTP(S) use two connections that can be set to different recv and send functions independently, so by introducing recv+send pairs in the same manner we already have sockets/connections we can work with FTPS fine. This commit fixes the FTPS regression introduced in change d64bd82. --- lib/security.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) (limited to 'lib/security.c') diff --git a/lib/security.c b/lib/security.c index 03b1be251..eceb013b5 100644 --- a/lib/security.c +++ b/lib/security.c @@ -466,8 +466,10 @@ Curl_sec_login(struct connectdata *conn) conn->mech = *m; conn->sec_complete = 1; if (conn->data_prot != prot_clear) { - conn->recv = sec_read; - conn->send = _sec_send; + conn->recv[FIRSTSOCKET] = sec_read; + conn->send[FIRSTSOCKET] = _sec_send; + conn->recv[SECONDARYSOCKET] = sec_read; + conn->send[SECONDARYSOCKET] = _sec_send; } conn->command_prot = prot_safe; /* Set the requested protection level */ -- cgit v1.2.1 From 3f64d05d344ede0ec813413234bf9d7af0ce4ba4 Mon Sep 17 00:00:00 2001 From: Julien Chaffraix Date: Thu, 9 Sep 2010 23:52:49 -0700 Subject: Security.c: Fix headers guard to match the rest of the code. --- lib/security.c | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) (limited to 'lib/security.c') diff --git a/lib/security.c b/lib/security.c index eceb013b5..4f5393d49 100644 --- a/lib/security.c +++ b/lib/security.c @@ -92,10 +92,10 @@ name_to_level(const char *name) } static const struct Curl_sec_client_mech * const mechs[] = { -#ifdef HAVE_GSSAPI +#if defined(HAVE_GSSAPI) &Curl_krb5_client_mech, #endif -#ifdef HAVE_KRB4 +#if defined(HAVE_KRB4) &Curl_krb4_client_mech, #endif NULL @@ -496,5 +496,6 @@ Curl_sec_end(struct connectdata *conn) conn->mech=NULL; } -#endif /* HAVE_KRB4 */ +#endif /* HAVE_KRB4 || HAVE_GSSAPI */ + #endif /* CURL_DISABLE_FTP */ -- cgit v1.2.1 From b684ccd8b1c52098cd35c8284dc88db7b51772e7 Mon Sep 17 00:00:00 2001 From: Julien Chaffraix Date: Fri, 10 Sep 2010 00:07:09 -0700 Subject: security.c: Made block_read and sec_get_data return CURLcode. To do so, made block_read call Curl_read_plain instead of read. While changing them renamed block_read to socket_read and sec_get_data to read_data to better match their function. Also fixed a potential memory leak in block_read. --- lib/security.c | 75 +++++++++++++++++++++++++++++++--------------------------- 1 file changed, 40 insertions(+), 35 deletions(-) (limited to 'lib/security.c') diff --git a/lib/security.c b/lib/security.c index 4f5393d49..952364272 100644 --- a/lib/security.c +++ b/lib/security.c @@ -101,24 +101,30 @@ static const struct Curl_sec_client_mech * const mechs[] = { NULL }; -static int -block_read(int fd, void *buf, size_t len) + +/* Read |len| from the socket |fd| and store it in |to|. Return a + CURLcode saying whether an error occured or CURLE_OK if |len| was read. */ +static CURLcode +socket_read(curl_socket_t fd, void *to, size_t len) { - unsigned char *p = buf; - int b; - while(len) { - b = read(fd, p, len); - if(b == 0) - return 0; - else if(b < 0 && (errno == EINTR || errno == EAGAIN)) - /* TODO: this will busy loop in the EAGAIN case */ - continue; - else if(b < 0) - return -1; - len -= b; - p += b; + char *to_p = to; + CURLcode code; + ssize_t nread; + + while(len > 0) { + code = Curl_read_plain(fd, to_p, len, &nread); + if(code == CURLE_OK) { + len -= nread; + to_p += nread; + } + else { + /* FIXME: We are doing a busy wait */ + if(code == CURLE_AGAIN) + continue; + return code; + } } - return p - (unsigned char*)buf; + return CURLE_OK; } static int @@ -138,31 +144,30 @@ block_write(int fd, const void *buf, size_t len) return p - (unsigned char*)buf; } -static int -sec_get_data(struct connectdata *conn, - int fd, struct krb4buffer *buf) +static CURLcode read_data(struct connectdata *conn, + curl_socket_t fd, + struct krb4buffer *buf) { int len; - int b; + void* tmp; + CURLcode ret; + + ret = socket_read(fd, &len, sizeof(len)); + if (ret != CURLE_OK) + return ret; - b = block_read(fd, &len, sizeof(len)); - if(b == 0) - return 0; - else if(b < 0) - return -1; len = ntohl(len); - /* TODO: This realloc will cause a memory leak in an out of memory - * condition */ - buf->data = realloc(buf->data, len); - b = buf->data ? block_read(fd, buf->data, len) : -1; - if(b == 0) - return 0; - else if(b < 0) - return -1; + tmp = realloc(buf->data, len); + if (tmp == NULL) + return CURLE_OUT_OF_MEMORY; + + ret = socket_read(fd, buf->data, len); + if (ret != CURLE_OK) + return ret; buf->size = (conn->mech->decode)(conn->app_data, buf->data, len, conn->data_prot, conn); buf->index = 0; - return 0; + return CURLE_OK; } static size_t @@ -195,7 +200,7 @@ static ssize_t sec_read(struct connectdata *conn, int num, buffer = (char*)buffer + len; while(length) { - if(sec_get_data(conn, fd, &conn->in_buffer) < 0) + if(read_data(conn, fd, &conn->in_buffer) != CURLE_OK) return -1; if(conn->in_buffer.size == 0) { if(rx) -- cgit v1.2.1 From 0006cdddee80718cb83aab0f1b544d79f1262159 Mon Sep 17 00:00:00 2001 From: Julien Chaffraix Date: Fri, 10 Sep 2010 00:17:17 -0700 Subject: security.c: Made block_write return a CURLcode. While doing so, renamed it to socket_write to better match its function. --- lib/security.c | 47 ++++++++++++++++++++++++++++------------------- 1 file changed, 28 insertions(+), 19 deletions(-) (limited to 'lib/security.c') diff --git a/lib/security.c b/lib/security.c index 952364272..e9f8ea02f 100644 --- a/lib/security.c +++ b/lib/security.c @@ -127,21 +127,30 @@ socket_read(curl_socket_t fd, void *to, size_t len) return CURLE_OK; } -static int -block_write(int fd, const void *buf, size_t len) + +/* Write |len| bytes from the buffer |to| to the socket |fd|. Return a + CURLcode saying whether an error occured or CURLE_OK if |len| was written. */ +static CURLcode +socket_write(struct connectdata *conn, curl_socket_t fd, const void *to, size_t len) { - const unsigned char *p = buf; - int b; - while(len) { - b = write(fd, p, len); - if(b < 0 && (errno == EINTR || errno == EAGAIN)) - continue; - else if(b < 0) - return -1; - len -= b; - p += b; + const char *to_p = to; + CURLcode code; + ssize_t written; + + while(len > 0) { + code = Curl_write_plain(conn, fd, to_p, len, &written); + if(code == CURLE_OK) { + len -= written; + to_p += written; + } + else { + /* FIXME: We are doing a busy wait */ + if(code == CURLE_AGAIN) + continue; + return code; + } } - return p - (unsigned char*)buf; + return CURLE_OK; } static CURLcode read_data(struct connectdata *conn, @@ -237,11 +246,11 @@ sec_send(struct connectdata *conn, int fd, const char *from, int length) bytes = Curl_base64_encode(conn->data, (char *)buf, bytes, &cmdbuf); if(bytes > 0) { if(protlevel == prot_private) - block_write(fd, "ENC ", 4); + socket_write(conn, fd, "ENC ", 4); else - block_write(fd, "MIC ", 4); - block_write(fd, cmdbuf, bytes); - block_write(fd, "\r\n", 2); + socket_write(conn, fd, "MIC ", 4); + socket_write(conn, fd, cmdbuf, bytes); + socket_write(conn, fd, "\r\n", 2); Curl_infof(conn->data, "%s %s\n", protlevel == prot_private ? "ENC" : "MIC", cmdbuf); free(cmdbuf); @@ -249,8 +258,8 @@ sec_send(struct connectdata *conn, int fd, const char *from, int length) } else { bytes = htonl(bytes); - block_write(fd, &bytes, sizeof(bytes)); - block_write(fd, buf, ntohl(bytes)); + socket_write(conn, fd, &bytes, sizeof(bytes)); + socket_write(conn, fd, buf, ntohl(bytes)); } free(buf); return length; -- cgit v1.2.1 From fbb38de415b7bb7d743e53a7b4b887ffb12b3e5b Mon Sep 17 00:00:00 2001 From: Julien Chaffraix Date: Fri, 10 Sep 2010 00:22:40 -0700 Subject: security.c: buffer_read various fixes. Tighten the type of the |data| parameter to avoid a cast. Also made it const as we should not modify it. Added a DEBUGASSERT on the size to be written while changing it. --- lib/security.c | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) (limited to 'lib/security.c') diff --git a/lib/security.c b/lib/security.c index e9f8ea02f..c79128abd 100644 --- a/lib/security.c +++ b/lib/security.c @@ -180,11 +180,13 @@ static CURLcode read_data(struct connectdata *conn, } static size_t -buffer_read(struct krb4buffer *buf, void *data, size_t len) +buffer_read(struct krb4buffer *buf, const char *data, size_t len) { - if(buf->size - buf->index < len) - len = buf->size - buf->index; - memcpy(data, (char*)buf->data + buf->index, len); + size_t buf_capacity = buf->size - buf->index; + DEBUGASSERT(buf->size > buf->index); + if(buf_capacity < len) + len = buf_capacity; + memcpy(buf, data, len); buf->index += len; return len; } -- cgit v1.2.1 From 512a82d3950c1fc84783a0794a33ea471a517c1f Mon Sep 17 00:00:00 2001 From: Julien Chaffraix Date: Fri, 10 Sep 2010 00:26:37 -0700 Subject: security.c: Remove out_buffer as it was never written into. --- lib/security.c | 4 ---- 1 file changed, 4 deletions(-) (limited to 'lib/security.c') diff --git a/lib/security.c b/lib/security.c index c79128abd..3a3f0e03b 100644 --- a/lib/security.c +++ b/lib/security.c @@ -291,10 +291,6 @@ int Curl_sec_fflush_fd(struct connectdata *conn, int fd) { if(conn->data_prot != prot_clear) { - if(conn->out_buffer.index > 0){ - sec_write(conn, fd, conn->out_buffer.data, conn->out_buffer.index); - conn->out_buffer.index = 0; - } sec_send(conn, fd, NULL, 0); } return 0; -- cgit v1.2.1 From 1d95a48fe9b8a8ee80c820130291d38df698ade8 Mon Sep 17 00:00:00 2001 From: Julien Chaffraix Date: Sat, 11 Sep 2010 12:20:04 -0700 Subject: security.c: factored the logic from Curl_sec_login into a dedicated method that better reflect its intent. Introduced a helper method ftp_send_command that synchronously send an FTP query. --- lib/security.c | 115 ++++++++++++++++++++++++++++++++++++++------------------- 1 file changed, 77 insertions(+), 38 deletions(-) (limited to 'lib/security.c') diff --git a/lib/security.c b/lib/security.c index 3a3f0e03b..d4bb0b379 100644 --- a/lib/security.c +++ b/lib/security.c @@ -101,6 +101,27 @@ static const struct Curl_sec_client_mech * const mechs[] = { NULL }; +/* Send an FTP command defined by |message| and the optional arguments. The + function returns the ftp_code. If an error occurs, -1 is returned. */ +static int ftp_send_command(struct connectdata *conn, const char *message, ...) +{ + int ftp_code; + ssize_t nread; + va_list args; + + va_start(args, message); + if(Curl_ftpsendf(conn, message, args) != CURLE_OK) { + ftp_code = -1; + } + else { + if(Curl_GetFTPResponse(&nread, conn, &ftp_code) != CURLE_OK) + ftp_code = -1; + } + + (void)nread; /* Unused */ + va_end(args); + return ftp_code; +} /* Read |len| from the socket |fd| and store it in |to|. Return a CURLcode saying whether an error occured or CURLE_OK if |len| was read. */ @@ -416,66 +437,76 @@ Curl_sec_request_prot(struct connectdata *conn, const char *level) return 0; } -int -Curl_sec_login(struct connectdata *conn) +static CURLcode choose_mech(struct connectdata *conn) { int ret; - const struct Curl_sec_client_mech * const *m; - ssize_t nread; - struct SessionHandle *data=conn->data; - int ftpcode; - - for(m = mechs; *m && (*m)->name; m++) { - void *tmp; - - tmp = realloc(conn->app_data, (*m)->size); - if(tmp == NULL) { - failf (data, "realloc %u failed", (*m)->size); - return -1; - } - conn->app_data = tmp; - - if((*m)->init && (*(*m)->init)(conn->app_data) != 0) { - infof(data, "Skipping %s...\n", (*m)->name); + struct SessionHandle *data = conn->data; + const struct Curl_sec_client_mech * const *mech; + void *tmp_allocation; + const char *mech_name; + + for(mech = mechs; (*mech); ++mech) { + mech_name = (*mech)->name; + /* We have no mechanism with a NULL name but keep this check */ + DEBUGASSERT(mech_name != NULL); + if(mech_name == NULL) { + infof(data, "Skipping mechanism with empty name (%p)", mech); continue; } - infof(data, "Trying %s...\n", (*m)->name); + tmp_allocation = realloc(conn->app_data, (*mech)->size); + if(tmp_allocation == NULL) { + failf(data, "Failed realloc of size %u", (*mech)->size); + mech = NULL; + return CURLE_OUT_OF_MEMORY; + } + conn->app_data = tmp_allocation; - if(Curl_ftpsendf(conn, "AUTH %s", (*m)->name)) - return -1; + if((*mech)->init) { + ret = (*mech)->init(conn); + if(ret != 0) { + infof(data, "Failed initialization for %s. Skipping it.", mech_name); + continue; + } + } - if(Curl_GetFTPResponse(&nread, conn, &ftpcode)) - return -1; + infof(data, "Trying mechanism %s...", mech_name); + ret = ftp_send_command(conn, "AUTH %s", mech_name); + if(ret < 0) + /* FIXME: This error is too generic but it is OK for now. */ + return CURLE_COULDNT_CONNECT; - if(conn->data->state.buffer[0] != '3'){ - switch(ftpcode) { + if(ret/100 != 3) { + switch(ret) { case 504: - infof(data, - "%s is not supported by the server.\n", (*m)->name); + infof(data, "Mechanism %s is not supported by the server (server " + "returned ftp code: 504).", mech_name); break; case 534: - infof(data, "%s rejected as security mechanism.\n", (*m)->name); + infof(data, "Mechanism %s was rejected by the server (server returned " + "ftp code: 534).", mech_name); break; default: - if(conn->data->state.buffer[0] == '5') { - infof(data, "The server doesn't support the FTP " - "security extensions.\n"); - return -1; + if(ret/100 == 5) { + infof(data, "The server does not support the security extensions."); + return CURLE_USE_SSL_FAILED; } break; } continue; } - ret = (*(*m)->auth)(conn->app_data, conn); + /* Authenticate */ + ret = ((*mech)->auth)(conn->app_data, conn); if(ret == AUTH_CONTINUE) continue; - else if(ret != AUTH_OK){ - /* mechanism is supposed to output error string */ + else if(ret != AUTH_OK) { + /* Mechanism has dumped the error to stderr, don't error here. */ return -1; } - conn->mech = *m; + DEBUGASSERT(ret == AUTH_OK); + + conn->mech = *mech; conn->sec_complete = 1; if (conn->data_prot != prot_clear) { conn->recv[FIRSTSOCKET] = sec_read; @@ -490,9 +521,17 @@ Curl_sec_login(struct connectdata *conn) break; } - return *m == NULL; + return mech != NULL ? CURLE_OK : CURLE_FAILED_INIT; } +int +Curl_sec_login(struct connectdata *conn) +{ + CURLcode code = choose_mech(conn); + return code == CURLE_OK; +} + + void Curl_sec_end(struct connectdata *conn) { -- cgit v1.2.1 From d23c59ecfc3d5a6b922a8d94a70c783d0fc69c05 Mon Sep 17 00:00:00 2001 From: Julien Chaffraix Date: Sun, 12 Sep 2010 15:41:44 -0700 Subject: security.c: Curl_sec_set_protection_level tweaking - Removed sec_prot_internal as it is now inlined in the function (this removed a redundant check). - Changed the prototype to return an error code. - Updated the method to use the new ftp_send_command function. - Added a level_to_char helper method to avoid relying on the compiler's bound checks. This default to the maximum security we have in case of a wrong input. --- lib/security.c | 93 +++++++++++++++++++++++++++++++++++----------------------- 1 file changed, 57 insertions(+), 36 deletions(-) (limited to 'lib/security.c') diff --git a/lib/security.c b/lib/security.c index d4bb0b379..ca74ec54f 100644 --- a/lib/security.c +++ b/lib/security.c @@ -91,6 +91,29 @@ name_to_level(const char *name) return (enum protection_level)-1; } +/* Convert a protocol |level| to its char representation. + We take an int to catch programming mistakes. */ +static char level_to_char(int level) { + switch(level) { + case prot_clear: + return 'C'; + case prot_safe: + return 'S'; + case prot_confidential: + return 'E'; + case prot_private: + return 'P'; + case prot_cmd: + /* Fall through */ + default: + /* Those 2 cases should not be reached! */ + break; + } + DEBUGASSERT(0); + /* Default to the most secure alternative. */ + return 'P'; +} + static const struct Curl_sec_client_mech * const mechs[] = { #if defined(HAVE_GSSAPI) &Curl_krb5_client_mech, @@ -369,64 +392,62 @@ Curl_set_command_prot(struct connectdata *conn, enum protection_level level) return old; } -static int -sec_prot_internal(struct connectdata *conn, int level) +/* FIXME: The error code returned here is never checked. */ +int Curl_sec_set_protection_level(struct connectdata *conn) { - char *p; - unsigned int s = 1048576; - ssize_t nread; + int code; + char* pbsz; + static unsigned int buffer_size = 1 << 20; /* 1048576 */ + enum protection_level level = conn->request_data_prot; - if(!conn->sec_complete){ - infof(conn->data, "No security data exchange has taken place.\n"); + if(!conn->sec_complete) { + infof(conn->data, "Trying to change the protection level after the" + "completion of the data exchange."); return -1; } - if(level){ - int code; - if(Curl_ftpsendf(conn, "PBSZ %u", s)) - return -1; + /* Bail out if we try to set up the same level */ + if(conn->data_prot == level) + return 0; - if(Curl_GetFTPResponse(&nread, conn, &code)) + if(level) { + code = ftp_send_command(conn, "PSBZ %u", buffer_size); + if(code < 0) return -1; - if(code/100 != 2){ - failf(conn->data, "Failed to set protection buffer size."); + if(code/100 != 2) { + failf(conn->data, "Failed to set the protection's buffer size."); return -1; } - conn->buffer_size = s; - - p = strstr(conn->data->state.buffer, "PBSZ="); - if(p) - sscanf(p, "PBSZ=%u", &s); - if(s < conn->buffer_size) - conn->buffer_size = s; + conn->buffer_size = buffer_size; + + pbsz = strstr(conn->data->state.buffer, "PBSZ="); + if(pbsz) { + /* FIXME: Checks for errors in sscanf? */ + sscanf(pbsz, "PBSZ=%u", &buffer_size); + if(buffer_size < conn->buffer_size) + conn->buffer_size = buffer_size; + } } - if(Curl_ftpsendf(conn, "PROT %c", level["CSEP"])) - return -1; + /* Now try to negiociate the protection level. */ + code = ftp_send_command(conn, "PROT %c", level_to_char(level)); - if(Curl_GetFTPResponse(&nread, conn, NULL)) + if(code < 0) return -1; - if(conn->data->state.buffer[0] != '2'){ - failf(conn->data, "Failed to set protection level."); + if(code/100 != 2) { + failf(conn->data, "Failed to set the protection level."); return -1; } - conn->data_prot = (enum protection_level)level; + conn->data_prot = level; if(level == prot_private) - conn->command_prot = (enum protection_level)level; - return 0; -} + conn->command_prot = level; -void -Curl_sec_set_protection_level(struct connectdata *conn) -{ - if(conn->sec_complete && conn->data_prot != conn->request_data_prot) - sec_prot_internal(conn, conn->request_data_prot); + return 0; } - int Curl_sec_request_prot(struct connectdata *conn, const char *level) { -- cgit v1.2.1 From 7d4f8c280980aaf6d3572d80153da01246221d26 Mon Sep 17 00:00:00 2001 From: Julien Chaffraix Date: Sun, 12 Sep 2010 16:08:52 -0700 Subject: security.c: Curl_sec_read_msg tweaks - Renamed the variables name to better match their intend. - Unified the |decoded_len| checks. - Added some FIXMEs to flag some improvement that did not go in this change. --- lib/security.c | 52 ++++++++++++++++++++++++++++++---------------------- 1 file changed, 30 insertions(+), 22 deletions(-) (limited to 'lib/security.c') diff --git a/lib/security.c b/lib/security.c index ca74ec54f..617a62583 100644 --- a/lib/security.c +++ b/lib/security.c @@ -348,40 +348,48 @@ static ssize_t _sec_send(struct connectdata *conn, int num, return sec_write(conn, fd, buffer, length); } -int -Curl_sec_read_msg(struct connectdata *conn, char *s, int level) +/* FIXME: |level| should not be an int but a struct protection_level */ +int Curl_sec_read_msg(struct connectdata *conn, char *buffer, int level) { - int len; - unsigned char *buf; - int code; - - len = Curl_base64_decode(s + 4, &buf); /* XXX */ - if(len > 0) - len = (conn->mech->decode)(conn->app_data, buf, len, level, conn); - else + /* decoded_len should be size_t or ssize_t but conn->mech->decode returns an + int */ + int decoded_len; + char *buf; + int ret_code; + + decoded_len = Curl_base64_decode(buffer + 4, (unsigned char **)&buf); + if(decoded_len <= 0) { + free(buf); return -1; + } - if(len < 0) { + decoded_len = (conn->mech->decode)(conn->app_data, buf, decoded_len, + level, conn); + if(decoded_len <= 0) { free(buf); return -1; } if(conn->data->set.verbose) { - buf[len] = '\n'; - Curl_debug(conn->data, CURLINFO_HEADER_IN, (char *)buf, len + 1, conn); + buf[decoded_len] = '\n'; + Curl_debug(conn->data, CURLINFO_HEADER_IN, buf, decoded_len + 1, conn); } - buf[len] = '\0'; - + buf[decoded_len] = '\0'; + DEBUGASSERT(decoded_len > 3); if(buf[3] == '-') - code = 0; - else - sscanf((char *)buf, "%d", &code); - if(buf[len-1] == '\n') - buf[len-1] = '\0'; - strcpy(s, (char *)buf); + ret_code = 0; + else { + /* Check for error? */ + sscanf(buf, "%d", &ret_code); + } + + if(buf[decoded_len - 1] == '\n') + buf[decoded_len - 1] = '\0'; + /* FIXME: Is |buffer| length always greater than |decoded_len|? */ + strcpy(buffer, buf); free(buf); - return code; + return ret_code; } enum protection_level -- cgit v1.2.1 From 69d7c48072299850d1bf3e0a134cb9970ffc1850 Mon Sep 17 00:00:00 2001 From: Julien Chaffraix Date: Sun, 12 Sep 2010 16:25:05 -0700 Subject: security.c: sec_send tweaks - Renamed it to do_sec_send as it is the function doing the actual transfer. - Do not return any values as no one was checking it and it never reported a failure (added a FIXME about checking for errors). - Renamed the variables to make their use more specific. - Removed some casts (int -> curl_socket_t, ...) - Avoid doing the htnl <-> nthl twice by caching the 2 results. --- lib/security.c | 59 +++++++++++++++++++++++++++++++--------------------------- 1 file changed, 32 insertions(+), 27 deletions(-) (limited to 'lib/security.c') diff --git a/lib/security.c b/lib/security.c index 617a62583..699be47a3 100644 --- a/lib/security.c +++ b/lib/security.c @@ -270,45 +270,50 @@ static ssize_t sec_read(struct connectdata *conn, int num, return rx; } -static int -sec_send(struct connectdata *conn, int fd, const char *from, int length) +/* Send |length| bytes from |from| to the |fd| socket taking care of encoding + and negociating with the server. |from| can be NULL. */ +/* FIXME: We don't check for errors nor report any! */ +static void do_sec_send(struct connectdata *conn, curl_socket_t fd, + const char *from, int length) { - int bytes; - void *buf; - enum protection_level protlevel = conn->data_prot; - int iscmd = protlevel == prot_cmd; + size_t bytes; + size_t htonl_bytes; + char *buffer; + char *cmd_buffer; + enum protection_level prot_level = conn->data_prot; + bool iscmd = prot_level == prot_cmd; if(iscmd) { if(!strncmp(from, "PASS ", 5) || !strncmp(from, "ACCT ", 5)) - protlevel = prot_private; + prot_level = prot_private; else - protlevel = conn->command_prot; + prot_level = conn->command_prot; } - bytes = (conn->mech->encode)(conn->app_data, from, length, protlevel, - &buf, conn); + bytes = (conn->mech->encode)(conn->app_data, from, length, prot_level, + (void**)&buffer, conn); if(iscmd) { - char *cmdbuf; - - bytes = Curl_base64_encode(conn->data, (char *)buf, bytes, &cmdbuf); + bytes = Curl_base64_encode(conn->data, buffer, bytes, &cmd_buffer); if(bytes > 0) { - if(protlevel == prot_private) - socket_write(conn, fd, "ENC ", 4); + static const char *enc = "ENC "; + static const char *mic = "MIC "; + if(prot_level == prot_private) + socket_write(conn, fd, enc, 4); else - socket_write(conn, fd, "MIC ", 4); - socket_write(conn, fd, cmdbuf, bytes); + socket_write(conn, fd, mic, 4); + + socket_write(conn, fd, cmd_buffer, bytes); socket_write(conn, fd, "\r\n", 2); - Curl_infof(conn->data, "%s %s\n", - protlevel == prot_private ? "ENC" : "MIC", cmdbuf); - free(cmdbuf); + infof(conn->data, "Send: %s%s", prot_level == prot_private?enc:mic, + cmd_buffer); + free(cmd_buffer); } } else { - bytes = htonl(bytes); - socket_write(conn, fd, &bytes, sizeof(bytes)); - socket_write(conn, fd, buf, ntohl(bytes)); + htonl_bytes = htonl(bytes); + socket_write(conn, fd, &htonl_bytes, sizeof(htonl_bytes)); + socket_write(conn, fd, buffer, bytes); } - free(buf); - return length; + free(buffer); } static ssize_t sec_write(struct connectdata *conn, int fd, @@ -323,7 +328,7 @@ static ssize_t sec_write(struct connectdata *conn, int fd, while(length){ if(length < len) len = length; - sec_send(conn, fd, buffer, len); + do_sec_send(conn, fd, buffer, len); length -= len; buffer += len; tx += len; @@ -335,7 +340,7 @@ int Curl_sec_fflush_fd(struct connectdata *conn, int fd) { if(conn->data_prot != prot_clear) { - sec_send(conn, fd, NULL, 0); + do_sec_send(conn, fd, NULL, 0); } return 0; } -- cgit v1.2.1 From 5ea9e78bd7ddc725a8056fdcc3d830fa5ff49fb1 Mon Sep 17 00:00:00 2001 From: Julien Chaffraix Date: Sun, 12 Sep 2010 16:32:41 -0700 Subject: security.c: Curl_sec_fflush_fd tweaks - Use an early return as it makes the code more readable. - Added a FIXME about a conversion. --- lib/security.c | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) (limited to 'lib/security.c') diff --git a/lib/security.c b/lib/security.c index 699be47a3..d0eccdf7f 100644 --- a/lib/security.c +++ b/lib/security.c @@ -336,12 +336,14 @@ static ssize_t sec_write(struct connectdata *conn, int fd, return tx; } -int -Curl_sec_fflush_fd(struct connectdata *conn, int fd) +/* FIXME: fd should be a curl_socket_t */ +int Curl_sec_fflush_fd(struct connectdata *conn, int fd) { - if(conn->data_prot != prot_clear) { - do_sec_send(conn, fd, NULL, 0); - } + if(conn->data_prot == prot_clear) + return 0; + + /* Force a flush by trying to send no data */ + do_sec_send(conn, fd, NULL, 0); return 0; } -- cgit v1.2.1 From 3c69a08e3bd51e62da00bb0596b438f01c6f1afb Mon Sep 17 00:00:00 2001 From: Julien Chaffraix Date: Sun, 12 Sep 2010 16:38:38 -0700 Subject: security.c: sec_read tweaks - Renamed the function to sec_recv. - Renamed the parameters and variable to match the rest of the code. --- lib/security.c | 40 +++++++++++++++++++++------------------- 1 file changed, 21 insertions(+), 19 deletions(-) (limited to 'lib/security.c') diff --git a/lib/security.c b/lib/security.c index d0eccdf7f..cc2fbf140 100644 --- a/lib/security.c +++ b/lib/security.c @@ -235,12 +235,13 @@ buffer_read(struct krb4buffer *buf, const char *data, size_t len) return len; } -static ssize_t sec_read(struct connectdata *conn, int num, - char *buffer, size_t length, CURLcode *err) +/* Matches Curl_recv signature */ +static ssize_t sec_recv(struct connectdata *conn, int sockindex, + char *buffer, size_t len, CURLcode *err) { - size_t len; - int rx = 0; - curl_socket_t fd = conn->sock[num]; + size_t bytes_read; + size_t total_read = 0; + curl_socket_t fd = conn->sock[sockindex]; *err = CURLE_OK; @@ -249,25 +250,26 @@ static ssize_t sec_read(struct connectdata *conn, int num, return 0; } - len = buffer_read(&conn->in_buffer, buffer, length); - length -= len; - rx += len; - buffer = (char*)buffer + len; + bytes_read = buffer_read(&conn->in_buffer, buffer, len); + len -= bytes_read; + total_read += bytes_read; + buffer += bytes_read; - while(length) { + while(len > 0) { if(read_data(conn, fd, &conn->in_buffer) != CURLE_OK) return -1; if(conn->in_buffer.size == 0) { - if(rx) + if(bytes_read > 0) conn->in_buffer.eof_flag = 1; - return rx; + return bytes_read; } - len = buffer_read(&conn->in_buffer, buffer, length); - length -= len; - rx += len; - buffer = (char*)buffer + len; + bytes_read = buffer_read(&conn->in_buffer, buffer, len); + len -= bytes_read; + total_read += bytes_read; + buffer += bytes_read; } - return rx; + /* FIXME: Check for overflow */ + return total_read; } /* Send |length| bytes from |from| to the |fd| socket taking care of encoding @@ -545,9 +547,9 @@ static CURLcode choose_mech(struct connectdata *conn) conn->mech = *mech; conn->sec_complete = 1; if (conn->data_prot != prot_clear) { - conn->recv[FIRSTSOCKET] = sec_read; + conn->recv[FIRSTSOCKET] = sec_recv; conn->send[FIRSTSOCKET] = _sec_send; - conn->recv[SECONDARYSOCKET] = sec_read; + conn->recv[SECONDARYSOCKET] = sec_recv; conn->send[SECONDARYSOCKET] = _sec_send; } conn->command_prot = prot_safe; -- cgit v1.2.1 From 612832e4c029a558d84cfa769401aa061500570f Mon Sep 17 00:00:00 2001 From: Julien Chaffraix Date: Sun, 12 Sep 2010 16:41:45 -0700 Subject: security.c: _sec_send tweaks - Renamed the method to sec_send now that we renamed sec_send to do_sec_send. - Some more variable renaming. --- lib/security.c | 13 +++++++------ 1 file changed, 7 insertions(+), 6 deletions(-) (limited to 'lib/security.c') diff --git a/lib/security.c b/lib/security.c index cc2fbf140..ac3c689f4 100644 --- a/lib/security.c +++ b/lib/security.c @@ -349,12 +349,13 @@ int Curl_sec_fflush_fd(struct connectdata *conn, int fd) return 0; } -static ssize_t _sec_send(struct connectdata *conn, int num, - const void *buffer, size_t length, CURLcode *err) +/* Matches Curl_send signature */ +static ssize_t sec_send(struct connectdata *conn, int sockindex, + const void *buffer, size_t len, CURLcode *err) { - curl_socket_t fd = conn->sock[num]; + curl_socket_t fd = conn->sock[sockindex]; *err = CURLE_OK; - return sec_write(conn, fd, buffer, length); + return sec_write(conn, fd, buffer, len); } /* FIXME: |level| should not be an int but a struct protection_level */ @@ -548,9 +549,9 @@ static CURLcode choose_mech(struct connectdata *conn) conn->sec_complete = 1; if (conn->data_prot != prot_clear) { conn->recv[FIRSTSOCKET] = sec_recv; - conn->send[FIRSTSOCKET] = _sec_send; + conn->send[FIRSTSOCKET] = sec_send; conn->recv[SECONDARYSOCKET] = sec_recv; - conn->send[SECONDARYSOCKET] = _sec_send; + conn->send[SECONDARYSOCKET] = sec_send; } conn->command_prot = prot_safe; /* Set the requested protection level */ -- cgit v1.2.1 From 562d40e671c2290aed36de5afd1fd2954619d900 Mon Sep 17 00:00:00 2001 From: Julien Chaffraix Date: Sun, 12 Sep 2010 16:46:09 -0700 Subject: security.c: sec_write tweaks - |fd| is now a curl_socket_t and |len| a size_t to avoid conversions. - Added 2 FIXMEs about the 2 unsigned -> signed conversions. - Included 2 minor changes to Curl_sec_end. --- lib/security.c | 16 ++++++++++------ 1 file changed, 10 insertions(+), 6 deletions(-) (limited to 'lib/security.c') diff --git a/lib/security.c b/lib/security.c index ac3c689f4..6e1797cf1 100644 --- a/lib/security.c +++ b/lib/security.c @@ -318,18 +318,21 @@ static void do_sec_send(struct connectdata *conn, curl_socket_t fd, free(buffer); } -static ssize_t sec_write(struct connectdata *conn, int fd, - const char *buffer, int length) +static ssize_t sec_write(struct connectdata *conn, curl_socket_t fd, + const char *buffer, size_t length) { - int len = conn->buffer_size; + /* FIXME: Check for overflow */ + ssize_t len = conn->buffer_size; int tx = 0; len -= (conn->mech->overhead)(conn->app_data, conn->data_prot, len); if(len <= 0) len = length; - while(length){ - if(length < len) + while(length) { + if(len >= 0 || length < (size_t)len) { + /* FIXME: Check for overflow. */ len = length; + } do_sec_send(conn, fd, buffer, len); length -= len; buffer += len; @@ -577,13 +580,14 @@ Curl_sec_end(struct connectdata *conn) if(conn->mech != NULL) { if(conn->mech->end) (conn->mech->end)(conn->app_data); + /* FIXME: Why do we zero'd it before free'ing it? */ memset(conn->app_data, 0, conn->mech->size); free(conn->app_data); conn->app_data = NULL; } conn->sec_complete = 0; conn->data_prot = (enum protection_level)0; - conn->mech=NULL; + conn->mech = NULL; } #endif /* HAVE_KRB4 || HAVE_GSSAPI */ -- cgit v1.2.1 From 31d59fb2cc05ad232c2e5a39eba7ece71d9c8533 Mon Sep 17 00:00:00 2001 From: Julien Chaffraix Date: Sun, 12 Sep 2010 17:22:04 -0700 Subject: security.c: Update the #include statements after the rewrite. --- lib/security.c | 11 ++++------- 1 file changed, 4 insertions(+), 7 deletions(-) (limited to 'lib/security.c') diff --git a/lib/security.c b/lib/security.c index 6e1797cf1..2eeaa3196 100644 --- a/lib/security.c +++ b/lib/security.c @@ -46,10 +46,7 @@ #ifndef CURL_DISABLE_FTP #if defined(HAVE_KRB4) || defined(HAVE_GSSAPI) -#define _MPRINTF_REPLACE /* we want curl-functions instead of native ones */ -#include - -#include +#include #include #ifdef HAVE_NETDB_H @@ -61,11 +58,11 @@ #endif #include "urldata.h" -#include "krb4.h" #include "curl_base64.h" -#include "sendf.h" -#include "ftp.h" #include "curl_memory.h" +#include "krb4.h" +#include "ftp.h" +#include "sendf.h" #include "rawstr.h" /* The last #include file should be: */ -- cgit v1.2.1 From b1df37c60ec8f2a0c943b386c103fc4e7d22bd73 Mon Sep 17 00:00:00 2001 From: Daniel Stenberg Date: Wed, 22 Sep 2010 23:41:28 +0200 Subject: security.c: removed superfluous parentheses And also removed the FIXME where memory was zeroed just before freed, and some other minor whitespace changes. --- lib/security.c | 30 +++++++++++++++--------------- 1 file changed, 15 insertions(+), 15 deletions(-) (limited to 'lib/security.c') diff --git a/lib/security.c b/lib/security.c index 2eeaa3196..cf0a6ff61 100644 --- a/lib/security.c +++ b/lib/security.c @@ -143,8 +143,8 @@ static int ftp_send_command(struct connectdata *conn, const char *message, ...) return ftp_code; } -/* Read |len| from the socket |fd| and store it in |to|. Return a - CURLcode saying whether an error occured or CURLE_OK if |len| was read. */ +/* Read |len| from the socket |fd| and store it in |to|. Return a CURLcode + saying whether an error occured or CURLE_OK if |len| was read. */ static CURLcode socket_read(curl_socket_t fd, void *to, size_t len) { @@ -170,9 +170,11 @@ socket_read(curl_socket_t fd, void *to, size_t len) /* Write |len| bytes from the buffer |to| to the socket |fd|. Return a - CURLcode saying whether an error occured or CURLE_OK if |len| was written. */ + CURLcode saying whether an error occured or CURLE_OK if |len| was + written. */ static CURLcode -socket_write(struct connectdata *conn, curl_socket_t fd, const void *to, size_t len) +socket_write(struct connectdata *conn, curl_socket_t fd, const void *to, + size_t len) { const char *to_p = to; CURLcode code; @@ -214,8 +216,8 @@ static CURLcode read_data(struct connectdata *conn, ret = socket_read(fd, buf->data, len); if (ret != CURLE_OK) return ret; - buf->size = (conn->mech->decode)(conn->app_data, buf->data, len, - conn->data_prot, conn); + buf->size = conn->mech->decode(conn->app_data, buf->data, len, + conn->data_prot, conn); buf->index = 0; return CURLE_OK; } @@ -288,8 +290,8 @@ static void do_sec_send(struct connectdata *conn, curl_socket_t fd, else prot_level = conn->command_prot; } - bytes = (conn->mech->encode)(conn->app_data, from, length, prot_level, - (void**)&buffer, conn); + bytes = conn->mech->encode(conn->app_data, from, length, prot_level, + (void**)&buffer, conn); if(iscmd) { bytes = Curl_base64_encode(conn->data, buffer, bytes, &cmd_buffer); if(bytes > 0) { @@ -322,7 +324,7 @@ static ssize_t sec_write(struct connectdata *conn, curl_socket_t fd, ssize_t len = conn->buffer_size; int tx = 0; - len -= (conn->mech->overhead)(conn->app_data, conn->data_prot, len); + len -= conn->mech->overhead(conn->app_data, conn->data_prot, len); if(len <= 0) len = length; while(length) { @@ -373,8 +375,8 @@ int Curl_sec_read_msg(struct connectdata *conn, char *buffer, int level) return -1; } - decoded_len = (conn->mech->decode)(conn->app_data, buf, decoded_len, - level, conn); + decoded_len = conn->mech->decode(conn->app_data, buf, decoded_len, + level, conn); if(decoded_len <= 0) { free(buf); return -1; @@ -535,7 +537,7 @@ static CURLcode choose_mech(struct connectdata *conn) } /* Authenticate */ - ret = ((*mech)->auth)(conn->app_data, conn); + ret = (*mech)->auth(conn->app_data, conn); if(ret == AUTH_CONTINUE) continue; @@ -576,9 +578,7 @@ Curl_sec_end(struct connectdata *conn) { if(conn->mech != NULL) { if(conn->mech->end) - (conn->mech->end)(conn->app_data); - /* FIXME: Why do we zero'd it before free'ing it? */ - memset(conn->app_data, 0, conn->mech->size); + conn->mech->end(conn->app_data); free(conn->app_data); conn->app_data = NULL; } -- cgit v1.2.1 From a10f5b34ff7932060beb4d297be1241b81b64774 Mon Sep 17 00:00:00 2001 From: Daniel Stenberg Date: Fri, 24 Sep 2010 00:20:02 +0200 Subject: Revert "security.c: buffer_read various fixes." This reverts commit fbb38de415b7bb7d743e53a7b4b887ffb12b3e5b. --- lib/security.c | 10 ++++------ 1 file changed, 4 insertions(+), 6 deletions(-) (limited to 'lib/security.c') diff --git a/lib/security.c b/lib/security.c index cf0a6ff61..693be3f57 100644 --- a/lib/security.c +++ b/lib/security.c @@ -223,13 +223,11 @@ static CURLcode read_data(struct connectdata *conn, } static size_t -buffer_read(struct krb4buffer *buf, const char *data, size_t len) +buffer_read(struct krb4buffer *buf, void *data, size_t len) { - size_t buf_capacity = buf->size - buf->index; - DEBUGASSERT(buf->size > buf->index); - if(buf_capacity < len) - len = buf_capacity; - memcpy(buf, data, len); + if(buf->size - buf->index < len) + len = buf->size - buf->index; + memcpy(data, (char*)buf->data + buf->index, len); buf->index += len; return len; } -- cgit v1.2.1 From 1e2056fecb30c5184b70c5d6ad3becf9c200ac09 Mon Sep 17 00:00:00 2001 From: Julien Chaffraix Date: Sun, 26 Sep 2010 16:17:01 -0700 Subject: security.c: Fix ftp_send_command. My use of va_args was completely wrong. Fixed the usage so that we send the right commands! --- lib/security.c | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) (limited to 'lib/security.c') diff --git a/lib/security.c b/lib/security.c index 693be3f57..570807811 100644 --- a/lib/security.c +++ b/lib/security.c @@ -128,9 +128,13 @@ static int ftp_send_command(struct connectdata *conn, const char *message, ...) int ftp_code; ssize_t nread; va_list args; + char print_buffer[50]; va_start(args, message); - if(Curl_ftpsendf(conn, message, args) != CURLE_OK) { + vsnprintf(print_buffer, sizeof(print_buffer), message, args); + va_end(args); + + if(Curl_ftpsendf(conn, print_buffer) != CURLE_OK) { ftp_code = -1; } else { @@ -139,7 +143,6 @@ static int ftp_send_command(struct connectdata *conn, const char *message, ...) } (void)nread; /* Unused */ - va_end(args); return ftp_code; } -- cgit v1.2.1 From 05b72a6af29e4b6e7a3fb72581b09f38a9adfb53 Mon Sep 17 00:00:00 2001 From: Julien Chaffraix Date: Sun, 26 Sep 2010 17:57:03 -0700 Subject: security.c: Fix typo (PSBZ -> PBSZ) --- lib/security.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'lib/security.c') diff --git a/lib/security.c b/lib/security.c index 570807811..3fda8bbcd 100644 --- a/lib/security.c +++ b/lib/security.c @@ -432,7 +432,7 @@ int Curl_sec_set_protection_level(struct connectdata *conn) return 0; if(level) { - code = ftp_send_command(conn, "PSBZ %u", buffer_size); + code = ftp_send_command(conn, "PBSZ %u", buffer_size); if(code < 0) return -1; -- cgit v1.2.1 From bfbc4c7e00303ca8ddcb6245a23b5768adb8f1c0 Mon Sep 17 00:00:00 2001 From: Julien Chaffraix Date: Sun, 26 Sep 2010 18:04:48 -0700 Subject: security.c: Readd the '\n' to the infof() calls. They are not automatically added and make the output of the verbose mode a lot more readable. --- lib/security.c | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) (limited to 'lib/security.c') diff --git a/lib/security.c b/lib/security.c index 3fda8bbcd..25cd483c1 100644 --- a/lib/security.c +++ b/lib/security.c @@ -305,7 +305,7 @@ static void do_sec_send(struct connectdata *conn, curl_socket_t fd, socket_write(conn, fd, cmd_buffer, bytes); socket_write(conn, fd, "\r\n", 2); - infof(conn->data, "Send: %s%s", prot_level == prot_private?enc:mic, + infof(conn->data, "Send: %s%s\n", prot_level == prot_private?enc:mic, cmd_buffer); free(cmd_buffer); } @@ -423,7 +423,7 @@ int Curl_sec_set_protection_level(struct connectdata *conn) if(!conn->sec_complete) { infof(conn->data, "Trying to change the protection level after the" - "completion of the data exchange."); + "completion of the data exchange.\n"); return -1; } @@ -492,7 +492,7 @@ static CURLcode choose_mech(struct connectdata *conn) /* We have no mechanism with a NULL name but keep this check */ DEBUGASSERT(mech_name != NULL); if(mech_name == NULL) { - infof(data, "Skipping mechanism with empty name (%p)", mech); + infof(data, "Skipping mechanism with empty name (%p)\n", mech); continue; } tmp_allocation = realloc(conn->app_data, (*mech)->size); @@ -506,12 +506,12 @@ static CURLcode choose_mech(struct connectdata *conn) if((*mech)->init) { ret = (*mech)->init(conn); if(ret != 0) { - infof(data, "Failed initialization for %s. Skipping it.", mech_name); + infof(data, "Failed initialization for %s. Skipping it.\n", mech_name); continue; } } - infof(data, "Trying mechanism %s...", mech_name); + infof(data, "Trying mechanism %s...\n", mech_name); ret = ftp_send_command(conn, "AUTH %s", mech_name); if(ret < 0) /* FIXME: This error is too generic but it is OK for now. */ @@ -521,15 +521,15 @@ static CURLcode choose_mech(struct connectdata *conn) switch(ret) { case 504: infof(data, "Mechanism %s is not supported by the server (server " - "returned ftp code: 504).", mech_name); + "returned ftp code: 504).\n", mech_name); break; case 534: infof(data, "Mechanism %s was rejected by the server (server returned " - "ftp code: 534).", mech_name); + "ftp code: 534).\n", mech_name); break; default: if(ret/100 == 5) { - infof(data, "The server does not support the security extensions."); + infof(data, "The server does not support the security extensions.\n"); return CURLE_USE_SSL_FAILED; } break; -- cgit v1.2.1 From fc9f3698291d0ba59494207feed674e8d29d9c77 Mon Sep 17 00:00:00 2001 From: Julien Chaffraix Date: Sun, 26 Sep 2010 19:14:50 -0700 Subject: security.c: Fix Curl_sec_login after rewrite. Curl_sec_login was returning the opposite result that the code in ftp.c was expecting. Simplified the return code (using a CURLcode) so to see more clearly what is going on. --- lib/security.c | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) (limited to 'lib/security.c') diff --git a/lib/security.c b/lib/security.c index 25cd483c1..9e74eb277 100644 --- a/lib/security.c +++ b/lib/security.c @@ -566,11 +566,10 @@ static CURLcode choose_mech(struct connectdata *conn) return mech != NULL ? CURLE_OK : CURLE_FAILED_INIT; } -int +CURLcode Curl_sec_login(struct connectdata *conn) { - CURLcode code = choose_mech(conn); - return code == CURLE_OK; + return choose_mech(conn); } -- cgit v1.2.1 From dacc44ddc2920cb1b2e3550bc803f7521c3166fa Mon Sep 17 00:00:00 2001 From: Julien Chaffraix Date: Sun, 26 Sep 2010 19:16:38 -0700 Subject: security.c: We should always register the socket handler. Following a change in the way socket handler are registered, the custom recv and send method were conditionaly registered. We need to register them everytime to handle the ftp security extensions. Re-added the clear text handling in sec_recv. --- lib/security.c | 14 ++++++++------ 1 file changed, 8 insertions(+), 6 deletions(-) (limited to 'lib/security.c') diff --git a/lib/security.c b/lib/security.c index 9e74eb277..5becb0c87 100644 --- a/lib/security.c +++ b/lib/security.c @@ -245,6 +245,10 @@ static ssize_t sec_recv(struct connectdata *conn, int sockindex, *err = CURLE_OK; + /* Handle clear text response. */ + if(conn->sec_complete == 0 || conn->data_prot == prot_clear) + return read(fd, buffer, len); + if(conn->in_buffer.eof_flag) { conn->in_buffer.eof_flag = 0; return 0; @@ -550,12 +554,10 @@ static CURLcode choose_mech(struct connectdata *conn) conn->mech = *mech; conn->sec_complete = 1; - if (conn->data_prot != prot_clear) { - conn->recv[FIRSTSOCKET] = sec_recv; - conn->send[FIRSTSOCKET] = sec_send; - conn->recv[SECONDARYSOCKET] = sec_recv; - conn->send[SECONDARYSOCKET] = sec_send; - } + conn->recv[FIRSTSOCKET] = sec_recv; + conn->send[FIRSTSOCKET] = sec_send; + conn->recv[SECONDARYSOCKET] = sec_recv; + conn->send[SECONDARYSOCKET] = sec_send; conn->command_prot = prot_safe; /* Set the requested protection level */ /* BLOCKING */ -- cgit v1.2.1 From e3811ed7c34ed1818dc246af54460fea0fc52c02 Mon Sep 17 00:00:00 2001 From: Julien Chaffraix Date: Sun, 26 Sep 2010 22:35:00 -0700 Subject: security.c: Remove Curl_sec_fflush_fd. The current implementation would make us send wrong data on a closed socket. We don't buffer our data so the method can be safely removed. --- lib/security.c | 11 ----------- 1 file changed, 11 deletions(-) (limited to 'lib/security.c') diff --git a/lib/security.c b/lib/security.c index 5becb0c87..303a1bec6 100644 --- a/lib/security.c +++ b/lib/security.c @@ -345,17 +345,6 @@ static ssize_t sec_write(struct connectdata *conn, curl_socket_t fd, return tx; } -/* FIXME: fd should be a curl_socket_t */ -int Curl_sec_fflush_fd(struct connectdata *conn, int fd) -{ - if(conn->data_prot == prot_clear) - return 0; - - /* Force a flush by trying to send no data */ - do_sec_send(conn, fd, NULL, 0); - return 0; -} - /* Matches Curl_send signature */ static ssize_t sec_send(struct connectdata *conn, int sockindex, const void *buffer, size_t len, CURLcode *err) -- cgit v1.2.1 From 87badbef846c29359f2981076d53acd108b57254 Mon Sep 17 00:00:00 2001 From: Julien Chaffraix Date: Sun, 26 Sep 2010 22:44:42 -0700 Subject: krb5-gssapi: Remove several memory leaks. Remove a leak seen on Kerberos/MIT (gss_OID is copied internally and we were leaking it). Now we just pass NULL as advised in RFC2744. |tmp| was never set back to buf->data. Cleaned up Curl_sec_end to take into account failure in Curl_sec_login (where conn->mech would be NULL but not conn->app_data or conn->in_buffer->data). --- lib/security.c | 15 ++++++++++++--- 1 file changed, 12 insertions(+), 3 deletions(-) (limited to 'lib/security.c') diff --git a/lib/security.c b/lib/security.c index 303a1bec6..73a554016 100644 --- a/lib/security.c +++ b/lib/security.c @@ -216,6 +216,7 @@ static CURLcode read_data(struct connectdata *conn, if (tmp == NULL) return CURLE_OUT_OF_MEMORY; + buf->data = tmp; ret = socket_read(fd, buf->data, len); if (ret != CURLE_OK) return ret; @@ -567,12 +568,20 @@ Curl_sec_login(struct connectdata *conn) void Curl_sec_end(struct connectdata *conn) { - if(conn->mech != NULL) { - if(conn->mech->end) - conn->mech->end(conn->app_data); + if(conn->mech != NULL && conn->mech->end) + conn->mech->end(conn->app_data); + if(conn->app_data) { free(conn->app_data); conn->app_data = NULL; } + if(conn->in_buffer.data) { + free(conn->in_buffer.data); + conn->in_buffer.data = NULL; + conn->in_buffer.size = 0; + conn->in_buffer.index = 0; + /* FIXME: Is this really needed? */ + conn->in_buffer.eof_flag = 0; + } conn->sec_complete = 0; conn->data_prot = (enum protection_level)0; conn->mech = NULL; -- cgit v1.2.1 From 0152dbbe237928b9ebab9c47b4bcb17a4ae98190 Mon Sep 17 00:00:00 2001 From: Daniel Stenberg Date: Mon, 18 Oct 2010 10:00:37 +0200 Subject: krb4: make a few functions static --- lib/security.c | 12 ++---------- 1 file changed, 2 insertions(+), 10 deletions(-) (limited to 'lib/security.c') diff --git a/lib/security.c b/lib/security.c index 73a554016..244ab6fee 100644 --- a/lib/security.c +++ b/lib/security.c @@ -399,16 +399,8 @@ int Curl_sec_read_msg(struct connectdata *conn, char *buffer, int level) return ret_code; } -enum protection_level -Curl_set_command_prot(struct connectdata *conn, enum protection_level level) -{ - enum protection_level old = conn->command_prot; - conn->command_prot = level; - return old; -} - /* FIXME: The error code returned here is never checked. */ -int Curl_sec_set_protection_level(struct connectdata *conn) +static int sec_set_protection_level(struct connectdata *conn) { int code; char* pbsz; @@ -551,7 +543,7 @@ static CURLcode choose_mech(struct connectdata *conn) conn->command_prot = prot_safe; /* Set the requested protection level */ /* BLOCKING */ - Curl_sec_set_protection_level(conn); + (void)sec_set_protection_level(conn); break; } -- cgit v1.2.1 From c8a7df108fb216899ad950fe3ff2e3aa7c40fbc0 Mon Sep 17 00:00:00 2001 From: Julien Chaffraix Date: Fri, 12 Nov 2010 08:15:01 -0800 Subject: security: Pass the right parameter to init. init is expecting app_data. Passing it the struct connecdata would make us crash later. --- lib/security.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'lib/security.c') diff --git a/lib/security.c b/lib/security.c index 244ab6fee..d22ff9a32 100644 --- a/lib/security.c +++ b/lib/security.c @@ -490,7 +490,7 @@ static CURLcode choose_mech(struct connectdata *conn) conn->app_data = tmp_allocation; if((*mech)->init) { - ret = (*mech)->init(conn); + ret = (*mech)->init(conn->app_data); if(ret != 0) { infof(data, "Failed initialization for %s. Skipping it.\n", mech_name); continue; -- cgit v1.2.1 From 8d59d69449c2a86c478699a50d920541aa106201 Mon Sep 17 00:00:00 2001 From: Julien Chaffraix Date: Sat, 13 Nov 2010 12:01:33 -0800 Subject: security: tighten enum protection_level usage. While changing Curl_sec_read_msg to accept an enum protection_level instead of an int, I went ahead and fixed the usage of the associated fields. Some code was assuming that prot_clear == 0. Fixed those to use the proper value. Added assertions prior to any code that would set the protection level. --- lib/security.c | 21 ++++++++++++++------- 1 file changed, 14 insertions(+), 7 deletions(-) (limited to 'lib/security.c') diff --git a/lib/security.c b/lib/security.c index d22ff9a32..88c6541d9 100644 --- a/lib/security.c +++ b/lib/security.c @@ -85,7 +85,7 @@ name_to_level(const char *name) for(i = 0; i < (int)sizeof(level_names)/(int)sizeof(level_names[0]); i++) if(checkprefix(name, level_names[i].name)) return level_names[i].level; - return (enum protection_level)-1; + return prot_none; } /* Convert a protocol |level| to its char representation. @@ -290,6 +290,8 @@ static void do_sec_send(struct connectdata *conn, curl_socket_t fd, enum protection_level prot_level = conn->data_prot; bool iscmd = prot_level == prot_cmd; + DEBUGASSERT(prot_level > prot_none && prot_level < prot_last); + if(iscmd) { if(!strncmp(from, "PASS ", 5) || !strncmp(from, "ACCT ", 5)) prot_level = prot_private; @@ -355,8 +357,8 @@ static ssize_t sec_send(struct connectdata *conn, int sockindex, return sec_write(conn, fd, buffer, len); } -/* FIXME: |level| should not be an int but a struct protection_level */ -int Curl_sec_read_msg(struct connectdata *conn, char *buffer, int level) +int Curl_sec_read_msg(struct connectdata *conn, char *buffer, + enum protection_level level) { /* decoded_len should be size_t or ssize_t but conn->mech->decode returns an int */ @@ -364,6 +366,8 @@ int Curl_sec_read_msg(struct connectdata *conn, char *buffer, int level) char *buf; int ret_code; + DEBUGASSERT(level > prot_none && level < prot_last); + decoded_len = Curl_base64_decode(buffer + 4, (unsigned char **)&buf); if(decoded_len <= 0) { free(buf); @@ -407,6 +411,8 @@ static int sec_set_protection_level(struct connectdata *conn) static unsigned int buffer_size = 1 << 20; /* 1048576 */ enum protection_level level = conn->request_data_prot; + DEBUGASSERT(level > prot_none && level < prot_last); + if(!conn->sec_complete) { infof(conn->data, "Trying to change the protection level after the" "completion of the data exchange.\n"); @@ -458,10 +464,11 @@ static int sec_set_protection_level(struct connectdata *conn) int Curl_sec_request_prot(struct connectdata *conn, const char *level) { - int l = name_to_level(level); - if(l == -1) + enum protection_level l = name_to_level(level); + if(l == prot_none) return -1; - conn->request_data_prot = (enum protection_level)l; + DEBUGASSERT(l > prot_none && l < prot_last); + conn->request_data_prot = l; return 0; } @@ -575,7 +582,7 @@ Curl_sec_end(struct connectdata *conn) conn->in_buffer.eof_flag = 0; } conn->sec_complete = 0; - conn->data_prot = (enum protection_level)0; + conn->data_prot = prot_clear; conn->mech = NULL; } -- cgit v1.2.1 From add5766dd4d8a15f3f96254fc65e9ab5c9ff3d48 Mon Sep 17 00:00:00 2001 From: Julien Chaffraix Date: Sat, 13 Nov 2010 14:42:34 -0800 Subject: urldata: Capitalize enum protect_level values. This makes it easier to spot the enum values from the variables. Removed some unneeded DEBUGASSERT added in the previous commit. --- lib/security.c | 46 +++++++++++++++++++++++----------------------- 1 file changed, 23 insertions(+), 23 deletions(-) (limited to 'lib/security.c') diff --git a/lib/security.c b/lib/security.c index 88c6541d9..1aa280682 100644 --- a/lib/security.c +++ b/lib/security.c @@ -72,10 +72,10 @@ static const struct { enum protection_level level; const char *name; } level_names[] = { - { prot_clear, "clear" }, - { prot_safe, "safe" }, - { prot_confidential, "confidential" }, - { prot_private, "private" } + { PROT_CLEAR, "clear" }, + { PROT_SAFE, "safe" }, + { PROT_CONFIDENTIAL, "confidential" }, + { PROT_PRIVATE, "private" } }; static enum protection_level @@ -85,22 +85,22 @@ name_to_level(const char *name) for(i = 0; i < (int)sizeof(level_names)/(int)sizeof(level_names[0]); i++) if(checkprefix(name, level_names[i].name)) return level_names[i].level; - return prot_none; + return PROT_NONE; } /* Convert a protocol |level| to its char representation. We take an int to catch programming mistakes. */ static char level_to_char(int level) { switch(level) { - case prot_clear: + case PROT_CLEAR: return 'C'; - case prot_safe: + case PROT_SAFE: return 'S'; - case prot_confidential: + case PROT_CONFIDENTIAL: return 'E'; - case prot_private: + case PROT_PRIVATE: return 'P'; - case prot_cmd: + case PROT_CMD: /* Fall through */ default: /* Those 2 cases should not be reached! */ @@ -247,7 +247,7 @@ static ssize_t sec_recv(struct connectdata *conn, int sockindex, *err = CURLE_OK; /* Handle clear text response. */ - if(conn->sec_complete == 0 || conn->data_prot == prot_clear) + if(conn->sec_complete == 0 || conn->data_prot == PROT_CLEAR) return read(fd, buffer, len); if(conn->in_buffer.eof_flag) { @@ -288,13 +288,13 @@ static void do_sec_send(struct connectdata *conn, curl_socket_t fd, char *buffer; char *cmd_buffer; enum protection_level prot_level = conn->data_prot; - bool iscmd = prot_level == prot_cmd; + bool iscmd = prot_level == PROT_CMD; - DEBUGASSERT(prot_level > prot_none && prot_level < prot_last); + DEBUGASSERT(prot_level > PROT_NONE && prot_level < PROT_LAST); if(iscmd) { if(!strncmp(from, "PASS ", 5) || !strncmp(from, "ACCT ", 5)) - prot_level = prot_private; + prot_level = PROT_PRIVATE; else prot_level = conn->command_prot; } @@ -305,14 +305,14 @@ static void do_sec_send(struct connectdata *conn, curl_socket_t fd, if(bytes > 0) { static const char *enc = "ENC "; static const char *mic = "MIC "; - if(prot_level == prot_private) + if(prot_level == PROT_PRIVATE) socket_write(conn, fd, enc, 4); else socket_write(conn, fd, mic, 4); socket_write(conn, fd, cmd_buffer, bytes); socket_write(conn, fd, "\r\n", 2); - infof(conn->data, "Send: %s%s\n", prot_level == prot_private?enc:mic, + infof(conn->data, "Send: %s%s\n", prot_level == PROT_PRIVATE?enc:mic, cmd_buffer); free(cmd_buffer); } @@ -366,7 +366,7 @@ int Curl_sec_read_msg(struct connectdata *conn, char *buffer, char *buf; int ret_code; - DEBUGASSERT(level > prot_none && level < prot_last); + DEBUGASSERT(level > PROT_NONE && level < PROT_LAST); decoded_len = Curl_base64_decode(buffer + 4, (unsigned char **)&buf); if(decoded_len <= 0) { @@ -411,7 +411,7 @@ static int sec_set_protection_level(struct connectdata *conn) static unsigned int buffer_size = 1 << 20; /* 1048576 */ enum protection_level level = conn->request_data_prot; - DEBUGASSERT(level > prot_none && level < prot_last); + DEBUGASSERT(level > PROT_NONE && level < PROT_LAST); if(!conn->sec_complete) { infof(conn->data, "Trying to change the protection level after the" @@ -455,7 +455,7 @@ static int sec_set_protection_level(struct connectdata *conn) } conn->data_prot = level; - if(level == prot_private) + if(level == PROT_PRIVATE) conn->command_prot = level; return 0; @@ -465,9 +465,9 @@ int Curl_sec_request_prot(struct connectdata *conn, const char *level) { enum protection_level l = name_to_level(level); - if(l == prot_none) + if(l == PROT_NONE) return -1; - DEBUGASSERT(l > prot_none && l < prot_last); + DEBUGASSERT(l > PROT_NONE && l < PROT_LAST); conn->request_data_prot = l; return 0; } @@ -547,7 +547,7 @@ static CURLcode choose_mech(struct connectdata *conn) conn->send[FIRSTSOCKET] = sec_send; conn->recv[SECONDARYSOCKET] = sec_recv; conn->send[SECONDARYSOCKET] = sec_send; - conn->command_prot = prot_safe; + conn->command_prot = PROT_SAFE; /* Set the requested protection level */ /* BLOCKING */ (void)sec_set_protection_level(conn); @@ -582,7 +582,7 @@ Curl_sec_end(struct connectdata *conn) conn->in_buffer.eof_flag = 0; } conn->sec_complete = 0; - conn->data_prot = prot_clear; + conn->data_prot = PROT_CLEAR; conn->mech = NULL; } -- cgit v1.2.1 From 1702a2c08d3a0ed5945f34e6cd38436611f65164 Mon Sep 17 00:00:00 2001 From: Fabian Keil Date: Tue, 19 Apr 2011 15:54:13 +0200 Subject: Fix a couple of spelling errors in lib/ Found with codespell. --- lib/security.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'lib/security.c') diff --git a/lib/security.c b/lib/security.c index 1aa280682..c4fc88af8 100644 --- a/lib/security.c +++ b/lib/security.c @@ -147,7 +147,7 @@ static int ftp_send_command(struct connectdata *conn, const char *message, ...) } /* Read |len| from the socket |fd| and store it in |to|. Return a CURLcode - saying whether an error occured or CURLE_OK if |len| was read. */ + saying whether an error occurred or CURLE_OK if |len| was read. */ static CURLcode socket_read(curl_socket_t fd, void *to, size_t len) { @@ -173,7 +173,7 @@ socket_read(curl_socket_t fd, void *to, size_t len) /* Write |len| bytes from the buffer |to| to the socket |fd|. Return a - CURLcode saying whether an error occured or CURLE_OK if |len| was + CURLcode saying whether an error occurred or CURLE_OK if |len| was written. */ static CURLcode socket_write(struct connectdata *conn, curl_socket_t fd, const void *to, -- cgit v1.2.1 From b903186fa0189ff241d756d25d07fdfe9885ae49 Mon Sep 17 00:00:00 2001 From: Daniel Stenberg Date: Wed, 20 Apr 2011 15:17:42 +0200 Subject: source cleanup: unify look, style and indent levels By the use of a the new lib/checksrc.pl script that checks that our basic source style rules are followed. --- lib/security.c | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) (limited to 'lib/security.c') diff --git a/lib/security.c b/lib/security.c index c4fc88af8..010a5504e 100644 --- a/lib/security.c +++ b/lib/security.c @@ -10,7 +10,7 @@ * Copyright (c) 1998, 1999 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * - * Copyright (C) 2001 - 2010, Daniel Stenberg, , et al. + * Copyright (C) 2001 - 2011, Daniel Stenberg, , et al. * * All rights reserved. * @@ -208,17 +208,17 @@ static CURLcode read_data(struct connectdata *conn, CURLcode ret; ret = socket_read(fd, &len, sizeof(len)); - if (ret != CURLE_OK) + if(ret != CURLE_OK) return ret; len = ntohl(len); tmp = realloc(buf->data, len); - if (tmp == NULL) + if(tmp == NULL) return CURLE_OUT_OF_MEMORY; buf->data = tmp; ret = socket_read(fd, buf->data, len); - if (ret != CURLE_OK) + if(ret != CURLE_OK) return ret; buf->size = conn->mech->decode(conn->app_data, buf->data, len, conn->data_prot, conn); @@ -522,7 +522,7 @@ static CURLcode choose_mech(struct connectdata *conn) break; default: if(ret/100 == 5) { - infof(data, "The server does not support the security extensions.\n"); + infof(data, "server does not support the security extensions\n"); return CURLE_USE_SSL_FAILED; } break; -- cgit v1.2.1 From f1586cb4775681810afd8e6626e7842d459f3b85 Mon Sep 17 00:00:00 2001 From: Yang Tse Date: Tue, 26 Jul 2011 17:23:27 +0200 Subject: stdio.h, stdlib.h, string.h, stdarg.h and ctype.h inclusion done in setup_once.h --- lib/security.c | 3 --- 1 file changed, 3 deletions(-) (limited to 'lib/security.c') diff --git a/lib/security.c b/lib/security.c index 010a5504e..af61f3aed 100644 --- a/lib/security.c +++ b/lib/security.c @@ -46,9 +46,6 @@ #ifndef CURL_DISABLE_FTP #if defined(HAVE_KRB4) || defined(HAVE_GSSAPI) -#include -#include - #ifdef HAVE_NETDB_H #include #endif -- cgit v1.2.1 From fd00b382b2d33ef90c6f5c840a32b66c8ceb1662 Mon Sep 17 00:00:00 2001 From: Yang Tse Date: Wed, 24 Aug 2011 08:07:36 +0200 Subject: base64: fix Curl_base64_encode and Curl_base64_decode interfaces Previous interfaces for these libcurl internal functions did not allow to tell apart a legitimate zero size result from an error condition. These functions now return a CURLcode indicating function success or otherwise specific error. Output size is returned using a pointer argument. All usage of these two functions, and others closely related, has been adapted to the new interfaces. Relative error and OOM handling adapted or added where missing. Unit test 1302 also adapted. --- lib/security.c | 36 ++++++++++++++++++++++++++---------- 1 file changed, 26 insertions(+), 10 deletions(-) (limited to 'lib/security.c') diff --git a/lib/security.c b/lib/security.c index af61f3aed..595a7337e 100644 --- a/lib/security.c +++ b/lib/security.c @@ -61,6 +61,7 @@ #include "ftp.h" #include "sendf.h" #include "rawstr.h" +#include "warnless.h" /* The last #include file should be: */ #include "memdebug.h" @@ -280,12 +281,13 @@ static ssize_t sec_recv(struct connectdata *conn, int sockindex, static void do_sec_send(struct connectdata *conn, curl_socket_t fd, const char *from, int length) { - size_t bytes; - size_t htonl_bytes; - char *buffer; + int bytes, htonl_bytes; /* 32-bit integers for htonl */ + char *buffer = NULL; char *cmd_buffer; + size_t cmd_size = 0; + CURLcode error; enum protection_level prot_level = conn->data_prot; - bool iscmd = prot_level == PROT_CMD; + bool iscmd = (prot_level == PROT_CMD)?TRUE:FALSE DEBUGASSERT(prot_level > PROT_NONE && prot_level < PROT_LAST); @@ -297,9 +299,17 @@ static void do_sec_send(struct connectdata *conn, curl_socket_t fd, } bytes = conn->mech->encode(conn->app_data, from, length, prot_level, (void**)&buffer, conn); + if(!buffer || bytes <= 0) + return; /* error */ + if(iscmd) { - bytes = Curl_base64_encode(conn->data, buffer, bytes, &cmd_buffer); - if(bytes > 0) { + error = Curl_base64_encode(conn->data, buffer, curlx_sitouz(bytes), + &cmd_buffer, &cmd_size); + if(error) { + free(buffer); + return; /* error */ + } + if(cmd_size > 0) { static const char *enc = "ENC "; static const char *mic = "MIC "; if(prot_level == PROT_PRIVATE) @@ -307,7 +317,7 @@ static void do_sec_send(struct connectdata *conn, curl_socket_t fd, else socket_write(conn, fd, mic, 4); - socket_write(conn, fd, cmd_buffer, bytes); + socket_write(conn, fd, cmd_buffer, cmd_size); socket_write(conn, fd, "\r\n", 2); infof(conn->data, "Send: %s%s\n", prot_level == PROT_PRIVATE?enc:mic, cmd_buffer); @@ -317,7 +327,7 @@ static void do_sec_send(struct connectdata *conn, curl_socket_t fd, else { htonl_bytes = htonl(bytes); socket_write(conn, fd, &htonl_bytes, sizeof(htonl_bytes)); - socket_write(conn, fd, buffer, bytes); + socket_write(conn, fd, buffer, curlx_sitouz(bytes)); } free(buffer); } @@ -362,14 +372,20 @@ int Curl_sec_read_msg(struct connectdata *conn, char *buffer, int decoded_len; char *buf; int ret_code; + size_t decoded_sz = 0; + CURLcode error; DEBUGASSERT(level > PROT_NONE && level < PROT_LAST); - decoded_len = Curl_base64_decode(buffer + 4, (unsigned char **)&buf); - if(decoded_len <= 0) { + error = Curl_base64_decode(buffer + 4, (unsigned char **)&buf, &decoded_sz); + if(error || decoded_sz == 0) + return -1; + + if(decoded_sz > (size_t)INT_MAX) { free(buf); return -1; } + decoded_len = curlx_uztosi(decoded_sz); decoded_len = conn->mech->decode(conn->app_data, buf, decoded_len, level, conn); -- cgit v1.2.1 From b9c63b9a73f492bea03730c2e521f5ba2d2602fa Mon Sep 17 00:00:00 2001 From: Daniel Stenberg Date: Wed, 24 Aug 2011 11:56:23 +0200 Subject: add missing semicolons --- lib/security.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'lib/security.c') diff --git a/lib/security.c b/lib/security.c index 595a7337e..a5567526e 100644 --- a/lib/security.c +++ b/lib/security.c @@ -287,7 +287,7 @@ static void do_sec_send(struct connectdata *conn, curl_socket_t fd, size_t cmd_size = 0; CURLcode error; enum protection_level prot_level = conn->data_prot; - bool iscmd = (prot_level == PROT_CMD)?TRUE:FALSE + bool iscmd = (prot_level == PROT_CMD)?TRUE:FALSE; DEBUGASSERT(prot_level > PROT_NONE && prot_level < PROT_LAST); -- cgit v1.2.1 From e83421baf4dc08a1a632ee9dc9bdecad19c677b2 Mon Sep 17 00:00:00 2001 From: Yang Tse Date: Wed, 24 Aug 2011 14:00:42 +0200 Subject: include limits.h for INT_MAX --- lib/security.c | 4 ++++ 1 file changed, 4 insertions(+) (limited to 'lib/security.c') diff --git a/lib/security.c b/lib/security.c index a5567526e..536d7c229 100644 --- a/lib/security.c +++ b/lib/security.c @@ -54,6 +54,10 @@ #include #endif +#ifdef HAVE_LIMITS_H +#include +#endif + #include "urldata.h" #include "curl_base64.h" #include "curl_memory.h" -- cgit v1.2.1 From 50a7d32af05687eef53e58ad5314a6bea2fd6a3e Mon Sep 17 00:00:00 2001 From: Marc Hoersken Date: Fri, 28 Sep 2012 23:11:57 +0200 Subject: security.c: Aligned internal type to return type Use ssize_t instead of int to avoid conversion problems on 64-bit systems. Also added curlx_sztosi where necessary. --- lib/security.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) (limited to 'lib/security.c') diff --git a/lib/security.c b/lib/security.c index 536d7c229..6201c5566 100644 --- a/lib/security.c +++ b/lib/security.c @@ -340,10 +340,10 @@ static ssize_t sec_write(struct connectdata *conn, curl_socket_t fd, const char *buffer, size_t length) { /* FIXME: Check for overflow */ - ssize_t len = conn->buffer_size; - int tx = 0; + ssize_t tx = 0, len = conn->buffer_size; - len -= conn->mech->overhead(conn->app_data, conn->data_prot, len); + len -= conn->mech->overhead(conn->app_data, conn->data_prot, + curlx_sztosi(len)); if(len <= 0) len = length; while(length) { @@ -351,7 +351,7 @@ static ssize_t sec_write(struct connectdata *conn, curl_socket_t fd, /* FIXME: Check for overflow. */ len = length; } - do_sec_send(conn, fd, buffer, len); + do_sec_send(conn, fd, buffer, curlx_sztosi(len)); length -= len; buffer += len; tx += len; -- cgit v1.2.1