From 9d6dd7bc1dea42ae8e710aeae714e2a2c290de61 Mon Sep 17 00:00:00 2001

From: Daniel Stenberg <daniel@haxx.se>

Date: Fri, 10 Mar 2023 09:22:43 +0100

Subject: [PATCH] url: only reuse connections with same GSS delegation

Reported-by: Harry Sintonen

Closes #10731

Upstream-commit: cb49e67303dbafbab1cebf4086e3ec15b7d56ee5

Signed-off-by: Kamil Dudka <kdudka@redhat.com>

---

 lib/url.c     | 6 ++++++

 lib/urldata.h | 1 +

 2 files changed, 7 insertions(+)

diff --git a/lib/url.c b/lib/url.c

index 3b11b7e..cbbc7f3 100644

--- a/lib/url.c

+++ b/lib/url.c

@@ -1371,6 +1371,11 @@ ConnectionExists(struct Curl_easy *data,

         }

       }

+      /* GSS delegation differences do not actually affect every connection

+         and auth method, but this check takes precaution before efficiency */

+      if(needle->gssapi_delegation != check->gssapi_delegation)

+        continue;

+

       /* If multiplexing isn't enabled on the h2 connection and h1 is

          explicitly requested, handle it: */

       if((needle->handler->protocol & PROTO_FAMILY_HTTP) &&

@@ -1838,6 +1843,7 @@ static struct connectdata *allocate_conn(struct Curl_easy *data)

   conn->fclosesocket = data->set.fclosesocket;

   conn->closesocket_client = data->set.closesocket_client;

   conn->lastused = Curl_now(); /* used now */

+  conn->gssapi_delegation = data->set.gssapi_delegation;

   return conn;

   error:

diff --git a/lib/urldata.h b/lib/urldata.h

index ce90304..9e16f26 100644

--- a/lib/urldata.h

+++ b/lib/urldata.h

@@ -1124,6 +1124,7 @@ struct connectdata {

   unsigned char transport; /* one of the TRNSPRT_* defines */

   unsigned char ip_version; /* copied from the Curl_easy at creation time */

   unsigned char httpversion; /* the HTTP version*10 reported by the server */

+  unsigned char gssapi_delegation; /* inherited from set.gssapi_delegation */

 };

 /* The end of connectdata. */

-- 

2.39.2