Commit 3484aeb5 authored by David Woodhouse's avatar David Woodhouse

Add unused http_auth states, add proxy argument to authorization methods

Signed-off-by: default avatarDavid Woodhouse <David.Woodhouse@intel.com>
parent 16059d54
......@@ -78,7 +78,8 @@ static void buf_append_md5(struct oc_text_buf *buf, void *data, int len)
buf_append(buf, "%02x", md5[i]);
}
int digest_authorization(struct openconnect_info *vpninfo, struct http_auth_state *auth_state,
int digest_authorization(struct openconnect_info *vpninfo, int proxy,
struct http_auth_state *auth_state,
struct oc_text_buf *hdrbuf)
{
char *chall;
......
......@@ -80,7 +80,7 @@ static int gssapi_setup(struct openconnect_info *vpninfo, const char *service)
#define GSSAPI_CONTINUE 2
#define GSSAPI_COMPLETE 3
int gssapi_authorization(struct openconnect_info *vpninfo,
int gssapi_authorization(struct openconnect_info *vpninfo, int proxy,
struct http_auth_state *auth_state,
struct oc_text_buf *hdrbuf)
{
......
......@@ -1376,7 +1376,7 @@ void buf_append_base64(struct oc_text_buf *buf, const void *bytes, int len)
buf->data[buf->pos] = 0;
}
static int basic_authorization(struct openconnect_info *vpninfo,
static int basic_authorization(struct openconnect_info *vpninfo, int proxy,
struct http_auth_state *auth_state,
struct oc_text_buf *hdrbuf)
{
......@@ -1430,7 +1430,7 @@ static int no_gssapi_authorization(struct openconnect_info *vpninfo,
struct auth_method {
int state_index;
const char *name;
int (*authorization)(struct openconnect_info *, struct http_auth_state *, struct oc_text_buf *);
int (*authorization)(struct openconnect_info *, int, struct http_auth_state *, struct oc_text_buf *);
void (*cleanup)(struct openconnect_info *);
} auth_methods[] = {
#if defined(HAVE_GSSAPI) || defined(_WIN32)
......@@ -1445,15 +1445,20 @@ struct auth_method {
};
/* Generate Proxy-Authorization: header for request if appropriate */
static int proxy_authorization(struct openconnect_info *vpninfo, struct oc_text_buf *buf)
static int gen_authorization_hdr(struct openconnect_info *vpninfo, int proxy,
struct oc_text_buf *buf)
{
int ret;
int i;
for (i = 0; i < sizeof(auth_methods) / sizeof(auth_methods[0]); i++) {
struct http_auth_state *auth_state = &vpninfo->proxy_auth[auth_methods[i].state_index];
struct http_auth_state *auth_state;
if (proxy)
auth_state = &vpninfo->proxy_auth[auth_methods[i].state_index];
else
auth_state = &vpninfo->http_auth[auth_methods[i].state_index];
if (auth_state->state > AUTH_UNSEEN) {
ret = auth_methods[i].authorization(vpninfo, auth_state, buf);
ret = auth_methods[i].authorization(vpninfo, proxy, auth_state, buf);
if (ret == -EAGAIN || !ret)
return ret;
}
......@@ -1557,7 +1562,7 @@ static int process_http_proxy(struct openconnect_info *vpninfo)
if (auth) {
int i;
result = proxy_authorization(vpninfo, reqbuf);
result = gen_authorization_hdr(vpninfo, 1, reqbuf);
if (result) {
buf_free(reqbuf);
return result;
......
......@@ -962,7 +962,7 @@ static int ntlm_manual_challenge(struct openconnect_info *vpninfo,
return 0;
}
int ntlm_authorization(struct openconnect_info *vpninfo,
int ntlm_authorization(struct openconnect_info *vpninfo, int proxy,
struct http_auth_state *auth_state, struct oc_text_buf *buf)
{
if (auth_state->state == AUTH_AVAILABLE) {
......
......@@ -351,6 +351,8 @@ struct openconnect_info {
char *proxy_user;
char *proxy_pass;
int proxy_close_during_auth;
int http_close_during_auth;
struct http_auth_state http_auth[MAX_AUTH_TYPES];
struct http_auth_state proxy_auth[MAX_AUTH_TYPES];
#ifdef HAVE_GSSAPI
gss_name_t gss_target_name;
......@@ -946,16 +948,16 @@ int handle_redirect(struct openconnect_info *vpninfo);
void http_common_headers(struct openconnect_info *vpninfo, struct oc_text_buf *buf);
/* ntlm.c */
int ntlm_authorization(struct openconnect_info *vpninfo, struct http_auth_state *auth_state, struct oc_text_buf *buf);
int ntlm_authorization(struct openconnect_info *vpninfo, int proxy, struct http_auth_state *auth_state, struct oc_text_buf *buf);
void cleanup_ntlm_auth(struct openconnect_info *vpninfo);
/* gssapi.c */
int gssapi_authorization(struct openconnect_info *vpninfo, struct http_auth_state *auth_state, struct oc_text_buf *buf);
int gssapi_authorization(struct openconnect_info *vpninfo, int proxy, struct http_auth_state *auth_state, struct oc_text_buf *buf);
void cleanup_gssapi_auth(struct openconnect_info *vpninfo);
int socks_gssapi_auth(struct openconnect_info *vpninfo);
/* digest.c */
int digest_authorization(struct openconnect_info *vpninfo, struct http_auth_state *auth_state, struct oc_text_buf *buf);
int digest_authorization(struct openconnect_info *vpninfo, int proxy, struct http_auth_state *auth_state, struct oc_text_buf *buf);
/* library.c */
void nuke_opt_values(struct oc_form_opt *opt);
......
......@@ -54,8 +54,8 @@ static int sspi_setup(struct openconnect_info *vpninfo, const char *service)
return 0;
}
int gssapi_authorization(struct openconnect_info *vpninfo, struct http_auth_state *auth_state,
struct oc_text_buf *hdrbuf)
int gssapi_authorization(struct openconnect_info *vpninfo, int proxy,
struct http_auth_state *auth_state, struct oc_text_buf *hdrbuf)
{
SECURITY_STATUS status;
SecBufferDesc input_desc, output_desc;
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment