curl-library
RE: Kerberos connections are not left open
Date: Tue, 29 Nov 2016 11:33:00 +0000
Hi.
I'm trying to implement a file uploader using libcurl. The authentication must be done using Kerberos. The issue that I'm encountering is that the file is being sent three times to the sever (one for each message of the handshake).
Kerberos allow to reuse the same authentication token by using persisting connections.
So to avoid uploading the file multiple times, I first make a small request to the server (a kind of ping) to get the authentication done and then I make the upload POST request.
The problem is that libcurl is always closing the Kerberos connections. It does it in the Curl_http_done method:
#ifdef USE_SPNEGO
if(data->state.proxyneg.state == GSS_AUTHSENT ||
data->state.negotiate.state == GSS_AUTHSENT) {
/* add forbid re-use if http-code != 401/407 as a WA only needed for
* 401/407 that signal auth failure (empty) otherwise state will be RECV
* with current code.
* Do not close CONNECT_ONLY connections. */
if((data->req.httpcode != 401) && (data->req.httpcode != 407) &&
!data->set.connect_only)
connclose(conn, "Negotiate transfer completed");
Curl_cleanup_negotiate(data);
}
#endif
I don't completely understand the comment in the code, but apparently there is a limitation on the libcurl implementation that forces to close the connection. Is that right? Could someone confirm it or explain if this can be fixed?
Depending on the answer to above questions I could try to set CURL_CONNECTION_ONLY at some callback run before the closing of connection. Does anyone have an idea of how to do this?
Any other, suggestion to implement file upload with Kerberos authentication without transmitting the file multiple times?
Thank you.
Lutfi
-------------------------------------------------------------------
List admin: https://cool.haxx.se/list/listinfo/curl-library
Etiquette: https://curl.haxx.se/mail/etiquette.html
Received on 2016-11-29