#include "telnet.h"
#include "tftp.h"
#include "http.h"
+#include "vauth/vauth.h"
#include "file.h"
#include "curl_ldap.h"
#include "vssh/ssh.h"
data->set.str[STRING_BEARER] ||
data->set.str[STRING_SASL_AUTHZID] ||
data->set.str[STRING_SERVICE_NAME]) &&
- (data->set.allow_auth_to_other_hosts ||
- Curl_peer_same_destination(data->state.initial_origin, conn->origin))) {
+ Curl_auth_allowed_to_origin(data, conn->origin)) {
result = Curl_creds_create(data->set.str[STRING_USERNAME],
data->set.str[STRING_PASSWORD],
data->set.str[STRING_BEARER],
* "sensitive data" can be sent to the connection's origin.
*/
bool Curl_auth_allowed_to_host(struct Curl_easy *data)
+{
+ return Curl_auth_allowed_to_origin(data, data->conn->origin);
+}
+
+bool Curl_auth_allowed_to_origin(struct Curl_easy *data,
+ struct Curl_peer *origin)
{
return data->set.allow_auth_to_other_hosts ||
- Curl_peer_equal(data->state.initial_origin, data->conn->origin);
+ Curl_peer_equal(data->state.initial_origin, origin);
}
#ifdef USE_NTLM
struct Curl_easy;
struct Curl_creds;
struct connectdata;
+struct Curl_peer;
#ifndef CURL_DISABLE_DIGEST_AUTH
struct digestdata;
* "sensitive data" can (still) be sent to this host.
*/
bool Curl_auth_allowed_to_host(struct Curl_easy *data);
+bool Curl_auth_allowed_to_origin(struct Curl_easy *data,
+ struct Curl_peer *origin);
/* This is used to build an SPN string */
#ifndef USE_WINDOWS_SSPI
test3024 test3025 test3026 test3027 test3028 test3029 test3030 test3031 \
test3032 test3033 test3034 test3035 test3036 \
\
-test3100 test3101 test3102 test3103 test3104 test3105 \
+test3100 test3101 test3102 test3103 test3104 test3105 test3106 \
\
test3200 test3201 test3202 test3203 test3204 test3205 test3206 test3207 \
test3208 test3209 test3210 test3211 test3212 test3213 test3214 test3215 \
--- /dev/null
+<?xml version="1.0" encoding="US-ASCII"?>
+<testcase>
+<info>
+<keywords>
+HTTP
+HTTPS
+HTTP proxy
+HTTP Basic auth
+followlocation
+</keywords>
+</info>
+
+# Server-side
+<reply>
+<connect crlf="headers">
+HTTP/1.1 200 OK
+
+</connect>
+
+<data crlf="headers" nocheck="yes">
+HTTP/1.1 302 Found
+Location: http://example.com:%HTTPSPORT/%TESTNUMBER0002
+Content-Length: 0
+
+</data>
+
+<data2 crlf="headers">
+HTTP/1.1 200 OK
+Content-Length: 2
+
+OK
+</data2>
+</reply>
+
+# Client-side
+<client>
+<features>
+SSL
+proxy
+</features>
+<server>
+https
+http-proxy
+</server>
+<name>
+HTTPS to HTTP redirect on same host and port without auth
+</name>
+<command>
+--insecure --location --user user:secret --proxy %HOSTIP:%PROXYPORT https://example.com:%HTTPSPORT/%TESTNUMBER
+</command>
+</client>
+
+# Verify data after the test has been "shot"
+<verify>
+<proxy crlf="headers">
+CONNECT example.com:%HTTPSPORT HTTP/1.1
+Host: example.com:%HTTPSPORT
+User-Agent: curl/%VERSION
+Proxy-Connection: Keep-Alive
+
+GET http://example.com:%HTTPSPORT/%TESTNUMBER0002 HTTP/1.1
+Host: example.com:%HTTPSPORT
+User-Agent: curl/%VERSION
+Accept: */*
+Proxy-Connection: Keep-Alive
+
+</proxy>
+<protocol crlf="headers">
+GET /%TESTNUMBER HTTP/1.1
+Host: example.com:%HTTPSPORT
+Authorization: Basic %b64[user:secret]b64%
+User-Agent: curl/%VERSION
+Accept: */*
+
+</protocol>
+</verify>
+</testcase>
projects / thirdparty / curl.git / commitdiff
