certmonger/0007-Add-Referer-header-option-to-the-submit-h-API.patch

156 lines
5.4 KiB
Diff
Raw Normal View History

From 4347ce74b0001c002cb449b8dd63819634e980ae Mon Sep 17 00:00:00 2001
From: Rob Crittenden <rcritten@redhat.com>
Date: Thu, 20 Aug 2020 16:55:36 -0400
Subject: [PATCH 07/11] Add Referer header option to the submit-h API
This will allow IPA API requests that require the Referer header
to be set.
---
src/dogtag.c | 2 +-
src/scep.c | 6 +++---
src/submit-d.c | 2 +-
src/submit-h.c | 20 +++++++++++++++-----
src/submit-h.h | 1 +
5 files changed, 21 insertions(+), 10 deletions(-)
diff --git a/src/dogtag.c b/src/dogtag.c
index faf81f97..d36ac008 100644
--- a/src/dogtag.c
+++ b/src/dogtag.c
@@ -691,7 +691,7 @@ main(int argc, const char **argv)
/* Submit the form(s). */
hctx = NULL;
while (url != NULL) {
- hctx = cm_submit_h_init(ctx, method, url, params, NULL, NULL,
+ hctx = cm_submit_h_init(ctx, method, url, params, NULL, NULL, NULL,
cainfo, capath, sslcert, sslkey, sslpin,
cm_submit_h_negotiate_off,
cm_submit_h_delegate_off,
diff --git a/src/scep.c b/src/scep.c
index c74ca574..e384e8da 100644
--- a/src/scep.c
+++ b/src/scep.c
@@ -496,7 +496,7 @@ main(int argc, const char **argv)
}
/* Submit the first request. */
- hctx = cm_submit_h_init(ctx, "GET", url, params, NULL, NULL,
+ hctx = cm_submit_h_init(ctx, "GET", url, params, NULL, NULL, NULL,
cainfo, NULL, NULL, NULL, NULL,
cm_submit_h_negotiate_off,
cm_submit_h_delegate_off,
@@ -593,7 +593,7 @@ main(int argc, const char **argv)
}
/* Submit a second HTTP request if we have one to make. */
if (params2 != NULL) {
- hctx = cm_submit_h_init(ctx, "GET", url, params2, NULL, NULL,
+ hctx = cm_submit_h_init(ctx, "GET", url, params2, NULL, NULL, NULL,
NULL, NULL, NULL, NULL, NULL,
cm_submit_h_negotiate_off,
cm_submit_h_delegate_off,
@@ -794,7 +794,7 @@ main(int argc, const char **argv)
OP_GET_CA_CERT
"&message=%d", i++);
hctx = cm_submit_h_init(ctx, "GET", url, params,
- NULL, NULL, NULL, NULL,
+ NULL, NULL, NULL, NULL, NULL,
NULL, NULL, NULL,
cm_submit_h_negotiate_off,
cm_submit_h_delegate_off,
diff --git a/src/submit-d.c b/src/submit-d.c
index 3adaa4a6..f1877c34 100644
--- a/src/submit-d.c
+++ b/src/submit-d.c
@@ -1188,7 +1188,7 @@ restart:
fprintf(stderr, "url = \"%s%s%s\"\n", uri,
params ? "?" : "", params ? params : "");
}
- hctx = cm_submit_h_init(ctx, method, uri, params, NULL, NULL,
+ hctx = cm_submit_h_init(ctx, method, uri, params, NULL, NULL, NULL,
cainfo, capath, sslcert, sslkey, sslpin,
cm_submit_h_negotiate_off,
cm_submit_h_delegate_off,
diff --git a/src/submit-h.c b/src/submit-h.c
index 9b507dbe..c04909b1 100644
--- a/src/submit-h.c
+++ b/src/submit-h.c
@@ -51,7 +51,7 @@
struct cm_submit_h_context {
int ret;
long response_code;
- char *method, *uri, *args, *accept, *ctype, *cainfo, *capath, *result;
+ char *method, *uri, *args, *accept, *ctype, *referer, *cainfo, *capath, *result;
int result_length;
char *sslcert, *sslkey, *sslpass;
enum cm_submit_h_opt_negotiate negotiate;
@@ -66,7 +66,7 @@ struct cm_submit_h_context *
cm_submit_h_init(void *parent,
const char *method, const char *uri, const char *args,
const char *content_type, const char *accept,
- const char *cainfo, const char *capath,
+ const char *referer, const char *cainfo, const char *capath,
const char *sslcert, const char *sslkey, const char *sslpass,
enum cm_submit_h_opt_negotiate neg,
enum cm_submit_h_opt_delegate del,
@@ -84,6 +84,7 @@ cm_submit_h_init(void *parent,
ctx->ctype = content_type ?
talloc_strdup(ctx, content_type) :
NULL;
+ ctx->referer = referer ? talloc_strdup(ctx, referer) : NULL;
ctx->accept = accept ? talloc_strdup(ctx, accept) : NULL;
ctx->cainfo = cainfo ? talloc_strdup(ctx, cainfo) : NULL;
ctx->capath = capath ? talloc_strdup(ctx, capath) : NULL;
@@ -180,10 +181,11 @@ cm_submit_h_run(struct cm_submit_h_context *ctx)
}
}
if (ctx->negotiate == cm_submit_h_negotiate_on) {
-#if defined(CURLOPT_HTTPAUTH) && defined(CURLAUTH_GSSNEGOTIATE)
+#if defined(CURLAUTH_NEGOTIATE)
curl_easy_setopt(ctx->curl,
CURLOPT_HTTPAUTH,
- CURLAUTH_GSSNEGOTIATE);
+ CURLAUTH_NEGOTIATE);
+ curl_easy_setopt(ctx->curl, CURLOPT_USERPWD, ":");
#else
cm_log(-1,
"warning: libcurl doesn't appear to support "
@@ -243,6 +245,14 @@ cm_submit_h_run(struct cm_submit_h_context *ctx)
header);
}
}
+ if (ctx->referer != NULL) {
+ header = talloc_asprintf(ctx, "Referer: %s",
+ ctx->referer);
+ if (header != NULL) {
+ headers = curl_slist_append(headers,
+ header);
+ }
+ }
curl_easy_setopt(ctx->curl, CURLOPT_HTTPHEADER, headers);
curl_easy_setopt(ctx->curl, CURLOPT_WRITEFUNCTION,
append_result);
@@ -415,7 +425,7 @@ main(int argc, const char **argv)
}
ctx = cm_submit_h_init(NULL, method, url, poptGetArg(pctx),
- ctype, accept,
+ ctype, accept, NULL,
cainfo, capath, sslcert, sslkey, sslpass,
negotiate, negotiate_delegate,
clientauth, cm_submit_h_env_modify_on,
diff --git a/src/submit-h.h b/src/submit-h.h
index 931cc890..b33544af 100644
--- a/src/submit-h.h
+++ b/src/submit-h.h
@@ -45,6 +45,7 @@ struct cm_submit_h_context *cm_submit_h_init(void *parent,
const char *args,
const char *content_type,
const char *accept,
+ const char *referer,
const char *cainfo,
const char *capath,
const char *sslcert,
--
2.25.4