curl-library
[patch RFC] An option to set Kerberos service name
Date: Tue, 28 Jun 2011 18:52:36 -0600
Dear All:
This may be a case when code needs little explanation. Basically all
I want is to set the service name in http_negotiate.c, and the rest
is just my attempts to come up with some way to do it. I am not at
all sure this is the best way to accomlish it, therefore RFC.
Greetings,
-- Pete
diff -urp -X dontdiff.curl curl-7.21.6-2/include/curl/curl.h curl-7.21.6-2-p3/include/curl/curl.h
--- curl-7.21.6-2/include/curl/curl.h 2011-04-22 11:01:50.000000000 -0600
+++ curl-7.21.6-2-p3/include/curl/curl.h 2011-06-28 16:42:41.513379450 -0600
@@ -1476,6 +1476,9 @@ typedef enum {
*/
CINIT(TRANSFER_ENCODING, LONG, 207),
+ /* Usually HTTP_at_host.domain, but not always. */
+ CINIT(KRBSVCNAME, OBJECTPOINT, 208),
+
CURLOPT_LASTENTRY /* the last unused */
} CURLoption;
diff -urp -X dontdiff.curl curl-7.21.6-2/lib/http_negotiate.c curl-7.21.6-2-p3/lib/http_negotiate.c
--- curl-7.21.6-2/lib/http_negotiate.c 2011-04-22 11:01:50.000000000 -0600
+++ curl-7.21.6-2-p3/lib/http_negotiate.c 2011-06-28 17:01:38.636756659 -0600
@@ -77,18 +77,25 @@ get_gss_name(struct connectdata *conn, b
/* IIS uses the <service>@<fqdn> form but uses 'http' as the service name */
- if(neg_ctx->gss)
- service = "KHTTP";
- else
- service = "HTTP";
+ service = conn->data->set.str[STRING_KRB_SVCNAME];
+ if(service && (strchr(service,'@') || strchr(service,'/'))) {
+ snprintf(name, sizeof(name), "%s", service);
+ } else {
+ if(service == NULL) {
+ if(neg_ctx->gss)
+ service = "KHTTP";
+ else
+ service = "HTTP";
+ }
- token.length = strlen(service) + 1 + strlen(proxy ? conn->proxy.name :
- conn->host.name) + 1;
- if(token.length + 1 > sizeof(name))
- return EMSGSIZE;
+ token.length = strlen(service) + 1 + strlen(proxy ? conn->proxy.name :
+ conn->host.name) + 1;
+ if(token.length + 1 > sizeof(name))
+ return EMSGSIZE;
- snprintf(name, sizeof(name), "%s@%s", service, proxy ? conn->proxy.name :
- conn->host.name);
+ snprintf(name, sizeof(name), "%s@%s", service, proxy ? conn->proxy.name :
+ conn->host.name);
+ }
token.value = (void *) name;
major_status = gss_import_name(&minor_status,
diff -urp -X dontdiff.curl curl-7.21.6-2/lib/url.c curl-7.21.6-2-p3/lib/url.c
--- curl-7.21.6-2/lib/url.c 2011-06-21 13:46:22.000000000 -0600
+++ curl-7.21.6-2-p3/lib/url.c 2011-06-28 16:41:58.814412806 -0600
@@ -1992,6 +1992,14 @@ CURLcode Curl_setopt(struct SessionHandl
va_arg(param, char *));
data->set.krb = (bool)(NULL != data->set.str[STRING_KRB_LEVEL]);
break;
+ case CURLOPT_KRBSVCNAME:
+ /*
+ * A string that defines the kerberos service name, such as KHTTP.
+ */
+ result = setstropt(&data->set.str[STRING_KRB_SVCNAME],
+ va_arg(param, char *));
+ // data->set.krbsvcname = data->set.str[STRING_KRB_LEVEL];
+ break;
case CURLOPT_SSL_VERIFYPEER:
/*
* Enable peer SSL verifying.
diff -urp -X dontdiff.curl curl-7.21.6-2/lib/urldata.h curl-7.21.6-2-p3/lib/urldata.h
--- curl-7.21.6-2/lib/urldata.h 2011-04-22 11:01:50.000000000 -0600
+++ curl-7.21.6-2-p3/lib/urldata.h 2011-06-28 17:02:40.237379275 -0600
@@ -1284,6 +1284,7 @@ enum dupstring {
STRING_KEY_PASSWD, /* plain text private key password */
STRING_KEY_TYPE, /* format for private key (default: PEM) */
STRING_KRB_LEVEL, /* krb security level */
+ STRING_KRB_SVCNAME, /* krb service */
STRING_NETRC_FILE, /* if not NULL, use this instead of trying to find
$HOME/.netrc */
STRING_COPYPOSTFIELDS, /* if POST, set the fields' values here */
diff -urp -X dontdiff.curl curl-7.21.6-2/src/main.c curl-7.21.6-2-p3/src/main.c
--- curl-7.21.6-2/src/main.c 2011-04-22 11:01:50.000000000 -0600
+++ curl-7.21.6-2-p3/src/main.c 2011-06-28 17:28:43.156496495 -0600
@@ -551,6 +551,7 @@ struct Configurable {
bool crlf;
char *customrequest;
char *krblevel;
+ char *krbsvcname;
char *trace_dump; /* file to dump the network trace to, or NULL */
FILE *trace_stream;
bool trace_fopened;
@@ -828,6 +829,7 @@ static void help(void)
" --key <key> Private key file name (SSL/SSH)",
" --key-type <type> Private key file type (DER/PEM/ENG) (SSL)",
" --krb <level> Enable Kerberos with specified security level (F)",
+ " --krb-svc-name <name> Set Kerberos name of service (H)",
" --libcurl <file> Dump libcurl equivalent code of this command line",
" --limit-rate <rate> Limit transfer speed to this rate",
" -J/--remote-header-name Use the header-provided filename (H)",
@@ -1864,6 +1866,7 @@ static ParameterError getparameter(char
{"$h", "retry-delay", TRUE},
{"$i", "retry-max-time", TRUE},
{"$k", "proxy-negotiate", FALSE},
+ {"$l", "krb-svc-name", TRUE},
{"$m", "ftp-account", TRUE},
{"$n", "proxy-anyauth", FALSE},
{"$o", "trace-time", FALSE},
@@ -2344,13 +2347,15 @@ static ParameterError getparameter(char
if(str2num(&config->retry_maxtime, nextarg))
return PARAM_BAD_NUMERIC;
break;
-
case 'k': /* --proxy-negotiate */
if(curlinfo->features & CURL_VERSION_GSSNEGOTIATE)
config->proxynegotiate = toggle;
else
return PARAM_LIBCURL_DOESNT_SUPPORT;
break;
+ case 'l': /* --krb-svc-name */
+ GetStr(&config->krbsvcname, nextarg);
+ break;
case 'm': /* --ftp-account */
GetStr(&config->ftp_account, nextarg);
break;
@@ -4048,6 +4053,8 @@ static void free_config_fields(struct Co
free(config->cookiefile);
if(config->krblevel)
free(config->krblevel);
+ if(config->krbsvcname)
+ free(config->krbsvcname);
if(config->headerfile)
free(config->headerfile);
if(config->ftpport)
@@ -5333,6 +5340,7 @@ operate(struct Configurable *config, int
my_setopt(curl, CURLOPT_HTTPPROXYTUNNEL, config->proxytunnel);
my_setopt_str(curl, CURLOPT_INTERFACE, config->iface);
my_setopt_str(curl, CURLOPT_KRBLEVEL, config->krblevel);
+ my_setopt_str(curl, CURLOPT_KRBSVCNAME, config->krbsvcname);
progressbarinit(&progressbar, config);
if((config->progressmode == CURL_PROGRESS_BAR) &&
-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette: http://curl.haxx.se/mail/etiquette.html
Received on 2011-06-29