#define PORT_IMAPS 993
#define PORT_POP3 110
#define PORT_POP3S 995
-#define PORT_SMB 445
-#define PORT_SMBS 445
#define PORT_SMTP 25
#define PORT_SMTPS 465 /* sometimes called SSMTP */
#define PORT_RTSP 554
#define PROTO_FAMILY_HTTP (CURLPROTO_HTTP|CURLPROTO_HTTPS)
#define PROTO_FAMILY_FTP (CURLPROTO_FTP|CURLPROTO_FTPS)
#define PROTO_FAMILY_POP3 (CURLPROTO_POP3|CURLPROTO_POP3S)
-#define PROTO_FAMILY_SMB (CURLPROTO_SMB|CURLPROTO_SMBS)
#define PROTO_FAMILY_SMTP (CURLPROTO_SMTP|CURLPROTO_SMTPS)
#define DEFAULT_CONNCACHE_SIZE 5
#include <pk11pub.h>
#endif
+#ifdef USE_QSOSSL
+#include <qsossl.h>
+#endif
+
#ifdef USE_GSKIT
#include <gskssl.h>
#endif
#include "ssh.h"
#include "http.h"
#include "rtsp.h"
-#include "smb.h"
#include "wildcard.h"
#include "multihandle.h"
current state of the connection. */
bool use;
ssl_connection_state state;
-#ifdef USE_NGHTTP2
- bool asked_for_h2;
-#endif
#ifdef USE_SSLEAY
/* these ones requires specific SSL-types */
SSL_CTX* ctx;
PK11GenericObject *obj_clicert;
ssl_connect_state connecting_state;
#endif /* USE_NSS */
+#ifdef USE_QSOSSL
+ SSLHandle *handle;
+#endif /* USE_QSOSSL */
#ifdef USE_GSKIT
gsk_handle handle;
int iocport;
bool verifypeer; /* set TRUE if this is desired */
bool verifyhost; /* set TRUE if CN/SAN must match hostname */
- bool verifystatus; /* set TRUE if certificate status must be checked */
char *CApath; /* certificate dir (doesn't work on windows) */
char *CAfile; /* certificate to verify peer against */
const char *CRLfile; /* CRL to check certificate revocation */
/* Struct used for Digest challenge-response authentication */
struct digestdata {
-#if defined(USE_WINDOWS_SSPI)
- BYTE *input_token;
- size_t input_token_len;
-#else
char *nonce;
char *cnonce;
char *realm;
char *qop;
char *algorithm;
int nc; /* nounce count */
-#endif
};
typedef enum {
#include <iconv.h>
#endif
-/* Struct used for GSSAPI (Kerberos V5) authentication */
-#if defined(USE_KERBEROS5)
-struct kerberos5data {
-#if defined(USE_WINDOWS_SSPI)
- CredHandle *credentials;
- CtxtHandle *context;
- TCHAR *spn;
- SEC_WINNT_AUTH_IDENTITY identity;
- SEC_WINNT_AUTH_IDENTITY *p_identity;
- size_t token_max;
- BYTE *output_token;
-#else
- gss_ctx_id_t context;
- gss_name_t spn;
-#endif
-};
-#endif
-
/* Struct used for NTLM challenge-response authentication */
-#if defined(USE_NTLM)
struct ntlmdata {
curlntlm state;
#ifdef USE_WINDOWS_SSPI
- CredHandle *credentials;
- CtxtHandle *context;
+ CredHandle handle;
+ CtxtHandle c_handle;
SEC_WINNT_AUTH_IDENTITY identity;
SEC_WINNT_AUTH_IDENTITY *p_identity;
- size_t token_max;
- BYTE *output_token;
- BYTE *input_token;
- size_t input_token_len;
+ int has_handles;
+ void *type_2;
+ unsigned long n_type_2;
#else
unsigned int flags;
unsigned char nonce[8];
unsigned int target_info_len;
#endif
};
-#endif
-#ifdef USE_SPNEGO
+#ifdef USE_HTTP_NEGOTIATE
struct negotiatedata {
- /* When doing Negotiate (SPNEGO) auth, we first need to send a token
- and then validate the received one. */
+ /* when doing Negotiate we first need to receive an auth token and then we
+ need to send our header */
enum { GSS_AUTHNONE, GSS_AUTHRECV, GSS_AUTHSENT } state;
+ bool gss; /* Whether we're processing GSS-Negotiate or Negotiate */
+ const char* protocol; /* "GSS-Negotiate" or "Negotiate" */
#ifdef HAVE_GSSAPI
OM_uint32 status;
gss_ctx_id_t context;
#else
#ifdef USE_WINDOWS_SSPI
DWORD status;
- CredHandle *credentials;
CtxtHandle *context;
- SEC_WINNT_AUTH_IDENTITY identity;
- SEC_WINNT_AUTH_IDENTITY *p_identity;
- TCHAR *server_name;
- size_t token_max;
+ CredHandle *credentials;
+ char server_name[1024];
+ size_t max_token_length;
BYTE *output_token;
size_t output_token_length;
#endif
the ip_addr itself. */
char ip_addr_str[MAX_IPADR_LEN];
- unsigned int scope_id; /* Scope id for IPv6 */
+ unsigned int scope; /* address scope for IPv6 */
int socktype; /* SOCK_STREAM or SOCK_DGRAM */
char *te; /* TE: request header */
} allocptr;
+ int sec_complete; /* if kerberos is enabled for this connection */
#ifdef HAVE_GSSAPI
- int sec_complete; /* if Kerberos is enabled for this connection */
enum protection_level command_prot;
enum protection_level data_prot;
enum protection_level request_data_prot;
struct sockaddr_in local_addr;
#endif
-#if defined(USE_KERBEROS5) /* Consider moving some of the above GSS-API */
- struct kerberos5data krb5; /* variables into the structure definition, */
-#endif /* however, some of them are ftp specific. */
-
/* the two following *_inuse fields are only flags, not counters in any way.
If TRUE it means the channel is in use, and if FALSE it means the channel
is up for grabs by one. */
curl_read_callback fread_func; /* function that reads the input */
void *fread_in; /* pointer to pass to the fread() above */
-#if defined(USE_NTLM)
struct ntlmdata ntlm; /* NTLM differs from other authentication schemes
because it authenticates connections, not
single requests! */
struct ntlmdata proxyntlm; /* NTLM data for proxy */
-#if defined(NTLM_WB_ENABLED)
+#if defined(USE_NTLM) && defined(NTLM_WB_ENABLED)
/* used for communication with Samba's winbind daemon helper ntlm_auth */
curl_socket_t ntlm_auth_hlpr_socket;
pid_t ntlm_auth_hlpr_pid;
char* challenge_header;
char* response_header;
#endif
-#endif
char syserr_buf [256]; /* buffer for Curl_strerror() */
struct pop3_conn pop3c;
struct smtp_conn smtpc;
struct rtsp_conn rtspc;
- struct smb_conn smbc;
void *generic; /* RTMP and LDAP use this */
} proto;
struct digestdata digest; /* state data for host Digest auth */
struct digestdata proxydigest; /* state data for proxy Digest auth */
-#ifdef USE_SPNEGO
+#ifdef USE_HTTP_NEGOTIATE
struct negotiatedata negotiate; /* state data for host Negotiate auth */
struct negotiatedata proxyneg; /* state data for proxy Negotiate auth */
#endif
long rtsp_next_server_CSeq; /* the session's next server CSeq */
long rtsp_CSeq_recv; /* most recent CSeq received */
+ /* if true, force SSL connection retry (workaround for certain servers) */
+ bool ssl_connect_retry;
curl_off_t infilesize; /* size of file to upload, -1 means unknown.
Copied from set.filesize at start of operation */
};
STRING_KRB_LEVEL, /* krb security level */
STRING_NETRC_FILE, /* if not NULL, use this instead of trying to find
$HOME/.netrc */
+ STRING_COPYPOSTFIELDS, /* if POST, set the fields' values here */
STRING_PROXY, /* proxy to use */
STRING_SET_RANGE, /* range, if used */
STRING_SET_REFERER, /* custom string for the HTTP referer field */
STRING_SET_URL, /* what original URL to work on */
STRING_SSL_CAPATH, /* CA directory name (doesn't work on windows) */
STRING_SSL_CAFILE, /* certificate file to verify peer against */
- STRING_SSL_PINNEDPUBLICKEY, /* public key file to verify peer against */
STRING_SSL_CIPHER_LIST, /* list of ciphers to use */
STRING_SSL_EGDSOCKET, /* path to file containing the EGD daemon socket */
STRING_SSL_RANDOM_FILE, /* path to file containing "random" data */
STRING_SSH_KNOWNHOSTS, /* file name of knownhosts file */
#endif
#if defined(HAVE_GSSAPI) || defined(USE_WINDOWS_SSPI)
- STRING_SOCKS5_GSSAPI_SERVICE, /* GSSAPI service name */
+ STRING_SOCKS5_GSSAPI_SERVICE, /* GSSAPI service name */
#endif
STRING_MAIL_FROM,
STRING_MAIL_AUTH,
#ifdef USE_TLS_SRP
- STRING_TLSAUTH_USERNAME, /* TLS auth <username> */
- STRING_TLSAUTH_PASSWORD, /* TLS auth <password> */
-#endif
- STRING_BEARER, /* <bearer>, if used */
-#ifdef USE_UNIX_SOCKETS
- STRING_UNIX_SOCKET_PATH, /* path to Unix socket, if used */
+ STRING_TLSAUTH_USERNAME, /* TLS auth <username> */
+ STRING_TLSAUTH_PASSWORD, /* TLS auth <password> */
#endif
- /* -- end of zero-terminated strings -- */
-
- STRING_LASTZEROTERMINATED,
-
- /* -- below this are pointers to binary data that cannot be strdup'ed.
- Each such pointer must be added manually to Curl_dupset() --- */
-
- STRING_COPYPOSTFIELDS, /* if POST, set the fields' values here */
+ STRING_BEARER, /* <bearer>, if used */
+ /* -- end of strings -- */
STRING_LAST /* not used, just an end-of-list marker */
};
bool ftp_list_only; /* switch FTP command for listing directories */
bool ftp_use_port; /* use the FTP PORT command */
bool hide_progress; /* don't use the progress meter */
- bool http_fail_on_error; /* fail on HTTP error codes >= 400 */
+ bool http_fail_on_error; /* fail on HTTP error codes >= 300 */
bool http_follow_location; /* follow HTTP redirects */
bool http_transfer_encoding; /* request compressed HTTP transfer-encoding */
bool http_disable_hostname_check_before_authentication;
enum CURL_NETRC_OPTION
use_netrc; /* defined in include/curl.h */
bool verbose; /* output verbosity */
- bool krb; /* Kerberos connection requested */
+ bool krb; /* kerberos connection requested */
bool reuse_forbid; /* forbidden to be reused, close after use */
bool reuse_fresh; /* do not re-use an existing connection */
bool ftp_use_epsv; /* if EPSV is to be attempted or not */
bool proxy_transfer_mode; /* set transfer mode (;type=<a|i>) when doing FTP
via an HTTP proxy */
char *str[STRING_LAST]; /* array of strings, pointing to allocated memory */
- unsigned int scope_id; /* Scope id for IPv6 */
+ unsigned int scope; /* address scope for IPv6 */
long allowed_protocols;
long redir_protocols;
#if defined(HAVE_GSSAPI) || defined(USE_WINDOWS_SSPI)
to pattern (e.g. if WILDCARDMATCH is on) */
void *fnmatch_data;
- long gssapi_delegation; /* GSS-API credential delegation, see the
+ long gssapi_delegation; /* GSSAPI credential delegation, see the
documentation of CURLOPT_GSSAPI_DELEGATION */
bool tcp_keepalive; /* use TCP keepalives */
projects / platform / upstream / curl.git / blobdiff