* | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____|
*
- * Copyright (C) 1998 - 2013, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al.
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
#define PORT_IMAPS 993
#define PORT_POP3 110
#define PORT_POP3S 995
+#define PORT_SMB 445
+#define PORT_SMBS 445
#define PORT_SMTP 25
#define PORT_SMTPS 465 /* sometimes called SSMTP */
#define PORT_RTSP 554
#define CURL_DEFAULT_USER "anonymous"
#define CURL_DEFAULT_PASSWORD "ftp@example.com"
+/* Convenience defines for checking protocols or their SSL based version. Each
+ protocol handler should only ever have a single CURLPROTO_ in its protocol
+ field. */
+#define PROTO_FAMILY_HTTP (CURLPROTO_HTTP|CURLPROTO_HTTPS)
+#define PROTO_FAMILY_FTP (CURLPROTO_FTP|CURLPROTO_FTPS)
+#define PROTO_FAMILY_POP3 (CURLPROTO_POP3|CURLPROTO_POP3S)
+#define PROTO_FAMILY_SMB (CURLPROTO_SMB|CURLPROTO_SMBS)
+#define PROTO_FAMILY_SMTP (CURLPROTO_SMTP|CURLPROTO_SMTPS)
+
#define DEFAULT_CONNCACHE_SIZE 5
/* length of longest IPv6 address string including the trailing null */
#include <pk11pub.h>
#endif
-#ifdef USE_QSOSSL
-#include <qsossl.h>
-#endif
-
#ifdef USE_GSKIT
#include <gskssl.h>
#endif
#include "ssh.h"
#include "http.h"
#include "rtsp.h"
+#include "smb.h"
#include "wildcard.h"
#include "multihandle.h"
#define CURLMIN(x,y) ((x)<(y)?(x):(y))
-#if defined(HAVE_KRB4) || defined(HAVE_GSSAPI)
-/* Types needed for krb4/5-ftp connections */
-struct krb4buffer {
+#ifdef HAVE_GSSAPI
+/* Types needed for krb5-ftp connections */
+struct krb5buffer {
void *data;
size_t size;
size_t index;
current state of the connection. */
bool use;
ssl_connection_state state;
+#ifdef USE_NGHTTP2
+ bool asked_for_h2;
+#endif
#ifdef USE_SSLEAY
/* these ones requires specific SSL-types */
SSL_CTX* ctx;
ssl_connect_state connecting_state;
#endif /* USE_SSLEAY */
#ifdef USE_GNUTLS
- gnutls_session session;
- gnutls_certificate_credentials cred;
+ gnutls_session_t session;
+ gnutls_certificate_credentials_t cred;
#ifdef USE_TLS_SRP
- gnutls_srp_client_credentials srp_client_cred;
+ gnutls_srp_client_credentials_t srp_client_cred;
#endif
ssl_connect_state connecting_state;
#endif /* USE_GNUTLS */
#ifdef USE_POLARSSL
-#if POLARSSL_VERSION_NUMBER<0x01010000
- havege_state hs;
-#else
- /* from v1.1.0, use ctr_drbg and entropy */
ctr_drbg_context ctr_drbg;
entropy_context entropy;
-#endif /* POLARSSL_VERSION_NUMBER<0x01010000 */
ssl_context ssl;
ssl_session ssn;
int server_fd;
- x509_cert cacert;
- x509_cert clicert;
+ x509_crt cacert;
+ x509_crt clicert;
x509_crl crl;
rsa_context rsa;
ssl_connect_state connecting_state;
struct SessionHandle *data;
struct curl_llist *obj_list;
PK11GenericObject *obj_clicert;
+ ssl_connect_state connecting_state;
#endif /* USE_NSS */
-#ifdef USE_QSOSSL
- SSLHandle *handle;
-#endif /* USE_QSOSSL */
#ifdef USE_GSKIT
gsk_handle handle;
int iocport;
void *sessionid; /* as returned from the SSL layer */
size_t idsize; /* if known, otherwise 0 */
long age; /* just a number, the higher the more recent */
- unsigned short remote_port; /* remote port to connect to */
+ int remote_port; /* remote port to connect to */
struct ssl_config_data ssl_config; /* setup for this session */
};
/* Struct used for Digest challenge-response authentication */
struct digestdata {
+#if defined(USE_WINDOWS_SSPI)
+ BYTE *input_token;
+ size_t input_token_len;
+#else
char *nonce;
char *cnonce;
char *realm;
char *qop;
char *algorithm;
int nc; /* nounce count */
+#endif
};
typedef enum {
#include <iconv.h>
#endif
+/* Struct used for GSSAPI (Kerberos V5) authentication */
+#if defined(USE_KERBEROS5)
+struct kerberos5data {
+#if defined(USE_WINDOWS_SSPI)
+ CredHandle *credentials;
+ CtxtHandle *context;
+ TCHAR *spn;
+ SEC_WINNT_AUTH_IDENTITY identity;
+ SEC_WINNT_AUTH_IDENTITY *p_identity;
+ size_t token_max;
+ BYTE *output_token;
+#else
+ gss_ctx_id_t context;
+ gss_name_t spn;
+#endif
+};
+#endif
+
/* Struct used for NTLM challenge-response authentication */
+#if defined(USE_NTLM)
struct ntlmdata {
curlntlm state;
#ifdef USE_WINDOWS_SSPI
- CredHandle handle;
- CtxtHandle c_handle;
+ CredHandle *credentials;
+ CtxtHandle *context;
SEC_WINNT_AUTH_IDENTITY identity;
SEC_WINNT_AUTH_IDENTITY *p_identity;
- int has_handles;
- void *type_2;
- unsigned long n_type_2;
+ size_t token_max;
+ BYTE *output_token;
+ BYTE *input_token;
+ size_t input_token_len;
#else
unsigned int flags;
unsigned char nonce[8];
+ void* target_info; /* TargetInfo received in the ntlm type-2 message */
+ unsigned int target_info_len;
#endif
};
+#endif
-#ifdef USE_HTTP_NEGOTIATE
+#ifdef USE_SPNEGO
struct negotiatedata {
- /* when doing Negotiate we first need to receive an auth token and then we
- need to send our header */
+ /* When doing Negotiate (SPNEGO) auth, we first need to send a token
+ and then validate the received one. */
enum { GSS_AUTHNONE, GSS_AUTHRECV, GSS_AUTHSENT } state;
- bool gss; /* Whether we're processing GSS-Negotiate or Negotiate */
- const char* protocol; /* "GSS-Negotiate" or "Negotiate" */
#ifdef HAVE_GSSAPI
OM_uint32 status;
gss_ctx_id_t context;
#else
#ifdef USE_WINDOWS_SSPI
DWORD status;
- CtxtHandle *context;
CredHandle *credentials;
- char server_name[1024];
- size_t max_token_length;
+ CtxtHandle *context;
+ SEC_WINNT_AUTH_IDENTITY identity;
+ SEC_WINNT_AUTH_IDENTITY *p_identity;
+ TCHAR *server_name;
+ size_t token_max;
BYTE *output_token;
size_t output_token_length;
#endif
* Boolean values that concerns this connection.
*/
struct ConnectBits {
+ /* always modify bits.close with the connclose() and connkeep() macros! */
bool close; /* if set, we close the connection after this request */
bool reuse; /* if set, this is a re-used connection */
bool proxy; /* if set, this transfer is done through a proxy - any type */
typedef CURLcode (*Curl_do_more_func)(struct connectdata *, int *);
typedef CURLcode (*Curl_done_func)(struct connectdata *, CURLcode, bool);
-
enum expect100 {
EXP100_SEND_DATA, /* enough waiting, just send the body now */
EXP100_AWAITING_CONTINUE, /* waiting for the 100 Continue header */
EXP100_FAILED /* used on 417 Expectation Failed */
};
+enum upgrade101 {
+ UPGR101_INIT, /* default state */
+ UPGR101_REQUESTED, /* upgrade requested */
+ UPGR101_RECEIVED, /* response received */
+ UPGR101_WORKING /* talking upgraded protocol */
+};
+
+enum negotiatenpn {
+ NPN_INIT, /* default state */
+ NPN_HTTP1_1, /* HTTP/1.1 negotiated */
+ NPN_HTTP2 /* HTTP2 (draft-xx) negotiated */
+};
+
/*
* Request specific data in the easy handle (SessionHandle). Previously,
* these members were on the connectdata struct but since a conn struct may
'RTSP/1.? XXX' line */
struct timeval start100; /* time stamp to wait for the 100 code from */
enum expect100 exp100; /* expect 100 continue state */
+ enum upgrade101 upgr101; /* 101 upgrade state */
int auto_decoding; /* What content encoding. sec 3.5, RFC2616. */
bool forbidchunk; /* used only to explicitly forbid chunk-upload for
specific upload buffers. See readmoredata() in
http.c for details. */
+
+ void *protop; /* Allocated protocol-specific data. Each protocol
+ handler makes sure this points to data it needs. */
};
/*
ssize_t *nread, bool *readmore);
long defport; /* Default port. */
- unsigned int protocol; /* See CURLPROTO_* */
+ unsigned int protocol; /* See CURLPROTO_* - this needs to be the single
+ specific protocol bit */
unsigned int flags; /* Extra particular characteristics, see PROTOPT_* */
};
gets a default */
#define PROTOPT_NOURLQUERY (1<<6) /* protocol can't handle
url query strings (?foo=bar) ! */
+#define PROTOPT_CREDSPERREQUEST (1<<7) /* requires login credentials per
+ request instead of per connection */
/* return the count of bytes sent, or -1 on error */
within the DNS cache, so this pointer is only valid as long as the DNS
cache entry remains locked. It gets unlocked in Curl_done() */
Curl_addrinfo *ip_addr;
+ Curl_addrinfo *tempaddr[2]; /* for happy eyeballs */
/* 'ip_addr_str' is the ip_addr data as a human readable string.
It remains available as long as the connection does, which is longer than
the ip_addr itself. */
char ip_addr_str[MAX_IPADR_LEN];
- unsigned int scope; /* address scope for IPv6 */
+ unsigned int scope_id; /* Scope id for IPv6 */
int socktype; /* SOCK_STREAM or SOCK_DGRAM */
struct hostname proxy;
long port; /* which port to use locally */
- unsigned short remote_port; /* what remote port to connect to,
- not the proxy port! */
+ int remote_port; /* what remote port to connect to, not the proxy port! */
/* 'primary_ip' and 'primary_port' get filled with peer's numerical
ip address and port number whenever an outgoing connection is
char *passwd; /* password string, allocated */
char *options; /* options string, allocated */
+ char *xoauth2_bearer; /* bearer token for xoauth2, allocated */
+
char *proxyuser; /* proxy user name string, allocated */
char *proxypasswd; /* proxy password string, allocated */
curl_proxytype proxytype; /* what kind of proxy that is in use */
struct timeval created; /* creation time */
curl_socket_t sock[2]; /* two sockets, the second is used for the data
transfer when doing FTP */
+ curl_socket_t tempsock[2]; /* temporary sockets for happy eyeballs */
bool sock_accepted[2]; /* TRUE if the socket on this index was created with
accept() */
Curl_recv *recv[2];
char *te; /* TE: request header */
} allocptr;
- int sec_complete; /* if kerberos is enabled for this connection */
-#if defined(HAVE_KRB4) || defined(HAVE_GSSAPI)
+#ifdef HAVE_GSSAPI
+ int sec_complete; /* if Kerberos is enabled for this connection */
enum protection_level command_prot;
enum protection_level data_prot;
enum protection_level request_data_prot;
size_t buffer_size;
- struct krb4buffer in_buffer;
+ struct krb5buffer in_buffer;
void *app_data;
const struct Curl_sec_client_mech *mech;
struct sockaddr_in local_addr;
#endif
+#if defined(USE_KERBEROS5) /* Consider moving some of the above GSS-API */
+ struct kerberos5data krb5; /* variables into the structure definition, */
+#endif /* however, some of them are ftp specific. */
+
/* the two following *_inuse fields are only flags, not counters in any way.
If TRUE it means the channel is in use, and if FALSE it means the channel
is up for grabs by one. */
curl_read_callback fread_func; /* function that reads the input */
void *fread_in; /* pointer to pass to the fread() above */
+#if defined(USE_NTLM)
struct ntlmdata ntlm; /* NTLM differs from other authentication schemes
because it authenticates connections, not
single requests! */
struct ntlmdata proxyntlm; /* NTLM data for proxy */
-#if defined(USE_NTLM) && defined(NTLM_WB_ENABLED)
+#if defined(NTLM_WB_ENABLED)
/* used for communication with Samba's winbind daemon helper ntlm_auth */
curl_socket_t ntlm_auth_hlpr_socket;
pid_t ntlm_auth_hlpr_pid;
char* challenge_header;
char* response_header;
#endif
+#endif
char syserr_buf [256]; /* buffer for Curl_strerror() */
union {
struct ftp_conn ftpc;
+ struct http_conn httpc;
struct ssh_conn sshc;
struct tftp_state_data *tftpc;
struct imap_conn imapc;
struct pop3_conn pop3c;
struct smtp_conn smtpc;
struct rtsp_conn rtspc;
- void *generic;
+ struct smb_conn smbc;
+ void *generic; /* RTMP and LDAP use this */
} proto;
int cselect_bits; /* bitmask of socket events */
TUNNEL_COMPLETE /* CONNECT response received completely */
} tunnel_state[2]; /* two separate ones to allow FTP */
struct connectbundle *bundle; /* The bundle we are member of */
+
+ enum negotiatenpn negnpn;
};
/* The end of connectdata. */
struct timeval start;
struct timeval t_startsingle;
+ struct timeval t_startop;
struct timeval t_acceptdata;
#define CURR_TIME (5+1) /* 6 entries for 5 seconds */
* Session-data MUST be put in the connectdata struct and here. */
#define MAX_CURL_USER_LENGTH 256
#define MAX_CURL_PASSWORD_LENGTH 256
-#define MAX_CURL_OPTIONS_LENGTH 256
struct auth {
unsigned long want; /* Bitmask set to the authentication methods wanted by
struct digestdata digest; /* state data for host Digest auth */
struct digestdata proxydigest; /* state data for proxy Digest auth */
-#ifdef USE_HTTP_NEGOTIATE
+#ifdef USE_SPNEGO
struct negotiatedata negotiate; /* state data for host Negotiate auth */
struct negotiatedata proxyneg; /* state data for proxy Negotiate auth */
#endif
long rtsp_next_server_CSeq; /* the session's next server CSeq */
long rtsp_CSeq_recv; /* most recent CSeq received */
- /* Protocol specific data.
- *
- *************************************************************************
- * Note that this data will be REMOVED after each request, so anything that
- * should be kept/stored on a per-connection basis and thus live for the
- * next request on the same connection MUST be put in the connectdata struct!
- *************************************************************************/
- union {
- struct HTTP *http;
- struct HTTP *https; /* alias, just for the sake of being more readable */
- struct RTSP *rtsp;
- struct FTP *ftp;
- /* void *tftp; not used */
- struct FILEPROTO *file;
- void *telnet; /* private for telnet.c-eyes only */
- void *generic;
- struct SSHPROTO *ssh;
- struct IMAP *imap;
- struct POP3 *pop3;
- struct SMTP *smtp;
- } proto;
-
- /* if true, force SSL connection retry (workaround for certain servers) */
- bool ssl_connect_retry;
+ curl_off_t infilesize; /* size of file to upload, -1 means unknown.
+ Copied from set.filesize at start of operation */
};
STRING_KRB_LEVEL, /* krb security level */
STRING_NETRC_FILE, /* if not NULL, use this instead of trying to find
$HOME/.netrc */
- STRING_COPYPOSTFIELDS, /* if POST, set the fields' values here */
STRING_PROXY, /* proxy to use */
STRING_SET_RANGE, /* range, if used */
STRING_SET_REFERER, /* custom string for the HTTP referer field */
STRING_SET_URL, /* what original URL to work on */
STRING_SSL_CAPATH, /* CA directory name (doesn't work on windows) */
STRING_SSL_CAFILE, /* certificate file to verify peer against */
+ STRING_SSL_PINNEDPUBLICKEY, /* public key file to verify peer against */
STRING_SSL_CIPHER_LIST, /* list of ciphers to use */
STRING_SSL_EGDSOCKET, /* path to file containing the EGD daemon socket */
STRING_SSL_RANDOM_FILE, /* path to file containing "random" data */
STRING_SSH_KNOWNHOSTS, /* file name of knownhosts file */
#endif
#if defined(HAVE_GSSAPI) || defined(USE_WINDOWS_SSPI)
- STRING_SOCKS5_GSSAPI_SERVICE, /* GSSAPI service name */
+ STRING_SOCKS5_GSSAPI_SERVICE, /* GSSAPI service name */
#endif
STRING_MAIL_FROM,
STRING_MAIL_AUTH,
#ifdef USE_TLS_SRP
- STRING_TLSAUTH_USERNAME, /* TLS auth <username> */
- STRING_TLSAUTH_PASSWORD, /* TLS auth <password> */
+ STRING_TLSAUTH_USERNAME, /* TLS auth <username> */
+ STRING_TLSAUTH_PASSWORD, /* TLS auth <password> */
+#endif
+ STRING_BEARER, /* <bearer>, if used */
+#ifdef USE_UNIX_SOCKETS
+ STRING_UNIX_SOCKET_PATH, /* path to Unix socket, if used */
#endif
- /* -- end of strings -- */
+ /* -- end of zero-terminated strings -- */
+
+ STRING_LASTZEROTERMINATED,
+
+ /* -- below this are pointers to binary data that cannot be strdup'ed.
+ Each such pointer must be added manually to Curl_dupset() --- */
+
+ STRING_COPYPOSTFIELDS, /* if POST, set the fields' values here */
+
STRING_LAST /* not used, just an end-of-list marker */
};
long accepttimeout; /* in milliseconds, 0 means no timeout */
long server_response_timeout; /* in milliseconds, 0 means no timeout */
long tftp_blksize ; /* in bytes, 0 means use default */
- curl_off_t infilesize; /* size of file to upload, -1 means unknown */
+ curl_off_t filesize; /* size of file to upload, -1 means unknown */
long low_speed_limit; /* bytes/second */
long low_speed_time; /* number of seconds */
curl_off_t max_send_speed; /* high speed limit in bytes/second for upload */
download */
curl_off_t set_resume_from; /* continue [ftp] transfer from here */
struct curl_slist *headers; /* linked list of extra headers */
+ struct curl_slist *proxyheaders; /* linked list of extra CONNECT headers */
struct curl_httppost *httppost; /* linked list of POST data */
+ bool sep_headers; /* handle host and proxy headers separately */
bool cookiesession; /* new cookie session? */
bool crlf; /* convert crlf on ftp upload(?) */
struct curl_slist *quote; /* after connection is established */
bool ftp_list_only; /* switch FTP command for listing directories */
bool ftp_use_port; /* use the FTP PORT command */
bool hide_progress; /* don't use the progress meter */
- bool http_fail_on_error; /* fail on HTTP error codes >= 300 */
+ bool http_fail_on_error; /* fail on HTTP error codes >= 400 */
bool http_follow_location; /* follow HTTP redirects */
bool http_transfer_encoding; /* request compressed HTTP transfer-encoding */
bool http_disable_hostname_check_before_authentication;
enum CURL_NETRC_OPTION
use_netrc; /* defined in include/curl.h */
bool verbose; /* output verbosity */
- bool krb; /* kerberos connection requested */
+ bool krb; /* Kerberos connection requested */
bool reuse_forbid; /* forbidden to be reused, close after use */
bool reuse_fresh; /* do not re-use an existing connection */
bool ftp_use_epsv; /* if EPSV is to be attempted or not */
bool proxy_transfer_mode; /* set transfer mode (;type=<a|i>) when doing FTP
via an HTTP proxy */
char *str[STRING_LAST]; /* array of strings, pointing to allocated memory */
- unsigned int scope; /* address scope for IPv6 */
+ unsigned int scope_id; /* Scope id for IPv6 */
long allowed_protocols;
long redir_protocols;
#if defined(HAVE_GSSAPI) || defined(USE_WINDOWS_SSPI)
to pattern (e.g. if WILDCARDMATCH is on) */
void *fnmatch_data;
- long gssapi_delegation; /* GSSAPI credential delegation, see the
+ long gssapi_delegation; /* GSS-API credential delegation, see the
documentation of CURLOPT_GSSAPI_DELEGATION */
bool tcp_keepalive; /* use TCP keepalives */
long tcp_keepintvl; /* seconds between TCP keepalive probes */
size_t maxconnects; /* Max idle connections in the connection cache */
+
+ bool ssl_enable_npn; /* TLS NPN extension? */
+ bool ssl_enable_alpn; /* TLS ALPN extension? */
+
+ long expect_100_timeout; /* in milliseconds */
};
struct Names {
other dynamic purposes */
struct WildcardData wildcard; /* wildcard download state info */
struct PureInfo info; /* stats, reports and info data */
+ struct curl_tlssessioninfo tsi; /* Information about the TLS session, only
+ valid after a client has asked for it */
#if defined(CURL_DOES_CONVERSIONS) && defined(HAVE_ICONV)
iconv_t outbound_cd; /* for translating to the network encoding */
iconv_t inbound_cd; /* for translating from the network encoding */
projects / platform / upstream / curl.git / blobdiff