cURL / Mailing Lists / curl-library / Single Mail

curl-library

Re: introduced an auth callback

From: Jeff King <peff_at_peff.net>
Date: Wed, 16 May 2012 21:27:21 -0400

On Wed, May 16, 2012 at 10:23:21PM +0200, Daniel Stenberg wrote:

> >> 2. When the auth type is CURLAUTH_TYPE_PROXY, the URL field still
> >> contains the destination server's URL.
> [...]
> >Also a good catch. But is the url really helpful for proxy auth?
> [...]
>
> As I've understood the problem, an application doesn't necesarily
> know which proxy it uses before-hand! If you allow the user to
> specify it somehow in an argument or config file the program have to
> make a rather complicated parsing to extract the info, but if the
> proxy information is passed in as an environment variable the
> application doesn't necessarily know about it at all until libcurl
> detects it. Or it needs to re-implement libcurls environment variable
> logic to catch the correct proxy to figure it out. Complicated
> alternatives that would be much easier solved if libcurl told the app
> about what it figured out.

Exactly. We tried making proxy authentication in git work like our http
authentication, but we ended up reimplementing non-trivial parts of curl
(the environment rules for finding a proxy, and especially the no_proxy
rules).

I don't particularly mind if it is curl_easy_getinfo, or if it is part
of the auth_info struct. Though it seemed in the earlier discussion you
wanted to avoid allowing arbitrary curl functions during a callback, so
that makes the former more complicated.

> >> The simplest thing for me would be if CURL called an auth callback
> >> (either a separate one, or the same one with an extra flag) to say
> >> "yes, I made a successful request to URL X with username Y and
> >> password Z".
> [...]

Thinking on it more, I think it would be sufficient to check
CURLINFO_EFFECTIVE_URL on a successful request, and I could correlate
that with our set of credentials. It could be made even simpler if you
could curl_easy_getinfo the username/password used, but for git, it
doesn't matter; we would keep the credentials around past the auth
callback anyway, because we will be making multiple requests to the same
place.

-Peff
-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette: http://curl.haxx.se/mail/etiquette.html
Received on 2012-05-17

This message: [ Message body ]
Next message: Steve Holme: "RE: Dot character as first character in smtp email"
Previous message: Joe Mason: "RE: introduced an auth callback"
In reply to: Daniel Stenberg: "RE: introduced an auth callback"
Next in thread: Joe Mason: "RE: introduced an auth callback"
Reply: Joe Mason: "RE: introduced an auth callback"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]