diff options
| author | Michael Osipov <1983-01-06@gmx.net> | 2014-07-21 09:53:44 +0200 |
|---|---|---|
| committer | Daniel Stenberg <daniel@haxx.se> | 2014-07-23 00:01:39 +0200 |
| commit | 5128672731a5edef2c7526610584fef821ec2309 (patch) | |
| tree | d4ce724e1a1ddcceaa1107bbabe6bb04ed727ff0 /lib/http_negotiate_sspi.c | |
| parent | eda12bcff8bc47380d6e997d785464f858c1d140 (diff) | |
HTTP: Remove checkprefix("GSS-Negotiate")
That auth mech has never existed neither on MS nor on Unix side.
There is only Negotiate over SPNEGO.
Diffstat (limited to 'lib/http_negotiate_sspi.c')
| -rw-r--r-- | lib/http_negotiate_sspi.c | 45 |
1 files changed, 4 insertions, 41 deletions
diff --git a/lib/http_negotiate_sspi.c b/lib/http_negotiate_sspi.c index 236766b16..2bf131f90 100644 --- a/lib/http_negotiate_sspi.c +++ b/lib/http_negotiate_sspi.c @@ -45,27 +45,13 @@ static int get_gss_name(struct connectdata *conn, bool proxy, struct negotiatedata *neg_ctx) { - const char* service; + const char* service = "HTTP"; size_t length; if(proxy && !conn->proxy.name) /* proxy auth requested but no given proxy name, error out! */ return -1; - /* GSSAPI implementation by Globus (known as GSI) requires the name to be - of form "<service>/<fqdn>" instead of <service>@<fqdn> (ie. slash instead - of at-sign). Also GSI servers are often identified as 'host' not 'khttp'. - Change following lines if you want to use GSI */ - - /* IIS uses the <service>@<fqdn> form but uses 'http' as the service name, - and SSPI then generates an NTLM token. When using <service>/<fqdn> a - Kerberos token is generated. */ - - if(neg_ctx->gss) - service = "KHTTP"; - else - service = "HTTP"; - length = strlen(service) + 1 + strlen(proxy ? conn->proxy.name : conn->host.name) + 1; if(length + 1 > sizeof(neg_ctx->server_name)) @@ -94,31 +80,8 @@ int Curl_input_negotiate(struct connectdata *conn, bool proxy, TCHAR *sname; int ret; size_t len = 0, input_token_len = 0; - bool gss = FALSE; - const char* protocol; CURLcode error; - if(checkprefix("GSS-Negotiate", header)) { - protocol = "GSS-Negotiate"; - gss = TRUE; - } - else if(checkprefix("Negotiate", header)) { - protocol = "Negotiate"; - gss = FALSE; - } - else - return -1; - - if(neg_ctx->context) { - if(neg_ctx->gss != gss) { - return -1; - } - } - else { - neg_ctx->protocol = protocol; - neg_ctx->gss = gss; - } - if(neg_ctx->context && neg_ctx->status == SEC_E_OK) { /* We finished successfully our part of authentication, but server * rejected it (since we're again here). Exit with an error since we @@ -148,7 +111,7 @@ int Curl_input_negotiate(struct connectdata *conn, bool proxy, } /* Obtain the input token, if any */ - header += strlen(neg_ctx->protocol); + header += strlen("Negotiate"); while(*header && ISSPACE(*header)) header++; @@ -260,8 +223,8 @@ CURLcode Curl_output_negotiate(struct connectdata *conn, bool proxy) if(len == 0) return CURLE_REMOTE_ACCESS_DENIED; - userp = aprintf("%sAuthorization: %s %s\r\n", proxy ? "Proxy-" : "", - neg_ctx->protocol, encoded); + userp = aprintf("%sAuthorization: Negotiate %s\r\n", proxy ? "Proxy-" : "", + encoded); if(proxy) conn->allocptr.proxyuserpwd = userp; |