On Tue, 2014-07-15 at 13:18 +0200, Michael Osipov wrote: > Am 2014-07-13 22:22, schrieb David Woodhouse: > > On Sun, 2014-07-13 at 11:31 +0200, Michael Osipov wrote: > >> > >> Please have a look: > >> https://github.com/michael-o/curl/commit/b78ad621d45f537dfde745e961427257f1e1fc2d > >> > >> Work is based on top of your patches. > > > > That really wants splitting into individual patches to make it readable. > > David, > > I have split the patch apart and added some more bugfixes I did not > notice before. > > Please have a look again: > https://github.com/michael-o/curl/compare/a6bf4636e4...1047baf0e3 > > I'll test that by the end of the week and make a complete patch proposal > if everything is fine.
> Michael Osipov (7):
> Added missing ifdef to Curl_http_done if GSS-API or SSPI is not available
I've merged that fix into the patch which introduced that bug now; thanks.
> Add macros for the most common GSS-API mechs and pass them to
That commit subject is truncated (you can't wrap lines there). And I
don't like the patch either. I think this wants to be an enum, as
discussed. That way we can end up presenting the same API for our GSSAPI
and SSPI implementations, and the code which *uses* them can be the
same.
> Remove checkprefix("GSS-Negotiate")
OK... but you're about to add half of this back again to handle
'WWW-Authenticate: Kerberos'. You'll need the 'protocol' member of
negotiatedata back again then, and the 'gss' member becomes 'spnego',
right? So perhaps it makes sense to remove GSS-Negotiate and add
Kerberos in the *same* patch, rather than in separate patches? Or at
least do them in consecutive patches.
> Add feature and version info for GSS-API (like with SSPI)
> Deprecate GSS-Negotiate related macros due to bad naming
These two look sane enough; not my area of expertise.
> Make Negotiate (SPNEGO) auth CLI options and help available only if
Truncated again. But also looks sane apart from that.
> Improve inline GSS-API naming in code documentation
Not so keen on this one either. I think 'GSSAPI' was better than 'GSS-API'.
> @Steve Holme, can you kindly take a look at the changes SSPI code. That
> was necessary to unify stuff and make it compile on Windows too.
FWIW the SSPI code can be tested under Linux, at least for NTLM — Wine
implements SSPI single-sign-on using the same Samba ntlm_auth helper
that the ntlm_wb authentication method does.
So I can build with mingw32 (cursing the AC_TRY_RUN things in
configure.ac which cause it to invoke wine during the *build* process),
and then do something like:
wine src/curl.exe --ntlm -u : -v $URL
... and see it automatically authenticate using my credentials from
winbind.
I note that '--anyauth' doesn't work. And neither does '-u dwoodhou:'
despite the username being *required* for the Linux build when using
--ntlm-wb (before my patches to fix that, of course).
--
David Woodhouse Open Source Technology Centre
david.woodho...@intel.com Intel Corporation
smime.p7s
Description: S/MIME cryptographic signature
------------------------------------------------------------------- List admin: http://cool.haxx.se/list/listinfo/curl-library Etiquette: http://curl.haxx.se/mail/etiquette.html
