summaryrefslogtreecommitdiff
path: root/source4/lib/http
AgeCommit message (Collapse)AuthorFilesLines
2018-04-04libhttp: Fix CID 1273001 Dereference after null checkVolker Lendecke1-0/+1
Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
2018-03-01s4:lib: Add FALL_THROUGH statements in http.cAndreas Schneider1-1/+1
Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2017-08-16libhttp: Remove an unneeded includeVolker Lendecke1-1/+0
Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Wed Aug 16 04:11:47 CEST 2017 on sn-devel-144
2017-08-07s4:lib/http: pass down the target service/hostname to gensecStefan Metzmacher1-0/+21
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
2017-08-07s4:lib/http: add HTTP_AUTH_NEGOTIATE which maps to the "http_negotiate" ↵Stefan Metzmacher2-0/+5
gensec backend Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
2017-08-07s4:http/gensec: implement "http_negotiate" using GENSEC_OID_SPNEGOStefan Metzmacher1-0/+24
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
2017-08-07s4:http/gensec: make the "NTLM" base64 wrapping more genericStefan Metzmacher1-32/+107
We only need to know the prefix "NTLM" and the submech oid GENSEC_OID_NTLMSSP everything else can be generic. This should allow us to implement "Negotiate" with GENSEC_OID_SPNEGO trivial. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
2017-08-07s4:http/gensec: rename ntlm.c to generic.cStefan Metzmacher2-5/+5
Check with git show -C Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
2017-08-07s4:lib/http: pass a generic prefix blob to http_parse_auth_response()Stefan Metzmacher1-11/+13
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
2017-08-07s4:lib/http: use strcasecmp(h->key, "WWW-Authenticate") instead of strncasecmp()Stefan Metzmacher1-1/+4
The key is already normalized and should match completely. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
2017-08-07s4:lib/http: remove indentation level from http_parse_auth_response()Stefan Metzmacher1-10/+12
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
2017-08-07s4:lib/http: let http_read_response_send/recv() also consume the body if it ↵Stefan Metzmacher4-17/+76
fits into a max value We need to consume full HTTP responses from the socket during the authentication exchanges, otherwise our HTTP parser gets out of sync for the next requests. This will be important for gensec mechs which use an even number for authentication packets. I guess this should be done just based on the Content-Length value and not based on the response code. So far I saw bodies with 200 and 401 codes. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
2017-08-07s4:lib/http: lower HTTP_MAX_HEADER_SIZE from UINT_MAX to 0x1FFFFStefan Metzmacher1-1/+1
We don't need very large headers, the largest ones are "Authorization" or "WWW-Authenticate", but 128k should be more than enough for all headers. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
2017-07-25s4:lib/http: rewrite http_send_auth_request_*() using gensec_update_send/recvStefan Metzmacher2-186/+153
The new logic makes it much clearer that we have a loop of gensec_update_send() gensec_update_recv() http_send_request_send() http_send_request_recv() http_read_response_send() http_read_response_recv() Until the local gensec and the server are ready. I've tested this against Windows 2008R2 like this: bin/smbtorture \ -W BLA --realm=BLA.BASE \ -s /dev/null -Uadministrator%A1b2C3d4 \ ncacn_http:w2k8r2-219[593,RpcProxy=w2k8r2-219.bla.base,HttpUseTls=false,HttpAuthOption=basic] \ rpc.epmapper.epmapper.Lookup_simple \ and: bin/smbtorture \ -W BLA --realm=BLA.BASE \ -s /dev/null -Uadministrator%A1b2C3d4 \ ncacn_http:w2k8r2-219[593,RpcProxy=w2k8r2-219.bla.base,HttpUseTls=false,HttpAuthOption=ntlm] \ rpc.epmapper.epmapper.Lookup_simple \ Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
2017-07-21s4:http/gensec: add missing tevent_req_done() to gensec_http_ntlm_update_done()Stefan Metzmacher1-1/+1
This was missing in commit d718e92d5e145dccd492c46febc249e462ce50c6. Sadly we can't have automated tests for this as we only implement the client side for this protocol. I've tested with using: bin/smbtorture \ -W BLA --realm=BLA.BASE \ -s /dev/null -Uadministrator%A1b2C3d4 \ ncacn_http:w2k8r2-219[593,RpcProxy=w2k8r2-219.bla.base,HttpUseTls=false,HttpAuthOption=basic] \ rpc.epmapper.epmapper.Lookup_simple \ and: bin/smbtorture \ -W BLA --realm=BLA.BASE \ -s /dev/null -Uadministrator%A1b2C3d4 \ ncacn_http:w2k8r2-219[593,RpcProxy=w2k8r2-219.bla.base,HttpUseTls=false,HttpAuthOption=ntlm] \ rpc.epmapper.epmapper.Lookup_simple \ BUG: https://bugzilla.samba.org/show_bug.cgi?id=12919 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Fri Jul 21 23:29:39 CEST 2017 on sn-devel-144
2017-05-21s4:gensec/http_basic: add simple gensec_http_basic_update_send/recv() ↵Stefan Metzmacher1-6/+72
wrapper functions Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2017-05-21s4:gensec/http_ntlm: add implement gensec_http_ntlm_update_send/recv()Stefan Metzmacher1-31/+95
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2017-05-13gensec: Add a TALLOC_CTX * to gensec_register().Jeremy Allison2-2/+2
Pass in the TALLOC_CTX * from the module init to remove another talloc_autofree_context() use. Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
2017-04-22lib: modules: Change XXX_init interface from XXX_init(void) to ↵Jeremy Allison2-4/+4
XXX_init(TALLOC_CTX *) Not currently used - no logic changes inside. This will make it possible to pass down a long-lived talloc context from the loading function for modules to use instead of having them internally all use talloc_autofree_context() which is a hidden global. Updated all known module interface numbers, and added a WHATSNEW. Signed-off-by: Jeremy Allison <jra@samba.org> Signed-off-by: Ralph Böhme <slow@samba.org> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Sat Apr 22 01:17:00 CEST 2017 on sn-devel-144
2016-05-04lib: Give base64.c its own .hVolker Lendecke2-0/+2
Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
2016-04-26lib/http/http_auth: Fix CID 1273428 - Unchecked return valueRobin Hack1-0/+3
There is missing check of status value in http_auth.c:http_create_auth_request() which can leave values inside 'DATA_BLOB in' unitialized. http_auth.c:http_create_auth_request() calls http_auth.c:http_parse_auth_response() which can return NT_STATUS_NOT_SUPPORTED and which is not checked by caller and later passed as argument to other functions. For example: 'DATA_BLOB in' can be passed to auth/gensec/spnego.c:gensec_spnego_update() later: ... switch (spnego_state->state_position) { .. case SPNEGO_SERVER_START: if (in.length) { Signed-off-by: Robin Hack <hack.robin@gmail.com> Reviewed-by: Andreas Schneider <asn@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
2016-02-06dlist: remove unneeded type argument from DLIST_ADD_END()Michael Adam1-1/+1
Signed-off-by: Michael Adam <obnox@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
2015-03-03Fix the O3 developer buildVolker Lendecke1-2/+2
Different gcc versions complain at different places Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Alexander Bokovoy <ab@samba.org> Autobuild-User(master): Volker Lendecke <vl@samba.org> Autobuild-Date(master): Tue Mar 3 13:14:53 CET 2015 on sn-devel-104
2014-10-09ncacn_http: fix GNUismRalph Boehme1-2/+2
%a format conversion is a GNU extension, use the more portable %m. It's at least in SUSv4, supported by glibc since 2.7 and FreeBSD 10. Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Thu Oct 9 22:05:26 CEST 2014 on sn-devel-104
2014-09-22ncacn_http: Authentication modules for http librarySamuel Cabrero5-4/+645
Signed-off-by: Samuel Cabrero <samuelcabrero@kernevil.me> Reviewed-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2014-09-22ncacn_http: Add http librarySamuel Cabrero4-0/+1005
Signed-off-by: Samuel Cabrero <samuelcabrero@kernevil.me> Reviewed-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
generated by cgit v1.2.3 (git 2.25.1) at 2026-05-14 01:45:34 +0000