Skip to content

Commit

Permalink
Browse files Browse the repository at this point in the history
Add shell of Digest auth
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
  • Loading branch information
David Woodhouse authored and David Woodhouse committed Jun 20, 2014
1 parent a9d36c4 commit e33b27b
Show file tree
Hide file tree
Showing 4 changed files with 46 additions and 1 deletion.
2 changes: 1 addition & 1 deletion Makefile.am
Expand Up @@ -19,7 +19,7 @@ openconnect_CFLAGS = $(AM_CFLAGS) $(SSL_CFLAGS) $(DTLS_SSL_CFLAGS) $(LIBXML2_CFL
openconnect_LDADD = libopenconnect.la $(LIBXML2_LIBS) $(LIBPROXY_LIBS) $(LIBINTL)

library_srcs = ssl.c http.c auth.c library.c compat.c dtls.c cstp.c \
mainloop.c script.c ntlm.c
mainloop.c script.c ntlm.c digest.c
if OPENCONNECT_GSSAPI
library_srcs += gssapi.c
endif
Expand Down
33 changes: 33 additions & 0 deletions digest.c
@@ -0,0 +1,33 @@
/*
* OpenConnect (SSL + DTLS) VPN client
*
* Copyright © 2008-2014 Intel Corporation.
*
* Author: David Woodhouse <dwmw2@infradead.org>
*
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU Lesser General Public License
* version 2.1, as published by the Free Software Foundation.
*
* This program is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* Lesser General Public License for more details.
*/

#include <errno.h>
#include <string.h>

#include "openconnect-internal.h"


int digest_authorization(struct openconnect_info *vpninfo, struct oc_text_buf *hdrbuf)
{
vpn_progress(vpninfo, PRG_INFO,
_("Attempting Digest authentication to proxy\n"));
return -EIO;
}

void cleanup_digest_auth(struct openconnect_info *vpninfo)
{
}
7 changes: 7 additions & 0 deletions http.c
Expand Up @@ -1667,6 +1667,10 @@ static int proxy_authorization(struct openconnect_info *vpninfo, struct oc_text_
!ntlm_authorization(vpninfo, buf))
return 0;

if (vpninfo->digest_auth.state > AUTH_UNSEEN &&
!digest_authorization(vpninfo, buf))
return 0;

if (vpninfo->basic_auth.state == AUTH_AVAILABLE &&
vpninfo->proxy_user && vpninfo->proxy_pass) {
char *p = vpninfo->proxy_user;
Expand Down Expand Up @@ -1744,6 +1748,7 @@ static int proxy_hdrs(struct openconnect_info *vpninfo, char *hdr, char *val)
handle_auth_proto(vpninfo, &vpninfo->basic_auth, "Basic", val);
handle_auth_proto(vpninfo, &vpninfo->ntlm_auth, "NTLM", val);
handle_auth_proto(vpninfo, &vpninfo->gssapi_auth, "Negotiate", val);
handle_auth_proto(vpninfo, &vpninfo->digest_auth, "Digest", val);

return 0;
}
Expand Down Expand Up @@ -1795,6 +1800,7 @@ static int process_http_proxy(struct openconnect_info *vpninfo)
clear_auth_state(&vpninfo->basic_auth, 0);
clear_auth_state(&vpninfo->ntlm_auth, 0);
clear_auth_state(&vpninfo->gssapi_auth, 0);
clear_auth_state(&vpninfo->digest_auth, 0);
}
buf_append(reqbuf, "\r\n");

Expand Down Expand Up @@ -1869,6 +1875,7 @@ int process_proxy(struct openconnect_info *vpninfo, int ssl_sock)
cleanup_gssapi_auth(vpninfo);
#endif
clear_auth_state(&vpninfo->gssapi_auth, 1);
clear_auth_state(&vpninfo->digest_auth, 1);
return ret;
}

Expand Down
5 changes: 5 additions & 0 deletions openconnect-internal.h
Expand Up @@ -195,6 +195,7 @@ struct openconnect_info {
struct proxy_auth_state basic_auth;
struct proxy_auth_state ntlm_auth;
struct proxy_auth_state gssapi_auth;
struct proxy_auth_state digest_auth;
#ifdef HAVE_GSSAPI
gss_name_t gss_target_name;
gss_ctx_id_t gss_context;
Expand Down Expand Up @@ -594,6 +595,10 @@ int ntlm_authorization(struct openconnect_info *vpninfo, struct oc_text_buf *buf
int gssapi_authorization(struct openconnect_info *vpninfo, struct oc_text_buf *buf);
void cleanup_gssapi_auth(struct openconnect_info *vpninfo);

/* digest.c */
int digest_authorization(struct openconnect_info *vpninfo, struct oc_text_buf *buf);
void cleanup_digest_auth(struct openconnect_info *vpninfo);

/* ssl_ui.c */
int set_openssl_ui(void);

Expand Down

0 comments on commit e33b27b

Please sign in to comment.