curl-library
[PATCH 4/6] Deprecate GSS-Negotiate related macros due to bad naming
From: Michael Osipov <1983-01-06_at_gmx.net>
Date: Thu, 17 Jul 2014 15:47:27 +0200
Date: Thu, 17 Jul 2014 15:47:27 +0200
- Replace CURLAUTH_GSSNEGOTIATE with CURLAUTH_NEGOTIATE
- CURL_VERSION_GSSNEGOTIATE is deprecated which
is served by CURL_VERSION_SSPI, CURL_VERSION_GSSAPI and
CURUL_VERSION_SPNEGO now.
- Remove display of feature 'GSS-Negotiate'
No macros were removed but deprecated and replaced with new ones.
---
configure.ac | 17 ++++++++++++-----
include/curl/curl.h | 14 ++++++++++----
lib/curl_setup.h | 2 ++
lib/http.c | 12 ++++++------
lib/url.c | 8 ++++----
lib/version.c | 12 ++++++------
src/tool_getparam.c | 14 ++++++++------
src/tool_help.c | 8 ++++----
8 files changed, 52 insertions(+), 35 deletions(-)
diff --git a/configure.ac b/configure.ac
index e289aa9..939c26e 100644
--- a/configure.ac
+++ b/configure.ac
@@ -1248,7 +1248,7 @@ else
fi
if test x"$want_gss" = xyes; then
AC_DEFINE(HAVE_GSSAPI, 1, [if you have GSS-API libraries])
-
+ HAVE_GSSAPI=1
curl_gss_msg="enabled (MIT Kerberos/Heimdal)"
if test -n "$gnu_gss"; then
@@ -3352,8 +3352,18 @@ fi
if test "x$USE_WINDOWS_SSPI" = "x1"; then
SUPPORT_FEATURES="$SUPPORT_FEATURES SSPI"
fi
+
+if test "x$HAVE_GSSAPI" = "x1"; then
+ SUPPORT_FEATURES="$SUPPORT_FEATURES GSS-API"
+fi
+
+if test "x$CURL_DISABLE_CRYPTO_AUTH" != "x1" -a \
+ \( "x$HAVE_GSSAPI" = "x1" -o "x$USE_WINDOWS_SSPI" = "x1" \); then
+ SUPPORT_FEATURES="$SUPPORT_FEATURES SPNEGO"
+fi
+
if test "x$CURL_DISABLE_HTTP" != "x1" -a \
- "x$CURL_DISABLE_CRYPTO_AUTH" != "x1"; then
+ "x$CURL_DISABLE_CRYPTO_AUTH" != "x1"; then
if test "x$USE_SSLEAY" = "x1" -o "x$USE_WINDOWS_SSPI" = "x1" \
-o "x$GNUTLS_ENABLED" = "x1" -o "x$NSS_ENABLED" = "x1" \
-o "x$DARWINSSL_ENABLED" = "x1"; then
@@ -3370,9 +3380,6 @@ fi
if test "x$USE_NGHTTP2" = "x1"; then
SUPPORT_FEATURES="$SUPPORT_FEATURES HTTP2"
fi
-if test "x$HAVE_GSSAPI" = "x1"; then
- SUPPORT_FEATURES="$SUPPORT_FEATURES GSS-API"
-fi
AC_SUBST(SUPPORT_FEATURES)
diff --git a/include/curl/curl.h b/include/curl/curl.h
index ce80e40..b7f3110 100644
--- a/include/curl/curl.h
+++ b/include/curl/curl.h
@@ -619,7 +619,8 @@ typedef enum {
* CURLAUTH_NONE - No HTTP authentication
* CURLAUTH_BASIC - HTTP Basic authentication (default)
* CURLAUTH_DIGEST - HTTP Digest authentication
- * CURLAUTH_GSSNEGOTIATE - HTTP GSS-Negotiate authentication
+ * CURLAUTH_NEGOTIATE - HTTP Negotiate (SPNEGO) authentication
+ * CURLAUTH_GSSNEGOTIATE - Defaults to CURLAUTH_NEGOTIATE (deprecated)
* CURLAUTH_NTLM - HTTP NTLM authentication
* CURLAUTH_DIGEST_IE - HTTP Digest authentication with IE flavour
* CURLAUTH_NTLM_WB - HTTP NTLM authentication delegated to winbind helper
@@ -632,7 +633,11 @@ typedef enum {
#define CURLAUTH_NONE ((unsigned long)0)
#define CURLAUTH_BASIC (((unsigned long)1)<<0)
#define CURLAUTH_DIGEST (((unsigned long)1)<<1)
-#define CURLAUTH_GSSNEGOTIATE (((unsigned long)1)<<2)
+#define CURLAUTH_NEGOTIATE (((unsigned long)1)<<2)
+/* TODO Add "CURLAUTH_SPNEGO (((unsigned long)1)<<2)"
+ when SPNEGO is used not only for HTTP */
+/* Deprecated since the advent of CURLAUTH_NEGOTIATE */
+#define CURLAUTH_GSSNEGOTIATE CURLAUTH_NEGOTIATE
#define CURLAUTH_NTLM (((unsigned long)1)<<3)
#define CURLAUTH_DIGEST_IE (((unsigned long)1)<<4)
#define CURLAUTH_NTLM_WB (((unsigned long)1)<<5)
@@ -2231,10 +2236,11 @@ typedef struct {
#define CURL_VERSION_SSL (1<<2) /* SSL options are present */
#define CURL_VERSION_LIBZ (1<<3) /* libz features are present */
#define CURL_VERSION_NTLM (1<<4) /* NTLM auth is supported */
-#define CURL_VERSION_GSSNEGOTIATE (1<<5) /* Negotiate auth support */
+#define CURL_VERSION_GSSNEGOTIATE (1<<5) /* Negotiate auth support
+ (deprecated) */
#define CURL_VERSION_DEBUG (1<<6) /* built with debug capabilities */
#define CURL_VERSION_ASYNCHDNS (1<<7) /* asynchronous dns resolves */
-#define CURL_VERSION_SPNEGO (1<<8) /* SPNEGO auth */
+#define CURL_VERSION_SPNEGO (1<<8) /* SPNEGO auth is supported */
#define CURL_VERSION_LARGEFILE (1<<9) /* supports files bigger than 2GB */
#define CURL_VERSION_IDN (1<<10) /* International Domain Names support */
#define CURL_VERSION_SSPI (1<<11) /* SSPI is supported */
diff --git a/lib/curl_setup.h b/lib/curl_setup.h
index 7618b56..b938db3 100644
--- a/lib/curl_setup.h
+++ b/lib/curl_setup.h
@@ -610,7 +610,9 @@ int netware_init(void);
#if !defined(CURL_DISABLE_CRYPTO_AUTH) && \
(defined(HAVE_GSSAPI) || defined(USE_WINDOWS_SSPI))
+/* TODO Deprecate or replace when SPNEGO is used not only for HTTP */
#define USE_HTTP_NEGOTIATE
+#define USE_SPNEGO
#endif
/* Single point where USE_NTLM definition might be done */
diff --git a/lib/http.c b/lib/http.c
index 8cd15de..a5d9137 100644
--- a/lib/http.c
+++ b/lib/http.c
@@ -328,8 +328,8 @@ static bool pickoneauth(struct auth *pick)
/* The order of these checks is highly relevant, as this will be the order
of preference in case of the existence of multiple accepted types. */
- if(avail & CURLAUTH_GSSNEGOTIATE)
- pick->picked = CURLAUTH_GSSNEGOTIATE;
+ if(avail & CURLAUTH_NEGOTIATE)
+ pick->picked = CURLAUTH_NEGOTIATE;
else if(avail & CURLAUTH_DIGEST)
pick->picked = CURLAUTH_DIGEST;
else if(avail & CURLAUTH_NTLM)
@@ -569,7 +569,7 @@ output_auth_headers(struct connectdata *conn,
#ifdef USE_HTTP_NEGOTIATE
negdata->state = GSS_AUTHNONE;
- if((authstatus->picked == CURLAUTH_GSSNEGOTIATE) &&
+ if((authstatus->picked == CURLAUTH_NEGOTIATE) &&
negdata->context && !GSS_ERROR(negdata->status)) {
auth="Negotiate";
result = Curl_output_negotiate(conn, proxy);
@@ -774,10 +774,10 @@ CURLcode Curl_http_input_auth(struct connectdata *conn, bool proxy,
#ifdef USE_HTTP_NEGOTIATE
if(checkprefix("Negotiate", auth)) {
int neg;
- *availp |= CURLAUTH_GSSNEGOTIATE;
- authp->avail |= CURLAUTH_GSSNEGOTIATE;
+ *availp |= CURLAUTH_NEGOTIATE;
+ authp->avail |= CURLAUTH_NEGOTIATE;
- if(authp->picked == CURLAUTH_GSSNEGOTIATE) {
+ if(authp->picked == CURLAUTH_NEGOTIATE) {
if(negdata->state == GSS_AUTHSENT || negdata->state == GSS_AUTHNONE) {
neg = Curl_input_negotiate(conn, proxy, auth);
if(neg == 0) {
diff --git a/lib/url.c b/lib/url.c
index 1d05975..2272b3a 100644
--- a/lib/url.c
+++ b/lib/url.c
@@ -1268,8 +1268,8 @@ CURLcode Curl_setopt(struct SessionHandle *data, CURLoption option,
auth &= ~CURLAUTH_NTLM_WB; /* no NTLM_WB support */
#endif
#ifndef USE_HTTP_NEGOTIATE
- auth &= ~CURLAUTH_GSSNEGOTIATE; /* no GSS-Negotiate without GSSAPI or
- WINDOWS_SSPI */
+ auth &= ~CURLAUTH_NEGOTIATE; /* no Negotiate (SPNEGO) auth without
+ GSS-API or SSPI */
#endif
/* check if any auth bit lower than CURLAUTH_ONLY is still set */
@@ -1356,8 +1356,8 @@ CURLcode Curl_setopt(struct SessionHandle *data, CURLoption option,
auth &= ~CURLAUTH_NTLM_WB; /* no NTLM_WB support */
#endif
#ifndef USE_HTTP_NEGOTIATE
- auth &= ~CURLAUTH_GSSNEGOTIATE; /* no GSS-Negotiate without GSSAPI or
- WINDOWS_SSPI */
+ auth &= ~CURLAUTH_NEGOTIATE; /* no Negotiate (SPNEGO) auth without
+ GSS-API or SSPI */
#endif
/* check if any auth bit lower than CURLAUTH_ONLY is still set */
diff --git a/lib/version.c b/lib/version.c
index 3d26a54..788f3e9 100644
--- a/lib/version.c
+++ b/lib/version.c
@@ -250,15 +250,18 @@ static curl_version_info_data version_info = {
#if defined(USE_NTLM) && defined(NTLM_WB_ENABLED)
| CURL_VERSION_NTLM_WB
#endif
+#ifdef USE_SPNEGO
+ | CURL_VERSION_SPNEGO
+#endif
+#ifdef HAVE_GSSAPI
+ | CURL_VERSION_GSSAPI
+#endif
#ifdef USE_WINDOWS_SSPI
| CURL_VERSION_SSPI
#endif
#ifdef HAVE_LIBZ
| CURL_VERSION_LIBZ
#endif
-#ifdef USE_HTTP_NEGOTIATE
- | CURL_VERSION_GSSNEGOTIATE
-#endif
#ifdef DEBUGBUILD
| CURL_VERSION_DEBUG
#endif
@@ -281,9 +284,6 @@ static curl_version_info_data version_info = {
#if defined(USE_NGHTTP2)
| CURL_VERSION_HTTP2
#endif
-#ifdef HAVE_GSSAPI
- | CURL_VERSION_GSSAPI
-#endif
,
NULL, /* ssl_version */
0, /* ssl_version_num, this is kept at zero */
diff --git a/src/tool_getparam.c b/src/tool_getparam.c
index 9ac6ab2..3dc302c 100644
--- a/src/tool_getparam.c
+++ b/src/tool_getparam.c
@@ -597,13 +597,14 @@ ParameterError getparameter(char *flag, /* f or -long-flag */
case 'l': /* --negotiate */
if(toggle) {
- if(curlinfo->features & CURL_VERSION_GSSNEGOTIATE)
- config->authtype |= CURLAUTH_GSSNEGOTIATE;
+ if(curlinfo->features & CURL_VERSION_GSSAPI ||
+ curlinfo->features & CURL_VERSION_SSPI)
+ config->authtype |= CURLAUTH_NEGOTIATE;
else
return PARAM_LIBCURL_DOESNT_SUPPORT;
}
else
- config->authtype &= ~CURLAUTH_GSSNEGOTIATE;
+ config->authtype &= ~CURLAUTH_NEGOTIATE;
break;
case 'm': /* --ntlm */
@@ -697,8 +698,7 @@ ParameterError getparameter(char *flag, /* f or -long-flag */
break;
case 'x': /* --krb */
/* kerberos level string */
- if(curlinfo->features & (CURL_VERSION_KERBEROS4 |
- CURL_VERSION_GSSNEGOTIATE))
+ if(curlinfo->features & CURL_VERSION_KERBEROS4)
GetStr(&config->krblevel, nextarg);
else
return PARAM_LIBCURL_DOESNT_SUPPORT;
@@ -798,11 +798,13 @@ ParameterError getparameter(char *flag, /* f or -long-flag */
break;
case 'k': /* --proxy-negotiate */
- if(curlinfo->features & CURL_VERSION_GSSNEGOTIATE)
+ if(curlinfo->features & CURL_VERSION_GSSAPI ||
+ curlinfo->features & CURL_VERSION_SSPI)
config->proxynegotiate = toggle;
else
return PARAM_LIBCURL_DOESNT_SUPPORT;
break;
+
case 'm': /* --ftp-account */
GetStr(&config->ftp_account, nextarg);
break;
diff --git a/src/tool_help.c b/src/tool_help.c
index 54817e4..5ad6010 100644
--- a/src/tool_help.c
+++ b/src/tool_help.c
@@ -258,20 +258,20 @@ static const struct feat feats[] = {
{"AsynchDNS", CURL_VERSION_ASYNCHDNS},
{"Debug", CURL_VERSION_DEBUG},
{"TrackMemory", CURL_VERSION_CURLDEBUG},
- {"GSS-Negotiate", CURL_VERSION_GSSNEGOTIATE},
{"IDN", CURL_VERSION_IDN},
{"IPv6", CURL_VERSION_IPV6},
{"Largefile", CURL_VERSION_LARGEFILE},
+ {"SSPI", CURL_VERSION_SSPI},
+ {"GSS-API", CURL_VERSION_GSSAPI},
+ {"SPNEGO", CURL_VERSION_SPNEGO},
{"NTLM", CURL_VERSION_NTLM},
{"NTLM_WB", CURL_VERSION_NTLM_WB},
{"SSL", CURL_VERSION_SSL},
- {"SSPI", CURL_VERSION_SSPI},
{"krb4", CURL_VERSION_KERBEROS4},
{"libz", CURL_VERSION_LIBZ},
{"CharConv", CURL_VERSION_CONV},
{"TLS-SRP", CURL_VERSION_TLSAUTH_SRP},
- {"HTTP2", CURL_VERSION_HTTP2},
- {"GSS-API", CURL_VERSION_GSSAPI}
+ {"HTTP2", CURL_VERSION_HTTP2}
};
void tool_help(void)
--
2.0.0
-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette: http://curl.haxx.se/mail/etiquette.html
Received on 2014-07-17