From 5128672731a5edef2c7526610584fef821ec2309 Mon Sep 17 00:00:00 2001 From: Michael Osipov <1983-01-06@gmx.net> Date: Mon, 21 Jul 2014 09:53:44 +0200 Subject: HTTP: Remove checkprefix("GSS-Negotiate") That auth mech has never existed neither on MS nor on Unix side. There is only Negotiate over SPNEGO. --- lib/http_negotiate.c | 43 ++++--------------------------------------- 1 file changed, 4 insertions(+), 39 deletions(-) (limited to 'lib/http_negotiate.c') diff --git a/lib/http_negotiate.c b/lib/http_negotiate.c index dc2bb383d..f5e9252eb 100644 --- a/lib/http_negotiate.c +++ b/lib/http_negotiate.c @@ -53,19 +53,7 @@ get_gss_name(struct connectdata *conn, bool proxy, gss_name_t *server) OM_uint32 major_status, minor_status; gss_buffer_desc token = GSS_C_EMPTY_BUFFER; char name[2048]; - const char* service; - - /* GSSAPI implementation by Globus (known as GSI) requires the name to be - of form "/" instead of @ (ie. slash instead - of at-sign). Also GSI servers are often identified as 'host' not 'khttp'. - Change following lines if you want to use GSI */ - - /* IIS uses the @ form but uses 'http' as the service name */ - - if(neg_ctx->gss) - service = "KHTTP"; - else - service = "HTTP"; + const char* service = "HTTP"; token.length = strlen(service) + 1 + strlen(proxy ? conn->proxy.name : conn->host.name) + 1; @@ -128,31 +116,8 @@ int Curl_input_negotiate(struct connectdata *conn, bool proxy, int ret; size_t len; size_t rawlen = 0; - bool gss; - const char* protocol; CURLcode error; - if(checkprefix("GSS-Negotiate", header)) { - protocol = "GSS-Negotiate"; - gss = TRUE; - } - else if(checkprefix("Negotiate", header)) { - protocol = "Negotiate"; - gss = FALSE; - } - else - return -1; - - if(neg_ctx->context) { - if(neg_ctx->gss != gss) { - return -1; - } - } - else { - neg_ctx->protocol = protocol; - neg_ctx->gss = gss; - } - if(neg_ctx->context && neg_ctx->status == GSS_S_COMPLETE) { /* We finished successfully our part of authentication, but server * rejected it (since we're again here). Exit with an error since we @@ -165,7 +130,7 @@ int Curl_input_negotiate(struct connectdata *conn, bool proxy, (ret = get_gss_name(conn, proxy, &neg_ctx->server_name))) return ret; - header += strlen(neg_ctx->protocol); + header += strlen("Negotiate"); while(*header && ISSPACE(*header)) header++; @@ -238,8 +203,8 @@ CURLcode Curl_output_negotiate(struct connectdata *conn, bool proxy) return CURLE_REMOTE_ACCESS_DENIED; } - userp = aprintf("%sAuthorization: %s %s\r\n", proxy ? "Proxy-" : "", - neg_ctx->protocol, encoded); + userp = aprintf("%sAuthorization: Negotiate %s\r\n", proxy ? "Proxy-" : "", + encoded); if(proxy) { Curl_safefree(conn->allocptr.proxyuserpwd); conn->allocptr.proxyuserpwd = userp; -- cgit v1.2.3