* CURLAUTH_NONE - No HTTP authentication
* CURLAUTH_BASIC - HTTP Basic authentication (default)
* CURLAUTH_DIGEST - HTTP Digest authentication
- * CURLAUTH_GSSNEGOTIATE - HTTP GSS-Negotiate authentication
+ * CURLAUTH_NEGOTIATE - HTTP Negotiate (SPNEGO) authentication
+ * CURLAUTH_GSSNEGOTIATE - Alias for CURLAUTH_NEGOTIATE (deprecated)
* CURLAUTH_NTLM - HTTP NTLM authentication
* CURLAUTH_DIGEST_IE - HTTP Digest authentication with IE flavour
* CURLAUTH_NTLM_WB - HTTP NTLM authentication delegated to winbind helper
#define CURLAUTH_NONE ((unsigned long)0)
#define CURLAUTH_BASIC (((unsigned long)1)<<0)
#define CURLAUTH_DIGEST (((unsigned long)1)<<1)
-#define CURLAUTH_GSSNEGOTIATE (((unsigned long)1)<<2)
+#define CURLAUTH_NEGOTIATE (((unsigned long)1)<<2)
+/* Deprecated since the advent of CURLAUTH_NEGOTIATE */
+#define CURLAUTH_GSSNEGOTIATE CURLAUTH_NEGOTIATE
#define CURLAUTH_NTLM (((unsigned long)1)<<3)
#define CURLAUTH_DIGEST_IE (((unsigned long)1)<<4)
#define CURLAUTH_NTLM_WB (((unsigned long)1)<<5)
#define CURL_VERSION_SSL (1<<2) /* SSL options are present */
#define CURL_VERSION_LIBZ (1<<3) /* libz features are present */
#define CURL_VERSION_NTLM (1<<4) /* NTLM auth is supported */
-#define CURL_VERSION_GSSNEGOTIATE (1<<5) /* Negotiate auth support */
+#define CURL_VERSION_GSSNEGOTIATE (1<<5) /* Negotiate auth support
+ (deprecated) */
#define CURL_VERSION_DEBUG (1<<6) /* built with debug capabilities */
#define CURL_VERSION_ASYNCHDNS (1<<7) /* asynchronous dns resolves */
#define CURL_VERSION_SPNEGO (1<<8) /* SPNEGO auth is supported */
#if !defined(CURL_DISABLE_CRYPTO_AUTH) && \
(defined(HAVE_GSSAPI) || defined(USE_WINDOWS_SSPI))
-#define USE_HTTP_NEGOTIATE
+#define USE_SPNEGO
#endif
/* Single point where USE_NTLM definition might be done */
/* The order of these checks is highly relevant, as this will be the order
of preference in case of the existence of multiple accepted types. */
- if(avail & CURLAUTH_GSSNEGOTIATE)
- pick->picked = CURLAUTH_GSSNEGOTIATE;
+ if(avail & CURLAUTH_NEGOTIATE)
+ pick->picked = CURLAUTH_NEGOTIATE;
else if(avail & CURLAUTH_DIGEST)
pick->picked = CURLAUTH_DIGEST;
else if(avail & CURLAUTH_NTLM)
struct SessionHandle *data = conn->data;
const char *auth=NULL;
CURLcode result = CURLE_OK;
-#ifdef USE_HTTP_NEGOTIATE
+#ifdef USE_SPNEGO
struct negotiatedata *negdata = proxy?
&data->state.proxyneg:&data->state.negotiate;
#endif
(void)path;
#endif
-#ifdef USE_HTTP_NEGOTIATE
+#ifdef USE_SPNEGO
negdata->state = GSS_AUTHNONE;
- if((authstatus->picked == CURLAUTH_GSSNEGOTIATE) &&
+ if((authstatus->picked == CURLAUTH_NEGOTIATE) &&
negdata->context && !GSS_ERROR(negdata->status)) {
auth="Negotiate";
result = Curl_output_negotiate(conn, proxy);
*/
struct SessionHandle *data = conn->data;
-#ifdef USE_HTTP_NEGOTIATE
+#ifdef USE_SPNEGO
struct negotiatedata *negdata = proxy?
&data->state.proxyneg:&data->state.negotiate;
#endif
*/
while(*auth) {
-#ifdef USE_HTTP_NEGOTIATE
+#ifdef USE_SPNEGO
if(checkprefix("Negotiate", auth)) {
int neg;
- *availp |= CURLAUTH_GSSNEGOTIATE;
- authp->avail |= CURLAUTH_GSSNEGOTIATE;
+ *availp |= CURLAUTH_NEGOTIATE;
+ authp->avail |= CURLAUTH_NEGOTIATE;
- if(authp->picked == CURLAUTH_GSSNEGOTIATE) {
+ if(authp->picked == CURLAUTH_NEGOTIATE) {
if(negdata->state == GSS_AUTHSENT || negdata->state == GSS_AUTHNONE) {
neg = Curl_input_negotiate(conn, proxy, auth);
if(neg == 0) {
Curl_unencode_cleanup(conn);
-#ifdef USE_HTTP_NEGOTIATE
+#ifdef USE_SPNEGO
if(data->state.proxyneg.state == GSS_AUTHSENT ||
data->state.negotiate.state == GSS_AUTHSENT)
Curl_cleanup_negotiate(data);
*
***************************************************************************/
-#ifdef USE_HTTP_NEGOTIATE
+#ifdef USE_SPNEGO
/* this is for Negotiate header input */
int Curl_input_negotiate(struct connectdata *conn, bool proxy,
#define GSS_ERROR(status) (status & 0x80000000)
#endif
-#endif /* USE_HTTP_NEGOTIATE */
+#endif /* USE_SPNEGO */
#endif /* HEADER_CURL_HTTP_NEGOTIATE_H */
#ifdef USE_WINDOWS_SSPI
-#if !defined(CURL_DISABLE_HTTP) && defined(USE_HTTP_NEGOTIATE)
+#if !defined(CURL_DISABLE_HTTP) && defined(USE_SPNEGO)
#include "urldata.h"
#include "sendf.h"
cleanup(&data->state.proxyneg);
}
-#endif /* !CURL_DISABLE_HTTP && USE_HTTP_NEGOTIATE */
+#endif /* !CURL_DISABLE_HTTP && USE_SPNEGO */
#endif /* USE_WINDOWS_SSPI */
#elif !defined(NTLM_WB_ENABLED)
auth &= ~CURLAUTH_NTLM_WB; /* no NTLM_WB support */
#endif
-#ifndef USE_HTTP_NEGOTIATE
- auth &= ~CURLAUTH_GSSNEGOTIATE; /* no GSS-Negotiate without GSSAPI or
- WINDOWS_SSPI */
+#ifndef USE_SPNEGO
+ auth &= ~CURLAUTH_NEGOTIATE; /* no Negotiate (SPNEGO) auth without
+ GSS-API or SSPI */
#endif
/* check if any auth bit lower than CURLAUTH_ONLY is still set */
#elif !defined(NTLM_WB_ENABLED)
auth &= ~CURLAUTH_NTLM_WB; /* no NTLM_WB support */
#endif
-#ifndef USE_HTTP_NEGOTIATE
- auth &= ~CURLAUTH_GSSNEGOTIATE; /* no GSS-Negotiate without GSSAPI or
- WINDOWS_SSPI */
+#ifndef USE_SPNEGO
+ auth &= ~CURLAUTH_NEGOTIATE; /* no Negotiate (SPNEGO) auth without
+ GSS-API or SSPI */
#endif
/* check if any auth bit lower than CURLAUTH_ONLY is still set */
#endif
};
-#ifdef USE_HTTP_NEGOTIATE
+#ifdef USE_SPNEGO
struct negotiatedata {
/* When doing Negotiate (SPNEGO) auth, we first need to send a token
and then validate the received one. */
struct digestdata digest; /* state data for host Digest auth */
struct digestdata proxydigest; /* state data for proxy Digest auth */
-#ifdef USE_HTTP_NEGOTIATE
+#ifdef USE_SPNEGO
struct negotiatedata negotiate; /* state data for host Negotiate auth */
struct negotiatedata proxyneg; /* state data for proxy Negotiate auth */
#endif
#ifdef HAVE_LIBZ
| CURL_VERSION_LIBZ
#endif
-#ifdef USE_HTTP_NEGOTIATE
- | CURL_VERSION_GSSNEGOTIATE
-#endif
#ifdef DEBUGBUILD
| CURL_VERSION_DEBUG
#endif
case 'l': /* --negotiate */
if(toggle) {
- if(curlinfo->features & CURL_VERSION_GSSNEGOTIATE)
- config->authtype |= CURLAUTH_GSSNEGOTIATE;
+ if(curlinfo->features & CURL_VERSION_SPNEGO)
+ config->authtype |= CURLAUTH_NEGOTIATE;
else
return PARAM_LIBCURL_DOESNT_SUPPORT;
}
else
- config->authtype &= ~CURLAUTH_GSSNEGOTIATE;
+ config->authtype &= ~CURLAUTH_NEGOTIATE;
break;
case 'm': /* --ntlm */
break;
case 'x': /* --krb */
/* kerberos level string */
- if(curlinfo->features & (CURL_VERSION_KERBEROS4 |
- CURL_VERSION_GSSNEGOTIATE))
+ if(curlinfo->features & CURL_VERSION_KERBEROS4)
GetStr(&config->krblevel, nextarg);
else
return PARAM_LIBCURL_DOESNT_SUPPORT;
break;
case 'k': /* --proxy-negotiate */
- if(curlinfo->features & CURL_VERSION_GSSNEGOTIATE)
+ if(curlinfo->features & CURL_VERSION_SPNEGO)
config->proxynegotiate = toggle;
else
return PARAM_LIBCURL_DOESNT_SUPPORT;
break;
+
case 'm': /* --ftp-account */
GetStr(&config->ftp_account, nextarg);
break;
" --max-redirs NUM Maximum number of redirects allowed (H)",
" -m, --max-time SECONDS Maximum time allowed for the transfer",
" --metalink Process given URLs as metalink XML file",
- " --negotiate Use HTTP Negotiate Authentication (H)",
+ " --negotiate Use HTTP Negotiate (SPNEGO) authentication (H)",
" -n, --netrc Must read .netrc for user name and password",
" --netrc-optional Use either .netrc or URL; overrides -n",
" --netrc-file FILE Set up the netrc filename to use",
" --proxy-anyauth Pick \"any\" proxy authentication method (H)",
" --proxy-basic Use Basic authentication on the proxy (H)",
" --proxy-digest Use Digest authentication on the proxy (H)",
- " --proxy-negotiate Use Negotiate authentication on the proxy (H)",
+ " --proxy-negotiate "
+ "Use HTTP Negotiate (SPNEGO) authentication on the proxy (H)",
" --proxy-ntlm Use NTLM authentication on the proxy (H)",
" -U, --proxy-user USER[:PASSWORD] Proxy user and password",
" --proxy1.0 HOST[:PORT] Use HTTP/1.0 proxy on given port",
{"AsynchDNS", CURL_VERSION_ASYNCHDNS},
{"Debug", CURL_VERSION_DEBUG},
{"TrackMemory", CURL_VERSION_CURLDEBUG},
- {"GSS-Negotiate", CURL_VERSION_GSSNEGOTIATE},
{"IDN", CURL_VERSION_IDN},
{"IPv6", CURL_VERSION_IPV6},
{"Largefile", CURL_VERSION_LARGEFILE},
projects / curl / commitdiff