aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorSteve Holme <steve_holme@hotmail.com>2014-12-04 21:59:20 +0000
committerSteve Holme <steve_holme@hotmail.com>2014-12-04 22:05:14 +0000
commit750203bde46cc6a137c83b668e21d8495c94995a (patch)
tree7d902f0f561dab50deae90480ff46bc93ab542f4
parent0fcd74b836e20a3178a8381b31a2fb4d1495c7f6 (diff)
sasl_gssapi: Fixed honouring of no mutual authentication
-rw-r--r--lib/curl_gssapi.c6
-rw-r--r--lib/curl_gssapi.h1
-rw-r--r--lib/curl_sasl_gssapi.c2
-rw-r--r--lib/http_negotiate.c1
-rw-r--r--lib/krb5.c1
-rw-r--r--lib/socks_gssapi.c1
6 files changed, 10 insertions, 2 deletions
diff --git a/lib/curl_gssapi.c b/lib/curl_gssapi.c
index 7c961c9f2..2cd14fff0 100644
--- a/lib/curl_gssapi.c
+++ b/lib/curl_gssapi.c
@@ -41,9 +41,13 @@ OM_uint32 Curl_gss_init_sec_context(
gss_channel_bindings_t input_chan_bindings,
gss_buffer_t input_token,
gss_buffer_t output_token,
+ const bool mutual_auth,
OM_uint32 *ret_flags)
{
- OM_uint32 req_flags = GSS_C_MUTUAL_FLAG | GSS_C_REPLAY_FLAG;
+ OM_uint32 req_flags = GSS_C_REPLAY_FLAG;
+
+ if(mutual_auth)
+ req_flags |= GSS_C_MUTUAL_FLAG;
if(data->set.gssapi_delegation & CURLGSSAPI_DELEGATION_POLICY_FLAG) {
#ifdef GSS_C_DELEG_POLICY_FLAG
diff --git a/lib/curl_gssapi.h b/lib/curl_gssapi.h
index bd7e35c32..aaab78461 100644
--- a/lib/curl_gssapi.h
+++ b/lib/curl_gssapi.h
@@ -53,6 +53,7 @@ OM_uint32 Curl_gss_init_sec_context(
gss_channel_bindings_t input_chan_bindings,
gss_buffer_t input_token,
gss_buffer_t output_token,
+ const bool mutual_auth,
OM_uint32 *ret_flags);
/* Helper to log a GSS - API error status */
diff --git a/lib/curl_sasl_gssapi.c b/lib/curl_sasl_gssapi.c
index 5d044210c..2bbbc590d 100644
--- a/lib/curl_sasl_gssapi.c
+++ b/lib/curl_sasl_gssapi.c
@@ -107,7 +107,6 @@ CURLcode Curl_sasl_create_gssapi_user_message(struct SessionHandle *data,
(void) userp;
(void) passwdp;
- (void) mutual_auth;
if(krb5->context == GSS_C_NO_CONTEXT) {
/* Generate our SPN */
@@ -155,6 +154,7 @@ CURLcode Curl_sasl_create_gssapi_user_message(struct SessionHandle *data,
GSS_C_NO_CHANNEL_BINDINGS,
&input_token,
&output_token,
+ mutual_auth,
NULL);
Curl_safefree(input_token.value);
diff --git a/lib/http_negotiate.c b/lib/http_negotiate.c
index de009a49f..97d0cb762 100644
--- a/lib/http_negotiate.c
+++ b/lib/http_negotiate.c
@@ -122,6 +122,7 @@ int Curl_input_negotiate(struct connectdata *conn, bool proxy,
GSS_C_NO_CHANNEL_BINDINGS,
&input_token,
&output_token,
+ TRUE,
NULL);
Curl_safefree(input_token.value);
diff --git a/lib/krb5.c b/lib/krb5.c
index bc90c1218..a0d7bb4f0 100644
--- a/lib/krb5.c
+++ b/lib/krb5.c
@@ -236,6 +236,7 @@ krb5_auth(void *app_data, struct connectdata *conn)
&chan,
gssresp,
&output_buffer,
+ TRUE,
NULL);
if(gssresp) {
diff --git a/lib/socks_gssapi.c b/lib/socks_gssapi.c
index 831b8f655..f195c1a0e 100644
--- a/lib/socks_gssapi.c
+++ b/lib/socks_gssapi.c
@@ -185,6 +185,7 @@ CURLcode Curl_SOCKS5_gssapi_negotiate(int sockindex,
NULL,
gss_token,
&gss_send_token,
+ TRUE,
&gss_ret_flags);
if(gss_token != GSS_C_NO_BUFFER)