Negotiate: custom service names for SPNEGO.

* Add new options, CURLOPT_PROXY_SERVICE_NAME and CURLOPT_SERVICE_NAME. * Add new curl options, --proxy-service-name and --service-name.
author: Linus Nielsen <linus@haxx.se> 2015-03-29 14:52:31 +0200
committer: Daniel Stenberg <daniel@haxx.se> 2015-04-28 08:29:56 +0200
commit: 97c272e5d173ad5f706443e2477f0a84f0044edd (patch)
tree: f43116c71d2dd85e4e0e62866a096e3b3bd98a37 /lib
parent: 54c394699de29ea9ca07d9d0ac6f2f43848e5f32 (diff)
5 files changed, 42 insertions, 5 deletions
diff --git a/lib/http_negotiate.c b/lib/http_negotiate.c
index 21658cf7a..a1baf29c3 100644
--- a/lib/http_negotiate.c
+++ b/lib/http_negotiate.c
@@ -62,8 +62,10 @@ CURLcode Curl_input_negotiate(struct connectdata *conn, bool proxy,
 
   if(!neg_ctx->server_name) {
     /* Generate our SPN */
-    char *spn = Curl_sasl_build_gssapi_spn("HTTP", proxy ? conn->proxy.name :
-                                                           conn->host.name);
+    char *spn = Curl_sasl_build_gssapi_spn(
+      proxy ? data->set.str[STRING_PROXY_SERVICE_NAME] :
+      data->set.str[STRING_SERVICE_NAME],
+      proxy ? conn->proxy.name : conn->host.name);
     if(!spn)
       return CURLE_OUT_OF_MEMORY;
 
diff --git a/lib/http_negotiate_sspi.c b/lib/http_negotiate_sspi.c
index 20f8d643c..2c1075954 100644
--- a/lib/http_negotiate_sspi.c
+++ b/lib/http_negotiate_sspi.c
@@ -93,9 +93,10 @@ CURLcode Curl_input_negotiate(struct connectdata *conn, bool proxy,
       return CURLE_BAD_FUNCTION_ARGUMENT;
 
     /* Generate our SPN */
-    neg_ctx->server_name = Curl_sasl_build_spn("HTTP",
-                                                proxy ? conn->proxy.name :
-                                                        conn->host.name);
+    neg_ctx->server_name = Curl_sasl_build_spn(
+      proxy ? data->set.str[STRING_PROXY_SERVICE_NAME] :
+      data->set.str[STRING_SERVICE_NAME],
+      proxy ? conn->proxy.name : conn->host.name);
     if(!neg_ctx->server_name)
       return CURLE_OUT_OF_MEMORY;
   }
diff --git a/lib/url.c b/lib/url.c
index e49d5507a..dfd2ff4c5 100644
--- a/lib/url.c
+++ b/lib/url.c
@@ -576,6 +576,18 @@ CURLcode Curl_init_userdefined(struct UserDefined *set)
                      (char *) CURL_DEFAULT_SOCKS5_GSSAPI_SERVICE);
   if(result)
     return result;
+
+  /* set default negotiate proxy service name */
+  result = setstropt(&set->str[STRING_PROXY_SERVICE_NAME],
+                     (char *) CURL_DEFAULT_PROXY_SERVICE_NAME);
+  if(result)
+    return result;
+
+  /* set default negotiate service name */
+  result = setstropt(&set->str[STRING_SERVICE_NAME],
+                     (char *) CURL_DEFAULT_SERVICE_NAME);
+  if(result)
+    return result;
 #endif
 
   /* This is our preferred CA cert bundle/path since install time */
@@ -1472,12 +1484,29 @@ CURLcode Curl_setopt(struct SessionHandle *data, CURLoption option,
                        va_arg(param, char *));
     break;
 
+  case CURLOPT_PROXY_SERVICE_NAME:
+    /*
+     * Set negotiate proxy service name
+     */
+    result = setstropt(&data->set.str[STRING_PROXY_SERVICE_NAME],
+                       va_arg(param, char *));
+    break;
+
   case CURLOPT_SOCKS5_GSSAPI_NEC:
     /*
      * set flag for nec socks5 support
      */
     data->set.socks5_gssapi_nec = (0 != va_arg(param, long))?TRUE:FALSE;
     break;
+
+  case CURLOPT_SERVICE_NAME:
+    /*
+     * Set negotiate service identity
+     */
+    result = setstropt(&data->set.str[STRING_SERVICE_NAME],
+                       va_arg(param, char *));
+    break;
+
 #endif
 
   case CURLOPT_HEADERDATA:
diff --git a/lib/url.h b/lib/url.h
index cd46a92c3..e49b7724d 100644
--- a/lib/url.h
+++ b/lib/url.h
@@ -69,6 +69,9 @@ void Curl_close_connections(struct SessionHandle *data);
 #define CURL_DEFAULT_PROXY_PORT 1080 /* default proxy port unless specified */
 #define CURL_DEFAULT_SOCKS5_GSSAPI_SERVICE "rcmd" /* default socks5 gssapi
                                                      service */
+#define CURL_DEFAULT_PROXY_SERVICE_NAME "HTTP" /* default negotiate proxy
+                                                  service */
+#define CURL_DEFAULT_SERVICE_NAME "HTTP"  /* default negotiate service */
 
 CURLcode Curl_connected_proxy(struct connectdata *conn, int sockindex);
 
diff --git a/lib/urldata.h b/lib/urldata.h
index b1b1a678e..db8b1e732 100644
--- a/lib/urldata.h
+++ b/lib/urldata.h
@@ -1389,6 +1389,8 @@ enum dupstring {
 #endif
 #if defined(HAVE_GSSAPI) || defined(USE_WINDOWS_SSPI)
   STRING_SOCKS5_GSSAPI_SERVICE, /* GSSAPI service name */
+  STRING_PROXY_SERVICE_NAME, /* Proxy service name */
+  STRING_SERVICE_NAME,    /* Service name */
 #endif
   STRING_MAIL_FROM,
   STRING_MAIL_AUTH,
author	Linus Nielsen <linus@haxx.se>	2015-03-29 14:52:31 +0200
committer	Daniel Stenberg <daniel@haxx.se>	2015-04-28 08:29:56 +0200
commit	97c272e5d173ad5f706443e2477f0a84f0044edd (patch)
tree	f43116c71d2dd85e4e0e62866a096e3b3bd98a37 /lib
parent	54c394699de29ea9ca07d9d0ac6f2f43848e5f32 (diff)