From 3484aeb5b3477e55485d7d99ded908ac242e8a70 Mon Sep 17 00:00:00 2001 From: David Woodhouse Date: Thu, 19 Feb 2015 19:50:33 +0000 Subject: [PATCH] Add unused http_auth states, add proxy argument to authorization methods Signed-off-by: David Woodhouse --- digest.c | 3 ++- gssapi.c | 2 +- http.c | 17 +++++++++++------ ntlm.c | 2 +- openconnect-internal.h | 8 +++++--- sspi.c | 4 ++-- 6 files changed, 22 insertions(+), 14 deletions(-) diff --git a/digest.c b/digest.c index 69c0661a..677f52ab 100644 --- a/digest.c +++ b/digest.c @@ -78,7 +78,8 @@ static void buf_append_md5(struct oc_text_buf *buf, void *data, int len) buf_append(buf, "%02x", md5[i]); } -int digest_authorization(struct openconnect_info *vpninfo, struct http_auth_state *auth_state, +int digest_authorization(struct openconnect_info *vpninfo, int proxy, + struct http_auth_state *auth_state, struct oc_text_buf *hdrbuf) { char *chall; diff --git a/gssapi.c b/gssapi.c index b0dfff70..87572ba9 100644 --- a/gssapi.c +++ b/gssapi.c @@ -80,7 +80,7 @@ static int gssapi_setup(struct openconnect_info *vpninfo, const char *service) #define GSSAPI_CONTINUE 2 #define GSSAPI_COMPLETE 3 -int gssapi_authorization(struct openconnect_info *vpninfo, +int gssapi_authorization(struct openconnect_info *vpninfo, int proxy, struct http_auth_state *auth_state, struct oc_text_buf *hdrbuf) { diff --git a/http.c b/http.c index 9de35504..80444e8e 100644 --- a/http.c +++ b/http.c @@ -1376,7 +1376,7 @@ void buf_append_base64(struct oc_text_buf *buf, const void *bytes, int len) buf->data[buf->pos] = 0; } -static int basic_authorization(struct openconnect_info *vpninfo, +static int basic_authorization(struct openconnect_info *vpninfo, int proxy, struct http_auth_state *auth_state, struct oc_text_buf *hdrbuf) { @@ -1430,7 +1430,7 @@ static int no_gssapi_authorization(struct openconnect_info *vpninfo, struct auth_method { int state_index; const char *name; - int (*authorization)(struct openconnect_info *, struct http_auth_state *, struct oc_text_buf *); + int (*authorization)(struct openconnect_info *, int, struct http_auth_state *, struct oc_text_buf *); void (*cleanup)(struct openconnect_info *); } auth_methods[] = { #if defined(HAVE_GSSAPI) || defined(_WIN32) @@ -1445,15 +1445,20 @@ struct auth_method { }; /* Generate Proxy-Authorization: header for request if appropriate */ -static int proxy_authorization(struct openconnect_info *vpninfo, struct oc_text_buf *buf) +static int gen_authorization_hdr(struct openconnect_info *vpninfo, int proxy, + struct oc_text_buf *buf) { int ret; int i; for (i = 0; i < sizeof(auth_methods) / sizeof(auth_methods[0]); i++) { - struct http_auth_state *auth_state = &vpninfo->proxy_auth[auth_methods[i].state_index]; + struct http_auth_state *auth_state; + if (proxy) + auth_state = &vpninfo->proxy_auth[auth_methods[i].state_index]; + else + auth_state = &vpninfo->http_auth[auth_methods[i].state_index]; if (auth_state->state > AUTH_UNSEEN) { - ret = auth_methods[i].authorization(vpninfo, auth_state, buf); + ret = auth_methods[i].authorization(vpninfo, proxy, auth_state, buf); if (ret == -EAGAIN || !ret) return ret; } @@ -1557,7 +1562,7 @@ static int process_http_proxy(struct openconnect_info *vpninfo) if (auth) { int i; - result = proxy_authorization(vpninfo, reqbuf); + result = gen_authorization_hdr(vpninfo, 1, reqbuf); if (result) { buf_free(reqbuf); return result; diff --git a/ntlm.c b/ntlm.c index 6c937f74..11a703c0 100644 --- a/ntlm.c +++ b/ntlm.c @@ -962,7 +962,7 @@ static int ntlm_manual_challenge(struct openconnect_info *vpninfo, return 0; } -int ntlm_authorization(struct openconnect_info *vpninfo, +int ntlm_authorization(struct openconnect_info *vpninfo, int proxy, struct http_auth_state *auth_state, struct oc_text_buf *buf) { if (auth_state->state == AUTH_AVAILABLE) { diff --git a/openconnect-internal.h b/openconnect-internal.h index 83e80710..155b947f 100644 --- a/openconnect-internal.h +++ b/openconnect-internal.h @@ -351,6 +351,8 @@ struct openconnect_info { char *proxy_user; char *proxy_pass; int proxy_close_during_auth; + int http_close_during_auth; + struct http_auth_state http_auth[MAX_AUTH_TYPES]; struct http_auth_state proxy_auth[MAX_AUTH_TYPES]; #ifdef HAVE_GSSAPI gss_name_t gss_target_name; @@ -946,16 +948,16 @@ int handle_redirect(struct openconnect_info *vpninfo); void http_common_headers(struct openconnect_info *vpninfo, struct oc_text_buf *buf); /* ntlm.c */ -int ntlm_authorization(struct openconnect_info *vpninfo, struct http_auth_state *auth_state, struct oc_text_buf *buf); +int ntlm_authorization(struct openconnect_info *vpninfo, int proxy, struct http_auth_state *auth_state, struct oc_text_buf *buf); void cleanup_ntlm_auth(struct openconnect_info *vpninfo); /* gssapi.c */ -int gssapi_authorization(struct openconnect_info *vpninfo, struct http_auth_state *auth_state, struct oc_text_buf *buf); +int gssapi_authorization(struct openconnect_info *vpninfo, int proxy, struct http_auth_state *auth_state, struct oc_text_buf *buf); void cleanup_gssapi_auth(struct openconnect_info *vpninfo); int socks_gssapi_auth(struct openconnect_info *vpninfo); /* digest.c */ -int digest_authorization(struct openconnect_info *vpninfo, struct http_auth_state *auth_state, struct oc_text_buf *buf); +int digest_authorization(struct openconnect_info *vpninfo, int proxy, struct http_auth_state *auth_state, struct oc_text_buf *buf); /* library.c */ void nuke_opt_values(struct oc_form_opt *opt); diff --git a/sspi.c b/sspi.c index 643af60a..773ede7a 100644 --- a/sspi.c +++ b/sspi.c @@ -54,8 +54,8 @@ static int sspi_setup(struct openconnect_info *vpninfo, const char *service) return 0; } -int gssapi_authorization(struct openconnect_info *vpninfo, struct http_auth_state *auth_state, - struct oc_text_buf *hdrbuf) +int gssapi_authorization(struct openconnect_info *vpninfo, int proxy, + struct http_auth_state *auth_state, struct oc_text_buf *hdrbuf) { SECURITY_STATUS status; SecBufferDesc input_desc, output_desc;