From 5128672731a5edef2c7526610584fef821ec2309 Mon Sep 17 00:00:00 2001 From: Michael Osipov <1983-01-06@gmx.net> Date: Mon, 21 Jul 2014 09:53:44 +0200 Subject: HTTP: Remove checkprefix("GSS-Negotiate") That auth mech has never existed neither on MS nor on Unix side. There is only Negotiate over SPNEGO. --- lib/http_negotiate_sspi.c | 45 ++++----------------------------------------- 1 file changed, 4 insertions(+), 41 deletions(-) (limited to 'lib/http_negotiate_sspi.c') diff --git a/lib/http_negotiate_sspi.c b/lib/http_negotiate_sspi.c index 236766b16..2bf131f90 100644 --- a/lib/http_negotiate_sspi.c +++ b/lib/http_negotiate_sspi.c @@ -45,27 +45,13 @@ static int get_gss_name(struct connectdata *conn, bool proxy, struct negotiatedata *neg_ctx) { - const char* service; + const char* service = "HTTP"; size_t length; if(proxy && !conn->proxy.name) /* proxy auth requested but no given proxy name, error out! */ return -1; - /* GSSAPI implementation by Globus (known as GSI) requires the name to be - of form "/" instead of @ (ie. slash instead - of at-sign). Also GSI servers are often identified as 'host' not 'khttp'. - Change following lines if you want to use GSI */ - - /* IIS uses the @ form but uses 'http' as the service name, - and SSPI then generates an NTLM token. When using / a - Kerberos token is generated. */ - - if(neg_ctx->gss) - service = "KHTTP"; - else - service = "HTTP"; - length = strlen(service) + 1 + strlen(proxy ? conn->proxy.name : conn->host.name) + 1; if(length + 1 > sizeof(neg_ctx->server_name)) @@ -94,31 +80,8 @@ int Curl_input_negotiate(struct connectdata *conn, bool proxy, TCHAR *sname; int ret; size_t len = 0, input_token_len = 0; - bool gss = FALSE; - const char* protocol; CURLcode error; - if(checkprefix("GSS-Negotiate", header)) { - protocol = "GSS-Negotiate"; - gss = TRUE; - } - else if(checkprefix("Negotiate", header)) { - protocol = "Negotiate"; - gss = FALSE; - } - else - return -1; - - if(neg_ctx->context) { - if(neg_ctx->gss != gss) { - return -1; - } - } - else { - neg_ctx->protocol = protocol; - neg_ctx->gss = gss; - } - if(neg_ctx->context && neg_ctx->status == SEC_E_OK) { /* We finished successfully our part of authentication, but server * rejected it (since we're again here). Exit with an error since we @@ -148,7 +111,7 @@ int Curl_input_negotiate(struct connectdata *conn, bool proxy, } /* Obtain the input token, if any */ - header += strlen(neg_ctx->protocol); + header += strlen("Negotiate"); while(*header && ISSPACE(*header)) header++; @@ -260,8 +223,8 @@ CURLcode Curl_output_negotiate(struct connectdata *conn, bool proxy) if(len == 0) return CURLE_REMOTE_ACCESS_DENIED; - userp = aprintf("%sAuthorization: %s %s\r\n", proxy ? "Proxy-" : "", - neg_ctx->protocol, encoded); + userp = aprintf("%sAuthorization: Negotiate %s\r\n", proxy ? "Proxy-" : "", + encoded); if(proxy) conn->allocptr.proxyuserpwd = userp; -- cgit v1.2.3