自学教程：C++ Curl_safefree函数代码示例

//.........这里部分代码省略.........        else          current_form->contentheader = list;        break;      }    case CURLFORM_FILENAME:    case CURLFORM_BUFFER:      {        const char *filename = array_state?array_value:          va_arg(params, char *);        if(current_form->showfilename)          return_value = CURL_FORMADD_OPTION_TWICE;        else {          current_form->showfilename = strdup(filename);          if(!current_form->showfilename)            return_value = CURL_FORMADD_MEMORY;          else            current_form->showfilename_alloc = TRUE;        }        break;      }    default:      return_value = CURL_FORMADD_UNKNOWN_OPTION;      break;    }  }  if(CURL_FORMADD_OK != return_value) {    /* On error, free allocated fields for all nodes of the FormInfo linked       list without deallocating nodes. List nodes are deallocated later on */    FormInfo *ptr;    for(ptr = first_form; ptr != NULL; ptr = ptr->more) {      if(ptr->name_alloc) {        Curl_safefree(ptr->name);        ptr->name_alloc = FALSE;      }      if(ptr->value_alloc) {        Curl_safefree(ptr->value);        ptr->value_alloc = FALSE;      }      if(ptr->contenttype_alloc) {        Curl_safefree(ptr->contenttype);        ptr->contenttype_alloc = FALSE;      }      if(ptr->showfilename_alloc) {        Curl_safefree(ptr->showfilename);        ptr->showfilename_alloc = FALSE;      }    }  }  if(CURL_FORMADD_OK == return_value) {    /* go through the list, check for completeness and if everything is     * alright add the HttpPost item otherwise set return_value accordingly */    post = NULL;    for(form = first_form;        form != NULL;        form = form->more) {      if(((!form->name || !form->value) && !post) ||         ( (form->contentslength) &&           (form->flags & HTTPPOST_FILENAME) ) ||         ( (form->flags & HTTPPOST_FILENAME) &&           (form->flags & HTTPPOST_PTRCONTENTS) ) ||         ( (!form->buffer) &&

/* * Output a Bearer Authorization header. */CURLcode Curl_output_bearer(struct connectdata *conn,                         bool proxy,                         const unsigned char *request,                         const unsigned char *uripath,                         struct curl_oauth2_token *token){  char **allocuserpwd;  struct auth *authp;  struct SessionHandle *data = conn->data;  CURLcode rc;/* The CURL_OUTPUT_BEARER_CONV macro below is for non-ASCII machines.   It converts digest text to ASCII so the MAC will be correct for   what ultimately goes over the network.*/#define CURL_OUTPUT_BEARER_CONV(a, b) /  rc = Curl_convert_to_network(a, (char *)b, strlen((const char*)b)); /  if(rc != CURLE_OK) { /    free(b); /    return rc; /  }  (void)request;  (void)uripath;  /* Check that we have the proper kind of token. */  if(token->token_type != CURL_OAUTH2_TOKEN_TYPE_BEARER) {    return CURLE_OAUTH2_TOKEN_MALFORMAT;  }  /* Select the right Authorization field to fill in depending on     whether we're talking to a proxy or the remote host. */  if(proxy) {    allocuserpwd = &conn->allocptr.proxyuserpwd;    authp = &data->state.authproxy;  }  else {    allocuserpwd = &conn->allocptr.userpwd;    authp = &data->state.authhost;  }  if(*allocuserpwd) {    Curl_safefree(*allocuserpwd);    *allocuserpwd = NULL;  }  authp->done = TRUE;  /* Produce the Authorization header. It is a very trivial header that     simply communicates the identifier of the bearer token. */  *allocuserpwd =    aprintf( "Authorization: Bearer %s/n", token->access_token);  if(!*allocuserpwd) {    return CURLE_OUT_OF_MEMORY;  }  CURL_OUTPUT_BEARER_CONV(data, allocuserpwd);  return CURLE_OK;}

/* * Curl_sasl_create_digest_http_message() * * This is used to generate a HTTP DIGEST response message ready for sending * to the recipient. * * Parameters: * * data    [in]     - The session handle. * userp   [in]     - The user name. * passdwp [in]     - The user's password. * request [in]     - The HTTP request. * uripath [in]     - The path of the HTTP uri. * digest  [in/out] - The digest data struct being used and modified. * outptr  [in/out] - The address where a pointer to newly allocated memory *                    holding the result will be stored upon completion. * outlen  [out]    - The length of the output message. * * Returns CURLE_OK on success. */CURLcode Curl_sasl_create_digest_http_message(struct SessionHandle *data,                                              const char *userp,                                              const char *passwdp,                                              const unsigned char *request,                                              const unsigned char *uripath,                                              struct digestdata *digest,                                              char **outptr, size_t *outlen){  size_t token_max;  CredHandle credentials;  CtxtHandle context;  char *resp;  BYTE *output_token;  PSecPkgInfo SecurityPackage;  SEC_WINNT_AUTH_IDENTITY identity;  SEC_WINNT_AUTH_IDENTITY *p_identity;  SecBuffer chlg_buf[3];  SecBuffer resp_buf;  SecBufferDesc chlg_desc;  SecBufferDesc resp_desc;  SECURITY_STATUS status;  unsigned long attrs;  TimeStamp expiry; /* For Windows 9x compatibility of SSPI calls */  (void) data;  /* Query the security package for DigestSSP */  status = s_pSecFn->QuerySecurityPackageInfo((TCHAR *) TEXT(SP_NAME_DIGEST),                                              &SecurityPackage);  if(status != SEC_E_OK)    return CURLE_NOT_BUILT_IN;  token_max = SecurityPackage->cbMaxToken;  /* Release the package buffer as it is not required anymore */  s_pSecFn->FreeContextBuffer(SecurityPackage);  /* Allocate the output buffer according to the max token size as indicated     by the security package */  output_token = malloc(token_max);  if(!output_token)    return CURLE_OUT_OF_MEMORY;  if(userp && *userp) {    /* Populate our identity structure */    if(Curl_create_sspi_identity(userp, passwdp, &identity))      return CURLE_OUT_OF_MEMORY;    /* Allow proper cleanup of the identity structure */    p_identity = &identity;  }  else    /* Use the current Windows user */    p_identity = NULL;  /* Acquire our credentials handle */  status = s_pSecFn->AcquireCredentialsHandle(NULL,                                              (TCHAR *) TEXT(SP_NAME_DIGEST),                                              SECPKG_CRED_OUTBOUND, NULL,                                              p_identity, NULL, NULL,                                              &credentials, &expiry);  if(status != SEC_E_OK) {    Curl_safefree(output_token);    return CURLE_LOGIN_DENIED;  }  /* Setup the challenge "input" security buffer if present */  chlg_desc.ulVersion    = SECBUFFER_VERSION;  chlg_desc.cBuffers     = 3;  chlg_desc.pBuffers     = chlg_buf;  chlg_buf[0].BufferType = SECBUFFER_TOKEN;  chlg_buf[0].pvBuffer   = digest->input_token;  chlg_buf[0].cbBuffer   = curlx_uztoul(digest->input_token_len);  chlg_buf[1].BufferType = SECBUFFER_PKG_PARAMS;  chlg_buf[1].pvBuffer   = (void *)request;  chlg_buf[1].cbBuffer   = curlx_uztoul(strlen((const char *) request));  chlg_buf[2].BufferType = SECBUFFER_PKG_PARAMS;  chlg_buf[2].pvBuffer   = NULL;  chlg_buf[2].cbBuffer   = 0;//.........这里部分代码省略.........

/* * curl_easy_duphandle() is an external interface to allow duplication of a * given input easy handle. The returned handle will be a new working handle * with all options set exactly as the input source handle. */CURL *curl_easy_duphandle(CURL *incurl){  struct SessionHandle *data=(struct SessionHandle *)incurl;  struct SessionHandle *outcurl = calloc(1, sizeof(struct SessionHandle));  if(NULL == outcurl)    goto fail;  /*   * We setup a few buffers we need. We should probably make them   * get setup on-demand in the code, as that would probably decrease   * the likeliness of us forgetting to init a buffer here in the future.   */  outcurl->state.headerbuff = malloc(HEADERSIZE);  if(!outcurl->state.headerbuff)    goto fail;  outcurl->state.headersize = HEADERSIZE;  /* copy all userdefined values */  if(Curl_dupset(outcurl, data) != CURLE_OK)    goto fail;  /* the connection cache is setup on demand */  outcurl->state.conn_cache = NULL;  outcurl->state.lastconnect = NULL;  outcurl->progress.flags    = data->progress.flags;  outcurl->progress.callback = data->progress.callback;  if(data->cookies) {    /* If cookies are enabled in the parent handle, we enable them       in the clone as well! */    outcurl->cookies = Curl_cookie_init(data,                                        data->cookies->filename,                                        outcurl->cookies,                                        data->set.cookiesession);    if(!outcurl->cookies)      goto fail;  }  /* duplicate all values in 'change' */  if(data->change.cookielist) {    outcurl->change.cookielist =      Curl_slist_duplicate(data->change.cookielist);    if(!outcurl->change.cookielist)      goto fail;  }  if(data->change.url) {    outcurl->change.url = strdup(data->change.url);    if(!outcurl->change.url)      goto fail;    outcurl->change.url_alloc = TRUE;  }  if(data->change.referer) {    outcurl->change.referer = strdup(data->change.referer);    if(!outcurl->change.referer)      goto fail;    outcurl->change.referer_alloc = TRUE;  }  /* Clone the resolver handle, if present, for the new handle */  if(Curl_resolver_duphandle(&outcurl->state.resolver,                             data->state.resolver) != CURLE_OK)    goto fail;  Curl_convert_setup(outcurl);  Curl_easy_initHandleData(outcurl);  outcurl->magic = CURLEASY_MAGIC_NUMBER;  /* we reach this point and thus we are OK */  return outcurl;  fail:  if(outcurl) {    curl_slist_free_all(outcurl->change.cookielist);    outcurl->change.cookielist = NULL;    Curl_safefree(outcurl->state.headerbuff);    Curl_safefree(outcurl->change.url);    Curl_safefree(outcurl->change.referer);    Curl_freeset(outcurl);    free(outcurl);  }  return NULL;}

//.........这里部分代码省略.........  if(conn->handler->flags & PROTOPT_SSL)    nva[2].value = (unsigned char *)"https";  else    nva[2].value = (unsigned char *)"http";  nva[2].valuelen = (uint16_t)strlen((char *)nva[2].value);  nva[2].flags = NGHTTP2_NV_FLAG_NONE;  hdbuf = strchr(hdbuf, 0x0a);  ++hdbuf;  authority_idx = 0;  for(i = 3; i < nheader; ++i) {    end = strchr(hdbuf, ':');    assert(end);    if(end - hdbuf == 4 && Curl_raw_nequal("host", hdbuf, 4)) {      authority_idx = i;      nva[i].name = (unsigned char *)":authority";      nva[i].namelen = (uint16_t)strlen((char *)nva[i].name);    }    else {      nva[i].name = (unsigned char *)hdbuf;      nva[i].namelen = (uint16_t)(end - hdbuf);    }    hdbuf = end + 1;    for(; *hdbuf == ' '; ++hdbuf);    end = strchr(hdbuf, 0x0d);    assert(end);    nva[i].value = (unsigned char *)hdbuf;    nva[i].valuelen = (uint16_t)(end - hdbuf);    nva[i].flags = NGHTTP2_NV_FLAG_NONE;    hdbuf = end + 2;    /* Inspect Content-Length header field and retrieve the request       entity length so that we can set END_STREAM to the last DATA       frame. */    if(nva[i].namelen == 14 &&       Curl_raw_nequal("content-length", (char*)nva[i].name, 14)) {      size_t j;      for(j = 0; j < nva[i].valuelen; ++j) {        httpc->upload_left *= 10;        httpc->upload_left += nva[i].value[j] - '0';      }      infof(conn->data, "request content-length=%zu/n", httpc->upload_left);    }  }  /* :authority must come before non-pseudo header fields */  if(authority_idx != 0 && authority_idx != AUTHORITY_DST_IDX) {    nghttp2_nv authority = nva[authority_idx];    for(i = authority_idx; i > AUTHORITY_DST_IDX; --i) {      nva[i] = nva[i - 1];    }    nva[i] = authority;  }  switch(conn->data->set.httpreq) {  case HTTPREQ_POST:  case HTTPREQ_POST_FORM:  case HTTPREQ_PUT:    data_prd.read_callback = data_source_read_callback;    data_prd.source.ptr = NULL;    stream_id = nghttp2_submit_request(httpc->h2, NULL, nva, nheader,                                       &data_prd, NULL);    break;  default:    stream_id = nghttp2_submit_request(httpc->h2, NULL, nva, nheader,                                       NULL, NULL);  }  Curl_safefree(nva);  if(stream_id < 0) {    *err = CURLE_SEND_ERROR;    return -1;  }  httpc->stream_id = stream_id;  rv = nghttp2_session_send(httpc->h2);  if(rv != 0) {    *err = CURLE_SEND_ERROR;    return -1;  }  if(httpc->stream_id != -1) {    /* If whole HEADERS frame was sent off to the underlying socket,       the nghttp2 library calls data_source_read_callback. But only       it found that no data available, so it deferred the DATA       transmission. Which means that nghttp2_session_want_write()       returns 0 on http2_perform_getsock(), which results that no       writable socket check is performed. To workaround this, we       issue nghttp2_session_resume_data() here to bring back DATA       transmission from deferred state. */    nghttp2_session_resume_data(httpc->h2, httpc->stream_id);  }  return len;}

//.........这里部分代码省略.........                data + connssl->stream_sizes.cbHeader + len,                connssl->stream_sizes.cbTrailer);  InitSecBuffer(&outbuf[3], SECBUFFER_EMPTY, NULL, 0);  InitSecBufferDesc(&outbuf_desc, outbuf, 4);  /* copy data into output buffer */  memcpy(outbuf[1].pvBuffer, buf, len);  /* http://msdn.microsoft.com/en-us/library/windows/desktop/aa375390.aspx */  sspi_status = s_pSecFn->EncryptMessage(&connssl->ctxt->ctxt_handle, 0,                                         &outbuf_desc, 0);  /* check if the message was encrypted */  if(sspi_status == SEC_E_OK) {    written = 0;    /* send the encrypted message including header, data and trailer */    len = outbuf[0].cbBuffer + outbuf[1].cbBuffer + outbuf[2].cbBuffer;    /*       It's important to send the full message which includes the header,       encrypted payload, and trailer.  Until the client receives all the       data a coherent message has not been delivered and the client       can't read any of it.       If we wanted to buffer the unwritten encrypted bytes, we would       tell the client that all data it has requested to be sent has been       sent. The unwritten encrypted bytes would be the first bytes to       send on the next invocation.       Here's the catch with this - if we tell the client that all the       bytes have been sent, will the client call this method again to       send the buffered data?  Looking at who calls this function, it       seems the answer is NO.    */    /* send entire message or fail */    while(len > (size_t)written) {      ssize_t this_write;      long timeleft;      int what;      this_write = 0;      timeleft = Curl_timeleft(conn->data, NULL, TRUE);      if(timeleft < 0) {        /* we already got the timeout */        failf(conn->data, "schannel: timed out sending data "              "(bytes sent: %zd)", written);        *err = CURLE_OPERATION_TIMEDOUT;        written = -1;        break;      }      what = Curl_socket_ready(CURL_SOCKET_BAD, conn->sock[sockindex],                               timeleft);      if(what < 0) {        /* fatal error */        failf(conn->data, "select/poll on SSL socket, errno: %d", SOCKERRNO);        *err = CURLE_SEND_ERROR;        written = -1;        break;      }      else if(0 == what) {        failf(conn->data, "schannel: timed out sending data "              "(bytes sent: %zd)", written);        *err = CURLE_OPERATION_TIMEDOUT;        written = -1;        break;      }      /* socket is writable */      code = Curl_write_plain(conn, conn->sock[sockindex], data + written,                              len - written, &this_write);      if(code == CURLE_AGAIN)        continue;      else if(code != CURLE_OK) {        *err = code;        written = -1;        break;      }      written += this_write;    }  }  else if(sspi_status == SEC_E_INSUFFICIENT_MEMORY) {    *err = CURLE_OUT_OF_MEMORY;  }  else{    *err = CURLE_SEND_ERROR;  }  Curl_safefree(data);  if(len == (size_t)written)    /* Encrypted message including header, data and trailer entirely sent.       The return value is the number of unencrypted bytes that were sent. */    written = outbuf[1].cbBuffer;  return written;}

/* * Curl_ssh_connect() gets called from Curl_protocol_connect() to allow us to * do protocol-specific actions at connect-time. */CURLcode Curl_ssh_connect(struct connectdata *conn, bool *done){  int i;  struct SSHPROTO *ssh;  const char *fingerprint;  const char *authlist;  char *home;  char rsa_pub[PATH_MAX];  char rsa[PATH_MAX];  char tempHome[PATH_MAX];  curl_socket_t sock;  char *real_path;  char *working_path;  int working_path_len;  bool authed = FALSE;  CURLcode result;  struct SessionHandle *data = conn->data;  rsa_pub[0] = rsa[0] = '/0';  result = ssh_init(conn);  if (result)    return result;  ssh = data->reqdata.proto.ssh;  working_path = curl_easy_unescape(data, data->reqdata.path, 0,                                    &working_path_len);  if (!working_path)    return CURLE_OUT_OF_MEMORY;#ifdef CURL_LIBSSH2_DEBUG  if (ssh->user) {    infof(data, "User: %s/n", ssh->user);  }  if (ssh->passwd) {    infof(data, "Password: %s/n", ssh->passwd);  }#endif /* CURL_LIBSSH2_DEBUG */  sock = conn->sock[FIRSTSOCKET];  ssh->ssh_session = libssh2_session_init_ex(libssh2_malloc, libssh2_free,                                            libssh2_realloc, ssh);  if (ssh->ssh_session == NULL) {    failf(data, "Failure initialising ssh session/n");    Curl_safefree(ssh->path);    return CURLE_FAILED_INIT;  }#ifdef CURL_LIBSSH2_DEBUG  infof(data, "SSH socket: %d/n", sock);#endif /* CURL_LIBSSH2_DEBUG */  if (libssh2_session_startup(ssh->ssh_session, sock)) {    failf(data, "Failure establishing ssh session/n");    libssh2_session_free(ssh->ssh_session);    ssh->ssh_session = NULL;    Curl_safefree(ssh->path);    return CURLE_FAILED_INIT;  }  /*   * Before we authenticate we should check the hostkey's fingerprint against   * our known hosts. How that is handled (reading from file, whatever) is   * up to us. As for know not much is implemented, besides showing how to   * get the fingerprint.   */  fingerprint = libssh2_hostkey_hash(ssh->ssh_session,                                     LIBSSH2_HOSTKEY_HASH_MD5);#ifdef CURL_LIBSSH2_DEBUG  /* The fingerprint points to static storage (!), don't free() it. */  infof(data, "Fingerprint: ");  for (i = 0; i < 16; i++) {    infof(data, "%02X ", (unsigned char) fingerprint[i]);  }  infof(data, "/n");#endif /* CURL_LIBSSH2_DEBUG */  /* TBD - methods to check the host keys need to be done */  /*   * Figure out authentication methods   * NB: As soon as we have provided a username to an openssh server we must   * never change it later. Thus, always specify the correct username here,   * even though the libssh2 docs kind of indicate that it should be possible   * to get a 'generic' list (not user-specific) of authentication methods,   * presumably with a blank username. That won't work in my experience.   * So always specify it here.   */  authlist = libssh2_userauth_list(ssh->ssh_session, ssh->user,                                   strlen(ssh->user));  /*   * Check the supported auth types in the order I feel is most secure with the   * requested type of authentication   */  if ((data->set.ssh_auth_types & CURLSSH_AUTH_PUBLICKEY) &&//.........这里部分代码省略.........

void free_config_fields(struct Configurable *config){  struct getout *urlnode;  if(config->easy) {    curl_easy_cleanup(config->easy);    config->easy = NULL;  }  Curl_safefree(config->random_file);  Curl_safefree(config->egd_file);  Curl_safefree(config->useragent);  Curl_safefree(config->cookie);  Curl_safefree(config->cookiejar);  Curl_safefree(config->cookiefile);  Curl_safefree(config->postfields);  Curl_safefree(config->referer);  Curl_safefree(config->headerfile);  Curl_safefree(config->ftpport);  Curl_safefree(config->iface);  Curl_safefree(config->range);  Curl_safefree(config->userpwd);  Curl_safefree(config->tls_username);  Curl_safefree(config->tls_password);  Curl_safefree(config->tls_authtype);  Curl_safefree(config->proxyuserpwd);  Curl_safefree(config->proxy);  Curl_safefree(config->dns_ipv6_addr);  Curl_safefree(config->dns_ipv4_addr);  Curl_safefree(config->dns_interface);  Curl_safefree(config->dns_servers);  Curl_safefree(config->noproxy);  Curl_safefree(config->mail_from);  curl_slist_free_all(config->mail_rcpt);  Curl_safefree(config->mail_auth);  Curl_safefree(config->netrc_file);  urlnode = config->url_list;  while(urlnode) {    struct getout *next = urlnode->next;    Curl_safefree(urlnode->url);    Curl_safefree(urlnode->outfile);    Curl_safefree(urlnode->infile);    Curl_safefree(urlnode);    urlnode = next;  }  config->url_list = NULL;  config->url_last = NULL;  config->url_get = NULL;  config->url_out = NULL;  Curl_safefree(config->cipher_list);  Curl_safefree(config->cert);  Curl_safefree(config->cert_type);  Curl_safefree(config->cacert);  Curl_safefree(config->capath);  Curl_safefree(config->crlfile);  Curl_safefree(config->key);  Curl_safefree(config->key_type);  Curl_safefree(config->key_passwd);  Curl_safefree(config->pubkey);  Curl_safefree(config->hostpubmd5);  Curl_safefree(config->engine);  Curl_safefree(config->customrequest);  Curl_safefree(config->krblevel);  Curl_safefree(config->trace_dump);  Curl_safefree(config->xoauth2_bearer);  config->trace_stream = NULL; /* closed elsewhere when appropriate */  Curl_safefree(config->writeout);  config->errors = NULL; /* closed elsewhere when appropriate */  curl_slist_free_all(config->quote);  curl_slist_free_all(config->postquote);  curl_slist_free_all(config->prequote);  curl_slist_free_all(config->headers);  if(config->httppost) {    curl_formfree(config->httppost);    config->httppost = NULL;  }  config->last_post = NULL;  curl_slist_free_all(config->telnet_options);  curl_slist_free_all(config->resolve);  Curl_safefree(config->socksproxy);//.........这里部分代码省略.........

//.........这里部分代码省略.........                           "%s"  /* User-Agent */                           "%s", /* Proxy-Connection */                           hostheader,                           http,                           host,                           conn->allocptr.proxyuserpwd?                           conn->allocptr.proxyuserpwd:"",                           useragent,                           proxyconn);        if(host && *host)          free(host);        free(hostheader);        if(CURLE_OK == result)          result = Curl_add_custom_headers(conn, req_buffer);        if(CURLE_OK == result)          /* CRLF terminate the request */          result = Curl_add_bufferf(req_buffer, "/r/n");        if(CURLE_OK == result) {          /* Send the connect request to the proxy */          /* BLOCKING */          result =            Curl_add_buffer_send(req_buffer, conn,                                 &data->info.request_size, 0, sockindex);        }        req_buffer = NULL;        if(result)          failf(data, "Failed sending CONNECT to proxy");      }      Curl_safefree(req_buffer);      if(result)        return result;      conn->tunnel_state[sockindex] = TUNNEL_CONNECT;      /* now we've issued the CONNECT and we're waiting to hear back, return         and get called again polling-style */      return CURLE_OK;    } /* END CONNECT PHASE */    { /* BEGIN NEGOTIATION PHASE */      size_t nread;   /* total size read */      int perline; /* count bytes per line */      int keepon=TRUE;      ssize_t gotbytes;      char *ptr;      char *line_start;      ptr=data->state.buffer;      line_start = ptr;      nread=0;      perline=0;      keepon=TRUE;      while((nread<BUFSIZE) && (keepon && !error)) {        /* if timeout is requested, find out how much remaining time we have */        check = timeout - /* timeout time */          Curl_tvdiff(Curl_tvnow(), conn->now); /* spent time */        if(check <= 0) {

static CURLcode smtp_authenticate(struct connectdata *conn){  CURLcode result = CURLE_OK;  struct smtp_conn *smtpc = &conn->proto.smtpc;  char *initresp = NULL;  const char *mech = NULL;  size_t len = 0;  smtpstate state1 = SMTP_STOP;  smtpstate state2 = SMTP_STOP;  /* Check we have a username and password to authenticate with and end the     connect phase if we don't */  if(!conn->bits.user_passwd) {    state(conn, SMTP_STOP);    return result;  }  /* Check supported authentication mechanisms by decreasing order of     security */#ifndef CURL_DISABLE_CRYPTO_AUTH  if(smtpc->authmechs & SASL_MECH_DIGEST_MD5) {    mech = "DIGEST-MD5";    state1 = SMTP_AUTH_DIGESTMD5;    smtpc->authused = SASL_MECH_DIGEST_MD5;  }  else if(smtpc->authmechs & SASL_MECH_CRAM_MD5) {    mech = "CRAM-MD5";    state1 = SMTP_AUTH_CRAMMD5;    smtpc->authused = SASL_MECH_CRAM_MD5;  }  else#endif#ifdef USE_NTLM  if(smtpc->authmechs & SASL_MECH_NTLM) {    mech = "NTLM";    state1 = SMTP_AUTH_NTLM;    state2 = SMTP_AUTH_NTLM_TYPE2MSG;    smtpc->authused = SASL_MECH_NTLM;    result = Curl_sasl_create_ntlm_type1_message(conn->user, conn->passwd,                                                 &conn->ntlm,                                                 &initresp, &len);  }  else#endif  if(smtpc->authmechs & SASL_MECH_LOGIN) {    mech = "LOGIN";    state1 = SMTP_AUTH_LOGIN;    state2 = SMTP_AUTH_PASSWD;    smtpc->authused = SASL_MECH_LOGIN;    result = Curl_sasl_create_login_message(conn->data, conn->user,                                            &initresp, &len);  }  else if(smtpc->authmechs & SASL_MECH_PLAIN) {    mech = "PLAIN";    state1 = SMTP_AUTH_PLAIN;    state2 = SMTP_AUTH;    smtpc->authused = SASL_MECH_PLAIN;    result = Curl_sasl_create_plain_message(conn->data, conn->user,                                            conn->passwd, &initresp, &len);  }  else {    infof(conn->data, "No known authentication mechanisms supported!/n");    result = CURLE_LOGIN_DENIED; /* Other mechanisms not supported */  }  if(!result) {    if(initresp &&       strlen(mech) + len <= 512 - 8) { /* AUTH <mech> ...<crlf> */       result = Curl_pp_sendf(&smtpc->pp, "AUTH %s %s", mech, initresp);      if(!result)        state(conn, state2);    }    else {      result = Curl_pp_sendf(&smtpc->pp, "AUTH %s", mech);      if(!result)        state(conn, state1);    }    Curl_safefree(initresp);  }  return result;}

/* Start the DO phase */static CURLcode smtp_mail(struct connectdata *conn){  char *from = NULL;  char *auth = NULL;  char *size = NULL;  CURLcode result = CURLE_OK;  struct SessionHandle *data = conn->data;  /* Calculate the FROM parameter */  if(!data->set.str[STRING_MAIL_FROM])    /* Null reverse-path, RFC-2821, sect. 3.7 */    from = strdup("<>");  else if(data->set.str[STRING_MAIL_FROM][0] == '<')    from = aprintf("%s", data->set.str[STRING_MAIL_FROM]);  else    from = aprintf("<%s>", data->set.str[STRING_MAIL_FROM]);  if(!from)    return CURLE_OUT_OF_MEMORY;  /* Calculate the optional AUTH parameter */  if(data->set.str[STRING_MAIL_AUTH] && conn->proto.smtpc.authused) {    if(data->set.str[STRING_MAIL_AUTH][0] != '/0')      auth = aprintf("%s", data->set.str[STRING_MAIL_AUTH]);    else      /* Empty AUTH, RFC-2554, sect. 5 */      auth = strdup("<>");    if(!auth) {      Curl_safefree(from);      return CURLE_OUT_OF_MEMORY;    }  }  /* calculate the optional SIZE parameter */  if(conn->data->set.infilesize > 0) {    size = aprintf("%" FORMAT_OFF_T, data->set.infilesize);    if(!size) {      Curl_safefree(from);      Curl_safefree(auth);      return CURLE_OUT_OF_MEMORY;    }  }  /* Send the MAIL command */  if(!auth && !size)    result = Curl_pp_sendf(&conn->proto.smtpc.pp,                           "MAIL FROM:%s", from);  else if(auth && !size)    result = Curl_pp_sendf(&conn->proto.smtpc.pp,                           "MAIL FROM:%s AUTH=%s", from, auth);  else if(auth && size)    result = Curl_pp_sendf(&conn->proto.smtpc.pp,                           "MAIL FROM:%s AUTH=%s SIZE=%s", from, auth, size);  else    result = Curl_pp_sendf(&conn->proto.smtpc.pp,                           "MAIL FROM:%s SIZE=%s", from, size);  Curl_safefree(from);  Curl_safefree(auth);  Curl_safefree(size);  if(result)    return result;  state(conn, SMTP_MAIL);  return result;}

/* * file_connect() gets called from Curl_protocol_connect() to allow us to * do protocol-specific actions at connect-time.  We emulate a * connect-then-transfer protocol and "connect" to the file here */static CURLcode file_connect(struct connectdata *conn, bool *done){  struct SessionHandle *data = conn->data;  char *real_path = curl_easy_unescape(data, data->state.path, 0, NULL);  struct FILEPROTO *file;  int fd;#ifdef DOS_FILESYSTEM  int i;  char *actual_path;#endif  if(!real_path)    return CURLE_OUT_OF_MEMORY;  /* If there already is a protocol-specific struct allocated for this     sessionhandle, deal with it */  Curl_reset_reqproto(conn);  if(!data->state.proto.file) {    file = calloc(sizeof(struct FILEPROTO), 1);    if(!file) {      free(real_path);      return CURLE_OUT_OF_MEMORY;    }    data->state.proto.file = file;  }  else {    /* file is not a protocol that can deal with "persistancy" */    file = data->state.proto.file;    Curl_safefree(file->freepath);    if(file->fd != -1)      close(file->fd);    file->path = NULL;    file->freepath = NULL;    file->fd = -1;  }#ifdef DOS_FILESYSTEM  /* If the first character is a slash, and there's     something that looks like a drive at the beginning of     the path, skip the slash.  If we remove the initial     slash in all cases, paths without drive letters end up     relative to the current directory which isn't how     browsers work.     Some browsers accept | instead of : as the drive letter     separator, so we do too.     On other platforms, we need the slash to indicate an     absolute pathname.  On Windows, absolute paths start     with a drive letter.  */  actual_path = real_path;  if((actual_path[0] == '/') &&      actual_path[1] &&      (actual_path[2] == ':' || actual_path[2] == '|'))  {    actual_path[2] = ':';    actual_path++;  }  /* change path separators from '/' to '//' for DOS, Windows and OS/2 */  for (i=0; actual_path[i] != '/0'; ++i)    if(actual_path[i] == '/')      actual_path[i] = '//';  fd = open_readonly(actual_path, O_RDONLY|O_BINARY); /* no CR/LF translation */  file->path = actual_path;#else  fd = open_readonly(real_path, O_RDONLY);  file->path = real_path;#endif  file->freepath = real_path; /* free this when done */  file->fd = fd;  if(!data->set.upload && (fd == -1)) {    failf(data, "Couldn't open file %s", data->state.path);    file_done(conn, CURLE_FILE_COULDNT_READ_FILE, FALSE);    return CURLE_FILE_COULDNT_READ_FILE;  }  *done = TRUE;  return CURLE_OK;}

CURLcode Curl_output_negotiate(struct connectdata *conn, bool proxy){  struct negotiatedata *neg_ctx = proxy?&conn->data->state.proxyneg:    &conn->data->state.negotiate;  char *encoded = NULL;  size_t len = 0;  char *userp;  CURLcode error;  OM_uint32 discard_st;#ifdef HAVE_SPNEGO /* Handle SPNEGO */  if(checkprefix("Negotiate", neg_ctx->protocol)) {    ASN1_OBJECT    *object              = NULL;    unsigned char  *responseToken       = NULL;    size_t          responseTokenLength = 0;    gss_buffer_desc spnegoToken         = GSS_C_EMPTY_BUFFER;    responseToken = malloc(neg_ctx->output_token.length);    if(responseToken == NULL)      return CURLE_OUT_OF_MEMORY;    memcpy(responseToken, neg_ctx->output_token.value,           neg_ctx->output_token.length);    responseTokenLength = neg_ctx->output_token.length;    object = OBJ_txt2obj("1.2.840.113554.1.2.2", 1);    if(!object) {      Curl_safefree(responseToken);      return CURLE_OUT_OF_MEMORY;    }    if(!makeSpnegoInitialToken(object,                               responseToken,                               responseTokenLength,                               (unsigned char**)&spnegoToken.value,                               &spnegoToken.length)) {      Curl_safefree(responseToken);      ASN1_OBJECT_free(object);      infof(conn->data, "Make SPNEGO Initial Token failed/n");    }    else if(!spnegoToken.value || !spnegoToken.length) {      Curl_safefree(responseToken);      ASN1_OBJECT_free(object);      if(spnegoToken.value)        gss_release_buffer(&discard_st, &spnegoToken);      infof(conn->data, "Make SPNEGO Initial Token succeeded (NULL token)/n");    }    else {      Curl_safefree(responseToken);      ASN1_OBJECT_free(object);      gss_release_buffer(&discard_st, &neg_ctx->output_token);      neg_ctx->output_token.value = spnegoToken.value;      neg_ctx->output_token.length = spnegoToken.length;      infof(conn->data, "Make SPNEGO Initial Token succeeded/n");    }  }#endif  error = Curl_base64_encode(conn->data,                             neg_ctx->output_token.value,                             neg_ctx->output_token.length,                             &encoded, &len);  if(error) {    gss_release_buffer(&discard_st, &neg_ctx->output_token);    neg_ctx->output_token.value = NULL;    neg_ctx->output_token.length = 0;    return error;  }  if(!encoded || !len) {    gss_release_buffer(&discard_st, &neg_ctx->output_token);    neg_ctx->output_token.value = NULL;    neg_ctx->output_token.length = 0;    return CURLE_REMOTE_ACCESS_DENIED;  }  userp = aprintf("%sAuthorization: %s %s/r/n", proxy ? "Proxy-" : "",                  neg_ctx->protocol, encoded);  if(proxy) {    Curl_safefree(conn->allocptr.proxyuserpwd);    conn->allocptr.proxyuserpwd = userp;  }  else {    Curl_safefree(conn->allocptr.userpwd);    conn->allocptr.userpwd = userp;  }  Curl_safefree(encoded);  Curl_cleanup_negotiate(conn->data);  return (userp == NULL) ? CURLE_OUT_OF_MEMORY : CURLE_OK;}

/* returning zero (0) means success, everything else is treated as "failure"   with no care exactly what the failure was */int Curl_input_negotiate(struct connectdata *conn, bool proxy,                         const char *header){  struct SessionHandle *data = conn->data;  struct negotiatedata *neg_ctx = proxy?&data->state.proxyneg:    &data->state.negotiate;  OM_uint32 major_status, minor_status, discard_st;  gss_buffer_desc input_token = GSS_C_EMPTY_BUFFER;  gss_buffer_desc output_token = GSS_C_EMPTY_BUFFER;  int ret;  size_t len;  size_t rawlen = 0;  bool gss;  const char* protocol;  CURLcode error;  while(*header && ISSPACE(*header))    header++;  if(checkprefix("GSS-Negotiate", header)) {    protocol = "GSS-Negotiate";    gss = TRUE;  }  else if(checkprefix("Negotiate", header)) {    protocol = "Negotiate";    gss = FALSE;  }  else    return -1;  if(neg_ctx->context) {    if(neg_ctx->gss != gss) {      return -1;    }  }  else {    neg_ctx->protocol = protocol;    neg_ctx->gss = gss;  }  if(neg_ctx->context && neg_ctx->status == GSS_S_COMPLETE) {    /* We finished successfully our part of authentication, but server     * rejected it (since we're again here). Exit with an error since we     * can't invent anything better */    Curl_cleanup_negotiate(data);    return -1;  }  if(neg_ctx->server_name == NULL &&      (ret = get_gss_name(conn, proxy, &neg_ctx->server_name)))    return ret;  header += strlen(neg_ctx->protocol);  while(*header && ISSPACE(*header))    header++;  len = strlen(header);  if(len > 0) {    error = Curl_base64_decode(header,                               (unsigned char **)&input_token.value, &rawlen);    if(error || rawlen == 0)      return -1;    input_token.length = rawlen;    DEBUGASSERT(input_token.value != NULL);#ifdef HAVE_SPNEGO /* Handle SPNEGO */    if(checkprefix("Negotiate", header)) {      unsigned char  *spnegoToken       = NULL;      size_t          spnegoTokenLength = 0;      gss_buffer_desc mechToken         = GSS_C_EMPTY_BUFFER;      spnegoToken = malloc(input_token.length);      if(spnegoToken == NULL) {        Curl_safefree(input_token.value);        return CURLE_OUT_OF_MEMORY;      }      memcpy(spnegoToken, input_token.value, input_token.length);      spnegoTokenLength = input_token.length;      if(!parseSpnegoTargetToken(spnegoToken,                                 spnegoTokenLength,                                 NULL,                                 NULL,                                 (unsigned char**)&mechToken.value,                                 &mechToken.length,                                 NULL,                                 NULL)) {        Curl_safefree(spnegoToken);        infof(data, "Parse SPNEGO Target Token failed/n");      }      else if(!mechToken.value || !mechToken.length) {        Curl_safefree(spnegoToken);        if(mechToken.value)          gss_release_buffer(&discard_st, &mechToken);        infof(data, "Parse SPNEGO Target Token succeeded (NULL token)/n");      }      else {        Curl_safefree(spnegoToken);//.........这里部分代码省略.........

static CURLcode verify_certificate(struct connectdata *conn, int sockindex){  SECURITY_STATUS status;  struct SessionHandle *data = conn->data;  struct ssl_connect_data *connssl = &conn->ssl[sockindex];  CURLcode result = CURLE_OK;  CERT_CONTEXT *pCertContextServer = NULL;  const CERT_CHAIN_CONTEXT *pChainContext = NULL;  status = s_pSecFn->QueryContextAttributes(&connssl->ctxt->ctxt_handle,                                            SECPKG_ATTR_REMOTE_CERT_CONTEXT,                                            &pCertContextServer);  if((status != SEC_E_OK) || (pCertContextServer == NULL)) {    failf(data, "schannel: Failed to read remote certificate context: %s",          Curl_sspi_strerror(conn, status));    result = CURLE_PEER_FAILED_VERIFICATION;  }  if(result == CURLE_OK) {    CERT_CHAIN_PARA ChainPara;    memset(&ChainPara, 0, sizeof(ChainPara));    ChainPara.cbSize = sizeof(ChainPara);    if(!CertGetCertificateChain(NULL,                                pCertContextServer,                                NULL,                                pCertContextServer->hCertStore,                                &ChainPara,                                0,                                NULL,                                &pChainContext)) {      failf(data, "schannel: CertGetCertificateChain failed: %s",            Curl_sspi_strerror(conn, GetLastError()));      pChainContext = NULL;      result = CURLE_PEER_FAILED_VERIFICATION;    }    if(result == CURLE_OK) {      CERT_SIMPLE_CHAIN *pSimpleChain = pChainContext->rgpChain[0];      DWORD dwTrustErrorMask = ~(CERT_TRUST_IS_NOT_TIME_NESTED|                                 CERT_TRUST_REVOCATION_STATUS_UNKNOWN);      dwTrustErrorMask &= pSimpleChain->TrustStatus.dwErrorStatus;      if(dwTrustErrorMask) {        if(dwTrustErrorMask & CERT_TRUST_IS_PARTIAL_CHAIN)          failf(data, "schannel: CertGetCertificateChain trust error"                      " CERT_TRUST_IS_PARTIAL_CHAIN");        if(dwTrustErrorMask & CERT_TRUST_IS_UNTRUSTED_ROOT)          failf(data, "schannel: CertGetCertificateChain trust error"                      " CERT_TRUST_IS_UNTRUSTED_ROOT");        if(dwTrustErrorMask & CERT_TRUST_IS_NOT_TIME_VALID)          failf(data, "schannel: CertGetCertificateChain trust error"                      " CERT_TRUST_IS_NOT_TIME_VALID");        failf(data, "schannel: CertGetCertificateChain error mask: 0x%08x",              dwTrustErrorMask);        result = CURLE_PEER_FAILED_VERIFICATION;      }    }  }  if(result == CURLE_OK) {    if(data->set.ssl.verifyhost == 1) {      infof(data, "warning: ignoring unsupported value (1) ssl.verifyhost/n");    }    else if(data->set.ssl.verifyhost == 2) {      WCHAR cert_hostname[128];      WCHAR *hostname = Curl_convert_UTF8_to_wchar(conn->host.name);      DWORD len;      len = CertGetNameStringW(pCertContextServer,                               CERT_NAME_DNS_TYPE,                               0,                               NULL,                               cert_hostname,                               128);      if(len > 0 && cert_hostname[0] == '*') {        /* this is a wildcard cert.  try matching the last len - 1 chars */        int hostname_len = strlen(conn->host.name);        if(wcsicmp(cert_hostname + 1, hostname + hostname_len - len + 2) != 0)          result = CURLE_PEER_FAILED_VERIFICATION;      }      else if(len == 0 || wcsicmp(hostname, cert_hostname) != 0) {        result = CURLE_PEER_FAILED_VERIFICATION;      }      if(result == CURLE_PEER_FAILED_VERIFICATION) {        const char *_cert_hostname;        _cert_hostname = Curl_convert_wchar_to_UTF8(cert_hostname);        failf(data, "schannel: CertGetNameString() certificate hostname "              "(%s) did not match connection (%s)",              _cert_hostname, conn->host.name);        Curl_safefree((void *)_cert_hostname);      }      Curl_safefree(hostname);    }  }  if(pChainContext)    CertFreeCertificateChain(pChainContext);  if(pCertContextServer)//.........这里部分代码省略.........

/* * This is for creating ntlm header output */CURLcode Curl_output_ntlm(struct connectdata *conn,                          bool proxy){    char *base64 = NULL;    CURLcode error;    /* point to the address of the pointer that holds the string to send to the       server, which is for a plain host or for a HTTP proxy */    char **allocuserpwd;    /* point to the name and password for this */    const char *userp;    const char *passwdp;    /* point to the correct struct with this */    struct ntlmdata *ntlm;    struct auth *authp;    DEBUGASSERT(conn);    DEBUGASSERT(conn->data);#ifdef USE_NSS    if(CURLE_OK != Curl_nss_force_init(conn->data))        return CURLE_OUT_OF_MEMORY;#endif    if(proxy) {        allocuserpwd = &conn->allocptr.proxyuserpwd;        userp = conn->proxyuser;        passwdp = conn->proxypasswd;        ntlm = &conn->proxyntlm;        authp = &conn->data->state.authproxy;    }    else {        allocuserpwd = &conn->allocptr.userpwd;        userp = conn->user;        passwdp = conn->passwd;        ntlm = &conn->ntlm;        authp = &conn->data->state.authhost;    }    authp->done = FALSE;    /* not set means empty */    if(!userp)        userp = "";    if(!passwdp)        passwdp = "";#ifdef USE_WINDOWS_SSPI    if(s_hSecDll == NULL) {        /* not thread safe and leaks - use curl_global_init() to avoid */        CURLcode err = Curl_sspi_global_init();        if(s_hSecDll == NULL)            return err;    }#endif    switch(ntlm->state) {    case NTLMSTATE_TYPE1:    default: /* for the weird cases we (re)start here */        /* Create a type-1 message */        error = Curl_ntlm_create_type1_message(userp, passwdp, ntlm, &base64);        if(error)            return error;        if(base64) {            Curl_safefree(*allocuserpwd);            *allocuserpwd = aprintf("%sAuthorization: NTLM %s/r/n",                                    proxy ? "Proxy-" : "",                                    base64);            DEBUG_OUT(fprintf(stderr, "**** Header %s/n ", *allocuserpwd));            free(base64);        }        break;    case NTLMSTATE_TYPE2:        /* We already received the type-2 message, create a type-3 message */        error = Curl_ntlm_create_type3_message(conn->data, userp, passwdp,                                               ntlm, &base64);        if(error)            return error;        if(base64) {            Curl_safefree(*allocuserpwd);            *allocuserpwd = aprintf("%sAuthorization: NTLM %s/r/n",                                    proxy ? "Proxy-" : "",                                    base64);            DEBUG_OUT(fprintf(stderr, "**** %s/n ", *allocuserpwd));            free(base64);            ntlm->state = NTLMSTATE_TYPE3; /* we send a type-3 */            authp->done = TRUE;        }        break;    case NTLMSTATE_TYPE3://.........这里部分代码省略.........

//.........这里部分代码省略.........    InitSecBuffer(&inbuf[1], SECBUFFER_EMPTY, NULL, 0);    InitSecBufferDesc(&inbuf_desc, inbuf, 2);    /* setup output buffers */    InitSecBuffer(&outbuf[0], SECBUFFER_TOKEN, NULL, 0);    InitSecBuffer(&outbuf[1], SECBUFFER_ALERT, NULL, 0);    InitSecBufferDesc(&outbuf_desc, outbuf, 2);    if(inbuf[0].pvBuffer == NULL) {      failf(data, "schannel: unable to allocate memory");      return CURLE_OUT_OF_MEMORY;    }    /* copy received handshake data into input buffer */    memcpy(inbuf[0].pvBuffer, connssl->encdata_buffer,           connssl->encdata_offset);#ifdef UNICODE    host_name = Curl_convert_UTF8_to_wchar(conn->host.name);    if(!host_name)      return CURLE_OUT_OF_MEMORY;#else  host_name = conn->host.name;#endif    /* http://msdn.microsoft.com/en-us/library/windows/desktop/aa375924.aspx */    sspi_status = s_pSecFn->InitializeSecurityContext(      &connssl->cred->cred_handle, &connssl->ctxt->ctxt_handle,      host_name, connssl->req_flags, 0, 0, &inbuf_desc, 0, NULL,      &outbuf_desc, &connssl->ret_flags, &connssl->ctxt->time_stamp);#ifdef UNICODE    Curl_safefree(host_name);#endif    /* free buffer for received handshake data */    Curl_safefree(inbuf[0].pvBuffer);    /* check if the handshake was incomplete */    if(sspi_status == SEC_E_INCOMPLETE_MESSAGE) {      connssl->connecting_state = ssl_connect_2_reading;      infof(data, "schannel: received incomplete message, need more data/n");      return CURLE_OK;    }    /* check if the handshake needs to be continued */    if(sspi_status == SEC_I_CONTINUE_NEEDED || sspi_status == SEC_E_OK) {      for(i = 0; i < 2; i++) {        /* search for handshake tokens that need to be send */        if(outbuf[i].BufferType == SECBUFFER_TOKEN && outbuf[i].cbBuffer > 0) {          infof(data, "schannel: sending next handshake data: "                "sending %lu bytes.../n", outbuf[i].cbBuffer);          /* send handshake token to server */          code = Curl_write_plain(conn, conn->sock[sockindex],                                  outbuf[i].pvBuffer, outbuf[i].cbBuffer,                                  &written);          if((code != CURLE_OK) || (outbuf[i].cbBuffer != (size_t)written)) {            failf(data, "schannel: failed to send next handshake data: "                  "sent %zd of %lu bytes", written, outbuf[i].cbBuffer);            return CURLE_SSL_CONNECT_ERROR;          }        }        /* free obsolete buffer */

//.........这里部分代码省略.........      /* The server rejected our authentication and hasn't suppled any more         negotiation mechanisms */      return CURLE_LOGIN_DENIED;    }    /* We have to acquire credentials and allocate memory for the context */    neg_ctx->credentials = malloc(sizeof(CredHandle));    neg_ctx->context = malloc(sizeof(CtxtHandle));    if(!neg_ctx->credentials || !neg_ctx->context)      return CURLE_OUT_OF_MEMORY;    if(userp && *userp) {      /* Populate our identity structure */      result = Curl_create_sspi_identity(userp, passwdp, &neg_ctx->identity);      if(result)        return result;      /* Allow proper cleanup of the identity structure */      neg_ctx->p_identity = &neg_ctx->identity;    }    else      /* Use the current Windows user */      neg_ctx->p_identity = NULL;    /* Acquire our credientials handle */    neg_ctx->status =      s_pSecFn->AcquireCredentialsHandle(NULL,                                         (TCHAR *) TEXT(SP_NAME_NEGOTIATE),                                         SECPKG_CRED_OUTBOUND, NULL,                                         neg_ctx->p_identity, NULL, NULL,                                         neg_ctx->credentials, &expiry);    if(neg_ctx->status != SEC_E_OK)      return CURLE_LOGIN_DENIED;  }  else {    result = Curl_base64_decode(header,                                (unsigned char **)&input_token,                                &input_token_len);    if(result)      return result;    if(!input_token_len) {      infof(conn->data,            "Negotiate handshake failure (empty challenge message)/n");      return CURLE_BAD_CONTENT_ENCODING;    }  }  /* Setup the "output" security buffer */  out_buff_desc.ulVersion = SECBUFFER_VERSION;  out_buff_desc.cBuffers  = 1;  out_buff_desc.pBuffers  = &out_sec_buff;  out_sec_buff.BufferType = SECBUFFER_TOKEN;  out_sec_buff.pvBuffer   = neg_ctx->output_token;  out_sec_buff.cbBuffer   = curlx_uztoul(neg_ctx->token_max);  /* Setup the "input" security buffer if present */  if(input_token) {    in_buff_desc.ulVersion = SECBUFFER_VERSION;    in_buff_desc.cBuffers  = 1;    in_buff_desc.pBuffers  = &in_sec_buff;    in_sec_buff.BufferType = SECBUFFER_TOKEN;    in_sec_buff.pvBuffer   = input_token;    in_sec_buff.cbBuffer   = curlx_uztoul(input_token_len);  }  /* Generate our message */  neg_ctx->status = s_pSecFn->InitializeSecurityContext(    neg_ctx->credentials,    input_token ? neg_ctx->context : NULL,    neg_ctx->server_name,    ISC_REQ_CONFIDENTIALITY,    0,    SECURITY_NATIVE_DREP,    input_token ? &in_buff_desc : NULL,    0,    neg_ctx->context,    &out_buff_desc,    &attrs,    &expiry);  Curl_safefree(input_token);  if(GSS_ERROR(neg_ctx->status))    return CURLE_OUT_OF_MEMORY;  if(neg_ctx->status == SEC_I_COMPLETE_NEEDED ||     neg_ctx->status == SEC_I_COMPLETE_AND_CONTINUE) {    neg_ctx->status = s_pSecFn->CompleteAuthToken(neg_ctx->context,                                                  &out_buff_desc);    if(GSS_ERROR(neg_ctx->status))      return CURLE_RECV_ERROR;  }  neg_ctx->output_token_length = out_sec_buff.cbBuffer;  return CURLE_OK;}

static CURLcode gopher_do(struct connectdata *conn, bool *done){    CURLcode result=CURLE_OK;    struct SessionHandle *data=conn->data;    curl_socket_t sockfd = conn->sock[FIRSTSOCKET];    curl_off_t *bytecount = &data->req.bytecount;    char *path = data->state.path;    char *sel;    char *sel_org = NULL;    ssize_t amount, k;    *done = TRUE; /* unconditionally */    /* Create selector. Degenerate cases: / and /1 => convert to "" */    if(strlen(path) <= 2)        sel = (char *)"";    else {        char *newp;        size_t j, i;        int len;        /* Otherwise, drop / and the first character (i.e., item type) ... */        newp = path;        newp+=2;        /* ... then turn ? into TAB for search servers, Veronica, etc. ... */        j = strlen(newp);        for(i=0; i<j; i++)            if(newp[i] == '?')                newp[i] = '/x09';        /* ... and finally unescape */        sel = curl_easy_unescape(data, newp, 0, &len);        if(!sel)            return CURLE_OUT_OF_MEMORY;        sel_org = sel;    }    /* We use Curl_write instead of Curl_sendf to make sure the entire buffer is       sent, which could be sizeable with long selectors. */    k = curlx_uztosz(strlen(sel));    for(;;) {        result = Curl_write(conn, sockfd, sel, k, &amount);        if(CURLE_OK == result) { /* Which may not have written it all! */            result = Curl_client_write(conn, CLIENTWRITE_HEADER, sel, amount);            if(result) {                Curl_safefree(sel_org);                return result;            }            k -= amount;            sel += amount;            if(k < 1)                break; /* but it did write it all */        }        else {            failf(data, "Failed sending Gopher request");            Curl_safefree(sel_org);            return result;        }        /* Don't busyloop. The entire loop thing is a work-around as it causes a           BLOCKING behavior which is a NO-NO. This function should rather be           split up in a do and a doing piece where the pieces that aren't           possible to send now will be sent in the doing function repeatedly           until the entire request is sent.           Wait a while for the socket to be writable. Note that this doesn't           acknowledge the timeout.        */        Curl_socket_ready(CURL_SOCKET_BAD, sockfd, 100);    }    Curl_safefree(sel_org);    /* We can use Curl_sendf to send the terminal /r/n relatively safely and       save allocing another string/doing another _write loop. */    result = Curl_sendf(sockfd, conn, "/r/n");    if(result != CURLE_OK) {        failf(data, "Failed sending Gopher request");        return result;    }    result = Curl_client_write(conn, CLIENTWRITE_HEADER, (char *)"/r/n", 2);    if(result)        return result;    Curl_setup_transfer(conn, FIRSTSOCKET, -1, FALSE, bytecount,                        -1, NULL); /* no upload */    return CURLE_OK;}

/* * init_resolve_thread() starts a new thread that performs the actual * resolve. This function returns before the resolve is done. * * Returns FALSE in case of failure, otherwise TRUE. */static bool init_resolve_thread (struct connectdata *conn,                                 const char *hostname, int port,                                 const Curl_addrinfo *hints){  struct thread_data *td = calloc(sizeof(*td), 1);  HANDLE thread_and_event[2] = {0};  if (!td) {    SetLastError(ENOMEM);    return FALSE;  }  Curl_safefree(conn->async.hostname);  conn->async.hostname = strdup(hostname);  if (!conn->async.hostname) {    free(td);    SetLastError(ENOMEM);    return FALSE;  }  conn->async.port = port;  conn->async.done = FALSE;  conn->async.status = 0;  conn->async.dns = NULL;  conn->async.os_specific = (void*) td;  td->dummy_sock = CURL_SOCKET_BAD;  /* Create the mutex used to inform the resolver thread that we're   * still waiting, and take initial ownership.   */  td->mutex_waiting = CreateMutex(NULL, TRUE, NULL);  if (td->mutex_waiting == NULL) {    Curl_destroy_thread_data(&conn->async);    SetLastError(EAGAIN);    return FALSE;  }  /* Create the event that the thread uses to inform us that it's   * done resolving. Do not signal it.   */  td->event_resolved = CreateEvent(NULL, TRUE, FALSE, NULL);  if (td->event_resolved == NULL) {    Curl_destroy_thread_data(&conn->async);    SetLastError(EAGAIN);    return FALSE;  }  /* Create the mutex used to serialize access to event_terminated   * between us and resolver thread.   */  td->mutex_terminate = CreateMutex(NULL, FALSE, NULL);  if (td->mutex_terminate == NULL) {    Curl_destroy_thread_data(&conn->async);    SetLastError(EAGAIN);    return FALSE;  }  /* Create the event used to signal thread that it should terminate.   */  td->event_terminate = CreateEvent(NULL, TRUE, FALSE, NULL);  if (td->event_terminate == NULL) {    Curl_destroy_thread_data(&conn->async);    SetLastError(EAGAIN);    return FALSE;  }  /* Create the event used by thread to inform it has initialized its own data.   */  td->event_thread_started = CreateEvent(NULL, TRUE, FALSE, NULL);  if (td->event_thread_started == NULL) {    Curl_destroy_thread_data(&conn->async);    SetLastError(EAGAIN);    return FALSE;  }  td->stderr_file = stderr;#ifdef _WIN32_WCE  td->thread_hnd = (HANDLE) CreateThread(NULL, 0,                                         (LPTHREAD_START_ROUTINE) THREAD_FUNC,                                         conn, 0, &td->thread_id);#else  td->thread_hnd = (HANDLE) _beginthreadex(NULL, 0, THREAD_FUNC,                                           conn, 0, &td->thread_id);#endif#ifdef CURLRES_IPV6  curlassert(hints);  td->hints = *hints;#else  (void) hints;#endif  if (!td->thread_hnd) {     SetLastError(errno);     TRACE(("_beginthreadex() failed; %s/n", Curl_strerror(conn,errno)));     Curl_destroy_thread_data(&conn->async);//.........这里部分代码省略.........

/* * curl_easy_reset() is an external interface that allows an app to re- * initialize a session handle to the default values. */void curl_easy_reset(CURL *curl){  struct SessionHandle *data = (struct SessionHandle *)curl;  Curl_safefree(data->reqdata.pathbuffer);  data->reqdata.pathbuffer=NULL;  Curl_safefree(data->reqdata.proto.generic);  data->reqdata.proto.generic=NULL;  /* zero out UserDefined data: */  memset(&data->set, 0, sizeof(struct UserDefined));  /* zero out Progress data: */  memset(&data->progress, 0, sizeof(struct Progress));  /* init Handle data */  Curl_easy_initHandleData(data);  /* The remainder of these calls have been taken from Curl_open() */  data->set.out = stdout; /* default output to stdout */  data->set.in  = stdin;  /* default input from stdin */  data->set.err  = stderr;  /* default stderr to stderr */  /* use fwrite as default function to store output */  data->set.fwrite = (curl_write_callback)fwrite;  /* use fread as default function to read input */  data->set.fread = (curl_read_callback)fread;  data->set.infilesize = -1; /* we don't know any size */  data->set.postfieldsize = -1;  data->state.current_speed = -1; /* init to negative == impossible */  data->set.httpreq = HTTPREQ_GET; /* Default HTTP request */  data->set.ftp_use_epsv = TRUE;   /* FTP defaults to EPSV operations */  data->set.ftp_use_eprt = TRUE;   /* FTP defaults to EPRT operations */  data->set.dns_cache_timeout = 60; /* Timeout every 60 seconds by default */  /* make libcurl quiet by default: */  data->set.hide_progress = TRUE;  /* CURLOPT_NOPROGRESS changes these */  data->progress.flags |= PGRS_HIDE;  /* Set the default size of the SSL session ID cache */  data->set.ssl.numsessions = 5;  data->set.proxyport = 1080;  data->set.proxytype = CURLPROXY_HTTP; /* defaults to HTTP proxy */  data->set.httpauth = CURLAUTH_BASIC;  /* defaults to basic */  data->set.proxyauth = CURLAUTH_BASIC; /* defaults to basic */  /*   * libcurl 7.10 introduced SSL verification *by default*! This needs to be   * switched off unless wanted.   */  data->set.ssl.verifypeer = TRUE;  data->set.ssl.verifyhost = 2;#ifdef CURL_CA_BUNDLE  /* This is our prefered CA cert bundle since install time */  data->set.ssl.CAfile = (char *)CURL_CA_BUNDLE;#endif}

CURLcode Curl_output_digest(struct connectdata *conn,                            bool proxy,                            const unsigned char *request,                            const unsigned char *uripath){  /* We have a Digest setup for this, use it!  Now, to get all the details for     this sorted out, I must urge you dear friend to read up on the RFC2617     section 3.2.2, */  unsigned char md5buf[16]; /* 16 bytes/128 bits */  unsigned char request_digest[33];  unsigned char *md5this;  unsigned char *ha1;  unsigned char ha2[33];/* 32 digits and 1 zero byte */  char cnoncebuf[7];  char *cnonce;  char *tmp = NULL;  struct timeval now;  char **allocuserpwd;  char *userp;  char *passwdp;  struct auth *authp;  struct SessionHandle *data = conn->data;  struct digestdata *d;#ifdef CURL_DOES_CONVERSIONS  CURLcode rc;/* The CURL_OUTPUT_DIGEST_CONV macro below is for non-ASCII machines.   It converts digest text to ASCII so the MD5 will be correct for    what ultimately goes over the network.*/#define CURL_OUTPUT_DIGEST_CONV(a, b) /  rc = Curl_convert_to_network(a, (char *)b, strlen((const char*)b)); /  if (rc != CURLE_OK) { /    free(b); /    return rc; /  }#else#define CURL_OUTPUT_DIGEST_CONV(a, b)#endif /* CURL_DOES_CONVERSIONS */  if(proxy) {    d = &data->state.proxydigest;    allocuserpwd = &conn->allocptr.proxyuserpwd;    userp = conn->proxyuser;    passwdp = conn->proxypasswd;    authp = &data->state.authproxy;  }  else {    d = &data->state.digest;    allocuserpwd = &conn->allocptr.userpwd;    userp = conn->user;    passwdp = conn->passwd;    authp = &data->state.authhost;  }  if (*allocuserpwd) {    Curl_safefree(*allocuserpwd);    *allocuserpwd = NULL;  }  /* not set means empty */  if(!userp)    userp=(char *)"";  if(!passwdp)    passwdp=(char *)"";  if(!d->nonce) {    authp->done = FALSE;    return CURLE_OK;  }  authp->done = TRUE;  if(!d->nc)    d->nc = 1;  if(!d->cnonce) {    /* Generate a cnonce */    now = Curl_tvnow();    snprintf(cnoncebuf, sizeof(cnoncebuf), "%06ld", now.tv_sec);    if(Curl_base64_encode(data, cnoncebuf, strlen(cnoncebuf), &cnonce))      d->cnonce = cnonce;    else      return CURLE_OUT_OF_MEMORY;  }  /*    if the algorithm is "MD5" or unspecified (which then defaults to MD5):    A1 = unq(username-value) ":" unq(realm-value) ":" passwd    if the algorithm is "MD5-sess" then:    A1 = H( unq(username-value) ":" unq(realm-value) ":" passwd )         ":" unq(nonce-value) ":" unq(cnonce-value)  */  md5this = (unsigned char *)    aprintf("%s:%s:%s", userp, d->realm, passwdp);//.........这里部分代码省略.........

CURLcode Curl_pin_peer_pubkey(struct Curl_easy *data,                              const char *pinnedpubkey,                              const unsigned char *pubkey, size_t pubkeylen){  FILE *fp;  unsigned char *buf = NULL, *pem_ptr = NULL;  long filesize;  size_t size, pem_len;  CURLcode pem_read;  CURLcode result = CURLE_SSL_PINNEDPUBKEYNOTMATCH;#ifdef curlssl_sha256sum  CURLcode encode;  size_t encodedlen, pinkeylen;  char *encoded, *pinkeycopy, *begin_pos, *end_pos;  unsigned char *sha256sumdigest = NULL;#endif  /* if a path wasn't specified, don't pin */  if(!pinnedpubkey)    return CURLE_OK;  if(!pubkey || !pubkeylen)    return result;  /* only do this if pinnedpubkey starts with "sha256//", length 8 */  if(strncmp(pinnedpubkey, "sha256//", 8) == 0) {#ifdef curlssl_sha256sum    /* compute sha256sum of public key */    sha256sumdigest = malloc(SHA256_DIGEST_LENGTH);    if(!sha256sumdigest)      return CURLE_OUT_OF_MEMORY;    curlssl_sha256sum(pubkey, pubkeylen,                      sha256sumdigest, SHA256_DIGEST_LENGTH);    encode = Curl_base64_encode(data, (char *)sha256sumdigest,                                SHA256_DIGEST_LENGTH, &encoded, &encodedlen);    Curl_safefree(sha256sumdigest);    if(encode)      return encode;    infof(data, "/t public key hash: sha256//%s/n", encoded);    /* it starts with sha256//, copy so we can modify it */    pinkeylen = strlen(pinnedpubkey) + 1;    pinkeycopy = malloc(pinkeylen);    if(!pinkeycopy) {      Curl_safefree(encoded);      return CURLE_OUT_OF_MEMORY;    }    memcpy(pinkeycopy, pinnedpubkey, pinkeylen);    /* point begin_pos to the copy, and start extracting keys */    begin_pos = pinkeycopy;    do {      end_pos = strstr(begin_pos, ";sha256//");      /*       * if there is an end_pos, null terminate,       * otherwise it'll go to the end of the original string       */      if(end_pos)        end_pos[0] = '/0';      /* compare base64 sha256 digests, 8 is the length of "sha256//" */      if(encodedlen == strlen(begin_pos + 8) &&         !memcmp(encoded, begin_pos + 8, encodedlen)) {        result = CURLE_OK;        break;      }      /*       * change back the null-terminator we changed earlier,       * and look for next begin       */      if(end_pos) {        end_pos[0] = ';';        begin_pos = strstr(end_pos, "sha256//");      }    } while(end_pos && begin_pos);    Curl_safefree(encoded);    Curl_safefree(pinkeycopy);#else    /* without sha256 support, this cannot match */    (void)data;#endif    return result;  }  fp = fopen(pinnedpubkey, "rb");  if(!fp)    return result;  do {    /* Determine the file's size */    if(fseek(fp, 0, SEEK_END))      break;    filesize = ftell(fp);    if(fseek(fp, 0, SEEK_SET))      break;    if(filesize < 0 || filesize > MAX_PINNED_PUBKEY_SIZE)      break;    /*//.........这里部分代码省略.........

int formparse(struct Configurable *config,              const char *input,              struct curl_httppost **httppost,              struct curl_httppost **last_post,              bool literal_value){  /* nextarg MUST be a string in the format 'name=contents' and we'll     build a linked list with the info */  char name[256];  char *contents = NULL;  char major[128];  char minor[128];  char *contp;  const char *type = NULL;  char *sep;  char *sep2;  if((1 == sscanf(input, "%255[^=]=", name)) &&     ((contp = strchr(input, '=')) != NULL)) {    /* the input was using the correct format */    /* Allocate the contents */    contents = strdup(contp+1);    if(!contents) {      fprintf(config->errors, "out of memory/n");      return 1;    }    contp = contents;    if('@' == contp[0] && !literal_value) {      /* we use the @-letter to indicate file name(s) */      struct multi_files *multi_start = NULL;      struct multi_files *multi_current = NULL;      contp++;      do {        /* since this was a file, it may have a content-type specifier           at the end too, or a filename. Or both. */        char *ptr;        char *filename = NULL;        sep = strchr(contp, FORM_TYPE_SEPARATOR);        sep2 = strchr(contp, FORM_FILE_SEPARATOR);        /* pick the closest */        if(sep2 && (sep2 < sep)) {          sep = sep2;          /* no type was specified! */        }        type = NULL;        if(sep) {          /* if we got here on a comma, don't do much */          if(FORM_FILE_SEPARATOR == *sep)            ptr = NULL;          else            ptr = sep+1;          *sep = '/0'; /* terminate file name at separator */          while(ptr && (FORM_FILE_SEPARATOR!= *ptr)) {            /* pass all white spaces */            while(ISSPACE(*ptr))              ptr++;            if(checkprefix("type=", ptr)) {              /* set type pointer */              type = &ptr[5];              /* verify that this is a fine type specifier */              if(2 != sscanf(type, "%127[^/]/%127[^;,/n]",                             major, minor)) {                warnf(config, "Illegally formatted content-type field!/n");                Curl_safefree(contents);                FreeMultiInfo(&multi_start, &multi_current);                return 2; /* illegal content-type syntax! */              }              /* now point beyond the content-type specifier */              sep = (char *)type + strlen(major)+strlen(minor)+1;              /* there's a semicolon following - we check if it is a filename                 specified and if not we simply assume that it is text that                 the user wants included in the type and include that too up                 to the next zero or semicolon. */              if((*sep==';') && !checkprefix(";filename=", sep)) {                sep2 = strchr(sep+1, ';');                if(sep2)                  sep = sep2;                else                  sep = sep + strlen(sep); /* point to end of string */              }//.........这里部分代码省略.........

/* * Output an HTTP MAC Authorization header. */CURLcode Curl_output_mac(struct connectdata *conn,                         bool proxy,                         const unsigned char *request,                         const unsigned char *uripath,                         struct curl_oauth2_token *token){  /* Please refer to draft-ietf-oauth-v2-http-mac for all the juicy     details about HTTP MAC construction. */  struct timeval now;  char ts[12];  char nonce[33];  long nonceval = 0;  size_t noncesz = 0;  char *nreq = NULL;  char **allocuserpwd;  struct auth *authp;  struct SessionHandle *data = conn->data;  const char *hosthdr = NULL, *hosthdrp1 = NULL, *hosthdrp2 = NULL;  char *hostname = NULL;  unsigned long port = 0;  const char *ext = data->set.str[STRING_HTTP_MAC_EXT];  bool extprovided = (ext != 0);  char *extinfo;  const HMAC_params *params;  HMAC_context *ctxt;  char digest[32];            /* The max of result_len is enough. */  char *mac = NULL;  size_t macsz = 0;  CURLcode rc;/* The CURL_OUTPUT_MAC_CONV macro below is for non-ASCII machines.   It converts digest text to ASCII so the MAC will be correct for   what ultimately goes over the network.*/#define CURL_OUTPUT_MAC_CONV(a, b) /  rc = Curl_convert_to_network(a, (char *)b, strlen((const char*)b)); /  if(rc != CURLE_OK) { /    free(b); /    goto cleanup; /  }  /* Check that we have the proper kind of token. */  if(token->token_type != CURL_OAUTH2_TOKEN_TYPE_MAC) {    return CURLE_OAUTH2_TOKEN_MALFORMAT;  }  /* Select the right Authorization field to fill in depending on     whether we're talking to a proxy or the remote host. */  if(proxy) {    allocuserpwd = &conn->allocptr.proxyuserpwd;    authp = &data->state.authproxy;  }  else {    allocuserpwd = &conn->allocptr.userpwd;    authp = &data->state.authhost;  }  if(*allocuserpwd) {    Curl_safefree(*allocuserpwd);    *allocuserpwd = NULL;  }  authp->done = TRUE;  /* Generate a timestamp from a monotically increasing source whose     origin does not change. */  now = curlx_tvgettimeofday();#ifdef DELTA_EPOCH_IN_SECS  now.tv_sec -= DELTA_EPOCH_IN_SECS;#endif  snprintf(ts, sizeof(ts) - 1, "%ld", (long)now.tv_sec);  ts[sizeof(ts) - 1] = '/0';  /* Generate a nonce that is unique for that timestamp */  nonceval = (long)now.tv_sec + now.tv_usec;  for(noncesz = 0; nonceval && noncesz < sizeof(nonce) - 1; ++noncesz) {    int base = "/x08/x10/x0a/x1a"[noncesz % 4];    nonce[noncesz] = "0123456789abcdefghijklmnopqrstuvwxyz"[nonceval % base];    nonceval /= base;  }  nonce[noncesz] = '/0';  /* Find hostname and port in headers, do not use the connection data. */  hosthdr = conn->allocptr.host;  if(!hosthdr) {    hosthdr = Curl_checkheaders(data, "Host:");  }  if(!hosthdr) {    rc = CURLE_HTTP_MAC_INVALID_HOST;    goto cleanup;  }//.........这里部分代码省略.........

int Curl_schannel_shutdown(struct connectdata *conn, int sockindex){  /* See http://msdn.microsoft.com/en-us/library/windows/desktop/aa380138.aspx   * Shutting Down an Schannel Connection   */  struct SessionHandle *data = conn->data;  struct ssl_connect_data *connssl = &conn->ssl[sockindex];  infof(data, "schannel: shutting down SSL/TLS connection with %s port %hu/n",        conn->host.name, conn->remote_port);  if(connssl->ctxt) {    SecBufferDesc BuffDesc;    SecBuffer Buffer;    SECURITY_STATUS sspi_status;    SecBuffer outbuf;    SecBufferDesc outbuf_desc;    CURLcode code;    TCHAR *host_name;    DWORD dwshut = SCHANNEL_SHUTDOWN;    InitSecBuffer(&Buffer, SECBUFFER_TOKEN, &dwshut, sizeof(dwshut));    InitSecBufferDesc(&BuffDesc, &Buffer, 1);    sspi_status = s_pSecFn->ApplyControlToken(&connssl->ctxt->ctxt_handle,                                              &BuffDesc);    if(sspi_status != SEC_E_OK)      failf(data, "schannel: ApplyControlToken failure: %s",            Curl_sspi_strerror(conn, sspi_status));#ifdef UNICODE    host_name = Curl_convert_UTF8_to_wchar(conn->host.name);    if(!host_name)      return CURLE_OUT_OF_MEMORY;#else    host_name = conn->host.name;#endif    /* setup output buffer */    InitSecBuffer(&outbuf, SECBUFFER_EMPTY, NULL, 0);    InitSecBufferDesc(&outbuf_desc, &outbuf, 1);    sspi_status = s_pSecFn->InitializeSecurityContext(         &connssl->cred->cred_handle,         &connssl->ctxt->ctxt_handle,         host_name,         connssl->req_flags,         0,         0,         NULL,         0,         &connssl->ctxt->ctxt_handle,         &outbuf_desc,         &connssl->ret_flags,         &connssl->ctxt->time_stamp);#ifdef UNICODE    Curl_safefree(host_name);#endif    if((sspi_status == SEC_E_OK) || (sspi_status == SEC_I_CONTEXT_EXPIRED)) {      /* send close message which is in output buffer */      ssize_t written;      code = Curl_write_plain(conn, conn->sock[sockindex], outbuf.pvBuffer,                              outbuf.cbBuffer, &written);      s_pSecFn->FreeContextBuffer(outbuf.pvBuffer);      if((code != CURLE_OK) || (outbuf.cbBuffer != (size_t)written)) {        infof(data, "schannel: failed to send close msg: %s"              " (bytes written: %zd)/n", curl_easy_strerror(code), written);      }    }    /* free SSPI Schannel API security context handle */    if(connssl->ctxt) {      s_pSecFn->DeleteSecurityContext(&connssl->ctxt->ctxt_handle);      Curl_safefree(connssl->ctxt);    }  }  /* free internal buffer for received encrypted data */  if(connssl->encdata_buffer != NULL) {    Curl_safefree(connssl->encdata_buffer);    connssl->encdata_length = 0;    connssl->encdata_offset = 0;  }  /* free internal buffer for received decrypted data */  if(connssl->decdata_buffer != NULL) {    Curl_safefree(connssl->decdata_buffer);    connssl->decdata_length = 0;    connssl->decdata_offset = 0;  }  return CURLE_OK;}

/* * Curl_sasl_create_digest_md5_message() * * This is used to generate an already encoded DIGEST-MD5 response message * ready for sending to the recipient. * * Parameters: * * data    [in]     - The session handle. * chlg64  [in]     - Pointer to the base64 encoded challenge message. * userp   [in]     - The user name. * passdwp [in]     - The user's password. * service [in]     - The service type such as www, smtp, pop or imap. * outptr  [in/out] - The address where a pointer to newly allocated memory *                    holding the result will be stored upon completion. * outlen  [out]    - The length of the output message. * * Returns CURLE_OK on success. */CURLcode Curl_sasl_create_digest_md5_message(struct SessionHandle *data,                                             const char *chlg64,                                             const char *userp,                                             const char *passwdp,                                             const char *service,                                             char **outptr, size_t *outlen){  CURLcode result = CURLE_OK;  TCHAR *spn = NULL;  size_t chlglen = 0;  size_t token_max = 0;  unsigned char *input_token = NULL;  unsigned char *output_token = NULL;  CredHandle credentials;  CtxtHandle context;  PSecPkgInfo SecurityPackage;  SEC_WINNT_AUTH_IDENTITY identity;  SEC_WINNT_AUTH_IDENTITY *p_identity;  SecBuffer chlg_buf;  SecBuffer resp_buf;  SecBufferDesc chlg_desc;  SecBufferDesc resp_desc;  SECURITY_STATUS status;  unsigned long attrs;  TimeStamp expiry; /* For Windows 9x compatibility of SSPI calls */  /* Decode the base-64 encoded challenge message */  if(strlen(chlg64) && *chlg64 != '=') {    result = Curl_base64_decode(chlg64, &input_token, &chlglen);    if(result)      return result;  }  /* Ensure we have a valid challenge message */  if(!input_token)    return CURLE_BAD_CONTENT_ENCODING;  /* Query the security package for DigestSSP */  status = s_pSecFn->QuerySecurityPackageInfo((TCHAR *) TEXT(SP_NAME_DIGEST),                                              &SecurityPackage);  if(status != SEC_E_OK) {    Curl_safefree(input_token);    return CURLE_NOT_BUILT_IN;  }  token_max = SecurityPackage->cbMaxToken;  /* Release the package buffer as it is not required anymore */  s_pSecFn->FreeContextBuffer(SecurityPackage);  /* Allocate our response buffer */  output_token = malloc(token_max);  if(!output_token) {    Curl_safefree(input_token);    return CURLE_OUT_OF_MEMORY;  }  /* Generate our SPN */  spn = Curl_sasl_build_spn(service, data->easy_conn->host.name);  if(!spn) {    Curl_safefree(output_token);    Curl_safefree(input_token);    return CURLE_OUT_OF_MEMORY;  }  if(userp && *userp) {    /* Populate our identity structure */    result = Curl_create_sspi_identity(userp, passwdp, &identity);    if(result) {      Curl_safefree(spn);      Curl_safefree(output_token);      Curl_safefree(input_token);      return result;    }    /* Allow proper cleanup of the identity structure */    p_identity = &identity;//.........这里部分代码省略.........

static CURLcodeschannel_connect_step1(struct connectdata *conn, int sockindex){  ssize_t written = -1;  struct SessionHandle *data = conn->data;  struct ssl_connect_data *connssl = &conn->ssl[sockindex];  SecBuffer outbuf;  SecBufferDesc outbuf_desc;  SCHANNEL_CRED schannel_cred;  SECURITY_STATUS sspi_status = SEC_E_OK;  struct curl_schannel_cred *old_cred = NULL;  struct in_addr addr;#ifdef ENABLE_IPV6  struct in6_addr addr6;#endif  TCHAR *host_name;  CURLcode code;  infof(data, "schannel: SSL/TLS connection with %s port %hu (step 1/3)/n",        conn->host.name, conn->remote_port);  /* check for an existing re-usable credential handle */  if(!Curl_ssl_getsessionid(conn, (void**)&old_cred, NULL)) {    connssl->cred = old_cred;    infof(data, "schannel: re-using existing credential handle/n");  }  else {    /* setup Schannel API options */    memset(&schannel_cred, 0, sizeof(schannel_cred));    schannel_cred.dwVersion = SCHANNEL_CRED_VERSION;    if(data->set.ssl.verifypeer) {#ifdef _WIN32_WCE      /* certificate validation on CE doesn't seem to work right; we'll         do it following a more manual process. */      schannel_cred.dwFlags = SCH_CRED_MANUAL_CRED_VALIDATION |                              SCH_CRED_IGNORE_NO_REVOCATION_CHECK |                              SCH_CRED_IGNORE_REVOCATION_OFFLINE;#else      schannel_cred.dwFlags = SCH_CRED_AUTO_CRED_VALIDATION |                              SCH_CRED_REVOCATION_CHECK_CHAIN;#endif      infof(data, "schannel: checking server certificate revocation/n");    }    else {      schannel_cred.dwFlags = SCH_CRED_MANUAL_CRED_VALIDATION |                              SCH_CRED_IGNORE_NO_REVOCATION_CHECK |                              SCH_CRED_IGNORE_REVOCATION_OFFLINE;      infof(data, "schannel: disable server certificate revocation checks/n");    }    if(Curl_inet_pton(AF_INET, conn->host.name, &addr) ||#ifdef ENABLE_IPV6       Curl_inet_pton(AF_INET6, conn->host.name, &addr6) ||#endif       data->set.ssl.verifyhost < 2) {      schannel_cred.dwFlags |= SCH_CRED_NO_SERVERNAME_CHECK;      infof(data, "schannel: using IP address, disable SNI servername "            "check/n");    }    switch(data->set.ssl.version) {      case CURL_SSLVERSION_TLSv1:        schannel_cred.grbitEnabledProtocols = SP_PROT_TLS1_0_CLIENT |                                              SP_PROT_TLS1_1_CLIENT |                                              SP_PROT_TLS1_2_CLIENT;        break;      case CURL_SSLVERSION_SSLv3:        schannel_cred.grbitEnabledProtocols = SP_PROT_SSL3_CLIENT;        break;      case CURL_SSLVERSION_SSLv2:        schannel_cred.grbitEnabledProtocols = SP_PROT_SSL2_CLIENT;        break;    }    /* allocate memory for the re-usable credential handle */    connssl->cred = malloc(sizeof(struct curl_schannel_cred));    if(!connssl->cred) {      failf(data, "schannel: unable to allocate memory");      return CURLE_OUT_OF_MEMORY;    }    memset(connssl->cred, 0, sizeof(struct curl_schannel_cred));    /* http://msdn.microsoft.com/en-us/library/windows/desktop/aa374716.aspx */    sspi_status = s_pSecFn->AcquireCredentialsHandle(NULL, (void *)UNISP_NAME,      SECPKG_CRED_OUTBOUND, NULL, &schannel_cred, NULL, NULL,      &connssl->cred->cred_handle, &connssl->cred->time_stamp);    if(sspi_status != SEC_E_OK) {      if(sspi_status == SEC_E_WRONG_PRINCIPAL)        failf(data, "schannel: SNI or certificate check failed: %s",              Curl_sspi_strerror(conn, sspi_status));      else        failf(data, "schannel: AcquireCredentialsHandle failed: %s",              Curl_sspi_strerror(conn, sspi_status));      Curl_safefree(connssl->cred);      return CURLE_SSL_CONNECT_ERROR;    }  }//.........这里部分代码省略.........

//.........这里部分代码省略.........      /* Populate our identity structure */      result = Curl_create_sspi_identity(userp, passwdp, &krb5->identity);      if(result)        return result;      /* Allow proper cleanup of the identity structure */      krb5->p_identity = &krb5->identity;    }    else      /* Use the current Windows user */      krb5->p_identity = NULL;    /* Allocate our credentials handle */    krb5->credentials = malloc(sizeof(CredHandle));    if(!krb5->credentials)      return CURLE_OUT_OF_MEMORY;    memset(krb5->credentials, 0, sizeof(CredHandle));    /* Acquire our credentials handle */    status = s_pSecFn->AcquireCredentialsHandle(NULL,                                                (TCHAR *)                                                TEXT(SP_NAME_KERBEROS),                                                SECPKG_CRED_OUTBOUND, NULL,                                                krb5->p_identity, NULL, NULL,                                                krb5->credentials, &expiry);    if(status != SEC_E_OK)      return CURLE_LOGIN_DENIED;    /* Allocate our new context handle */    krb5->context = malloc(sizeof(CtxtHandle));    if(!krb5->context)      return CURLE_OUT_OF_MEMORY;    memset(krb5->context, 0, sizeof(CtxtHandle));  }  else {    /* Decode the base-64 encoded challenge message */    if(strlen(chlg64) && *chlg64 != '=') {      result = Curl_base64_decode(chlg64, &chlg, &chlglen);      if(result)        return result;    }    /* Ensure we have a valid challenge message */    if(!chlg)      return CURLE_BAD_CONTENT_ENCODING;    /* Setup the challenge "input" security buffer */    chlg_desc.ulVersion = SECBUFFER_VERSION;    chlg_desc.cBuffers  = 1;    chlg_desc.pBuffers  = &chlg_buf;    chlg_buf.BufferType = SECBUFFER_TOKEN;    chlg_buf.pvBuffer   = chlg;    chlg_buf.cbBuffer   = curlx_uztoul(chlglen);  }  /* Setup the response "output" security buffer */  resp_desc.ulVersion = SECBUFFER_VERSION;  resp_desc.cBuffers  = 1;  resp_desc.pBuffers  = &resp_buf;  resp_buf.BufferType = SECBUFFER_TOKEN;  resp_buf.pvBuffer   = krb5->output_token;  resp_buf.cbBuffer   = curlx_uztoul(krb5->token_max);  /* Generate our challenge-response message */  status = s_pSecFn->InitializeSecurityContext(krb5->credentials,                                               chlg ? krb5->context : NULL,                                               krb5->spn,                                               (mutual_auth ?                                                 ISC_REQ_MUTUAL_AUTH : 0),                                               0, SECURITY_NATIVE_DREP,                                               chlg ? &chlg_desc : NULL, 0,                                               &context,                                               &resp_desc, &attrs,                                               &expiry);  if(status != SEC_E_OK && status != SEC_I_CONTINUE_NEEDED) {    Curl_safefree(chlg);    return CURLE_RECV_ERROR;  }  if(memcmp(&context, krb5->context, sizeof(context))) {    s_pSecFn->DeleteSecurityContext(krb5->context);    memcpy(krb5->context, &context, sizeof(context));  }  if(resp_buf.cbBuffer) {    /* Base64 encode the response */    result = Curl_base64_encode(data, (char *)resp_buf.pvBuffer,                                resp_buf.cbBuffer, outptr, outlen);  }  /* Free the decoded challenge */  Curl_safefree(chlg);  return result;}

static CURLcode smtp_authenticate(struct connectdata *conn){  CURLcode result = CURLE_OK;  struct smtp_conn *smtpc = &conn->proto.smtpc;  char * initresp;  const char * mech;  size_t l;  smtpstate state1;  smtpstate state2;  if(!conn->bits.user_passwd)    state(conn, SMTP_STOP);             /* End of connect phase. */  else {    initresp = (char *) NULL;    l = 1;    /* Check supported authentication mechanisms by decreasing order of       preference. */    mech = (const char *) NULL;         /* Avoid compiler warnings. */    state1 = SMTP_STOP;    state2 = SMTP_STOP;#ifndef CURL_DISABLE_CRYPTO_AUTH    if(smtpc->authmechs & SMTP_AUTH_CRAM_MD5) {      mech = "CRAM-MD5";      state1 = SMTP_AUTHCRAM;    }    else#endif    if(smtpc->authmechs & SMTP_AUTH_PLAIN) {      mech = "PLAIN";      state1 = SMTP_AUTHPLAIN;      state2 = SMTP_AUTH;      l = smtp_auth_plain_data(conn, &initresp);    }    else if(smtpc->authmechs & SMTP_AUTH_LOGIN) {      mech = "LOGIN";      state1 = SMTP_AUTHLOGIN;      state2 = SMTP_AUTHPASSWD;      l = smtp_auth_login_user(conn, &initresp);    }    else {      infof(conn->data, "No known auth mechanisms supported!/n");      result = CURLE_LOGIN_DENIED;      /* Other mechanisms not supported. */    }    if(!result) {      if(!l)        result = CURLE_OUT_OF_MEMORY;      else if(initresp &&              l + strlen(mech) <= 512 - 8) {   /* AUTH <mech> ...<crlf> */        result = Curl_pp_sendf(&smtpc->pp, "AUTH %s %s", mech, initresp);        free(initresp);        if(!result)          state(conn, state2);      }      else {        Curl_safefree(initresp);        result = Curl_pp_sendf(&smtpc->pp, "AUTH %s", mech);        if(!result)          state(conn, state1);      }    }  }  return result;}