Commit cff0d9b1 by Edward Thomson Committed by Edward Thomson

http: refactor GSSAPI / negotiate / NTLM auth

Name the GSSAPI and ntlmclient authentication providers as such. Today
they're named after the authentication mechanism ("Negotiate", "NTLM")
instead of their implementation.

If we have competing implementations for the same mechanism (eg, a
future Windows SSPI-based provider for Negotiate and NTLM) then this
will get confusing.
parent f68f542e
...@@ -20,13 +20,13 @@ ...@@ -20,13 +20,13 @@
#include <krb5.h> #include <krb5.h>
#endif #endif
static gss_OID_desc negotiate_oid_spnego = static gss_OID_desc gssapi_oid_spnego =
{ 6, (void *) "\x2b\x06\x01\x05\x05\x02" }; { 6, (void *) "\x2b\x06\x01\x05\x05\x02" };
static gss_OID_desc negotiate_oid_krb5 = static gss_OID_desc gssapi_oid_krb5 =
{ 9, (void *) "\x2a\x86\x48\x86\xf7\x12\x01\x02\x02" }; { 9, (void *) "\x2a\x86\x48\x86\xf7\x12\x01\x02\x02" };
static gss_OID negotiate_oids[] = static gss_OID gssapi_oids[] =
{ &negotiate_oid_spnego, &negotiate_oid_krb5, NULL }; { &gssapi_oid_spnego, &gssapi_oid_krb5, NULL };
typedef struct { typedef struct {
git_http_auth_context parent; git_http_auth_context parent;
...@@ -36,9 +36,9 @@ typedef struct { ...@@ -36,9 +36,9 @@ typedef struct {
char *challenge; char *challenge;
gss_ctx_id_t gss_context; gss_ctx_id_t gss_context;
gss_OID oid; gss_OID oid;
} http_auth_negotiate_context; } http_auth_gssapi_context;
static void negotiate_err_set( static void gssapi_err_set(
OM_uint32 status_major, OM_uint32 status_major,
OM_uint32 status_minor, OM_uint32 status_minor,
const char *message) const char *message)
...@@ -58,11 +58,11 @@ static void negotiate_err_set( ...@@ -58,11 +58,11 @@ static void negotiate_err_set(
} }
} }
static int negotiate_set_challenge( static int gssapi_set_challenge(
git_http_auth_context *c, git_http_auth_context *c,
const char *challenge) const char *challenge)
{ {
http_auth_negotiate_context *ctx = (http_auth_negotiate_context *)c; http_auth_gssapi_context *ctx = (http_auth_gssapi_context *)c;
GIT_ASSERT_ARG(ctx); GIT_ASSERT_ARG(ctx);
GIT_ASSERT_ARG(challenge); GIT_ASSERT_ARG(challenge);
...@@ -76,7 +76,7 @@ static int negotiate_set_challenge( ...@@ -76,7 +76,7 @@ static int negotiate_set_challenge(
return 0; return 0;
} }
static void negotiate_context_dispose(http_auth_negotiate_context *ctx) static void gssapi_context_dispose(http_auth_gssapi_context *ctx)
{ {
OM_uint32 status_minor; OM_uint32 status_minor;
...@@ -92,12 +92,12 @@ static void negotiate_context_dispose(http_auth_negotiate_context *ctx) ...@@ -92,12 +92,12 @@ static void negotiate_context_dispose(http_auth_negotiate_context *ctx)
ctx->challenge = NULL; ctx->challenge = NULL;
} }
static int negotiate_next_token( static int gssapi_next_token(
git_str *buf, git_str *buf,
git_http_auth_context *c, git_http_auth_context *c,
git_credential *cred) git_credential *cred)
{ {
http_auth_negotiate_context *ctx = (http_auth_negotiate_context *)c; http_auth_gssapi_context *ctx = (http_auth_gssapi_context *)c;
OM_uint32 status_major, status_minor; OM_uint32 status_major, status_minor;
gss_buffer_desc target_buffer = GSS_C_EMPTY_BUFFER, gss_buffer_desc target_buffer = GSS_C_EMPTY_BUFFER,
input_token = GSS_C_EMPTY_BUFFER, input_token = GSS_C_EMPTY_BUFFER,
...@@ -126,7 +126,7 @@ static int negotiate_next_token( ...@@ -126,7 +126,7 @@ static int negotiate_next_token(
GSS_C_NT_HOSTBASED_SERVICE, &server); GSS_C_NT_HOSTBASED_SERVICE, &server);
if (GSS_ERROR(status_major)) { if (GSS_ERROR(status_major)) {
negotiate_err_set(status_major, status_minor, gssapi_err_set(status_major, status_minor,
"could not parse principal"); "could not parse principal");
error = -1; error = -1;
goto done; goto done;
...@@ -152,10 +152,10 @@ static int negotiate_next_token( ...@@ -152,10 +152,10 @@ static int negotiate_next_token(
input_token.length = input_buf.size; input_token.length = input_buf.size;
input_token_ptr = &input_token; input_token_ptr = &input_token;
} else if (ctx->gss_context != GSS_C_NO_CONTEXT) { } else if (ctx->gss_context != GSS_C_NO_CONTEXT) {
negotiate_context_dispose(ctx); gssapi_context_dispose(ctx);
} }
mech = &negotiate_oid_spnego; mech = &gssapi_oid_spnego;
status_major = gss_init_sec_context( status_major = gss_init_sec_context(
&status_minor, &status_minor,
...@@ -173,14 +173,14 @@ static int negotiate_next_token( ...@@ -173,14 +173,14 @@ static int negotiate_next_token(
NULL); NULL);
if (GSS_ERROR(status_major)) { if (GSS_ERROR(status_major)) {
negotiate_err_set(status_major, status_minor, "negotiate failure"); gssapi_err_set(status_major, status_minor, "negotiate failure");
error = -1; error = -1;
goto done; goto done;
} }
/* This message merely told us auth was complete; we do not respond. */ /* This message merely told us auth was complete; we do not respond. */
if (status_major == GSS_S_COMPLETE) { if (status_major == GSS_S_COMPLETE) {
negotiate_context_dispose(ctx); gssapi_context_dispose(ctx);
ctx->complete = 1; ctx->complete = 1;
goto done; goto done;
} }
...@@ -204,20 +204,20 @@ done: ...@@ -204,20 +204,20 @@ done:
return error; return error;
} }
static int negotiate_is_complete(git_http_auth_context *c) static int gssapi_is_complete(git_http_auth_context *c)
{ {
http_auth_negotiate_context *ctx = (http_auth_negotiate_context *)c; http_auth_gssapi_context *ctx = (http_auth_gssapi_context *)c;
GIT_ASSERT_ARG(ctx); GIT_ASSERT_ARG(ctx);
return (ctx->complete == 1); return (ctx->complete == 1);
} }
static void negotiate_context_free(git_http_auth_context *c) static void gssapi_context_free(git_http_auth_context *c)
{ {
http_auth_negotiate_context *ctx = (http_auth_negotiate_context *)c; http_auth_gssapi_context *ctx = (http_auth_gssapi_context *)c;
negotiate_context_dispose(ctx); gssapi_context_dispose(ctx);
ctx->configured = 0; ctx->configured = 0;
ctx->complete = 0; ctx->complete = 0;
...@@ -226,8 +226,8 @@ static void negotiate_context_free(git_http_auth_context *c) ...@@ -226,8 +226,8 @@ static void negotiate_context_free(git_http_auth_context *c)
git__free(ctx); git__free(ctx);
} }
static int negotiate_init_context( static int gssapi_init_context(
http_auth_negotiate_context *ctx, http_auth_gssapi_context *ctx,
const git_net_url *url) const git_net_url *url)
{ {
OM_uint32 status_major, status_minor; OM_uint32 status_major, status_minor;
...@@ -239,13 +239,13 @@ static int negotiate_init_context( ...@@ -239,13 +239,13 @@ static int negotiate_init_context(
status_major = gss_indicate_mechs(&status_minor, &mechanism_list); status_major = gss_indicate_mechs(&status_minor, &mechanism_list);
if (GSS_ERROR(status_major)) { if (GSS_ERROR(status_major)) {
negotiate_err_set(status_major, status_minor, gssapi_err_set(status_major, status_minor,
"could not query mechanisms"); "could not query mechanisms");
return -1; return -1;
} }
if (mechanism_list) { if (mechanism_list) {
for (oid = negotiate_oids; *oid; oid++) { for (oid = gssapi_oids; *oid; oid++) {
for (i = 0; i < mechanism_list->count; i++) { for (i = 0; i < mechanism_list->count; i++) {
item = &mechanism_list->elements[i]; item = &mechanism_list->elements[i];
...@@ -285,14 +285,14 @@ int git_http_auth_negotiate( ...@@ -285,14 +285,14 @@ int git_http_auth_negotiate(
git_http_auth_context **out, git_http_auth_context **out,
const git_net_url *url) const git_net_url *url)
{ {
http_auth_negotiate_context *ctx; http_auth_gssapi_context *ctx;
*out = NULL; *out = NULL;
ctx = git__calloc(1, sizeof(http_auth_negotiate_context)); ctx = git__calloc(1, sizeof(http_auth_gssapi_context));
GIT_ERROR_CHECK_ALLOC(ctx); GIT_ERROR_CHECK_ALLOC(ctx);
if (negotiate_init_context(ctx, url) < 0) { if (gssapi_init_context(ctx, url) < 0) {
git__free(ctx); git__free(ctx);
return -1; return -1;
} }
...@@ -300,10 +300,10 @@ int git_http_auth_negotiate( ...@@ -300,10 +300,10 @@ int git_http_auth_negotiate(
ctx->parent.type = GIT_HTTP_AUTH_NEGOTIATE; ctx->parent.type = GIT_HTTP_AUTH_NEGOTIATE;
ctx->parent.credtypes = GIT_CREDENTIAL_DEFAULT; ctx->parent.credtypes = GIT_CREDENTIAL_DEFAULT;
ctx->parent.connection_affinity = 1; ctx->parent.connection_affinity = 1;
ctx->parent.set_challenge = negotiate_set_challenge; ctx->parent.set_challenge = gssapi_set_challenge;
ctx->parent.next_token = negotiate_next_token; ctx->parent.next_token = gssapi_next_token;
ctx->parent.is_complete = negotiate_is_complete; ctx->parent.is_complete = gssapi_is_complete;
ctx->parent.free = negotiate_context_free; ctx->parent.free = gssapi_context_free;
*out = (git_http_auth_context *)ctx; *out = (git_http_auth_context *)ctx;
......
...@@ -5,8 +5,8 @@ ...@@ -5,8 +5,8 @@
* a Linking Exception. For full terms see the included COPYING file. * a Linking Exception. For full terms see the included COPYING file.
*/ */
#ifndef INCLUDE_transports_auth_ntlm_h__ #ifndef INCLUDE_transports_auth_ntlmclient_h__
#define INCLUDE_transports_auth_ntlm_h__ #define INCLUDE_transports_auth_ntlmclient_h__
#include "auth.h" #include "auth.h"
......
...@@ -23,7 +23,7 @@ typedef struct { ...@@ -23,7 +23,7 @@ typedef struct {
bool complete; bool complete;
} http_auth_ntlm_context; } http_auth_ntlm_context;
static int ntlm_set_challenge( static int ntlmclient_set_challenge(
git_http_auth_context *c, git_http_auth_context *c,
const char *challenge) const char *challenge)
{ {
...@@ -40,7 +40,7 @@ static int ntlm_set_challenge( ...@@ -40,7 +40,7 @@ static int ntlm_set_challenge(
return 0; return 0;
} }
static int ntlm_set_credentials(http_auth_ntlm_context *ctx, git_credential *_cred) static int ntlmclient_set_credentials(http_auth_ntlm_context *ctx, git_credential *_cred)
{ {
git_credential_userpass_plaintext *cred; git_credential_userpass_plaintext *cred;
const char *sep, *username; const char *sep, *username;
...@@ -76,7 +76,7 @@ done: ...@@ -76,7 +76,7 @@ done:
return error; return error;
} }
static int ntlm_next_token( static int ntlmclient_next_token(
git_str *buf, git_str *buf,
git_http_auth_context *c, git_http_auth_context *c,
git_credential *cred) git_credential *cred)
...@@ -104,7 +104,7 @@ static int ntlm_next_token( ...@@ -104,7 +104,7 @@ static int ntlm_next_token(
*/ */
ctx->complete = true; ctx->complete = true;
if (cred && ntlm_set_credentials(ctx, cred) != 0) if (cred && ntlmclient_set_credentials(ctx, cred) != 0)
goto done; goto done;
if (challenge_len < 4) { if (challenge_len < 4) {
...@@ -162,7 +162,7 @@ done: ...@@ -162,7 +162,7 @@ done:
return error; return error;
} }
static int ntlm_is_complete(git_http_auth_context *c) static int ntlmclient_is_complete(git_http_auth_context *c)
{ {
http_auth_ntlm_context *ctx = (http_auth_ntlm_context *)c; http_auth_ntlm_context *ctx = (http_auth_ntlm_context *)c;
...@@ -170,7 +170,7 @@ static int ntlm_is_complete(git_http_auth_context *c) ...@@ -170,7 +170,7 @@ static int ntlm_is_complete(git_http_auth_context *c)
return (ctx->complete == true); return (ctx->complete == true);
} }
static void ntlm_context_free(git_http_auth_context *c) static void ntlmclient_context_free(git_http_auth_context *c)
{ {
http_auth_ntlm_context *ctx = (http_auth_ntlm_context *)c; http_auth_ntlm_context *ctx = (http_auth_ntlm_context *)c;
...@@ -179,7 +179,7 @@ static void ntlm_context_free(git_http_auth_context *c) ...@@ -179,7 +179,7 @@ static void ntlm_context_free(git_http_auth_context *c)
git__free(ctx); git__free(ctx);
} }
static int ntlm_init_context( static int ntlmclient_init_context(
http_auth_ntlm_context *ctx, http_auth_ntlm_context *ctx,
const git_net_url *url) const git_net_url *url)
{ {
...@@ -206,7 +206,7 @@ int git_http_auth_ntlm( ...@@ -206,7 +206,7 @@ int git_http_auth_ntlm(
ctx = git__calloc(1, sizeof(http_auth_ntlm_context)); ctx = git__calloc(1, sizeof(http_auth_ntlm_context));
GIT_ERROR_CHECK_ALLOC(ctx); GIT_ERROR_CHECK_ALLOC(ctx);
if (ntlm_init_context(ctx, url) < 0) { if (ntlmclient_init_context(ctx, url) < 0) {
git__free(ctx); git__free(ctx);
return -1; return -1;
} }
...@@ -214,10 +214,10 @@ int git_http_auth_ntlm( ...@@ -214,10 +214,10 @@ int git_http_auth_ntlm(
ctx->parent.type = GIT_HTTP_AUTH_NTLM; ctx->parent.type = GIT_HTTP_AUTH_NTLM;
ctx->parent.credtypes = GIT_CREDENTIAL_USERPASS_PLAINTEXT; ctx->parent.credtypes = GIT_CREDENTIAL_USERPASS_PLAINTEXT;
ctx->parent.connection_affinity = 1; ctx->parent.connection_affinity = 1;
ctx->parent.set_challenge = ntlm_set_challenge; ctx->parent.set_challenge = ntlmclient_set_challenge;
ctx->parent.next_token = ntlm_next_token; ctx->parent.next_token = ntlmclient_next_token;
ctx->parent.is_complete = ntlm_is_complete; ctx->parent.is_complete = ntlmclient_is_complete;
ctx->parent.free = ntlm_context_free; ctx->parent.free = ntlmclient_context_free;
*out = (git_http_auth_context *)ctx; *out = (git_http_auth_context *)ctx;
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment