cURL / Mailing Lists / curl-library / Single Mail

curl-library

Re: Re: http_negotiate_sspi.c in CURL 7.21.7 doesn't allow to pass user/password

From: Leonardo Rosati <geppio1975_at_gmail.com>
Date: Thu, 3 Jul 2014 13:46:58 +0200

What behavior is correct? the one in negotiate http_negotiate-sspi.c which
doesn't use the credentials? if so, why is it correct? and why it's
different from ntlm method?

2014-07-03 12:40 GMT+02:00 Michael-O <1983-01-06_at_gmx.net>:

> That behavior is correct.
>
>
>
> Gesendet: Donnerstag, 03. Juli 2014 um 12:31 Uhr
> Von: "Leonardo Rosati" <geppio1975_at_gmail.com>
> An: "libcurl development" <curl-library_at_cool.haxx.se>
> Betreff: Re: http_negotiate_sspi.c in CURL 7.21.7 doesn't allow to pass
> user/password
>
> I've tried debugging with WireShark with a proxy with negotiation (ISA
> Server) and CURL does not pass user/password to the proxy even if
> specified. The machine is authenticated just in case it is part of the
> domain.
> Code in http_negotiate-sspi.c is different from the http_ntlm.c, which,
> correctly, passes username/password
> Anyone has verified negotiation passes credentials?
> leonardo
>
> 2014-06-27 22:27 GMT+02:00 Michael Osipov <1983-01-06_at_gmx.net>:Am
> 2014-06-27 11:11, schrieb Leonardo Rosati:
> hi,
>
> looking at the source code of http_negotiate-sspi.c the code doesn't use
> the user/password in case they are passed by the user, in practice assuming
> the proxy to authenticate the connection based on if the machine is in the
> domain or not.
> instead the code for ntlm is different: it passes user/password in case
> they are not empty and so user/password are used for authentication
> purposes.
>
> I think the correct behavior is the one for ntlm and therefore the
> negotiate method should be changed.I don't think so. The intention in both
> is to have credentials already present at/after login time. At least for
> NTLM on Windows and SPNEGO on all platforms.
>
> Michael
>
> -------------------------------------------------------------------
> List admin:
> http://cool.haxx.se/list/listinfo/curl-library[http://cool.haxx.se/list/listinfo/curl-library]
> Etiquette:
> http://curl.haxx.se/mail/etiquette.html[http://curl.haxx.se/mail/etiquette.html]-------------------------------------------------------------------
> List admin:
> http://cool.haxx.se/list/listinfo/curl-library[http://cool.haxx.se/list/listinfo/curl-library]
> Etiquette:
> http://curl.haxx.se/mail/etiquette.html[http://curl.haxx.se/mail/etiquette.html]
>
> -------------------------------------------------------------------
> List admin: http://cool.haxx.se/list/listinfo/curl-library
> Etiquette: http://curl.haxx.se/mail/etiquette.html
>

-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette: http://curl.haxx.se/mail/etiquette.html
Received on 2014-07-03