moparisthebest/curl
1
0
Fork 0
mirror of https://github.com/moparisthebest/curl synced 2024-12-21 23:58:49 -05:00
Code Issues Releases Wiki Activity

HTTP: Remove checkprefix("GSS-Negotiate")

Browse Source 
That auth mech has never existed neither on MS nor on Unix side.
There is only Negotiate over SPNEGO.
This commit is contained in:
Michael Osipov 2014-07-21 09:53:44 +02:00 committed by Daniel Stenberg
parent eda12bcff8
commit 5128672731
4 changed files with 12 additions and 87 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
lib/http.c
View File

@ -571,7 +571,7 @@ output_auth_headers(struct connectdata *conn,
negdata->state = GSS_AUTHNONE;
if((authstatus->picked == CURLAUTH_GSSNEGOTIATE) &&
negdata->context && !GSS_ERROR(negdata->status)) {
auth="GSS-Negotiate";
auth="Negotiate";
result = Curl_output_negotiate(conn, proxy);
if(result)
return result;
@ -772,8 +772,7 @@ CURLcode Curl_http_input_auth(struct connectdata *conn, bool proxy,
while(*auth) {
#ifdef USE_HTTP_NEGOTIATE
if(checkprefix("GSS-Negotiate", auth) ||
checkprefix("Negotiate", auth)) {
if(checkprefix("Negotiate", auth)) {
int neg;
*availp |= CURLAUTH_GSSNEGOTIATE;
authp->avail |= CURLAUTH_GSSNEGOTIATE;

43
lib/http_negotiate.c
View File

@ -53,19 +53,7 @@ get_gss_name(struct connectdata *conn, bool proxy, gss_name_t *server)
OM_uint32 major_status, minor_status;
gss_buffer_desc token = GSS_C_EMPTY_BUFFER;
char name[2048];
const char* service;
/* GSSAPI implementation by Globus (known as GSI) requires the name to be
of form "<service>/<fqdn>" instead of <service>@<fqdn> (ie. slash instead
of at-sign). Also GSI servers are often identified as 'host' not 'khttp'.
Change following lines if you want to use GSI */
/* IIS uses the <service>@<fqdn> form but uses 'http' as the service name */
if(neg_ctx->gss)
service = "KHTTP";
else
service = "HTTP";
const char* service = "HTTP";
token.length = strlen(service) + 1 + strlen(proxy ? conn->proxy.name :
conn->host.name) + 1;
@ -128,31 +116,8 @@ int Curl_input_negotiate(struct connectdata *conn, bool proxy,
int ret;
size_t len;
size_t rawlen = 0;
bool gss;
const char* protocol;
CURLcode error;
if(checkprefix("GSS-Negotiate", header)) {
protocol = "GSS-Negotiate";
gss = TRUE;
}
else if(checkprefix("Negotiate", header)) {
protocol = "Negotiate";
gss = FALSE;
}
else
return -1;
if(neg_ctx->context) {
if(neg_ctx->gss != gss) {
return -1;
}
}
else {
neg_ctx->protocol = protocol;
neg_ctx->gss = gss;
}
if(neg_ctx->context && neg_ctx->status == GSS_S_COMPLETE) {
/* We finished successfully our part of authentication, but server
* rejected it (since we're again here). Exit with an error since we
@ -165,7 +130,7 @@ int Curl_input_negotiate(struct connectdata *conn, bool proxy,
(ret = get_gss_name(conn, proxy, &neg_ctx->server_name)))
return ret;
header += strlen(neg_ctx->protocol);
header += strlen("Negotiate");
while(*header && ISSPACE(*header))
header++;
@ -238,8 +203,8 @@ CURLcode Curl_output_negotiate(struct connectdata *conn, bool proxy)
return CURLE_REMOTE_ACCESS_DENIED;
}
userp = aprintf("%sAuthorization: %s %s\r\n", proxy ? "Proxy-" : "",
neg_ctx->protocol, encoded);
userp = aprintf("%sAuthorization: Negotiate %s\r\n", proxy ? "Proxy-" : "",
encoded);
if(proxy) {
Curl_safefree(conn->allocptr.proxyuserpwd);
conn->allocptr.proxyuserpwd = userp;

45
lib/http_negotiate_sspi.c
View File

@ -45,27 +45,13 @@ static int
get_gss_name(struct connectdata *conn, bool proxy,
struct negotiatedata *neg_ctx)
{
const char* service;
const char* service = "HTTP";
size_t length;
if(proxy && !conn->proxy.name)
/* proxy auth requested but no given proxy name, error out! */
return -1;
/* GSSAPI implementation by Globus (known as GSI) requires the name to be
of form "<service>/<fqdn>" instead of <service>@<fqdn> (ie. slash instead
of at-sign). Also GSI servers are often identified as 'host' not 'khttp'.
Change following lines if you want to use GSI */
/* IIS uses the <service>@<fqdn> form but uses 'http' as the service name,
and SSPI then generates an NTLM token. When using <service>/<fqdn> a
Kerberos token is generated. */
if(neg_ctx->gss)
service = "KHTTP";
else
service = "HTTP";
length = strlen(service) + 1 + strlen(proxy ? conn->proxy.name :
conn->host.name) + 1;
if(length + 1 > sizeof(neg_ctx->server_name))
@ -94,31 +80,8 @@ int Curl_input_negotiate(struct connectdata *conn, bool proxy,
TCHAR *sname;
int ret;
size_t len = 0, input_token_len = 0;
bool gss = FALSE;
const char* protocol;
CURLcode error;
if(checkprefix("GSS-Negotiate", header)) {
protocol = "GSS-Negotiate";
gss = TRUE;
}
else if(checkprefix("Negotiate", header)) {
protocol = "Negotiate";
gss = FALSE;
}
else
return -1;
if(neg_ctx->context) {
if(neg_ctx->gss != gss) {
return -1;
}
}
else {
neg_ctx->protocol = protocol;
neg_ctx->gss = gss;
}
if(neg_ctx->context && neg_ctx->status == SEC_E_OK) {
/* We finished successfully our part of authentication, but server
* rejected it (since we're again here). Exit with an error since we
@ -148,7 +111,7 @@ int Curl_input_negotiate(struct connectdata *conn, bool proxy,
}
/* Obtain the input token, if any */
header += strlen(neg_ctx->protocol);
header += strlen("Negotiate");
while(*header && ISSPACE(*header))
header++;
@ -260,8 +223,8 @@ CURLcode Curl_output_negotiate(struct connectdata *conn, bool proxy)
if(len == 0)
return CURLE_REMOTE_ACCESS_DENIED;
userp = aprintf("%sAuthorization: %s %s\r\n", proxy ? "Proxy-" : "",
neg_ctx->protocol, encoded);
userp = aprintf("%sAuthorization: Negotiate %s\r\n", proxy ? "Proxy-" : "",
encoded);
if(proxy)
conn->allocptr.proxyuserpwd = userp;

6
lib/urldata.h
View File

@ -446,11 +446,9 @@ struct ntlmdata {
#ifdef USE_HTTP_NEGOTIATE
struct negotiatedata {
/* when doing Negotiate we first need to receive an auth token and then we
need to send our header */
/* When doing Negotiate (SPNEGO) auth, we first need to send a token
and then validate the received one. */
enum { GSS_AUTHNONE, GSS_AUTHRECV, GSS_AUTHSENT } state;
bool gss; /* Whether we're processing GSS-Negotiate or Negotiate */
const char* protocol; /* "GSS-Negotiate" or "Negotiate" */
#ifdef HAVE_GSSAPI
OM_uint32 status;
gss_ctx_id_t context;