curl-library
[PATCH 1/6] Add macros for common GSS-API mechs and pass them appropriately
From: Michael Osipov <1983-01-06_at_gmx.net>
Date: Thu, 17 Jul 2014 15:47:24 +0200
Date: Thu, 17 Jul 2014 15:47:24 +0200
- Macros: KRB5_MECHANISM and SPNEGO_MECHANISM called from
HTTP, FTP and SOCKS on Unix
---
lib/curl_gssapi.c | 20 +++++++++-----------
lib/curl_gssapi.h | 18 +++++++++++++-----
lib/http_negotiate.c | 2 +-
lib/krb5.c | 2 +-
lib/socks_gssapi.c | 2 +-
5 files changed, 25 insertions(+), 19 deletions(-)
diff --git a/lib/curl_gssapi.c b/lib/curl_gssapi.c
index a86762a..7a2f84a 100644
--- a/lib/curl_gssapi.c
+++ b/lib/curl_gssapi.c
@@ -27,22 +27,21 @@
#include "curl_gssapi.h"
#include "sendf.h"
-static const char spnego_OID[] = "\x2b\x06\x01\x05\x05\x02";
-static const gss_OID_desc gss_mech_spnego = {
- 6,
- &spnego_OID
-};
+static const char spengo_oid_bytes[] = "\x2b\x06\x01\x05\x05\x02";
+gss_OID_desc spnego_mech_oid = { 6, &spengo_oid_bytes };
+static const char krb5_oid_bytes[] = "\x2a\x86\x48\x86\xf7\x12\x01\x02\x02";
+gss_OID_desc krb5_mech_oid = { 9, &krb5_oid_bytes };
OM_uint32 Curl_gss_init_sec_context(
struct SessionHandle *data,
- OM_uint32 * minor_status,
- gss_ctx_id_t * context,
+ OM_uint32 *minor_status,
+ gss_ctx_id_t *context,
gss_name_t target_name,
- bool use_spnego,
+ gss_OID mech_type,
gss_channel_bindings_t input_chan_bindings,
gss_buffer_t input_token,
gss_buffer_t output_token,
- OM_uint32 * ret_flags)
+ OM_uint32 *ret_flags)
{
OM_uint32 req_flags = GSS_C_MUTUAL_FLAG | GSS_C_REPLAY_FLAG;
@@ -62,8 +61,7 @@ OM_uint32 Curl_gss_init_sec_context(
GSS_C_NO_CREDENTIAL, /* cred_handle */
context,
target_name,
- use_spnego ? (gss_OID)&gss_mech_spnego :
- GSS_C_NO_OID,
+ mech_type,
req_flags,
0, /* time_req */
input_chan_bindings,
diff --git a/lib/curl_gssapi.h b/lib/curl_gssapi.h
index 5af7a02..ff752d5 100644
--- a/lib/curl_gssapi.h
+++ b/lib/curl_gssapi.h
@@ -39,19 +39,27 @@
# include <gssapi.h>
#endif
+#ifndef SPNEGO_MECHANISM
+CURL_EXTERN gss_OID_desc spnego_mech_oid;
+#define SPNEGO_MECHANISM &spnego_mech_oid
+#endif
+#ifndef KRB5_MECHANISM
+CURL_EXTERN gss_OID_desc krb5_mech_oid;
+#define KRB5_MECHANISM &krb5_mech_oid
+#endif
-/* Common method for using gss api */
+/* Common method for using GSS-API */
OM_uint32 Curl_gss_init_sec_context(
struct SessionHandle *data,
- OM_uint32 * minor_status,
- gss_ctx_id_t * context,
+ OM_uint32 *minor_status,
+ gss_ctx_id_t *context,
gss_name_t target_name,
- bool use_spnego,
+ gss_OID mech_type,
gss_channel_bindings_t input_chan_bindings,
gss_buffer_t input_token,
gss_buffer_t output_token,
- OM_uint32 * ret_flags);
+ OM_uint32 *ret_flags);
#endif /* HAVE_GSSAPI */
diff --git a/lib/http_negotiate.c b/lib/http_negotiate.c
index bbad0b4..dc2bb38 100644
--- a/lib/http_negotiate.c
+++ b/lib/http_negotiate.c
@@ -184,7 +184,7 @@ int Curl_input_negotiate(struct connectdata *conn, bool proxy,
&minor_status,
&neg_ctx->context,
neg_ctx->server_name,
- TRUE,
+ SPNEGO_MECHANISM,
GSS_C_NO_CHANNEL_BINDINGS,
&input_token,
&output_token,
diff --git a/lib/krb5.c b/lib/krb5.c
index 9a36af1..10a79aa 100644
--- a/lib/krb5.c
+++ b/lib/krb5.c
@@ -236,7 +236,7 @@ krb5_auth(void *app_data, struct connectdata *conn)
&min,
context,
gssname,
- FALSE,
+ KRB5_MECHANISM,
&chan,
gssresp,
&output_buffer,
diff --git a/lib/socks_gssapi.c b/lib/socks_gssapi.c
index 0a35dfa..dd955d6 100644
--- a/lib/socks_gssapi.c
+++ b/lib/socks_gssapi.c
@@ -181,7 +181,7 @@ CURLcode Curl_SOCKS5_gssapi_negotiate(int sockindex,
&gss_minor_status,
&gss_context,
server,
- FALSE,
+ KRB5_MECHANISM,
NULL,
gss_token,
&gss_send_token,
--
2.0.0
-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette: http://curl.haxx.se/mail/etiquette.html
Received on 2014-07-17