curl-library
Re: Patch to allow GSSAPI authentication to a socks5 server
Date: Sun, 11 Jan 2009 19:01:07 -0000
"Markus Moeller" <huaraz_at_moeller.plus.com> wrote in message
news:gkdbjq$69v$1_at_ger.gmane.org...
> Please find attached a patch to curl 7.19.2 which adds Socks5 GSSAPI
> authentication. It works on Unix and Windows.
>
> I added two options:
>
> --socks5-gssapi-service <servicename> SOCKS5 proxy service name for
> gssapi
> --socks5-gssapi-nec Compatibility with NEC SOCKS5 server
>
> The default service name for a socks server is rcmd/server-fqdn and the
> first option allows you to change it.
> Examples
> --socks5 proxy-name --socks5-gssapi-service sockd would use
> sockd/proxy-name
> --socks5 proxy-name --socks5-gssapi-service sockd/real-name would use
> sockd/real-name for cases the proxy-name does not match the princpal name.
>
> As part of the gssapi negotiation a protection mode is negotiated. The
> rfc1961 says in section 4.3/4.4 it should be protected, but the NEC
> reference implementation does not.
> The option --socks5-gssapi-nec allows the unprotected exchange of the
> protection mode negotiation.
>
> Any feedback is appreciated.
>
> Regards
> Markus
>
A typical verbose output looks like:
curl.exe -vv --socks5 opensuse11.suse.home --socks5-gssapi-nec
ftp://ftp.mirrorservice.org
* About to connect() to proxy opensuse11.suse.home port 1080 (#0)
* Trying 192.168.1.27... connected
* SOCKS5 server authencticated user Administrator_at_WIN2003R2.HOME with
gssapi.
* SOCKS5 server supports gssapi confidentiality data protection.
* SOCKS5 access without gssapi data protection granted.
* Connected to opensuse11.suse.home (192.168.1.27) port 1080 (#0)
< 220 UK Mirror Service FTP server version 1.4 ready
> USER anonymous
< 331 Guest login ok: please send your email address as the password
> PASS ftp_at_example.com
< 230- Welcome to the University of Kent's UK Mirror Service
< 230-
< 230- More information can be found at our web site:
http://www.mirrorservice.
org/
< 230- Please send comments or questions to help_at_mirrorservice.org
< 230-
< 230- Please use rsync.mirrorservice.org for rsync access rather than
< 230- ftp.mirrorservice.org.
< 230-
< 230 Logged in for anonymous FTP
> PWD
< 257 "/" is current directory
* Entry path is '/'
> EPSV
* Connect data stream passively
< 500 Unknown command `EPSV'
* disabling EPSV usage
> PASV
< 227 Entering Passive Mode (212,219,56,132,167,195)
* Trying 192.168.1.27... connected
* Connecting to 212.219.56.132 (192.168.1.27) port 1080
* SOCKS5 server authencticated user Administrator_at_WIN2003R2.HOME with
gssapi.
* SOCKS5 server supports gssapi confidentiality data protection.
* SOCKS5 access without gssapi data protection granted.
> TYPE A
< 200 Type set to A
> LIST
< 150 About to open data connection
* Maxdownload = -1
drwxr-xr-x 1 ukms ukms 1024 Jan 11 00:00 indexes
drwxr-xr-x 2 ukms ukms 4096 Oct 2 16:53 pub
drwxr-xr-x 1 ukms ukms 1024 Jan 11 00:00 sites
drwxr-xr-x 2 ukms ukms 4096 Oct 18 2007 ukms
* Remembering we are in dir ""
< 226 Transfer complete
* Connection #0 to host ftp.mirrorservice.org left intact
> QUIT
< 221 Goodbye
* Closing connection #0
Markus
Received on 2009-01-11