]> git.ipfire.org Git - thirdparty/curl.git/commitdiff
projects / thirdparty / curl.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 945db0d)
digest: Use hostname to generate spn instead of realm
authorChris Talbot <chris@talbothome.com>
Thu, 29 Jun 2023 16:27:48 +0000 (12:27 -0400)
committerJay Satiro <raysatiro@yahoo.com>
Fri, 8 Sep 2023 07:23:44 +0000 (03:23 -0400)
In https://www.rfc-editor.org/rfc/rfc2831#section-2.1.2

digest-uri-value should be serv-type "/" host , where host is:

      The DNS host name or IP address for the service requested.  The
      DNS host name must be the fully-qualified canonical name of the
      host. The DNS host name is the preferred form; see notes on server
      processing of the digest-uri.

Realm may not be the host, so we must specify the host explicitly.

Note this change only affects the non-SSPI digest code. The digest code
used by SSPI builds already uses the hostname to generate the spn.

Ref: https://github.com/curl/curl/issues/11369

Closes https://github.com/curl/curl/pull/11395

lib/vauth/digest.c patch | blob | blame | history
tests/data/test823 patch | blob | blame | history
tests/data/test869 patch | blob | blame | history
tests/data/test907 patch | blob | blame | history

diff --git a/lib/vauth/digest.c b/lib/vauth/digest.c
index 1983d03c77fee43eb5e54abc70fc09a725b401c1..12c6f7dd5be62cfb913ca590f0922147a99ce8d7 100644 (file)
--- a/lib/vauth/digest.c
+++ b/lib/vauth/digest.c
@@ -420,7 +420,7 @@ CURLcode Curl_auth_create_digest_md5_message(struct Curl_easy *data,
     msnprintf(&HA1_hex[2 * i], 3, "%02x", digest[i]);
 
   /* Generate our SPN */
-  spn = Curl_auth_build_spn(service, realm, NULL);
+  spn = Curl_auth_build_spn(service, data->conn->host.name, NULL);
   if(!spn)
     return CURLE_OUT_OF_MEMORY;
 
diff --git a/tests/data/test823 b/tests/data/test823
index b179a1807b9cf2d8364ff788f0f2aee676ef35ac..affb6772d6f74dcb27aea76ace0a54d70bffa8b6 100644 (file)
--- a/tests/data/test823
+++ b/tests/data/test823
@@ -14,7 +14,7 @@ RFC2831
 <servercmd>
 AUTH DIGEST-MD5
 REPLY AUTHENTICATE + cmVhbG09ImN1cmwiLG5vbmNlPSI1MzAwZDE3YTFkNjk1YmQ0MTFlNGNkZjk2Zjk1NDhjMjNjZWQ2MTc1IixhbGdvcml0aG09bWQ1LXNlc3MscW9wPSJhdXRoIg==
-REPLY dXNlcm5hbWU9InVzZXIiLHJlYWxtPSJjdXJsIixub25jZT0iNTMwMGQxN2ExZDY5NWJkNDExZTRjZGY5NmY5NTQ4YzIzY2VkNjE3NSIsY25vbmNlPSIzNDMzMzIzMTM1MzMzMjMxMzYzMzMyMzEzNzMzMzIzMSIsbmM9IjAwMDAwMDAxIixkaWdlc3QtdXJpPSJpbWFwL2N1cmwiLHJlc3BvbnNlPTVlNzk5N2ZhZDZjMzNiZWJmZjk3OWJkY2I4ZmU3MTZiLHFvcD1hdXRo +
+REPLY dXNlcm5hbWU9InVzZXIiLHJlYWxtPSJjdXJsIixub25jZT0iNTMwMGQxN2ExZDY5NWJkNDExZTRjZGY5NmY5NTQ4YzIzY2VkNjE3NSIsY25vbmNlPSIzNDMzMzIzMTM1MzMzMjMxMzYzMzMyMzEzNzMzMzIzMSIsbmM9IjAwMDAwMDAxIixkaWdlc3QtdXJpPSJpbWFwLzEyNy4wLjAuMSIscmVzcG9uc2U9YmU2MzgyNDkzNjJkN2FhMGUzNTM4NTA3Njc1MWFiNDgscW9wPWF1dGg= + cnNwYXV0aD04MWY5MDNlYjQ4MjNhZTkyMmRiNWYwNGNiNThjY2RlYg==
 REPLY  A002 OK AUTHENTICATE completed
 </servercmd>
 <data>
@@ -53,7 +53,7 @@ IMAP DIGEST-MD5 authentication
 <protocol>
 A001 CAPABILITY\r
 A002 AUTHENTICATE DIGEST-MD5\r
-dXNlcm5hbWU9InVzZXIiLHJlYWxtPSJjdXJsIixub25jZT0iNTMwMGQxN2ExZDY5NWJkNDExZTRjZGY5NmY5NTQ4YzIzY2VkNjE3NSIsY25vbmNlPSIzNDMzMzIzMTM1MzMzMjMxMzYzMzMyMzEzNzMzMzIzMSIsbmM9IjAwMDAwMDAxIixkaWdlc3QtdXJpPSJpbWFwL2N1cmwiLHJlc3BvbnNlPTVlNzk5N2ZhZDZjMzNiZWJmZjk3OWJkY2I4ZmU3MTZiLHFvcD1hdXRo\r
+dXNlcm5hbWU9InVzZXIiLHJlYWxtPSJjdXJsIixub25jZT0iNTMwMGQxN2ExZDY5NWJkNDExZTRjZGY5NmY5NTQ4YzIzY2VkNjE3NSIsY25vbmNlPSIzNDMzMzIzMTM1MzMzMjMxMzYzMzMyMzEzNzMzMzIzMSIsbmM9IjAwMDAwMDAxIixkaWdlc3QtdXJpPSJpbWFwLzEyNy4wLjAuMSIscmVzcG9uc2U9YmU2MzgyNDkzNjJkN2FhMGUzNTM4NTA3Njc1MWFiNDgscW9wPWF1dGg=\r
 \r
 A003 SELECT %TESTNUMBER\r
 A004 FETCH 1 BODY[]\r
diff --git a/tests/data/test869 b/tests/data/test869
index 96d8c837a286b65cc3da29dc6bcccf0a996d25a9..0613e2f5135c32b9ecff417f43c9b10b064ad631 100644 (file)
--- a/tests/data/test869
+++ b/tests/data/test869
@@ -16,7 +16,7 @@ RFC5034
 <servercmd>
 AUTH DIGEST-MD5
 REPLY AUTH + cmVhbG09ImN1cmwiLG5vbmNlPSI1MzAwZDE3YTFkNjk1YmQ0MTFlNGNkZjk2Zjk1NDhjMjNjZWQ2MTc1IixhbGdvcml0aG09bWQ1LXNlc3MscW9wPSJhdXRoIg==
-REPLY dXNlcm5hbWU9InVzZXIiLHJlYWxtPSJjdXJsIixub25jZT0iNTMwMGQxN2ExZDY5NWJkNDExZTRjZGY5NmY5NTQ4YzIzY2VkNjE3NSIsY25vbmNlPSIzNDMzMzIzMTM1MzMzMjMxMzYzMzMyMzEzNzMzMzIzMSIsbmM9IjAwMDAwMDAxIixkaWdlc3QtdXJpPSJwb3AvY3VybCIscmVzcG9uc2U9YzNhMGFiZTc5NDYyNTIyNGY5Njg3YTYzMTc3ZmRhNWIscW9wPWF1dGg= +
+REPLY dXNlcm5hbWU9InVzZXIiLHJlYWxtPSJjdXJsIixub25jZT0iNTMwMGQxN2ExZDY5NWJkNDExZTRjZGY5NmY5NTQ4YzIzY2VkNjE3NSIsY25vbmNlPSIzNDMzMzIzMTM1MzMzMjMxMzYzMzMyMzEzNzMzMzIzMSIsbmM9IjAwMDAwMDAxIixkaWdlc3QtdXJpPSJwb3AvMTI3LjAuMC4xIixyZXNwb25zZT0xODMxNTU0OGM3ZjNhMzdlNzE2ZmE4ZTkwZGZhYjliNixxb3A9YXV0aA== + cnNwYXV0aD1mZWNiMzZiNzA4NmUwYjk1ZDkwNjQ1OWVmYThjYzI5ZQ==
 REPLY  +OK Login successful
 </servercmd>
 <data>
@@ -55,7 +55,7 @@ pop3://%HOSTIP:%POP3PORT/%TESTNUMBER -u user:secret
 <protocol>
 CAPA\r
 AUTH DIGEST-MD5\r
-dXNlcm5hbWU9InVzZXIiLHJlYWxtPSJjdXJsIixub25jZT0iNTMwMGQxN2ExZDY5NWJkNDExZTRjZGY5NmY5NTQ4YzIzY2VkNjE3NSIsY25vbmNlPSIzNDMzMzIzMTM1MzMzMjMxMzYzMzMyMzEzNzMzMzIzMSIsbmM9IjAwMDAwMDAxIixkaWdlc3QtdXJpPSJwb3AvY3VybCIscmVzcG9uc2U9YzNhMGFiZTc5NDYyNTIyNGY5Njg3YTYzMTc3ZmRhNWIscW9wPWF1dGg=\r
+dXNlcm5hbWU9InVzZXIiLHJlYWxtPSJjdXJsIixub25jZT0iNTMwMGQxN2ExZDY5NWJkNDExZTRjZGY5NmY5NTQ4YzIzY2VkNjE3NSIsY25vbmNlPSIzNDMzMzIzMTM1MzMzMjMxMzYzMzMyMzEzNzMzMzIzMSIsbmM9IjAwMDAwMDAxIixkaWdlc3QtdXJpPSJwb3AvMTI3LjAuMC4xIixyZXNwb25zZT0xODMxNTU0OGM3ZjNhMzdlNzE2ZmE4ZTkwZGZhYjliNixxb3A9YXV0aA==\r
 \r
 RETR %TESTNUMBER\r
 QUIT\r
diff --git a/tests/data/test907 b/tests/data/test907
index b2af26b23d064d6958fee7048e9194d82cbdef44..0ce464c694e2137096d84aaab7c33a3c71bb8c93 100644 (file)
--- a/tests/data/test907
+++ b/tests/data/test907
@@ -15,7 +15,7 @@ RFC4954
 <servercmd>
 AUTH DIGEST-MD5
 REPLY AUTH 334 cmVhbG09ImN1cmwiLG5vbmNlPSI1MzAwZDE3YTFkNjk1YmQ0MTFlNGNkZjk2Zjk1NDhjMjNjZWQ2MTc1IixhbGdvcml0aG09bWQ1LXNlc3MscW9wPSJhdXRoIg==
-REPLY dXNlcm5hbWU9InVzZXIiLHJlYWxtPSJjdXJsIixub25jZT0iNTMwMGQxN2ExZDY5NWJkNDExZTRjZGY5NmY5NTQ4YzIzY2VkNjE3NSIsY25vbmNlPSIzNDMzMzIzMTM1MzMzMjMxMzYzMzMyMzEzNzMzMzIzMSIsbmM9IjAwMDAwMDAxIixkaWdlc3QtdXJpPSJzbXRwL2N1cmwiLHJlc3BvbnNlPTk0M2YxNjk1OWYxY2M2ZjA3ZTZmMDk0ZjVkYmQ0NzNlLHFvcD1hdXRo 334
+REPLY dXNlcm5hbWU9InVzZXIiLHJlYWxtPSJjdXJsIixub25jZT0iNTMwMGQxN2ExZDY5NWJkNDExZTRjZGY5NmY5NTQ4YzIzY2VkNjE3NSIsY25vbmNlPSIzNDMzMzIzMTM1MzMzMjMxMzYzMzMyMzEzNzMzMzIzMSIsbmM9IjAwMDAwMDAxIixkaWdlc3QtdXJpPSJzbXRwLzEyNy4wLjAuMSIscmVzcG9uc2U9YTI3YzQzOTVmMzM4Njc0M2JlMTIyMDdiN2QxMTIxYzUscW9wPWF1dGg= 334 cnNwYXV0aD05ZWE4NTljYjlkOTBjMzdjYTMwZDQ5ZDM1Mzc4NjMwYw==
 REPLY  235 Authenticated
 </servercmd>
 </reply>
@@ -48,7 +48,7 @@ smtp://%HOSTIP:%SMTPPORT/%TESTNUMBER --mail-rcpt recipient@example.com --mail-fr
 <protocol>
 EHLO %TESTNUMBER\r
 AUTH DIGEST-MD5\r
-dXNlcm5hbWU9InVzZXIiLHJlYWxtPSJjdXJsIixub25jZT0iNTMwMGQxN2ExZDY5NWJkNDExZTRjZGY5NmY5NTQ4YzIzY2VkNjE3NSIsY25vbmNlPSIzNDMzMzIzMTM1MzMzMjMxMzYzMzMyMzEzNzMzMzIzMSIsbmM9IjAwMDAwMDAxIixkaWdlc3QtdXJpPSJzbXRwL2N1cmwiLHJlc3BvbnNlPTk0M2YxNjk1OWYxY2M2ZjA3ZTZmMDk0ZjVkYmQ0NzNlLHFvcD1hdXRo\r
+dXNlcm5hbWU9InVzZXIiLHJlYWxtPSJjdXJsIixub25jZT0iNTMwMGQxN2ExZDY5NWJkNDExZTRjZGY5NmY5NTQ4YzIzY2VkNjE3NSIsY25vbmNlPSIzNDMzMzIzMTM1MzMzMjMxMzYzMzMyMzEzNzMzMzIzMSIsbmM9IjAwMDAwMDAxIixkaWdlc3QtdXJpPSJzbXRwLzEyNy4wLjAuMSIscmVzcG9uc2U9YTI3YzQzOTVmMzM4Njc0M2JlMTIyMDdiN2QxMTIxYzUscW9wPWF1dGg=\r
 \r
 MAIL FROM:<sender@example.com>\r
 RCPT TO:<recipient@example.com>\r
Mirror of https://github.com/curl/curl.git