summaryrefslogtreecommitdiff
path: root/lib/curl_gssapi.c
diff options
context:
space:
mode:
authorDavid Woodhouse <David.Woodhouse@intel.com>2014-07-11 10:55:07 +0100
committerDaniel Stenberg <daniel@haxx.se>2014-07-16 17:26:08 +0200
commit59431c242bf1d93980756fa2db2d08744bfa79d3 (patch)
treea12e313fc08e3e314b47f4b7377035292f355738 /lib/curl_gssapi.c
parent9ad282b1ae1135e7d5dd2e466ff8671c1e4ee04b (diff)
downloadcurl-59431c242bf1d93980756fa2db2d08744bfa79d3.tar.gz
Use SPNEGO for HTTP Negotiate
This is the correct way to do SPNEGO. Just ask for it Now I correctly see it trying NTLMSSP authentication when a Kerberos ticket isn't available. Of course, we bail out when the server responds with the challenge packet, since we don't expect that. But I'll fix that bug next...
Diffstat (limited to 'lib/curl_gssapi.c')
-rw-r--r--lib/curl_gssapi.c9
1 files changed, 8 insertions, 1 deletions
diff --git a/lib/curl_gssapi.c b/lib/curl_gssapi.c
index fabbe3598..af1813b03 100644
--- a/lib/curl_gssapi.c
+++ b/lib/curl_gssapi.c
@@ -27,11 +27,18 @@
#include "curl_gssapi.h"
#include "sendf.h"
+static const char spnego_OID[] = "\x2b\x06\x01\x05\x05\x02";
+static const gss_OID_desc gss_mech_spnego = {
+ 6,
+ &spnego_OID
+};
+
OM_uint32 Curl_gss_init_sec_context(
struct SessionHandle *data,
OM_uint32 * minor_status,
gss_ctx_id_t * context,
gss_name_t target_name,
+ bool use_spnego,
gss_channel_bindings_t input_chan_bindings,
gss_buffer_t input_token,
gss_buffer_t output_token,
@@ -55,7 +62,7 @@ OM_uint32 Curl_gss_init_sec_context(
GSS_C_NO_CREDENTIAL, /* cred_handle */
context,
target_name,
- GSS_C_NO_OID, /* mech_type */
+ use_spnego ? (gss_OID)&gss_mech_spnego : GSS_C_NO_OID,
req_flags,
0, /* time_req */
input_chan_bindings,