diff --git a/lib/vauth/digest.c b/lib/vauth/digest.c index 4a5fc4c65d25e4..d22b3d1c486fee 100644 --- a/lib/vauth/digest.c +++ b/lib/vauth/digest.c @@ -415,7 +415,7 @@ CURLcode Curl_auth_create_digest_md5_message(struct SessionHandle *data, snprintf(&HA1_hex[2 * i], 3, "%02x", digest[i]); /* Generate our SPN */ - spn = Curl_auth_build_spn(service, realm); + spn = Curl_auth_build_spn(service, realm, NULL); if(!spn) return CURLE_OUT_OF_MEMORY; diff --git a/lib/vauth/digest_sspi.c b/lib/vauth/digest_sspi.c index a882534f0fcbff..c7ba72eddac2c3 100644 --- a/lib/vauth/digest_sspi.c +++ b/lib/vauth/digest_sspi.c @@ -125,7 +125,7 @@ CURLcode Curl_auth_create_digest_md5_message(struct SessionHandle *data, } /* Generate our SPN */ - spn = Curl_auth_build_spn(service, data->easy_conn->host.name); + spn = Curl_auth_build_spn(service, data->easy_conn->host.name, NULL); if(!spn) { free(output_token); free(input_token); diff --git a/lib/vauth/krb5_gssapi.c b/lib/vauth/krb5_gssapi.c index 8e1ea827b78f1f..29252b038b5fd8 100644 --- a/lib/vauth/krb5_gssapi.c +++ b/lib/vauth/krb5_gssapi.c @@ -90,7 +90,7 @@ CURLcode Curl_auth_create_gssapi_user_message(struct SessionHandle *data, if(!krb5->spn) { /* Generate our SPN */ - char *spn = Curl_auth_build_gssapi_spn(service, host); + char *spn = Curl_auth_build_spn(service, NULL, host); if(!spn) return CURLE_OUT_OF_MEMORY; diff --git a/lib/vauth/krb5_sspi.c b/lib/vauth/krb5_sspi.c index 8ba2662225a5db..0bc3a16f694f51 100644 --- a/lib/vauth/krb5_sspi.c +++ b/lib/vauth/krb5_sspi.c @@ -87,7 +87,7 @@ CURLcode Curl_auth_create_gssapi_user_message(struct SessionHandle *data, if(!krb5->spn) { /* Generate our SPN */ - krb5->spn = Curl_auth_build_spn(service, host); + krb5->spn = Curl_auth_build_spn(service, host, NULL); if(!krb5->spn) return CURLE_OUT_OF_MEMORY; } diff --git a/lib/vauth/spnego_gssapi.c b/lib/vauth/spnego_gssapi.c index fd9a0ef7af206a..305476072b69ea 100644 --- a/lib/vauth/spnego_gssapi.c +++ b/lib/vauth/spnego_gssapi.c @@ -89,7 +89,7 @@ CURLcode Curl_auth_decode_spnego_message(struct SessionHandle *data, if(!nego->spn) { /* Generate our SPN */ - char *spn = Curl_auth_build_gssapi_spn(service, host); + char *spn = Curl_auth_build_spn(service, NULL, host); if(!spn) return CURLE_OUT_OF_MEMORY; diff --git a/lib/vauth/spnego_sspi.c b/lib/vauth/spnego_sspi.c index 3dc5ccaebb3914..3530ef32033b68 100644 --- a/lib/vauth/spnego_sspi.c +++ b/lib/vauth/spnego_sspi.c @@ -90,7 +90,7 @@ CURLcode Curl_auth_decode_spnego_message(struct SessionHandle *data, if(!nego->spn) { /* Generate our SPN */ - nego->spn = Curl_auth_build_spn(service, host); + nego->spn = Curl_auth_build_spn(service, host, NULL); if(!nego->spn) return CURLE_OUT_OF_MEMORY; } diff --git a/lib/vauth/vauth.c b/lib/vauth/vauth.c index 7ed60b11d5516e..c74005fc22671c 100644 --- a/lib/vauth/vauth.c +++ b/lib/vauth/vauth.c @@ -35,27 +35,46 @@ /* * Curl_auth_build_spn() * - * This is used to build a SPN string in the format service/instance. + * This is used to build a SPN string in the following formats: + * + * service/host@realm (Not currently used) + * service/host (Not used by GSS-API) + * service@realm (Not used by Windows SSPI) * * Parameters: * * service [in] - The service type such as www, smtp, pop or imap. - * instance [in] - The host name or realm. + * host [in] - The host name. + * realm [in] - The realm. * * Returns a pointer to the newly allocated SPN. */ #if !defined(USE_WINDOWS_SSPI) -char *Curl_auth_build_spn(const char *service, const char *instance) +char *Curl_auth_build_spn(const char *service, const char *host, + const char *realm) { - /* Generate and return our SPN */ - return aprintf("%s/%s", service, instance); + char *spn = NULL; + + /* Generate our SPN */ + if(host && realm) + spn = aprintf("%s/%s@%s", service, host, realm); + else if(host) + spn = aprintf("%s/%s", service, host); + else if(realm) + spn = aprintf("%s@%s", service, realm); + + /* Return our newly allocated SPN */ + return spn; } #else -TCHAR *Curl_auth_build_spn(const char *service, const char *instance) +TCHAR *Curl_auth_build_spn(const char *service, const char *host, + const char *realm) { char *utf8_spn = NULL; TCHAR *tchar_spn = NULL; + (void) realm; + /* Note: We could use DsMakeSPN() or DsClientMakeSpnForTargetServer() rather than doing this ourselves but the first is only available in Windows XP and Windows Server 2003 and the latter is only available in Windows 2000 @@ -63,8 +82,8 @@ TCHAR *Curl_auth_build_spn(const char *service, const char *instance) Client Extensions are installed. As such it is far simpler for us to formulate the SPN instead. */ - /* Allocate our UTF8 based SPN */ - utf8_spn = aprintf("%s/%s", service, instance); + /* Generate our UTF8 based SPN */ + utf8_spn = aprintf("%s/%s", service, host); if(!utf8_spn) { return NULL; } @@ -85,22 +104,3 @@ TCHAR *Curl_auth_build_spn(const char *service, const char *instance) } #endif /* USE_WINDOWS_SSPI */ -#if defined(HAVE_GSSAPI) -/* - * Curl_auth_build_gssapi_spn() - * - * This is used to build a SPN string in the format service@instance. - * - * Parameters: - * - * service [in] - The service type such as www, smtp, pop or imap. - * instance [in] - The host name or realm. - * - * Returns a pointer to the newly allocated SPN. - */ -char *Curl_auth_build_gssapi_spn(const char *service, const char *instance) -{ - /* Generate and return our SPN */ - return aprintf("%s@%s", service, instance); -} -#endif /* HAVE_GSSAPI */ diff --git a/lib/vauth/vauth.h b/lib/vauth/vauth.h index 0047b3cf77a445..d3900fbc19e6c9 100644 --- a/lib/vauth/vauth.h +++ b/lib/vauth/vauth.h @@ -48,13 +48,11 @@ struct negotiatedata; /* This is used to build a SPN string */ #if !defined(USE_WINDOWS_SSPI) -char *Curl_auth_build_spn(const char *service, const char *instance); +char *Curl_auth_build_spn(const char *service, const char *host, + const char *realm); #else -TCHAR *Curl_auth_build_spn(const char *service, const char *instance); -#endif - -#if defined(HAVE_GSSAPI) -char *Curl_auth_build_gssapi_spn(const char *service, const char *instance); +TCHAR *Curl_auth_build_spn(const char *service, const char *host, + const char *realm); #endif /* This is used to generate a base64 encoded PLAIN cleartext message */