Commit ebf42c4b authored by Adam Tkac's avatar Adam Tkac Committed by Kamil Dudka
Browse files

Add new CURLOPT_GSSAPI_DELEGATION option. 



Curl_gss_init_sec_context got new parameter - SessionHandle.

Signed-off-by: default avatarAdam Tkac <atkac@redhat.com>
parent 7688a99b

RELEASE-NOTES

+2 −1
Original line number Diff line number Diff line
@@ -2,13 +2,14 @@ Curl and libcurl 7.21.8 


 Public curl releases:         124

 Command line options:         144

 curl_easy_setopt() options:   186

 curl_easy_setopt() options:   187

 Public functions in libcurl:  58

 Known libcurl bindings:       39

 Contributors:                 868



This release includes the following changes:



 o Added CURLOPT_GSSAPI_DELEGATION

 o 



This release includes the following bugfixes:

docs/libcurl/curl_easy_setopt.3

+4 −0
Original line number Diff line number Diff line
@@ -2109,6 +2109,10 @@ of these, 'private' will be used. Set the string to NULL to disable kerberos 
support for FTP.



(This option was known as CURLOPT_KRB4LEVEL up to 7.16.3)

.IP CURLOPT_GSSAPI_DELEGATION

Set the parameter to 1 to allow GSSAPI credential delegation.  The delegation

is disabled by default since 7.21.7.

(Added in 7.21.8)

.SH SSH OPTIONS

.IP CURLOPT_SSH_AUTH_TYPES

Pass a long set to a bitmask consisting of one or more of

include/curl/curl.h

+3 −0
Original line number Diff line number Diff line
@@ -1484,6 +1484,9 @@ typedef enum { 
  CINIT(CLOSESOCKETFUNCTION, FUNCTIONPOINT, 208),

  CINIT(CLOSESOCKETDATA, OBJECTPOINT, 209),



  /* allow GSSAPI credential delegation */

  CINIT(GSSAPI_DELEGATION, LONG, 210),



  CURLOPT_LASTENTRY /* the last unused */

} CURLoption;

lib/curl_gssapi.c

+8 −2
Original line number Diff line number Diff line
@@ -27,6 +27,7 @@ 
#include "curl_gssapi.h"



OM_uint32 Curl_gss_init_sec_context(

    const struct SessionHandle *data,

    OM_uint32 * minor_status,

    gss_ctx_id_t * context,

    gss_name_t target_name,
@@ -35,13 +36,18 @@ OM_uint32 Curl_gss_init_sec_context( 
    gss_buffer_t output_token,

    OM_uint32 * ret_flags)

{

  OM_uint32 req_flags;



  req_flags = GSS_C_MUTUAL_FLAG | GSS_C_REPLAY_FLAG;

  if (data->set.gssapi_delegation)

    req_flags |= GSS_C_DELEG_FLAG;



  return gss_init_sec_context(minor_status,

                              GSS_C_NO_CREDENTIAL, /* cred_handle */

                              context,

                              target_name,

                              GSS_C_NO_OID, /* mech_type */

                              /* req_flags */

                              GSS_C_MUTUAL_FLAG | GSS_C_REPLAY_FLAG,

                              req_flags,

                              0, /* time_req */

                              input_chan_bindings,

                              input_token,

lib/curl_gssapi.h

+2 −0
Original line number Diff line number Diff line
@@ -23,6 +23,7 @@ 
 ***************************************************************************/



#include "setup.h"

#include "urldata.h"



#ifdef HAVE_GSSAPI
@@ -42,6 +43,7 @@ 
/* Common method for using gss api */



OM_uint32 Curl_gss_init_sec_context(

    const struct SessionHandle *data,

    OM_uint32 * minor_status,

    gss_ctx_id_t * context,

    gss_name_t target_name,