curl-library
Re: Re: Re: http_negotiate_sspi.c in CURL 7.21.7 doesn't allow to pass user/password
From: Michael-O <1983-01-06_at_gmx.net>
Date: Thu, 3 Jul 2014 15:00:08 +0200
------------------------------------------------------------------- List admin: http://cool.haxx.se/list/listinfo/curl-library Etiquette: http://curl.haxx.se/mail/etiquette.html
Date: Thu, 3 Jul 2014 15:00:08 +0200
Refer to known bug #10: http://curl.haxx.se/docs/knownbugs.html
If this is fixed, you need to do this only:
$ curl --(negotiate|ntlm) <url>
on Windows, credentials are obtained by SSPI and SSPI only. No manual passing. This is default on Windows with every implemenation on top of SSPI.
Gesendet: Donnerstag, 03. Juli 2014 um 13:46 Uhr
Von: "Leonardo Rosati" <geppio1975@gmail.com>
An: "libcurl development" <curl-library@cool.haxx.se>
Betreff: Re: Re: http_negotiate_sspi.c in CURL 7.21.7 doesn't allow to pass user/password
Von: "Leonardo Rosati" <geppio1975@gmail.com>
An: "libcurl development" <curl-library@cool.haxx.se>
Betreff: Re: Re: http_negotiate_sspi.c in CURL 7.21.7 doesn't allow to pass user/password
What behavior is correct? the one in negotiate http_negotiate-sspi.c which doesn't use the credentials? if so, why is it correct? and why it's different from ntlm method?
2014-07-03 12:40 GMT+02:00 Michael-O <1983-01-06@gmx.net>:
That behavior is correct.
Gesendet: Donnerstag, 03. Juli 2014 um 12:31 Uhr
Von: "Leonardo Rosati" <geppio1975@gmail.com>
An: "libcurl development" <curl-library@cool.haxx.se>
Betreff: Re: http_negotiate_sspi.c in CURL 7.21.7 doesn't allow to pass user/passwordnegotiate method should be changed.I don't think so. The intention in both is to have credentials already present at/after login time. At least for NTLM on Windows and SPNEGO on all platforms.
I've tried debugging with WireShark with a proxy with negotiation (ISA Server) and CURL does not pass user/password to the proxy even if specified. The machine is authenticated just in case it is part of the domain.
Code in http_negotiate-sspi.c is different from the http_ntlm.c, which, correctly, passes username/password
Anyone has verified negotiation passes credentials?
leonardo
2014-06-27 22:27 GMT+02:00 Michael Osipov <1983-01-06@gmx.net>:Am 2014-06-27 11:11, schrieb Leonardo Rosati:
hi,
looking at the source code of http_negotiate-sspi.c the code doesn't use
the user/password in case they are passed by the user, in practice assuming
the proxy to authenticate the connection based on if the machine is in the
domain or not.
instead the code for ntlm is different: it passes user/password in case
they are not empty and so user/password are used for authentication
purposes.
I think the correct behavior is the one for ntlm and therefore the
Michael
-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-library[http://cool.haxx.se/list/listinfo/curl-library]
Etiquette: http://curl.haxx.se/mail/etiquette.html[http://curl.haxx.se/mail/etiquette.html]------------------------------------------------------------------- List admin: http://cool.haxx.se/list/listinfo/curl-library[http://cool.haxx.se/list/listinfo/curl-library] Etiquette: http://curl.haxx.se/mail/etiquette.html[http://curl.haxx.se/mail/etiquette.html]
-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette: http://curl.haxx.se/mail/etiquette.html
-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette: http://curl.haxx.se/mail/etiquette.html
Received on 2014-07-03