diff --git a/include/curl/curl.h b/include/curl/curl.h index 80a8217cb..526c7213e 100644 --- a/include/curl/curl.h +++ b/include/curl/curl.h @@ -619,7 +619,8 @@ typedef enum { * CURLAUTH_NONE - No HTTP authentication * CURLAUTH_BASIC - HTTP Basic authentication (default) * CURLAUTH_DIGEST - HTTP Digest authentication - * CURLAUTH_GSSNEGOTIATE - HTTP GSS-Negotiate authentication + * CURLAUTH_NEGOTIATE - HTTP Negotiate (SPNEGO) authentication + * CURLAUTH_GSSNEGOTIATE - Alias for CURLAUTH_NEGOTIATE (deprecated) * CURLAUTH_NTLM - HTTP NTLM authentication * CURLAUTH_DIGEST_IE - HTTP Digest authentication with IE flavour * CURLAUTH_NTLM_WB - HTTP NTLM authentication delegated to winbind helper @@ -632,7 +633,9 @@ typedef enum { #define CURLAUTH_NONE ((unsigned long)0) #define CURLAUTH_BASIC (((unsigned long)1)<<0) #define CURLAUTH_DIGEST (((unsigned long)1)<<1) -#define CURLAUTH_GSSNEGOTIATE (((unsigned long)1)<<2) +#define CURLAUTH_NEGOTIATE (((unsigned long)1)<<2) +/* Deprecated since the advent of CURLAUTH_NEGOTIATE */ +#define CURLAUTH_GSSNEGOTIATE CURLAUTH_NEGOTIATE #define CURLAUTH_NTLM (((unsigned long)1)<<3) #define CURLAUTH_DIGEST_IE (((unsigned long)1)<<4) #define CURLAUTH_NTLM_WB (((unsigned long)1)<<5) @@ -2231,7 +2234,8 @@ typedef struct { #define CURL_VERSION_SSL (1<<2) /* SSL options are present */ #define CURL_VERSION_LIBZ (1<<3) /* libz features are present */ #define CURL_VERSION_NTLM (1<<4) /* NTLM auth is supported */ -#define CURL_VERSION_GSSNEGOTIATE (1<<5) /* Negotiate auth support */ +#define CURL_VERSION_GSSNEGOTIATE (1<<5) /* Negotiate auth support + (deprecated) */ #define CURL_VERSION_DEBUG (1<<6) /* built with debug capabilities */ #define CURL_VERSION_ASYNCHDNS (1<<7) /* asynchronous dns resolves */ #define CURL_VERSION_SPNEGO (1<<8) /* SPNEGO auth is supported */ diff --git a/lib/curl_setup.h b/lib/curl_setup.h index 7618b5638..173731c49 100644 --- a/lib/curl_setup.h +++ b/lib/curl_setup.h @@ -610,7 +610,7 @@ int netware_init(void); #if !defined(CURL_DISABLE_CRYPTO_AUTH) && \ (defined(HAVE_GSSAPI) || defined(USE_WINDOWS_SSPI)) -#define USE_HTTP_NEGOTIATE +#define USE_SPNEGO #endif /* Single point where USE_NTLM definition might be done */ diff --git a/lib/http.c b/lib/http.c index 8cd15dece..d59dffcf2 100644 --- a/lib/http.c +++ b/lib/http.c @@ -328,8 +328,8 @@ static bool pickoneauth(struct auth *pick) /* The order of these checks is highly relevant, as this will be the order of preference in case of the existence of multiple accepted types. */ - if(avail & CURLAUTH_GSSNEGOTIATE) - pick->picked = CURLAUTH_GSSNEGOTIATE; + if(avail & CURLAUTH_NEGOTIATE) + pick->picked = CURLAUTH_NEGOTIATE; else if(avail & CURLAUTH_DIGEST) pick->picked = CURLAUTH_DIGEST; else if(avail & CURLAUTH_NTLM) @@ -557,7 +557,7 @@ output_auth_headers(struct connectdata *conn, struct SessionHandle *data = conn->data; const char *auth=NULL; CURLcode result = CURLE_OK; -#ifdef USE_HTTP_NEGOTIATE +#ifdef USE_SPNEGO struct negotiatedata *negdata = proxy? &data->state.proxyneg:&data->state.negotiate; #endif @@ -567,9 +567,9 @@ output_auth_headers(struct connectdata *conn, (void)path; #endif -#ifdef USE_HTTP_NEGOTIATE +#ifdef USE_SPNEGO negdata->state = GSS_AUTHNONE; - if((authstatus->picked == CURLAUTH_GSSNEGOTIATE) && + if((authstatus->picked == CURLAUTH_NEGOTIATE) && negdata->context && !GSS_ERROR(negdata->status)) { auth="Negotiate"; result = Curl_output_negotiate(conn, proxy); @@ -737,7 +737,7 @@ CURLcode Curl_http_input_auth(struct connectdata *conn, bool proxy, */ struct SessionHandle *data = conn->data; -#ifdef USE_HTTP_NEGOTIATE +#ifdef USE_SPNEGO struct negotiatedata *negdata = proxy? &data->state.proxyneg:&data->state.negotiate; #endif @@ -771,13 +771,13 @@ CURLcode Curl_http_input_auth(struct connectdata *conn, bool proxy, */ while(*auth) { -#ifdef USE_HTTP_NEGOTIATE +#ifdef USE_SPNEGO if(checkprefix("Negotiate", auth)) { int neg; - *availp |= CURLAUTH_GSSNEGOTIATE; - authp->avail |= CURLAUTH_GSSNEGOTIATE; + *availp |= CURLAUTH_NEGOTIATE; + authp->avail |= CURLAUTH_NEGOTIATE; - if(authp->picked == CURLAUTH_GSSNEGOTIATE) { + if(authp->picked == CURLAUTH_NEGOTIATE) { if(negdata->state == GSS_AUTHSENT || negdata->state == GSS_AUTHNONE) { neg = Curl_input_negotiate(conn, proxy, auth); if(neg == 0) { @@ -1440,7 +1440,7 @@ CURLcode Curl_http_done(struct connectdata *conn, Curl_unencode_cleanup(conn); -#ifdef USE_HTTP_NEGOTIATE +#ifdef USE_SPNEGO if(data->state.proxyneg.state == GSS_AUTHSENT || data->state.negotiate.state == GSS_AUTHSENT) Curl_cleanup_negotiate(data); diff --git a/lib/http_negotiate.h b/lib/http_negotiate.h index e584d76fc..f7efe8cdd 100644 --- a/lib/http_negotiate.h +++ b/lib/http_negotiate.h @@ -22,7 +22,7 @@ * ***************************************************************************/ -#ifdef USE_HTTP_NEGOTIATE +#ifdef USE_SPNEGO /* this is for Negotiate header input */ int Curl_input_negotiate(struct connectdata *conn, bool proxy, @@ -37,6 +37,6 @@ void Curl_cleanup_negotiate(struct SessionHandle *data); #define GSS_ERROR(status) (status & 0x80000000) #endif -#endif /* USE_HTTP_NEGOTIATE */ +#endif /* USE_SPNEGO */ #endif /* HEADER_CURL_HTTP_NEGOTIATE_H */ diff --git a/lib/http_negotiate_sspi.c b/lib/http_negotiate_sspi.c index 2bf131f90..84e5ebf89 100644 --- a/lib/http_negotiate_sspi.c +++ b/lib/http_negotiate_sspi.c @@ -24,7 +24,7 @@ #ifdef USE_WINDOWS_SSPI -#if !defined(CURL_DISABLE_HTTP) && defined(USE_HTTP_NEGOTIATE) +#if !defined(CURL_DISABLE_HTTP) && defined(USE_SPNEGO) #include "urldata.h" #include "sendf.h" @@ -262,6 +262,6 @@ void Curl_cleanup_negotiate(struct SessionHandle *data) cleanup(&data->state.proxyneg); } -#endif /* !CURL_DISABLE_HTTP && USE_HTTP_NEGOTIATE */ +#endif /* !CURL_DISABLE_HTTP && USE_SPNEGO */ #endif /* USE_WINDOWS_SSPI */ diff --git a/lib/url.c b/lib/url.c index c0ec630c6..5ef0a7cc2 100644 --- a/lib/url.c +++ b/lib/url.c @@ -1267,9 +1267,9 @@ CURLcode Curl_setopt(struct SessionHandle *data, CURLoption option, #elif !defined(NTLM_WB_ENABLED) auth &= ~CURLAUTH_NTLM_WB; /* no NTLM_WB support */ #endif -#ifndef USE_HTTP_NEGOTIATE - auth &= ~CURLAUTH_GSSNEGOTIATE; /* no GSS-Negotiate without GSSAPI or - WINDOWS_SSPI */ +#ifndef USE_SPNEGO + auth &= ~CURLAUTH_NEGOTIATE; /* no Negotiate (SPNEGO) auth without + GSS-API or SSPI */ #endif /* check if any auth bit lower than CURLAUTH_ONLY is still set */ @@ -1355,9 +1355,9 @@ CURLcode Curl_setopt(struct SessionHandle *data, CURLoption option, #elif !defined(NTLM_WB_ENABLED) auth &= ~CURLAUTH_NTLM_WB; /* no NTLM_WB support */ #endif -#ifndef USE_HTTP_NEGOTIATE - auth &= ~CURLAUTH_GSSNEGOTIATE; /* no GSS-Negotiate without GSSAPI or - WINDOWS_SSPI */ +#ifndef USE_SPNEGO + auth &= ~CURLAUTH_NEGOTIATE; /* no Negotiate (SPNEGO) auth without + GSS-API or SSPI */ #endif /* check if any auth bit lower than CURLAUTH_ONLY is still set */ diff --git a/lib/urldata.h b/lib/urldata.h index 3ed7292d3..02f91e001 100644 --- a/lib/urldata.h +++ b/lib/urldata.h @@ -444,7 +444,7 @@ struct ntlmdata { #endif }; -#ifdef USE_HTTP_NEGOTIATE +#ifdef USE_SPNEGO struct negotiatedata { /* When doing Negotiate (SPNEGO) auth, we first need to send a token and then validate the received one. */ @@ -1245,7 +1245,7 @@ struct UrlState { struct digestdata digest; /* state data for host Digest auth */ struct digestdata proxydigest; /* state data for proxy Digest auth */ -#ifdef USE_HTTP_NEGOTIATE +#ifdef USE_SPNEGO struct negotiatedata negotiate; /* state data for host Negotiate auth */ struct negotiatedata proxyneg; /* state data for proxy Negotiate auth */ #endif diff --git a/lib/version.c b/lib/version.c index 7f0bc3617..788f3e9d1 100644 --- a/lib/version.c +++ b/lib/version.c @@ -262,9 +262,6 @@ static curl_version_info_data version_info = { #ifdef HAVE_LIBZ | CURL_VERSION_LIBZ #endif -#ifdef USE_HTTP_NEGOTIATE - | CURL_VERSION_GSSNEGOTIATE -#endif #ifdef DEBUGBUILD | CURL_VERSION_DEBUG #endif diff --git a/src/tool_getparam.c b/src/tool_getparam.c index 9ac6ab2fc..e8414e900 100644 --- a/src/tool_getparam.c +++ b/src/tool_getparam.c @@ -597,13 +597,13 @@ ParameterError getparameter(char *flag, /* f or -long-flag */ case 'l': /* --negotiate */ if(toggle) { - if(curlinfo->features & CURL_VERSION_GSSNEGOTIATE) - config->authtype |= CURLAUTH_GSSNEGOTIATE; + if(curlinfo->features & CURL_VERSION_SPNEGO) + config->authtype |= CURLAUTH_NEGOTIATE; else return PARAM_LIBCURL_DOESNT_SUPPORT; } else - config->authtype &= ~CURLAUTH_GSSNEGOTIATE; + config->authtype &= ~CURLAUTH_NEGOTIATE; break; case 'm': /* --ntlm */ @@ -697,8 +697,7 @@ ParameterError getparameter(char *flag, /* f or -long-flag */ break; case 'x': /* --krb */ /* kerberos level string */ - if(curlinfo->features & (CURL_VERSION_KERBEROS4 | - CURL_VERSION_GSSNEGOTIATE)) + if(curlinfo->features & CURL_VERSION_KERBEROS4) GetStr(&config->krblevel, nextarg); else return PARAM_LIBCURL_DOESNT_SUPPORT; @@ -798,11 +797,12 @@ ParameterError getparameter(char *flag, /* f or -long-flag */ break; case 'k': /* --proxy-negotiate */ - if(curlinfo->features & CURL_VERSION_GSSNEGOTIATE) + if(curlinfo->features & CURL_VERSION_SPNEGO) config->proxynegotiate = toggle; else return PARAM_LIBCURL_DOESNT_SUPPORT; break; + case 'm': /* --ftp-account */ GetStr(&config->ftp_account, nextarg); break; diff --git a/src/tool_help.c b/src/tool_help.c index ddad01439..78c968499 100644 --- a/src/tool_help.c +++ b/src/tool_help.c @@ -135,7 +135,7 @@ static const char *const helptext[] = { " --max-redirs NUM Maximum number of redirects allowed (H)", " -m, --max-time SECONDS Maximum time allowed for the transfer", " --metalink Process given URLs as metalink XML file", - " --negotiate Use HTTP Negotiate Authentication (H)", + " --negotiate Use HTTP Negotiate (SPNEGO) authentication (H)", " -n, --netrc Must read .netrc for user name and password", " --netrc-optional Use either .netrc or URL; overrides -n", " --netrc-file FILE Set up the netrc filename to use", @@ -165,7 +165,8 @@ static const char *const helptext[] = { " --proxy-anyauth Pick \"any\" proxy authentication method (H)", " --proxy-basic Use Basic authentication on the proxy (H)", " --proxy-digest Use Digest authentication on the proxy (H)", - " --proxy-negotiate Use Negotiate authentication on the proxy (H)", + " --proxy-negotiate " + "Use HTTP Negotiate (SPNEGO) authentication on the proxy (H)", " --proxy-ntlm Use NTLM authentication on the proxy (H)", " -U, --proxy-user USER[:PASSWORD] Proxy user and password", " --proxy1.0 HOST[:PORT] Use HTTP/1.0 proxy on given port", @@ -258,7 +259,6 @@ static const struct feat feats[] = { {"AsynchDNS", CURL_VERSION_ASYNCHDNS}, {"Debug", CURL_VERSION_DEBUG}, {"TrackMemory", CURL_VERSION_CURLDEBUG}, - {"GSS-Negotiate", CURL_VERSION_GSSNEGOTIATE}, {"IDN", CURL_VERSION_IDN}, {"IPv6", CURL_VERSION_IPV6}, {"Largefile", CURL_VERSION_LARGEFILE},