curl --socks5-{basic,gssapi}: control socks5 auth

Closes https://github.com/curl/curl/pull/1454

diff --git a/docs/cmdline-opts/Makefile.inc b/docs/cmdline-opts/Makefile.inc
index 70d0890353c6f63ba5e3352e986804c6be9980c6..7eea5c6c5b455b9a9e38dd70319735084c6707e1 100644 (file)
--- a/docs/cmdline-opts/Makefile.inc
+++ b/docs/cmdline-opts/Makefile.inc
@@ -33,6 +33,7 @@ DPAGES = abstract-unix-socket.d anyauth.d append.d basic.d cacert.d capath.d cer
   remote-name-all.d remote-name.d remote-time.d request.d resolve.d     \
   retry-connrefused.d retry.d retry-delay.d retry-max-time.d sasl-ir.d  \
   service-name.d show-error.d silent.d socks4a.d socks4.d socks5.d      \
+  socks5-basic.d socks5-gssapi.d                                        \
   socks5-gssapi-nec.d socks5-gssapi-service.d socks5-hostname.d         \
   speed-limit.d speed-time.d ssl-allow-beast.d ssl.d ssl-no-revoke.d    \
   ssl-reqd.d sslv2.d sslv3.d stderr.d suppress-connect-headers.d        \

diff --git a/docs/cmdline-opts/socks5-basic.d b/docs/cmdline-opts/socks5-basic.d
new file mode 100644 (file)
index 0000000..67d16b3
--- /dev/null
+++ b/docs/cmdline-opts/socks5-basic.d
@@ -0,0 +1,7 @@
+Long: socks5-basic
+Help: Enable username/password auth for SOCKS5 proxies
+Added: 7.55.0
+---
+Tells curl to use username/password authentication when connecting to a SOCKS5
+proxy.  The username/password authentication is enabled by default.  Use
+--socks5-gssapi to force GSS-API authentication to SOCKS5 proxies.

diff --git a/docs/cmdline-opts/socks5-gssapi.d b/docs/cmdline-opts/socks5-gssapi.d
new file mode 100644 (file)
index 0000000..0070f37
--- /dev/null
+++ b/docs/cmdline-opts/socks5-gssapi.d
@@ -0,0 +1,8 @@
+Long: socks5-gssapi
+Help: Enable GSS-API auth for SOCKS5 proxies
+Added: 7.55.0
+---
+Tells curl to use GSS-API authentication when connecting to a SOCKS5 proxy.
+The GSS-API authentication is enabled by default (if curl is compiled with
+GSS-API support).  Use --socks5-basic to force username/password authentication
+to SOCKS5 proxies.

diff --git a/src/tool_cfgable.h b/src/tool_cfgable.h
index 8b6e0cfa7f21274f0a4f10326754f05fec5d1a4b..254805c8c876dcb6abc11f8576cc6ee0a6b402b3 100644 (file)
--- a/src/tool_cfgable.h
+++ b/src/tool_cfgable.h
@@ -189,6 +189,7 @@ struct OperationConfig {
   char *preproxy;
   int socks5_gssapi_nec;    /* The NEC reference server does not protect the
                                encryption type exchange */
+  unsigned long socks5_auth;/* auth bitmask for socks5 proxies */
   char *proxy_service_name; /* set authentication service name for HTTP and
                                SOCKS5 proxies */
   char *service_name;       /* set authentication service name for DIGEST-MD5,

diff --git a/src/tool_getparam.c b/src/tool_getparam.c
index f64208a2b4731b3e6b198f6cd3b2d57fdac19b45..64a84af99f19e68a09cf0edab2b68655cb13535e 100644 (file)
--- a/src/tool_getparam.c
+++ b/src/tool_getparam.c
@@ -251,6 +251,8 @@ static const struct LongShort aliases[]= {
   {"E7", "proxy-capath",             ARG_STRING},
   {"E8", "proxy-insecure",           ARG_BOOL},
   {"E9", "proxy-tlsv1",              ARG_NONE},
+  {"EA", "socks5-basic",             ARG_BOOL},
+  {"EB", "socks5-gssapi",            ARG_BOOL},
   {"f",  "fail",                     ARG_BOOL},
   {"fa", "fail-early",               ARG_BOOL},
   {"F",  "form",                     ARG_STRING},
@@ -1560,6 +1562,22 @@ ParameterError getparameter(const char *flag, /* f or -long-flag */
         config->proxy_ssl_version = CURL_SSLVERSION_TLSv1;
         break;
 
+      case 'A':
+        /* --socks5-basic */
+        if(toggle)
+          config->socks5_auth |= CURLAUTH_BASIC;
+        else
+          config->socks5_auth &= ~CURLAUTH_BASIC;
+        break;
+
+      case 'B':
+        /* --socks5-gssapi */
+        if(toggle)
+          config->socks5_auth |= CURLAUTH_GSSAPI;
+        else
+          config->socks5_auth &= ~CURLAUTH_GSSAPI;
+        break;
+
       default: /* unknown flag */
         return PARAM_OPTION_UNKNOWN;
       }

diff --git a/src/tool_help.c b/src/tool_help.c
index 2acc994d54749dfda9b94ff30f2d9bd057f27a21..90ce7675ac8ff2b788a4b1b06beeac6194467993 100644 (file)
--- a/src/tool_help.c
+++ b/src/tool_help.c
@@ -378,6 +378,10 @@ static const struct helptxt helptext[] = {
    "SOCKS4a proxy on given host + port"},
   {"    --socks5 <host[:port]>",
    "SOCKS5 proxy on given host + port"},
+  {"    --socks5-basic",
+   "Enable username/password auth for SOCKS5 proxies"},
+  {"    --socks5-gssapi",
+   "Enable GSS-API auth for SOCKS5 proxies"},
   {"    --socks5-gssapi-nec",
    "Compatibility with NEC SOCKS5 server"},
   {"    --socks5-gssapi-service <name>",

diff --git a/src/tool_operate.c b/src/tool_operate.c
index 147081438d45cef6f0fbf7047a357d3a337b6982..1e8d0073c23215d93dda0c5553ca1bd7263fc79a 100644 (file)
--- a/src/tool_operate.c
+++ b/src/tool_operate.c
@@ -1343,6 +1343,11 @@ static CURLcode operate_do(struct GlobalConfig *global,
           my_setopt_str(curl, CURLOPT_SOCKS5_GSSAPI_NEC,
                         config->socks5_gssapi_nec);
 
+        /* new in curl 7.55.0 */
+        if(config->socks5_auth)
+          my_setopt_bitmask(curl, CURLOPT_SOCKS5_AUTH,
+                            (long)config->socks5_auth);
+
         /* new in curl 7.43.0 */
         if(config->proxy_service_name)
           my_setopt_str(curl, CURLOPT_PROXY_SERVICE_NAME,

diff --git a/src/tool_setopt.c b/src/tool_setopt.c
index ad3d30739a37d3bdeddf55af239db04dd5d1aff6..694d3ffa5d24d7c6f4ae4d4ab168651e5a63083a 100644 (file)
--- a/src/tool_setopt.c
+++ b/src/tool_setopt.c
@@ -170,6 +170,7 @@ static const NameValue setopt_nv_CURLNONZERODEFAULTS[] = {
   NV1(CURLOPT_TCP_NODELAY, 1),
   NV1(CURLOPT_PROXY_SSL_VERIFYPEER, 1),
   NV1(CURLOPT_PROXY_SSL_VERIFYHOST, 1),
+  NV1(CURLOPT_SOCKS5_AUTH, 1),
   NVEND
 };
 

diff --git a/src/tool_setopt.h b/src/tool_setopt.h
index c27541b8bb8c00bbdbb8597acc7eaf534f4122c9..da67deeb6aa7997dfe23eca7063ec330db1634d1 100644 (file)
--- a/src/tool_setopt.h
+++ b/src/tool_setopt.h
@@ -72,6 +72,7 @@ extern const NameValueUnsigned setopt_nv_CURLAUTH[];
 #define setopt_nv_CURLOPT_REDIR_PROTOCOLS setopt_nv_CURLPROTO
 #define setopt_nv_CURLOPT_PROXYTYPE setopt_nv_CURLPROXY
 #define setopt_nv_CURLOPT_PROXYAUTH setopt_nv_CURLAUTH
+#define setopt_nv_CURLOPT_SOCKS5_AUTH setopt_nv_CURLAUTH
 
 /* Intercept setopt calls for --libcurl */