[388] | 1 | /***************************************************************************
|
---|
| 2 | * _ _ ____ _
|
---|
| 3 | * Project ___| | | | _ \| |
|
---|
| 4 | * / __| | | | |_) | |
|
---|
| 5 | * | (__| |_| | _ <| |___
|
---|
| 6 | * \___|\___/|_| \_\_____|
|
---|
| 7 | *
|
---|
| 8 | * Copyright (C) 1998 - 2016, Daniel Stenberg, <daniel@haxx.se>, et al.
|
---|
| 9 | *
|
---|
| 10 | * This software is licensed as described in the file COPYING, which
|
---|
| 11 | * you should have received as part of this distribution. The terms
|
---|
| 12 | * are also available at https://curl.haxx.se/docs/copyright.html.
|
---|
| 13 | *
|
---|
| 14 | * You may opt to use, copy, modify, merge, publish, distribute and/or sell
|
---|
| 15 | * copies of the Software, and permit persons to whom the Software is
|
---|
| 16 | * furnished to do so, under the terms of the COPYING file.
|
---|
| 17 | *
|
---|
| 18 | * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
|
---|
| 19 | * KIND, either express or implied.
|
---|
| 20 | *
|
---|
| 21 | ***************************************************************************/
|
---|
| 22 |
|
---|
| 23 | #include "curl_setup.h"
|
---|
| 24 |
|
---|
| 25 | #if !defined(CURL_DISABLE_HTTP) && !defined(CURL_DISABLE_CRYPTO_AUTH)
|
---|
| 26 |
|
---|
| 27 | #include "urldata.h"
|
---|
| 28 | #include "strcase.h"
|
---|
| 29 | #include "vauth/vauth.h"
|
---|
| 30 | #include "http_digest.h"
|
---|
| 31 | /* The last 3 #include files should be in this order */
|
---|
| 32 | #include "curl_printf.h"
|
---|
| 33 | #include "curl_memory.h"
|
---|
| 34 | #include "memdebug.h"
|
---|
| 35 |
|
---|
| 36 | /* Test example headers:
|
---|
| 37 |
|
---|
| 38 | WWW-Authenticate: Digest realm="testrealm", nonce="1053604598"
|
---|
| 39 | Proxy-Authenticate: Digest realm="testrealm", nonce="1053604598"
|
---|
| 40 |
|
---|
| 41 | */
|
---|
| 42 |
|
---|
| 43 | CURLcode Curl_input_digest(struct connectdata *conn,
|
---|
| 44 | bool proxy,
|
---|
| 45 | const char *header) /* rest of the *-authenticate:
|
---|
| 46 | header */
|
---|
| 47 | {
|
---|
| 48 | struct Curl_easy *data = conn->data;
|
---|
| 49 |
|
---|
| 50 | /* Point to the correct struct with this */
|
---|
| 51 | struct digestdata *digest;
|
---|
| 52 |
|
---|
| 53 | if(proxy) {
|
---|
| 54 | digest = &data->state.proxydigest;
|
---|
| 55 | }
|
---|
| 56 | else {
|
---|
| 57 | digest = &data->state.digest;
|
---|
| 58 | }
|
---|
| 59 |
|
---|
| 60 | if(!checkprefix("Digest", header))
|
---|
| 61 | return CURLE_BAD_CONTENT_ENCODING;
|
---|
| 62 |
|
---|
| 63 | header += strlen("Digest");
|
---|
| 64 | while(*header && ISSPACE(*header))
|
---|
| 65 | header++;
|
---|
| 66 |
|
---|
| 67 | return Curl_auth_decode_digest_http_message(header, digest);
|
---|
| 68 | }
|
---|
| 69 |
|
---|
| 70 | CURLcode Curl_output_digest(struct connectdata *conn,
|
---|
| 71 | bool proxy,
|
---|
| 72 | const unsigned char *request,
|
---|
| 73 | const unsigned char *uripath)
|
---|
| 74 | {
|
---|
| 75 | CURLcode result;
|
---|
| 76 | struct Curl_easy *data = conn->data;
|
---|
| 77 | unsigned char *path = NULL;
|
---|
| 78 | char *tmp = NULL;
|
---|
| 79 | char *response;
|
---|
| 80 | size_t len;
|
---|
| 81 | bool have_chlg;
|
---|
| 82 |
|
---|
| 83 | /* Point to the address of the pointer that holds the string to send to the
|
---|
| 84 | server, which is for a plain host or for a HTTP proxy */
|
---|
| 85 | char **allocuserpwd;
|
---|
| 86 |
|
---|
| 87 | /* Point to the name and password for this */
|
---|
| 88 | const char *userp;
|
---|
| 89 | const char *passwdp;
|
---|
| 90 |
|
---|
| 91 | /* Point to the correct struct with this */
|
---|
| 92 | struct digestdata *digest;
|
---|
| 93 | struct auth *authp;
|
---|
| 94 |
|
---|
| 95 | if(proxy) {
|
---|
| 96 | digest = &data->state.proxydigest;
|
---|
| 97 | allocuserpwd = &conn->allocptr.proxyuserpwd;
|
---|
| 98 | userp = conn->http_proxy.user;
|
---|
| 99 | passwdp = conn->http_proxy.passwd;
|
---|
| 100 | authp = &data->state.authproxy;
|
---|
| 101 | }
|
---|
| 102 | else {
|
---|
| 103 | digest = &data->state.digest;
|
---|
| 104 | allocuserpwd = &conn->allocptr.userpwd;
|
---|
| 105 | userp = conn->user;
|
---|
| 106 | passwdp = conn->passwd;
|
---|
| 107 | authp = &data->state.authhost;
|
---|
| 108 | }
|
---|
| 109 |
|
---|
| 110 | Curl_safefree(*allocuserpwd);
|
---|
| 111 |
|
---|
| 112 | /* not set means empty */
|
---|
| 113 | if(!userp)
|
---|
| 114 | userp = "";
|
---|
| 115 |
|
---|
| 116 | if(!passwdp)
|
---|
| 117 | passwdp = "";
|
---|
| 118 |
|
---|
| 119 | #if defined(USE_WINDOWS_SSPI)
|
---|
| 120 | have_chlg = digest->input_token ? TRUE : FALSE;
|
---|
| 121 | #else
|
---|
| 122 | have_chlg = digest->nonce ? TRUE : FALSE;
|
---|
| 123 | #endif
|
---|
| 124 |
|
---|
| 125 | if(!have_chlg) {
|
---|
| 126 | authp->done = FALSE;
|
---|
| 127 | return CURLE_OK;
|
---|
| 128 | }
|
---|
| 129 |
|
---|
| 130 | /* So IE browsers < v7 cut off the URI part at the query part when they
|
---|
| 131 | evaluate the MD5 and some (IIS?) servers work with them so we may need to
|
---|
| 132 | do the Digest IE-style. Note that the different ways cause different MD5
|
---|
| 133 | sums to get sent.
|
---|
| 134 |
|
---|
| 135 | Apache servers can be set to do the Digest IE-style automatically using
|
---|
| 136 | the BrowserMatch feature:
|
---|
| 137 | https://httpd.apache.org/docs/2.2/mod/mod_auth_digest.html#msie
|
---|
| 138 |
|
---|
| 139 | Further details on Digest implementation differences:
|
---|
| 140 | http://www.fngtps.com/2006/09/http-authentication
|
---|
| 141 | */
|
---|
| 142 |
|
---|
| 143 | if(authp->iestyle) {
|
---|
| 144 | tmp = strchr((char *)uripath, '?');
|
---|
| 145 | if(tmp) {
|
---|
| 146 | size_t urilen = tmp - (char *)uripath;
|
---|
| 147 | path = (unsigned char *) aprintf("%.*s", urilen, uripath);
|
---|
| 148 | }
|
---|
| 149 | }
|
---|
| 150 | if(!tmp)
|
---|
| 151 | path = (unsigned char *) strdup((char *) uripath);
|
---|
| 152 |
|
---|
| 153 | if(!path)
|
---|
| 154 | return CURLE_OUT_OF_MEMORY;
|
---|
| 155 |
|
---|
| 156 | result = Curl_auth_create_digest_http_message(data, userp, passwdp, request,
|
---|
| 157 | path, digest, &response, &len);
|
---|
| 158 | free(path);
|
---|
| 159 | if(result)
|
---|
| 160 | return result;
|
---|
| 161 |
|
---|
| 162 | *allocuserpwd = aprintf("%sAuthorization: Digest %s\r\n",
|
---|
| 163 | proxy ? "Proxy-" : "",
|
---|
| 164 | response);
|
---|
| 165 | free(response);
|
---|
| 166 | if(!*allocuserpwd)
|
---|
| 167 | return CURLE_OUT_OF_MEMORY;
|
---|
| 168 |
|
---|
| 169 | authp->done = TRUE;
|
---|
| 170 |
|
---|
| 171 | return CURLE_OK;
|
---|
| 172 | }
|
---|
| 173 |
|
---|
| 174 | void Curl_digest_cleanup(struct Curl_easy *data)
|
---|
| 175 | {
|
---|
| 176 | Curl_auth_digest_cleanup(&data->state.digest);
|
---|
| 177 | Curl_auth_digest_cleanup(&data->state.proxydigest);
|
---|
| 178 | }
|
---|
| 179 |
|
---|
| 180 | #endif
|
---|