7293378155
- fix SIGSEGV of curl -O -J given more than one URLs (#723075) - introduce the --delegation option of curl (#730444) - initialize NSS with no database if the selected database is broken (#728562)
132 lines
4.6 KiB
Diff
132 lines
4.6 KiB
Diff
From 9698db7fd56b08cc8f9bdeb2182bc9afdbcb4f90 Mon Sep 17 00:00:00 2001
|
|
From: Daniel Stenberg <daniel@haxx.se>
|
|
Date: Fri, 12 Aug 2011 14:48:32 +0200
|
|
Subject: [PATCH 1/2] added --delegation
|
|
|
|
Using this option with an argument being set to one of
|
|
none/policy/always instructs libcurl how to deal with GSS
|
|
credentials. Or rather how it tells the server that delegation is fine
|
|
or not.
|
|
|
|
Signed-off-by: Kamil Dudka <kdudka@redhat.com>
|
|
---
|
|
src/main.c | 29 ++++++++++++++++++++++++++---
|
|
1 files changed, 26 insertions(+), 3 deletions(-)
|
|
|
|
diff --git a/src/main.c b/src/main.c
|
|
index d85bf62..3a2595c 100644
|
|
--- a/src/main.c
|
|
+++ b/src/main.c
|
|
@@ -659,6 +659,7 @@ struct Configurable {
|
|
basically each given URL to transfer */
|
|
struct OutStruct *outs;
|
|
bool xattr; /* store metadata in extended attributes */
|
|
+ long gssapi_delegation;
|
|
};
|
|
|
|
#define WARN_PREFIX "Warning: "
|
|
@@ -817,6 +818,7 @@ static void help(void)
|
|
" --data-binary <data> HTTP POST binary data (H)",
|
|
" --data-urlencode <name=data/name@filename> "
|
|
"HTTP POST data url encoded (H)",
|
|
+ " --delegation STRING GSS-API delegation permission",
|
|
" --digest Use HTTP Digest Authentication (H)",
|
|
" --disable-eprt Inhibit using EPRT or LPRT (F)",
|
|
" --disable-epsv Inhibit using EPSV (F)",
|
|
@@ -1823,6 +1825,18 @@ static int sockoptcallback(void *clientp, curl_socket_t curlfd,
|
|
return 0;
|
|
}
|
|
|
|
+static long delegation(struct Configurable *config,
|
|
+ char *str)
|
|
+{
|
|
+ if(curlx_raw_equal("none", str))
|
|
+ return CURLGSSAPI_DELEGATION_NONE;
|
|
+ if(curlx_raw_equal("policy", str))
|
|
+ return CURLGSSAPI_DELEGATION_POLICY_FLAG;
|
|
+ if(curlx_raw_equal("always", str))
|
|
+ return CURLGSSAPI_DELEGATION_FLAG;
|
|
+ warnf(config, "unrecognized delegation method '%s', using none\n", str);
|
|
+ return CURLGSSAPI_DELEGATION_NONE;
|
|
+}
|
|
|
|
static ParameterError getparameter(char *flag, /* f or -long-flag */
|
|
char *nextarg, /* NULL if unset */
|
|
@@ -1942,6 +1956,7 @@ static ParameterError getparameter(char *flag, /* f or -long-flag */
|
|
{"$D", "proto", TRUE},
|
|
{"$E", "proto-redir", TRUE},
|
|
{"$F", "resolve", TRUE},
|
|
+ {"$G", "delegation", TRUE},
|
|
{"0", "http1.0", FALSE},
|
|
{"1", "tlsv1", FALSE},
|
|
{"2", "sslv2", FALSE},
|
|
@@ -2516,6 +2531,9 @@ static ParameterError getparameter(char *flag, /* f or -long-flag */
|
|
if(err)
|
|
return err;
|
|
break;
|
|
+ case 'G': /* --delegation LEVEL */
|
|
+ config->gssapi_delegation = delegation(config, nextarg);
|
|
+ break;
|
|
}
|
|
break;
|
|
case '#': /* --progress-bar */
|
|
@@ -5564,9 +5582,14 @@ operate(struct Configurable *config, int argc, argv_item_t argv[])
|
|
/* new in 7.21.3 */
|
|
my_setopt(curl, CURLOPT_RESOLVE, config->resolve);
|
|
|
|
- /* TODO: new in ### */
|
|
- curl_easy_setopt(curl, CURLOPT_TLSAUTH_USERNAME, config->tls_username);
|
|
- curl_easy_setopt(curl, CURLOPT_TLSAUTH_PASSWORD, config->tls_password);
|
|
+ /* new in 7.21.4 */
|
|
+ my_setopt_str(curl, CURLOPT_TLSAUTH_USERNAME, config->tls_username);
|
|
+ my_setopt_str(curl, CURLOPT_TLSAUTH_PASSWORD, config->tls_password);
|
|
+
|
|
+ /* new in 7.22.0 */
|
|
+ if(config->gssapi_delegation)
|
|
+ my_setopt_str(curl, CURLOPT_GSSAPI_DELEGATION,
|
|
+ config->gssapi_delegation);
|
|
|
|
retry_numretries = config->req_retry;
|
|
|
|
--
|
|
1.7.4.4
|
|
|
|
|
|
From 8e404e1c3846cc98a1977514af5b0432ae2de755 Mon Sep 17 00:00:00 2001
|
|
From: Daniel Stenberg <daniel@haxx.se>
|
|
Date: Fri, 12 Aug 2011 23:51:41 +0200
|
|
Subject: [PATCH 2/2] docs: --delegation
|
|
|
|
|
|
Signed-off-by: Kamil Dudka <kdudka@redhat.com>
|
|
---
|
|
docs/curl.1 | 12 ++++++++++++
|
|
1 files changed, 12 insertions(+), 0 deletions(-)
|
|
|
|
diff --git a/docs/curl.1 b/docs/curl.1
|
|
index 812b2eb..eee3481 100644
|
|
--- a/docs/curl.1
|
|
+++ b/docs/curl.1
|
|
@@ -320,6 +320,18 @@ URL-encode that data and pass it on in the POST. The name part gets an equal
|
|
sign appended, resulting in \fIname=urlencoded-file-content\fP. Note that the
|
|
name is expected to be URL-encoded already.
|
|
.RE
|
|
+.IP "--delegation LEVEL"
|
|
+Set \fILEVEL\fP to tell the server what it is allowed to delegate when it
|
|
+comes to user credentials. Used with GSS/kerberos.
|
|
+.RS
|
|
+.IP "none"
|
|
+Don't allow any delegation.
|
|
+.IP "policy"
|
|
+Delegates if and only if the OK-AS-DELEGATE flag is set in the Kerberos
|
|
+service ticket, which is a matter of realm policy.
|
|
+.IP "always"
|
|
+Unconditionally allow the server to delegate.
|
|
+.RE
|
|
.IP "--digest"
|
|
(HTTP) Enables HTTP Digest authentication. This is a authentication that
|
|
prevents the password from being sent over the wire in clear text. Use this in
|
|
--
|
|
1.7.4.4
|
|
|