summaryrefslogtreecommitdiff
path: root/lib
diff options
context:
space:
mode:
authorDaniel Stenberg <daniel@haxx.se>2007-09-21 11:05:31 +0000
committerDaniel Stenberg <daniel@haxx.se>2007-09-21 11:05:31 +0000
commit015d5869d7e3daf81548e4d5d55209adfd4285bf (patch)
tree68ac2015ec29991b3c56ffdb51ecc977c2408437 /lib
parent4686adb4331b539dacd065bafc82e31a9eca08e8 (diff)
downloadcurl-015d5869d7e3daf81548e4d5d55209adfd4285bf.tar.gz
Mark Davies fixed Negotiate authentication over proxy, and also introduced
the --proxy-negotiate command line option to allow a user to explicitly select it.
Diffstat (limited to 'lib')
-rw-r--r--lib/http.c16
-rw-r--r--lib/http_negotiate.c14
-rw-r--r--lib/http_negotiate.h4
3 files changed, 23 insertions, 11 deletions
diff --git a/lib/http.c b/lib/http.c
index 090aad3d2..67b2d3f55 100644
--- a/lib/http.c
+++ b/lib/http.c
@@ -424,6 +424,18 @@ Curl_http_output_auth(struct connectdata *conn,
/* Send proxy authentication header if needed */
if (conn->bits.httpproxy &&
(conn->bits.tunnel_proxy == proxytunnel)) {
+#ifdef HAVE_GSSAPI
+ if((authproxy->picked == CURLAUTH_GSSNEGOTIATE) &&
+ data->state.negotiate.context &&
+ !GSS_ERROR(data->state.negotiate.status)) {
+ auth="GSS-Negotiate";
+ result = Curl_output_negotiate(conn, TRUE);
+ if (result)
+ return result;
+ authproxy->done = TRUE;
+ }
+ else
+#endif
#ifdef USE_NTLM
if(authproxy->picked == CURLAUTH_NTLM) {
auth="NTLM";
@@ -486,7 +498,7 @@ Curl_http_output_auth(struct connectdata *conn,
data->state.negotiate.context &&
!GSS_ERROR(data->state.negotiate.status)) {
auth="GSS-Negotiate";
- result = Curl_output_negotiate(conn);
+ result = Curl_output_negotiate(conn, FALSE);
if (result)
return result;
authhost->done = TRUE;
@@ -593,7 +605,7 @@ CURLcode Curl_http_input_auth(struct connectdata *conn,
authp->avail |= CURLAUTH_GSSNEGOTIATE;
if(authp->picked == CURLAUTH_GSSNEGOTIATE) {
/* if exactly this is wanted, go */
- int neg = Curl_input_negotiate(conn, start);
+ int neg = Curl_input_negotiate(conn, (bool)(httpcode == 407), start);
if (neg == 0) {
data->reqdata.newurl = strdup(data->change.url);
data->state.authproblem = (data->reqdata.newurl == NULL);
diff --git a/lib/http_negotiate.c b/lib/http_negotiate.c
index f504c12d8..f5cc6cc6c 100644
--- a/lib/http_negotiate.c
+++ b/lib/http_negotiate.c
@@ -49,7 +49,7 @@
#include "memdebug.h"
static int
-get_gss_name(struct connectdata *conn, gss_name_t *server)
+get_gss_name(struct connectdata *conn, bool proxy, gss_name_t *server)
{
struct negotiatedata *neg_ctx = &conn->data->state.negotiate;
OM_uint32 major_status, minor_status;
@@ -69,11 +69,11 @@ get_gss_name(struct connectdata *conn, gss_name_t *server)
else
service = "HTTP";
- token.length = strlen(service) + 1 + strlen(conn->host.name) + 1;
+ token.length = strlen(service) + 1 + strlen(proxy ? conn->proxy.name : conn->host.name) + 1;
if (token.length + 1 > sizeof(name))
return EMSGSIZE;
- snprintf(name, sizeof(name), "%s@%s", service, conn->host.name);
+ snprintf(name, sizeof(name), "%s@%s", service, proxy ? conn->proxy.name : conn->host.name);
token.value = (void *) name;
major_status = gss_import_name(&minor_status,
@@ -113,7 +113,7 @@ log_gss_error(struct connectdata *conn, OM_uint32 error_status, char *prefix)
infof(conn->data, "%s", buf);
}
-int Curl_input_negotiate(struct connectdata *conn, const char *header)
+int Curl_input_negotiate(struct connectdata *conn, bool proxy, const char *header)
{
struct negotiatedata *neg_ctx = &conn->data->state.negotiate;
OM_uint32 major_status, minor_status, minor_status2;
@@ -156,7 +156,7 @@ int Curl_input_negotiate(struct connectdata *conn, const char *header)
}
if (neg_ctx->server_name == NULL &&
- (ret = get_gss_name(conn, &neg_ctx->server_name)))
+ (ret = get_gss_name(conn, proxy, &neg_ctx->server_name)))
return ret;
header += strlen(neg_ctx->protocol);
@@ -245,7 +245,7 @@ int Curl_input_negotiate(struct connectdata *conn, const char *header)
}
-CURLcode Curl_output_negotiate(struct connectdata *conn)
+CURLcode Curl_output_negotiate(struct connectdata *conn, bool proxy)
{
struct negotiatedata *neg_ctx = &conn->data->state.negotiate;
OM_uint32 minor_status;
@@ -299,7 +299,7 @@ CURLcode Curl_output_negotiate(struct connectdata *conn)
return CURLE_OUT_OF_MEMORY;
conn->allocptr.userpwd =
- aprintf("Authorization: %s %s\r\n", neg_ctx->protocol, encoded);
+ aprintf("%sAuthorization: %s %s\r\n", proxy ? "Proxy-" : "", neg_ctx->protocol, encoded);
free(encoded);
gss_release_buffer(&minor_status, &neg_ctx->output_token);
return (conn->allocptr.userpwd == NULL) ? CURLE_OUT_OF_MEMORY : CURLE_OK;
diff --git a/lib/http_negotiate.h b/lib/http_negotiate.h
index e0507013f..669fee586 100644
--- a/lib/http_negotiate.h
+++ b/lib/http_negotiate.h
@@ -27,10 +27,10 @@
#ifdef HAVE_GSSAPI
/* this is for Negotiate header input */
-int Curl_input_negotiate(struct connectdata *conn, const char *header);
+int Curl_input_negotiate(struct connectdata *conn, bool proxy, const char *header);
/* this is for creating Negotiate header output */
-CURLcode Curl_output_negotiate(struct connectdata *conn);
+CURLcode Curl_output_negotiate(struct connectdata *conn, bool proxy);
void Curl_cleanup_negotiate(struct SessionHandle *data);