All pastes #2929587 Raw Edit

service identity for libcurl

public unlisted text v1 · immutable
#2929587 ·published 2015-02-17 01:59 UTC
rendered paste body
diff --git a/7.36.0/src/curl-7.36.0/include/curl/curl.h b/7.36.0/src/curl-7.36.0/include/curl/curl.h
--- a/7.36.0/src/curl-7.36.0/include/curl/curl.h
+++ b/7.36.0/src/curl-7.36.0/include/curl/curl.h
@@ -1581,6 +1581,8 @@
    * Expect: 100-continue header before sending the data anyway. */
   CINIT(EXPECT_100_TIMEOUT_MS, LONG, 227),
 
+  CINIT(NEGOTIATE_SERVICE_IDENTITY, OBJECTPOINT, 231),
+
   CURLOPT_LASTENTRY /* the last unused */
 } CURLoption;
 
diff --git a/7.36.0/src/curl-7.36.0/lib/http_negotiate.c b/7.36.0/src/curl-7.36.0/lib/http_negotiate.c
--- a/7.36.0/src/curl-7.36.0/lib/http_negotiate.c
+++ b/7.36.0/src/curl-7.36.0/lib/http_negotiate.c
@@ -59,7 +59,11 @@
 #include "memdebug.h"
 
 static int
-get_gss_name(struct connectdata *conn, bool proxy, gss_name_t *server)
+get_gss_name(
+    struct connectdata *conn,
+    bool proxy,
+    const char* service_identity,
+    gss_name_t *server)
 {
   struct negotiatedata *neg_ctx = proxy?&conn->data->state.proxyneg:
     &conn->data->state.negotiate;
@@ -75,7 +79,9 @@
 
   /* IIS uses the <service>@<fqdn> form but uses 'http' as the service name */
 
-  if(neg_ctx->gss)
+  if (service_identity)
+    service = service_identity;
+  else if(neg_ctx->gss)
     service = "KHTTP";
   else
     service = "HTTP";
@@ -175,7 +181,10 @@
   }
 
   if(neg_ctx->server_name == NULL &&
-      (ret = get_gss_name(conn, proxy, &neg_ctx->server_name)))
+      (ret = get_gss_name(conn,
+                          proxy,
+                          data->set.str[STRING_NEGOTIATE_SERVICE_IDENTITY],
+                          &neg_ctx->server_name)))
     return ret;
 
   header += strlen(neg_ctx->protocol);
diff --git a/7.36.0/src/curl-7.36.0/lib/url.c b/7.36.0/src/curl-7.36.0/lib/url.c
--- a/7.36.0/src/curl-7.36.0/lib/url.c
+++ b/7.36.0/src/curl-7.36.0/lib/url.c
@@ -2496,6 +2496,10 @@
   case CURLOPT_SSL_ENABLE_ALPN:
     data->set.ssl_enable_alpn = (0 != va_arg(param, long))?TRUE:FALSE;
     break;
+  case CURLOPT_NEGOTIATE_SERVICE_IDENTITY:
+    result = setstropt(&data->set.str[STRING_NEGOTIATE_SERVICE_IDENTITY],
+                       va_arg(param, char *));
+    break;
 
   default:
     /* unknown tag and its companion, just ignore: */
diff --git a/7.36.0/src/curl-7.36.0/lib/urldata.h b/7.36.0/src/curl-7.36.0/lib/urldata.h
--- a/7.36.0/src/curl-7.36.0/lib/urldata.h
+++ b/7.36.0/src/curl-7.36.0/lib/urldata.h
@@ -1386,6 +1386,7 @@
 #endif
 
   STRING_BEARER,          /* <bearer>, if used */
+  STRING_NEGOTIATE_SERVICE_IDENTITY,  /* Service identity for Negotiate */
 
   /* -- end of strings -- */
   STRING_LAST /* not used, just an end-of-list marker */