Join GitHub today
GitHub is home to over 28 million developers working together to host and review code, manage projects, and build software together.Sign up
sasl_sspi: Populate the domain from the realm in the challenge message i... #141
...f the user does not specify DOMAIN\User format
With the release of Curl 7.40.0, on Windows, SSPI handles http_digest authentication.
I've noticed that the behavior of using digest auth on most non-Microsoft based HTTP servers will return an unauthorized error. This is because the realm in the challenge response is not populated correctly. The only way to authorize access is for the user to have knowledge of the "Realm" of the challenge-message, which is not usually the case.
I've noticed the PHP Windows binaries now use 7.40.0 and compile with USE_WINDOWS_SSPI.
Some examples (user:password) formats specified with CURLOPT_USERPWD:
This also conflicts with users that may contain "" and servers that don't use the MS DOMAIN\User format. Either way, the behavior significantly varies from using Curl without USE_WINDOWS_SSPI.
Instead, this patch populates the realm from the challenge message if the user does not explicitly use the DOMAIN\User format.