Added Curl_gss_init_sec_context.

This function wraps our calls to gss_init_sec_context so that we
have a unified way to talk to GSSAPI.

6 files changed, 151 insertions, 53 deletions

diff --git a/lib/Makefile.inc b/lib/Makefile.inc
index 04285b533..1727a173c 100644
--- a/lib/Makefile.inc
+++ b/lib/Makefile.inc
@@ -22,7 +22,7 @@ CSOURCES = file.c timeval.c base64.c hostip.c progress.c formdata.c	\
   pingpong.c rtsp.c curl_threads.c warnless.c hmac.c polarssl.c		\
   curl_rtmp.c openldap.c curl_gethostname.c gopher.c axtls.c		\
   idn_win32.c http_negotiate_sspi.c cyassl.c http_proxy.c non-ascii.c	\
-  asyn-ares.c asyn-thread.c
+  asyn-ares.c asyn-thread.c gssapi.c
 
 HHEADERS = arpa_telnet.h netrc.h file.h timeval.h qssl.h hostip.h	\
   progress.h formdata.h cookie.h http.h sendf.h ftp.h url.h dict.h	\
@@ -37,4 +37,4 @@ HHEADERS = arpa_telnet.h netrc.h file.h timeval.h qssl.h hostip.h	\
   curl_base64.h rawstr.h curl_addrinfo.h curl_sspi.h slist.h nonblock.h	\
   curl_memrchr.h imap.h pop3.h smtp.h pingpong.h rtsp.h curl_threads.h	\
   warnless.h curl_hmac.h polarssl.h curl_rtmp.h curl_gethostname.h	\
-  gopher.h axtls.h cyassl.h http_proxy.h non-ascii.h asyn.h
+  gopher.h axtls.h cyassl.h http_proxy.h non-ascii.h asyn.h gssapi.h
diff --git a/lib/gssapi.c b/lib/gssapi.c
new file mode 100644
index 000000000..dc777c710
--- /dev/null
+++ b/lib/gssapi.c
@@ -0,0 +1,53 @@
+/***************************************************************************
+ *                                  _   _ ____  _
+ *  Project                     ___| | | |  _ \| |
+ *                             / __| | | | |_) | |
+ *                            | (__| |_| |  _ <| |___
+ *                             \___|\___/|_| \_\_____|
+ *
+ * Copyright (C) 2011, Daniel Stenberg, <daniel@haxx.se>, et al.
+ *
+ * This software is licensed as described in the file COPYING, which
+ * you should have received as part of this distribution. The terms
+ * are also available at http://curl.haxx.se/docs/copyright.html.
+ *
+ * You may opt to use, copy, modify, merge, publish, distribute and/or sell
+ * copies of the Software, and permit persons to whom the Software is
+ * furnished to do so, under the terms of the COPYING file.
+ *
+ * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
+ * KIND, either express or implied.
+ *
+ ***************************************************************************/
+
+#include "gssapi.h"
+
+OM_uint32 Curl_gss_init_sec_context(
+    OM_uint32 * minor_status,
+    gss_cred_id_t cred_handle,
+    gss_ctx_id_t * context,
+    gss_name_t target_name,
+    gss_OID mech_type, /* needed? */
+    OM_uint32 req_flags,          /* TBR. */
+    OM_uint32 time_req,
+    gss_channel_bindings_t input_chan_bindings,
+    gss_buffer_t input_token,
+    gss_OID * actual_mech_type,
+    gss_buffer_t output_token,
+    OM_uint32 * ret_flags,
+    OM_uint32 * time_rec)
+{
+  return gss_init_sec_context(minor_status,
+                              cred_handle,
+                              context,
+                              target_name,
+                              mech_type,
+                              req_flags,
+                              time_req,
+                              input_chan_bindings,
+                              input_token,
+                              actual_mech_type,
+                              output_token,
+                              ret_flags,
+                              time_rec);
+}
diff --git a/lib/gssapi.h b/lib/gssapi.h
new file mode 100644
index 000000000..c2a079775
--- /dev/null
+++ b/lib/gssapi.h
@@ -0,0 +1,53 @@
+/***************************************************************************
+ *                                  _   _ ____  _
+ *  Project                     ___| | | |  _ \| |
+ *                             / __| | | | |_) | |
+ *                            | (__| |_| |  _ <| |___
+ *                             \___|\___/|_| \_\_____|
+ *
+ * Copyright (C) 2011, Daniel Stenberg, <daniel@haxx.se>, et al.
+ *
+ * This software is licensed as described in the file COPYING, which
+ * you should have received as part of this distribution. The terms
+ * are also available at http://curl.haxx.se/docs/copyright.html.
+ *
+ * You may opt to use, copy, modify, merge, publish, distribute and/or sell
+ * copies of the Software, and permit persons to whom the Software is
+ * furnished to do so, under the terms of the COPYING file.
+ *
+ * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
+ * KIND, either express or implied.
+ *
+ ***************************************************************************/
+
+#include "setup.h"
+
+#ifdef HAVE_GSSGNU
+#  include <gss.h>
+#elif defined HAVE_GSSMIT
+   /* MIT style */
+#  include <gssapi/gssapi.h>
+#  include <gssapi/gssapi_generic.h>
+#  include <gssapi/gssapi_krb5.h>
+#else
+   /* Heimdal-style */
+#  include <gssapi.h>
+#endif
+
+
+/* Common method for using gss api */
+
+OM_uint32 Curl_gss_init_sec_context(
+    OM_uint32 * minor_status,
+    gss_cred_id_t cred_handle,
+    gss_ctx_id_t * context,
+    gss_name_t target_name,
+    gss_OID,            /* mech_type (used to be const) */
+    OM_uint32,          /* req_flags */
+    OM_uint32,          /* time_req */
+    gss_channel_bindings_t,     /* input_chan_bindings */
+    gss_buffer_t,       /* input_token */
+    gss_OID *,          /* actual_mech_type */
+    gss_buffer_t,       /* output_token */
+    OM_uint32 *,        /* ret_flags */
+    OM_uint32 *);       /* time_rec */
diff --git a/lib/http_negotiate.c b/lib/http_negotiate.c
index 0bbe4364f..075a52062 100644
--- a/lib/http_negotiate.c
+++ b/lib/http_negotiate.c
@@ -36,6 +36,7 @@
 
 #include "urldata.h"
 #include "sendf.h"
+#include "gssapi.h"
 #include "rawstr.h"
 #include "curl_base64.h"
 #include "http_negotiate.h"
@@ -238,19 +239,20 @@ int Curl_input_negotiate(struct connectdata *conn, bool proxy,
 #endif
   }
 
-  major_status = gss_init_sec_context(&minor_status,
-                                      GSS_C_NO_CREDENTIAL,
-                                      &neg_ctx->context,
-                                      neg_ctx->server_name,
-                                      GSS_C_NO_OID,
-                                      GSS_C_MUTUAL_FLAG | GSS_C_REPLAY_FLAG,
-                                      0,
-                                      GSS_C_NO_CHANNEL_BINDINGS,
-                                      &input_token,
-                                      NULL,
-                                      &output_token,
-                                      NULL,
-                                      NULL);
+  major_status = Curl_gss_init_sec_context(&minor_status,
+                                           GSS_C_NO_CREDENTIAL,
+                                           &neg_ctx->context,
+                                           neg_ctx->server_name,
+                                           GSS_C_NO_OID,
+                                           GSS_C_MUTUAL_FLAG
+                                           | GSS_C_REPLAY_FLAG,
+                                           0,
+                                           GSS_C_NO_CHANNEL_BINDINGS,
+                                           &input_token,
+                                           NULL,
+                                           &output_token,
+                                           NULL,
+                                           NULL);
   if(input_token.length > 0)
     gss_release_buffer(&minor_status2, &input_token);
   neg_ctx->status = major_status;
diff --git a/lib/krb5.c b/lib/krb5.c
index 0233b9373..9b67524d2 100644
--- a/lib/krb5.c
+++ b/lib/krb5.c
@@ -47,21 +47,10 @@
 #endif
 #include <string.h>
 
-#ifdef HAVE_GSSGNU
-#  include <gss.h>
-#elif defined HAVE_GSSMIT
-   /* MIT style */
-#  include <gssapi/gssapi.h>
-#  include <gssapi/gssapi_generic.h>
-#  include <gssapi/gssapi_krb5.h>
-#else
-   /* Heimdal-style */
-#  include <gssapi.h>
-#endif
-
 #include "urldata.h"
 #include "curl_base64.h"
 #include "ftp.h"
+#include "gssapi.h"
 #include "sendf.h"
 #include "krb4.h"
 #include "curl_memory.h"
@@ -242,19 +231,19 @@ krb5_auth(void *app_data, struct connectdata *conn)
          taken care by a final gss_release_buffer. */
       gss_release_buffer(&min, &output_buffer);
       ret = AUTH_OK;
-      maj = gss_init_sec_context(&min,
-                                 GSS_C_NO_CREDENTIAL,
-                                 context,
-                                 gssname,
-                                 GSS_C_NO_OID,
-                                 GSS_C_MUTUAL_FLAG | GSS_C_REPLAY_FLAG,
-                                 0,
-                                 &chan,
-                                 gssresp,
-                                 NULL,
-                                 &output_buffer,
-                                 NULL,
-                                 NULL);
+      maj = Curl_gss_init_sec_context(&min,
+                                      GSS_C_NO_CREDENTIAL,
+                                      context,
+                                      gssname,
+                                      GSS_C_NO_OID,
+                                      GSS_C_MUTUAL_FLAG | GSS_C_REPLAY_FLAG,
+                                      0,
+                                      &chan,
+                                      gssresp,
+                                      NULL,
+                                      &output_buffer,
+                                      NULL,
+                                      NULL);
 
       if(gssresp) {
         free(_gssresp.value);
diff --git a/lib/socks_gssapi.c b/lib/socks_gssapi.c
index 653306cce..e91b572e3 100644
--- a/lib/socks_gssapi.c
+++ b/lib/socks_gssapi.c
@@ -37,6 +37,7 @@
 #include <stdlib.h>
 #endif
 
+#include "gssapi.h"
 #include "urldata.h"
 #include "sendf.h"
 #include "connect.h"
@@ -183,19 +184,19 @@ CURLcode Curl_SOCKS5_gssapi_negotiate(int sockindex,
   /* As long as we need to keep sending some context info, and there's no  */
   /* errors, keep sending it...                                            */
   for(;;) {
-    gss_major_status = gss_init_sec_context(&gss_minor_status,
-                                            GSS_C_NO_CREDENTIAL,
-                                            &gss_context, server,
-                                            GSS_C_NULL_OID,
-                                            GSS_C_MUTUAL_FLAG |
-                                            GSS_C_REPLAY_FLAG,
-                                            0,
-                                            NULL,
-                                            gss_token,
-                                            NULL,
-                                            &gss_send_token,
-                                            &gss_ret_flags,
-                                            NULL);
+    gss_major_status = Curl_gss_init_sec_context(&gss_minor_status,
+                                                 GSS_C_NO_CREDENTIAL,
+                                                 &gss_context, server,
+                                                 GSS_C_NULL_OID,
+                                                 GSS_C_MUTUAL_FLAG |
+                                                 GSS_C_REPLAY_FLAG,
+                                                 0,
+                                                 NULL,
+                                                 gss_token,
+                                                 NULL,
+                                                 &gss_send_token,
+                                                 &gss_ret_flags,
+                                                 NULL);
 
     if(gss_token != GSS_C_NO_BUFFER)
       gss_release_buffer(&gss_status, &gss_recv_token);