summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--lib/curl_gssapi.c20
-rw-r--r--lib/curl_gssapi.h18
-rw-r--r--lib/http_negotiate.c2
-rw-r--r--lib/krb5.c2
-rw-r--r--lib/socks_gssapi.c2
5 files changed, 25 insertions, 19 deletions
diff --git a/lib/curl_gssapi.c b/lib/curl_gssapi.c
index a86762ab0..7a2f84a7d 100644
--- a/lib/curl_gssapi.c
+++ b/lib/curl_gssapi.c
@@ -27,22 +27,21 @@
#include "curl_gssapi.h"
#include "sendf.h"
-static const char spnego_OID[] = "\x2b\x06\x01\x05\x05\x02";
-static const gss_OID_desc gss_mech_spnego = {
- 6,
- &spnego_OID
-};
+static const char spengo_oid_bytes[] = "\x2b\x06\x01\x05\x05\x02";
+gss_OID_desc spnego_mech_oid = { 6, &spengo_oid_bytes };
+static const char krb5_oid_bytes[] = "\x2a\x86\x48\x86\xf7\x12\x01\x02\x02";
+gss_OID_desc krb5_mech_oid = { 9, &krb5_oid_bytes };
OM_uint32 Curl_gss_init_sec_context(
struct SessionHandle *data,
- OM_uint32 * minor_status,
- gss_ctx_id_t * context,
+ OM_uint32 *minor_status,
+ gss_ctx_id_t *context,
gss_name_t target_name,
- bool use_spnego,
+ gss_OID mech_type,
gss_channel_bindings_t input_chan_bindings,
gss_buffer_t input_token,
gss_buffer_t output_token,
- OM_uint32 * ret_flags)
+ OM_uint32 *ret_flags)
{
OM_uint32 req_flags = GSS_C_MUTUAL_FLAG | GSS_C_REPLAY_FLAG;
@@ -62,8 +61,7 @@ OM_uint32 Curl_gss_init_sec_context(
GSS_C_NO_CREDENTIAL, /* cred_handle */
context,
target_name,
- use_spnego ? (gss_OID)&gss_mech_spnego :
- GSS_C_NO_OID,
+ mech_type,
req_flags,
0, /* time_req */
input_chan_bindings,
diff --git a/lib/curl_gssapi.h b/lib/curl_gssapi.h
index 5af7a0261..ff752d552 100644
--- a/lib/curl_gssapi.h
+++ b/lib/curl_gssapi.h
@@ -39,19 +39,27 @@
# include <gssapi.h>
#endif
+#ifndef SPNEGO_MECHANISM
+CURL_EXTERN gss_OID_desc spnego_mech_oid;
+#define SPNEGO_MECHANISM &spnego_mech_oid
+#endif
+#ifndef KRB5_MECHANISM
+CURL_EXTERN gss_OID_desc krb5_mech_oid;
+#define KRB5_MECHANISM &krb5_mech_oid
+#endif
-/* Common method for using gss api */
+/* Common method for using GSS-API */
OM_uint32 Curl_gss_init_sec_context(
struct SessionHandle *data,
- OM_uint32 * minor_status,
- gss_ctx_id_t * context,
+ OM_uint32 *minor_status,
+ gss_ctx_id_t *context,
gss_name_t target_name,
- bool use_spnego,
+ gss_OID mech_type,
gss_channel_bindings_t input_chan_bindings,
gss_buffer_t input_token,
gss_buffer_t output_token,
- OM_uint32 * ret_flags);
+ OM_uint32 *ret_flags);
#endif /* HAVE_GSSAPI */
diff --git a/lib/http_negotiate.c b/lib/http_negotiate.c
index bbad0b459..dc2bb383d 100644
--- a/lib/http_negotiate.c
+++ b/lib/http_negotiate.c
@@ -184,7 +184,7 @@ int Curl_input_negotiate(struct connectdata *conn, bool proxy,
&minor_status,
&neg_ctx->context,
neg_ctx->server_name,
- TRUE,
+ SPNEGO_MECHANISM,
GSS_C_NO_CHANNEL_BINDINGS,
&input_token,
&output_token,
diff --git a/lib/krb5.c b/lib/krb5.c
index 9a36af1db..10a79aaa4 100644
--- a/lib/krb5.c
+++ b/lib/krb5.c
@@ -236,7 +236,7 @@ krb5_auth(void *app_data, struct connectdata *conn)
&min,
context,
gssname,
- FALSE,
+ KRB5_MECHANISM,
&chan,
gssresp,
&output_buffer,
diff --git a/lib/socks_gssapi.c b/lib/socks_gssapi.c
index 0a35dfa09..dd955d6ff 100644
--- a/lib/socks_gssapi.c
+++ b/lib/socks_gssapi.c
@@ -181,7 +181,7 @@ CURLcode Curl_SOCKS5_gssapi_negotiate(int sockindex,
&gss_minor_status,
&gss_context,
server,
- FALSE,
+ KRB5_MECHANISM,
NULL,
gss_token,
&gss_send_token,