summaryrefslogtreecommitdiff
path: root/source4/lib/http
Commit message (Collapse)AuthorAgeFilesLines
* libhttp: Remove an unneeded includeVolker Lendecke2017-08-161-1/+0
| | | | | | | | Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Wed Aug 16 04:11:47 CEST 2017 on sn-devel-144
* s4:lib/http: pass down the target service/hostname to gensecStefan Metzmacher2017-08-071-0/+21
| | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* s4:lib/http: add HTTP_AUTH_NEGOTIATE which maps to the "http_negotiate" ↵Stefan Metzmacher2017-08-072-0/+5
| | | | | | | gensec backend Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* s4:http/gensec: implement "http_negotiate" using GENSEC_OID_SPNEGOStefan Metzmacher2017-08-071-0/+24
| | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* s4:http/gensec: make the "NTLM" base64 wrapping more genericStefan Metzmacher2017-08-071-32/+107
| | | | | | | | | | | We only need to know the prefix "NTLM" and the submech oid GENSEC_OID_NTLMSSP everything else can be generic. This should allow us to implement "Negotiate" with GENSEC_OID_SPNEGO trivial. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* s4:http/gensec: rename ntlm.c to generic.cStefan Metzmacher2017-08-072-5/+5
| | | | | | | Check with git show -C Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* s4:lib/http: pass a generic prefix blob to http_parse_auth_response()Stefan Metzmacher2017-08-071-11/+13
| | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* s4:lib/http: use strcasecmp(h->key, "WWW-Authenticate") instead of strncasecmp()Stefan Metzmacher2017-08-071-1/+4
| | | | | | | The key is already normalized and should match completely. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* s4:lib/http: remove indentation level from http_parse_auth_response()Stefan Metzmacher2017-08-071-10/+12
| | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* s4:lib/http: let http_read_response_send/recv() also consume the body if it ↵Stefan Metzmacher2017-08-074-17/+76
| | | | | | | | | | | | | | | | | | | fits into a max value We need to consume full HTTP responses from the socket during the authentication exchanges, otherwise our HTTP parser gets out of sync for the next requests. This will be important for gensec mechs which use an even number for authentication packets. I guess this should be done just based on the Content-Length value and not based on the response code. So far I saw bodies with 200 and 401 codes. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* s4:lib/http: lower HTTP_MAX_HEADER_SIZE from UINT_MAX to 0x1FFFFStefan Metzmacher2017-08-071-1/+1
| | | | | | | | | We don't need very large headers, the largest ones are "Authorization" or "WWW-Authenticate", but 128k should be more than enough for all headers. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* s4:lib/http: rewrite http_send_auth_request_*() using gensec_update_send/recvStefan Metzmacher2017-07-252-186/+153
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The new logic makes it much clearer that we have a loop of gensec_update_send() gensec_update_recv() http_send_request_send() http_send_request_recv() http_read_response_send() http_read_response_recv() Until the local gensec and the server are ready. I've tested this against Windows 2008R2 like this: bin/smbtorture \ -W BLA --realm=BLA.BASE \ -s /dev/null -Uadministrator%A1b2C3d4 \ ncacn_http:w2k8r2-219[593,RpcProxy=w2k8r2-219.bla.base,HttpUseTls=false,HttpAuthOption=basic] \ rpc.epmapper.epmapper.Lookup_simple \ and: bin/smbtorture \ -W BLA --realm=BLA.BASE \ -s /dev/null -Uadministrator%A1b2C3d4 \ ncacn_http:w2k8r2-219[593,RpcProxy=w2k8r2-219.bla.base,HttpUseTls=false,HttpAuthOption=ntlm] \ rpc.epmapper.epmapper.Lookup_simple \ Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* s4:http/gensec: add missing tevent_req_done() to gensec_http_ntlm_update_done()Stefan Metzmacher2017-07-211-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This was missing in commit d718e92d5e145dccd492c46febc249e462ce50c6. Sadly we can't have automated tests for this as we only implement the client side for this protocol. I've tested with using: bin/smbtorture \ -W BLA --realm=BLA.BASE \ -s /dev/null -Uadministrator%A1b2C3d4 \ ncacn_http:w2k8r2-219[593,RpcProxy=w2k8r2-219.bla.base,HttpUseTls=false,HttpAuthOption=basic] \ rpc.epmapper.epmapper.Lookup_simple \ and: bin/smbtorture \ -W BLA --realm=BLA.BASE \ -s /dev/null -Uadministrator%A1b2C3d4 \ ncacn_http:w2k8r2-219[593,RpcProxy=w2k8r2-219.bla.base,HttpUseTls=false,HttpAuthOption=ntlm] \ rpc.epmapper.epmapper.Lookup_simple \ BUG: https://bugzilla.samba.org/show_bug.cgi?id=12919 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Fri Jul 21 23:29:39 CEST 2017 on sn-devel-144
* s4:gensec/http_basic: add simple gensec_http_basic_update_send/recv() ↵Stefan Metzmacher2017-05-211-6/+72
| | | | | | | wrapper functions Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* s4:gensec/http_ntlm: add implement gensec_http_ntlm_update_send/recv()Stefan Metzmacher2017-05-211-31/+95
| | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* gensec: Add a TALLOC_CTX * to gensec_register().Jeremy Allison2017-05-132-2/+2
| | | | | | | | Pass in the TALLOC_CTX * from the module init to remove another talloc_autofree_context() use. Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
* lib: modules: Change XXX_init interface from XXX_init(void) to ↵Jeremy Allison2017-04-222-4/+4
| | | | | | | | | | | | | | | | | | | | XXX_init(TALLOC_CTX *) Not currently used - no logic changes inside. This will make it possible to pass down a long-lived talloc context from the loading function for modules to use instead of having them internally all use talloc_autofree_context() which is a hidden global. Updated all known module interface numbers, and added a WHATSNEW. Signed-off-by: Jeremy Allison <jra@samba.org> Signed-off-by: Ralph Böhme <slow@samba.org> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Sat Apr 22 01:17:00 CEST 2017 on sn-devel-144
* lib: Give base64.c its own .hVolker Lendecke2016-05-042-0/+2
| | | | | Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* lib/http/http_auth: Fix CID 1273428 - Unchecked return valueRobin Hack2016-04-261-0/+3
| | | | | | | | | | | | | | | | | | | | | | | | There is missing check of status value in http_auth.c:http_create_auth_request() which can leave values inside 'DATA_BLOB in' unitialized. http_auth.c:http_create_auth_request() calls http_auth.c:http_parse_auth_response() which can return NT_STATUS_NOT_SUPPORTED and which is not checked by caller and later passed as argument to other functions. For example: 'DATA_BLOB in' can be passed to auth/gensec/spnego.c:gensec_spnego_update() later: ... switch (spnego_state->state_position) { .. case SPNEGO_SERVER_START: if (in.length) { Signed-off-by: Robin Hack <hack.robin@gmail.com> Reviewed-by: Andreas Schneider <asn@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* dlist: remove unneeded type argument from DLIST_ADD_END()Michael Adam2016-02-061-1/+1
| | | | | Signed-off-by: Michael Adam <obnox@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* Fix the O3 developer buildVolker Lendecke2015-03-031-2/+2
| | | | | | | | | | Different gcc versions complain at different places Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Alexander Bokovoy <ab@samba.org> Autobuild-User(master): Volker Lendecke <vl@samba.org> Autobuild-Date(master): Tue Mar 3 13:14:53 CET 2015 on sn-devel-104
* ncacn_http: fix GNUismRalph Boehme2014-10-091-2/+2
| | | | | | | | | | | %a format conversion is a GNU extension, use the more portable %m. It's at least in SUSv4, supported by glibc since 2.7 and FreeBSD 10. Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Thu Oct 9 22:05:26 CEST 2014 on sn-devel-104
* ncacn_http: Authentication modules for http librarySamuel Cabrero2014-09-225-4/+645
| | | | | | Signed-off-by: Samuel Cabrero <samuelcabrero@kernevil.me> Reviewed-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* ncacn_http: Add http librarySamuel Cabrero2014-09-224-0/+1005
Signed-off-by: Samuel Cabrero <samuelcabrero@kernevil.me> Reviewed-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
View Lorry Controller Status