1 | /* GSSAPI/krb5 support for FTP - loosely based on old krb4.c |
2 | * |
3 | * Copyright (c) 1995, 1996, 1997, 1998, 1999 Kungliga Tekniska Högskolan |
4 | * (Royal Institute of Technology, Stockholm, Sweden). |
5 | * Copyright (c) 2004 - 2022 Daniel Stenberg |
6 | * All rights reserved. |
7 | * |
8 | * SPDX-License-Identifier: BSD-3-Clause |
9 | * |
10 | * Redistribution and use in source and binary forms, with or without |
11 | * modification, are permitted provided that the following conditions |
12 | * are met: |
13 | * |
14 | * 1. Redistributions of source code must retain the above copyright |
15 | * notice, this list of conditions and the following disclaimer. |
16 | * |
17 | * 2. Redistributions in binary form must reproduce the above copyright |
18 | * notice, this list of conditions and the following disclaimer in the |
19 | * documentation and/or other materials provided with the distribution. |
20 | * |
21 | * 3. Neither the name of the Institute nor the names of its contributors |
22 | * may be used to endorse or promote products derived from this software |
23 | * without specific prior written permission. |
24 | * |
25 | * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND |
26 | * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE |
27 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE |
28 | * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE |
29 | * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL |
30 | * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS |
31 | * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) |
32 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT |
33 | * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY |
34 | * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF |
35 | * SUCH DAMAGE. */ |
36 | |
37 | #include "curl_setup.h" |
38 | |
39 | #if defined(HAVE_GSSAPI) && !defined(CURL_DISABLE_FTP) |
40 | |
41 | #ifdef HAVE_NETDB_H |
42 | #include <netdb.h> |
43 | #endif |
44 | |
45 | #include "urldata.h" |
46 | #include "curl_base64.h" |
47 | #include "ftp.h" |
48 | #include "curl_gssapi.h" |
49 | #include "sendf.h" |
50 | #include "curl_krb5.h" |
51 | #include "warnless.h" |
52 | #include "strcase.h" |
53 | #include "strdup.h" |
54 | |
55 | /* The last 3 #include files should be in this order */ |
56 | #include "curl_printf.h" |
57 | #include "curl_memory.h" |
58 | #include "memdebug.h" |
59 | |
60 | static CURLcode ftpsend(struct Curl_easy *data, struct connectdata *conn, |
61 | const char *cmd) |
62 | { |
63 | ssize_t bytes_written; |
64 | #define SBUF_SIZE 1024 |
65 | char s[SBUF_SIZE]; |
66 | size_t write_len; |
67 | char *sptr = s; |
68 | CURLcode result = CURLE_OK; |
69 | #ifdef HAVE_GSSAPI |
70 | enum protection_level data_sec = conn->data_prot; |
71 | #endif |
72 | |
73 | if(!cmd) |
74 | return CURLE_BAD_FUNCTION_ARGUMENT; |
75 | |
76 | write_len = strlen(cmd); |
77 | if(!write_len || write_len > (sizeof(s) -3)) |
78 | return CURLE_BAD_FUNCTION_ARGUMENT; |
79 | |
80 | memcpy(&s, cmd, write_len); |
81 | strcpy(&s[write_len], "\r\n" ); /* append a trailing CRLF */ |
82 | write_len += 2; |
83 | bytes_written = 0; |
84 | |
85 | for(;;) { |
86 | #ifdef HAVE_GSSAPI |
87 | conn->data_prot = PROT_CMD; |
88 | #endif |
89 | result = Curl_write(data, conn->sock[FIRSTSOCKET], sptr, write_len, |
90 | &bytes_written); |
91 | #ifdef HAVE_GSSAPI |
92 | DEBUGASSERT(data_sec > PROT_NONE && data_sec < PROT_LAST); |
93 | conn->data_prot = data_sec; |
94 | #endif |
95 | |
96 | if(result) |
97 | break; |
98 | |
99 | Curl_debug(data, CURLINFO_HEADER_OUT, sptr, (size_t)bytes_written); |
100 | |
101 | if(bytes_written != (ssize_t)write_len) { |
102 | write_len -= bytes_written; |
103 | sptr += bytes_written; |
104 | } |
105 | else |
106 | break; |
107 | } |
108 | |
109 | return result; |
110 | } |
111 | |
112 | static int |
113 | krb5_init(void *app_data) |
114 | { |
115 | gss_ctx_id_t *context = app_data; |
116 | /* Make sure our context is initialized for krb5_end. */ |
117 | *context = GSS_C_NO_CONTEXT; |
118 | return 0; |
119 | } |
120 | |
121 | static int |
122 | krb5_check_prot(void *app_data, int level) |
123 | { |
124 | (void)app_data; /* unused */ |
125 | if(level == PROT_CONFIDENTIAL) |
126 | return -1; |
127 | return 0; |
128 | } |
129 | |
130 | static int |
131 | krb5_decode(void *app_data, void *buf, int len, |
132 | int level UNUSED_PARAM, |
133 | struct connectdata *conn UNUSED_PARAM) |
134 | { |
135 | gss_ctx_id_t *context = app_data; |
136 | OM_uint32 maj, min; |
137 | gss_buffer_desc enc, dec; |
138 | |
139 | (void)level; |
140 | (void)conn; |
141 | |
142 | enc.value = buf; |
143 | enc.length = len; |
144 | maj = gss_unwrap(&min, *context, &enc, &dec, NULL, NULL); |
145 | if(maj != GSS_S_COMPLETE) |
146 | return -1; |
147 | |
148 | memcpy(buf, dec.value, dec.length); |
149 | len = curlx_uztosi(dec.length); |
150 | gss_release_buffer(&min, &dec); |
151 | |
152 | return len; |
153 | } |
154 | |
155 | static int |
156 | krb5_encode(void *app_data, const void *from, int length, int level, void **to) |
157 | { |
158 | gss_ctx_id_t *context = app_data; |
159 | gss_buffer_desc dec, enc; |
160 | OM_uint32 maj, min; |
161 | int state; |
162 | int len; |
163 | |
164 | /* NOTE that the cast is safe, neither of the krb5, gnu gss and heimdal |
165 | * libraries modify the input buffer in gss_wrap() |
166 | */ |
167 | dec.value = (void *)from; |
168 | dec.length = length; |
169 | maj = gss_wrap(&min, *context, |
170 | level == PROT_PRIVATE, |
171 | GSS_C_QOP_DEFAULT, |
172 | &dec, &state, &enc); |
173 | |
174 | if(maj != GSS_S_COMPLETE) |
175 | return -1; |
176 | |
177 | /* malloc a new buffer, in case gss_release_buffer doesn't work as |
178 | expected */ |
179 | *to = malloc(enc.length); |
180 | if(!*to) |
181 | return -1; |
182 | memcpy(*to, enc.value, enc.length); |
183 | len = curlx_uztosi(enc.length); |
184 | gss_release_buffer(&min, &enc); |
185 | return len; |
186 | } |
187 | |
188 | static int |
189 | krb5_auth(void *app_data, struct Curl_easy *data, struct connectdata *conn) |
190 | { |
191 | int ret = AUTH_OK; |
192 | char *p; |
193 | const char *host = conn->host.name; |
194 | ssize_t nread; |
195 | curl_socklen_t l = sizeof(conn->local_addr); |
196 | CURLcode result; |
197 | const char *service = data->set.str[STRING_SERVICE_NAME] ? |
198 | data->set.str[STRING_SERVICE_NAME] : |
199 | "ftp" ; |
200 | const char *srv_host = "host" ; |
201 | gss_buffer_desc input_buffer, output_buffer, _gssresp, *gssresp; |
202 | OM_uint32 maj, min; |
203 | gss_name_t gssname; |
204 | gss_ctx_id_t *context = app_data; |
205 | struct gss_channel_bindings_struct chan; |
206 | size_t base64_sz = 0; |
207 | struct sockaddr_in **remote_addr = |
208 | (struct sockaddr_in **)&conn->ip_addr->ai_addr; |
209 | char *stringp; |
210 | |
211 | if(getsockname(conn->sock[FIRSTSOCKET], |
212 | (struct sockaddr *)&conn->local_addr, &l) < 0) |
213 | perror("getsockname()" ); |
214 | |
215 | chan.initiator_addrtype = GSS_C_AF_INET; |
216 | chan.initiator_address.length = l - 4; |
217 | chan.initiator_address.value = &conn->local_addr.sin_addr.s_addr; |
218 | chan.acceptor_addrtype = GSS_C_AF_INET; |
219 | chan.acceptor_address.length = l - 4; |
220 | chan.acceptor_address.value = &(*remote_addr)->sin_addr.s_addr; |
221 | chan.application_data.length = 0; |
222 | chan.application_data.value = NULL; |
223 | |
224 | /* this loop will execute twice (once for service, once for host) */ |
225 | for(;;) { |
226 | /* this really shouldn't be repeated here, but can't help it */ |
227 | if(service == srv_host) { |
228 | result = ftpsend(data, conn, "AUTH GSSAPI" ); |
229 | if(result) |
230 | return -2; |
231 | |
232 | if(Curl_GetFTPResponse(data, &nread, NULL)) |
233 | return -1; |
234 | |
235 | if(data->state.buffer[0] != '3') |
236 | return -1; |
237 | } |
238 | |
239 | stringp = aprintf("%s@%s" , service, host); |
240 | if(!stringp) |
241 | return -2; |
242 | |
243 | input_buffer.value = stringp; |
244 | input_buffer.length = strlen(stringp); |
245 | maj = gss_import_name(&min, &input_buffer, GSS_C_NT_HOSTBASED_SERVICE, |
246 | &gssname); |
247 | free(stringp); |
248 | if(maj != GSS_S_COMPLETE) { |
249 | gss_release_name(&min, &gssname); |
250 | if(service == srv_host) { |
251 | failf(data, "Error importing service name %s@%s" , service, host); |
252 | return AUTH_ERROR; |
253 | } |
254 | service = srv_host; |
255 | continue; |
256 | } |
257 | /* We pass NULL as |output_name_type| to avoid a leak. */ |
258 | gss_display_name(&min, gssname, &output_buffer, NULL); |
259 | infof(data, "Trying against %s" , output_buffer.value); |
260 | gssresp = GSS_C_NO_BUFFER; |
261 | *context = GSS_C_NO_CONTEXT; |
262 | |
263 | do { |
264 | /* Release the buffer at each iteration to avoid leaking: the first time |
265 | we are releasing the memory from gss_display_name. The last item is |
266 | taken care by a final gss_release_buffer. */ |
267 | gss_release_buffer(&min, &output_buffer); |
268 | ret = AUTH_OK; |
269 | maj = Curl_gss_init_sec_context(data, |
270 | &min, |
271 | context, |
272 | gssname, |
273 | &Curl_krb5_mech_oid, |
274 | &chan, |
275 | gssresp, |
276 | &output_buffer, |
277 | TRUE, |
278 | NULL); |
279 | |
280 | if(gssresp) { |
281 | free(_gssresp.value); |
282 | gssresp = NULL; |
283 | } |
284 | |
285 | if(GSS_ERROR(maj)) { |
286 | infof(data, "Error creating security context" ); |
287 | ret = AUTH_ERROR; |
288 | break; |
289 | } |
290 | |
291 | if(output_buffer.length) { |
292 | char *cmd; |
293 | |
294 | result = Curl_base64_encode((char *)output_buffer.value, |
295 | output_buffer.length, &p, &base64_sz); |
296 | if(result) { |
297 | infof(data, "base64-encoding: %s" , curl_easy_strerror(result)); |
298 | ret = AUTH_ERROR; |
299 | break; |
300 | } |
301 | |
302 | cmd = aprintf("ADAT %s" , p); |
303 | if(cmd) |
304 | result = ftpsend(data, conn, cmd); |
305 | else |
306 | result = CURLE_OUT_OF_MEMORY; |
307 | |
308 | free(p); |
309 | free(cmd); |
310 | |
311 | if(result) { |
312 | ret = -2; |
313 | break; |
314 | } |
315 | |
316 | if(Curl_GetFTPResponse(data, &nread, NULL)) { |
317 | ret = -1; |
318 | break; |
319 | } |
320 | |
321 | if(data->state.buffer[0] != '2' && data->state.buffer[0] != '3') { |
322 | infof(data, "Server didn't accept auth data" ); |
323 | ret = AUTH_ERROR; |
324 | break; |
325 | } |
326 | |
327 | _gssresp.value = NULL; /* make sure it is initialized */ |
328 | p = data->state.buffer + 4; |
329 | p = strstr(p, "ADAT=" ); |
330 | if(p) { |
331 | result = Curl_base64_decode(p + 5, |
332 | (unsigned char **)&_gssresp.value, |
333 | &_gssresp.length); |
334 | if(result) { |
335 | failf(data, "base64-decoding: %s" , curl_easy_strerror(result)); |
336 | ret = AUTH_CONTINUE; |
337 | break; |
338 | } |
339 | } |
340 | |
341 | gssresp = &_gssresp; |
342 | } |
343 | } while(maj == GSS_S_CONTINUE_NEEDED); |
344 | |
345 | gss_release_name(&min, &gssname); |
346 | gss_release_buffer(&min, &output_buffer); |
347 | |
348 | if(gssresp) |
349 | free(_gssresp.value); |
350 | |
351 | if(ret == AUTH_OK || service == srv_host) |
352 | return ret; |
353 | |
354 | service = srv_host; |
355 | } |
356 | return ret; |
357 | } |
358 | |
359 | static void krb5_end(void *app_data) |
360 | { |
361 | OM_uint32 min; |
362 | gss_ctx_id_t *context = app_data; |
363 | if(*context != GSS_C_NO_CONTEXT) { |
364 | OM_uint32 maj = gss_delete_sec_context(&min, context, GSS_C_NO_BUFFER); |
365 | (void)maj; |
366 | DEBUGASSERT(maj == GSS_S_COMPLETE); |
367 | } |
368 | } |
369 | |
370 | static const struct Curl_sec_client_mech Curl_krb5_client_mech = { |
371 | "GSSAPI" , |
372 | sizeof(gss_ctx_id_t), |
373 | krb5_init, |
374 | krb5_auth, |
375 | krb5_end, |
376 | krb5_check_prot, |
377 | |
378 | krb5_encode, |
379 | krb5_decode |
380 | }; |
381 | |
382 | static const struct { |
383 | enum protection_level level; |
384 | const char *name; |
385 | } level_names[] = { |
386 | { PROT_CLEAR, "clear" }, |
387 | { PROT_SAFE, "safe" }, |
388 | { PROT_CONFIDENTIAL, "confidential" }, |
389 | { PROT_PRIVATE, "private" } |
390 | }; |
391 | |
392 | static enum protection_level |
393 | name_to_level(const char *name) |
394 | { |
395 | int i; |
396 | for(i = 0; i < (int)sizeof(level_names)/(int)sizeof(level_names[0]); i++) |
397 | if(curl_strequal(name, level_names[i].name)) |
398 | return level_names[i].level; |
399 | return PROT_NONE; |
400 | } |
401 | |
402 | /* Convert a protocol |level| to its char representation. |
403 | We take an int to catch programming mistakes. */ |
404 | static char level_to_char(int level) |
405 | { |
406 | switch(level) { |
407 | case PROT_CLEAR: |
408 | return 'C'; |
409 | case PROT_SAFE: |
410 | return 'S'; |
411 | case PROT_CONFIDENTIAL: |
412 | return 'E'; |
413 | case PROT_PRIVATE: |
414 | return 'P'; |
415 | case PROT_CMD: |
416 | /* Fall through */ |
417 | default: |
418 | /* Those 2 cases should not be reached! */ |
419 | break; |
420 | } |
421 | DEBUGASSERT(0); |
422 | /* Default to the most secure alternative. */ |
423 | return 'P'; |
424 | } |
425 | |
426 | /* Send an FTP command defined by |message| and the optional arguments. The |
427 | function returns the ftp_code. If an error occurs, -1 is returned. */ |
428 | static int ftp_send_command(struct Curl_easy *data, const char *message, ...) |
429 | { |
430 | int ftp_code; |
431 | ssize_t nread = 0; |
432 | va_list args; |
433 | char print_buffer[50]; |
434 | |
435 | va_start(args, message); |
436 | mvsnprintf(print_buffer, sizeof(print_buffer), message, args); |
437 | va_end(args); |
438 | |
439 | if(ftpsend(data, data->conn, print_buffer)) { |
440 | ftp_code = -1; |
441 | } |
442 | else { |
443 | if(Curl_GetFTPResponse(data, &nread, &ftp_code)) |
444 | ftp_code = -1; |
445 | } |
446 | |
447 | (void)nread; /* Unused */ |
448 | return ftp_code; |
449 | } |
450 | |
451 | /* Read |len| from the socket |fd| and store it in |to|. Return a CURLcode |
452 | saying whether an error occurred or CURLE_OK if |len| was read. */ |
453 | static CURLcode |
454 | socket_read(curl_socket_t fd, void *to, size_t len) |
455 | { |
456 | char *to_p = to; |
457 | CURLcode result; |
458 | ssize_t nread = 0; |
459 | |
460 | while(len > 0) { |
461 | result = Curl_read_plain(fd, to_p, len, &nread); |
462 | if(!result) { |
463 | len -= nread; |
464 | to_p += nread; |
465 | } |
466 | else { |
467 | if(result == CURLE_AGAIN) |
468 | continue; |
469 | return result; |
470 | } |
471 | } |
472 | return CURLE_OK; |
473 | } |
474 | |
475 | |
476 | /* Write |len| bytes from the buffer |to| to the socket |fd|. Return a |
477 | CURLcode saying whether an error occurred or CURLE_OK if |len| was |
478 | written. */ |
479 | static CURLcode |
480 | socket_write(struct Curl_easy *data, curl_socket_t fd, const void *to, |
481 | size_t len) |
482 | { |
483 | const char *to_p = to; |
484 | CURLcode result; |
485 | ssize_t written; |
486 | |
487 | while(len > 0) { |
488 | result = Curl_write_plain(data, fd, to_p, len, &written); |
489 | if(!result) { |
490 | len -= written; |
491 | to_p += written; |
492 | } |
493 | else { |
494 | if(result == CURLE_AGAIN) |
495 | continue; |
496 | return result; |
497 | } |
498 | } |
499 | return CURLE_OK; |
500 | } |
501 | |
502 | static CURLcode read_data(struct connectdata *conn, |
503 | curl_socket_t fd, |
504 | struct krb5buffer *buf) |
505 | { |
506 | int len; |
507 | CURLcode result; |
508 | int nread; |
509 | |
510 | result = socket_read(fd, &len, sizeof(len)); |
511 | if(result) |
512 | return result; |
513 | |
514 | if(len) { |
515 | /* only realloc if there was a length */ |
516 | len = ntohl(len); |
517 | if(len > CURL_MAX_INPUT_LENGTH) |
518 | len = 0; |
519 | else |
520 | buf->data = Curl_saferealloc(buf->data, len); |
521 | } |
522 | if(!len || !buf->data) |
523 | return CURLE_OUT_OF_MEMORY; |
524 | |
525 | result = socket_read(fd, buf->data, len); |
526 | if(result) |
527 | return result; |
528 | nread = conn->mech->decode(conn->app_data, buf->data, len, |
529 | conn->data_prot, conn); |
530 | if(nread < 0) |
531 | return CURLE_RECV_ERROR; |
532 | buf->size = (size_t)nread; |
533 | buf->index = 0; |
534 | return CURLE_OK; |
535 | } |
536 | |
537 | static size_t |
538 | buffer_read(struct krb5buffer *buf, void *data, size_t len) |
539 | { |
540 | if(buf->size - buf->index < len) |
541 | len = buf->size - buf->index; |
542 | memcpy(data, (char *)buf->data + buf->index, len); |
543 | buf->index += len; |
544 | return len; |
545 | } |
546 | |
547 | /* Matches Curl_recv signature */ |
548 | static ssize_t sec_recv(struct Curl_easy *data, int sockindex, |
549 | char *buffer, size_t len, CURLcode *err) |
550 | { |
551 | size_t bytes_read; |
552 | size_t total_read = 0; |
553 | struct connectdata *conn = data->conn; |
554 | curl_socket_t fd = conn->sock[sockindex]; |
555 | |
556 | *err = CURLE_OK; |
557 | |
558 | /* Handle clear text response. */ |
559 | if(conn->sec_complete == 0 || conn->data_prot == PROT_CLEAR) |
560 | return sread(fd, buffer, len); |
561 | |
562 | if(conn->in_buffer.eof_flag) { |
563 | conn->in_buffer.eof_flag = 0; |
564 | return 0; |
565 | } |
566 | |
567 | bytes_read = buffer_read(&conn->in_buffer, buffer, len); |
568 | len -= bytes_read; |
569 | total_read += bytes_read; |
570 | buffer += bytes_read; |
571 | |
572 | while(len > 0) { |
573 | if(read_data(conn, fd, &conn->in_buffer)) |
574 | return -1; |
575 | if(conn->in_buffer.size == 0) { |
576 | if(bytes_read > 0) |
577 | conn->in_buffer.eof_flag = 1; |
578 | return bytes_read; |
579 | } |
580 | bytes_read = buffer_read(&conn->in_buffer, buffer, len); |
581 | len -= bytes_read; |
582 | total_read += bytes_read; |
583 | buffer += bytes_read; |
584 | } |
585 | return total_read; |
586 | } |
587 | |
588 | /* Send |length| bytes from |from| to the |fd| socket taking care of encoding |
589 | and negotiating with the server. |from| can be NULL. */ |
590 | static void do_sec_send(struct Curl_easy *data, struct connectdata *conn, |
591 | curl_socket_t fd, const char *from, int length) |
592 | { |
593 | int bytes, htonl_bytes; /* 32-bit integers for htonl */ |
594 | char *buffer = NULL; |
595 | char *cmd_buffer; |
596 | size_t cmd_size = 0; |
597 | CURLcode error; |
598 | enum protection_level prot_level = conn->data_prot; |
599 | bool iscmd = (prot_level == PROT_CMD)?TRUE:FALSE; |
600 | |
601 | DEBUGASSERT(prot_level > PROT_NONE && prot_level < PROT_LAST); |
602 | |
603 | if(iscmd) { |
604 | if(!strncmp(from, "PASS " , 5) || !strncmp(from, "ACCT " , 5)) |
605 | prot_level = PROT_PRIVATE; |
606 | else |
607 | prot_level = conn->command_prot; |
608 | } |
609 | bytes = conn->mech->encode(conn->app_data, from, length, prot_level, |
610 | (void **)&buffer); |
611 | if(!buffer || bytes <= 0) |
612 | return; /* error */ |
613 | |
614 | if(iscmd) { |
615 | error = Curl_base64_encode(buffer, curlx_sitouz(bytes), |
616 | &cmd_buffer, &cmd_size); |
617 | if(error) { |
618 | free(buffer); |
619 | return; /* error */ |
620 | } |
621 | if(cmd_size > 0) { |
622 | static const char *enc = "ENC " ; |
623 | static const char *mic = "MIC " ; |
624 | if(prot_level == PROT_PRIVATE) |
625 | socket_write(data, fd, enc, 4); |
626 | else |
627 | socket_write(data, fd, mic, 4); |
628 | |
629 | socket_write(data, fd, cmd_buffer, cmd_size); |
630 | socket_write(data, fd, "\r\n" , 2); |
631 | infof(data, "Send: %s%s" , prot_level == PROT_PRIVATE?enc:mic, |
632 | cmd_buffer); |
633 | free(cmd_buffer); |
634 | } |
635 | } |
636 | else { |
637 | htonl_bytes = htonl(bytes); |
638 | socket_write(data, fd, &htonl_bytes, sizeof(htonl_bytes)); |
639 | socket_write(data, fd, buffer, curlx_sitouz(bytes)); |
640 | } |
641 | free(buffer); |
642 | } |
643 | |
644 | static ssize_t sec_write(struct Curl_easy *data, struct connectdata *conn, |
645 | curl_socket_t fd, const char *buffer, size_t length) |
646 | { |
647 | ssize_t tx = 0, len = conn->buffer_size; |
648 | |
649 | if(len <= 0) |
650 | len = length; |
651 | while(length) { |
652 | if(length < (size_t)len) |
653 | len = length; |
654 | |
655 | do_sec_send(data, conn, fd, buffer, curlx_sztosi(len)); |
656 | length -= len; |
657 | buffer += len; |
658 | tx += len; |
659 | } |
660 | return tx; |
661 | } |
662 | |
663 | /* Matches Curl_send signature */ |
664 | static ssize_t sec_send(struct Curl_easy *data, int sockindex, |
665 | const void *buffer, size_t len, CURLcode *err) |
666 | { |
667 | struct connectdata *conn = data->conn; |
668 | curl_socket_t fd = conn->sock[sockindex]; |
669 | *err = CURLE_OK; |
670 | return sec_write(data, conn, fd, buffer, len); |
671 | } |
672 | |
673 | int Curl_sec_read_msg(struct Curl_easy *data, struct connectdata *conn, |
674 | char *buffer, enum protection_level level) |
675 | { |
676 | /* decoded_len should be size_t or ssize_t but conn->mech->decode returns an |
677 | int */ |
678 | int decoded_len; |
679 | char *buf; |
680 | int ret_code = 0; |
681 | size_t decoded_sz = 0; |
682 | CURLcode error; |
683 | |
684 | (void) data; |
685 | |
686 | if(!conn->mech) |
687 | /* not initialized, return error */ |
688 | return -1; |
689 | |
690 | DEBUGASSERT(level > PROT_NONE && level < PROT_LAST); |
691 | |
692 | error = Curl_base64_decode(buffer + 4, (unsigned char **)&buf, &decoded_sz); |
693 | if(error || decoded_sz == 0) |
694 | return -1; |
695 | |
696 | if(decoded_sz > (size_t)INT_MAX) { |
697 | free(buf); |
698 | return -1; |
699 | } |
700 | decoded_len = curlx_uztosi(decoded_sz); |
701 | |
702 | decoded_len = conn->mech->decode(conn->app_data, buf, decoded_len, |
703 | level, conn); |
704 | if(decoded_len <= 0) { |
705 | free(buf); |
706 | return -1; |
707 | } |
708 | |
709 | { |
710 | buf[decoded_len] = '\n'; |
711 | Curl_debug(data, CURLINFO_HEADER_IN, buf, decoded_len + 1); |
712 | } |
713 | |
714 | buf[decoded_len] = '\0'; |
715 | if(decoded_len <= 3) |
716 | /* suspiciously short */ |
717 | return 0; |
718 | |
719 | if(buf[3] != '-') |
720 | /* safe to ignore return code */ |
721 | (void)sscanf(buf, "%d" , &ret_code); |
722 | |
723 | if(buf[decoded_len - 1] == '\n') |
724 | buf[decoded_len - 1] = '\0'; |
725 | strcpy(buffer, buf); |
726 | free(buf); |
727 | return ret_code; |
728 | } |
729 | |
730 | static int sec_set_protection_level(struct Curl_easy *data) |
731 | { |
732 | int code; |
733 | struct connectdata *conn = data->conn; |
734 | enum protection_level level = conn->request_data_prot; |
735 | |
736 | DEBUGASSERT(level > PROT_NONE && level < PROT_LAST); |
737 | |
738 | if(!conn->sec_complete) { |
739 | infof(data, "Trying to change the protection level after the" |
740 | " completion of the data exchange." ); |
741 | return -1; |
742 | } |
743 | |
744 | /* Bail out if we try to set up the same level */ |
745 | if(conn->data_prot == level) |
746 | return 0; |
747 | |
748 | if(level) { |
749 | char *pbsz; |
750 | unsigned int buffer_size = 1 << 20; /* 1048576 */ |
751 | |
752 | code = ftp_send_command(data, "PBSZ %u" , buffer_size); |
753 | if(code < 0) |
754 | return -1; |
755 | |
756 | if(code/100 != 2) { |
757 | failf(data, "Failed to set the protection's buffer size." ); |
758 | return -1; |
759 | } |
760 | conn->buffer_size = buffer_size; |
761 | |
762 | pbsz = strstr(data->state.buffer, "PBSZ=" ); |
763 | if(pbsz) { |
764 | /* ignore return code, use default value if it fails */ |
765 | (void)sscanf(pbsz, "PBSZ=%u" , &buffer_size); |
766 | if(buffer_size < conn->buffer_size) |
767 | conn->buffer_size = buffer_size; |
768 | } |
769 | } |
770 | |
771 | /* Now try to negotiate the protection level. */ |
772 | code = ftp_send_command(data, "PROT %c" , level_to_char(level)); |
773 | |
774 | if(code < 0) |
775 | return -1; |
776 | |
777 | if(code/100 != 2) { |
778 | failf(data, "Failed to set the protection level." ); |
779 | return -1; |
780 | } |
781 | |
782 | conn->data_prot = level; |
783 | if(level == PROT_PRIVATE) |
784 | conn->command_prot = level; |
785 | |
786 | return 0; |
787 | } |
788 | |
789 | int |
790 | Curl_sec_request_prot(struct connectdata *conn, const char *level) |
791 | { |
792 | enum protection_level l = name_to_level(level); |
793 | if(l == PROT_NONE) |
794 | return -1; |
795 | DEBUGASSERT(l > PROT_NONE && l < PROT_LAST); |
796 | conn->request_data_prot = l; |
797 | return 0; |
798 | } |
799 | |
800 | static CURLcode choose_mech(struct Curl_easy *data, struct connectdata *conn) |
801 | { |
802 | int ret; |
803 | void *tmp_allocation; |
804 | const struct Curl_sec_client_mech *mech = &Curl_krb5_client_mech; |
805 | |
806 | tmp_allocation = realloc(conn->app_data, mech->size); |
807 | if(!tmp_allocation) { |
808 | failf(data, "Failed realloc of size %zu" , mech->size); |
809 | mech = NULL; |
810 | return CURLE_OUT_OF_MEMORY; |
811 | } |
812 | conn->app_data = tmp_allocation; |
813 | |
814 | if(mech->init) { |
815 | ret = mech->init(conn->app_data); |
816 | if(ret) { |
817 | infof(data, "Failed initialization for %s. Skipping it." , |
818 | mech->name); |
819 | return CURLE_FAILED_INIT; |
820 | } |
821 | } |
822 | |
823 | infof(data, "Trying mechanism %s..." , mech->name); |
824 | ret = ftp_send_command(data, "AUTH %s" , mech->name); |
825 | if(ret < 0) |
826 | return CURLE_COULDNT_CONNECT; |
827 | |
828 | if(ret/100 != 3) { |
829 | switch(ret) { |
830 | case 504: |
831 | infof(data, "Mechanism %s is not supported by the server (server " |
832 | "returned ftp code: 504)." , mech->name); |
833 | break; |
834 | case 534: |
835 | infof(data, "Mechanism %s was rejected by the server (server returned " |
836 | "ftp code: 534)." , mech->name); |
837 | break; |
838 | default: |
839 | if(ret/100 == 5) { |
840 | infof(data, "server does not support the security extensions" ); |
841 | return CURLE_USE_SSL_FAILED; |
842 | } |
843 | break; |
844 | } |
845 | return CURLE_LOGIN_DENIED; |
846 | } |
847 | |
848 | /* Authenticate */ |
849 | ret = mech->auth(conn->app_data, data, conn); |
850 | |
851 | if(ret != AUTH_CONTINUE) { |
852 | if(ret != AUTH_OK) { |
853 | /* Mechanism has dumped the error to stderr, don't error here. */ |
854 | return CURLE_USE_SSL_FAILED; |
855 | } |
856 | DEBUGASSERT(ret == AUTH_OK); |
857 | |
858 | conn->mech = mech; |
859 | conn->sec_complete = 1; |
860 | conn->recv[FIRSTSOCKET] = sec_recv; |
861 | conn->send[FIRSTSOCKET] = sec_send; |
862 | conn->recv[SECONDARYSOCKET] = sec_recv; |
863 | conn->send[SECONDARYSOCKET] = sec_send; |
864 | conn->command_prot = PROT_SAFE; |
865 | /* Set the requested protection level */ |
866 | /* BLOCKING */ |
867 | (void)sec_set_protection_level(data); |
868 | } |
869 | |
870 | return CURLE_OK; |
871 | } |
872 | |
873 | CURLcode |
874 | Curl_sec_login(struct Curl_easy *data, struct connectdata *conn) |
875 | { |
876 | return choose_mech(data, conn); |
877 | } |
878 | |
879 | |
880 | void |
881 | Curl_sec_end(struct connectdata *conn) |
882 | { |
883 | if(conn->mech && conn->mech->end) |
884 | conn->mech->end(conn->app_data); |
885 | free(conn->app_data); |
886 | conn->app_data = NULL; |
887 | if(conn->in_buffer.data) { |
888 | free(conn->in_buffer.data); |
889 | conn->in_buffer.data = NULL; |
890 | conn->in_buffer.size = 0; |
891 | conn->in_buffer.index = 0; |
892 | conn->in_buffer.eof_flag = 0; |
893 | } |
894 | conn->sec_complete = 0; |
895 | conn->data_prot = PROT_CLEAR; |
896 | conn->mech = NULL; |
897 | } |
898 | |
899 | #endif /* HAVE_GSSAPI && !CURL_DISABLE_FTP */ |
900 | |