search

jeroen / curl

A Modern and Flexible Web Client for R
https://jeroen.r-universe.dev/curl
Other
216 stars 71 forks source link

gssapi_delegation curl option doesn't appear to work #123

Open mungojam opened 7 years ago

mungojam commented 7 years ago

I'm attempting to use windows authentication with delegation by setting gssapi_delegation=2. The option seems to have no effect as the request is managing to authenticate for the first hop, but not then passing that authentication on to the second hop (whereas Chrome with delegation option set and IE both succeed).

The code I am trying is:

h <- new_handle()
handle_setopt(h, verbose = TRUE, httpauth = 4, userpwd=":", gssapi_delegation=2)
t <- curl_fetch_memory("http://localhost:55801/", h)

The 'Authorization: ' request headers are identical as when I run it with gssapi_delegation = 0 (or missing). They should be different in the first few bytes I believe in order to tell the web server that the credentials can be passed down to the next layer.

h <- new_handle()
handle_setopt(h, verbose = TRUE, httpauth = 4, userpwd=":", gssapi_delegation=0)
t <- curl_fetch_memory("http://localhost:55801/", h)
jeroen commented 7 years ago

Can you try installing the winssl build for curl and see if this changes anything? To install this you need to run this in a clean r session (which does not have curl loaded):

Sys.setenv(LIBCURL_BUILD="winssl")
install.packages("https://github.com/jeroen/curl/archive/master.tar.gz", repos = NULL)

After this you should see:

curl_version()$ssl_version
# WinSSL
mungojam commented 7 years ago

Unfortunately it's still not working. I've realised that the end of the authorization header does change on every request (regardless of the setting) so I'm no longer certain where in the header the delegation flag is set. My assumption of early bytes in the header was based on some earlier tests with chrome and fiddler.

I'll see if I can run the console version of curl and check if it works (we have restricted download rights).

It's odd because https://curl.haxx.se/libcurl/c/CURLOPT_GSSAPI_DELEGATION.html suggests that if the required compiler flags hadn't been set, then the option would fail with an error, but it doesn't.

mungojam commented 7 years ago

We've tried using the latest curl.exe for windows with --delegation always set and that has the same issue. So it seems to be a bug in libcurl rather than in the curl R package.

We would like to try an older version of curl, prior to the introduction of the delegation option in 2011, but there isn't a windows binary. I guess there isn't an easy way to use the R library to build an old version of curl? Long shot I know.

Feel free to close this issue anyway as it is a bug in libcurl and we will need to raise it with them.