cURL / Mailing Lists / curl-library / Single Mail

curl-library

Re: http_negotiate_sspi.c in CURL 7.21.7 doesn't allow to pass user/password

From: Leonardo Rosati <geppio1975_at_gmail.com>
Date: Thu, 3 Jul 2014 12:31:22 +0200

I've tried debugging with WireShark with a proxy with negotiation (ISA
Server) and CURL does not pass user/password to the proxy even if
specified. The machine is authenticated just in case it is part of the
domain.
Code in http_negotiate-sspi.c is different from the http_ntlm.c, which,
correctly, passes username/password

Anyone has verified negotiation passes credentials?

leonardo

2014-06-27 22:27 GMT+02:00 Michael Osipov <1983-01-06_at_gmx.net>:

> Am 2014-06-27 11:11, schrieb Leonardo Rosati:
>
> hi,
>>
>> looking at the source code of http_negotiate-sspi.c the code doesn't use
>> the user/password in case they are passed by the user, in practice
>> assuming
>> the proxy to authenticate the connection based on if the machine is in the
>> domain or not.
>> instead the code for ntlm is different: it passes user/password in case
>> they are not empty and so user/password are used for authentication
>> purposes.
>>
>> I think the correct behavior is the one for ntlm and therefore the
>> negotiate method should be changed.
>>
>
> I don't think so. The intention in both is to have credentials already
> present at/after login time. At least for NTLM on Windows and SPNEGO on all
> platforms.
>
> Michael
>
> -------------------------------------------------------------------
> List admin: http://cool.haxx.se/list/listinfo/curl-library
> Etiquette: http://curl.haxx.se/mail/etiquette.html

-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette: http://curl.haxx.se/mail/etiquette.html
Received on 2014-07-03