On 04/01/2015 05:51 AM, Wenlong Dong wrote:
Linus, thanks a lot for making the change! The change overall looks
great to me. I was not able to patch it locally somehow (not sure
whether I have to find the exact commit to sync to) and here are some
minor comments:
*) lib/http_negotiate.c:
/+ char *spn = Curl_sasl_build_gssapi_spn(/
/+ proxy ? "HTTP" : data->set.str[STRING_SERVICE_NAME],/
/+ proxy ? conn->proxy.name <http://proxy.name> : conn->host.name
<http://host.name>);/
*Q1: Could data->set.str[STRING_SERVICE_NAME] be null or is it defaulted
to "http" when it's not set (from lib/url.c)?*
The default should be HTTP, look at CURL_DEFAULT_SERVICE_NAME below.
*Q2: When proxy is true, should you use
data->set.str[STRING_PROXY_SERVICE_NAME] instead of "HTTP"?*
I was a little bit hesitant about that, since PROXY_SERVICE_NAME
defaults to "rcmd" at the moment, since it replaces the
SOCKS5_GSSAPI_SERVICE option. Maybe replacing it wasn't such a good idea
after all.
/+ neg_ctx->server_name =/
/+ Curl_sasl_build_spn(proxy ? "HTTP" :
data->set.str[STRING_SERVICE_NAME],/
/+ proxy ? conn->proxy.name <http://proxy.name>
: conn->host.name <http://host.name>);/
*Q3: Same questions as above.*
*) lib/url.h
/+#define CURL_DEFAULT_SERVICE_NAME "http" /* default negotiate service *//
*Q4: Is the service name case sensitive? If it is, should it be "HTTP"?*
Good catch. It is. Use the attached patch instead. It should be applied
to the latest git master.
Linus
diff --git a/include/curl/curl.h b/include/curl/curl.h
index ae1b0e4..e3b8b5c 100644
--- a/include/curl/curl.h
+++ b/include/curl/curl.h
@@ -1439,7 +1439,7 @@ typedef enum {
/* block size for TFTP transfers */
CINIT(TFTP_BLKSIZE, LONG, 178),
- /* Socks Service */
+ /* Socks Service (deprecated) */
CINIT(SOCKS5_GSSAPI_SERVICE, OBJECTPOINT, 179),
/* Socks Service */
@@ -1632,6 +1632,12 @@ typedef enum {
/* Do not squash dot-dot sequences */
CINIT(PATH_AS_IS, LONG, 234),
+ /* Proxy Service Name */
+ CINIT(PROXY_SERVICE_NAME, OBJECTPOINT, 235),
+
+ /* Service Name */
+ CINIT(SERVICE_NAME, OBJECTPOINT, 236),
+
CURLOPT_LASTENTRY /* the last unused */
} CURLoption;
diff --git a/include/curl/typecheck-gcc.h b/include/curl/typecheck-gcc.h
index 69d41a2..13fb0fa 100644
--- a/include/curl/typecheck-gcc.h
+++ b/include/curl/typecheck-gcc.h
@@ -270,6 +270,8 @@ _CURL_WARNING(_curl_easy_getinfo_err_curl_slist,
(option) == CURLOPT_DNS_LOCAL_IP4 || \
(option) == CURLOPT_DNS_LOCAL_IP6 || \
(option) == CURLOPT_LOGIN_OPTIONS || \
+ (option) == CURLOPT_PROXY_SERVICE_NAME || \
+ (option) == CURLOPT_SERVICE_NAME || \
0)
/* evaluates to true if option takes a curl_write_callback argument */
diff --git a/lib/http_negotiate.c b/lib/http_negotiate.c
index 21658cf..b8bf89f 100644
--- a/lib/http_negotiate.c
+++ b/lib/http_negotiate.c
@@ -62,8 +62,9 @@ CURLcode Curl_input_negotiate(struct connectdata *conn, bool proxy,
if(!neg_ctx->server_name) {
/* Generate our SPN */
- char *spn = Curl_sasl_build_gssapi_spn("HTTP", proxy ? conn->proxy.name :
- conn->host.name);
+ char *spn = Curl_sasl_build_gssapi_spn(
+ proxy ? "HTTP" : data->set.str[STRING_SERVICE_NAME],
+ proxy ? conn->proxy.name : conn->host.name);
if(!spn)
return CURLE_OUT_OF_MEMORY;
diff --git a/lib/http_negotiate_sspi.c b/lib/http_negotiate_sspi.c
index 20f8d64..5347b54 100644
--- a/lib/http_negotiate_sspi.c
+++ b/lib/http_negotiate_sspi.c
@@ -93,9 +93,9 @@ CURLcode Curl_input_negotiate(struct connectdata *conn, bool proxy,
return CURLE_BAD_FUNCTION_ARGUMENT;
/* Generate our SPN */
- neg_ctx->server_name = Curl_sasl_build_spn("HTTP",
- proxy ? conn->proxy.name :
- conn->host.name);
+ neg_ctx->server_name =
+ Curl_sasl_build_spn(proxy ? "HTTP" : data->set.str[STRING_SERVICE_NAME],
+ proxy ? conn->proxy.name : conn->host.name);
if(!neg_ctx->server_name)
return CURLE_OUT_OF_MEMORY;
}
diff --git a/lib/socks_gssapi.c b/lib/socks_gssapi.c
index 8e575c2..43ae4da 100644
--- a/lib/socks_gssapi.c
+++ b/lib/socks_gssapi.c
@@ -120,7 +120,7 @@ CURLcode Curl_SOCKS5_gssapi_negotiate(int sockindex,
unsigned short us_length;
char *user=NULL;
unsigned char socksreq[4]; /* room for GSS-API exchange header only */
- char *serviceptr = data->set.str[STRING_SOCKS5_GSSAPI_SERVICE];
+ char *serviceptr = data->set.str[STRING_PROXY_SERVICE_NAME];
/* GSS-API request looks like
* +----+------+-----+----------------+
diff --git a/lib/socks_sspi.c b/lib/socks_sspi.c
index a7708b2..c9499c9 100644
--- a/lib/socks_sspi.c
+++ b/lib/socks_sspi.c
@@ -83,7 +83,7 @@ CURLcode Curl_SOCKS5_gssapi_negotiate(int sockindex,
unsigned short us_length;
unsigned long qop;
unsigned char socksreq[4]; /* room for GSS-API exchange header only */
- char *service = data->set.str[STRING_SOCKS5_GSSAPI_SERVICE];
+ char *service = data->set.str[STRING_PROXY_SERVICE_NAME];
/* GSS-API request looks like
* +----+------+-----+----------------+
diff --git a/lib/url.c b/lib/url.c
index 018bb88..c640e52 100644
--- a/lib/url.c
+++ b/lib/url.c
@@ -572,8 +572,14 @@ CURLcode Curl_init_userdefined(struct UserDefined *set)
*/
set->socks5_gssapi_nec = FALSE;
/* set default GSS-API service name */
- result = setstropt(&set->str[STRING_SOCKS5_GSSAPI_SERVICE],
- (char *) CURL_DEFAULT_SOCKS5_GSSAPI_SERVICE);
+ result = setstropt(&set->str[STRING_PROXY_SERVICE_NAME],
+ (char *) CURL_DEFAULT_PROXY_SERVICE_NAME);
+ if(result)
+ return result;
+
+ /* set default negotiate service name */
+ result = setstropt(&set->str[STRING_SERVICE_NAME],
+ (char *) CURL_DEFAULT_SERVICE_NAME);
if(result)
return result;
#endif
@@ -1464,11 +1470,12 @@ CURLcode Curl_setopt(struct SessionHandle *data, CURLoption option,
#endif /* CURL_DISABLE_PROXY */
#if defined(HAVE_GSSAPI) || defined(USE_WINDOWS_SSPI)
- case CURLOPT_SOCKS5_GSSAPI_SERVICE:
+ case CURLOPT_SOCKS5_GSSAPI_SERVICE: /* Deprecated */
+ case CURLOPT_PROXY_SERVICE_NAME:
/*
* Set GSS-API service name
*/
- result = setstropt(&data->set.str[STRING_SOCKS5_GSSAPI_SERVICE],
+ result = setstropt(&data->set.str[STRING_PROXY_SERVICE_NAME],
va_arg(param, char *));
break;
@@ -1478,6 +1485,15 @@ CURLcode Curl_setopt(struct SessionHandle *data, CURLoption option,
*/
data->set.socks5_gssapi_nec = (0 != va_arg(param, long))?TRUE:FALSE;
break;
+
+ case CURLOPT_SERVICE_NAME:
+ /*
+ * Set negotiate service identity
+ */
+ result = setstropt(&data->set.str[STRING_SERVICE_NAME],
+ va_arg(param, char *));
+ break;
+
#endif
case CURLOPT_HEADERDATA:
diff --git a/lib/url.h b/lib/url.h
index cd46a92..586151f 100644
--- a/lib/url.h
+++ b/lib/url.h
@@ -67,8 +67,9 @@ void Curl_getoff_all_pipelines(struct SessionHandle *data,
void Curl_close_connections(struct SessionHandle *data);
#define CURL_DEFAULT_PROXY_PORT 1080 /* default proxy port unless specified */
-#define CURL_DEFAULT_SOCKS5_GSSAPI_SERVICE "rcmd" /* default socks5 gssapi
+#define CURL_DEFAULT_PROXY_SERVICE_NAME "rcmd" /* default socks5 gssapi
service */
+#define CURL_DEFAULT_SERVICE_NAME "HTTP" /* default negotiate service */
CURLcode Curl_connected_proxy(struct connectdata *conn, int sockindex);
diff --git a/lib/urldata.h b/lib/urldata.h
index b1b1a67..f155046 100644
--- a/lib/urldata.h
+++ b/lib/urldata.h
@@ -1388,7 +1388,8 @@ enum dupstring {
STRING_SSH_KNOWNHOSTS, /* file name of knownhosts file */
#endif
#if defined(HAVE_GSSAPI) || defined(USE_WINDOWS_SSPI)
- STRING_SOCKS5_GSSAPI_SERVICE, /* GSSAPI service name */
+ STRING_PROXY_SERVICE_NAME, /* Proxy service name */
+ STRING_SERVICE_NAME, /* Service name */
#endif
STRING_MAIL_FROM,
STRING_MAIL_AUTH,
diff --git a/packages/OS400/ccsidcurl.c b/packages/OS400/ccsidcurl.c
index 8ac6ed3..ca3b0f1 100644
--- a/packages/OS400/ccsidcurl.c
+++ b/packages/OS400/ccsidcurl.c
@@ -1180,6 +1180,8 @@ curl_easy_setopt_ccsid(CURL * curl, CURLoption tag, ...)
case CURLOPT_USERNAME:
case CURLOPT_USERPWD:
case CURLOPT_XOAUTH2_BEARER:
+ case CURLOPT_PROXY_SERVICE_NAME:
+ case CURLOPT_SERVICE_NAME:
s = va_arg(arg, char *);
ccsid = va_arg(arg, unsigned int);
diff --git a/src/tool_cfgable.c b/src/tool_cfgable.c
index c78c896..3051442 100644
--- a/src/tool_cfgable.c
+++ b/src/tool_cfgable.c
@@ -135,7 +135,8 @@ static void free_config_fields(struct OperationConfig *config)
curl_slist_free_all(config->resolve);
Curl_safefree(config->socksproxy);
- Curl_safefree(config->socks5_gssapi_service);
+ Curl_safefree(config->proxy_service_name);
+ Curl_safefree(config->service_name);
Curl_safefree(config->ftp_account);
Curl_safefree(config->ftp_alternative_to_user);
diff --git a/src/tool_cfgable.h b/src/tool_cfgable.h
index d1f2238..5d9c89e 100644
--- a/src/tool_cfgable.h
+++ b/src/tool_cfgable.h
@@ -164,10 +164,12 @@ struct OperationConfig {
char *socksproxy; /* set to server string */
int socksver; /* set to CURLPROXY_SOCKS* define */
- char *socks5_gssapi_service; /* set service name for gssapi principal
- * default rcmd */
+ char *proxy_service_name; /* set service name for gssapi principal
+ * default rcmd */
int socks5_gssapi_nec ; /* The NEC reference server does not protect
* the encryption type exchange */
+ char *service_name; /* set negotiation service name
+ * default http */
bool tcp_nodelay;
long req_retry; /* number of retries */
diff --git a/src/tool_getparam.c b/src/tool_getparam.c
index 7f68b28..0ddac4b 100644
--- a/src/tool_getparam.c
+++ b/src/tool_getparam.c
@@ -161,6 +161,8 @@ static const struct LongShort aliases[]= {
#if defined(HAVE_GSSAPI) || defined(USE_WINDOWS_SSPI)
{"$6", "socks5-gssapi-service", TRUE},
{"$7", "socks5-gssapi-nec", FALSE},
+ {"$O", "proxy-service-name", TRUE},
+ {"$P", "service-name", TRUE},
#endif
{"$8", "proxy1.0", TRUE},
{"$9", "tftp-blksize", TRUE},
@@ -896,12 +898,18 @@ ParameterError getparameter(char *flag, /* f or -long-flag */
GetStr(&config->noproxy, nextarg);
break;
#if defined(HAVE_GSSAPI) || defined(USE_WINDOWS_SSPI)
- case '6': /* --socks5-gssapi-service */
- GetStr(&config->socks5_gssapi_service, nextarg);
+ case '6': /* --socks5-gssapi-service (deprecated) */
+ GetStr(&config->proxy_service_name, nextarg);
break;
case '7': /* --socks5-gssapi-nec*/
config->socks5_gssapi_nec = toggle;
break;
+ case 'O': /* --proxy-service-name */
+ GetStr(&config->proxy_service_name, nextarg);
+ break;
+ case 'P': /* --service-name */
+ GetStr(&config->service_name, nextarg);
+ break;
#endif
case '8': /* --proxy1.0 */
/* http 1.0 proxy */
diff --git a/src/tool_operate.c b/src/tool_operate.c
index 01a61f9..da21c04 100644
--- a/src/tool_operate.c
+++ b/src/tool_operate.c
@@ -1209,14 +1209,20 @@ static CURLcode operate_do(struct GlobalConfig *global,
/* TODO: Make this a run-time check instead of compile-time one. */
/* new in curl 7.19.4 */
- if(config->socks5_gssapi_service)
- my_setopt_str(curl, CURLOPT_SOCKS5_GSSAPI_SERVICE,
- config->socks5_gssapi_service);
-
- /* new in curl 7.19.4 */
if(config->socks5_gssapi_nec)
my_setopt_str(curl, CURLOPT_SOCKS5_GSSAPI_NEC,
config->socks5_gssapi_nec);
+
+ /* new in curl 7.41.0 (replaces socks5_gssapi_service) */
+ if(config->proxy_service_name)
+ my_setopt_str(curl, CURLOPT_PROXY_SERVICE_NAME,
+ config->proxy_service_name);
+
+ /* new in curl 7.41.0 */
+ if(config->service_name)
+ my_setopt_str(curl, CURLOPT_SERVICE_NAME,
+ config->service_name);
+
}
#endif
/* curl 7.13.0 */
-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette: http://curl.haxx.se/mail/etiquette.html
