luo980/curl
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

vauth: Use CURLE_AUTH_ERROR for auth function errors

Browse Source 
- Add new error code CURLE_AUTH_ERROR.

Prior to this change auth function errors were signaled by
CURLE_OUT_OF_MEMORY and CURLE_RECV_ERROR, and neither one was
technically correct.

Ref: https://github.com/curl/curl/pull/3848

Co-authored-by: Dominik Hölzl

Closes https://github.com/curl/curl/pull/3864
This commit is contained in:
Jay Satiro 2019-05-11 02:23:09 -04:00
parent aae490229b
commit dca6f73613
11 changed files with 62 additions and 18 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
docs/libcurl/libcurl-errors.3
View File

@ -254,6 +254,8 @@ Status returned failure when asked with \fICURLOPT_SSL_VERIFYSTATUS(3)\fP.
Stream error in the HTTP/2 framing layer. Stream error in the HTTP/2 framing layer.
.IP "CURLE_RECURSIVE_API_CALL (93)" .IP "CURLE_RECURSIVE_API_CALL (93)"
An API function was called from inside a callback. An API function was called from inside a callback.
.IP "CURLE_AUTH_ERROR (94)"
An authentication function returned an error.
.IP "CURLE_OBSOLETE*" .IP "CURLE_OBSOLETE*"
These error codes will never be returned. They were used in an old libcurl These error codes will never be returned. They were used in an old libcurl
version and are currently unused. version and are currently unused.

1
docs/libcurl/symbols-in-versions
View File

@ -39,6 +39,7 @@ CURLCLOSEPOLICY_SLOWEST 7.7
CURLE_ABORTED_BY_CALLBACK 7.1 CURLE_ABORTED_BY_CALLBACK 7.1
CURLE_AGAIN 7.18.2 CURLE_AGAIN 7.18.2
CURLE_ALREADY_COMPLETE 7.7.2 CURLE_ALREADY_COMPLETE 7.7.2
CURLE_AUTH_ERROR 7.66.0
CURLE_BAD_CALLING_ORDER 7.1 7.17.0 CURLE_BAD_CALLING_ORDER 7.1 7.17.0
CURLE_BAD_CONTENT_ENCODING 7.10 CURLE_BAD_CONTENT_ENCODING 7.10
CURLE_BAD_DOWNLOAD_RESUME 7.10 CURLE_BAD_DOWNLOAD_RESUME 7.10

2
include/curl/curl.h
View File

@ -600,6 +600,8 @@ typedef enum {
*/ */
CURLE_RECURSIVE_API_CALL, /* 93 - an api function was called from CURLE_RECURSIVE_API_CALL, /* 93 - an api function was called from
inside a callback */ inside a callback */
CURLE_AUTH_ERROR, /* 94 - an authentication function returned an
error */
CURL_LAST /* never use! */ CURL_LAST /* never use! */
} CURLcode; } CURLcode;

3
lib/strerror.c
View File

@ -311,6 +311,9 @@ curl_easy_strerror(CURLcode error)
case CURLE_RECURSIVE_API_CALL: case CURLE_RECURSIVE_API_CALL:
return "API function called from within callback"; return "API function called from within callback";
case CURLE_AUTH_ERROR:
return "An authentication function returned an error";
/* error codes not used by current libcurl */ /* error codes not used by current libcurl */
case CURLE_OBSOLETE20: case CURLE_OBSOLETE20:
case CURLE_OBSOLETE24: case CURLE_OBSOLETE24:

10
lib/vauth/digest_sspi.c
View File

@ -220,7 +220,10 @@ CURLcode Curl_auth_create_digest_md5_message(struct Curl_easy *data,
free(output_token); free(output_token);
free(input_token); free(input_token);
return CURLE_RECV_ERROR; if(status == SEC_E_INSUFFICIENT_MEMORY)
return CURLE_OUT_OF_MEMORY;
return CURLE_AUTH_ERROR;
} }
/* Base64 encode the response */ /* Base64 encode the response */
@ -607,7 +610,10 @@ CURLcode Curl_auth_create_digest_http_message(struct Curl_easy *data,
Curl_safefree(digest->http_context); Curl_safefree(digest->http_context);
return CURLE_OUT_OF_MEMORY; if(status == SEC_E_INSUFFICIENT_MEMORY)
return CURLE_OUT_OF_MEMORY;
return CURLE_AUTH_ERROR;
} }
output_token_len = resp_buf.cbBuffer; output_token_len = resp_buf.cbBuffer;

10
lib/vauth/krb5_gssapi.c
View File

@ -121,7 +121,7 @@ CURLcode Curl_auth_create_gssapi_user_message(struct Curl_easy *data,
free(spn); free(spn);
return CURLE_OUT_OF_MEMORY; return CURLE_AUTH_ERROR;
} }
free(spn); free(spn);
@ -168,7 +168,7 @@ CURLcode Curl_auth_create_gssapi_user_message(struct Curl_easy *data,
Curl_gss_log_error(data, "gss_init_sec_context() failed: ", Curl_gss_log_error(data, "gss_init_sec_context() failed: ",
major_status, minor_status); major_status, minor_status);
return CURLE_RECV_ERROR; return CURLE_AUTH_ERROR;
} }
if(output_token.value && output_token.length) { if(output_token.value && output_token.length) {
@ -252,7 +252,7 @@ CURLcode Curl_auth_create_gssapi_security_message(struct Curl_easy *data,
free(chlg); free(chlg);
return CURLE_OUT_OF_MEMORY; return CURLE_AUTH_ERROR;
} }
/* Convert the username from internal format to a displayable token */ /* Convert the username from internal format to a displayable token */
@ -264,7 +264,7 @@ CURLcode Curl_auth_create_gssapi_security_message(struct Curl_easy *data,
free(chlg); free(chlg);
return CURLE_OUT_OF_MEMORY; return CURLE_AUTH_ERROR;
} }
/* Setup the challenge "input" security buffer */ /* Setup the challenge "input" security buffer */
@ -355,7 +355,7 @@ CURLcode Curl_auth_create_gssapi_security_message(struct Curl_easy *data,
free(message); free(message);
return CURLE_OUT_OF_MEMORY; return CURLE_AUTH_ERROR;
} }
/* Base64 encode the response */ /* Base64 encode the response */

21
lib/vauth/krb5_sspi.c
View File

@ -217,8 +217,12 @@ CURLcode Curl_auth_create_gssapi_user_message(struct Curl_easy *data,
/* Free the decoded challenge as it is not required anymore */ /* Free the decoded challenge as it is not required anymore */
free(chlg); free(chlg);
if(status == SEC_E_INSUFFICIENT_MEMORY) {
return CURLE_OUT_OF_MEMORY;
}
if(status != SEC_E_OK && status != SEC_I_CONTINUE_NEEDED) { if(status != SEC_E_OK && status != SEC_I_CONTINUE_NEEDED) {
return CURLE_RECV_ERROR; return CURLE_AUTH_ERROR;
} }
if(memcmp(&context, krb5->context, sizeof(context))) { if(memcmp(&context, krb5->context, sizeof(context))) {
@ -309,7 +313,10 @@ CURLcode Curl_auth_create_gssapi_security_message(struct Curl_easy *data,
if(status != SEC_E_OK) { if(status != SEC_E_OK) {
free(chlg); free(chlg);
return CURLE_OUT_OF_MEMORY; if(status == SEC_E_INSUFFICIENT_MEMORY)
return CURLE_OUT_OF_MEMORY;
return CURLE_AUTH_ERROR;
} }
/* Get the fully qualified username back from the context */ /* Get the fully qualified username back from the context */
@ -319,7 +326,10 @@ CURLcode Curl_auth_create_gssapi_security_message(struct Curl_easy *data,
if(status != SEC_E_OK) { if(status != SEC_E_OK) {
free(chlg); free(chlg);
return CURLE_RECV_ERROR; if(status == SEC_E_INSUFFICIENT_MEMORY)
return CURLE_OUT_OF_MEMORY;
return CURLE_AUTH_ERROR;
} }
/* Setup the "input" security buffer */ /* Setup the "input" security buffer */
@ -438,7 +448,10 @@ CURLcode Curl_auth_create_gssapi_security_message(struct Curl_easy *data,
free(message); free(message);
free(trailer); free(trailer);
return CURLE_OUT_OF_MEMORY; if(status == SEC_E_INSUFFICIENT_MEMORY)
return CURLE_OUT_OF_MEMORY;
return CURLE_AUTH_ERROR;
} }
/* Allocate the encryption (wrap) buffer */ /* Allocate the encryption (wrap) buffer */

9
lib/vauth/ntlm_sspi.c
View File

@ -169,8 +169,10 @@ CURLcode Curl_auth_create_ntlm_type1_message(struct Curl_easy *data,
if(status == SEC_I_COMPLETE_NEEDED || if(status == SEC_I_COMPLETE_NEEDED ||
status == SEC_I_COMPLETE_AND_CONTINUE) status == SEC_I_COMPLETE_AND_CONTINUE)
s_pSecFn->CompleteAuthToken(ntlm->context, &type_1_desc); s_pSecFn->CompleteAuthToken(ntlm->context, &type_1_desc);
else if(status == SEC_E_INSUFFICIENT_MEMORY)
return CURLE_OUT_OF_MEMORY;
else if(status != SEC_E_OK && status != SEC_I_CONTINUE_NEEDED) else if(status != SEC_E_OK && status != SEC_I_CONTINUE_NEEDED)
return CURLE_RECV_ERROR; return CURLE_AUTH_ERROR;
/* Base64 encode the response */ /* Base64 encode the response */
return Curl_base64_encode(data, (char *) ntlm->output_token, return Curl_base64_encode(data, (char *) ntlm->output_token,
@ -316,7 +318,10 @@ CURLcode Curl_auth_create_ntlm_type3_message(struct Curl_easy *data,
infof(data, "NTLM handshake failure (type-3 message): Status=%x\n", infof(data, "NTLM handshake failure (type-3 message): Status=%x\n",
status); status);
return CURLE_RECV_ERROR; if(status == SEC_E_INSUFFICIENT_MEMORY)
return CURLE_OUT_OF_MEMORY;
return CURLE_AUTH_ERROR;
} }
/* Base64 encode the response */ /* Base64 encode the response */

4
lib/vauth/spnego_gssapi.c
View File

@ -121,7 +121,7 @@ CURLcode Curl_auth_decode_spnego_message(struct Curl_easy *data,
free(spn); free(spn);
return CURLE_OUT_OF_MEMORY; return CURLE_AUTH_ERROR;
} }
free(spn); free(spn);
@ -177,7 +177,7 @@ CURLcode Curl_auth_decode_spnego_message(struct Curl_easy *data,
if(output_token.value) if(output_token.value)
gss_release_buffer(&unused_status, &output_token); gss_release_buffer(&unused_status, &output_token);
return CURLE_OUT_OF_MEMORY; return CURLE_AUTH_ERROR;
} }
/* Free previous token */ /* Free previous token */

15
lib/vauth/spnego_sspi.c
View File

@ -251,14 +251,25 @@ CURLcode Curl_auth_decode_spnego_message(struct Curl_easy *data,
char buffer[STRERROR_LEN]; char buffer[STRERROR_LEN];
failf(data, "InitializeSecurityContext failed: %s", failf(data, "InitializeSecurityContext failed: %s",
Curl_sspi_strerror(nego->status, buffer, sizeof(buffer))); Curl_sspi_strerror(nego->status, buffer, sizeof(buffer)));
return CURLE_OUT_OF_MEMORY;
if(nego->status == SEC_E_INSUFFICIENT_MEMORY)
return CURLE_OUT_OF_MEMORY;
return CURLE_AUTH_ERROR;
} }
if(nego->status == SEC_I_COMPLETE_NEEDED || if(nego->status == SEC_I_COMPLETE_NEEDED ||
nego->status == SEC_I_COMPLETE_AND_CONTINUE) { nego->status == SEC_I_COMPLETE_AND_CONTINUE) {
nego->status = s_pSecFn->CompleteAuthToken(nego->context, &resp_desc); nego->status = s_pSecFn->CompleteAuthToken(nego->context, &resp_desc);
if(GSS_ERROR(nego->status)) { if(GSS_ERROR(nego->status)) {
return CURLE_RECV_ERROR; char buffer[STRERROR_LEN];
failf(data, "CompleteAuthToken failed: %s",
Curl_sspi_strerror(nego->status, buffer, sizeof(buffer)));
if(nego->status == SEC_E_INSUFFICIENT_MEMORY)
return CURLE_OUT_OF_MEMORY;
return CURLE_AUTH_ERROR;
} }
} }

3
tests/data/test1538
View File

@ -126,7 +126,8 @@ e90: SSL public key does not match pinned public key
e91: SSL server certificate status verification FAILED e91: SSL server certificate status verification FAILED
e92: Stream error in the HTTP/2 framing layer e92: Stream error in the HTTP/2 framing layer
e93: API function called from within callback e93: API function called from within callback
e94: Unknown error e94: An authentication function returned an error
e95: Unknown error
m-1: Please call curl_multi_perform() soon m-1: Please call curl_multi_perform() soon
m0: No error m0: No error
m1: Invalid multi handle m1: Invalid multi handle