Commit e33b27be authored by David Woodhouse's avatar David Woodhouse

Add shell of Digest auth

Signed-off-by: default avatarDavid Woodhouse <David.Woodhouse@intel.com>
parent a9d36c44
......@@ -19,7 +19,7 @@ openconnect_CFLAGS = $(AM_CFLAGS) $(SSL_CFLAGS) $(DTLS_SSL_CFLAGS) $(LIBXML2_CFL
openconnect_LDADD = libopenconnect.la $(LIBXML2_LIBS) $(LIBPROXY_LIBS) $(LIBINTL)
library_srcs = ssl.c http.c auth.c library.c compat.c dtls.c cstp.c \
mainloop.c script.c ntlm.c
mainloop.c script.c ntlm.c digest.c
if OPENCONNECT_GSSAPI
library_srcs += gssapi.c
endif
......
/*
* OpenConnect (SSL + DTLS) VPN client
*
* Copyright © 2008-2014 Intel Corporation.
*
* Author: David Woodhouse <dwmw2@infradead.org>
*
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU Lesser General Public License
* version 2.1, as published by the Free Software Foundation.
*
* This program is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* Lesser General Public License for more details.
*/
#include <errno.h>
#include <string.h>
#include "openconnect-internal.h"
int digest_authorization(struct openconnect_info *vpninfo, struct oc_text_buf *hdrbuf)
{
vpn_progress(vpninfo, PRG_INFO,
_("Attempting Digest authentication to proxy\n"));
return -EIO;
}
void cleanup_digest_auth(struct openconnect_info *vpninfo)
{
}
......@@ -1667,6 +1667,10 @@ static int proxy_authorization(struct openconnect_info *vpninfo, struct oc_text_
!ntlm_authorization(vpninfo, buf))
return 0;
if (vpninfo->digest_auth.state > AUTH_UNSEEN &&
!digest_authorization(vpninfo, buf))
return 0;
if (vpninfo->basic_auth.state == AUTH_AVAILABLE &&
vpninfo->proxy_user && vpninfo->proxy_pass) {
char *p = vpninfo->proxy_user;
......@@ -1744,6 +1748,7 @@ static int proxy_hdrs(struct openconnect_info *vpninfo, char *hdr, char *val)
handle_auth_proto(vpninfo, &vpninfo->basic_auth, "Basic", val);
handle_auth_proto(vpninfo, &vpninfo->ntlm_auth, "NTLM", val);
handle_auth_proto(vpninfo, &vpninfo->gssapi_auth, "Negotiate", val);
handle_auth_proto(vpninfo, &vpninfo->digest_auth, "Digest", val);
return 0;
}
......@@ -1795,6 +1800,7 @@ static int process_http_proxy(struct openconnect_info *vpninfo)
clear_auth_state(&vpninfo->basic_auth, 0);
clear_auth_state(&vpninfo->ntlm_auth, 0);
clear_auth_state(&vpninfo->gssapi_auth, 0);
clear_auth_state(&vpninfo->digest_auth, 0);
}
buf_append(reqbuf, "\r\n");
......@@ -1869,6 +1875,7 @@ int process_proxy(struct openconnect_info *vpninfo, int ssl_sock)
cleanup_gssapi_auth(vpninfo);
#endif
clear_auth_state(&vpninfo->gssapi_auth, 1);
clear_auth_state(&vpninfo->digest_auth, 1);
return ret;
}
......
......@@ -195,6 +195,7 @@ struct openconnect_info {
struct proxy_auth_state basic_auth;
struct proxy_auth_state ntlm_auth;
struct proxy_auth_state gssapi_auth;
struct proxy_auth_state digest_auth;
#ifdef HAVE_GSSAPI
gss_name_t gss_target_name;
gss_ctx_id_t gss_context;
......@@ -594,6 +595,10 @@ int ntlm_authorization(struct openconnect_info *vpninfo, struct oc_text_buf *buf
int gssapi_authorization(struct openconnect_info *vpninfo, struct oc_text_buf *buf);
void cleanup_gssapi_auth(struct openconnect_info *vpninfo);
/* digest.c */
int digest_authorization(struct openconnect_info *vpninfo, struct oc_text_buf *buf);
void cleanup_digest_auth(struct openconnect_info *vpninfo);
/* ssl_ui.c */
int set_openssl_ui(void);
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment