aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorLinus Nielsen <linus@haxx.se>2015-03-29 14:52:31 +0200
committerDaniel Stenberg <daniel@haxx.se>2015-04-28 08:29:56 +0200
commit97c272e5d173ad5f706443e2477f0a84f0044edd (patch)
treef43116c71d2dd85e4e0e62866a096e3b3bd98a37
parent54c394699de29ea9ca07d9d0ac6f2f43848e5f32 (diff)
Negotiate: custom service names for SPNEGO.
* Add new options, CURLOPT_PROXY_SERVICE_NAME and CURLOPT_SERVICE_NAME. * Add new curl options, --proxy-service-name and --service-name.
-rw-r--r--docs/curl.110
-rw-r--r--docs/libcurl/curl_easy_setopt.34
-rw-r--r--docs/libcurl/opts/CURLOPT_PROXY_SERVICE_NAME.346
-rw-r--r--docs/libcurl/opts/CURLOPT_SERVICE_NAME.346
-rw-r--r--docs/libcurl/symbols-in-versions2
-rw-r--r--include/curl/curl.h6
-rw-r--r--include/curl/typecheck-gcc.h2
-rw-r--r--lib/http_negotiate.c6
-rw-r--r--lib/http_negotiate_sspi.c7
-rw-r--r--lib/url.c29
-rw-r--r--lib/url.h3
-rw-r--r--lib/urldata.h2
-rw-r--r--packages/OS400/ccsidcurl.c2
-rw-r--r--src/tool_cfgable.c2
-rw-r--r--src/tool_cfgable.h4
-rw-r--r--src/tool_getparam.c8
-rw-r--r--src/tool_operate.c11
17 files changed, 185 insertions, 5 deletions
diff --git a/docs/curl.1 b/docs/curl.1
index 7b988d043..c8d9baf11 100644
--- a/docs/curl.1
+++ b/docs/curl.1
@@ -1332,6 +1332,11 @@ with a remote host. (Added in 7.17.1)
.IP "--proxy-ntlm"
Tells curl to use HTTP NTLM authentication when communicating with the given
proxy. Use \fI--ntlm\fP for enabling NTLM with a remote host.
+.IP "--proxy-service-name <servicename>"
+This option allows you to change the service name for proxy negotiation.
+
+Examples: --proxy-negotiate proxy-name \fI--proxy-service-name\fP sockd would use
+sockd/proxy-name. (Added in 7.43.0).
.IP "--proxy1.0 <proxyhost[:port]>"
Use the specified HTTP 1.0 proxy. If the port number is not specified, it is
assumed at port 1080.
@@ -1513,6 +1518,11 @@ terminal/stdout unless you redirect it.
.IP "--sasl-ir"
Enable initial response in SASL authentication.
(Added in 7.31.0)
+.IP "--service-name <servicename>"
+This option allows you to change the service name for SPNEGO.
+
+Examples: --negotiate \fI--service-name\fP sockd would use
+sockd/server-name. (Added in 7.43.0).
.IP "-S, --show-error"
When used with \fI-s\fP it makes curl show an error message if it fails.
.IP "--ssl"
diff --git a/docs/libcurl/curl_easy_setopt.3 b/docs/libcurl/curl_easy_setopt.3
index 712dae90c..4e5b8dec1 100644
--- a/docs/libcurl/curl_easy_setopt.3
+++ b/docs/libcurl/curl_easy_setopt.3
@@ -165,6 +165,10 @@ Tunnel through the HTTP proxy. \fICURLOPT_HTTPPROXYTUNNEL(3)\fP
Socks5 GSSAPI service name. \fICURLOPT_SOCKS5_GSSAPI_SERVICE(3)\fP
.IP CURLOPT_SOCKS5_GSSAPI_NEC
Socks5 GSSAPI NEC mode. See \fICURLOPT_SOCKS5_GSSAPI_NEC(3)\fP
+.IP CURLOPT_PROXY_SERVICE_NAME
+Proxy service name. \fICURLOPT_PROXY_SERVICE_NAME(3)\fP
+.IP CURLOPT_SERVICE_NAME
+SPNEGO service name. \fICURLOPT_SERVICE_NAME(3)\fP
.IP CURLOPT_INTERFACE
Bind connection locally to this. See \fICURLOPT_INTERFACE(3)\fP
.IP CURLOPT_LOCALPORT
diff --git a/docs/libcurl/opts/CURLOPT_PROXY_SERVICE_NAME.3 b/docs/libcurl/opts/CURLOPT_PROXY_SERVICE_NAME.3
new file mode 100644
index 000000000..824fedf8a
--- /dev/null
+++ b/docs/libcurl/opts/CURLOPT_PROXY_SERVICE_NAME.3
@@ -0,0 +1,46 @@
+.\" **************************************************************************
+.\" * _ _ ____ _
+.\" * Project ___| | | | _ \| |
+.\" * / __| | | | |_) | |
+.\" * | (__| |_| | _ <| |___
+.\" * \___|\___/|_| \_\_____|
+.\" *
+.\" * Copyright (C) 1998 - 2015, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" *
+.\" * This software is licensed as described in the file COPYING, which
+.\" * you should have received as part of this distribution. The terms
+.\" * are also available at http://curl.haxx.se/docs/copyright.html.
+.\" *
+.\" * You may opt to use, copy, modify, merge, publish, distribute and/or sell
+.\" * copies of the Software, and permit persons to whom the Software is
+.\" * furnished to do so, under the terms of the COPYING file.
+.\" *
+.\" * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
+.\" * KIND, either express or implied.
+.\" *
+.\" **************************************************************************
+.\"
+.TH CURLOPT_PROXY_SERVICE_NAME 3 "17 Jun 2015" "libcurl 7.43.0" "curl_easy_setopt options"
+.SH NAME
+CURLOPT_PROXY_SERVICE_NAME \- proxy service name
+.SH SYNOPSIS
+#include <curl/curl.h>
+
+CURLcode curl_easy_setopt(CURL *handle, CURLOPT_PROXY_SERVICE_NAME, char *name);
+.SH DESCRIPTION
+Pass a char * as parameter to a string holding the \fIname\fP of the
+service. The default service name is "rcmd" (for a SOCKS5 server). This option
+allows you to change it.
+..SH DEFAULT
+See above
+.SH PROTOCOLS
+Most
+.SH EXAMPLE
+TODO
+.SH AVAILABILITY
+Added in 7.43.0
+.SH RETURN VALUE
+Returns CURLE_OK if the option is supported, CURLE_UNKNOWN_OPTION if not, or
+CURLE_OUT_OF_MEMORY if there was insufficient heap space.
+.SH "SEE ALSO"
+.BR CURLOPT_PROXY "(3), " CURLOPT_PROXYTYPE "(3), "
diff --git a/docs/libcurl/opts/CURLOPT_SERVICE_NAME.3 b/docs/libcurl/opts/CURLOPT_SERVICE_NAME.3
new file mode 100644
index 000000000..116fdbe76
--- /dev/null
+++ b/docs/libcurl/opts/CURLOPT_SERVICE_NAME.3
@@ -0,0 +1,46 @@
+.\" **************************************************************************
+.\" * _ _ ____ _
+.\" * Project ___| | | | _ \| |
+.\" * / __| | | | |_) | |
+.\" * | (__| |_| | _ <| |___
+.\" * \___|\___/|_| \_\_____|
+.\" *
+.\" * Copyright (C) 1998 - 2015, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" *
+.\" * This software is licensed as described in the file COPYING, which
+.\" * you should have received as part of this distribution. The terms
+.\" * are also available at http://curl.haxx.se/docs/copyright.html.
+.\" *
+.\" * You may opt to use, copy, modify, merge, publish, distribute and/or sell
+.\" * copies of the Software, and permit persons to whom the Software is
+.\" * furnished to do so, under the terms of the COPYING file.
+.\" *
+.\" * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
+.\" * KIND, either express or implied.
+.\" *
+.\" **************************************************************************
+.\"
+.TH CURLOPT_SERVICE_NAME 3 "17 Jun 2015" "libcurl 7.43.0" "curl_easy_setopt options"
+.SH NAME
+CURLOPT_SERVICE_NAME \- SPNEGO service name
+.SH SYNOPSIS
+#include <curl/curl.h>
+
+CURLcode curl_easy_setopt(CURL *handle, CURLOPT_SERVICE_NAME, char *name);
+.SH DESCRIPTION
+Pass a char * as parameter to a string holding the \fIname\fP of the
+service. The default service name is "HTTP". This option allows you to
+change it.
+..SH DEFAULT
+See above
+.SH PROTOCOLS
+Most
+.SH EXAMPLE
+TODO
+.SH AVAILABILITY
+Added in 7.43.0
+.SH RETURN VALUE
+Returns CURLE_OK if the option is supported, CURLE_UNKNOWN_OPTION if not, or
+CURLE_OUT_OF_MEMORY if there was insufficient heap space.
+.SH "SEE ALSO"
+.BR CURLOPT_PROXY "(3), " CURLOPT_PROXYTYPE "(3), "
diff --git a/docs/libcurl/symbols-in-versions b/docs/libcurl/symbols-in-versions
index 1ed3c212f..18dc1beda 100644
--- a/docs/libcurl/symbols-in-versions
+++ b/docs/libcurl/symbols-in-versions
@@ -454,6 +454,7 @@ CURLOPT_PROXYPORT 7.1
CURLOPT_PROXYTYPE 7.10
CURLOPT_PROXYUSERNAME 7.19.1
CURLOPT_PROXYUSERPWD 7.1
+CURLOPT_PROXY_SERVICE_NAME 7.43.0
CURLOPT_PROXY_TRANSFER_MODE 7.18.0
CURLOPT_PUT 7.1
CURLOPT_QUOTE 7.1
@@ -477,6 +478,7 @@ CURLOPT_SASL_IR 7.31.0
CURLOPT_SEEKDATA 7.18.0
CURLOPT_SEEKFUNCTION 7.18.0
CURLOPT_SERVER_RESPONSE_TIMEOUT 7.20.0
+CURLOPT_SERVICE_NAME 7.43.0
CURLOPT_SHARE 7.10
CURLOPT_SOCKOPTDATA 7.16.0
CURLOPT_SOCKOPTFUNCTION 7.16.0
diff --git a/include/curl/curl.h b/include/curl/curl.h
index ae1b0e4db..9ef753140 100644
--- a/include/curl/curl.h
+++ b/include/curl/curl.h
@@ -1632,6 +1632,12 @@ typedef enum {
/* Do not squash dot-dot sequences */
CINIT(PATH_AS_IS, LONG, 234),
+ /* Proxy Service Name */
+ CINIT(PROXY_SERVICE_NAME, OBJECTPOINT, 235),
+
+ /* Service Name */
+ CINIT(SERVICE_NAME, OBJECTPOINT, 236),
+
CURLOPT_LASTENTRY /* the last unused */
} CURLoption;
diff --git a/include/curl/typecheck-gcc.h b/include/curl/typecheck-gcc.h
index 69d41a20d..13fb0fa9e 100644
--- a/include/curl/typecheck-gcc.h
+++ b/include/curl/typecheck-gcc.h
@@ -270,6 +270,8 @@ _CURL_WARNING(_curl_easy_getinfo_err_curl_slist,
(option) == CURLOPT_DNS_LOCAL_IP4 || \
(option) == CURLOPT_DNS_LOCAL_IP6 || \
(option) == CURLOPT_LOGIN_OPTIONS || \
+ (option) == CURLOPT_PROXY_SERVICE_NAME || \
+ (option) == CURLOPT_SERVICE_NAME || \
0)
/* evaluates to true if option takes a curl_write_callback argument */
diff --git a/lib/http_negotiate.c b/lib/http_negotiate.c
index 21658cf7a..a1baf29c3 100644
--- a/lib/http_negotiate.c
+++ b/lib/http_negotiate.c
@@ -62,8 +62,10 @@ CURLcode Curl_input_negotiate(struct connectdata *conn, bool proxy,
if(!neg_ctx->server_name) {
/* Generate our SPN */
- char *spn = Curl_sasl_build_gssapi_spn("HTTP", proxy ? conn->proxy.name :
- conn->host.name);
+ char *spn = Curl_sasl_build_gssapi_spn(
+ proxy ? data->set.str[STRING_PROXY_SERVICE_NAME] :
+ data->set.str[STRING_SERVICE_NAME],
+ proxy ? conn->proxy.name : conn->host.name);
if(!spn)
return CURLE_OUT_OF_MEMORY;
diff --git a/lib/http_negotiate_sspi.c b/lib/http_negotiate_sspi.c
index 20f8d643c..2c1075954 100644
--- a/lib/http_negotiate_sspi.c
+++ b/lib/http_negotiate_sspi.c
@@ -93,9 +93,10 @@ CURLcode Curl_input_negotiate(struct connectdata *conn, bool proxy,
return CURLE_BAD_FUNCTION_ARGUMENT;
/* Generate our SPN */
- neg_ctx->server_name = Curl_sasl_build_spn("HTTP",
- proxy ? conn->proxy.name :
- conn->host.name);
+ neg_ctx->server_name = Curl_sasl_build_spn(
+ proxy ? data->set.str[STRING_PROXY_SERVICE_NAME] :
+ data->set.str[STRING_SERVICE_NAME],
+ proxy ? conn->proxy.name : conn->host.name);
if(!neg_ctx->server_name)
return CURLE_OUT_OF_MEMORY;
}
diff --git a/lib/url.c b/lib/url.c
index e49d5507a..dfd2ff4c5 100644
--- a/lib/url.c
+++ b/lib/url.c
@@ -576,6 +576,18 @@ CURLcode Curl_init_userdefined(struct UserDefined *set)
(char *) CURL_DEFAULT_SOCKS5_GSSAPI_SERVICE);
if(result)
return result;
+
+ /* set default negotiate proxy service name */
+ result = setstropt(&set->str[STRING_PROXY_SERVICE_NAME],
+ (char *) CURL_DEFAULT_PROXY_SERVICE_NAME);
+ if(result)
+ return result;
+
+ /* set default negotiate service name */
+ result = setstropt(&set->str[STRING_SERVICE_NAME],
+ (char *) CURL_DEFAULT_SERVICE_NAME);
+ if(result)
+ return result;
#endif
/* This is our preferred CA cert bundle/path since install time */
@@ -1472,12 +1484,29 @@ CURLcode Curl_setopt(struct SessionHandle *data, CURLoption option,
va_arg(param, char *));
break;
+ case CURLOPT_PROXY_SERVICE_NAME:
+ /*
+ * Set negotiate proxy service name
+ */
+ result = setstropt(&data->set.str[STRING_PROXY_SERVICE_NAME],
+ va_arg(param, char *));
+ break;
+
case CURLOPT_SOCKS5_GSSAPI_NEC:
/*
* set flag for nec socks5 support
*/
data->set.socks5_gssapi_nec = (0 != va_arg(param, long))?TRUE:FALSE;
break;
+
+ case CURLOPT_SERVICE_NAME:
+ /*
+ * Set negotiate service identity
+ */
+ result = setstropt(&data->set.str[STRING_SERVICE_NAME],
+ va_arg(param, char *));
+ break;
+
#endif
case CURLOPT_HEADERDATA:
diff --git a/lib/url.h b/lib/url.h
index cd46a92c3..e49b7724d 100644
--- a/lib/url.h
+++ b/lib/url.h
@@ -69,6 +69,9 @@ void Curl_close_connections(struct SessionHandle *data);
#define CURL_DEFAULT_PROXY_PORT 1080 /* default proxy port unless specified */
#define CURL_DEFAULT_SOCKS5_GSSAPI_SERVICE "rcmd" /* default socks5 gssapi
service */
+#define CURL_DEFAULT_PROXY_SERVICE_NAME "HTTP" /* default negotiate proxy
+ service */
+#define CURL_DEFAULT_SERVICE_NAME "HTTP" /* default negotiate service */
CURLcode Curl_connected_proxy(struct connectdata *conn, int sockindex);
diff --git a/lib/urldata.h b/lib/urldata.h
index b1b1a678e..db8b1e732 100644
--- a/lib/urldata.h
+++ b/lib/urldata.h
@@ -1389,6 +1389,8 @@ enum dupstring {
#endif
#if defined(HAVE_GSSAPI) || defined(USE_WINDOWS_SSPI)
STRING_SOCKS5_GSSAPI_SERVICE, /* GSSAPI service name */
+ STRING_PROXY_SERVICE_NAME, /* Proxy service name */
+ STRING_SERVICE_NAME, /* Service name */
#endif
STRING_MAIL_FROM,
STRING_MAIL_AUTH,
diff --git a/packages/OS400/ccsidcurl.c b/packages/OS400/ccsidcurl.c
index 8ac6ed377..ca3b0f1ad 100644
--- a/packages/OS400/ccsidcurl.c
+++ b/packages/OS400/ccsidcurl.c
@@ -1180,6 +1180,8 @@ curl_easy_setopt_ccsid(CURL * curl, CURLoption tag, ...)
case CURLOPT_USERNAME:
case CURLOPT_USERPWD:
case CURLOPT_XOAUTH2_BEARER:
+ case CURLOPT_PROXY_SERVICE_NAME:
+ case CURLOPT_SERVICE_NAME:
s = va_arg(arg, char *);
ccsid = va_arg(arg, unsigned int);
diff --git a/src/tool_cfgable.c b/src/tool_cfgable.c
index c78c89613..ba6c468c5 100644
--- a/src/tool_cfgable.c
+++ b/src/tool_cfgable.c
@@ -136,6 +136,8 @@ static void free_config_fields(struct OperationConfig *config)
Curl_safefree(config->socksproxy);
Curl_safefree(config->socks5_gssapi_service);
+ Curl_safefree(config->proxy_service_name);
+ Curl_safefree(config->service_name);
Curl_safefree(config->ftp_account);
Curl_safefree(config->ftp_alternative_to_user);
diff --git a/src/tool_cfgable.h b/src/tool_cfgable.h
index d1f223871..048eb4ffe 100644
--- a/src/tool_cfgable.h
+++ b/src/tool_cfgable.h
@@ -166,8 +166,12 @@ struct OperationConfig {
int socksver; /* set to CURLPROXY_SOCKS* define */
char *socks5_gssapi_service; /* set service name for gssapi principal
* default rcmd */
+ char *proxy_service_name; /* set service name for proxy negotiation
+ * default HTTP */
int socks5_gssapi_nec ; /* The NEC reference server does not protect
* the encryption type exchange */
+ char *service_name; /* set negotiation service name
+ * default HTTP */
bool tcp_nodelay;
long req_retry; /* number of retries */
diff --git a/src/tool_getparam.c b/src/tool_getparam.c
index 1b5d6d2b0..62283a5dd 100644
--- a/src/tool_getparam.c
+++ b/src/tool_getparam.c
@@ -161,6 +161,8 @@ static const struct LongShort aliases[]= {
#if defined(HAVE_GSSAPI) || defined(USE_WINDOWS_SSPI)
{"$6", "socks5-gssapi-service", TRUE},
{"$7", "socks5-gssapi-nec", FALSE},
+ {"$O", "proxy-service-name", TRUE},
+ {"$P", "service-name", TRUE},
#endif
{"$8", "proxy1.0", TRUE},
{"$9", "tftp-blksize", TRUE},
@@ -903,6 +905,12 @@ ParameterError getparameter(char *flag, /* f or -long-flag */
case '7': /* --socks5-gssapi-nec*/
config->socks5_gssapi_nec = toggle;
break;
+ case 'O': /* --proxy-service-name */
+ GetStr(&config->proxy_service_name, nextarg);
+ break;
+ case 'P': /* --service-name */
+ GetStr(&config->service_name, nextarg);
+ break;
#endif
case '8': /* --proxy1.0 */
/* http 1.0 proxy */
diff --git a/src/tool_operate.c b/src/tool_operate.c
index 74e4002b1..5f7b79211 100644
--- a/src/tool_operate.c
+++ b/src/tool_operate.c
@@ -1217,6 +1217,17 @@ static CURLcode operate_do(struct GlobalConfig *global,
if(config->socks5_gssapi_nec)
my_setopt_str(curl, CURLOPT_SOCKS5_GSSAPI_NEC,
config->socks5_gssapi_nec);
+
+ /* new in curl 7.43.0 */
+ if(config->proxy_service_name)
+ my_setopt_str(curl, CURLOPT_PROXY_SERVICE_NAME,
+ config->proxy_service_name);
+
+ /* new in curl 7.43.0 */
+ if(config->service_name)
+ my_setopt_str(curl, CURLOPT_SERVICE_NAME,
+ config->service_name);
+
}
#endif
/* curl 7.13.0 */