Prior to this change, we were generating the SPN in the SSPI code when
the credentials were NULL and in the GSS-API code when the context was
empty. It is better to decouple the SPN generation from these checks
and only generate it when the SPN itself is NULL.
This also brings this part of the Kerberos 5 code in line with the
Negotiate code.
(void) userp;
(void) passwdp;
- if(krb5->context == GSS_C_NO_CONTEXT) {
+ if(!krb5->spn) {
/* Generate our SPN */
char *spn = Curl_auth_build_gssapi_spn(service, host);
if(!spn)
free(spn);
}
- else {
+
+ if(krb5->context != GSS_C_NO_CONTEXT) {
/* Decode the base-64 encoded challenge message */
if(strlen(chlg64) && *chlg64 != '=') {
result = Curl_base64_decode(chlg64, &chlg, &chlglen);
unsigned long attrs;
TimeStamp expiry; /* For Windows 9x compatibility of SSPI calls */
+ if(!krb5->spn) {
+ /* Generate our SPN */
+ krb5->spn = Curl_auth_build_spn(service, host);
+ if(!krb5->spn)
+ return CURLE_OUT_OF_MEMORY;
+ }
+
if(!krb5->credentials) {
/* Query the security package for Kerberos */
status = s_pSecFn->QuerySecurityPackageInfo((TCHAR *)
if(!krb5->output_token)
return CURLE_OUT_OF_MEMORY;
- /* Generate our SPN */
- krb5->spn = Curl_auth_build_spn(service, host);
- if(!krb5->spn)
- return CURLE_OUT_OF_MEMORY;
-
if(userp && *userp) {
/* Populate our identity structure */
result = Curl_create_sspi_identity(userp, passwdp, &krb5->identity);
projects / curl / commitdiff