From 9feb2676a4e153eef7f5536f940678af2df2cf9e Mon Sep 17 00:00:00 2001 From: Steve Holme Date: Sun, 3 Apr 2016 20:26:03 +0100 Subject: [PATCH] vauth: Removed the need for a separate GSS-API based SPN function --- lib/vauth/digest.c | 2 +- lib/vauth/digest_sspi.c | 2 +- lib/vauth/krb5_gssapi.c | 2 +- lib/vauth/krb5_sspi.c | 2 +- lib/vauth/spnego_gssapi.c | 2 +- lib/vauth/spnego_sspi.c | 2 +- lib/vauth/vauth.c | 54 +++++++++++++++++++-------------------- lib/vauth/vauth.h | 10 +++----- 8 files changed, 37 insertions(+), 39 deletions(-) diff --git a/lib/vauth/digest.c b/lib/vauth/digest.c index 4a5fc4c65..d22b3d1c4 100644 --- a/lib/vauth/digest.c +++ b/lib/vauth/digest.c @@ -415,7 +415,7 @@ CURLcode Curl_auth_create_digest_md5_message(struct SessionHandle *data, snprintf(&HA1_hex[2 * i], 3, "%02x", digest[i]); /* Generate our SPN */ - spn = Curl_auth_build_spn(service, realm); + spn = Curl_auth_build_spn(service, realm, NULL); if(!spn) return CURLE_OUT_OF_MEMORY; diff --git a/lib/vauth/digest_sspi.c b/lib/vauth/digest_sspi.c index a882534f0..c7ba72edd 100644 --- a/lib/vauth/digest_sspi.c +++ b/lib/vauth/digest_sspi.c @@ -125,7 +125,7 @@ CURLcode Curl_auth_create_digest_md5_message(struct SessionHandle *data, } /* Generate our SPN */ - spn = Curl_auth_build_spn(service, data->easy_conn->host.name); + spn = Curl_auth_build_spn(service, data->easy_conn->host.name, NULL); if(!spn) { free(output_token); free(input_token); diff --git a/lib/vauth/krb5_gssapi.c b/lib/vauth/krb5_gssapi.c index 8e1ea827b..29252b038 100644 --- a/lib/vauth/krb5_gssapi.c +++ b/lib/vauth/krb5_gssapi.c @@ -90,7 +90,7 @@ CURLcode Curl_auth_create_gssapi_user_message(struct SessionHandle *data, if(!krb5->spn) { /* Generate our SPN */ - char *spn = Curl_auth_build_gssapi_spn(service, host); + char *spn = Curl_auth_build_spn(service, NULL, host); if(!spn) return CURLE_OUT_OF_MEMORY; diff --git a/lib/vauth/krb5_sspi.c b/lib/vauth/krb5_sspi.c index 8ba266222..0bc3a16f6 100644 --- a/lib/vauth/krb5_sspi.c +++ b/lib/vauth/krb5_sspi.c @@ -87,7 +87,7 @@ CURLcode Curl_auth_create_gssapi_user_message(struct SessionHandle *data, if(!krb5->spn) { /* Generate our SPN */ - krb5->spn = Curl_auth_build_spn(service, host); + krb5->spn = Curl_auth_build_spn(service, host, NULL); if(!krb5->spn) return CURLE_OUT_OF_MEMORY; } diff --git a/lib/vauth/spnego_gssapi.c b/lib/vauth/spnego_gssapi.c index fd9a0ef7a..305476072 100644 --- a/lib/vauth/spnego_gssapi.c +++ b/lib/vauth/spnego_gssapi.c @@ -89,7 +89,7 @@ CURLcode Curl_auth_decode_spnego_message(struct SessionHandle *data, if(!nego->spn) { /* Generate our SPN */ - char *spn = Curl_auth_build_gssapi_spn(service, host); + char *spn = Curl_auth_build_spn(service, NULL, host); if(!spn) return CURLE_OUT_OF_MEMORY; diff --git a/lib/vauth/spnego_sspi.c b/lib/vauth/spnego_sspi.c index 3dc5ccaeb..3530ef320 100644 --- a/lib/vauth/spnego_sspi.c +++ b/lib/vauth/spnego_sspi.c @@ -90,7 +90,7 @@ CURLcode Curl_auth_decode_spnego_message(struct SessionHandle *data, if(!nego->spn) { /* Generate our SPN */ - nego->spn = Curl_auth_build_spn(service, host); + nego->spn = Curl_auth_build_spn(service, host, NULL); if(!nego->spn) return CURLE_OUT_OF_MEMORY; } diff --git a/lib/vauth/vauth.c b/lib/vauth/vauth.c index 7ed60b11d..c74005fc2 100644 --- a/lib/vauth/vauth.c +++ b/lib/vauth/vauth.c @@ -35,27 +35,46 @@ /* * Curl_auth_build_spn() * - * This is used to build a SPN string in the format service/instance. + * This is used to build a SPN string in the following formats: + * + * service/host@realm (Not currently used) + * service/host (Not used by GSS-API) + * service@realm (Not used by Windows SSPI) * * Parameters: * * service [in] - The service type such as www, smtp, pop or imap. - * instance [in] - The host name or realm. + * host [in] - The host name. + * realm [in] - The realm. * * Returns a pointer to the newly allocated SPN. */ #if !defined(USE_WINDOWS_SSPI) -char *Curl_auth_build_spn(const char *service, const char *instance) +char *Curl_auth_build_spn(const char *service, const char *host, + const char *realm) { - /* Generate and return our SPN */ - return aprintf("%s/%s", service, instance); + char *spn = NULL; + + /* Generate our SPN */ + if(host && realm) + spn = aprintf("%s/%s@%s", service, host, realm); + else if(host) + spn = aprintf("%s/%s", service, host); + else if(realm) + spn = aprintf("%s@%s", service, realm); + + /* Return our newly allocated SPN */ + return spn; } #else -TCHAR *Curl_auth_build_spn(const char *service, const char *instance) +TCHAR *Curl_auth_build_spn(const char *service, const char *host, + const char *realm) { char *utf8_spn = NULL; TCHAR *tchar_spn = NULL; + (void) realm; + /* Note: We could use DsMakeSPN() or DsClientMakeSpnForTargetServer() rather than doing this ourselves but the first is only available in Windows XP and Windows Server 2003 and the latter is only available in Windows 2000 @@ -63,8 +82,8 @@ TCHAR *Curl_auth_build_spn(const char *service, const char *instance) Client Extensions are installed. As such it is far simpler for us to formulate the SPN instead. */ - /* Allocate our UTF8 based SPN */ - utf8_spn = aprintf("%s/%s", service, instance); + /* Generate our UTF8 based SPN */ + utf8_spn = aprintf("%s/%s", service, host); if(!utf8_spn) { return NULL; } @@ -85,22 +104,3 @@ TCHAR *Curl_auth_build_spn(const char *service, const char *instance) } #endif /* USE_WINDOWS_SSPI */ -#if defined(HAVE_GSSAPI) -/* - * Curl_auth_build_gssapi_spn() - * - * This is used to build a SPN string in the format service@instance. - * - * Parameters: - * - * service [in] - The service type such as www, smtp, pop or imap. - * instance [in] - The host name or realm. - * - * Returns a pointer to the newly allocated SPN. - */ -char *Curl_auth_build_gssapi_spn(const char *service, const char *instance) -{ - /* Generate and return our SPN */ - return aprintf("%s@%s", service, instance); -} -#endif /* HAVE_GSSAPI */ diff --git a/lib/vauth/vauth.h b/lib/vauth/vauth.h index 0047b3cf7..d3900fbc1 100644 --- a/lib/vauth/vauth.h +++ b/lib/vauth/vauth.h @@ -48,13 +48,11 @@ struct negotiatedata; /* This is used to build a SPN string */ #if !defined(USE_WINDOWS_SSPI) -char *Curl_auth_build_spn(const char *service, const char *instance); +char *Curl_auth_build_spn(const char *service, const char *host, + const char *realm); #else -TCHAR *Curl_auth_build_spn(const char *service, const char *instance); -#endif - -#if defined(HAVE_GSSAPI) -char *Curl_auth_build_gssapi_spn(const char *service, const char *instance); +TCHAR *Curl_auth_build_spn(const char *service, const char *host, + const char *realm); #endif /* This is used to generate a base64 encoded PLAIN cleartext message */ -- 2.40.0