diff options
author | Steve Holme <steve_holme@hotmail.com> | 2014-12-04 21:59:20 +0000 |
---|---|---|
committer | Steve Holme <steve_holme@hotmail.com> | 2014-12-04 22:05:14 +0000 |
commit | 750203bde46cc6a137c83b668e21d8495c94995a (patch) | |
tree | 7d902f0f561dab50deae90480ff46bc93ab542f4 | |
parent | 0fcd74b836e20a3178a8381b31a2fb4d1495c7f6 (diff) |
sasl_gssapi: Fixed honouring of no mutual authentication
-rw-r--r-- | lib/curl_gssapi.c | 6 | ||||
-rw-r--r-- | lib/curl_gssapi.h | 1 | ||||
-rw-r--r-- | lib/curl_sasl_gssapi.c | 2 | ||||
-rw-r--r-- | lib/http_negotiate.c | 1 | ||||
-rw-r--r-- | lib/krb5.c | 1 | ||||
-rw-r--r-- | lib/socks_gssapi.c | 1 |
6 files changed, 10 insertions, 2 deletions
diff --git a/lib/curl_gssapi.c b/lib/curl_gssapi.c index 7c961c9f2..2cd14fff0 100644 --- a/lib/curl_gssapi.c +++ b/lib/curl_gssapi.c @@ -41,9 +41,13 @@ OM_uint32 Curl_gss_init_sec_context( gss_channel_bindings_t input_chan_bindings, gss_buffer_t input_token, gss_buffer_t output_token, + const bool mutual_auth, OM_uint32 *ret_flags) { - OM_uint32 req_flags = GSS_C_MUTUAL_FLAG | GSS_C_REPLAY_FLAG; + OM_uint32 req_flags = GSS_C_REPLAY_FLAG; + + if(mutual_auth) + req_flags |= GSS_C_MUTUAL_FLAG; if(data->set.gssapi_delegation & CURLGSSAPI_DELEGATION_POLICY_FLAG) { #ifdef GSS_C_DELEG_POLICY_FLAG diff --git a/lib/curl_gssapi.h b/lib/curl_gssapi.h index bd7e35c32..aaab78461 100644 --- a/lib/curl_gssapi.h +++ b/lib/curl_gssapi.h @@ -53,6 +53,7 @@ OM_uint32 Curl_gss_init_sec_context( gss_channel_bindings_t input_chan_bindings, gss_buffer_t input_token, gss_buffer_t output_token, + const bool mutual_auth, OM_uint32 *ret_flags); /* Helper to log a GSS - API error status */ diff --git a/lib/curl_sasl_gssapi.c b/lib/curl_sasl_gssapi.c index 5d044210c..2bbbc590d 100644 --- a/lib/curl_sasl_gssapi.c +++ b/lib/curl_sasl_gssapi.c @@ -107,7 +107,6 @@ CURLcode Curl_sasl_create_gssapi_user_message(struct SessionHandle *data, (void) userp; (void) passwdp; - (void) mutual_auth; if(krb5->context == GSS_C_NO_CONTEXT) { /* Generate our SPN */ @@ -155,6 +154,7 @@ CURLcode Curl_sasl_create_gssapi_user_message(struct SessionHandle *data, GSS_C_NO_CHANNEL_BINDINGS, &input_token, &output_token, + mutual_auth, NULL); Curl_safefree(input_token.value); diff --git a/lib/http_negotiate.c b/lib/http_negotiate.c index de009a49f..97d0cb762 100644 --- a/lib/http_negotiate.c +++ b/lib/http_negotiate.c @@ -122,6 +122,7 @@ int Curl_input_negotiate(struct connectdata *conn, bool proxy, GSS_C_NO_CHANNEL_BINDINGS, &input_token, &output_token, + TRUE, NULL); Curl_safefree(input_token.value); diff --git a/lib/krb5.c b/lib/krb5.c index bc90c1218..a0d7bb4f0 100644 --- a/lib/krb5.c +++ b/lib/krb5.c @@ -236,6 +236,7 @@ krb5_auth(void *app_data, struct connectdata *conn) &chan, gssresp, &output_buffer, + TRUE, NULL); if(gssresp) { diff --git a/lib/socks_gssapi.c b/lib/socks_gssapi.c index 831b8f655..f195c1a0e 100644 --- a/lib/socks_gssapi.c +++ b/lib/socks_gssapi.c @@ -185,6 +185,7 @@ CURLcode Curl_SOCKS5_gssapi_negotiate(int sockindex, NULL, gss_token, &gss_send_token, + TRUE, &gss_ret_flags); if(gss_token != GSS_C_NO_BUFFER) |