cURL / Mailing Lists / curl-library / Single Mail

curl-library

Re: [PATCH ] Add new options negotiate-gssapi=service and proxy-negotiate-gssapi-service

From: Arunav Sanyal <arunav.sanyal91_at_gmail.com>
Date: Thu, 19 Sep 2013 14:52:33 +0530

Hi Markus

>The spnego code can be removed as the newer (I think now more than 5
years) Kerberos libraries support spnego natively . I added that with
fbopenssl as a library ( I assume you mean the code with HAVE_SPNEGO )

No the SPNEGO code cannot be removed. SPNEGO is a different rfc from
gssapi. I use the MIT kerberos library 1.11 which is pretty recent as it
is. fbopenssl's job is to convert tokens from one rfc to another. I know
this because I use both the libraries every single day in my organization.

>I don’ t understand this. I only set the default values in url.c don’t I

No you do not. reuse_conn is a very important function. its a static
declaration. Take this piece of code for instance.

conn->bits.user_passwd = old_conn->bits.user_passwd;
  if(conn->bits.user_passwd) {
    /* use the new user name and password though */
    Curl_safefree(conn->user);
    Curl_safefree(conn->passwd);
    conn->user = old_conn->user;
    conn->passwd = old_conn->passwd;
    old_conn->user = NULL;
    old_conn->passwd = NULL;
  }

here the username and password fields are copied. You need to explicitly
copy your new service principal string. Otherwise there will be cases in
which your code will break terribly.

If you want, I can add a patch from your variables on top of that.

-- 
Arunav Sanyal
Graduate student
B.E (Hons) Computer Science
BITS Pilani K.K Birla Goa Campus
Software Engineer
INFORMATICA BUSINESS SOLUTIONS

-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette: http://curl.haxx.se/mail/etiquette.html
Received on 2013-09-19