Hi!

I tried to use cURL with the proxy authentication mechanisms using Windows
SSPI. Everything works fine, but the library is missing one feature
available in native windows authentication. If the username and password
are not set (NULL), the app should pass a null pointer to the
AcquireCredentialsHandleA function. This enables it to use the default
credentials of the currently logged in user. From what I've seen the code
in http_ntlm.c file is ready and works as expected. The only problem is
the line 4257 in url.c:

  conn->bits.proxy_user_passwd =
        (bool)(NULL != data->set.str[STRING_PROXYUSERNAME]);

It assumes that the username MUST be set at all times, and if it's not,
the authentication mechanism will never be called. For me this solution
works perfectly:

  conn->bits.proxy_user_passwd =
#ifdef USE_WINDOWS_SSPI
        conn->bits.proxy;
#else
        (bool)(NULL != data->set.str[STRING_PROXYUSERNAME]);
#endif

Thanks to this change if you're using SSPI and set a proxy name, the code
ignores the proxy_user_passwd bits by setting the same value as proxy
bits. I don't know if it's possible to add this fragment to the library.
If you see any drawbacks please let me know. If not maybe it would be
possible to add this feature to the next cURL build?
Received on 2009-06-26