diff --git a/.github/workflows/linux.yml b/.github/workflows/linux.yml
index 297ee54efa..618dd7cfc3 100644
--- a/.github/workflows/linux.yml
+++ b/.github/workflows/linux.yml
@@ -279,7 +279,7 @@ jobs:
- name: 'Slackware openssl gssapi gcc'
# These are essentially the same flags used to build the curl Slackware package
# https://ftpmirror.infania.net/slackware/slackware64-current/source/n/curl/curl.SlackBuild
- configure: --with-openssl --with-libssh2 --with-gssapi --enable-ares --enable-static=no --without-ca-bundle --with-ca-path=/etc/ssl/certs
+ configure: --enable-debug --with-openssl --with-libssh2 --with-gssapi --enable-ares --enable-static=no --without-ca-bundle --with-ca-path=/etc/ssl/certs
# Docker Hub image that `container-job` executes in
container: 'andy5995/slackware-build-essential:15.0'
@@ -652,9 +652,9 @@ jobs:
fi
if [[ "${MATRIX_INSTALL_PACKAGES}" = *'valgrind'* ]]; then
TFLAGS+=' -j6'
- fi
- if [[ "${MATRIX_INSTALL_PACKAGES}" = *'heimdal-dev'* ]]; then
- TFLAGS+=' ~2077 ~2078' # valgrind reporting memory leaks from Curl_auth_decode_spnego_message() -> gss_import_name()
+ if [[ "${MATRIX_INSTALL_PACKAGES}" = *'heimdal-dev'* ]]; then
+ TFLAGS+=' ~2056 ~2057 ~2077 ~2078' # memory leaks from Curl_auth_decode_spnego_message() -> gss_import_name()
+ fi
fi
fi
[ -x ~/venv/bin/activate ] && source ~/venv/bin/activate
diff --git a/.github/workflows/macos.yml b/.github/workflows/macos.yml
index edeb6c7174..f7d1b8facd 100644
--- a/.github/workflows/macos.yml
+++ b/.github/workflows/macos.yml
@@ -133,7 +133,7 @@ jobs:
generate: -DOPENSSL_ROOT_DIR=/opt/homebrew/opt/quictls -DBUILD_STATIC_LIBS=ON -DCURL_USE_LIBSSH2=OFF -DCURL_USE_LIBSSH=ON
- name: 'LibreSSL !ldap heimdal c-ares +examples'
install: libressl heimdal
- generate: -DOPENSSL_ROOT_DIR=/opt/homebrew/opt/libressl -DENABLE_ARES=ON -DCURL_USE_GSSAPI=ON -DGSS_ROOT_DIR=/opt/homebrew/opt/heimdal -DCURL_DISABLE_LDAP=ON
+ generate: -DENABLE_DEBUG=ON -DOPENSSL_ROOT_DIR=/opt/homebrew/opt/libressl -DENABLE_ARES=ON -DCURL_USE_GSSAPI=ON -DGSS_ROOT_DIR=/opt/homebrew/opt/heimdal -DCURL_DISABLE_LDAP=ON
- name: 'wolfSSL !ldap brotli zstd'
install: brotli wolfssl zstd
install_steps: pytest
@@ -143,7 +143,7 @@ jobs:
generate: -DCURL_USE_MBEDTLS=ON -DLDAP_INCLUDE_DIR=/opt/homebrew/opt/openldap/include -DLDAP_LIBRARY=/opt/homebrew/opt/openldap/lib/libldap.dylib -DLDAP_LBER_LIBRARY=/opt/homebrew/opt/openldap/lib/liblber.dylib
- name: 'GnuTLS !ldap krb5'
install: gnutls nettle krb5
- generate: -DCURL_USE_GNUTLS=ON -DCURL_USE_OPENSSL=OFF -DCURL_USE_GSSAPI=ON -DGSS_ROOT_DIR=/opt/homebrew/opt/krb5 -DCURL_DISABLE_LDAP=ON -DUSE_SSLS_EXPORT=ON
+ generate: -DENABLE_DEBUG=ON -DCURL_USE_GNUTLS=ON -DCURL_USE_OPENSSL=OFF -DCURL_USE_GSSAPI=ON -DGSS_ROOT_DIR=/opt/homebrew/opt/krb5 -DCURL_DISABLE_LDAP=ON -DUSE_SSLS_EXPORT=ON
- name: 'OpenSSL torture !FTP'
generate: -DENABLE_DEBUG=ON -DBUILD_SHARED_LIBS=OFF -DENABLE_THREADED_RESOLVER=OFF -DOPENSSL_ROOT_DIR=/opt/homebrew/opt/openssl
tflags: -t --shallow=25 !FTP
diff --git a/docs/tests/FILEFORMAT.md b/docs/tests/FILEFORMAT.md
index 98b09ed3a0..1c9cf06ee1 100644
--- a/docs/tests/FILEFORMAT.md
+++ b/docs/tests/FILEFORMAT.md
@@ -474,7 +474,6 @@ Features testable here are:
- `Largefile`
- `large-time` (time_t is larger than 32-bit)
- `large-size` (size_t is larger than 32-bit)
-- `ld_preload`
- `libssh2`
- `libssh`
- `oldlibssh` (versions before 0.9.4)
diff --git a/lib/curl_gssapi.c b/lib/curl_gssapi.c
index f83701ad64..4690218050 100644
--- a/lib/curl_gssapi.c
+++ b/lib/curl_gssapi.c
@@ -52,17 +52,260 @@ gss_OID_desc Curl_krb5_mech_oid CURL_ALIGN8 = {
9, CURL_UNCONST("\x2a\x86\x48\x86\xf7\x12\x01\x02\x02")
};
-OM_uint32 Curl_gss_init_sec_context(
- struct Curl_easy *data,
- OM_uint32 *minor_status,
- gss_ctx_id_t *context,
- gss_name_t target_name,
- gss_OID mech_type,
- gss_channel_bindings_t input_chan_bindings,
- gss_buffer_t input_token,
- gss_buffer_t output_token,
- const bool mutual_auth,
- OM_uint32 *ret_flags)
+#ifdef DEBUGBUILD
+enum min_err_code {
+ STUB_GSS_OK = 0,
+ STUB_GSS_NO_MEMORY,
+ STUB_GSS_INVALID_ARGS,
+ STUB_GSS_INVALID_CREDS,
+ STUB_GSS_INVALID_CTX,
+ STUB_GSS_SERVER_ERR,
+ STUB_GSS_NO_MECH,
+ STUB_GSS_LAST
+};
+
+/* libcurl is also passing this struct to these functions, which are not yet
+ * stubbed:
+ * gss_inquire_context()
+ * gss_unwrap()
+ * gss_wrap()
+ */
+struct stub_gss_ctx_id_t_desc {
+ enum { STUB_GSS_NONE, STUB_GSS_KRB5, STUB_GSS_NTLM1, STUB_GSS_NTLM3 } sent;
+ int have_krb5;
+ int have_ntlm;
+ OM_uint32 flags;
+ char creds[250];
+};
+
+static OM_uint32
+stub_gss_init_sec_context(OM_uint32 *min,
+ gss_cred_id_t initiator_cred_handle,
+ struct stub_gss_ctx_id_t_desc **context,
+ gss_name_t target_name,
+ const gss_OID mech_type,
+ OM_uint32 req_flags,
+ OM_uint32 time_req,
+ const gss_channel_bindings_t input_chan_bindings,
+ gss_buffer_desc *input_token,
+ gss_OID *actual_mech_type,
+ gss_buffer_desc *output_token,
+ OM_uint32 *ret_flags,
+ OM_uint32 *time_rec)
+{
+ struct stub_gss_ctx_id_t_desc *ctx = NULL;
+
+ /* The token will be encoded in base64 */
+ size_t length = sizeof(ctx->creds) * 3 / 4;
+ size_t used = 0;
+ char *token = NULL;
+ const char *creds = NULL;
+
+ (void)initiator_cred_handle;
+ (void)mech_type;
+ (void)time_req;
+ (void)input_chan_bindings;
+ (void)actual_mech_type;
+
+ if(!min)
+ return GSS_S_FAILURE;
+
+ *min = 0;
+
+ if(!context || !target_name || !output_token) {
+ *min = STUB_GSS_INVALID_ARGS;
+ return GSS_S_FAILURE;
+ }
+
+ creds = getenv("CURL_STUB_GSS_CREDS");
+ if(!creds || strlen(creds) >= sizeof(ctx->creds)) {
+ *min = STUB_GSS_INVALID_CREDS;
+ return GSS_S_FAILURE;
+ }
+
+ ctx = *context;
+ if(ctx && strcmp(ctx->creds, creds)) {
+ *min = STUB_GSS_INVALID_CREDS;
+ return GSS_S_FAILURE;
+ }
+
+ output_token->length = 0;
+ output_token->value = NULL;
+
+ if(input_token && input_token->length) {
+ if(!ctx) {
+ *min = STUB_GSS_INVALID_CTX;
+ return GSS_S_FAILURE;
+ }
+
+ /* Server response, either D (RA==) or C (Qw==) */
+ if(((char *) input_token->value)[0] == 'D') {
+ /* Done */
+ switch(ctx->sent) {
+ case STUB_GSS_KRB5:
+ case STUB_GSS_NTLM3:
+ if(ret_flags)
+ *ret_flags = ctx->flags;
+ if(time_rec)
+ *time_rec = GSS_C_INDEFINITE;
+ return GSS_S_COMPLETE;
+ default:
+ *min = STUB_GSS_SERVER_ERR;
+ return GSS_S_FAILURE;
+ }
+ }
+
+ if(((char *) input_token->value)[0] != 'C') {
+ /* We only support Done or Continue */
+ *min = STUB_GSS_SERVER_ERR;
+ return GSS_S_FAILURE;
+ }
+
+ /* Continue */
+ switch(ctx->sent) {
+ case STUB_GSS_KRB5:
+ /* We sent KRB5 and it failed, let's try NTLM */
+ if(ctx->have_ntlm) {
+ ctx->sent = STUB_GSS_NTLM1;
+ break;
+ }
+ else {
+ *min = STUB_GSS_SERVER_ERR;
+ return GSS_S_FAILURE;
+ }
+ case STUB_GSS_NTLM1:
+ ctx->sent = STUB_GSS_NTLM3;
+ break;
+ default:
+ *min = STUB_GSS_SERVER_ERR;
+ return GSS_S_FAILURE;
+ }
+ }
+ else {
+ if(ctx) {
+ *min = STUB_GSS_INVALID_CTX;
+ return GSS_S_FAILURE;
+ }
+
+ ctx = calloc(1, sizeof(*ctx));
+ if(!ctx) {
+ *min = STUB_GSS_NO_MEMORY;
+ return GSS_S_FAILURE;
+ }
+
+ if(strstr(creds, "KRB5"))
+ ctx->have_krb5 = 1;
+
+ if(strstr(creds, "NTLM"))
+ ctx->have_ntlm = 1;
+
+ if(ctx->have_krb5)
+ ctx->sent = STUB_GSS_KRB5;
+ else if(ctx->have_ntlm)
+ ctx->sent = STUB_GSS_NTLM1;
+ else {
+ free(ctx);
+ *min = STUB_GSS_NO_MECH;
+ return GSS_S_FAILURE;
+ }
+
+ strcpy(ctx->creds, creds);
+ ctx->flags = req_flags;
+ }
+
+ /* To avoid memdebug macro replacement, wrap the name in parentheses to call
+ the original version. It is freed via the GSS API gss_release_buffer(). */
+ token = (malloc)(length);
+ if(!token) {
+ free(ctx);
+ *min = STUB_GSS_NO_MEMORY;
+ return GSS_S_FAILURE;
+ }
+
+ {
+ gss_buffer_desc target_desc;
+ gss_OID name_type = GSS_C_NO_OID;
+ OM_uint32 minor_status;
+ OM_uint32 major_status;
+ major_status = gss_display_name(&minor_status, target_name,
+ &target_desc, &name_type);
+ if(GSS_ERROR(major_status)) {
+ (free)(token);
+ free(ctx);
+ *min = STUB_GSS_NO_MEMORY;
+ return GSS_S_FAILURE;
+ }
+
+ if(strlen(creds) + target_desc.length + 5 >= sizeof(ctx->creds)) {
+ (free)(token);
+ free(ctx);
+ *min = STUB_GSS_NO_MEMORY;
+ return GSS_S_FAILURE;
+ }
+
+ /* Token format: creds:target:type:padding */
+ used = msnprintf(token, length, "%s:%.*s:%d:", creds,
+ (int)target_desc.length, (const char *)target_desc.value,
+ ctx->sent);
+
+ gss_release_buffer(&minor_status, &target_desc);
+ }
+
+ if(used >= length) {
+ (free)(token);
+ free(ctx);
+ *min = STUB_GSS_NO_MEMORY;
+ return GSS_S_FAILURE;
+ }
+
+ /* Overwrite null-terminator */
+ memset(token + used, 'A', length - used);
+
+ *context = ctx;
+
+ output_token->value = token;
+ output_token->length = length;
+
+ return GSS_S_CONTINUE_NEEDED;
+}
+
+static OM_uint32
+stub_gss_delete_sec_context(OM_uint32 *min,
+ struct stub_gss_ctx_id_t_desc **context,
+ gss_buffer_t output_token)
+{
+ (void)output_token;
+
+ if(!min)
+ return GSS_S_FAILURE;
+
+ if(!context) {
+ *min = STUB_GSS_INVALID_CTX;
+ return GSS_S_FAILURE;
+ }
+ if(!*context) {
+ *min = STUB_GSS_INVALID_CTX;
+ return GSS_S_FAILURE;
+ }
+
+ free(*context);
+ *context = NULL;
+ *min = 0;
+
+ return GSS_S_COMPLETE;
+}
+#endif /* DEBUGBUILD */
+
+OM_uint32 Curl_gss_init_sec_context(struct Curl_easy *data,
+ OM_uint32 *minor_status,
+ gss_ctx_id_t *context,
+ gss_name_t target_name,
+ gss_OID mech_type,
+ gss_channel_bindings_t input_chan_bindings,
+ gss_buffer_t input_token,
+ gss_buffer_t output_token,
+ const bool mutual_auth,
+ OM_uint32 *ret_flags)
{
OM_uint32 req_flags = GSS_C_REPLAY_FLAG;
@@ -74,13 +317,30 @@ OM_uint32 Curl_gss_init_sec_context(
req_flags |= GSS_C_DELEG_POLICY_FLAG;
#else
infof(data, "WARNING: support for CURLGSSAPI_DELEGATION_POLICY_FLAG not "
- "compiled in");
+ "compiled in");
#endif
}
if(data->set.gssapi_delegation & CURLGSSAPI_DELEGATION_FLAG)
req_flags |= GSS_C_DELEG_FLAG;
+#ifdef DEBUGBUILD
+ if(getenv("CURL_STUB_GSS_CREDS"))
+ return stub_gss_init_sec_context(minor_status,
+ GSS_C_NO_CREDENTIAL, /* cred_handle */
+ (struct stub_gss_ctx_id_t_desc **)context,
+ target_name,
+ mech_type,
+ req_flags,
+ 0, /* time_req */
+ input_chan_bindings,
+ input_token,
+ NULL, /* actual_mech_type */
+ output_token,
+ ret_flags,
+ NULL /* time_rec */);
+#endif /* DEBUGBUILD */
+
return gss_init_sec_context(minor_status,
GSS_C_NO_CREDENTIAL, /* cred_handle */
context,
@@ -96,6 +356,20 @@ OM_uint32 Curl_gss_init_sec_context(
NULL /* time_rec */);
}
+OM_uint32 Curl_gss_delete_sec_context(OM_uint32 *min,
+ gss_ctx_id_t *context,
+ gss_buffer_t output_token)
+{
+#ifdef DEBUGBUILD
+ if(getenv("CURL_STUB_GSS_CREDS"))
+ return stub_gss_delete_sec_context(min,
+ (struct stub_gss_ctx_id_t_desc **)context,
+ output_token);
+#endif /* DEBUGBUILD */
+
+ return gss_delete_sec_context(min, context, output_token);
+}
+
#define GSS_LOG_BUFFER_LEN 1024
static size_t display_gss_error(OM_uint32 status, int type,
char *buf, size_t len) {
diff --git a/lib/curl_gssapi.h b/lib/curl_gssapi.h
index 7b9a534ea2..2659f23460 100644
--- a/lib/curl_gssapi.h
+++ b/lib/curl_gssapi.h
@@ -32,17 +32,20 @@ extern gss_OID_desc Curl_spnego_mech_oid;
extern gss_OID_desc Curl_krb5_mech_oid;
/* Common method for using GSS-API */
-OM_uint32 Curl_gss_init_sec_context(
- struct Curl_easy *data,
- OM_uint32 *minor_status,
- gss_ctx_id_t *context,
- gss_name_t target_name,
- gss_OID mech_type,
- gss_channel_bindings_t input_chan_bindings,
- gss_buffer_t input_token,
- gss_buffer_t output_token,
- const bool mutual_auth,
- OM_uint32 *ret_flags);
+OM_uint32 Curl_gss_init_sec_context(struct Curl_easy *data,
+ OM_uint32 *minor_status,
+ gss_ctx_id_t *context,
+ gss_name_t target_name,
+ gss_OID mech_type,
+ gss_channel_bindings_t input_chan_bindings,
+ gss_buffer_t input_token,
+ gss_buffer_t output_token,
+ const bool mutual_auth,
+ OM_uint32 *ret_flags);
+
+OM_uint32 Curl_gss_delete_sec_context(OM_uint32 *min,
+ gss_ctx_id_t *context_handle,
+ gss_buffer_t output_token);
/* Helper to log a GSS-API error status */
void Curl_gss_log_error(struct Curl_easy *data, const char *prefix,
diff --git a/lib/krb5.c b/lib/krb5.c
index 8ddf843178..b5effa2a1b 100644
--- a/lib/krb5.c
+++ b/lib/krb5.c
@@ -385,7 +385,8 @@ static void krb5_end(void *app_data)
OM_uint32 min;
gss_ctx_id_t *context = app_data;
if(*context != GSS_C_NO_CONTEXT) {
- OM_uint32 maj = gss_delete_sec_context(&min, context, GSS_C_NO_BUFFER);
+ OM_uint32 maj = Curl_gss_delete_sec_context(&min, context,
+ GSS_C_NO_BUFFER);
(void)maj;
DEBUGASSERT(maj == GSS_S_COMPLETE);
}
diff --git a/lib/socks_gssapi.c b/lib/socks_gssapi.c
index d1a0c302f9..910d50db66 100644
--- a/lib/socks_gssapi.c
+++ b/lib/socks_gssapi.c
@@ -199,7 +199,7 @@ CURLcode Curl_SOCKS5_gssapi_negotiate(struct Curl_cfilter *cf,
gss_release_name(&gss_status, &server);
gss_release_buffer(&gss_status, &gss_recv_token);
gss_release_buffer(&gss_status, &gss_send_token);
- gss_delete_sec_context(&gss_status, &gss_context, NULL);
+ Curl_gss_delete_sec_context(&gss_status, &gss_context, NULL);
failf(data, "Failed to initial GSS-API token.");
return CURLE_COULDNT_CONNECT;
}
@@ -217,7 +217,7 @@ CURLcode Curl_SOCKS5_gssapi_negotiate(struct Curl_cfilter *cf,
gss_release_name(&gss_status, &server);
gss_release_buffer(&gss_status, &gss_recv_token);
gss_release_buffer(&gss_status, &gss_send_token);
- gss_delete_sec_context(&gss_status, &gss_context, NULL);
+ Curl_gss_delete_sec_context(&gss_status, &gss_context, NULL);
return CURLE_COULDNT_CONNECT;
}
@@ -229,7 +229,7 @@ CURLcode Curl_SOCKS5_gssapi_negotiate(struct Curl_cfilter *cf,
gss_release_name(&gss_status, &server);
gss_release_buffer(&gss_status, &gss_recv_token);
gss_release_buffer(&gss_status, &gss_send_token);
- gss_delete_sec_context(&gss_status, &gss_context, NULL);
+ Curl_gss_delete_sec_context(&gss_status, &gss_context, NULL);
return CURLE_COULDNT_CONNECT;
}
@@ -254,7 +254,7 @@ CURLcode Curl_SOCKS5_gssapi_negotiate(struct Curl_cfilter *cf,
if(result || (actualread != 4)) {
failf(data, "Failed to receive GSS-API authentication response.");
gss_release_name(&gss_status, &server);
- gss_delete_sec_context(&gss_status, &gss_context, NULL);
+ Curl_gss_delete_sec_context(&gss_status, &gss_context, NULL);
return CURLE_COULDNT_CONNECT;
}
@@ -263,7 +263,7 @@ CURLcode Curl_SOCKS5_gssapi_negotiate(struct Curl_cfilter *cf,
failf(data, "User was rejected by the SOCKS5 server (%d %d).",
socksreq[0], socksreq[1]);
gss_release_name(&gss_status, &server);
- gss_delete_sec_context(&gss_status, &gss_context, NULL);
+ Curl_gss_delete_sec_context(&gss_status, &gss_context, NULL);
return CURLE_COULDNT_CONNECT;
}
@@ -271,7 +271,7 @@ CURLcode Curl_SOCKS5_gssapi_negotiate(struct Curl_cfilter *cf,
failf(data, "Invalid GSS-API authentication response type (%d %d).",
socksreq[0], socksreq[1]);
gss_release_name(&gss_status, &server);
- gss_delete_sec_context(&gss_status, &gss_context, NULL);
+ Curl_gss_delete_sec_context(&gss_status, &gss_context, NULL);
return CURLE_COULDNT_CONNECT;
}
@@ -285,7 +285,7 @@ CURLcode Curl_SOCKS5_gssapi_negotiate(struct Curl_cfilter *cf,
"Could not allocate memory for GSS-API authentication "
"response token.");
gss_release_name(&gss_status, &server);
- gss_delete_sec_context(&gss_status, &gss_context, NULL);
+ Curl_gss_delete_sec_context(&gss_status, &gss_context, NULL);
return CURLE_OUT_OF_MEMORY;
}
@@ -296,7 +296,7 @@ CURLcode Curl_SOCKS5_gssapi_negotiate(struct Curl_cfilter *cf,
failf(data, "Failed to receive GSS-API authentication token.");
gss_release_name(&gss_status, &server);
gss_release_buffer(&gss_status, &gss_recv_token);
- gss_delete_sec_context(&gss_status, &gss_context, NULL);
+ Curl_gss_delete_sec_context(&gss_status, &gss_context, NULL);
return CURLE_COULDNT_CONNECT;
}
@@ -311,7 +311,7 @@ CURLcode Curl_SOCKS5_gssapi_negotiate(struct Curl_cfilter *cf,
NULL, NULL, NULL);
if(check_gss_err(data, gss_major_status,
gss_minor_status, "gss_inquire_context")) {
- gss_delete_sec_context(&gss_status, &gss_context, NULL);
+ Curl_gss_delete_sec_context(&gss_status, &gss_context, NULL);
gss_release_name(&gss_status, &gss_client_name);
failf(data, "Failed to determine username.");
return CURLE_COULDNT_CONNECT;
@@ -320,7 +320,7 @@ CURLcode Curl_SOCKS5_gssapi_negotiate(struct Curl_cfilter *cf,
&gss_send_token, NULL);
if(check_gss_err(data, gss_major_status,
gss_minor_status, "gss_display_name")) {
- gss_delete_sec_context(&gss_status, &gss_context, NULL);
+ Curl_gss_delete_sec_context(&gss_status, &gss_context, NULL);
gss_release_name(&gss_status, &gss_client_name);
gss_release_buffer(&gss_status, &gss_send_token);
failf(data, "Failed to determine username.");
@@ -328,7 +328,7 @@ CURLcode Curl_SOCKS5_gssapi_negotiate(struct Curl_cfilter *cf,
}
user = malloc(gss_send_token.length + 1);
if(!user) {
- gss_delete_sec_context(&gss_status, &gss_context, NULL);
+ Curl_gss_delete_sec_context(&gss_status, &gss_context, NULL);
gss_release_name(&gss_status, &gss_client_name);
gss_release_buffer(&gss_status, &gss_send_token);
return CURLE_OUT_OF_MEMORY;
@@ -397,7 +397,7 @@ CURLcode Curl_SOCKS5_gssapi_negotiate(struct Curl_cfilter *cf,
gss_send_token.length = 1;
gss_send_token.value = Curl_memdup(&gss_enc, 1);
if(!gss_send_token.value) {
- gss_delete_sec_context(&gss_status, &gss_context, NULL);
+ Curl_gss_delete_sec_context(&gss_status, &gss_context, NULL);
return CURLE_OUT_OF_MEMORY;
}
@@ -408,7 +408,7 @@ CURLcode Curl_SOCKS5_gssapi_negotiate(struct Curl_cfilter *cf,
if(check_gss_err(data, gss_major_status, gss_minor_status, "gss_wrap")) {
gss_release_buffer(&gss_status, &gss_send_token);
gss_release_buffer(&gss_status, &gss_w_token);
- gss_delete_sec_context(&gss_status, &gss_context, NULL);
+ Curl_gss_delete_sec_context(&gss_status, &gss_context, NULL);
failf(data, "Failed to wrap GSS-API encryption value into token.");
return CURLE_COULDNT_CONNECT;
}
@@ -423,7 +423,7 @@ CURLcode Curl_SOCKS5_gssapi_negotiate(struct Curl_cfilter *cf,
if(code || (4 != nwritten)) {
failf(data, "Failed to send GSS-API encryption request.");
gss_release_buffer(&gss_status, &gss_w_token);
- gss_delete_sec_context(&gss_status, &gss_context, NULL);
+ Curl_gss_delete_sec_context(&gss_status, &gss_context, NULL);
return CURLE_COULDNT_CONNECT;
}
@@ -433,7 +433,7 @@ CURLcode Curl_SOCKS5_gssapi_negotiate(struct Curl_cfilter *cf,
&nwritten);
if(code || ( 1 != nwritten)) {
failf(data, "Failed to send GSS-API encryption type.");
- gss_delete_sec_context(&gss_status, &gss_context, NULL);
+ Curl_gss_delete_sec_context(&gss_status, &gss_context, NULL);
return CURLE_COULDNT_CONNECT;
}
}
@@ -443,7 +443,7 @@ CURLcode Curl_SOCKS5_gssapi_negotiate(struct Curl_cfilter *cf,
if(code || (gss_w_token.length != nwritten)) {
failf(data, "Failed to send GSS-API encryption type.");
gss_release_buffer(&gss_status, &gss_w_token);
- gss_delete_sec_context(&gss_status, &gss_context, NULL);
+ Curl_gss_delete_sec_context(&gss_status, &gss_context, NULL);
return CURLE_COULDNT_CONNECT;
}
gss_release_buffer(&gss_status, &gss_w_token);
@@ -452,7 +452,7 @@ CURLcode Curl_SOCKS5_gssapi_negotiate(struct Curl_cfilter *cf,
result = Curl_blockread_all(cf, data, (char *)socksreq, 4, &actualread);
if(result || (actualread != 4)) {
failf(data, "Failed to receive GSS-API encryption response.");
- gss_delete_sec_context(&gss_status, &gss_context, NULL);
+ Curl_gss_delete_sec_context(&gss_status, &gss_context, NULL);
return CURLE_COULDNT_CONNECT;
}
@@ -460,14 +460,14 @@ CURLcode Curl_SOCKS5_gssapi_negotiate(struct Curl_cfilter *cf,
if(socksreq[1] == 255) { /* status / message type */
failf(data, "User was rejected by the SOCKS5 server (%d %d).",
socksreq[0], socksreq[1]);
- gss_delete_sec_context(&gss_status, &gss_context, NULL);
+ Curl_gss_delete_sec_context(&gss_status, &gss_context, NULL);
return CURLE_COULDNT_CONNECT;
}
if(socksreq[1] != 2) { /* status / message type */
failf(data, "Invalid GSS-API encryption response type (%d %d).",
socksreq[0], socksreq[1]);
- gss_delete_sec_context(&gss_status, &gss_context, NULL);
+ Curl_gss_delete_sec_context(&gss_status, &gss_context, NULL);
return CURLE_COULDNT_CONNECT;
}
@@ -477,7 +477,7 @@ CURLcode Curl_SOCKS5_gssapi_negotiate(struct Curl_cfilter *cf,
gss_recv_token.length = us_length;
gss_recv_token.value = malloc(gss_recv_token.length);
if(!gss_recv_token.value) {
- gss_delete_sec_context(&gss_status, &gss_context, NULL);
+ Curl_gss_delete_sec_context(&gss_status, &gss_context, NULL);
return CURLE_OUT_OF_MEMORY;
}
result = Curl_blockread_all(cf, data, (char *)gss_recv_token.value,
@@ -486,7 +486,7 @@ CURLcode Curl_SOCKS5_gssapi_negotiate(struct Curl_cfilter *cf,
if(result || (actualread != us_length)) {
failf(data, "Failed to receive GSS-API encryption type.");
gss_release_buffer(&gss_status, &gss_recv_token);
- gss_delete_sec_context(&gss_status, &gss_context, NULL);
+ Curl_gss_delete_sec_context(&gss_status, &gss_context, NULL);
return CURLE_COULDNT_CONNECT;
}
@@ -498,7 +498,7 @@ CURLcode Curl_SOCKS5_gssapi_negotiate(struct Curl_cfilter *cf,
if(check_gss_err(data, gss_major_status, gss_minor_status, "gss_unwrap")) {
gss_release_buffer(&gss_status, &gss_recv_token);
gss_release_buffer(&gss_status, &gss_w_token);
- gss_delete_sec_context(&gss_status, &gss_context, NULL);
+ Curl_gss_delete_sec_context(&gss_status, &gss_context, NULL);
failf(data, "Failed to unwrap GSS-API encryption value into token.");
return CURLE_COULDNT_CONNECT;
}
@@ -508,7 +508,7 @@ CURLcode Curl_SOCKS5_gssapi_negotiate(struct Curl_cfilter *cf,
failf(data, "Invalid GSS-API encryption response length (%zu).",
gss_w_token.length);
gss_release_buffer(&gss_status, &gss_w_token);
- gss_delete_sec_context(&gss_status, &gss_context, NULL);
+ Curl_gss_delete_sec_context(&gss_status, &gss_context, NULL);
return CURLE_COULDNT_CONNECT;
}
@@ -520,7 +520,7 @@ CURLcode Curl_SOCKS5_gssapi_negotiate(struct Curl_cfilter *cf,
failf(data, "Invalid GSS-API encryption response length (%zu).",
gss_recv_token.length);
gss_release_buffer(&gss_status, &gss_recv_token);
- gss_delete_sec_context(&gss_status, &gss_context, NULL);
+ Curl_gss_delete_sec_context(&gss_status, &gss_context, NULL);
return CURLE_COULDNT_CONNECT;
}
@@ -537,7 +537,7 @@ CURLcode Curl_SOCKS5_gssapi_negotiate(struct Curl_cfilter *cf,
conn->socks5_gssapi_enctype = socksreq[0];
if(socksreq[0] == 0)
- gss_delete_sec_context(&gss_status, &gss_context, NULL);
+ Curl_gss_delete_sec_context(&gss_status, &gss_context, NULL);
return CURLE_OK;
}
diff --git a/lib/vauth/krb5_gssapi.c b/lib/vauth/krb5_gssapi.c
index b559040617..78f4be3dc9 100644
--- a/lib/vauth/krb5_gssapi.c
+++ b/lib/vauth/krb5_gssapi.c
@@ -96,7 +96,6 @@ CURLcode Curl_auth_create_gssapi_user_message(struct Curl_easy *data,
OM_uint32 major_status;
OM_uint32 minor_status;
OM_uint32 unused_status;
- gss_buffer_desc spn_token = GSS_C_EMPTY_BUFFER;
gss_buffer_desc input_token = GSS_C_EMPTY_BUFFER;
gss_buffer_desc output_token = GSS_C_EMPTY_BUFFER;
@@ -104,6 +103,8 @@ CURLcode Curl_auth_create_gssapi_user_message(struct Curl_easy *data,
(void) passwdp;
if(!krb5->spn) {
+ gss_buffer_desc spn_token = GSS_C_EMPTY_BUFFER;
+
/* Generate our SPN */
char *spn = Curl_auth_build_spn(service, NULL, host);
if(!spn)
@@ -315,7 +316,8 @@ void Curl_auth_cleanup_gssapi(struct kerberos5data *krb5)
/* Free our security context */
if(krb5->context != GSS_C_NO_CONTEXT) {
- gss_delete_sec_context(&minor_status, &krb5->context, GSS_C_NO_BUFFER);
+ Curl_gss_delete_sec_context(&minor_status, &krb5->context,
+ GSS_C_NO_BUFFER);
krb5->context = GSS_C_NO_CONTEXT;
}
diff --git a/lib/vauth/spnego_gssapi.c b/lib/vauth/spnego_gssapi.c
index b17ee46d17..1e576c7134 100644
--- a/lib/vauth/spnego_gssapi.c
+++ b/lib/vauth/spnego_gssapi.c
@@ -93,7 +93,6 @@ CURLcode Curl_auth_decode_spnego_message(struct Curl_easy *data,
OM_uint32 major_status;
OM_uint32 minor_status;
OM_uint32 unused_status;
- gss_buffer_desc spn_token = GSS_C_EMPTY_BUFFER;
gss_buffer_desc input_token = GSS_C_EMPTY_BUFFER;
gss_buffer_desc output_token = GSS_C_EMPTY_BUFFER;
gss_channel_bindings_t chan_bindings = GSS_C_NO_CHANNEL_BINDINGS;
@@ -111,6 +110,8 @@ CURLcode Curl_auth_decode_spnego_message(struct Curl_easy *data,
}
if(!nego->spn) {
+ gss_buffer_desc spn_token = GSS_C_EMPTY_BUFFER;
+
/* Generate our SPN */
char *spn = Curl_auth_build_spn(service, NULL, host);
if(!spn)
@@ -267,7 +268,8 @@ void Curl_auth_cleanup_spnego(struct negotiatedata *nego)
/* Free our security context */
if(nego->context != GSS_C_NO_CONTEXT) {
- gss_delete_sec_context(&minor_status, &nego->context, GSS_C_NO_BUFFER);
+ Curl_gss_delete_sec_context(&minor_status, &nego->context,
+ GSS_C_NO_BUFFER);
nego->context = GSS_C_NO_CONTEXT;
}
@@ -276,7 +278,6 @@ void Curl_auth_cleanup_spnego(struct negotiatedata *nego)
gss_release_buffer(&minor_status, &nego->output_token);
nego->output_token.value = NULL;
nego->output_token.length = 0;
-
}
/* Free the SPN */
diff --git a/tests/data/test2056 b/tests/data/test2056
index 4db243eb50..3833663c10 100644
--- a/tests/data/test2056
+++ b/tests/data/test2056
@@ -39,12 +39,9 @@ HTTP Negotiate authentication (stub krb5)
GSS-API
-ld_preload
-!Debug
+Debug
-LD_PRELOAD=libstubgss.so
-LD_LIBRARY_PATH=%PWD/libtest/.libs:%PWD/libtest
CURL_STUB_GSS_CREDS="KRB5_Alice"
diff --git a/tests/data/test2057 b/tests/data/test2057
index 2385cbc549..7e45ae1214 100644
--- a/tests/data/test2057
+++ b/tests/data/test2057
@@ -55,12 +55,9 @@ HTTP Negotiate authentication (stub NTLM)
GSS-API
-ld_preload
-!Debug
+Debug
-LD_PRELOAD=libstubgss.so
-LD_LIBRARY_PATH=%PWD/libtest/.libs:%PWD/libtest
CURL_STUB_GSS_CREDS="NTLM_Alice"
diff --git a/tests/globalconfig.pm b/tests/globalconfig.pm
index b120250f1b..83c4ccbaed 100644
--- a/tests/globalconfig.pm
+++ b/tests/globalconfig.pm
@@ -41,7 +41,6 @@ BEGIN {
$CURLVERSION
$CURLVERNUM
$DATE
- $has_shared
$LIBDIR
$UNITDIR
$TUNITDIR
@@ -141,6 +140,5 @@ our $DNSCMD="dnsd.cmd"; # write DNS instructions here
our @protocols; # array of lowercase supported protocol servers
our %feature; # hash of enabled features
our %keywords; # hash of keywords from the test spec
-our $has_shared; # built as a shared library
1;
diff --git a/tests/libtest/CMakeLists.txt b/tests/libtest/CMakeLists.txt
index ea10fd1cb7..bfd29851cf 100644
--- a/tests/libtest/CMakeLists.txt
+++ b/tests/libtest/CMakeLists.txt
@@ -22,7 +22,7 @@
#
###########################################################################
-# Get BUNDLE, FIRST_C, FIRST_H, UTILS_C, UTILS_H, CURLX_C, TESTS_C, STUB_GSS_C, STUB_GSS_H variables
+# Get BUNDLE, FIRST_C, FIRST_H, UTILS_C, UTILS_H, CURLX_C, TESTS_C variables
curl_transform_makefile_inc("Makefile.inc" "${CMAKE_CURRENT_BINARY_DIR}/Makefile.inc.cmake")
include("${CMAKE_CURRENT_BINARY_DIR}/Makefile.inc.cmake")
@@ -61,9 +61,3 @@ set_property(TARGET ${BUNDLE} APPEND PROPERTY COMPILE_DEFINITIONS "CURL_NO_OLDIE
set_target_properties(${BUNDLE} PROPERTIES OUTPUT_NAME "${BUNDLE}" PROJECT_LABEL "Test ${BUNDLE}" UNITY_BUILD OFF C_CLANG_TIDY "")
curl_clang_tidy_tests(${BUNDLE} ${FIRST_C} ${UTILS_C} ${TESTS_C})
-
-if(HAVE_GSSAPI AND UNIX)
- add_library(stubgss SHARED EXCLUDE_FROM_ALL ${STUB_GSS_C})
- set_target_properties(stubgss PROPERTIES UNITY_BUILD OFF)
- add_dependencies(testdeps stubgss)
-endif()
diff --git a/tests/libtest/Makefile.am b/tests/libtest/Makefile.am
index 5d1646b874..57e5715038 100644
--- a/tests/libtest/Makefile.am
+++ b/tests/libtest/Makefile.am
@@ -39,7 +39,7 @@ AM_CPPFLAGS = -I$(top_srcdir)/include \
-I$(srcdir) \
-I$(top_srcdir)/tests/unit
-# Get BUNDLE, FIRST_C, FIRST_H, UTILS_C, UTILS_H, CURLX_C, TESTS_C, STUB_GSS_C, STUB_GSS_H variables
+# Get BUNDLE, FIRST_C, FIRST_H, UTILS_C, UTILS_H, CURLX_C, TESTS_C variables
include Makefile.inc
EXTRA_DIST = CMakeLists.txt $(FIRST_C) $(FIRST_H) $(UTILS_C) $(UTILS_H) $(TESTS_C) \
@@ -50,8 +50,6 @@ CFLAGS += @CURL_CFLAG_EXTRAS@
# Prevent LIBS from being used for all link targets
LIBS = $(BLANK_AT_MAKETIME)
-noinst_LTLIBRARIES =
-
if USE_CPPFLAG_CURL_STATICLIB
AM_CPPFLAGS += -DCURL_STATICLIB
endif
@@ -63,24 +61,6 @@ AM_CPPFLAGS += -DCURLDEBUG
endif
AM_CPPFLAGS += -DCURL_NO_OLDIES -DCURL_DISABLE_DEPRECATION
-AM_LDFLAGS =
-AM_CFLAGS =
-
-# Build a stub gssapi implementation for testing
-if BUILD_STUB_GSS
-noinst_LTLIBRARIES += libstubgss.la
-
-libstubgss_la_CPPFLAGS =
-libstubgss_la_LDFLAGS = $(AM_LDFLAGS) -avoid-version -rpath /nowhere
-if CURL_LT_SHLIB_USE_NO_UNDEFINED
-libstubgss_la_LDFLAGS += -no-undefined
-endif
-libstubgss_la_CFLAGS = $(AM_CFLAGS) -g
-libstubgss_la_SOURCES = $(STUB_GSS_C) $(STUB_GSS_H)
-libstubgss_la_LIBADD =
-libstubgss_la_DEPENDENCIES =
-endif
-
if USE_CPPFLAG_CURL_STATICLIB
curlx_c_lib =
else
diff --git a/tests/libtest/Makefile.inc b/tests/libtest/Makefile.inc
index 59309b0687..138e757eb5 100644
--- a/tests/libtest/Makefile.inc
+++ b/tests/libtest/Makefile.inc
@@ -96,6 +96,3 @@ TESTS_C = \
lib3010.c lib3025.c lib3026.c lib3027.c \
lib3100.c lib3101.c lib3102.c lib3103.c lib3104.c lib3105.c \
lib3207.c lib3208.c
-
-STUB_GSS_C = stub_gssapi.c
-STUB_GSS_H = stub_gssapi.h
diff --git a/tests/libtest/stub_gssapi.c b/tests/libtest/stub_gssapi.c
deleted file mode 100644
index 98aefe85a8..0000000000
--- a/tests/libtest/stub_gssapi.c
+++ /dev/null
@@ -1,460 +0,0 @@
-/***************************************************************************
- * _ _ ____ _
- * Project ___| | | | _ \| |
- * / __| | | | |_) | |
- * | (__| |_| | _ <| |___
- * \___|\___/|_| \_\_____|
- *
- * Copyright (C) Daniel Stenberg, , et al.
- *
- * This software is licensed as described in the file COPYING, which
- * you should have received as part of this distribution. The terms
- * are also available at https://curl.se/docs/copyright.html.
- *
- * You may opt to use, copy, modify, merge, publish, distribute and/or sell
- * copies of the Software, and permit persons to whom the Software is
- * furnished to do so, under the terms of the COPYING file.
- *
- * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
- * KIND, either express or implied.
- *
- * SPDX-License-Identifier: curl
- *
- ***************************************************************************/
-
-/* Only provides the bare minimum to link with libcurl */
-
-#include
-#include
-#include
-
-#include "stub_gssapi.h"
-
-#define MAX_CREDS_LENGTH 250
-#define APPROX_TOKEN_LEN 250
-
-enum min_err_code {
- GSS_OK = 0,
- GSS_NO_MEMORY,
- GSS_INVALID_ARGS,
- GSS_INVALID_CREDS,
- GSS_INVALID_CTX,
- GSS_SERVER_ERR,
- GSS_NO_MECH,
- GSS_LAST
-};
-
-static const char *min_err_table[] = {
- "stub-gss: no error",
- "stub-gss: no memory",
- "stub-gss: invalid arguments",
- "stub-gss: invalid credentials",
- "stub-gss: invalid context",
- "stub-gss: server returned error",
- "stub-gss: cannot find a mechanism",
- NULL
-};
-
-struct gss_ctx_id_t_desc_struct {
- enum { NONE, KRB5, NTLM1, NTLM3 } sent;
- int have_krb5;
- int have_ntlm;
- OM_uint32 flags;
- char creds[MAX_CREDS_LENGTH];
-};
-
-/* simple implementation of strndup(), which isn't portable */
-static char *my_strndup(const char *ptr, size_t len)
-{
- char *copy = malloc(len + 1);
- if(!copy)
- return NULL;
- memcpy(copy, ptr, len);
- copy[len] = '\0';
- return copy;
-}
-
-OM_uint32 gss_init_sec_context(OM_uint32 *min,
- gss_const_cred_id_t initiator_cred_handle,
- gss_ctx_id_t *context_handle,
- gss_const_name_t target_name,
- const gss_OID mech_type,
- OM_uint32 req_flags,
- OM_uint32 time_req,
- const gss_channel_bindings_t input_chan_bindings,
- const gss_buffer_t input_token,
- gss_OID *actual_mech_type,
- gss_buffer_t output_token,
- OM_uint32 *ret_flags,
- OM_uint32 *time_rec)
-{
- /* The token will be encoded in base64 */
- size_t length = APPROX_TOKEN_LEN * 3 / 4;
- size_t used = 0;
- char *token = NULL;
- const char *creds = NULL;
- gss_ctx_id_t ctx = NULL;
-
- (void)initiator_cred_handle;
- (void)mech_type;
- (void)time_req;
- (void)input_chan_bindings;
- (void)actual_mech_type;
-
- if(!min)
- return GSS_S_FAILURE;
-
- *min = 0;
-
- if(!context_handle || !target_name || !output_token) {
- *min = GSS_INVALID_ARGS;
- return GSS_S_FAILURE;
- }
-
- creds = getenv("CURL_STUB_GSS_CREDS");
- if(!creds || strlen(creds) >= MAX_CREDS_LENGTH) {
- *min = GSS_INVALID_CREDS;
- return GSS_S_FAILURE;
- }
-
- ctx = *context_handle;
- if(ctx && strcmp(ctx->creds, creds)) {
- *min = GSS_INVALID_CREDS;
- return GSS_S_FAILURE;
- }
-
- output_token->length = 0;
- output_token->value = NULL;
-
- if(input_token && input_token->length) {
- if(!ctx) {
- *min = GSS_INVALID_CTX;
- return GSS_S_FAILURE;
- }
-
- /* Server response, either D (RA==) or C (Qw==) */
- if(((char *) input_token->value)[0] == 'D') {
- /* Done */
- switch(ctx->sent) {
- case KRB5:
- case NTLM3:
- if(ret_flags)
- *ret_flags = ctx->flags;
- if(time_rec)
- *time_rec = GSS_C_INDEFINITE;
- return GSS_S_COMPLETE;
- default:
- *min = GSS_SERVER_ERR;
- return GSS_S_FAILURE;
- }
- }
-
- if(((char *) input_token->value)[0] != 'C') {
- /* We only support Done or Continue */
- *min = GSS_SERVER_ERR;
- return GSS_S_FAILURE;
- }
-
- /* Continue */
- switch(ctx->sent) {
- case KRB5:
- /* We sent KRB5 and it failed, let's try NTLM */
- if(ctx->have_ntlm) {
- ctx->sent = NTLM1;
- break;
- }
- else {
- *min = GSS_SERVER_ERR;
- return GSS_S_FAILURE;
- }
- case NTLM1:
- ctx->sent = NTLM3;
- break;
- default:
- *min = GSS_SERVER_ERR;
- return GSS_S_FAILURE;
- }
- }
- else {
- if(ctx) {
- *min = GSS_INVALID_CTX;
- return GSS_S_FAILURE;
- }
-
- ctx = (gss_ctx_id_t) calloc(1, sizeof(*ctx));
- if(!ctx) {
- *min = GSS_NO_MEMORY;
- return GSS_S_FAILURE;
- }
-
- if(strstr(creds, "KRB5"))
- ctx->have_krb5 = 1;
-
- if(strstr(creds, "NTLM"))
- ctx->have_ntlm = 1;
-
- if(ctx->have_krb5)
- ctx->sent = KRB5;
- else if(ctx->have_ntlm)
- ctx->sent = NTLM1;
- else {
- free(ctx);
- *min = GSS_NO_MECH;
- return GSS_S_FAILURE;
- }
-
- strcpy(ctx->creds, creds);
- ctx->flags = req_flags;
- }
-
- token = malloc(length);
- if(!token) {
- free(ctx);
- *min = GSS_NO_MEMORY;
- return GSS_S_FAILURE;
- }
-
- /* Token format: creds:target:type:padding */
- /* Note: this is using the *real* snprintf() and not the curl provided
- one */
- used = (size_t) snprintf(token, length, "%s:%s:%d:", creds,
- (const char *)target_name, ctx->sent);
-
- if(used >= length) {
- free(token);
- free(ctx);
- *min = GSS_NO_MEMORY;
- return GSS_S_FAILURE;
- }
-
- /* Overwrite null-terminator */
- memset(token + used, 'A', length - used);
-
- *context_handle = ctx;
-
- output_token->value = token;
- output_token->length = length;
-
- return GSS_S_CONTINUE_NEEDED;
-}
-
-OM_uint32 gss_delete_sec_context(OM_uint32 *min,
- gss_ctx_id_t *context_handle,
- gss_buffer_t output_token)
-{
- (void)output_token;
-
- if(!min)
- return GSS_S_FAILURE;
-
- if(!context_handle) {
- *min = GSS_INVALID_CTX;
- return GSS_S_FAILURE;
- }
-
- free(*context_handle);
- *context_handle = NULL;
- *min = 0;
-
- return GSS_S_COMPLETE;
-}
-
-OM_uint32 gss_release_buffer(OM_uint32 *min,
- gss_buffer_t buffer)
-{
- if(min)
- *min = 0;
-
- if(buffer && buffer->length) {
- free(buffer->value);
- buffer->length = 0;
- }
-
- return GSS_S_COMPLETE;
-}
-
-OM_uint32 gss_import_name(OM_uint32 *min,
- const gss_buffer_t input_name_buffer,
- const gss_OID input_name_type,
- gss_name_t *output_name)
-{
- char *name = NULL;
- (void)input_name_type;
-
- if(!min)
- return GSS_S_FAILURE;
-
- if(!input_name_buffer || !output_name) {
- *min = GSS_INVALID_ARGS;
- return GSS_S_FAILURE;
- }
-
- name = my_strndup(input_name_buffer->value, input_name_buffer->length);
- if(!name) {
- *min = GSS_NO_MEMORY;
- return GSS_S_FAILURE;
- }
-
- *output_name = (gss_name_t) name;
- *min = 0;
-
- return GSS_S_COMPLETE;
-}
-
-OM_uint32 gss_release_name(OM_uint32 *min,
- gss_name_t *input_name)
-{
- if(min)
- *min = 0;
-
- if(input_name)
- free(*input_name);
-
- return GSS_S_COMPLETE;
-}
-
-OM_uint32 gss_display_status(OM_uint32 *min,
- OM_uint32 status_value,
- int status_type,
- const gss_OID mech_type,
- OM_uint32 *message_context,
- gss_buffer_t status_string)
-{
- static const char maj_str[] = "Stub GSS error";
- (void)mech_type;
- if(min)
- *min = 0;
-
- if(message_context)
- *message_context = 0;
-
- if(status_string) {
- status_string->value = NULL;
- status_string->length = 0;
-
- if(status_value >= GSS_LAST)
- return GSS_S_FAILURE;
-
- switch(status_type) {
- case GSS_C_GSS_CODE:
- status_string->value = strdup(maj_str);
- break;
- case GSS_C_MECH_CODE:
- status_string->value = strdup(min_err_table[status_value]);
- break;
- default:
- return GSS_S_FAILURE;
- }
-
- if(status_string->value)
- status_string->length = strlen(status_string->value);
- else
- return GSS_S_FAILURE;
- }
-
- return GSS_S_COMPLETE;
-}
-
-/* Stubs returning error */
-
-OM_uint32 gss_display_name(OM_uint32 *min,
- gss_const_name_t input_name,
- gss_buffer_t output_name_buffer,
- gss_OID *output_name_type)
-{
- (void)min;
- (void)input_name;
- (void)output_name_buffer;
- (void)output_name_type;
- return GSS_S_FAILURE;
-}
-
-OM_uint32 gss_inquire_context(OM_uint32 *min,
- gss_const_ctx_id_t context_handle,
- gss_name_t *src_name,
- gss_name_t *targ_name,
- OM_uint32 *lifetime_rec,
- gss_OID *mech_type,
- OM_uint32 *ctx_flags,
- int *locally_initiated,
- int *open_context)
-{
- (void)min;
- (void)context_handle;
- (void)src_name;
- (void)targ_name;
- (void)lifetime_rec;
- (void)mech_type;
- (void)ctx_flags;
- (void)locally_initiated;
- (void)open_context;
- return GSS_S_FAILURE;
-}
-
-OM_uint32 gss_wrap(OM_uint32 *min,
- gss_const_ctx_id_t context_handle,
- int conf_req_flag,
- gss_qop_t qop_req,
- const gss_buffer_t input_message_buffer,
- int *conf_state,
- gss_buffer_t output_message_buffer)
-{
- (void)min;
- (void)context_handle;
- (void)conf_req_flag;
- (void)qop_req;
- (void)input_message_buffer;
- (void)conf_state;
- (void)output_message_buffer;
- return GSS_S_FAILURE;
-}
-
-OM_uint32 gss_unwrap(OM_uint32 *min,
- gss_const_ctx_id_t context_handle,
- const gss_buffer_t input_message_buffer,
- gss_buffer_t output_message_buffer,
- int *conf_state,
- gss_qop_t *qop_state)
-{
- (void)min;
- (void)context_handle;
- (void)input_message_buffer;
- (void)output_message_buffer;
- (void)conf_state;
- (void)qop_state;
- return GSS_S_FAILURE;
-}
-
-OM_uint32 gss_seal(OM_uint32 *min,
- gss_ctx_id_t context_handle,
- int conf_req_flag,
- int qop_req,
- gss_buffer_t input_message_buffer,
- int *conf_state,
- gss_buffer_t output_message_buffer)
-{
- (void)min;
- (void)context_handle;
- (void)conf_req_flag;
- (void)qop_req;
- (void)input_message_buffer;
- (void)conf_state;
- (void)output_message_buffer;
- return GSS_S_FAILURE;
-}
-
-OM_uint32 gss_unseal(OM_uint32 *min,
- gss_ctx_id_t context_handle,
- gss_buffer_t input_message_buffer,
- gss_buffer_t output_message_buffer,
- int *conf_state,
- int *qop_state)
-{
- (void)min;
- (void)context_handle;
- (void)input_message_buffer;
- (void)output_message_buffer;
- (void)conf_state;
- (void)qop_state;
- return GSS_S_FAILURE;
-}
diff --git a/tests/libtest/stub_gssapi.h b/tests/libtest/stub_gssapi.h
deleted file mode 100644
index f02ec81929..0000000000
--- a/tests/libtest/stub_gssapi.h
+++ /dev/null
@@ -1,186 +0,0 @@
-#ifndef HEADER_CURL_GSSAPI_STUBS_H
-#define HEADER_CURL_GSSAPI_STUBS_H
-/***************************************************************************
- * _ _ ____ _
- * Project ___| | | | _ \| |
- * / __| | | | |_) | |
- * | (__| |_| | _ <| |___
- * \___|\___/|_| \_\_____|
- *
- * Copyright (C) Daniel Stenberg, , et al.
- *
- * This software is licensed as described in the file COPYING, which
- * you should have received as part of this distribution. The terms
- * are also available at https://curl.se/docs/copyright.html.
- *
- * You may opt to use, copy, modify, merge, publish, distribute and/or sell
- * copies of the Software, and permit persons to whom the Software is
- * furnished to do so, under the terms of the COPYING file.
- *
- * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
- * KIND, either express or implied.
- *
- * SPDX-License-Identifier: curl
- *
- ***************************************************************************/
-
-/* Roughly based on Heimdal's gssapi.h */
-
-/* !checksrc! disable TYPEDEFSTRUCT all */
-
-#include
-#include
-
-#define GSS_ERROR(status) (status & 0x80000000)
-
-#define GSS_S_COMPLETE 0
-#define GSS_S_FAILURE (0x80000000)
-#define GSS_S_CONTINUE_NEEDED (1ul)
-
-#define GSS_C_QOP_DEFAULT 0
-#define GSS_C_NO_OID ((gss_OID) 0)
-#define GSS_C_NO_NAME ((gss_name_t) 0)
-#define GSS_C_NO_BUFFER ((gss_buffer_t) 0)
-#define GSS_C_NO_CONTEXT ((gss_ctx_id_t) 0)
-#define GSS_C_NO_CREDENTIAL ((gss_cred_id_t) 0)
-#define GSS_C_NO_CHANNEL_BINDINGS ((gss_channel_bindings_t) 0)
-
-#define GSS_C_NULL_OID GSS_C_NO_OID
-
-#define GSS_C_EMPTY_BUFFER {0, NULL}
-
-#define GSS_C_AF_INET 2
-
-#define GSS_C_GSS_CODE 1
-#define GSS_C_MECH_CODE 2
-
-#define GSS_C_DELEG_FLAG 1
-#define GSS_C_MUTUAL_FLAG 2
-#define GSS_C_REPLAY_FLAG 4
-#define GSS_C_CONF_FLAG 16
-#define GSS_C_INTEG_FLAG 32
-
-/*
- * Expiration time of 2^32-1 seconds means infinite lifetime for a
- * credential or security context
- */
-#define GSS_C_INDEFINITE 0xfffffffful
-
-#define GSS_C_NT_HOSTBASED_SERVICE NULL
-
-typedef uint32_t OM_uint32;
-
-typedef OM_uint32 gss_qop_t;
-
-typedef struct gss_buffer_desc_struct {
- size_t length;
- void *value;
-} gss_buffer_desc, *gss_buffer_t;
-
-struct gss_cred_id_t_desc_struct;
-typedef struct gss_cred_id_t_desc_struct *gss_cred_id_t;
-typedef const struct gss_cred_id_t_desc_struct *gss_const_cred_id_t;
-
-struct gss_ctx_id_t_desc_struct;
-typedef struct gss_ctx_id_t_desc_struct *gss_ctx_id_t;
-typedef const struct gss_ctx_id_t_desc_struct *gss_const_ctx_id_t;
-
-struct gss_name_t_desc_struct;
-typedef struct gss_name_t_desc_struct *gss_name_t;
-typedef const struct gss_name_t_desc_struct *gss_const_name_t;
-
-typedef struct gss_OID_desc_struct {
- OM_uint32 length;
- void *elements;
-} gss_OID_desc, *gss_OID;
-
-typedef struct gss_channel_bindings_struct {
- OM_uint32 initiator_addrtype;
- gss_buffer_desc initiator_address;
- OM_uint32 acceptor_addrtype;
- gss_buffer_desc acceptor_address;
- gss_buffer_desc application_data;
-} *gss_channel_bindings_t;
-
-OM_uint32 gss_release_buffer(OM_uint32 * /* minor_status */,
- gss_buffer_t /* buffer */);
-
-OM_uint32 gss_init_sec_context(OM_uint32 * /* minor_status */,
- gss_const_cred_id_t /* initiator_cred_handle */,
- gss_ctx_id_t * /* context_handle */,
- gss_const_name_t /* target_name */,
- const gss_OID /* mech_type */,
- OM_uint32 /* req_flags */,
- OM_uint32 /* time_req */,
- const gss_channel_bindings_t /* input_chan_bindings */,
- const gss_buffer_t /* input_token */,
- gss_OID * /* actual_mech_type */,
- gss_buffer_t /* output_token */,
- OM_uint32 * /* ret_flags */,
- OM_uint32 * /* time_rec */);
-
-OM_uint32 gss_delete_sec_context(OM_uint32 * /* minor_status */,
- gss_ctx_id_t * /* context_handle */,
- gss_buffer_t /* output_token */);
-
-OM_uint32 gss_inquire_context(OM_uint32 * /* minor_status */,
- gss_const_ctx_id_t /* context_handle */,
- gss_name_t * /* src_name */,
- gss_name_t * /* targ_name */,
- OM_uint32 * /* lifetime_rec */,
- gss_OID * /* mech_type */,
- OM_uint32 * /* ctx_flags */,
- int * /* locally_initiated */,
- int * /* open_context */);
-
-OM_uint32 gss_wrap(OM_uint32 * /* minor_status */,
- gss_const_ctx_id_t /* context_handle */,
- int /* conf_req_flag */,
- gss_qop_t /* qop_req */,
- const gss_buffer_t /* input_message_buffer */,
- int * /* conf_state */,
- gss_buffer_t /* output_message_buffer */);
-
-OM_uint32 gss_unwrap(OM_uint32 * /* minor_status */,
- gss_const_ctx_id_t /* context_handle */,
- const gss_buffer_t /* input_message_buffer */,
- gss_buffer_t /* output_message_buffer */,
- int * /* conf_state */,
- gss_qop_t * /* qop_state */);
-
-OM_uint32 gss_seal(OM_uint32 * /* minor_status */,
- gss_ctx_id_t /* context_handle n */,
- int /* conf_req_flag */,
- int /* qop_req */,
- gss_buffer_t /* input_message_buffer */,
- int * /* conf_state */,
- gss_buffer_t /* output_message_buffer */);
-
-OM_uint32 gss_unseal(OM_uint32 * /* minor_status */,
- gss_ctx_id_t /* context_handle */,
- gss_buffer_t /* input_message_buffer */,
- gss_buffer_t /* output_message_buffer */,
- int * /* conf_state */,
- int * /* qop_state */);
-
-OM_uint32 gss_import_name(OM_uint32 * /* minor_status */,
- const gss_buffer_t /* input_name_buffer */,
- const gss_OID /* input_name_type */,
- gss_name_t * /* output_name */);
-
-OM_uint32 gss_release_name(OM_uint32 * /* minor_status */,
- gss_name_t * /* input_name */);
-
-OM_uint32 gss_display_name(OM_uint32 * /* minor_status */,
- gss_const_name_t /* input_name */,
- gss_buffer_t /* output_name_buffer */,
- gss_OID * /* output_name_type */);
-
-OM_uint32 gss_display_status(OM_uint32 * /* minor_status */,
- OM_uint32 /* status_value */,
- int /* status_type */,
- const gss_OID /* mech_type */,
- OM_uint32 * /* message_context */,
- gss_buffer_t /* status_string */);
-
-#endif /* HEADER_CURL_GSSAPI_STUBS_H */
diff --git a/tests/runner.pm b/tests/runner.pm
index 36127c7c03..4df57730e2 100644
--- a/tests/runner.pm
+++ b/tests/runner.pm
@@ -670,17 +670,6 @@ sub singletest_setenv {
if($content =~ /^=(.*)/) {
# assign it
$content = $1;
-
- if($var =~ /^LD_PRELOAD/) {
- if(exe_ext('TOOL') && (exe_ext('TOOL') eq '.exe')) {
- logmsg "Skipping LD_PRELOAD due to lack of OS support\n" if($verbose);
- next;
- }
- if($feature{"Debug"} || !$has_shared) {
- logmsg "Skipping LD_PRELOAD due to no release shared build\n" if($verbose);
- next;
- }
- }
$ENV{$var} = "$content";
logmsg "setenv $var = $content\n" if($verbose);
}
@@ -688,7 +677,6 @@ sub singletest_setenv {
# remove it
delete $ENV{$var} if($ENV{$var});
}
-
}
}
if($proxy_address) {
diff --git a/tests/runtests.pl b/tests/runtests.pl
index 8e3b58bd68..db9054ba1f 100755
--- a/tests/runtests.pl
+++ b/tests/runtests.pl
@@ -545,10 +545,6 @@ sub checksystemfeatures {
$curl =~ s/^(.*)(libcurl.*)/$1/g || die "Failure determining curl binary version";
$libcurl = $2;
- if($curl =~ /linux|bsd|solaris/i) {
- # system supports LD_PRELOAD/LD_LIBRARY_PATH; may be disabled later
- $feature{"ld_preload"} = 1;
- }
if($curl =~ /win32|Windows|windows|mingw(32|64)/) {
# This is a Windows MinGW build or native build, we need to use
# Windows-style path.
@@ -767,9 +763,6 @@ sub checksystemfeatures {
close($conf);
}
- # allow this feature only if debug mode is disabled
- $feature{"ld_preload"} = $feature{"ld_preload"} && !$feature{"Debug"};
-
if($feature{"IPv6"}) {
# client has IPv6 support
@@ -823,11 +816,6 @@ sub checksystemfeatures {
}
# 'socks' was once here but is now removed
- $has_shared = `sh $CURLCONFIG --built-shared`;
- chomp $has_shared;
- $has_shared = $has_shared eq "yes";
-
-
if($torture) {
if(!$feature{"TrackMemory"}) {
die "can't run torture tests since curl was built without ".