From c733d1a724dd5b71cae89818c12e99ccfe3d787b Mon Sep 17 00:00:00 2001 From: kzak Date: Mon, 12 Jun 2006 21:11:25 +0000 Subject: [PATCH] iproved negotiate-auth --- elinks-0.11.1-negotiate.patch | 151 +++++++++++++++++++--------------- elinks.spec | 5 +- 2 files changed, 88 insertions(+), 68 deletions(-) diff --git a/elinks-0.11.1-negotiate.patch b/elinks-0.11.1-negotiate.patch index 39ca145..33b23a9 100644 --- a/elinks-0.11.1-negotiate.patch +++ b/elinks-0.11.1-negotiate.patch @@ -1,5 +1,5 @@ --- elinks-0.11.1/Makefile.config.in.negotiate 2006-01-29 14:10:33.000000000 +0100 -+++ elinks-0.11.1/Makefile.config.in 2006-06-09 13:09:41.000000000 +0200 ++++ elinks-0.11.1/Makefile.config.in 2006-06-12 20:33:59.000000000 +0200 @@ -148,6 +148,7 @@ CONFIG_WIN32 = @CONFIG_WIN32@ CONFIG_XBEL_BOOKMARKS = @CONFIG_XBEL_BOOKMARKS@ @@ -9,7 +9,7 @@ DEFS = @DEFS@ CFLAGS = @CFLAGS@ --- elinks-0.11.1/config.h.in.negotiate 2006-01-29 14:10:46.000000000 +0100 -+++ elinks-0.11.1/config.h.in 2006-06-09 13:09:41.000000000 +0200 ++++ elinks-0.11.1/config.h.in 2006-06-12 20:33:59.000000000 +0200 @@ -84,6 +84,9 @@ /* Define if you want: gpm support */ #undef CONFIG_GPM @@ -21,7 +21,7 @@ #undef CONFIG_GUILE --- elinks-0.11.1/src/protocol/http/Makefile.negotiate 2006-01-29 14:10:39.000000000 +0100 -+++ elinks-0.11.1/src/protocol/http/Makefile 2006-06-09 13:09:41.000000000 +0200 ++++ elinks-0.11.1/src/protocol/http/Makefile 2006-06-12 20:33:59.000000000 +0200 @@ -1,6 +1,8 @@ top_builddir=../../.. include $(top_builddir)/Makefile.config @@ -32,7 +32,7 @@ include $(top_srcdir)/Makefile.lib --- /dev/null 2006-05-28 11:31:41.625940250 +0200 -+++ elinks-0.11.1/src/protocol/http/http_negotiate.h 2006-06-09 13:09:41.000000000 +0200 ++++ elinks-0.11.1/src/protocol/http/http_negotiate.h 2006-06-12 22:52:18.000000000 +0200 @@ -0,0 +1,16 @@ + +#ifndef EL__PROTOCOL_HTTP_HTTP_NEGOTIATE_H @@ -43,7 +43,7 @@ + + +int http_negotiate_input(struct connection *conn, struct uri *uri, -+ int type, unsigned char *data); ++ int type, unsigned char *data); + +int http_negotiate_output(struct uri *uri, struct string *header); + @@ -51,8 +51,8 @@ +#endif /* EL_PROTOCOL_HTTP_HTTP_NEGOTIATE_H */ + --- /dev/null 2006-05-28 11:31:41.625940250 +0200 -+++ elinks-0.11.1/src/protocol/http/http_negotiate.c 2006-06-09 13:14:25.000000000 +0200 -@@ -0,0 +1,259 @@ ++++ elinks-0.11.1/src/protocol/http/http_negotiate.c 2006-06-12 23:09:49.000000000 +0200 +@@ -0,0 +1,287 @@ +/* + * HTTP Negotiate authentication method -- based on GSSAPI + * @@ -96,6 +96,7 @@ + gss_ctx_id_t context; + gss_name_t server_name; + gss_buffer_desc output_token; ++ gss_buffer_desc input_token; +}; + +static INIT_LIST_HEAD(negotiate_list); @@ -143,6 +144,12 @@ + if (full && neg->server_name) + gss_release_name(&minor_status, &neg->server_name); + ++ if (full && neg->input_token.length != 0) { ++ /* allocated by mem_free().. so beter not use gss_release_buffer() */ ++ mem_free(neg->input_token.value); ++ neg->input_token.length = 0; ++ } ++ + if (full) + memset(neg, 0, sizeof(*neg)); +} @@ -170,7 +177,7 @@ + + token.length = strlen(service) + 1 + uri->hostlen + 1; + if (token.length + 1 > sizeof(name)) -+ return EMSGSIZE; ++ return -1; + + snprintf(name, token.length, "%s@%*s", service, uri->hostlen, uri->host); + @@ -225,15 +232,47 @@ + return 0; +} + ++static int ++http_negotiate_create_context(struct negotiate *neg) ++{ ++ OM_uint32 major_status, minor_status; ++ ++ major_status = gss_init_sec_context(&minor_status, ++ GSS_C_NO_CREDENTIAL, ++ &neg->context, ++ neg->server_name, ++ GSS_C_NO_OID, ++ GSS_C_DELEG_FLAG, ++ 0, ++ GSS_C_NO_CHANNEL_BINDINGS, ++ &neg->input_token, ++ NULL, ++ &neg->output_token, ++ NULL, ++ NULL); ++ neg->status = major_status; ++ ++ if (GSS_ERROR(major_status)) ++ return -1; ++ if (neg->output_token.length == 0) ++ return -1; ++ ++ return 0; ++} ++ ++/* ++ * Register new negotiate-auth request ++ * ++ * It's possible that server sends to client input token (at least ++ * libcurl supports it) in WWW-Authenticate header, but ususaly ++ * is this input token undefined. ++ */ +int +http_negotiate_input(struct connection *conn, struct uri *uri, + int type, unsigned char *data) +{ -+ OM_uint32 major_status, minor_status, minor_status2; -+ gss_buffer_desc input_token = GSS_C_EMPTY_BUFFER; -+ gss_buffer_desc output_token = GSS_C_EMPTY_BUFFER; + struct negotiate *neg; -+ int ret, isnew = 0; ++ int ret = 0, isnew = 0; + + neg = http_negotiate_get(uri, &isnew, 1); + @@ -250,41 +289,19 @@ + http_negotiate_cleanup(neg, 1); + return -1; + } -+ if (neg->server_name == NULL && (ret = http_negotiate_get_name(conn, neg))) -+ return ret; -+ if (data && http_negotiate_parse_data(data, type, &input_token)) ++ if (neg->server_name == NULL && http_negotiate_get_name(conn, neg) < 0) + return -1; -+ -+ major_status = gss_init_sec_context(&minor_status, -+ GSS_C_NO_CREDENTIAL, -+ &neg->context, -+ neg->server_name, -+ GSS_C_NO_OID, -+ GSS_C_DELEG_FLAG, -+ 0, -+ GSS_C_NO_CHANNEL_BINDINGS, -+ &input_token, -+ NULL, -+ &output_token, -+ NULL, -+ NULL); -+ if (input_token.length > 0) -+ gss_release_buffer(&minor_status2, &input_token); -+ neg->status = major_status; -+ -+ if (GSS_ERROR(major_status)) ++ if (data && http_negotiate_parse_data(data, type, &neg->input_token)) + return -1; -+ if (output_token.length == 0) -+ return -1; -+ -+ neg->output_token = output_token; -+ -+ if (isnew) ++ if ((ret=http_negotiate_create_context(neg)) == 0 && isnew) + http_negotiate_save(neg); + -+ return 0; ++ return ret; +} + ++/* ++ * Fill output token to "Authorization: Negotiate ". ++ */ +int +http_negotiate_output(struct uri *uri, struct string *header) +{ @@ -292,10 +309,18 @@ + char *encoded = NULL; + int len = 0; + -+ neg = http_negotiate_get(uri, NULL, 0); -+ if (neg==NULL || neg->output_token.length==0) ++ if (!(neg = http_negotiate_get(uri, NULL, 0))) + return -1; + ++ if (neg->output_token.length==0) { ++ if (http_negotiate_create_context(neg) < 0) { ++ /* full cleanup on error and ask for ++ new WWW-Authenticate from server */ ++ http_negotiate_cleanup(neg, 1); ++ return -1; ++ } ++ } ++ + encoded = base64_encode_bin((unsigned char *) neg->output_token.value, + neg->output_token.length, &len); + @@ -309,11 +334,14 @@ + add_crlf_to_string(header); + + http_negotiate_cleanup(neg, 0); ++ ++ mem_free(encoded); ++ + return 0; +} + --- elinks-0.11.1/src/protocol/http/http.c.negotiate 2006-01-29 14:10:39.000000000 +0100 -+++ elinks-0.11.1/src/protocol/http/http.c 2006-06-09 13:09:41.000000000 +0200 ++++ elinks-0.11.1/src/protocol/http/http.c 2006-06-12 23:06:57.000000000 +0200 @@ -47,6 +47,9 @@ #include "util/memory.h" #include "util/string.h" @@ -324,15 +352,7 @@ struct http_version { int major; -@@ -82,7 +85,6 @@ - int code; - }; - -- - static struct auth_entry proxy_auth; - - static unsigned char *accept_charset = NULL; -@@ -551,7 +553,7 @@ +@@ -551,7 +554,7 @@ int trace = get_opt_bool("protocol.http.trace"); struct string header; unsigned char *post_data = NULL; @@ -341,7 +361,7 @@ struct uri *uri = conn->proxied_uri; /* Set to the real uri */ unsigned char *optstr; int use_connect, talking_to_proxy; -@@ -808,7 +810,11 @@ +@@ -808,7 +811,11 @@ add_crlf_to_string(&header); } @@ -354,7 +374,7 @@ if (entry) { if (entry->digest) { unsigned char *response; -@@ -1327,12 +1333,12 @@ +@@ -1327,12 +1334,13 @@ return 0; } @@ -362,6 +382,7 @@ -static void -check_http_authentication(struct uri *uri, unsigned char *header, - unsigned char *header_field) ++/* returns 1 if we need retry the connection (for negotiate-auth only) */ +static int +check_http_authentication(struct connection *conn, struct uri *uri, + unsigned char *header, unsigned char *header_field) @@ -371,7 +392,7 @@ d = parse_header(header, header_field, &str); while (d) { -@@ -1358,10 +1364,24 @@ +@@ -1358,10 +1366,24 @@ mem_free(d); break; } @@ -397,19 +418,15 @@ } -@@ -1588,11 +1608,17 @@ +@@ -1588,11 +1610,13 @@ } if (h == 401) { - unsigned char *head = conn->cached->head; - - check_http_authentication(uri, head, "WWW-Authenticate"); -+ int ret = check_http_authentication(conn, uri, -+ conn->cached->head, "WWW-Authenticate"); -+ -+ -+ if (ret) { -+ // XXX: mem_free(conn->cached->head); ++ if (check_http_authentication(conn, uri, ++ conn->cached->head, "WWW-Authenticate")) { + retry_connection(conn, S_RESTART); + return; + } @@ -420,7 +437,7 @@ unsigned char *str; --- elinks-0.11.1/src/util/base64.c.negotiate 2006-01-29 14:10:39.000000000 +0100 -+++ elinks-0.11.1/src/util/base64.c 2006-06-09 13:09:41.000000000 +0200 ++++ elinks-0.11.1/src/util/base64.c 2006-06-12 20:33:59.000000000 +0200 @@ -17,14 +17,21 @@ unsigned char * base64_encode(register unsigned char *in) @@ -499,7 +516,7 @@ decode_error: --- elinks-0.11.1/src/util/base64.h.negotiate 2006-01-29 14:10:39.000000000 +0100 -+++ elinks-0.11.1/src/util/base64.h 2006-06-09 13:09:41.000000000 +0200 ++++ elinks-0.11.1/src/util/base64.h 2006-06-12 20:33:59.000000000 +0200 @@ -4,4 +4,7 @@ unsigned char *base64_encode(unsigned char *); unsigned char *base64_decode(unsigned char *); @@ -508,8 +525,8 @@ +unsigned char *base64_decode_bin(unsigned char *, int, int *); + #endif ---- elinks-0.11.1/configure.in.negotiate 2006-06-09 13:09:41.000000000 +0200 -+++ elinks-0.11.1/configure.in 2006-06-09 13:09:41.000000000 +0200 +--- elinks-0.11.1/configure.in.negotiate 2006-06-12 20:33:59.000000000 +0200 ++++ elinks-0.11.1/configure.in 2006-06-12 20:33:59.000000000 +0200 @@ -447,6 +447,30 @@ [ --without-idn disable international domain names support]) diff --git a/elinks.spec b/elinks.spec index 618db4d..25362bd 100644 --- a/elinks.spec +++ b/elinks.spec @@ -2,7 +2,7 @@ Name: elinks Summary: A text-mode Web browser. Version: 0.11.1 -Release: 3 +Release: 4 Source: http://elinks.or.cz/download/elinks-%{version}.tar.bz2 Group: Applications/Internet URL: http://elinks.or.cz/ @@ -91,6 +91,9 @@ rm -rf $RPM_BUILD_ROOT %{_mandir}/man5/* %changelog +* Mon Jun 12 2006 Karel Zak 0.11.1-4 +- improved negotiate-auth patch (faster now) + * Fri Jun 9 2006 Karel Zak 0.11.1-3 - added negotiate-auth (GSSAPI) support -- EXPERIMENTAL!