aboutsummaryrefslogtreecommitdiff
path: root/lib/vauth
diff options
context:
space:
mode:
authorSteve Holme <steve_holme@hotmail.com>2016-04-03 11:15:03 +0100
committerSteve Holme <steve_holme@hotmail.com>2016-04-03 11:15:03 +0100
commit2d2c67e3ed30e7d9850447826b2cc968f28ae681 (patch)
tree1e15d20532be72f41858dddea66a5a8d07816811 /lib/vauth
parent365322b8bcf9efb6a361473d227b70f2032212ce (diff)
krb5: Only generate a SPN when its not known
Prior to this change, we were generating the SPN in the SSPI code when the credentials were NULL and in the GSS-API code when the context was empty. It is better to decouple the SPN generation from these checks and only generate it when the SPN itself is NULL. This also brings this part of the Kerberos 5 code in line with the Negotiate code.
Diffstat (limited to 'lib/vauth')
-rw-r--r--lib/vauth/krb5_gssapi.c5
-rw-r--r--lib/vauth/krb5_sspi.c12
2 files changed, 10 insertions, 7 deletions
diff --git a/lib/vauth/krb5_gssapi.c b/lib/vauth/krb5_gssapi.c
index e68053503..18c6dbb46 100644
--- a/lib/vauth/krb5_gssapi.c
+++ b/lib/vauth/krb5_gssapi.c
@@ -88,7 +88,7 @@ CURLcode Curl_auth_create_gssapi_user_message(struct SessionHandle *data,
(void) userp;
(void) passwdp;
- if(krb5->context == GSS_C_NO_CONTEXT) {
+ if(!krb5->spn) {
/* Generate our SPN */
char *spn = Curl_auth_build_gssapi_spn(service, host);
if(!spn)
@@ -112,7 +112,8 @@ CURLcode Curl_auth_create_gssapi_user_message(struct SessionHandle *data,
free(spn);
}
- else {
+
+ if(krb5->context != GSS_C_NO_CONTEXT) {
/* Decode the base-64 encoded challenge message */
if(strlen(chlg64) && *chlg64 != '=') {
result = Curl_base64_decode(chlg64, &chlg, &chlglen);
diff --git a/lib/vauth/krb5_sspi.c b/lib/vauth/krb5_sspi.c
index 6afd83dde..da08f8f03 100644
--- a/lib/vauth/krb5_sspi.c
+++ b/lib/vauth/krb5_sspi.c
@@ -85,6 +85,13 @@ CURLcode Curl_auth_create_gssapi_user_message(struct SessionHandle *data,
unsigned long attrs;
TimeStamp expiry; /* For Windows 9x compatibility of SSPI calls */
+ if(!krb5->spn) {
+ /* Generate our SPN */
+ krb5->spn = Curl_auth_build_spn(service, host);
+ if(!krb5->spn)
+ return CURLE_OUT_OF_MEMORY;
+ }
+
if(!krb5->credentials) {
/* Query the security package for Kerberos */
status = s_pSecFn->QuerySecurityPackageInfo((TCHAR *)
@@ -104,11 +111,6 @@ CURLcode Curl_auth_create_gssapi_user_message(struct SessionHandle *data,
if(!krb5->output_token)
return CURLE_OUT_OF_MEMORY;
- /* Generate our SPN */
- krb5->spn = Curl_auth_build_spn(service, host);
- if(!krb5->spn)
- return CURLE_OUT_OF_MEMORY;
-
if(userp && *userp) {
/* Populate our identity structure */
result = Curl_create_sspi_identity(userp, passwdp, &krb5->identity);