From: Steve Holme <steve_holme@hotmail.com>
Date: Sun, 3 Apr 2016 19:26:03 +0000 (+0100)
Subject: vauth: Removed the need for a separate GSS-API based SPN function
X-Git-Tag: curl-7_49_0~215
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=9feb2676a4e153eef7f5536f940678af2df2cf9e;p=thirdparty%2Fcurl.git

vauth: Removed the need for a separate GSS-API based SPN function
---

diff --git a/lib/vauth/digest.c b/lib/vauth/digest.c
index 4a5fc4c65d..d22b3d1c48 100644
--- a/lib/vauth/digest.c
+++ b/lib/vauth/digest.c
@@ -415,7 +415,7 @@ CURLcode Curl_auth_create_digest_md5_message(struct SessionHandle *data,
     snprintf(&HA1_hex[2 * i], 3, "%02x", digest[i]);
 
   /* Generate our SPN */
-  spn = Curl_auth_build_spn(service, realm);
+  spn = Curl_auth_build_spn(service, realm, NULL);
   if(!spn)
     return CURLE_OUT_OF_MEMORY;
 
diff --git a/lib/vauth/digest_sspi.c b/lib/vauth/digest_sspi.c
index a882534f0f..c7ba72edda 100644
--- a/lib/vauth/digest_sspi.c
+++ b/lib/vauth/digest_sspi.c
@@ -125,7 +125,7 @@ CURLcode Curl_auth_create_digest_md5_message(struct SessionHandle *data,
   }
 
   /* Generate our SPN */
-  spn = Curl_auth_build_spn(service, data->easy_conn->host.name);
+  spn = Curl_auth_build_spn(service, data->easy_conn->host.name, NULL);
   if(!spn) {
     free(output_token);
     free(input_token);
diff --git a/lib/vauth/krb5_gssapi.c b/lib/vauth/krb5_gssapi.c
index 8e1ea827b7..29252b038b 100644
--- a/lib/vauth/krb5_gssapi.c
+++ b/lib/vauth/krb5_gssapi.c
@@ -90,7 +90,7 @@ CURLcode Curl_auth_create_gssapi_user_message(struct SessionHandle *data,
 
   if(!krb5->spn) {
     /* Generate our SPN */
-    char *spn = Curl_auth_build_gssapi_spn(service, host);
+    char *spn = Curl_auth_build_spn(service, NULL, host);
     if(!spn)
       return CURLE_OUT_OF_MEMORY;
 
diff --git a/lib/vauth/krb5_sspi.c b/lib/vauth/krb5_sspi.c
index 8ba2662225..0bc3a16f69 100644
--- a/lib/vauth/krb5_sspi.c
+++ b/lib/vauth/krb5_sspi.c
@@ -87,7 +87,7 @@ CURLcode Curl_auth_create_gssapi_user_message(struct SessionHandle *data,
 
   if(!krb5->spn) {
     /* Generate our SPN */
-    krb5->spn = Curl_auth_build_spn(service, host);
+    krb5->spn = Curl_auth_build_spn(service, host, NULL);
     if(!krb5->spn)
       return CURLE_OUT_OF_MEMORY;
   }
diff --git a/lib/vauth/spnego_gssapi.c b/lib/vauth/spnego_gssapi.c
index fd9a0ef7af..305476072b 100644
--- a/lib/vauth/spnego_gssapi.c
+++ b/lib/vauth/spnego_gssapi.c
@@ -89,7 +89,7 @@ CURLcode Curl_auth_decode_spnego_message(struct SessionHandle *data,
 
   if(!nego->spn) {
     /* Generate our SPN */
-    char *spn = Curl_auth_build_gssapi_spn(service, host);
+    char *spn = Curl_auth_build_spn(service, NULL, host);
     if(!spn)
       return CURLE_OUT_OF_MEMORY;
 
diff --git a/lib/vauth/spnego_sspi.c b/lib/vauth/spnego_sspi.c
index 3dc5ccaebb..3530ef3203 100644
--- a/lib/vauth/spnego_sspi.c
+++ b/lib/vauth/spnego_sspi.c
@@ -90,7 +90,7 @@ CURLcode Curl_auth_decode_spnego_message(struct SessionHandle *data,
 
   if(!nego->spn) {
     /* Generate our SPN */
-    nego->spn = Curl_auth_build_spn(service, host);
+    nego->spn = Curl_auth_build_spn(service, host, NULL);
     if(!nego->spn)
       return CURLE_OUT_OF_MEMORY;
   }
diff --git a/lib/vauth/vauth.c b/lib/vauth/vauth.c
index 7ed60b11d5..c74005fc22 100644
--- a/lib/vauth/vauth.c
+++ b/lib/vauth/vauth.c
@@ -35,27 +35,46 @@
 /*
  * Curl_auth_build_spn()
  *
- * This is used to build a SPN string in the format service/instance.
+ * This is used to build a SPN string in the following formats:
+ *
+ * service/host@realm (Not currently used)
+ * service/host       (Not used by GSS-API)
+ * service@realm      (Not used by Windows SSPI)
  *
  * Parameters:
  *
  * service  [in] - The service type such as www, smtp, pop or imap.
- * instance [in] - The host name or realm.
+ * host     [in] - The host name.
+ * realm    [in] - The realm.
  *
  * Returns a pointer to the newly allocated SPN.
  */
 #if !defined(USE_WINDOWS_SSPI)
-char *Curl_auth_build_spn(const char *service, const char *instance)
+char *Curl_auth_build_spn(const char *service, const char *host,
+                          const char *realm)
 {
-  /* Generate and return our SPN */
-  return aprintf("%s/%s", service, instance);
+  char *spn = NULL;
+
+  /* Generate our SPN */
+  if(host && realm)
+    spn = aprintf("%s/%s@%s", service, host, realm);
+  else if(host)
+    spn = aprintf("%s/%s", service, host);
+  else if(realm)
+    spn = aprintf("%s@%s", service, realm);
+
+  /* Return our newly allocated SPN */
+  return spn;
 }
 #else
-TCHAR *Curl_auth_build_spn(const char *service, const char *instance)
+TCHAR *Curl_auth_build_spn(const char *service, const char *host,
+                           const char *realm)
 {
   char *utf8_spn = NULL;
   TCHAR *tchar_spn = NULL;
 
+  (void) realm;
+
   /* Note: We could use DsMakeSPN() or DsClientMakeSpnForTargetServer() rather
      than doing this ourselves but the first is only available in Windows XP
      and Windows Server 2003 and the latter is only available in Windows 2000
@@ -63,8 +82,8 @@ TCHAR *Curl_auth_build_spn(const char *service, const char *instance)
      Client Extensions are installed. As such it is far simpler for us to
      formulate the SPN instead. */
 
-  /* Allocate our UTF8 based SPN */
-  utf8_spn = aprintf("%s/%s", service, instance);
+  /* Generate our UTF8 based SPN */
+  utf8_spn = aprintf("%s/%s", service, host);
   if(!utf8_spn) {
     return NULL;
   }
@@ -85,22 +104,3 @@ TCHAR *Curl_auth_build_spn(const char *service, const char *instance)
 }
 #endif /* USE_WINDOWS_SSPI */
 
-#if defined(HAVE_GSSAPI)
-/*
- * Curl_auth_build_gssapi_spn()
- *
- * This is used to build a SPN string in the format service@instance.
- *
- * Parameters:
- *
- * service  [in] - The service type such as www, smtp, pop or imap.
- * instance [in] - The host name or realm.
- *
- * Returns a pointer to the newly allocated SPN.
- */
-char *Curl_auth_build_gssapi_spn(const char *service, const char *instance)
-{
-  /* Generate and return our SPN */
-  return aprintf("%s@%s", service, instance);
-}
-#endif /* HAVE_GSSAPI */
diff --git a/lib/vauth/vauth.h b/lib/vauth/vauth.h
index 0047b3cf77..d3900fbc19 100644
--- a/lib/vauth/vauth.h
+++ b/lib/vauth/vauth.h
@@ -48,13 +48,11 @@ struct negotiatedata;
 
 /* This is used to build a SPN string */
 #if !defined(USE_WINDOWS_SSPI)
-char *Curl_auth_build_spn(const char *service, const char *instance);
+char *Curl_auth_build_spn(const char *service, const char *host,
+                          const char *realm);
 #else
-TCHAR *Curl_auth_build_spn(const char *service, const char *instance);
-#endif
-
-#if defined(HAVE_GSSAPI)
-char *Curl_auth_build_gssapi_spn(const char *service, const char *instance);
+TCHAR *Curl_auth_build_spn(const char *service, const char *host,
+                           const char *realm);
 #endif
 
 /* This is used to generate a base64 encoded PLAIN cleartext message */