support context-wide client authentication

author: Christian Grothoff <christian@grothoff.org> 2020-07-16 17:40:14 +0200
committer: Christian Grothoff <christian@grothoff.org> 2020-07-16 17:40:37 +0200
commit: ee1fbffa1c42f7ac3fc897e73e90c525037dd915 (patch)
tree: b8b5f553413fb99a92a59786862ba25049f62725 /src/curl/curl.c
parent: 23820348b1221c78dc2d4eca9a234c375bbc68cb (diff)
download: gnunet-ee1fbffa1c42f7ac3fc897e73e90c525037dd915.tar.gz
gnunet-ee1fbffa1c42f7ac3fc897e73e90c525037dd915.zip
1 files changed, 114 insertions, 0 deletions
diff --git a/src/curl/curl.c b/src/curl/curl.c
index a63a10f3b..f43670944 100644
--- a/src/curl/curl.c
+++ b/src/curl/curl.c
@@ -170,10 +170,93 @@ struct GNUNET_CURL_Context
   * Closure for @e cb.
   */
  void *cb_cls;
+  /**
+   * USERNAME:PASSWORD to use for client-authentication
+   * with all requests of this context, or NULL.
+   */
+  char *userpass;
+  /**
+   * Type of the TLS client certificate used, or NULL.
+   */
+  char *certtype;
+  /**
+   * File with the TLS client certificate, or NULL.
+   */
+  char *certfile;
+  /**
+   * File with the private key to authenticate the
+   * TLS client, or NULL.
+   */
+  char *keyfile;
+  /**
+   * Passphrase to decrypt @e keyfile, or NULL.
+   */ 
+  char *keypass;
 };
 /**
+ * Force use of the provided username and password 
+ * for client authentication for all operations performed
+ * with @a ctx.
+ *
+ * @param ctx context to set authentication data for
+ * @param userpass string with "$USERNAME:$PASSWORD"
+ */
+void
+GNUNET_CURL_set_userpass (struct GNUNET_CURL_Context *ctx,
+                          const char *userpass)
+{
+  GNUNET_free (ctx->userpass);
+  if (NULL != userpass)
+    ctx->userpass = GNUNET_strdup (userpass);
+}
+/**
+ * Force use of the provided TLS client certificate
+ * for client authentication for all operations performed
+ * with @a ctx.
+ *
+ * Note that if the provided information is incorrect,
+ * the earliest operation that could fail is
+ * #GNUNET_CURL_job_add() or #GNUNET_CURL_job_add2()!
+ *
+ * @param ctx context to set authentication data for
+ * @param certtype type of the certificate
+ * @param certfile file with the certificate
+ * @param keyfile file with the private key
+ * @param keypass passphrase to decrypt @a keyfile (or NULL)
+ */
+void
+GNUNET_CURL_set_tlscert (struct GNUNET_CURL_Context *ctx,
+                         const char *certtype,
+                         const char *certfile,
+                         const char *keyfile,
+                         const char *keypass)
+{
+  GNUNET_free (ctx->certtype);
+  GNUNET_free (ctx->certfile);
+  GNUNET_free (ctx->keyfile);
+  GNUNET_free (ctx->keypass);
+  if (NULL != certtype)
+    ctx->certtype = GNUNET_strdup (certtype);
+  if (NULL != certfile)
+    ctx->certfile = GNUNET_strdup (certfile);
+  if (NULL != keyfile)
+    ctx->certtype = GNUNET_strdup (keyfile);
+  if (NULL != keypass)
+    ctx->certtype = GNUNET_strdup (keypass);
+}
+/**
 * Initialise this library.  This function should be called before using any of
 * the following functions.
 *
@@ -457,6 +540,32 @@ GNUNET_CURL_job_add2 (struct GNUNET_CURL_Context *ctx,
  struct curl_slist *all_headers;
  GNUNET_assert (NULL != jcc);
+  if ( (NULL != ctx->userpass) &&
+       (0 != curl_easy_setopt (eh,
+                               CURLOPT_USERPWD,
+                               ctx->userpass)) )
+    return NULL;
+  if ( (NULL != ctx->certfile) &&
+       (0 != curl_easy_setopt (eh,
+                               CURLOPT_SSLCERT,
+                               ctx->certfile)) )
+    return NULL;
+  if ( (NULL != ctx->certtype) &&
+       (0 != curl_easy_setopt (eh,
+                               CURLOPT_SSLCERTTYPE,
+                               ctx->certtype)) )
+    return NULL;
+  if ( (NULL != ctx->keyfile) &&
+       (0 != curl_easy_setopt (eh,
+                               CURLOPT_SSLKEY,
+                               ctx->keyfile)) )
+    return NULL;
+  if ( (NULL != ctx->keypass) &&
+       (0 != curl_easy_setopt (eh,
+                               CURLOPT_KEYPASSWD,
+                               ctx->keypass)) )
+    return NULL;
  all_headers = setup_job_headers (ctx,
                                   job_headers);
  if (NULL == (job = setup_job (eh,
@@ -899,6 +1008,11 @@ GNUNET_CURL_fini (struct GNUNET_CURL_Context *ctx)
  curl_share_cleanup (ctx->share);
  curl_multi_cleanup (ctx->multi);
  curl_slist_free_all (ctx->common_headers);
+  GNUNET_free (ctx->userpass);
+  GNUNET_free (ctx->certtype);
+  GNUNET_free (ctx->certfile);
+  GNUNET_free (ctx->keyfile);
+  GNUNET_free (ctx->keypass);
  GNUNET_free (ctx);
 }
author	Christian Grothoff <christian@grothoff.org>	2020-07-16 17:40:14 +0200
committer	Christian Grothoff <christian@grothoff.org>	2020-07-16 17:40:37 +0200
commit	ee1fbffa1c42f7ac3fc897e73e90c525037dd915 (patch)
tree	b8b5f553413fb99a92a59786862ba25049f62725 /src/curl/curl.c
parent	23820348b1221c78dc2d4eca9a234c375bbc68cb (diff)
download	gnunet-ee1fbffa1c42f7ac3fc897e73e90c525037dd915.tar.gz gnunet-ee1fbffa1c42f7ac3fc897e73e90c525037dd915.zip

diff --git a/src/curl/curl.c b/src/curl/curl.c index a63a10f3b..f43670944 100644 --- a/src/curl/curl.c +++ b/src/curl/curl.c
@@ -170,10 +170,93 @@ struct GNUNET_CURL_Context
170	* Closure for @e cb.	170	* Closure for @e cb.
171	*/	171	*/
172	void *cb_cls;	172	void *cb_cls;
		173
		174	/**
		175	* USERNAME:PASSWORD to use for client-authentication
		176	* with all requests of this context, or NULL.
		177	*/
		178	char *userpass;
		179
		180	/**
		181	* Type of the TLS client certificate used, or NULL.
		182	*/
		183	char *certtype;
		184
		185	/**
		186	* File with the TLS client certificate, or NULL.
		187	*/
		188	char *certfile;
		189
		190	/**
		191	* File with the private key to authenticate the
		192	* TLS client, or NULL.
		193	*/
		194	char *keyfile;
		195
		196	/**
		197	* Passphrase to decrypt @e keyfile, or NULL.
		198	*/
		199	char *keypass;
		200
173	};	201	};
174		202
175		203
176	/**	204	/**
		205	* Force use of the provided username and password
		206	* for client authentication for all operations performed
		207	* with @a ctx.
		208	*
		209	* @param ctx context to set authentication data for
		210	* @param userpass string with "$USERNAME:$PASSWORD"
		211	*/
		212	void
		213	GNUNET_CURL_set_userpass (struct GNUNET_CURL_Context *ctx,
		214	const char *userpass)
		215	{
		216	GNUNET_free (ctx->userpass);
		217	if (NULL != userpass)
		218	ctx->userpass = GNUNET_strdup (userpass);
		219	}
		220
		221
		222	/**
		223	* Force use of the provided TLS client certificate
		224	* for client authentication for all operations performed
		225	* with @a ctx.
		226	*
		227	* Note that if the provided information is incorrect,
		228	* the earliest operation that could fail is
		229	* #GNUNET_CURL_job_add() or #GNUNET_CURL_job_add2()!
		230	*
		231	* @param ctx context to set authentication data for
		232	* @param certtype type of the certificate
		233	* @param certfile file with the certificate
		234	* @param keyfile file with the private key
		235	* @param keypass passphrase to decrypt @a keyfile (or NULL)
		236	*/
		237	void
		238	GNUNET_CURL_set_tlscert (struct GNUNET_CURL_Context *ctx,
		239	const char *certtype,
		240	const char *certfile,
		241	const char *keyfile,
		242	const char *keypass)
		243	{
		244	GNUNET_free (ctx->certtype);
		245	GNUNET_free (ctx->certfile);
		246	GNUNET_free (ctx->keyfile);
		247	GNUNET_free (ctx->keypass);
		248	if (NULL != certtype)
		249	ctx->certtype = GNUNET_strdup (certtype);
		250	if (NULL != certfile)
		251	ctx->certfile = GNUNET_strdup (certfile);
		252	if (NULL != keyfile)
		253	ctx->certtype = GNUNET_strdup (keyfile);
		254	if (NULL != keypass)
		255	ctx->certtype = GNUNET_strdup (keypass);
		256	}
		257
		258
		259	/**
177	* Initialise this library. This function should be called before using any of	260	* Initialise this library. This function should be called before using any of
178	* the following functions.	261	* the following functions.
179	*	262	*
@@ -457,6 +540,32 @@ GNUNET_CURL_job_add2 (struct GNUNET_CURL_Context *ctx,
457	struct curl_slist *all_headers;	540	struct curl_slist *all_headers;
458		541
459	GNUNET_assert (NULL != jcc);	542	GNUNET_assert (NULL != jcc);
		543	if ( (NULL != ctx->userpass) &&
		544	(0 != curl_easy_setopt (eh,
		545	CURLOPT_USERPWD,
		546	ctx->userpass)) )
		547	return NULL;
		548	if ( (NULL != ctx->certfile) &&
		549	(0 != curl_easy_setopt (eh,
		550	CURLOPT_SSLCERT,
		551	ctx->certfile)) )
		552	return NULL;
		553	if ( (NULL != ctx->certtype) &&
		554	(0 != curl_easy_setopt (eh,
		555	CURLOPT_SSLCERTTYPE,
		556	ctx->certtype)) )
		557	return NULL;
		558	if ( (NULL != ctx->keyfile) &&
		559	(0 != curl_easy_setopt (eh,
		560	CURLOPT_SSLKEY,
		561	ctx->keyfile)) )
		562	return NULL;
		563	if ( (NULL != ctx->keypass) &&
		564	(0 != curl_easy_setopt (eh,
		565	CURLOPT_KEYPASSWD,
		566	ctx->keypass)) )
		567	return NULL;
		568
460	all_headers = setup_job_headers (ctx,	569	all_headers = setup_job_headers (ctx,
461	job_headers);	570	job_headers);
462	if (NULL == (job = setup_job (eh,	571	if (NULL == (job = setup_job (eh,
@@ -899,6 +1008,11 @@ GNUNET_CURL_fini (struct GNUNET_CURL_Context *ctx)
899	curl_share_cleanup (ctx->share);	1008	curl_share_cleanup (ctx->share);
900	curl_multi_cleanup (ctx->multi);	1009	curl_multi_cleanup (ctx->multi);
901	curl_slist_free_all (ctx->common_headers);	1010	curl_slist_free_all (ctx->common_headers);
		1011	GNUNET_free (ctx->userpass);
		1012	GNUNET_free (ctx->certtype);
		1013	GNUNET_free (ctx->certfile);
		1014	GNUNET_free (ctx->keyfile);
		1015	GNUNET_free (ctx->keypass);
902	GNUNET_free (ctx);	1016	GNUNET_free (ctx);
903	}	1017	}
904		1018