curl-library
[PATCH 1/6] Add macros for common GSS-API mechs and pass them appropriately
From: Michael Osipov <1983-01-06_at_gmx.net>
Date: Thu, 17 Jul 2014 15:47:24 +0200
Date: Thu, 17 Jul 2014 15:47:24 +0200
- Macros: KRB5_MECHANISM and SPNEGO_MECHANISM called from
HTTP, FTP and SOCKS on Unix
--- lib/curl_gssapi.c | 20 +++++++++----------- lib/curl_gssapi.h | 18 +++++++++++++----- lib/http_negotiate.c | 2 +- lib/krb5.c | 2 +- lib/socks_gssapi.c | 2 +- 5 files changed, 25 insertions(+), 19 deletions(-) diff --git a/lib/curl_gssapi.c b/lib/curl_gssapi.c index a86762a..7a2f84a 100644 --- a/lib/curl_gssapi.c +++ b/lib/curl_gssapi.c @@ -27,22 +27,21 @@ #include "curl_gssapi.h" #include "sendf.h" -static const char spnego_OID[] = "\x2b\x06\x01\x05\x05\x02"; -static const gss_OID_desc gss_mech_spnego = { - 6, - &spnego_OID -}; +static const char spengo_oid_bytes[] = "\x2b\x06\x01\x05\x05\x02"; +gss_OID_desc spnego_mech_oid = { 6, &spengo_oid_bytes }; +static const char krb5_oid_bytes[] = "\x2a\x86\x48\x86\xf7\x12\x01\x02\x02"; +gss_OID_desc krb5_mech_oid = { 9, &krb5_oid_bytes }; OM_uint32 Curl_gss_init_sec_context( struct SessionHandle *data, - OM_uint32 * minor_status, - gss_ctx_id_t * context, + OM_uint32 *minor_status, + gss_ctx_id_t *context, gss_name_t target_name, - bool use_spnego, + gss_OID mech_type, gss_channel_bindings_t input_chan_bindings, gss_buffer_t input_token, gss_buffer_t output_token, - OM_uint32 * ret_flags) + OM_uint32 *ret_flags) { OM_uint32 req_flags = GSS_C_MUTUAL_FLAG | GSS_C_REPLAY_FLAG; @@ -62,8 +61,7 @@ OM_uint32 Curl_gss_init_sec_context( GSS_C_NO_CREDENTIAL, /* cred_handle */ context, target_name, - use_spnego ? (gss_OID)&gss_mech_spnego : - GSS_C_NO_OID, + mech_type, req_flags, 0, /* time_req */ input_chan_bindings, diff --git a/lib/curl_gssapi.h b/lib/curl_gssapi.h index 5af7a02..ff752d5 100644 --- a/lib/curl_gssapi.h +++ b/lib/curl_gssapi.h @@ -39,19 +39,27 @@ # include <gssapi.h> #endif +#ifndef SPNEGO_MECHANISM +CURL_EXTERN gss_OID_desc spnego_mech_oid; +#define SPNEGO_MECHANISM &spnego_mech_oid +#endif +#ifndef KRB5_MECHANISM +CURL_EXTERN gss_OID_desc krb5_mech_oid; +#define KRB5_MECHANISM &krb5_mech_oid +#endif -/* Common method for using gss api */ +/* Common method for using GSS-API */ OM_uint32 Curl_gss_init_sec_context( struct SessionHandle *data, - OM_uint32 * minor_status, - gss_ctx_id_t * context, + OM_uint32 *minor_status, + gss_ctx_id_t *context, gss_name_t target_name, - bool use_spnego, + gss_OID mech_type, gss_channel_bindings_t input_chan_bindings, gss_buffer_t input_token, gss_buffer_t output_token, - OM_uint32 * ret_flags); + OM_uint32 *ret_flags); #endif /* HAVE_GSSAPI */ diff --git a/lib/http_negotiate.c b/lib/http_negotiate.c index bbad0b4..dc2bb38 100644 --- a/lib/http_negotiate.c +++ b/lib/http_negotiate.c @@ -184,7 +184,7 @@ int Curl_input_negotiate(struct connectdata *conn, bool proxy, &minor_status, &neg_ctx->context, neg_ctx->server_name, - TRUE, + SPNEGO_MECHANISM, GSS_C_NO_CHANNEL_BINDINGS, &input_token, &output_token, diff --git a/lib/krb5.c b/lib/krb5.c index 9a36af1..10a79aa 100644 --- a/lib/krb5.c +++ b/lib/krb5.c @@ -236,7 +236,7 @@ krb5_auth(void *app_data, struct connectdata *conn) &min, context, gssname, - FALSE, + KRB5_MECHANISM, &chan, gssresp, &output_buffer, diff --git a/lib/socks_gssapi.c b/lib/socks_gssapi.c index 0a35dfa..dd955d6 100644 --- a/lib/socks_gssapi.c +++ b/lib/socks_gssapi.c @@ -181,7 +181,7 @@ CURLcode Curl_SOCKS5_gssapi_negotiate(int sockindex, &gss_minor_status, &gss_context, server, - FALSE, + KRB5_MECHANISM, NULL, gss_token, &gss_send_token, -- 2.0.0 ------------------------------------------------------------------- List admin: http://cool.haxx.se/list/listinfo/curl-library Etiquette: http://curl.haxx.se/mail/etiquette.htmlReceived on 2014-07-17