From 97c272e5d173ad5f706443e2477f0a84f0044edd Mon Sep 17 00:00:00 2001 From: Linus Nielsen Date: Sun, 29 Mar 2015 14:52:31 +0200 Subject: Negotiate: custom service names for SPNEGO. * Add new options, CURLOPT_PROXY_SERVICE_NAME and CURLOPT_SERVICE_NAME. * Add new curl options, --proxy-service-name and --service-name. --- lib/http_negotiate.c | 6 ++++-- lib/http_negotiate_sspi.c | 7 ++++--- lib/url.c | 29 +++++++++++++++++++++++++++++ lib/url.h | 3 +++ lib/urldata.h | 2 ++ 5 files changed, 42 insertions(+), 5 deletions(-) (limited to 'lib') diff --git a/lib/http_negotiate.c b/lib/http_negotiate.c index 21658cf7a..a1baf29c3 100644 --- a/lib/http_negotiate.c +++ b/lib/http_negotiate.c @@ -62,8 +62,10 @@ CURLcode Curl_input_negotiate(struct connectdata *conn, bool proxy, if(!neg_ctx->server_name) { /* Generate our SPN */ - char *spn = Curl_sasl_build_gssapi_spn("HTTP", proxy ? conn->proxy.name : - conn->host.name); + char *spn = Curl_sasl_build_gssapi_spn( + proxy ? data->set.str[STRING_PROXY_SERVICE_NAME] : + data->set.str[STRING_SERVICE_NAME], + proxy ? conn->proxy.name : conn->host.name); if(!spn) return CURLE_OUT_OF_MEMORY; diff --git a/lib/http_negotiate_sspi.c b/lib/http_negotiate_sspi.c index 20f8d643c..2c1075954 100644 --- a/lib/http_negotiate_sspi.c +++ b/lib/http_negotiate_sspi.c @@ -93,9 +93,10 @@ CURLcode Curl_input_negotiate(struct connectdata *conn, bool proxy, return CURLE_BAD_FUNCTION_ARGUMENT; /* Generate our SPN */ - neg_ctx->server_name = Curl_sasl_build_spn("HTTP", - proxy ? conn->proxy.name : - conn->host.name); + neg_ctx->server_name = Curl_sasl_build_spn( + proxy ? data->set.str[STRING_PROXY_SERVICE_NAME] : + data->set.str[STRING_SERVICE_NAME], + proxy ? conn->proxy.name : conn->host.name); if(!neg_ctx->server_name) return CURLE_OUT_OF_MEMORY; } diff --git a/lib/url.c b/lib/url.c index e49d5507a..dfd2ff4c5 100644 --- a/lib/url.c +++ b/lib/url.c @@ -576,6 +576,18 @@ CURLcode Curl_init_userdefined(struct UserDefined *set) (char *) CURL_DEFAULT_SOCKS5_GSSAPI_SERVICE); if(result) return result; + + /* set default negotiate proxy service name */ + result = setstropt(&set->str[STRING_PROXY_SERVICE_NAME], + (char *) CURL_DEFAULT_PROXY_SERVICE_NAME); + if(result) + return result; + + /* set default negotiate service name */ + result = setstropt(&set->str[STRING_SERVICE_NAME], + (char *) CURL_DEFAULT_SERVICE_NAME); + if(result) + return result; #endif /* This is our preferred CA cert bundle/path since install time */ @@ -1472,12 +1484,29 @@ CURLcode Curl_setopt(struct SessionHandle *data, CURLoption option, va_arg(param, char *)); break; + case CURLOPT_PROXY_SERVICE_NAME: + /* + * Set negotiate proxy service name + */ + result = setstropt(&data->set.str[STRING_PROXY_SERVICE_NAME], + va_arg(param, char *)); + break; + case CURLOPT_SOCKS5_GSSAPI_NEC: /* * set flag for nec socks5 support */ data->set.socks5_gssapi_nec = (0 != va_arg(param, long))?TRUE:FALSE; break; + + case CURLOPT_SERVICE_NAME: + /* + * Set negotiate service identity + */ + result = setstropt(&data->set.str[STRING_SERVICE_NAME], + va_arg(param, char *)); + break; + #endif case CURLOPT_HEADERDATA: diff --git a/lib/url.h b/lib/url.h index cd46a92c3..e49b7724d 100644 --- a/lib/url.h +++ b/lib/url.h @@ -69,6 +69,9 @@ void Curl_close_connections(struct SessionHandle *data); #define CURL_DEFAULT_PROXY_PORT 1080 /* default proxy port unless specified */ #define CURL_DEFAULT_SOCKS5_GSSAPI_SERVICE "rcmd" /* default socks5 gssapi service */ +#define CURL_DEFAULT_PROXY_SERVICE_NAME "HTTP" /* default negotiate proxy + service */ +#define CURL_DEFAULT_SERVICE_NAME "HTTP" /* default negotiate service */ CURLcode Curl_connected_proxy(struct connectdata *conn, int sockindex); diff --git a/lib/urldata.h b/lib/urldata.h index b1b1a678e..db8b1e732 100644 --- a/lib/urldata.h +++ b/lib/urldata.h @@ -1389,6 +1389,8 @@ enum dupstring { #endif #if defined(HAVE_GSSAPI) || defined(USE_WINDOWS_SSPI) STRING_SOCKS5_GSSAPI_SERVICE, /* GSSAPI service name */ + STRING_PROXY_SERVICE_NAME, /* Proxy service name */ + STRING_SERVICE_NAME, /* Service name */ #endif STRING_MAIL_FROM, STRING_MAIL_AUTH, -- cgit v1.2.3