mirror of
https://github.com/moparisthebest/curl
synced 2024-11-10 11:35:07 -05:00
59431c242b
This is the correct way to do SPNEGO. Just ask for it Now I correctly see it trying NTLMSSP authentication when a Kerberos ticket isn't available. Of course, we bail out when the server responds with the challenge packet, since we don't expect that. But I'll fix that bug next...
77 lines
2.6 KiB
C
77 lines
2.6 KiB
C
/***************************************************************************
|
|
* _ _ ____ _
|
|
* Project ___| | | | _ \| |
|
|
* / __| | | | |_) | |
|
|
* | (__| |_| | _ <| |___
|
|
* \___|\___/|_| \_\_____|
|
|
*
|
|
* Copyright (C) 2011, Daniel Stenberg, <daniel@haxx.se>, et al.
|
|
*
|
|
* This software is licensed as described in the file COPYING, which
|
|
* you should have received as part of this distribution. The terms
|
|
* are also available at http://curl.haxx.se/docs/copyright.html.
|
|
*
|
|
* You may opt to use, copy, modify, merge, publish, distribute and/or sell
|
|
* copies of the Software, and permit persons to whom the Software is
|
|
* furnished to do so, under the terms of the COPYING file.
|
|
*
|
|
* This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
|
|
* KIND, either express or implied.
|
|
*
|
|
***************************************************************************/
|
|
|
|
#include "curl_setup.h"
|
|
|
|
#ifdef HAVE_GSSAPI
|
|
|
|
#include "curl_gssapi.h"
|
|
#include "sendf.h"
|
|
|
|
static const char spnego_OID[] = "\x2b\x06\x01\x05\x05\x02";
|
|
static const gss_OID_desc gss_mech_spnego = {
|
|
6,
|
|
&spnego_OID
|
|
};
|
|
|
|
OM_uint32 Curl_gss_init_sec_context(
|
|
struct SessionHandle *data,
|
|
OM_uint32 * minor_status,
|
|
gss_ctx_id_t * context,
|
|
gss_name_t target_name,
|
|
bool use_spnego,
|
|
gss_channel_bindings_t input_chan_bindings,
|
|
gss_buffer_t input_token,
|
|
gss_buffer_t output_token,
|
|
OM_uint32 * ret_flags)
|
|
{
|
|
OM_uint32 req_flags = GSS_C_MUTUAL_FLAG | GSS_C_REPLAY_FLAG;
|
|
|
|
if(data->set.gssapi_delegation & CURLGSSAPI_DELEGATION_POLICY_FLAG) {
|
|
#ifdef GSS_C_DELEG_POLICY_FLAG
|
|
req_flags |= GSS_C_DELEG_POLICY_FLAG;
|
|
#else
|
|
infof(data, "warning: support for CURLGSSAPI_DELEGATION_POLICY_FLAG not "
|
|
"compiled in\n");
|
|
#endif
|
|
}
|
|
|
|
if(data->set.gssapi_delegation & CURLGSSAPI_DELEGATION_FLAG)
|
|
req_flags |= GSS_C_DELEG_FLAG;
|
|
|
|
return gss_init_sec_context(minor_status,
|
|
GSS_C_NO_CREDENTIAL, /* cred_handle */
|
|
context,
|
|
target_name,
|
|
use_spnego ? (gss_OID)&gss_mech_spnego : GSS_C_NO_OID,
|
|
req_flags,
|
|
0, /* time_req */
|
|
input_chan_bindings,
|
|
input_token,
|
|
NULL, /* actual_mech_type */
|
|
output_token,
|
|
ret_flags,
|
|
NULL /* time_rec */);
|
|
}
|
|
|
|
#endif /* HAVE_GSSAPI */
|