Serge Semashko added CURLOPT_PROXYAUTH support, and now NTLM for proxies

#include "http_negotiate.h"

#include "url.h"

#include "share.h"

#include "http.h"

#define _MPRINTF_REPLACE /* use our functions only */

#include <curl/mprintf.h>

#include "memdebug.h"

#endif

static CURLcode Curl_output_basic_proxy(struct connectdata *conn);

/* fread() emulation to provide POST and/or request data */

static int readmoredata(char *buffer,

                        size_t size,

  infof(data, "Establish HTTP proxy tunnel to %s:%d\n", hostname, remote_port);

  /*

   * This code currently only supports Basic authentication for this CONNECT

   * request to a proxy.

   */

  if(conn->bits.proxy_user_passwd)

    Curl_output_basic_proxy(conn);

  /* OK, now send the connect request to the proxy */

  result =

    Curl_sendf(tunnelsocket, conn,

  Curl_safefree(conn->allocptr.proxyuserpwd);

  conn->allocptr.proxyuserpwd = NULL;

  Curl_http_auth_stage(data, 401); /* move on to the host auth */

  infof (data, "Proxy replied to CONNECT request\n");

  return CURLE_OK;

}

  return CURLE_OK;

}

static CURLcode Curl_output_basic_proxy(struct connectdata *conn)

{

  char *authorization;

  struct SessionHandle *data=conn->data;

  sprintf(data->state.buffer, "%s:%s", conn->proxyuser, conn->proxypasswd);

  if(Curl_base64_encode(data->state.buffer, strlen(data->state.buffer),

                        &authorization) >= 0) {

    Curl_safefree(conn->allocptr.proxyuserpwd);

    conn->allocptr.proxyuserpwd =

      aprintf("Proxy-authorization: Basic %s\015\012", authorization);

    free(authorization);

  }

  else

    return CURLE_OUT_OF_MEMORY;

  return CURLE_OK;

}

void Curl_http_auth_stage(struct SessionHandle *data,

                          int stage)

{

  if(stage == 401)

    data->state.authwant = data->set.httpauth;

  else if(stage == 407)

    data->state.authwant = data->set.proxyauth;

  else

    return; /* bad input stage */

  data->state.authstage = stage;

  data->state.authavail = CURLAUTH_NONE;

}

CURLcode Curl_http(struct connectdata *conn)

{

  struct SessionHandle *data=conn->data;

  char *ptr;

  char *request;

  if(!data->state.authstage) {

    if(conn->bits.httpproxy)

      Curl_http_auth_stage(data, 407);

    else

      Curl_http_auth_stage(data, 401);

  }

  if(!conn->proto.http) {

    /* Only allocate this struct if we don't already have it! */

     curl_strequal(data->state.auth_host, conn->hostname) ||

     data->set.http_disable_hostname_check_before_authentication) {

  /* Send proxy authentication header if needed */

    if (data->state.authstage == 407) {

#ifdef USE_SSLEAY

      if(data->state.authwant == CURLAUTH_NTLM) {

        result = Curl_output_ntlm(conn, TRUE);

        if(result)

          return result;

      }

      else

#endif

      if((data->state.authwant == CURLAUTH_BASIC) && /* Basic */

         conn->bits.proxy_user_passwd &&

         !checkheaders(data, "Proxy-authorization:")) {

        result = Curl_output_basic_proxy(conn);

        if(result)

          return result;

        /* Switch to web authentication after proxy authentication is done */

        Curl_http_auth_stage(data, 401);

      }

    }

    /* Send web authentication header if needed */

    if (data->state.authstage == 401) {

#ifdef GSSAPI

      if((data->state.authwant == CURLAUTH_GSSNEGOTIATE) &&

         data->state.negotiate.context && 

        }

      }

    }

  }

  if((data->change.referer) && !checkheaders(data, "Referer:")) {

    if(conn->allocptr.ref)

void Curl_httpchunk_init(struct connectdata *conn);

CHUNKcode Curl_httpchunk_read(struct connectdata *conn, char *datap,

                              ssize_t length, ssize_t *wrote);

void Curl_http_auth_stage(struct SessionHandle *data, int stage);

#endif

#endif

    ntlm->state = NTLMSTATE_TYPE3; /* we sent a type-3 */

    /* Switch to web authentication after proxy authentication is done */

    if (proxy)

      Curl_http_auth_stage(conn->data, 401);

  }

  break;

              if(data->set.get_filetime)

                data->info.filetime = k->timeofdoc;

            }

            else if(checkprefix("WWW-Authenticate:", k->p) &&

                    (401 == k->httpcode)) {

            else if((checkprefix("WWW-Authenticate:", k->p) &&

                    (401 == k->httpcode)) ||

                    (checkprefix("Proxy-authenticate:", k->p) &&

                    (407 == k->httpcode))) {

              /*

               * This page requires authentication

               */

              char *start = k->p+strlen("WWW-Authenticate:");

              char *start = (k->httpcode == 407) ? 

                            k->p+strlen("Proxy-authenticate:"): 

                            k->p+strlen("WWW-Authenticate:");

              /*

               * Switch from proxy to web authentication and back if needed

               */

              if (k->httpcode == 407 && data->state.authstage != 407)

                Curl_http_auth_stage(data, 407);

              else if (k->httpcode == 401 && data->state.authstage != 401)

                Curl_http_auth_stage(data, 401);

              /* pass all white spaces */

              while(*start && isspace((int)*start))

                if(data->state.authwant == CURLAUTH_NTLM) {

                  /* NTLM authentication is activated */

                  CURLntlm ntlm =

                    Curl_input_ntlm(conn, FALSE, start);

                    Curl_input_ntlm(conn, k->httpcode == 407, start);

                  if(CURLNTLM_BAD != ntlm)

                    conn->newurl = strdup(data->change.url); /* clone string */

  data->state.errorbuf = FALSE; /* no error has occurred */

  /* set preferred authentication, default to basic */

  data->state.authwant = data->set.httpauth?data->set.httpauth:CURLAUTH_BASIC;

  data->state.authavail = CURLAUTH_NONE; /* nothing so far */

  data->state.authstage = 0; /* initialize authentication later */

  /* If there was a list of cookie files to read and we haven't done it before,

     do it now! */

  data->set.proxytype = CURLPROXY_HTTP; /* defaults to HTTP proxy */

  data->set.httpauth = CURLAUTH_BASIC; /* defaults to basic authentication */

  data->set.proxyauth = CURLAUTH_BASIC; /* defaults to basic authentication */

  /* create an array with connection data struct pointers */

  data->state.numconnects = 5; /* hard-coded right now */

  data->state.connects = (struct connectdata **)

  }

  break;

  case CURLOPT_PROXYAUTH:

    /*

     * Set HTTP Authentication type BITMASK.

     */

  {

    long auth = va_arg(param, long);

    /* switch off bits we can't support */

#ifndef USE_SSLEAY

    auth &= ~CURLAUTH_NTLM; /* no NTLM without SSL */

#endif

#ifndef GSSAPI

    auth &= ~CURLAUTH_GSSNEGOTIATE; /* no GSS-Negotiate without GSSAPI */

#endif

    if(!auth)

      return CURLE_FAILED_INIT; /* no supported types left! */

    data->set.proxyauth = auth;

  }

  break;

  case CURLOPT_USERPWD:

    /*

     * user:password to use in the operation

  /*************************************************************

   * Proxy authentication

   *************************************************************/

#if 0 /* This code is not needed anymore (moved to http.c) */

  if(conn->bits.proxy_user_passwd) {

    char *authorization;

    snprintf(data->state.buffer, BUFSIZE, "%s:%s",

      free(authorization);

    }

  }

#endif

  /*************************************************************

   * Send user-agent to HTTP proxies even if the target protocol