diff --git a/Makefile.am b/Makefile.am index 99efdf18..2b57b14d 100644 --- a/Makefile.am +++ b/Makefile.am @@ -19,7 +19,7 @@ openconnect_CFLAGS = $(AM_CFLAGS) $(SSL_CFLAGS) $(DTLS_SSL_CFLAGS) $(LIBXML2_CFL openconnect_LDADD = libopenconnect.la $(LIBXML2_LIBS) $(LIBPROXY_LIBS) $(LIBINTL) library_srcs = ssl.c http.c auth.c library.c compat.c dtls.c cstp.c \ - mainloop.c script.c ntlm.c + mainloop.c script.c ntlm.c digest.c if OPENCONNECT_GSSAPI library_srcs += gssapi.c endif diff --git a/digest.c b/digest.c new file mode 100644 index 00000000..fa29cc45 --- /dev/null +++ b/digest.c @@ -0,0 +1,33 @@ +/* + * OpenConnect (SSL + DTLS) VPN client + * + * Copyright © 2008-2014 Intel Corporation. + * + * Author: David Woodhouse + * + * This program is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public License + * version 2.1, as published by the Free Software Foundation. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + */ + +#include +#include + +#include "openconnect-internal.h" + + +int digest_authorization(struct openconnect_info *vpninfo, struct oc_text_buf *hdrbuf) +{ + vpn_progress(vpninfo, PRG_INFO, + _("Attempting Digest authentication to proxy\n")); + return -EIO; +} + +void cleanup_digest_auth(struct openconnect_info *vpninfo) +{ +} diff --git a/http.c b/http.c index 5a61eb5b..b97e17b6 100644 --- a/http.c +++ b/http.c @@ -1667,6 +1667,10 @@ static int proxy_authorization(struct openconnect_info *vpninfo, struct oc_text_ !ntlm_authorization(vpninfo, buf)) return 0; + if (vpninfo->digest_auth.state > AUTH_UNSEEN && + !digest_authorization(vpninfo, buf)) + return 0; + if (vpninfo->basic_auth.state == AUTH_AVAILABLE && vpninfo->proxy_user && vpninfo->proxy_pass) { char *p = vpninfo->proxy_user; @@ -1744,6 +1748,7 @@ static int proxy_hdrs(struct openconnect_info *vpninfo, char *hdr, char *val) handle_auth_proto(vpninfo, &vpninfo->basic_auth, "Basic", val); handle_auth_proto(vpninfo, &vpninfo->ntlm_auth, "NTLM", val); handle_auth_proto(vpninfo, &vpninfo->gssapi_auth, "Negotiate", val); + handle_auth_proto(vpninfo, &vpninfo->digest_auth, "Digest", val); return 0; } @@ -1795,6 +1800,7 @@ static int process_http_proxy(struct openconnect_info *vpninfo) clear_auth_state(&vpninfo->basic_auth, 0); clear_auth_state(&vpninfo->ntlm_auth, 0); clear_auth_state(&vpninfo->gssapi_auth, 0); + clear_auth_state(&vpninfo->digest_auth, 0); } buf_append(reqbuf, "\r\n"); @@ -1869,6 +1875,7 @@ int process_proxy(struct openconnect_info *vpninfo, int ssl_sock) cleanup_gssapi_auth(vpninfo); #endif clear_auth_state(&vpninfo->gssapi_auth, 1); + clear_auth_state(&vpninfo->digest_auth, 1); return ret; } diff --git a/openconnect-internal.h b/openconnect-internal.h index f7ac7b11..46e7bc40 100644 --- a/openconnect-internal.h +++ b/openconnect-internal.h @@ -195,6 +195,7 @@ struct openconnect_info { struct proxy_auth_state basic_auth; struct proxy_auth_state ntlm_auth; struct proxy_auth_state gssapi_auth; + struct proxy_auth_state digest_auth; #ifdef HAVE_GSSAPI gss_name_t gss_target_name; gss_ctx_id_t gss_context; @@ -594,6 +595,10 @@ int ntlm_authorization(struct openconnect_info *vpninfo, struct oc_text_buf *buf int gssapi_authorization(struct openconnect_info *vpninfo, struct oc_text_buf *buf); void cleanup_gssapi_auth(struct openconnect_info *vpninfo); +/* digest.c */ +int digest_authorization(struct openconnect_info *vpninfo, struct oc_text_buf *buf); +void cleanup_digest_auth(struct openconnect_info *vpninfo); + /* ssl_ui.c */ int set_openssl_ui(void);