cURL / Mailing Lists / curl-library / Single Mail

curl-library

Re: http_negotiate_sspi.c in CURL 7.21.7 doesn't allow to pass user/password

From: Michael-O <1983-01-06_at_gmx.net>
Date: Thu, 03 Jul 2014 21:24:54 +0200

Am 2014-07-03 17:47, schrieb Leonardo Rosati:
> Actually, http_ntlm.c, which uses SSPI, also uses passed username and
> password. So again my point is that these two SSPI based implementations
> are different. My opinion is that negotiate should pass user/password. in
> case I'm wrong then ntlm is wrong because accepts and passes user/passwords

Again,

curl on Windows does not accept any credentials. Default credentials are
obtained. The separate NTLM implementation in curl used on non-Windows
only. If you want AcquireCredHandle to use non-default creds, provide a
quality patch with fixes known bug #10 and implements your improvement.

> 2014-07-03 15:00 GMT+02:00 Michael-O <1983-01-06_at_gmx.net>:
>
>> Refer to known bug #10: http://curl.haxx.se/docs/knownbugs.html
>>
>> If this is fixed, you need to do this only:
>> $ curl --(negotiate|ntlm) <url>
>>
>> on Windows, credentials are obtained by SSPI and SSPI only. No manual
>> passing. This is default on Windows with every implemenation on top of SSPI.
>>
>> *Gesendet:* Donnerstag, 03. Juli 2014 um 13:46 Uhr
>>
>> *Von:* "Leonardo Rosati" <geppio1975_at_gmail.com>
>> *An:* "libcurl development" <curl-library_at_cool.haxx.se>
>> *Betreff:* Re: Re: http_negotiate_sspi.c in CURL 7.21.7 doesn't allow to
>> pass user/password
>> What behavior is correct? the one in negotiate http_negotiate-sspi.c
>> which doesn't use the credentials? if so, why is it correct? and why it's
>> different from ntlm method?
>>
>> 2014-07-03 12:40 GMT+02:00 Michael-O <1983-01-06_at_gmx.net>:
>>>
>>> That behavior is correct.
>>>
>>>
>>>
>>> Gesendet: Donnerstag, 03. Juli 2014 um 12:31 Uhr
>>> Von: "Leonardo Rosati" <geppio1975_at_gmail.com>
>>> An: "libcurl development" <curl-library_at_cool.haxx.se>
>>> Betreff: Re: http_negotiate_sspi.c in CURL 7.21.7 doesn't allow to pass
>>> user/password
>>>
>>> I've tried debugging with WireShark with a proxy with negotiation (ISA
>>> Server) and CURL does not pass user/password to the proxy even if
>>> specified. The machine is authenticated just in case it is part of the
>>> domain.
>>> Code in http_negotiate-sspi.c is different from the http_ntlm.c, which,
>>> correctly, passes username/password
>>> Anyone has verified negotiation passes credentials?
>>> leonardo
>>>
>>> 2014-06-27 22:27 GMT+02:00 Michael Osipov <1983-01-06_at_gmx.net>:Am
>>> 2014-06-27 11:11, schrieb Leonardo Rosati:
>>> hi,
>>>
>>> looking at the source code of http_negotiate-sspi.c the code doesn't use
>>> the user/password in case they are passed by the user, in practice
>>> assuming
>>> the proxy to authenticate the connection based on if the machine is in the
>>> domain or not.
>>> instead the code for ntlm is different: it passes user/password in case
>>> they are not empty and so user/password are used for authentication
>>> purposes.
>>>
>>> I think the correct behavior is the one for ntlm and therefore the
>>> negotiate method should be changed.I don't think so. The intention in
>>> both is to have credentials already present at/after login time. At least
>>> for NTLM on Windows and SPNEGO on all platforms.
>>>
>>> Michael
>>>
>>> -------------------------------------------------------------------
>>> List admin:
>>> http://cool.haxx.se/list/listinfo/curl-library[http://cool.haxx.se/list/listinfo/curl-library]
>>> Etiquette:
>>> http://curl.haxx.se/mail/etiquette.html[http://curl.haxx.se/mail/etiquette.html]-------------------------------------------------------------------
>>> List admin:
>>> http://cool.haxx.se/list/listinfo/curl-library[http://cool.haxx.se/list/listinfo/curl-library]
>>> Etiquette:
>>> http://curl.haxx.se/mail/etiquette.html[http://curl.haxx.se/mail/etiquette.html]
>>>
>>> -------------------------------------------------------------------
>>> List admin: http://cool.haxx.se/list/listinfo/curl-library
>>> Etiquette: http://curl.haxx.se/mail/etiquette.html
>>>
>> ------------------------------------------------------------------- List
>> admin: http://cool.haxx.se/list/listinfo/curl-library Etiquette:
>> http://curl.haxx.se/mail/etiquette.html
>>
>> -------------------------------------------------------------------
>> List admin: http://cool.haxx.se/list/listinfo/curl-library
>> Etiquette: http://curl.haxx.se/mail/etiquette.html
>>
>
>
>
> -------------------------------------------------------------------
> List admin: http://cool.haxx.se/list/listinfo/curl-library
> Etiquette: http://curl.haxx.se/mail/etiquette.html
>

-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette: http://curl.haxx.se/mail/etiquette.html
Received on 2014-07-03

This message: [ Message body ]
Next message: Rick Breen: "Porting curl to android"
Previous message: Leonardo Rosati: "Re: Re: Re: http_negotiate_sspi.c in CURL 7.21.7 doesn't allow to pass user/password"
In reply to: Leonardo Rosati: "Re: Re: Re: http_negotiate_sspi.c in CURL 7.21.7 doesn't allow to pass user/password"
Next in thread: Leonardo Rosati: "Re: http_negotiate_sspi.c in CURL 7.21.7 doesn't allow to pass user/password"
Reply: Leonardo Rosati: "Re: http_negotiate_sspi.c in CURL 7.21.7 doesn't allow to pass user/password"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]