curl-library
Re: [PATCH] SF bug #1302: HTTP Auth Negotiate sends Kerberos token instead of SPNEGO token
Date: Mon, 14 Jul 2014 10:22:43 +0200
Am 2014-07-13 22:22, schrieb David Woodhouse:
> On Sun, 2014-07-13 at 11:31 +0200, Michael Osipov wrote:
>>
>> Please have a look:
>> https://github.com/michael-o/curl/commit/b78ad621d45f537dfde745e961427257f1e1fc2d
>>
>> Work is based on top of your patches.
>
> That really wants splitting into individual patches to make it readable.
That should not be a big problem with Git, I need to figure out how ;-)
Just realized that the SSPI code is broken now as it uses the same
structs. Need to fix that first.
> You can't put the OID bytes into the definition as you have; you'll get
> complaints about const pointers in some implementations. There was a
> reason I had them separate.
I wasn't aware of that nuances across implementations. So you
improvement looks like:
static const char[] spengo_oid_bytes = "\x2b\x06\x01\x05\x05\x02";
gss_OID_desc spnego_mech_oid = { 6, &spengo_oid_bytes };
static const char[] krb5_oid_bytes = "\x2a\x86\x48\x86\xf7\x12\x01\x02\x02";
gss_OID_desc krb5_mech_oid = { 9, &krb5_oid_bytes };
> And in fact I think you don't need to export them. Just make an enum for
> SPNEGO/NTLM/KRB5 and let the caller pass that in, and then you use it to
> select the appropriate OID within curl_gssapi.c. And in the SSPI
> version, which we want to be called identically, that same enum actually
> translates into an appropriate *string* argument to
> AcquireCredentalsHandle().
>
Like enum gss_mech { SPNEGO, KRB5, NTLM }?
Did you get a chance to thing about the context looping improvements,
because the SSPI implementation looks somewhat different?
Michael
-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette: http://curl.haxx.se/mail/etiquette.html
Received on 2014-07-14