vauth: Removed the need for a separate GSS-API based SPN function

2024-11-21 01:16:58 +08:00 · 2016-04-03 20:26:03 +01:00 · 2016-04-03 20:26:03 +01:00 · 9feb2676a4
commit 9feb2676a4
parent e655ae0c80
8 changed files with 37 additions and 39 deletions
--- a/lib/vauth/digest.c
+++ b/lib/vauth/digest.c
@ -415,7 +415,7 @@ CURLcode Curl_auth_create_digest_md5_message(struct SessionHandle *data,
    snprintf(&HA1_hex[2 * i], 3, "%02x", digest[i]);

  /* Generate our SPN */
-  spn = Curl_auth_build_spn(service, realm);
+  spn = Curl_auth_build_spn(service, realm, NULL);
  if(!spn)
    return CURLE_OUT_OF_MEMORY;

--- a/lib/vauth/digest_sspi.c
+++ b/lib/vauth/digest_sspi.c
@ -125,7 +125,7 @@ CURLcode Curl_auth_create_digest_md5_message(struct SessionHandle *data,
  }

  /* Generate our SPN */
-  spn = Curl_auth_build_spn(service, data->easy_conn->host.name);
+  spn = Curl_auth_build_spn(service, data->easy_conn->host.name, NULL);
  if(!spn) {
    free(output_token);
    free(input_token);
--- a/lib/vauth/krb5_gssapi.c
+++ b/lib/vauth/krb5_gssapi.c
@ -90,7 +90,7 @@ CURLcode Curl_auth_create_gssapi_user_message(struct SessionHandle *data,

  if(!krb5->spn) {
    /* Generate our SPN */
-    char *spn = Curl_auth_build_gssapi_spn(service, host);
+    char *spn = Curl_auth_build_spn(service, NULL, host);
    if(!spn)
      return CURLE_OUT_OF_MEMORY;

--- a/lib/vauth/krb5_sspi.c
+++ b/lib/vauth/krb5_sspi.c
@ -87,7 +87,7 @@ CURLcode Curl_auth_create_gssapi_user_message(struct SessionHandle *data,

  if(!krb5->spn) {
    /* Generate our SPN */
-    krb5->spn = Curl_auth_build_spn(service, host);
+    krb5->spn = Curl_auth_build_spn(service, host, NULL);
    if(!krb5->spn)
      return CURLE_OUT_OF_MEMORY;
  }
--- a/lib/vauth/spnego_gssapi.c
+++ b/lib/vauth/spnego_gssapi.c
@ -89,7 +89,7 @@ CURLcode Curl_auth_decode_spnego_message(struct SessionHandle *data,

  if(!nego->spn) {
    /* Generate our SPN */
-    char *spn = Curl_auth_build_gssapi_spn(service, host);
+    char *spn = Curl_auth_build_spn(service, NULL, host);
    if(!spn)
      return CURLE_OUT_OF_MEMORY;

--- a/lib/vauth/spnego_sspi.c
+++ b/lib/vauth/spnego_sspi.c
@ -90,7 +90,7 @@ CURLcode Curl_auth_decode_spnego_message(struct SessionHandle *data,

  if(!nego->spn) {
    /* Generate our SPN */
-    nego->spn = Curl_auth_build_spn(service, host);
+    nego->spn = Curl_auth_build_spn(service, host, NULL);
    if(!nego->spn)
      return CURLE_OUT_OF_MEMORY;
  }
--- a/lib/vauth/vauth.c
+++ b/lib/vauth/vauth.c
@ -35,27 +35,46 @@
 /*
 * Curl_auth_build_spn()
 *
- * This is used to build a SPN string in the format service/instance.
+ * This is used to build a SPN string in the following formats:
+ *
+ * service/host@realm (Not currently used)
+ * service/host       (Not used by GSS-API)
+ * service@realm      (Not used by Windows SSPI)
 *
 * Parameters:
 *
 * service  [in] - The service type such as www, smtp, pop or imap.
- * instance [in] - The host name or realm.
+ * host     [in] - The host name.
+ * realm    [in] - The realm.
 *
 * Returns a pointer to the newly allocated SPN.
 */
 #if !defined(USE_WINDOWS_SSPI)
-char *Curl_auth_build_spn(const char *service, const char *instance)
+char *Curl_auth_build_spn(const char *service, const char *host,
+                          const char *realm)
 {
-  /* Generate and return our SPN */
-  return aprintf("%s/%s", service, instance);
+  char *spn = NULL;
+
+  /* Generate our SPN */
+  if(host && realm)
+    spn = aprintf("%s/%s@%s", service, host, realm);
+  else if(host)
+    spn = aprintf("%s/%s", service, host);
+  else if(realm)
+    spn = aprintf("%s@%s", service, realm);
+
+  /* Return our newly allocated SPN */
+  return spn;
 }
 #else
-TCHAR *Curl_auth_build_spn(const char *service, const char *instance)
+TCHAR *Curl_auth_build_spn(const char *service, const char *host,
+                           const char *realm)
 {
  char *utf8_spn = NULL;
  TCHAR *tchar_spn = NULL;

+  (void) realm;
+
  /* Note: We could use DsMakeSPN() or DsClientMakeSpnForTargetServer() rather
     than doing this ourselves but the first is only available in Windows XP
     and Windows Server 2003 and the latter is only available in Windows 2000
@ -63,8 +82,8 @@ TCHAR *Curl_auth_build_spn(const char *service, const char *instance)
     Client Extensions are installed. As such it is far simpler for us to
     formulate the SPN instead. */

-  /* Allocate our UTF8 based SPN */
-  utf8_spn = aprintf("%s/%s", service, instance);
+  /* Generate our UTF8 based SPN */
+  utf8_spn = aprintf("%s/%s", service, host);
  if(!utf8_spn) {
    return NULL;
  }
@ -85,22 +104,3 @@ TCHAR *Curl_auth_build_spn(const char *service, const char *instance)
 }
 #endif /* USE_WINDOWS_SSPI */

-#if defined(HAVE_GSSAPI)
-/*
- * Curl_auth_build_gssapi_spn()
- *
- * This is used to build a SPN string in the format service@instance.
- *
- * Parameters:
- *
- * service  [in] - The service type such as www, smtp, pop or imap.
- * instance [in] - The host name or realm.
- *
- * Returns a pointer to the newly allocated SPN.
- */
-char *Curl_auth_build_gssapi_spn(const char *service, const char *instance)
-{
-  /* Generate and return our SPN */
-  return aprintf("%s@%s", service, instance);
-}
-#endif /* HAVE_GSSAPI */
--- a/lib/vauth/vauth.h
+++ b/lib/vauth/vauth.h
@ -48,13 +48,11 @@ struct negotiatedata;

 /* This is used to build a SPN string */
 #if !defined(USE_WINDOWS_SSPI)
-char *Curl_auth_build_spn(const char *service, const char *instance);
+char *Curl_auth_build_spn(const char *service, const char *host,
+                          const char *realm);
 #else
-TCHAR *Curl_auth_build_spn(const char *service, const char *instance);
-#endif
-
-#if defined(HAVE_GSSAPI)
-char *Curl_auth_build_gssapi_spn(const char *service, const char *instance);
+TCHAR *Curl_auth_build_spn(const char *service, const char *host,
+                           const char *realm);
 #endif

 /* This is used to generate a base64 encoded PLAIN cleartext message */