1
0
mirror of https://github.com/rkd77/elinks.git synced 2024-06-20 00:15:31 +00:00

Support for negotiate-auth, using GSSAPI. It makes possible to

authenticate users by Kerberos. Patch by Karel Zak.
This commit is contained in:
Laurent MONIN 2006-06-14 14:41:59 +02:00 committed by Laurent MONIN
parent 5f4f4f770b
commit 4b04a25b32
6 changed files with 95 additions and 17 deletions

View File

@ -158,6 +158,7 @@ CONFIG_SYSMOUSE = @CONFIG_SYSMOUSE@
CONFIG_URI_REWRITE = @CONFIG_URI_REWRITE@
CONFIG_XBEL_BOOKMARKS = @CONFIG_XBEL_BOOKMARKS@
CONFIG_XMLTO = @CONFIG_XMLTO@
CONFIG_GSSAPI = @CONFIG_GSSAPI@
DEFS = @DEFS@
CFLAGS = @CFLAGS@

View File

@ -452,6 +452,30 @@ fi
EL_ARG_ENABLE(CONFIG_LZMA, lzma, [lzma],
[ --enable-lzma enable lzma encoding support])
dnl ===================================================================
dnl Check for GSSAPI, optional even if installed.
dnl ===================================================================
enable_gssapi="no";
AC_ARG_WITH(gssapi, [ --with-gssapi enable GSSAPI support],
[ if test "x$withval" != xno; then enable_gssapi=yes; fi ])
AC_MSG_CHECKING([for GSSAPI])
if test "$enable_gssapi" = "yes"; then
AC_MSG_RESULT(yes)
GSSAPI_CFLAGS=`krb5-config --cflags gssapi`
GSSAPI_LIBS=`krb5-config --libs gssapi`
CFLAGS="$GSSAPI_CFLAGS $CFLAGS"
LIBS="$GSSAPI_LIBS $LIBS"
EL_CONFIG(CONFIG_GSSAPI, [GssApi])
else
AC_MSG_RESULT(no)
fi
AC_SUBST(CONFIG_GSSAPI)
dnl ===================================================================
dnl Bookmark and XBEL support
dnl ===================================================================

View File

@ -1,6 +1,8 @@
top_builddir=../../..
include $(top_builddir)/Makefile.config
OBJS-$(CONFIG_GSSAPI) += http_negotiate.o
OBJS = blacklist.o codes.o http.o
include $(top_srcdir)/Makefile.lib

View File

@ -47,6 +47,9 @@
#include "util/memory.h"
#include "util/string.h"
#ifdef CONFIG_GSSAPI
#include "http_negotiate.h"
#endif
struct http_version {
int major;
@ -549,7 +552,7 @@ http_send_header(struct socket *socket)
int trace = get_opt_bool("protocol.http.trace");
struct string header;
unsigned char *post_data = NULL;
struct auth_entry *entry;
struct auth_entry *entry = NULL;
struct uri *uri = conn->proxied_uri; /* Set to the real uri */
unsigned char *optstr;
int use_connect, talking_to_proxy;
@ -806,7 +809,11 @@ http_send_header(struct socket *socket)
add_crlf_to_string(&header);
}
entry = find_auth(uri);
#ifdef CONFIG_GSSAPI
if (http_negotiate_output(uri, &header) != 0)
#endif
entry = find_auth(uri);
if (entry) {
if (entry->digest) {
unsigned char *response;
@ -1325,12 +1332,13 @@ get_header(struct read_buffer *rb)
return 0;
}
static void
check_http_authentication(struct uri *uri, unsigned char *header,
unsigned char *header_field)
/* returns 1 if we need retry the connection (for negotiate-auth only) */
static int
check_http_authentication(struct connection *conn, struct uri *uri,
unsigned char *header, unsigned char *header_field)
{
unsigned char *str, *d;
int ret = 0;
d = parse_header(header, header_field, &str);
while (d) {
@ -1356,10 +1364,24 @@ check_http_authentication(struct uri *uri, unsigned char *header,
mem_free(d);
break;
}
#ifdef CONFIG_GSSAPI
else if (!strncasecmp(d, HTTPNEG_GSS_STR, HTTPNEG_GSS_STRLEN)) {
if (http_negotiate_input(conn, uri, HTTPNEG_GSS, str)==0)
ret = 1;
mem_free(d);
break;
}
else if (!strncasecmp(d, HTTPNEG_NEG_STR, HTTPNEG_NEG_STRLEN)) {
if (http_negotiate_input(conn, uri, HTTPNEG_NEG, str)==0)
ret = 1;
mem_free(d);
break;
}
#endif
mem_free(d);
d = parse_header(str, header_field, &str);
}
return ret;
}
@ -1586,11 +1608,13 @@ again:
}
if (h == 401) {
unsigned char *head = conn->cached->head;
check_http_authentication(uri, head, "WWW-Authenticate");
if (check_http_authentication(conn, uri,
conn->cached->head, "WWW-Authenticate")) {
retry_connection(conn, S_RESTART);
return;
}
}
if (h == 407) {
unsigned char *str;

View File

@ -16,15 +16,22 @@ static unsigned char base64_chars[] = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmno
unsigned char *
base64_encode(register unsigned char *in)
{
assert(in && *in);
if_assert_failed return NULL;
return base64_encode_bin(in, strlen(in), NULL);
}
unsigned char *
base64_encode_bin(register unsigned char *in, int inlen, int *outlen)
{
unsigned char *out;
unsigned char *outstr;
int inlen;
assert(in && *in);
if_assert_failed return NULL;
inlen = strlen(in);
out = outstr = mem_alloc((inlen / 3) * 4 + 4 + 1);
if (!out) return NULL;
@ -49,16 +56,29 @@ base64_encode(register unsigned char *in)
}
*out = 0;
if (outlen)
*outlen = out-outstr;
return outstr;
}
/* Base64 decoding is used only with the CONFIG_FORMHIST feature, so i'll #ifdef it */
#ifdef CONFIG_FORMHIST
/* Base64 decoding is used only with the CONFIG_FORMHIST or CONFIG_GSSAPI
feature, so i'll #ifdef it */
#if defined(CONFIG_FORMHIST) || defined(CONFIG_GSSAPI)
unsigned char *
base64_decode(register unsigned char *in)
{
assert(in && *in);
if_assert_failed return NULL;
return base64_decode_bin(in, strlen(in), NULL);
}
/* base64_decode: @in string to decode
* returns the string decoded (must be freed by the caller) */
unsigned char *
base64_decode(register unsigned char *in)
base64_decode_bin(register unsigned char *in, int inlen, int *outlen)
{
static unsigned char is_base64_char[256]; /* static to force initialization at zero */
static unsigned char decode[256];
@ -71,7 +91,7 @@ base64_decode(register unsigned char *in)
assert(in && *in);
if_assert_failed return NULL;
outstr = out = mem_alloc(strlen(in) / 4 * 3 + 1);
outstr = out = mem_alloc(inlen / 4 * 3 + 1);
if (!outstr) return NULL;
if (!once) {
@ -123,6 +143,10 @@ base64_decode(register unsigned char *in)
}
*out = 0;
if (outlen)
*outlen = out-outstr;
return outstr;
decode_error:

View File

@ -4,4 +4,7 @@
unsigned char *base64_encode(unsigned char *);
unsigned char *base64_decode(unsigned char *);
unsigned char *base64_encode_bin(unsigned char *, int, int *);
unsigned char *base64_decode_bin(unsigned char *, int, int *);
#endif