From 4347ce74b0001c002cb449b8dd63819634e980ae Mon Sep 17 00:00:00 2001
From: Rob Crittenden <rcritten@redhat.com>
Date: Sep 16 2020 15:31:07 +0000
Subject: Add Referer header option to the submit-h API


This will allow IPA API requests that require the Referer header
to be set.

---

diff --git a/src/dogtag.c b/src/dogtag.c
index faf81f9..d36ac00 100644
--- a/src/dogtag.c
+++ b/src/dogtag.c
@@ -691,7 +691,7 @@ main(int argc, const char **argv)
 	/* Submit the form(s). */
 	hctx = NULL;
 	while (url != NULL) {
-		hctx = cm_submit_h_init(ctx, method, url, params, NULL, NULL,
+		hctx = cm_submit_h_init(ctx, method, url, params, NULL, NULL, NULL,
 					cainfo, capath, sslcert, sslkey, sslpin,
 					cm_submit_h_negotiate_off,
 					cm_submit_h_delegate_off,
diff --git a/src/scep.c b/src/scep.c
index c74ca57..e384e8d 100644
--- a/src/scep.c
+++ b/src/scep.c
@@ -496,7 +496,7 @@ main(int argc, const char **argv)
 	}
 
 	/* Submit the first request. */
-	hctx = cm_submit_h_init(ctx, "GET", url, params, NULL, NULL,
+	hctx = cm_submit_h_init(ctx, "GET", url, params, NULL, NULL, NULL,
 				cainfo, NULL, NULL, NULL, NULL,
 				cm_submit_h_negotiate_off,
 				cm_submit_h_delegate_off,
@@ -593,7 +593,7 @@ main(int argc, const char **argv)
 	}
 	/* Submit a second HTTP request if we have one to make. */
 	if (params2 != NULL) {
-		hctx = cm_submit_h_init(ctx, "GET", url, params2, NULL, NULL,
+		hctx = cm_submit_h_init(ctx, "GET", url, params2, NULL, NULL, NULL,
 					NULL, NULL, NULL, NULL, NULL,
 					cm_submit_h_negotiate_off,
 					cm_submit_h_delegate_off,
@@ -794,7 +794,7 @@ main(int argc, const char **argv)
 						 OP_GET_CA_CERT
 						 "&message=%d", i++);
 			hctx = cm_submit_h_init(ctx, "GET", url, params,
-						NULL, NULL, NULL, NULL,
+						NULL, NULL, NULL, NULL, NULL,
 						NULL, NULL, NULL,
 						cm_submit_h_negotiate_off,
 						cm_submit_h_delegate_off,
diff --git a/src/submit-d.c b/src/submit-d.c
index 3adaa4a..f1877c3 100644
--- a/src/submit-d.c
+++ b/src/submit-d.c
@@ -1188,7 +1188,7 @@ restart:
 		fprintf(stderr, "url = \"%s%s%s\"\n", uri,
 		        params ? "?" : "", params ? params : "");
 	}
-	hctx = cm_submit_h_init(ctx, method, uri, params, NULL, NULL,
+	hctx = cm_submit_h_init(ctx, method, uri, params, NULL, NULL, NULL,
 				cainfo, capath, sslcert, sslkey, sslpin,
 				cm_submit_h_negotiate_off,
 				cm_submit_h_delegate_off,
diff --git a/src/submit-h.c b/src/submit-h.c
index 9b507db..c04909b 100644
--- a/src/submit-h.c
+++ b/src/submit-h.c
@@ -51,7 +51,7 @@
 struct cm_submit_h_context {
 	int ret;
 	long response_code;
-	char *method, *uri, *args, *accept, *ctype, *cainfo, *capath, *result;
+	char *method, *uri, *args, *accept, *ctype, *referer, *cainfo, *capath, *result;
 	int result_length;
 	char *sslcert, *sslkey, *sslpass;
 	enum cm_submit_h_opt_negotiate negotiate;
@@ -66,7 +66,7 @@ struct cm_submit_h_context *
 cm_submit_h_init(void *parent,
 		 const char *method, const char *uri, const char *args,
 		 const char *content_type, const char *accept,
-		 const char *cainfo, const char *capath,
+		 const char *referer, const char *cainfo, const char *capath,
 		 const char *sslcert, const char *sslkey, const char *sslpass,
 		 enum cm_submit_h_opt_negotiate neg,
 		 enum cm_submit_h_opt_delegate del,
@@ -84,6 +84,7 @@ cm_submit_h_init(void *parent,
 		ctx->ctype = content_type ?
 			     talloc_strdup(ctx, content_type) :
 			     NULL;
+		ctx->referer = referer ? talloc_strdup(ctx, referer) : NULL;
 		ctx->accept = accept ? talloc_strdup(ctx, accept) : NULL;
 		ctx->cainfo = cainfo ? talloc_strdup(ctx, cainfo) : NULL;
 		ctx->capath = capath ? talloc_strdup(ctx, capath) : NULL;
@@ -180,10 +181,11 @@ cm_submit_h_run(struct cm_submit_h_context *ctx)
 			}
 		}
 		if (ctx->negotiate == cm_submit_h_negotiate_on) {
-#if defined(CURLOPT_HTTPAUTH) && defined(CURLAUTH_GSSNEGOTIATE)
+#if defined(CURLAUTH_NEGOTIATE)
 			curl_easy_setopt(ctx->curl,
 					 CURLOPT_HTTPAUTH,
-					 CURLAUTH_GSSNEGOTIATE);
+					 CURLAUTH_NEGOTIATE);
+			curl_easy_setopt(ctx->curl, CURLOPT_USERPWD, ":");
 #else
 			cm_log(-1,
 			       "warning: libcurl doesn't appear to support "
@@ -243,6 +245,14 @@ cm_submit_h_run(struct cm_submit_h_context *ctx)
 							    header);
 			}
 		}
+		if (ctx->referer != NULL) {
+			header = talloc_asprintf(ctx, "Referer: %s",
+						 ctx->referer);
+			if (header != NULL) {
+				headers = curl_slist_append(headers,
+							    header);
+			}
+		}
 		curl_easy_setopt(ctx->curl, CURLOPT_HTTPHEADER, headers);
 		curl_easy_setopt(ctx->curl, CURLOPT_WRITEFUNCTION,
 				 append_result);
@@ -415,7 +425,7 @@ main(int argc, const char **argv)
 	}
 
 	ctx = cm_submit_h_init(NULL, method, url, poptGetArg(pctx),
-			       ctype, accept,
+			       ctype, accept, NULL,
 			       cainfo, capath, sslcert, sslkey, sslpass,
 			       negotiate, negotiate_delegate,
 			       clientauth, cm_submit_h_env_modify_on,
diff --git a/src/submit-h.h b/src/submit-h.h
index 931cc89..b33544a 100644
--- a/src/submit-h.h
+++ b/src/submit-h.h
@@ -45,6 +45,7 @@ struct cm_submit_h_context *cm_submit_h_init(void *parent,
 					     const char *args,
 					     const char *content_type,
 					     const char *accept,
+					     const char *referer,
 					     const char *cainfo,
 					     const char *capath,
 					     const char *sslcert,