Loading CHANGES +5 −0 Original line number Original line Diff line number Diff line Loading @@ -7,6 +7,11 @@ Changelog Changelog Daniel (10 June) Daniel (10 June) - Daniel Kouril added HTTP Negotiate authentication support, as defined in the IETF draft draft-brezak-spnego-http-04.txt. In use already by various Microsoft web applications. CURLOPT_HTTPNEGOTIATE and --negotiate are the new family members. - A missing ending bracket (']') while doing URL globbing could lead to a - A missing ending bracket (']') while doing URL globbing could lead to a segfault. While fixing this, I also introduced better error reporting in the segfault. While fixing this, I also introduced better error reporting in the globbing code. (All this is application code outside libcurl.) globbing code. (All this is application code outside libcurl.) Loading configure.ac +57 −0 Original line number Original line Diff line number Diff line Loading @@ -454,6 +454,63 @@ else AC_MSG_RESULT(no) AC_MSG_RESULT(no) fi fi dnl ********************************************************************** dnl Check for GSS-API libraries dnl ********************************************************************** AC_ARG_WITH(gssapi-includes, AC_HELP_STRING([--with-gssapi-includes=DIR], [Specify location of GSSAPI header]), [ GSSAPI_INCS="-I$withval" want_gss="yes" ] ) AC_ARG_WITH(gssapi-libs, AC_HELP_STRING([--with-gssapi-libs=DIR], [Specify location of GSSAPI libs]), [ GSSAPI_LIBS="-L$withval -lgssapi" want_gss="yes" ] ) AC_ARG_WITH(gssapi, AC_HELP_STRING([--with-gssapi=DIR], [Where to look for GSSAPI]), [ GSSAPI_ROOT="$withval" want_gss="yes" ] ) AC_MSG_CHECKING([if GSSAPI support is requested]) if test x"$want_gss" = xyes; then if test -z "$GSSAPI_INCS"; then if test -f "$GSSAPI_ROOT/bin/krb5-config"; then gss_cppflags=`$GSSAPI_ROOT/bin/krb5-config --cflags gssapi` CPPFLAGS="$CPPFLAGS $gss_cppflags" else CPPFLAGS="$GSSAPI_ROOT/include" fi else CPPFLAGS="$CPPFLAGS $GSSAPI_INCS" fi if test -z "$GSSAPI_LIB_DIR"; then if test -f "$GSSAPI_ROOT/bin/krb5-config"; then gss_ldflags=`$GSSAPI_ROOT/bin/krb5-config --libs gssapi` LDFLAGS="$LDFLAGS $gss_ldflags" else LDFLAGS="$LDFLAGS $GSSAPI_ROOT/lib -lgssapi" fi else LDFLAGS="$LDFLAGS $GSSAPI_LIB_DIR" fi AC_MSG_RESULT(yes) AC_DEFINE(GSSAPI, 1, [if you have the gssapi libraries]) else AC_MSG_RESULT(no) fi dnl Detect the pkg-config tool, as it may have extra info about the dnl Detect the pkg-config tool, as it may have extra info about the dnl openssl installation we can use. I *believe* this is what we are dnl openssl installation we can use. I *believe* this is what we are dnl expected to do on really recent Redhat Linux hosts. dnl expected to do on really recent Redhat Linux hosts. Loading docs/curl.1 +8 −0 Original line number Original line Diff line number Diff line Loading @@ -184,6 +184,14 @@ method than the default Basic method, and prevents the password from being sent over the wire in clear text. Use this in combination with the normal sent over the wire in clear text. Use this in combination with the normal -u/--user option to set user name and password. (Option added in curl 7.10.6) -u/--user option to set user name and password. (Option added in curl 7.10.6) If this option is used several times, each occurrence will toggle this on/off. .IP "--negotiate" (HTTP) Enables Negotiate authentication. The Negotiate method was designed by Microsoft and is used in their web aplications. It is primarily meant as a support for Kerberos5 authentication but may be also used along with another authentication methods. For more information see IETF draft draft-brezak-spnego-http-04.txt. If this option is used several times, each occurrence will toggle this on/off. If this option is used several times, each occurrence will toggle this on/off. .IP "--disable-epsv" .IP "--disable-epsv" (FTP) Tell curl to disable the use of the EPSV command when doing passive FTP (FTP) Tell curl to disable the use of the EPSV command when doing passive FTP Loading docs/libcurl/curl_easy_setopt.3 +20 −4 Original line number Original line Diff line number Diff line Loading @@ -272,7 +272,7 @@ The main point of this would be that the write callback gets called more often and with smaller chunks. This is just treated as a request, not an order. You and with smaller chunks. This is just treated as a request, not an order. You cannot be guaranteed to actually get the given size. (Added in 7.10) cannot be guaranteed to actually get the given size. (Added in 7.10) .PP .PP .SH NAMES and PASSWORDS OPTIONS .SH NAMES and PASSWORDS OPTIONS (Authentication) .TP 0.4i .TP 0.4i .B CURLOPT_NETRC .B CURLOPT_NETRC This parameter controls the preference of libcurl between using user names and This parameter controls the preference of libcurl between using user names and Loading Loading @@ -322,15 +322,31 @@ prompt function. When using HTTP and CURLOPT_FOLLOWLOCATION, libcurl might perform several When using HTTP and CURLOPT_FOLLOWLOCATION, libcurl might perform several requests to possibly different hosts. libcurl will only send this user and requests to possibly different hosts. libcurl will only send this user and password information to hosts using the initial host name, so if libcurl password information to hosts using the initial host name (unless follows locations to other hosts it will not send the user and password to CURLOPT_UNRESTRICTED_AUTH is set), so if libcurl follows locations to other those. This is enforced to prevent accidental information leakage. hosts it will not send the user and password to those. This is enforced to prevent accidental information leakage. .TP .TP .B CURLOPT_PROXYUSERPWD .B CURLOPT_PROXYUSERPWD Pass a char * as parameter, which should be [user name]:[password] to use for Pass a char * as parameter, which should be [user name]:[password] to use for the connection to the HTTP proxy. If the password is left out, you will be the connection to the HTTP proxy. If the password is left out, you will be prompted for it. \fICURLOPT_PASSWDFUNCTION\fP can be used to set your own prompted for it. \fICURLOPT_PASSWDFUNCTION\fP can be used to set your own prompt function. prompt function. .TP .B CURLOPT_HTTPDIGEST Pass a long set to a non-zero value to enable HTTP Digest authentication. Digest authentication is defined in RFC2617 and is a somewhat more secure way to do user+password checking over public networks than the regular old-fashioned Basic authentication. By default, libcurl uses Basic. Set name and password with the CURLOPT_USERPWD option. (Added in 7.10.6) .TP .B CURLOPT_HTTPNEGOTIATE Pass a long set to a non-zero value to enable HTTP Negotiate authentication. The Negotiate method was designed by Microsoft and is used in their web aplications. It is primarily meant as a support for Kerberos5 authentication but may be also used along with another authentication methods. For more information see IETF draft draft-brezak-spnego-http-04.txt. Set name and password with the CURLOPT_USERPWD option. (Added in 7.10.6) .PP .PP .SH HTTP OPTIONS .SH HTTP OPTIONS .TP 0.4i .TP 0.4i Loading include/curl/curl.h +4 −0 Original line number Original line Diff line number Diff line Loading @@ -629,6 +629,10 @@ typedef enum { You should use this in combination with CURLOPT_USERPWD. */ You should use this in combination with CURLOPT_USERPWD. */ CINIT(HTTPDIGEST, LONG, 107), CINIT(HTTPDIGEST, LONG, 107), /* Set this to a non-zero value to enable HTTP Negotiate Authentication. You should use this in combination with CURLOPT_USERPWD. */ CINIT(HTTPNEGOTIATE, LONG, 108), CURLOPT_LASTENTRY /* the last unused */ CURLOPT_LASTENTRY /* the last unused */ } CURLoption; } CURLoption; Loading Loading
CHANGES +5 −0 Original line number Original line Diff line number Diff line Loading @@ -7,6 +7,11 @@ Changelog Changelog Daniel (10 June) Daniel (10 June) - Daniel Kouril added HTTP Negotiate authentication support, as defined in the IETF draft draft-brezak-spnego-http-04.txt. In use already by various Microsoft web applications. CURLOPT_HTTPNEGOTIATE and --negotiate are the new family members. - A missing ending bracket (']') while doing URL globbing could lead to a - A missing ending bracket (']') while doing URL globbing could lead to a segfault. While fixing this, I also introduced better error reporting in the segfault. While fixing this, I also introduced better error reporting in the globbing code. (All this is application code outside libcurl.) globbing code. (All this is application code outside libcurl.) Loading
configure.ac +57 −0 Original line number Original line Diff line number Diff line Loading @@ -454,6 +454,63 @@ else AC_MSG_RESULT(no) AC_MSG_RESULT(no) fi fi dnl ********************************************************************** dnl Check for GSS-API libraries dnl ********************************************************************** AC_ARG_WITH(gssapi-includes, AC_HELP_STRING([--with-gssapi-includes=DIR], [Specify location of GSSAPI header]), [ GSSAPI_INCS="-I$withval" want_gss="yes" ] ) AC_ARG_WITH(gssapi-libs, AC_HELP_STRING([--with-gssapi-libs=DIR], [Specify location of GSSAPI libs]), [ GSSAPI_LIBS="-L$withval -lgssapi" want_gss="yes" ] ) AC_ARG_WITH(gssapi, AC_HELP_STRING([--with-gssapi=DIR], [Where to look for GSSAPI]), [ GSSAPI_ROOT="$withval" want_gss="yes" ] ) AC_MSG_CHECKING([if GSSAPI support is requested]) if test x"$want_gss" = xyes; then if test -z "$GSSAPI_INCS"; then if test -f "$GSSAPI_ROOT/bin/krb5-config"; then gss_cppflags=`$GSSAPI_ROOT/bin/krb5-config --cflags gssapi` CPPFLAGS="$CPPFLAGS $gss_cppflags" else CPPFLAGS="$GSSAPI_ROOT/include" fi else CPPFLAGS="$CPPFLAGS $GSSAPI_INCS" fi if test -z "$GSSAPI_LIB_DIR"; then if test -f "$GSSAPI_ROOT/bin/krb5-config"; then gss_ldflags=`$GSSAPI_ROOT/bin/krb5-config --libs gssapi` LDFLAGS="$LDFLAGS $gss_ldflags" else LDFLAGS="$LDFLAGS $GSSAPI_ROOT/lib -lgssapi" fi else LDFLAGS="$LDFLAGS $GSSAPI_LIB_DIR" fi AC_MSG_RESULT(yes) AC_DEFINE(GSSAPI, 1, [if you have the gssapi libraries]) else AC_MSG_RESULT(no) fi dnl Detect the pkg-config tool, as it may have extra info about the dnl Detect the pkg-config tool, as it may have extra info about the dnl openssl installation we can use. I *believe* this is what we are dnl openssl installation we can use. I *believe* this is what we are dnl expected to do on really recent Redhat Linux hosts. dnl expected to do on really recent Redhat Linux hosts. Loading
docs/curl.1 +8 −0 Original line number Original line Diff line number Diff line Loading @@ -184,6 +184,14 @@ method than the default Basic method, and prevents the password from being sent over the wire in clear text. Use this in combination with the normal sent over the wire in clear text. Use this in combination with the normal -u/--user option to set user name and password. (Option added in curl 7.10.6) -u/--user option to set user name and password. (Option added in curl 7.10.6) If this option is used several times, each occurrence will toggle this on/off. .IP "--negotiate" (HTTP) Enables Negotiate authentication. The Negotiate method was designed by Microsoft and is used in their web aplications. It is primarily meant as a support for Kerberos5 authentication but may be also used along with another authentication methods. For more information see IETF draft draft-brezak-spnego-http-04.txt. If this option is used several times, each occurrence will toggle this on/off. If this option is used several times, each occurrence will toggle this on/off. .IP "--disable-epsv" .IP "--disable-epsv" (FTP) Tell curl to disable the use of the EPSV command when doing passive FTP (FTP) Tell curl to disable the use of the EPSV command when doing passive FTP Loading
docs/libcurl/curl_easy_setopt.3 +20 −4 Original line number Original line Diff line number Diff line Loading @@ -272,7 +272,7 @@ The main point of this would be that the write callback gets called more often and with smaller chunks. This is just treated as a request, not an order. You and with smaller chunks. This is just treated as a request, not an order. You cannot be guaranteed to actually get the given size. (Added in 7.10) cannot be guaranteed to actually get the given size. (Added in 7.10) .PP .PP .SH NAMES and PASSWORDS OPTIONS .SH NAMES and PASSWORDS OPTIONS (Authentication) .TP 0.4i .TP 0.4i .B CURLOPT_NETRC .B CURLOPT_NETRC This parameter controls the preference of libcurl between using user names and This parameter controls the preference of libcurl between using user names and Loading Loading @@ -322,15 +322,31 @@ prompt function. When using HTTP and CURLOPT_FOLLOWLOCATION, libcurl might perform several When using HTTP and CURLOPT_FOLLOWLOCATION, libcurl might perform several requests to possibly different hosts. libcurl will only send this user and requests to possibly different hosts. libcurl will only send this user and password information to hosts using the initial host name, so if libcurl password information to hosts using the initial host name (unless follows locations to other hosts it will not send the user and password to CURLOPT_UNRESTRICTED_AUTH is set), so if libcurl follows locations to other those. This is enforced to prevent accidental information leakage. hosts it will not send the user and password to those. This is enforced to prevent accidental information leakage. .TP .TP .B CURLOPT_PROXYUSERPWD .B CURLOPT_PROXYUSERPWD Pass a char * as parameter, which should be [user name]:[password] to use for Pass a char * as parameter, which should be [user name]:[password] to use for the connection to the HTTP proxy. If the password is left out, you will be the connection to the HTTP proxy. If the password is left out, you will be prompted for it. \fICURLOPT_PASSWDFUNCTION\fP can be used to set your own prompted for it. \fICURLOPT_PASSWDFUNCTION\fP can be used to set your own prompt function. prompt function. .TP .B CURLOPT_HTTPDIGEST Pass a long set to a non-zero value to enable HTTP Digest authentication. Digest authentication is defined in RFC2617 and is a somewhat more secure way to do user+password checking over public networks than the regular old-fashioned Basic authentication. By default, libcurl uses Basic. Set name and password with the CURLOPT_USERPWD option. (Added in 7.10.6) .TP .B CURLOPT_HTTPNEGOTIATE Pass a long set to a non-zero value to enable HTTP Negotiate authentication. The Negotiate method was designed by Microsoft and is used in their web aplications. It is primarily meant as a support for Kerberos5 authentication but may be also used along with another authentication methods. For more information see IETF draft draft-brezak-spnego-http-04.txt. Set name and password with the CURLOPT_USERPWD option. (Added in 7.10.6) .PP .PP .SH HTTP OPTIONS .SH HTTP OPTIONS .TP 0.4i .TP 0.4i Loading
include/curl/curl.h +4 −0 Original line number Original line Diff line number Diff line Loading @@ -629,6 +629,10 @@ typedef enum { You should use this in combination with CURLOPT_USERPWD. */ You should use this in combination with CURLOPT_USERPWD. */ CINIT(HTTPDIGEST, LONG, 107), CINIT(HTTPDIGEST, LONG, 107), /* Set this to a non-zero value to enable HTTP Negotiate Authentication. You should use this in combination with CURLOPT_USERPWD. */ CINIT(HTTPNEGOTIATE, LONG, 108), CURLOPT_LASTENTRY /* the last unused */ CURLOPT_LASTENTRY /* the last unused */ } CURLoption; } CURLoption; Loading
