Markus Moeller's SPNEGO patch applied, with my edits, additions and minor

cleanups.
2026-06-05 00:54:14 +03:00 · 2003-09-19 12:56:22 +00:00 · 2003-09-19 12:56:22 +00:00 · 09ccfcdcd4
commit 09ccfcdcd4
parent bbc01c36d2
10 changed files with 150 additions and 16 deletions
--- a/lib/http.c
+++ b/lib/http.c
@ -238,7 +238,7 @@ CURLcode http_auth_headers(struct connectdata *conn,
    }
    /* Send web authentication header if needed */
    if (data->state.authstage == 401) {
-#ifdef GSSAPI
+#ifdef HAVE_GSSAPI
      if((data->state.authwant == CURLAUTH_GSSNEGOTIATE) &&
         data->state.negotiate.context && 
         !GSS_ERROR(data->state.negotiate.status)) {
@ -324,7 +324,7 @@ CURLcode Curl_http_auth(struct connectdata *conn,
  while(*start && isspace((int)*start))
    start++;

-#ifdef GSSAPI
+#ifdef HAVE_GSSAPI
  if (checkprefix("GSS-Negotiate", start) ||
      checkprefix("Negotiate", start)) {
    *availp |= CURLAUTH_GSSNEGOTIATE;
--- a/lib/http_negotiate.c
+++ b/lib/http_negotiate.c
@ -22,7 +22,10 @@
 ***************************************************************************/
 #include "setup.h"

-#ifdef GSSAPI
+#ifdef HAVE_GSSAPI
+#ifdef HAVE_GSSMIT
+#define GSS_C_NT_HOSTBASED_SERVICE gss_nt_service_name
+#endif

 #ifndef CURL_DISABLE_HTTP
 /* -- WIN32 approved -- */
@ -171,6 +174,46 @@ int Curl_input_negotiate(struct connectdata *conn, char *header)
    if (rawlen < 0)
      return -1;
    input_token.length = rawlen;
+
+#ifdef SPNEGO /* Handle SPNEGO */
+    if (checkprefix("Negotiate", header)) {
+        ASN1_OBJECT *   object            = NULL;
+        int             rc                = 1;
+        unsigned char * spnegoToken       = NULL;
+        size_t          spnegoTokenLength = 0;
+        unsigned char * mechToken         = NULL;
+        size_t          mechTokenLength   = 0;
+
+        spnegoToken = malloc(input_token.length);
+        if (input_token.value == NULL)
+          return ENOMEM;
+        spnegoTokenLength = input_token.length;
+
+        object = OBJ_txt2obj ("1.2.840.113554.1.2.2", 1);
+        if (!parseSpnegoTargetToken(spnegoToken,
+                                    spnegoTokenLength,
+                                    NULL,
+                                    NULL,
+                                    &mechToken,
+                                    &mechTokenLength,
+                                    NULL,
+                                    NULL)) {
+          free(spnegoToken);
+          spnegoToken = NULL;
+          infof(conn->data, "Parse SPNEGO Target Token failed\n");
+        }
+        else {
+          free(input_token.value);
+          input_token.value = NULL;
+          input_token.value = malloc(mechTokenLength);
+          memcpy(input_token.value, mechToken,mechTokenLength);
+          input_token.length = mechTokenLength;
+          free(mechToken);
+          mechToken = NULL;
+          infof(conn->data, "Parse SPNEGO Target Token succeded\n");
+        }
+    }
+#endif
  }

  major_status = gss_init_sec_context(&minor_status,
@ -212,9 +255,50 @@ CURLcode Curl_output_negotiate(struct connectdata *conn)
  struct negotiatedata *neg_ctx = &conn->data->state.negotiate;
  OM_uint32 minor_status;
  char *encoded = NULL;
-  int len = Curl_base64_encode(neg_ctx->output_token.value,
-                               neg_ctx->output_token.length,
-                               &encoded);
+  int len;
+
+#ifdef SPNEGO /* Handle SPNEGO */
+  if (checkprefix("Negotiate",neg_ctx->protocol)) {
+    ASN1_OBJECT *   object            = NULL;
+    int             rc                = 1;
+    unsigned char * spnegoToken       = NULL;
+    size_t          spnegoTokenLength = 0;
+    unsigned char * responseToken       = NULL;
+    size_t          responseTokenLength = 0;
+    
+    responseToken = malloc(neg_ctx->output_token.length);
+    if ( responseToken == NULL)
+      return CURLE_OUT_OF_MEMORY;
+    memcpy(responseToken, neg_ctx->output_token.value,
+           neg_ctx->output_token.length);
+    responseTokenLength = neg_ctx->output_token.length;
+
+    object=OBJ_txt2obj ("1.2.840.113554.1.2.2", 1);
+    if (!makeSpnegoInitialToken (object,
+                                 responseToken,
+                                 responseTokenLength,
+                                 &spnegoToken,
+                                 &spnegoTokenLength)) {
+      free(responseToken);
+      responseToken = NULL;
+      infof(conn->data, "Make SPNEGO Initial Token failed\n");
+    }
+    else {
+      free(neg_ctx->output_token.value);
+      responseToken = NULL;
+      neg_ctx->output_token.value = malloc(spnegoTokenLength);
+      memcpy(neg_ctx->output_token.value, spnegoToken,spnegoTokenLength);
+      neg_ctx->output_token.length = spnegoTokenLength;
+      free(spnegoToken);
+      spnegoToken = NULL;
+      infof(conn->data, "Make SPNEGO Initial Token succeded\n");
+    }
+  }
+#endif
+  len = Curl_base64_encode(neg_ctx->output_token.value,
+                           neg_ctx->output_token.length,
+                           &encoded);
+
  if (len < 0)
    return CURLE_OUT_OF_MEMORY;

--- a/lib/http_negotiate.h
+++ b/lib/http_negotiate.h
@ -24,7 +24,7 @@
 * $Id$
 ***************************************************************************/

-#ifdef GSSAPI
+#ifdef HAVE_GSSAPI

 /* this is for Negotiate header input */
 int Curl_input_negotiate(struct connectdata *conn, char *header);
--- a/lib/url.c
+++ b/lib/url.c
@ -879,7 +879,7 @@ CURLcode Curl_setopt(struct SessionHandle *data, CURLoption option, ...)
 #ifndef USE_SSLEAY
    auth &= ~CURLAUTH_NTLM; /* no NTLM without SSL */
 #endif
-#ifndef GSSAPI
+#ifndef HAVE_GSSAPI
    auth &= ~CURLAUTH_GSSNEGOTIATE; /* no GSS-Negotiate without GSSAPI */
 #endif
    if(!auth)
@ -899,7 +899,7 @@ CURLcode Curl_setopt(struct SessionHandle *data, CURLoption option, ...)
 #ifndef USE_SSLEAY
    auth &= ~CURLAUTH_NTLM; /* no NTLM without SSL */
 #endif
-#ifndef GSSAPI
+#ifndef HAVE_GSSAPI
    auth &= ~CURLAUTH_GSSNEGOTIATE; /* no GSS-Negotiate without GSSAPI */
 #endif
    if(!auth)
--- a/lib/urldata.h
+++ b/lib/urldata.h
@ -86,9 +86,14 @@
 #include <zlib.h> 		/* for content-encoding */
 #endif

-#ifdef GSSAPI
+#ifdef HAVE_GSSAPI
+#ifdef HAVE_GSSMIT
+#include <gssapi/gssapi.h>
+#include <gssapi/gssapi_generic.h>
+#else
 #include <gssapi.h>
 #endif
+#endif

 #ifdef USE_ARES
 #include <ares.h>
@ -184,7 +189,7 @@ struct ntlmdata {
  unsigned char nonce[8];
 };

-#ifdef GSSAPI
+#ifdef HAVE_GSSAPI
 struct negotiatedata {
  bool gss; /* Whether we're processing GSS-Negotiate or Negotiate */
  const char* protocol; /* "GSS-Negotiate" or "Negotiate" */
@ -688,7 +693,7 @@ struct UrlState {

  struct digestdata digest;

-#ifdef GSSAPI
+#ifdef HAVE_GSSAPI
  struct negotiatedata negotiate;
 #endif

--- a/lib/version.c
+++ b/lib/version.c
@ -114,7 +114,7 @@ char *curl_version(void)
  sprintf(ptr, " zlib/%s", zlibVersion());
  ptr += strlen(ptr);
 #endif
-#ifdef GSSAPI
+#ifdef HAVE_GSSAPI
  sprintf(ptr, " GSS");
  ptr += strlen(ptr);
 #endif
@ -177,7 +177,7 @@ static curl_version_info_data version_info = {
 #ifdef HAVE_LIBZ
  | CURL_VERSION_LIBZ
 #endif
-#ifdef GSSAPI
+#ifdef HAVE_GSSAPI
  | CURL_VERSION_GSSNEGOTIATE
 #endif
 #ifdef CURLDEBUG
@ -185,6 +185,9 @@ static curl_version_info_data version_info = {
 #endif
 #ifdef USE_ARES
  | CURL_VERSION_ASYNCHDNS
+#endif
+#ifdef HAVE_SPNEGO
+  | CURL_VERSION_SPNEGO
 #endif
  ,
  NULL, /* ssl_version */