[libsoup/wip/tpopela/negotiate] Define SoupAuthNegotiate unconditionally and fail the authentication if libsoup was compiled without
- From: Tomas Popela <tpopela src gnome org>
- To: commits-list gnome org
- Cc:
- Subject: [libsoup/wip/tpopela/negotiate] Define SoupAuthNegotiate unconditionally and fail the authentication if libsoup was compiled without
- Date: Mon, 8 Feb 2016 15:33:49 +0000 (UTC)
commit c6ab791afd8f2fd27ea7a5286edafec0d8c2efd4
Author: Tomas Popela <tpopela redhat com>
Date: Mon Feb 8 14:55:56 2016 +0100
Define SoupAuthNegotiate unconditionally and fail the authentication if libsoup was compiled without
GSSAPI support
Also remove the define that we were passing to CFLAGS inside the pkgconfig file,
but introduce the soup_auth_negotiate_supported variable that will reflect if
the libsoup was build with GSSAPI support or not.
configure.ac | 5 -
examples/get.c | 12 ++--
libsoup-2.4.pc.in | 2 +-
libsoup/libsoup-2.4.sym | 1 +
libsoup/soup-auth-manager.c | 7 +--
libsoup/soup-auth-negotiate.c | 186 +++++++++++++++++++++++------------------
libsoup/soup-auth-negotiate.h | 4 -
libsoup/soup-auth.h | 4 +-
8 files changed, 115 insertions(+), 106 deletions(-)
---
diff --git a/configure.ac b/configure.ac
index 1468b3f..60e3f1c 100644
--- a/configure.ac
+++ b/configure.ac
@@ -317,8 +317,6 @@ AC_DEFINE_UNQUOTED(NTLM_AUTH, "$ntlm_auth", [Samba's 'winbind' daemon helper 'nt
AX_CODE_COVERAGE
-libsoup_have_gssapi=""
-
dnl **********************
dnl *** GSSAPI support ***
dnl **********************
@@ -330,7 +328,6 @@ if test "x$KRB5_CONFIG" != "xnone"; then
AC_SUBST(KRB5_LIBS)
if test "$KRB5_CONFIG" != none; then
AC_DEFINE(LIBSOUP_HAVE_GSSAPI, 1, [Whether or not gssapi libs are available])
- libsoup_have_gssapi="1"
fi
fi
@@ -357,8 +354,6 @@ dnl *************************
dnl *** Output Everything ***
dnl *************************
-AC_SUBST(libsoup_have_gssapi)
-
AC_CONFIG_HEADERS([config.h])
AC_CONFIG_FILES([
libsoup-2.4.pc
diff --git a/examples/get.c b/examples/get.c
index 104dbab..5694baf 100644
--- a/examples/get.c
+++ b/examples/get.c
@@ -94,9 +94,9 @@ get_url (const char *url)
static const char *ca_file, *proxy;
static gboolean synchronous, ntlm;
-#if LIBSOUP_HAVE_GSSAPI
+#ifdef LIBSOUP_HAVE_GSSAPI
static gboolean negotiate;
-#endif
+#endif /* LIBSOUP_HAVE_GSSAPI */
static GOptionEntry entries[] = {
{ "ca-file", 'c', 0,
@@ -111,11 +111,11 @@ static GOptionEntry entries[] = {
{ "ntlm", 'n', 0,
G_OPTION_ARG_NONE, &ntlm,
"Use NTLM authentication", NULL },
-#if LIBSOUP_HAVE_GSSAPI
+#ifdef LIBSOUP_HAVE_GSSAPI
{ "negotiate", 'N', 0,
G_OPTION_ARG_NONE, &negotiate,
"Use Negotiate authentication", NULL },
-#endif
+#endif /* LIBSOUP_HAVE_GSSAPI */
{ "output", 'o', 0,
G_OPTION_ARG_STRING, &output_file_path,
"Write the received data to FILE instead of stdout", "FILE" },
@@ -195,12 +195,12 @@ main (int argc, char **argv)
soup_uri_free (proxy_uri);
}
-#if LIBSOUP_HAVE_GSSAPI
+#ifdef LIBSOUP_HAVE_GSSAPI
if (negotiate) {
soup_session_add_feature_by_type (session,
SOUP_TYPE_AUTH_NEGOTIATE);
}
-#endif
+#endif /* LIBSOUP_HAVE_GSSAPI */
if (!synchronous)
loop = g_main_loop_new (NULL, TRUE);
diff --git a/libsoup-2.4.pc.in b/libsoup-2.4.pc.in
index 8b05cbc..1394939 100644
--- a/libsoup-2.4.pc.in
+++ b/libsoup-2.4.pc.in
@@ -9,4 +9,4 @@ Version: @VERSION@
Requires: glib-2.0 gobject-2.0 gio-2.0
Requires.private: libxml-2.0
Libs: -L${libdir} -lsoup-2.4
-Cflags: -I${includedir}/libsoup-2.4 -DLIBSOUP_HAVE_GSSAPI= libsoup_have_gssapi@
+Cflags: -I${includedir}/libsoup-2.4
diff --git a/libsoup/libsoup-2.4.sym b/libsoup/libsoup-2.4.sym
index 11833cb..f646ef4 100644
--- a/libsoup/libsoup-2.4.sym
+++ b/libsoup/libsoup-2.4.sym
@@ -80,6 +80,7 @@ soup_auth_is_ready
soup_auth_manager_get_type
soup_auth_manager_use_auth
soup_auth_negotiate_get_type
+soup_auth_negotiate_supported
soup_auth_new
soup_auth_ntlm_get_type
soup_auth_save_password
diff --git a/libsoup/soup-auth-manager.c b/libsoup/soup-auth-manager.c
index 41ccd03..c17b4e1 100644
--- a/libsoup/soup-auth-manager.c
+++ b/libsoup/soup-auth-manager.c
@@ -13,16 +13,13 @@
#include "soup-auth-manager.h"
#include "soup.h"
+#include "soup-auth-negotiate.h"
#include "soup-connection-auth.h"
#include "soup-message-private.h"
#include "soup-message-queue.h"
#include "soup-path-map.h"
#include "soup-session-private.h"
-#if LIBSOUP_HAVE_GSSAPI
-#include "soup-auth-negotiate.h"
-#endif
-
/**
* SECTION:soup-auth-manager
* @short_description: HTTP client-side authentication handler
@@ -489,10 +486,8 @@ authenticate_auth (SoupAuthManager *manager, SoupAuth *auth,
} else
uri = soup_message_get_uri (msg);
-#if LIBSOUP_HAVE_GSSAPI
if (SOUP_IS_AUTH_NEGOTIATE (auth))
return;
-#endif
/* If a password is specified explicitly in the URI, use it
* even if the auth had previously already been authenticated.
diff --git a/libsoup/soup-auth-negotiate.c b/libsoup/soup-auth-negotiate.c
index 6f8bb24..1e8812a 100644
--- a/libsoup/soup-auth-negotiate.c
+++ b/libsoup/soup-auth-negotiate.c
@@ -9,11 +9,11 @@
#include <config.h>
#endif
-#if LIBSOUP_HAVE_GSSAPI
-
#include <string.h>
+#ifdef LIBSOUP_HAVE_GSSAPI
#include <gssapi/gssapi.h>
+#endif /* LIBSOUP_HAVE_GSSAPI */
#include "soup-auth-negotiate.h"
#include "soup-headers.h"
@@ -22,6 +22,12 @@
#include "soup-misc.h"
#include "soup-uri.h"
+#ifdef LIBSOUP_HAVE_GSSAPI
+const gboolean soup_auth_negotiate_supported = TRUE;
+#else
+const gboolean soup_auth_negotiate_supported = FALSE;
+#endif /* LIBSOUP_HAVE_GSSAPI */
+
typedef struct {
gulong got_headers_signal_id;
} SoupAuthNegotiatePrivate;
@@ -43,22 +49,24 @@ typedef enum {
typedef struct {
SoupNegotiateState state;
+#ifdef LIBSOUP_HAVE_GSSAPI
gss_ctx_id_t context;
gss_name_t server_name;
+#endif /* LIBSOUP_HAVE_GSSAPI */
gchar *response_header;
gboolean initialized;
} SoupNegotiateConnectionState;
-static gboolean soup_gss_build_response (SoupNegotiateConnectionState *conn,
- SoupAuth *auth, GError **err);
-static void parse_trusted_uris (void);
+#ifdef LIBSOUP_HAVE_GSSAPI
static gboolean check_auth_trusted_uri (SoupAuthNegotiate *negotiate,
SoupMessage *msg);
+static gboolean soup_gss_build_response (SoupNegotiateConnectionState *conn,
+ SoupAuth *auth, GError **err);
static void soup_gss_client_cleanup (SoupNegotiateConnectionState *conn);
+static gboolean soup_gss_client_inquire_cred (SoupAuth *auth, GError **err);
static gboolean soup_gss_client_init (SoupNegotiateConnectionState *conn,
const char *host, GError **err);
-static gboolean soup_gss_client_inquire_cred (SoupAuth *auth, GError **err);
static int soup_gss_client_step (SoupNegotiateConnectionState *conn,
const char *host, GError **err);
@@ -67,6 +75,12 @@ static const gss_OID_desc gss_mech_spnego = { sizeof (spnego_OID), (void *) &spn
static GSList *trusted_uris;
+static void parse_trusted_uris (void);
+
+static void check_server_response (SoupMessage *msg, gpointer state);
+static void remove_server_response_handler (SoupMessage *msg, gpointer state);
+#endif /* LIBSOUP_HAVE_GSSAPI */
+
static void
soup_auth_negotiate_init (SoupAuthNegotiate *negotiate)
{
@@ -86,21 +100,20 @@ soup_auth_negotiate_free_connection_state (SoupConnectionAuth *auth,
SoupAuthNegotiatePrivate *priv = SOUP_AUTH_NEGOTIATE_GET_PRIVATE (negotiate);
SoupNegotiateConnectionState *conn = state;
+#ifdef LIBSOUP_HAVE_GSSAPI
soup_gss_client_cleanup (conn);
-
+#endif /* LIBSOUP_HAVE_GSSAPI */
g_free (conn->response_header);
priv->got_headers_signal_id = 0;
}
-static void remove_server_response_handler (SoupMessage *msg, gpointer state);
-static void check_server_response (SoupMessage *msg, gpointer state);
-
static gboolean
soup_auth_negotiate_update_connection (SoupConnectionAuth *auth, SoupMessage *msg,
const char *header, gpointer state)
{
SoupNegotiateConnectionState *conn = state;
+#ifdef LIBSOUP_HAVE_GSSAPI
SoupAuthNegotiate *negotiate = SOUP_AUTH_NEGOTIATE (auth);
SoupAuthNegotiatePrivate *priv = SOUP_AUTH_NEGOTIATE_GET_PRIVATE (negotiate);
GError *err = NULL;
@@ -150,6 +163,11 @@ soup_auth_negotiate_update_connection (SoupConnectionAuth *auth, SoupMessage *ms
}
g_clear_error (&err);
return FALSE;
+#else
+ conn->state = SOUP_NEGOTIATE_FAILED;
+
+ return FALSE;
+#endif /* LIBSOUP_HAVE_GSSAPI */
}
static GSList *
@@ -180,6 +198,7 @@ static gboolean
soup_auth_negotiate_is_authenticated (SoupAuth *auth)
{
gboolean has_credentials = FALSE;
+#ifdef LIBSOUP_HAVE_GSSAPI
GError *err = NULL;
has_credentials = soup_gss_client_inquire_cred (auth, &err);
@@ -188,49 +207,10 @@ soup_auth_negotiate_is_authenticated (SoupAuth *auth)
g_warning ("%s", err->message);
g_clear_error (&err);
-
+#endif /* LIBSOUP_HAVE_GSSAPI */
return has_credentials;
}
-static void
-check_server_response (SoupMessage *msg, gpointer state)
-{
- gint ret;
- const char *auth_headers;
- SoupNegotiateConnectionState *conn = state;
- GError *err = NULL;
-
- if (msg->status_code == SOUP_STATUS_UNAUTHORIZED)
- return;
-
- /* FIXME: need to check for proxy-auth too */
- auth_headers = soup_message_headers_get_one (msg->response_headers,
- "WWW-Authenticate");
- if (!auth_headers || g_ascii_strncasecmp (auth_headers, "Negotiate ", 10) != 0) {
- g_warning ("Failed to parse auth header %s", auth_headers);
- conn->state = SOUP_NEGOTIATE_FAILED;
- goto out;
- }
-
- ret = soup_gss_client_step (conn, auth_headers + 10, &err);
-
- if (ret != AUTH_GSS_COMPLETE) {
- if (err)
- g_warning ("%s", err->message);
- conn->state = SOUP_NEGOTIATE_FAILED;
- }
- out:
- g_clear_error (&err);
-}
-
-static void
-remove_server_response_handler (SoupMessage *msg, gpointer state)
-{
- g_signal_handlers_disconnect_by_func (msg,
- G_CALLBACK (check_server_response),
- state);
-}
-
static char *
soup_auth_negotiate_get_connection_authorization (SoupConnectionAuth *auth,
SoupMessage *msg,
@@ -280,50 +260,49 @@ soup_auth_negotiate_class_init (SoupAuthNegotiateClass *auth_negotiate_class)
conn_auth_class->get_connection_authorization = soup_auth_negotiate_get_connection_authorization;
conn_auth_class->is_connection_ready = soup_auth_negotiate_is_connection_ready;
+#ifdef LIBSOUP_HAVE_GSSAPI
parse_trusted_uris ();
+#endif /* LIBSOUP_HAVE_GSSAPI */
}
-static gboolean
-soup_gss_build_response (SoupNegotiateConnectionState *conn, SoupAuth *auth, GError **err)
-{
- if (!conn->initialized &&
- !soup_gss_client_init (conn, soup_auth_get_host (SOUP_AUTH (auth)), err))
- return FALSE;
-
- if (soup_gss_client_step (conn, "", err) != AUTH_GSS_CONTINUE)
- return FALSE;
-
- return TRUE;
-}
-
-/* Parses a comma separated list of URIS from the environment. */
+#ifdef LIBSOUP_HAVE_GSSAPI
static void
-parse_trusted_uris (void)
+check_server_response (SoupMessage *msg, gpointer state)
{
- gchar **uris = NULL;
- const gchar *env;
- gint i;
- guint length;
-
- /* Initialize the list */
- trusted_uris = NULL;
+ gint ret;
+ const char *auth_headers;
+ GError *err = NULL;
+ SoupNegotiateConnectionState *conn = state;
- if (!(env = g_getenv ("SOUP_AUTH_TRUSTED_URIS")))
+ if (msg->status_code == SOUP_STATUS_UNAUTHORIZED)
return;
- if (!(uris = g_strsplit (env, ",", -1)))
- return;
+ /* FIXME: need to check for proxy-auth too */
+ auth_headers = soup_message_headers_get_one (msg->response_headers,
+ "WWW-Authenticate");
+ if (!auth_headers || g_ascii_strncasecmp (auth_headers, "Negotiate ", 10) != 0) {
+ g_warning ("Failed to parse auth header %s", auth_headers);
+ conn->state = SOUP_NEGOTIATE_FAILED;
+ goto out;
+ }
- length = g_strv_length (uris);
- for (i = 0; i < length; i++) {
- SoupURI *uri;
+ ret = soup_gss_client_step (conn, auth_headers + 10, &err);
- /* If the supplied URI is valid, append it to the list */
- if ((uri = soup_uri_new (uris[i])))
- trusted_uris = g_slist_prepend (trusted_uris, uri);
+ if (ret != AUTH_GSS_COMPLETE) {
+ if (err)
+ g_warning ("%s", err->message);
+ conn->state = SOUP_NEGOTIATE_FAILED;
}
+ out:
+ g_clear_error (&err);
+}
- g_strfreev (uris);
+static void
+remove_server_response_handler (SoupMessage *msg, gpointer state)
+{
+ g_signal_handlers_disconnect_by_func (msg,
+ G_CALLBACK (check_server_response),
+ state);
}
/* check if scheme://host:port from msg matches the trusted uri */
@@ -368,6 +347,36 @@ match_base_uri (SoupURI *trusted_uri, SoupURI *msg_uri)
return 0;
}
+/* Parses a comma separated list of URIS from the environment. */
+static void
+parse_trusted_uris (void)
+{
+ gchar **uris = NULL;
+ const gchar *env;
+ gint i;
+ guint length;
+
+ /* Initialize the list */
+ trusted_uris = NULL;
+
+ if (!(env = g_getenv ("SOUP_AUTH_TRUSTED_URIS")))
+ return;
+
+ if (!(uris = g_strsplit (env, ",", -1)))
+ return;
+
+ length = g_strv_length (uris);
+ for (i = 0; i < length; i++) {
+ SoupURI *uri;
+
+ /* If the supplied URI is valid, append it to the list */
+ if ((uri = soup_uri_new (uris[i])))
+ trusted_uris = g_slist_prepend (trusted_uris, uri);
+ }
+
+ g_strfreev (uris);
+}
+
static gboolean
check_auth_trusted_uri (SoupAuthNegotiate *negotiate, SoupMessage *msg)
{
@@ -390,6 +399,19 @@ check_auth_trusted_uri (SoupAuthNegotiate *negotiate, SoupMessage *msg)
return matched ? TRUE : FALSE;
}
+static gboolean
+soup_gss_build_response (SoupNegotiateConnectionState *conn, SoupAuth *auth, GError **err)
+{
+ if (!conn->initialized &&
+ !soup_gss_client_init (conn, soup_auth_get_host (SOUP_AUTH (auth)), err))
+ return FALSE;
+
+ if (soup_gss_client_step (conn, "", err) != AUTH_GSS_CONTINUE)
+ return FALSE;
+
+ return TRUE;
+}
+
static void
soup_gss_error (OM_uint32 err_maj, OM_uint32 err_min, GError **err)
{
diff --git a/libsoup/soup-auth-negotiate.h b/libsoup/soup-auth-negotiate.h
index dd565e4..dbdfc3c 100644
--- a/libsoup/soup-auth-negotiate.h
+++ b/libsoup/soup-auth-negotiate.h
@@ -6,8 +6,6 @@
#ifndef SOUP_AUTH_NEGOTIATE_H
#define SOUP_AUTH_NEGOTIATE_H 1
-#if LIBSOUP_HAVE_GSSAPI
-
#include "soup-connection-auth.h"
#define SOUP_AUTH_NEGOTIATE(object) (G_TYPE_CHECK_INSTANCE_CAST ((object), SOUP_TYPE_AUTH_NEGOTIATE,
SoupAuthNegotiate))
@@ -26,6 +24,4 @@ typedef struct {
} SoupAuthNegotiateClass;
-#endif /* LIBSOUP_HAVE_GSSAPI */
-
#endif /* SOUP_AUTH_NEGOTIATE_H */
diff --git a/libsoup/soup-auth.h b/libsoup/soup-auth.h
index b83eb6e..c2c730f 100644
--- a/libsoup/soup-auth.h
+++ b/libsoup/soup-auth.h
@@ -99,10 +99,8 @@ GType soup_auth_basic_get_type (void);
GType soup_auth_digest_get_type (void);
#define SOUP_TYPE_AUTH_NTLM (soup_auth_ntlm_get_type ())
GType soup_auth_ntlm_get_type (void);
-#if LIBSOUP_HAVE_GSSAPI
#define SOUP_TYPE_AUTH_NEGOTIATE (soup_auth_negotiate_get_type ())
GType soup_auth_negotiate_get_type (void);
-#endif
/* Deprecated SoupPasswordManager-related APIs: all are now no-ops */
SOUP_AVAILABLE_IN_2_28
@@ -123,6 +121,8 @@ void soup_auth_has_saved_password (SoupAuth *auth,
const char *username,
const char *password);
+extern const gboolean soup_auth_negotiate_supported;
+
G_END_DECLS
#endif /* SOUP_AUTH_H */
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]
