diff -urp -X dontdiff.curl curl-7.21.6-2/include/curl/curl.h curl-7.21.6-2-p3/include/curl/curl.h --- curl-7.21.6-2/include/curl/curl.h 2011-04-22 11:01:50.000000000 -0600 +++ curl-7.21.6-2-p3/include/curl/curl.h 2011-06-28 16:42:41.513379450 -0600 @@ -1476,6 +1476,9 @@ typedef enum { */ CINIT(TRANSFER_ENCODING, LONG, 207), + /* Usually HTTP@host.domain, but not always. */ + CINIT(KRBSVCNAME, OBJECTPOINT, 208), + CURLOPT_LASTENTRY /* the last unused */ } CURLoption; diff -urp -X dontdiff.curl curl-7.21.6-2/lib/http_negotiate.c curl-7.21.6-2-p3/lib/http_negotiate.c --- curl-7.21.6-2/lib/http_negotiate.c 2011-04-22 11:01:50.000000000 -0600 +++ curl-7.21.6-2-p3/lib/http_negotiate.c 2011-06-28 17:01:38.636756659 -0600 @@ -77,18 +77,25 @@ get_gss_name(struct connectdata *conn, b /* IIS uses the @ form but uses 'http' as the service name */ - if(neg_ctx->gss) - service = "KHTTP"; - else - service = "HTTP"; + service = conn->data->set.str[STRING_KRB_SVCNAME]; + if(service && (strchr(service,'@') || strchr(service,'/'))) { + snprintf(name, sizeof(name), "%s", service); + } else { + if(service == NULL) { + if(neg_ctx->gss) + service = "KHTTP"; + else + service = "HTTP"; + } - token.length = strlen(service) + 1 + strlen(proxy ? conn->proxy.name : - conn->host.name) + 1; - if(token.length + 1 > sizeof(name)) - return EMSGSIZE; + token.length = strlen(service) + 1 + strlen(proxy ? conn->proxy.name : + conn->host.name) + 1; + if(token.length + 1 > sizeof(name)) + return EMSGSIZE; - snprintf(name, sizeof(name), "%s@%s", service, proxy ? conn->proxy.name : - conn->host.name); + snprintf(name, sizeof(name), "%s@%s", service, proxy ? conn->proxy.name : + conn->host.name); + } token.value = (void *) name; major_status = gss_import_name(&minor_status, diff -urp -X dontdiff.curl curl-7.21.6-2/lib/url.c curl-7.21.6-2-p3/lib/url.c --- curl-7.21.6-2/lib/url.c 2011-06-21 13:46:22.000000000 -0600 +++ curl-7.21.6-2-p3/lib/url.c 2011-06-28 16:41:58.814412806 -0600 @@ -1992,6 +1992,14 @@ CURLcode Curl_setopt(struct SessionHandl va_arg(param, char *)); data->set.krb = (bool)(NULL != data->set.str[STRING_KRB_LEVEL]); break; + case CURLOPT_KRBSVCNAME: + /* + * A string that defines the kerberos service name, such as KHTTP. + */ + result = setstropt(&data->set.str[STRING_KRB_SVCNAME], + va_arg(param, char *)); + // data->set.krbsvcname = data->set.str[STRING_KRB_LEVEL]; + break; case CURLOPT_SSL_VERIFYPEER: /* * Enable peer SSL verifying. diff -urp -X dontdiff.curl curl-7.21.6-2/lib/urldata.h curl-7.21.6-2-p3/lib/urldata.h --- curl-7.21.6-2/lib/urldata.h 2011-04-22 11:01:50.000000000 -0600 +++ curl-7.21.6-2-p3/lib/urldata.h 2011-06-28 17:02:40.237379275 -0600 @@ -1284,6 +1284,7 @@ enum dupstring { STRING_KEY_PASSWD, /* plain text private key password */ STRING_KEY_TYPE, /* format for private key (default: PEM) */ STRING_KRB_LEVEL, /* krb security level */ + STRING_KRB_SVCNAME, /* krb service */ STRING_NETRC_FILE, /* if not NULL, use this instead of trying to find $HOME/.netrc */ STRING_COPYPOSTFIELDS, /* if POST, set the fields' values here */ diff -urp -X dontdiff.curl curl-7.21.6-2/src/main.c curl-7.21.6-2-p3/src/main.c --- curl-7.21.6-2/src/main.c 2011-04-22 11:01:50.000000000 -0600 +++ curl-7.21.6-2-p3/src/main.c 2011-06-28 17:28:43.156496495 -0600 @@ -551,6 +551,7 @@ struct Configurable { bool crlf; char *customrequest; char *krblevel; + char *krbsvcname; char *trace_dump; /* file to dump the network trace to, or NULL */ FILE *trace_stream; bool trace_fopened; @@ -828,6 +829,7 @@ static void help(void) " --key Private key file name (SSL/SSH)", " --key-type Private key file type (DER/PEM/ENG) (SSL)", " --krb Enable Kerberos with specified security level (F)", + " --krb-svc-name Set Kerberos name of service (H)", " --libcurl Dump libcurl equivalent code of this command line", " --limit-rate Limit transfer speed to this rate", " -J/--remote-header-name Use the header-provided filename (H)", @@ -1864,6 +1866,7 @@ static ParameterError getparameter(char {"$h", "retry-delay", TRUE}, {"$i", "retry-max-time", TRUE}, {"$k", "proxy-negotiate", FALSE}, + {"$l", "krb-svc-name", TRUE}, {"$m", "ftp-account", TRUE}, {"$n", "proxy-anyauth", FALSE}, {"$o", "trace-time", FALSE}, @@ -2344,13 +2347,15 @@ static ParameterError getparameter(char if(str2num(&config->retry_maxtime, nextarg)) return PARAM_BAD_NUMERIC; break; - case 'k': /* --proxy-negotiate */ if(curlinfo->features & CURL_VERSION_GSSNEGOTIATE) config->proxynegotiate = toggle; else return PARAM_LIBCURL_DOESNT_SUPPORT; break; + case 'l': /* --krb-svc-name */ + GetStr(&config->krbsvcname, nextarg); + break; case 'm': /* --ftp-account */ GetStr(&config->ftp_account, nextarg); break; @@ -4048,6 +4053,8 @@ static void free_config_fields(struct Co free(config->cookiefile); if(config->krblevel) free(config->krblevel); + if(config->krbsvcname) + free(config->krbsvcname); if(config->headerfile) free(config->headerfile); if(config->ftpport) @@ -5333,6 +5340,7 @@ operate(struct Configurable *config, int my_setopt(curl, CURLOPT_HTTPPROXYTUNNEL, config->proxytunnel); my_setopt_str(curl, CURLOPT_INTERFACE, config->iface); my_setopt_str(curl, CURLOPT_KRBLEVEL, config->krblevel); + my_setopt_str(curl, CURLOPT_KRBSVCNAME, config->krbsvcname); progressbarinit(&progressbar, config); if((config->progressmode == CURL_PROGRESS_BAR) &&