diff options
author | Daniel Stenberg <daniel@haxx.se> | 2007-09-21 11:05:31 +0000 |
---|---|---|
committer | Daniel Stenberg <daniel@haxx.se> | 2007-09-21 11:05:31 +0000 |
commit | 015d5869d7e3daf81548e4d5d55209adfd4285bf (patch) | |
tree | 68ac2015ec29991b3c56ffdb51ecc977c2408437 /lib | |
parent | 4686adb4331b539dacd065bafc82e31a9eca08e8 (diff) | |
download | curl-015d5869d7e3daf81548e4d5d55209adfd4285bf.tar.gz |
Mark Davies fixed Negotiate authentication over proxy, and also introduced
the --proxy-negotiate command line option to allow a user to explicitly
select it.
Diffstat (limited to 'lib')
-rw-r--r-- | lib/http.c | 16 | ||||
-rw-r--r-- | lib/http_negotiate.c | 14 | ||||
-rw-r--r-- | lib/http_negotiate.h | 4 |
3 files changed, 23 insertions, 11 deletions
diff --git a/lib/http.c b/lib/http.c index 090aad3d2..67b2d3f55 100644 --- a/lib/http.c +++ b/lib/http.c @@ -424,6 +424,18 @@ Curl_http_output_auth(struct connectdata *conn, /* Send proxy authentication header if needed */ if (conn->bits.httpproxy && (conn->bits.tunnel_proxy == proxytunnel)) { +#ifdef HAVE_GSSAPI + if((authproxy->picked == CURLAUTH_GSSNEGOTIATE) && + data->state.negotiate.context && + !GSS_ERROR(data->state.negotiate.status)) { + auth="GSS-Negotiate"; + result = Curl_output_negotiate(conn, TRUE); + if (result) + return result; + authproxy->done = TRUE; + } + else +#endif #ifdef USE_NTLM if(authproxy->picked == CURLAUTH_NTLM) { auth="NTLM"; @@ -486,7 +498,7 @@ Curl_http_output_auth(struct connectdata *conn, data->state.negotiate.context && !GSS_ERROR(data->state.negotiate.status)) { auth="GSS-Negotiate"; - result = Curl_output_negotiate(conn); + result = Curl_output_negotiate(conn, FALSE); if (result) return result; authhost->done = TRUE; @@ -593,7 +605,7 @@ CURLcode Curl_http_input_auth(struct connectdata *conn, authp->avail |= CURLAUTH_GSSNEGOTIATE; if(authp->picked == CURLAUTH_GSSNEGOTIATE) { /* if exactly this is wanted, go */ - int neg = Curl_input_negotiate(conn, start); + int neg = Curl_input_negotiate(conn, (bool)(httpcode == 407), start); if (neg == 0) { data->reqdata.newurl = strdup(data->change.url); data->state.authproblem = (data->reqdata.newurl == NULL); diff --git a/lib/http_negotiate.c b/lib/http_negotiate.c index f504c12d8..f5cc6cc6c 100644 --- a/lib/http_negotiate.c +++ b/lib/http_negotiate.c @@ -49,7 +49,7 @@ #include "memdebug.h" static int -get_gss_name(struct connectdata *conn, gss_name_t *server) +get_gss_name(struct connectdata *conn, bool proxy, gss_name_t *server) { struct negotiatedata *neg_ctx = &conn->data->state.negotiate; OM_uint32 major_status, minor_status; @@ -69,11 +69,11 @@ get_gss_name(struct connectdata *conn, gss_name_t *server) else service = "HTTP"; - token.length = strlen(service) + 1 + strlen(conn->host.name) + 1; + token.length = strlen(service) + 1 + strlen(proxy ? conn->proxy.name : conn->host.name) + 1; if (token.length + 1 > sizeof(name)) return EMSGSIZE; - snprintf(name, sizeof(name), "%s@%s", service, conn->host.name); + snprintf(name, sizeof(name), "%s@%s", service, proxy ? conn->proxy.name : conn->host.name); token.value = (void *) name; major_status = gss_import_name(&minor_status, @@ -113,7 +113,7 @@ log_gss_error(struct connectdata *conn, OM_uint32 error_status, char *prefix) infof(conn->data, "%s", buf); } -int Curl_input_negotiate(struct connectdata *conn, const char *header) +int Curl_input_negotiate(struct connectdata *conn, bool proxy, const char *header) { struct negotiatedata *neg_ctx = &conn->data->state.negotiate; OM_uint32 major_status, minor_status, minor_status2; @@ -156,7 +156,7 @@ int Curl_input_negotiate(struct connectdata *conn, const char *header) } if (neg_ctx->server_name == NULL && - (ret = get_gss_name(conn, &neg_ctx->server_name))) + (ret = get_gss_name(conn, proxy, &neg_ctx->server_name))) return ret; header += strlen(neg_ctx->protocol); @@ -245,7 +245,7 @@ int Curl_input_negotiate(struct connectdata *conn, const char *header) } -CURLcode Curl_output_negotiate(struct connectdata *conn) +CURLcode Curl_output_negotiate(struct connectdata *conn, bool proxy) { struct negotiatedata *neg_ctx = &conn->data->state.negotiate; OM_uint32 minor_status; @@ -299,7 +299,7 @@ CURLcode Curl_output_negotiate(struct connectdata *conn) return CURLE_OUT_OF_MEMORY; conn->allocptr.userpwd = - aprintf("Authorization: %s %s\r\n", neg_ctx->protocol, encoded); + aprintf("%sAuthorization: %s %s\r\n", proxy ? "Proxy-" : "", neg_ctx->protocol, encoded); free(encoded); gss_release_buffer(&minor_status, &neg_ctx->output_token); return (conn->allocptr.userpwd == NULL) ? CURLE_OUT_OF_MEMORY : CURLE_OK; diff --git a/lib/http_negotiate.h b/lib/http_negotiate.h index e0507013f..669fee586 100644 --- a/lib/http_negotiate.h +++ b/lib/http_negotiate.h @@ -27,10 +27,10 @@ #ifdef HAVE_GSSAPI /* this is for Negotiate header input */ -int Curl_input_negotiate(struct connectdata *conn, const char *header); +int Curl_input_negotiate(struct connectdata *conn, bool proxy, const char *header); /* this is for creating Negotiate header output */ -CURLcode Curl_output_negotiate(struct connectdata *conn); +CURLcode Curl_output_negotiate(struct connectdata *conn, bool proxy); void Curl_cleanup_negotiate(struct SessionHandle *data); |