| Age | Commit message (Collapse) | Author |
|---|
|
|
|
As it is often difficult to choose the best description for a single
feature when it spans many commits, updated the descriptions for the
recent SMB/CIFS protocol and GSS-API additions.
|
|
|
|
Don't use a hard coded size of 4 for the security layer and buffer size
in Curl_sasl_create_gssapi_security_message(), instead, use sizeof() as
we have done in the sasl_gssapi module.
|
|
Reduced the amount of free's required for the decoded challenge message
in Curl_sasl_create_gssapi_security_message() as a result of coding it
differently in the sasl_gssapi module.
|
|
|
|
|
|
...they never have a body
|
|
Sending NTLM/Negotiate header again after successful authentication
breaks the connection with certain Proxies and request types (POST to MS
Forefront).
|
|
... similarly to how NTLM works as Negotiate is in fact often NTLM with
another name.
|
|
|
|
|
|
Prior to this change the 10-at-a-time example showed CURLE_RECV_ERROR
for the sony website because it ends the connection when the request is
missing a user agent.
|
|
|
|
|
|
|
|
It returns error for >= 400 HTTP responses.
Bug: https://github.com/bagder/curl/pull/129
|
|
Mark CURLOPT_UNIX_SOCKET_PATH as string to ensure that it ends up as
option in the file generated by --libcurl.
Signed-off-by: Peter Wu <peter@lekensteyn.nl>
|
|
Add .nf and .fi such that the code gets wrapped in a pre on the web.
Fixed grammar, fixed formatting of the "See also" items.
Signed-off-by: Peter Wu <peter@lekensteyn.nl>
|
|
|
|
|
|
|
|
Otherwise we may read uninitialized bytes later in the unix-domain
sockets case.
|
|
|
|
Signed-off-by: Peter Wu <peter@lekensteyn.nl>
|
|
The ability to do HTTP requests over a UNIX domain socket has been
requested before, in Apr 2008 [0][1] and Sep 2010 [2]. While a
discussion happened, no patch seems to get through. I decided to give it
a go since I need to test a nginx HTTP server which listens on a UNIX
domain socket.
One patch [3] seems to make it possible to use the
CURLOPT_OPENSOCKETFUNCTION function to gain a UNIX domain socket.
Another person wrote a Go program which can do HTTP over a UNIX socket
for Docker[4] which uses a special URL scheme (though the name contains
cURL, it has no relation to the cURL library).
This patch considers support for UNIX domain sockets at the same level
as HTTP proxies / IPv6, it acts as an intermediate socket provider and
not as a separate protocol. Since this feature affects network
operations, a new feature flag was added ("unix-sockets") with a
corresponding CURL_VERSION_UNIX_SOCKETS macro.
A new CURLOPT_UNIX_SOCKET_PATH option is added and documented. This
option enables UNIX domain sockets support for all requests on the
handle (replacing IP sockets and skipping proxies).
A new configure option (--enable-unix-sockets) and CMake option
(ENABLE_UNIX_SOCKETS) can disable this optional feature. Note that I
deliberately did not mark this feature as advanced, this is a
feature/component that should easily be available.
[0]: http://curl.haxx.se/mail/lib-2008-04/0279.html
[1]: http://daniel.haxx.se/blog/2008/04/14/http-over-unix-domain-sockets/
[2]: http://sourceforge.net/p/curl/feature-requests/53/
[3]: http://curl.haxx.se/mail/lib-2008-04/0361.html
[4]: https://github.com/Soulou/curl-unix-socket
Signed-off-by: Peter Wu <peter@lekensteyn.nl>
|
|
test1435: a simple test that checks whether a HTTP request can be
performed over the UNIX socket. The hostname/port are interpreted
by sws and should be ignored by cURL.
test1436: test for the ability to do two requests to the same host,
interleaved with one to a different hostname.
Signed-off-by: Peter Wu <peter@lekensteyn.nl>
|
|
The variable `$ipvnum` can now contain "unix" besides the integers 4
and 6 since the variable. Functions which receive this parameter
have their `$port` parameter renamed to `$port_or_path` to support a
path to the UNIX domain socket (as a "port" is only meaningful for TCP).
Signed-off-by: Peter Wu <peter@lekensteyn.nl>
|
|
If sws is killed it might leave a stale socket file on the filesystem
which would cause an EADDRINUSE error. After this patch, it is checked
whether the socket is really stale and if so, the socket file gets
removed and another bind is executed.
Signed-off-by: Peter Wu <peter@lekensteyn.nl>
|
|
This extends sws with a --unix-socket option which causes the port to
be ignored (as the server now listens on the path specified by
--unix-socket). This feature will be available in the following patch
that enables checking for UNIX domain socket support.
Proxy support (CONNECT) is not considered nor tested. It does not make
sense anyway, first connecting through a TCP proxy, then let that TCP
proxy connect to a UNIX socket.
Signed-off-by: Peter Wu <peter@lekensteyn.nl>
|
|
TCP_NODELAY does not make sense for Unix sockets, so enable it only if
the socket is using IP.
Signed-off-by: Peter Wu <peter@lekensteyn.nl>
|
|
|
|
|
|
|
|
Added helper function for returning a GSS-API compatible SPN.
|
|
Bug: http://curl.haxx.se/bug/view.cgi?id=1457
Patch-by: Tomasz Kojm
|
|
|
|
|
|
sws.c:69: warning: comma at end of enumerator list
|
|
Made log_gss_error() a common function so that it can be used in both
the http_negotiate code as well as the curl_sasl_gssapi code.
|
|
Added the initial version of curl_sasl_gssapi.c and updated the project
files in preparation for adding GSS-API based Kerberos V5 support.
|
|
On some platforms curl would crash if no credentials were used. As such
added detection of such a use case to prevent this from happening.
Reported-by: Gisle Vanem
|
|
|
|
|
|
|
|
Instead of depending the socket domain type on use_ipv6, specify the
domain type (AF_INET / AF_INET6) as variable. An enum is used here with
switch to avoid compiler warnings in connect_to, complaining that rc
is possibly undefined (which is not possible as socket_domain is
always set).
Besides abstracting the socket type, make the debugging messages be
independent on IP (introduce location_str which points to "port XXXXX").
Rename "ipv_inuse" to "socket_type" and tighten the scope (main).
Signed-off-by: Peter Wu <peter@lekensteyn.nl>
|
|
This patch prepares for adding UNIX domain sockets support.
TCP_NODELAY and TCP_KEEPALIVE are specific to TCP/IP sockets, so do not
apply these to other socket types. bindlocal only works for IP sockets
(independent of TCP/UDP), so filter that out too for other types.
Signed-off-by: Peter Wu <peter@lekensteyn.nl>
|
|
This fixes warnings about conversions to int
|
|
|
|
This patch updates the documentation for the SMB/CIFS protocol.
|
