cURL / Mailing Lists / curl-library / Single Mail

curl-library

Re: How to set service name for SPNEGO?

From: Wenlong Dong <wdong87_at_gmail.com>
Date: Tue, 31 Mar 2015 20:51:50 -0700

Linus, thanks a lot for making the change! The change overall looks great
to me. I was not able to patch it locally somehow (not sure whether I have
to find the exact commit to sync to) and here are some minor comments:

*) lib/http_negotiate.c:
*+ char *spn = Curl_sasl_build_gssapi_spn(*
*+ proxy ? "HTTP" : data->set.str[STRING_SERVICE_NAME],*
*+ proxy ? conn->proxy.name <http://proxy.name> : conn->host.name
<http://host.name>);*

*Q1: Could data->set.str[STRING_SERVICE_NAME] be null or is it defaulted to
"http" when it's not set (from lib/url.c)?*

*Q2: When proxy is true, should you use
data->set.str[STRING_PROXY_SERVICE_NAME] instead of "HTTP"?*

*+ neg_ctx->server_name =*
*+ Curl_sasl_build_spn(proxy ? "HTTP" :
data->set.str[STRING_SERVICE_NAME],*
*+ proxy ? conn->proxy.name <http://proxy.name> :
conn->host.name <http://host.name>);*

*Q3: Same questions as above.*

*) lib/url.h
*+#define CURL_DEFAULT_SERVICE_NAME "http" /* default negotiate service */*

*Q4: Is the service name case sensitive? If it is, should it be "HTTP"?*

I will try to patch it locally and verify it.

Best regards,
Wenlong

On Mon, Mar 30, 2015 at 5:18 AM, Linus Nielsen <linus_at_haxx.se> wrote:

> On 02/19/2015 12:11 AM, Steve Holme wrote:
>
>> Some more random thoughts from me this evening...
>>
>> I wouldn't recommend replacing CURLOPT_SOCKS5_GSSAPI_SERVICE with
>> CURLOPT_SERVICE_NAME as Socks 5 is used as a proxy and a curl user /
>> libcurl programmer might want to set both the proxy and the protocol
>> service name. As such I would recommend something like:
>>
>> * libcurl - replace CURLOPT_SOCKS5_GSSAPI_SERVICE with
>> CURLOPT_PROXY_SERVICE_NAME as it can then be used for HTTP proxy with
>> Kerberos/SPNEGO/Digest and keep CURLOPT_SOCKS5_GSSAPI_SERVICE for backwards
>> API compatibility
>> * libcurl - add CURLOPT_SERVICE_NAME as new value
>> * curl - replace --socks5-gssapi-service with --proxy-service-name and
>> add --socks5-gssapi-service as an alias
>> * curl - add support for --service-name as a new argument
>>
>
> I have picked up the baton to try to make this happen. Please have a look
> at the attached patch and see if it would work.
>
> Regards,
>
> Linus
>
>
> -------------------------------------------------------------------
> List admin: http://cool.haxx.se/list/listinfo/curl-library
> Etiquette: http://curl.haxx.se/mail/etiquette.html
>

-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette: http://curl.haxx.se/mail/etiquette.html
Received on 2015-04-01

This message: [ Message body ]
Next message: Phil Freeman: "FILE errno -1 & Bad file descriptor error"
Next in thread: Linus Nielsen: "Re: How to set service name for SPNEGO?"
Reply: Linus Nielsen: "Re: How to set service name for SPNEGO?"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]