FindWin32CACert: return OK even if CA cert isn't found

Bug: http://curl.haxx.se/mail/lib-2011-11/0180.html
Reported by: Mark Brand

.gitignore

@@ -14,6 +14,7 @@ Makefile
 Makefile.in
 aclocal.m4
 autom4te.cache
+config.cache
 config.guess
 config.log
 config.status

Android.mk

@@ -2,7 +2,7 @@
 #
 # Place the curl source (including this makefile) into external/curl/ in the
 # Android source tree.  Then build them with 'make curl' or just 'make libcurl'
-# from the Android root. Tested with Android 1.5 and 2.1
+# from the Android root. Tested with Android versions 1.5, 2.1-2.3
 #
 # Note: you must first create a curl_config.h file by running configure in the
 # Android environment. The only way I've found to do this is tricky. Perform a
@@ -42,7 +42,7 @@
 # into the right place (but see the note about this below).
 #
 # Dan Fandrich
-# August 2010
+# November 2011
 
 LOCAL_PATH:= $(call my-dir)
 

CMakeLists.txt

@@ -148,7 +148,9 @@ option(ENABLE_IPV6 "Define if you want to enable IPv6 support" OFF)
 mark_as_advanced(ENABLE_IPV6)
 
 if(WIN32)
-  list_spaces_append_once(CMAKE_C_STANDARD_LIBRARIES wsock32.lib ws2_32.lib)  # bufferoverflowu.lib
+  find_library(WSOCK32_LIBRARY wsock32)
+  find_library(WS2_32_LIBRARY ws2_32)
+  list_spaces_append_once(CMAKE_C_STANDARD_LIBRARIES ${WSOCK32_LIBRARY} ${WS2_32_LIBRARY})  # bufferoverflowu.lib
   if(CURL_DISABLE_LDAP)
     # Remove wldap32.lib from space-separated list
     string(REPLACE " " ";" _LIST ${CMAKE_C_STANDARD_LIBRARIES})
@@ -861,4 +863,3 @@ install(DIRECTORY "${CMAKE_CURRENT_SOURCE_DIR}/include/curl"
     DESTINATION include
     FILES_MATCHING PATTERN "*.h"
     PATTERN "curlbuild.h" EXCLUDE)
- 

Makefile.dist

@@ -73,10 +73,15 @@ mingw32:
 mingw32-clean:
 	$(MAKE) -C lib -f Makefile.m32 clean
 	$(MAKE) -C src -f Makefile.m32 clean
+	$(MAKE) -C docs/examples -f Makefile.m32 clean
 
 mingw32-vclean mingw32-distclean:
 	$(MAKE) -C lib -f Makefile.m32 vclean
 	$(MAKE) -C src -f Makefile.m32 vclean
+	$(MAKE) -C docs/examples -f Makefile.m32 vclean
+
+mingw32-examples%:
+	$(MAKE) -C docs/examples -f Makefile.m32 CFG=$@
 
 mingw32%:
 	$(MAKE) -C lib -f Makefile.m32 CFG=$@
@@ -217,34 +222,27 @@ netware:
 	$(MAKE) -C lib -f Makefile.netware
 	$(MAKE) -C src -f Makefile.netware
 
-netware-ares:
-	$(MAKE) -C lib -f Makefile.netware WITH_ARES=1
-	$(MAKE) -C src -f Makefile.netware WITH_ARES=1
-
-netware-ssl:
-	$(MAKE) -C lib -f Makefile.netware WITH_SSL=1
-	$(MAKE) -C src -f Makefile.netware WITH_SSL=1
-
-netware-ssl-zlib:
-	$(MAKE) -C lib -f Makefile.netware WITH_SSL=1 WITH_ZLIB=1
-	$(MAKE) -C src -f Makefile.netware WITH_SSL=1 WITH_ZLIB=1
-
-netware-ssh2-ssl-zlib:
-	$(MAKE) -C lib -f Makefile.netware WITH_SSH2=1 WITH_SSL=1 WITH_ZLIB=1
-	$(MAKE) -C src -f Makefile.netware WITH_SSH2=1 WITH_SSL=1 WITH_ZLIB=1
-
-netware-zlib:
-	$(MAKE) -C lib -f Makefile.netware WITH_ZLIB=1
-	$(MAKE) -C src -f Makefile.netware WITH_ZLIB=1
-
 netware-clean:
 	$(MAKE) -C lib -f Makefile.netware clean
 	$(MAKE) -C src -f Makefile.netware clean
+	$(MAKE) -C docs/examples -f Makefile.netware clean
+
+netware-vclean netware-distclean:
+	$(MAKE) -C lib -f Makefile.netware vclean
+	$(MAKE) -C src -f Makefile.netware vclean
+	$(MAKE) -C docs/examples -f Makefile.netware vclean
 
 netware-install:
 	$(MAKE) -C lib -f Makefile.netware install
 	$(MAKE) -C src -f Makefile.netware install
 
+netware-examples-%:
+	$(MAKE) -C docs/examples -f Makefile.netware CFG=$@
+
+netware-%:
+	$(MAKE) -C lib -f Makefile.netware CFG=$@
+	$(MAKE) -C src -f Makefile.netware CFG=$@
+
 unix: all
 
 unix-ssl: ssl

RELEASE-NOTES

@@ -1,38 +1,19 @@
-Curl and libcurl 7.21.7
+Curl and libcurl 7.24.0
 
- Public curl releases:         123
- Command line options:         144
- curl_easy_setopt() options:   186
+ Public curl releases:         125
+ Command line options:         149
+ curl_easy_setopt() options:   192
  Public functions in libcurl:  58
  Known libcurl bindings:       39
- Contributors:                 868
+ Contributors:                 873
 
 This release includes the following changes:
 
- o recognize the [protocol]:// prefix in proxy hosts where the protocol is one
-   of socks4, socks4a, socks5 or socks5h.
- o Added CURLOPT_CLOSESOCKETFUNCTION and CURLOPT_CLOSESOCKETDATA
+ o 
 
 This release includes the following bugfixes:
 
- o SECURITY ADVISORY: inappropriate GSSAPI delegation. Full details at
-   http://curl.haxx.se/docs/adv_20110623.html
- o NTLM: work with unicode
- o fix connect with SOCKS proxy when using the multi interface
- o anyauthput.c: stdint.h must not be included unconditionally
- o CMake: improved build
- o SCP/SFTP enable non-blocking earlier
- o GnuTLS handshake: fix timeout
- o cyassl: build without filesystem
- o HTTPS over HTTP proxy using the multi interface
- o speedcheck: invalid timeout event on a reused handle
- o Force connection close for HTTP 200 OK when time condition matched
- o curl_formget: fix FILE * leak
- o configure: improved OpenSSL detection
- o Android build: support gingerbread
- o CURLFORM_STREAM: acknowledge CURLFORM_FILENAME
- o windows build: use correct MS CRT
- o pop3: remove extra space in LIST command
+ o 
 
 This release includes the following known bugs:
 
@@ -41,9 +22,6 @@ This release includes the following known bugs:
 This release would not have looked like this without help, code, reports and
 advice from friends like these:
 
- Dan Fandrich, Guenter Knauf, Vsevolod Novikov, Zmey Petroff,
- Dagobert Michelsen, Jeff Pohlmeyer, Dmitri Shubin, Matteo Rocco,
- Aaron Orenstein, Yang Tse, Kamil Dudka, Amr Shahin, Josue Andrade Gomes,
- Ori Avtalion, Richard Silverman, Julien Chaffraix
+ 
 
         Thanks! (and sorry if I forgot to mention someone)

TODO-RELEASE

@@ -1,15 +1,11 @@
-To be addressed in 7.21.6
+To be addressed in 7.22.1
 =========================
 
-284 - bug 3172608 "No re-authentication when HTTP connecton is closed"
-      http://curl.haxx.se/bug/view.cgi?id=3172608
-      Would be nice if someone could verify the suggested patch
+295 - "RTSP Authentication (#22)" https://github.com/bagder/curl/pull/22
 
-285 - bug 3163118 "Allow programatic use of telnet on Windows"
-      http://curl.haxx.se/bug/view.cgi?id=3163118
-      Would appreciate a Windows developer to give it a look before we apply
-      the suggested patch
+296 - "OOM leak in multi code" (by Dan Fandrich)
 
-287 - bug 3215314 Post quote operation to rename fails in Windows
+300 - "Polling on stray socket on sequential transfers." Andrew S
+      http://curl.haxx.se/mail/lib-2011-07/0053.html
 
-289 -
+308 -

acinclude.m4

@@ -51,7 +51,7 @@ CURL_DEF_TOKEN $1
   ],[
     tmp_exp=`eval "$ac_cpp conftest.$ac_ext" 2>/dev/null | \
       "$GREP" CURL_DEF_TOKEN 2>/dev/null | \
-      "$SED" 's/.*CURL_DEF_TOKEN[[ ]]//' 2>/dev/null | \
+      "$SED" 's/.*CURL_DEF_TOKEN[[ ]][[ ]]*//' 2>/dev/null | \
       "$SED" 's/[["]][[ ]]*[["]]//g' 2>/dev/null`
     if test -z "$tmp_exp" || test "$tmp_exp" = "$1"; then
       tmp_exp=""

buildconf

@@ -80,7 +80,7 @@ removethis(){
 # Ensure that buildconf runs from the subdirectory where configure.ac lives
 #
 if test ! -f configure.ac ||
-  test ! -f src/main.c ||
+  test ! -f src/tool_main.c ||
   test ! -f lib/urldata.h ||
   test ! -f include/curl/curl.h; then
   echo "Can not run buildconf from outside of curl's source subdirectory!"
@@ -89,7 +89,9 @@ if test ! -f configure.ac ||
 fi
 
 #--------------------------------------------------------------------------
-# autoconf 2.57 or newer
+# autoconf 2.57 or newer. Unpatched version 2.67 does not generate proper
+# configure script. Unpatched version 2.68 is simply unusable, we should
+# disallow 2.68 usage.
 #
 need_autoconf="2.57"
 ac_version=`${AUTOCONF:-autoconf} --version 2>/dev/null|head -n 1| sed -e 's/^[^0-9]*//' -e 's/[a-z]* *$//'`
@@ -108,7 +110,15 @@ if test "$1" = "2" -a "$2" -lt "57" || test "$1" -lt "2"; then
   exit 1
 fi
 
-echo "buildconf: autoconf version $ac_version (ok)"
+if test "$1" = "2" -a "$2" -eq "67"; then
+  echo "buildconf: autoconf version $ac_version (BAD)"
+  echo "            Unpatched version generates broken configure script."
+elif test "$1" = "2" -a "$2" -eq "68"; then
+  echo "buildconf: autoconf version $ac_version (BAD)"
+  echo "            Unpatched version generates unusable configure script."
+else
+  echo "buildconf: autoconf version $ac_version (ok)"
+fi
 
 am4te_version=`${AUTOM4TE:-autom4te} --version 2>/dev/null|head -n 1| sed -e 's/autom4te\(.*\)/\1/' -e 's/^[^0-9]*//' -e 's/[a-z]* *$//'`
 if test -z "$am4te_version"; then

buildconf.bat

@@ -27,6 +27,11 @@ if not exist include\curl\curlbuild.h.dist goto end_curlbuild_h
 copy /Y include\curl\curlbuild.h.dist include\curl\curlbuild.h
 :end_curlbuild_h
 
+REM create src\config-win32.h
+if not exist lib\config-win32.h goto end_config_win32_h
+copy /Y lib\config-win32.h src\config-win32.h
+:end_config_win32_h
+
 REM setup c-ares git tree
 if not exist ares\buildconf.bat goto end_c_ares
 cd ares

configure.ac

@@ -314,6 +314,26 @@ if test "x$cross_compiling" != "xno" &&
   supports_unittests=no
 fi
 
+# IRIX 6.5.24 gcc 3.3 autobuilds fail unittests library compilation due to
+# a problem related with OpenSSL headers and library versions not matching.
+# Disable unit tests while time to further investigate this is found.
+case $host in
+  mips-sgi-irix6.5)
+    if test "$compiler_id" = "GNU_C"; then
+      supports_unittests=no
+    fi
+    ;;
+esac
+
+# All AIX autobuilds fails unit tests linking against unittests library
+# due to unittests library being built with no symbols or members. Libtool ?
+# Disable unit tests while time to further investigate this is found.
+case $host_os in
+  aix*)
+    supports_unittests=no
+    ;;
+esac
+
 dnl Build unit tests when option --enable-debug is given.
 if test "x$want_debug" = "xyes" &&
    test "x$supports_unittests" = "xyes"; then
@@ -1330,7 +1350,7 @@ if test X"$OPT_SSL" != Xno; then
     dnl the user told us to look
     OPENSSL_PCDIR="$OPT_SSL/lib/pkgconfig"
     AC_MSG_NOTICE([PKG_CONFIG_LIBDIR will be set to "$OPENSSL_PCDIR"])
-    if test -e "$OPENSSL_PCDIR/openssl.pc"; then
+    if test -f "$OPENSSL_PCDIR/openssl.pc"; then
       PKGTEST="yes"
     fi
 
@@ -2419,6 +2439,7 @@ AC_CHECK_HEADERS(
         stdbool.h \
         arpa/tftp.h \
         sys/filio.h \
+        sys/wait.h \
         setjmp.h,
 dnl to do if not found
 [],
@@ -2564,6 +2585,7 @@ CURL_CHECK_FUNC_SIGINTERRUPT
 CURL_CHECK_FUNC_SIGNAL
 CURL_CHECK_FUNC_SIGSETJMP
 CURL_CHECK_FUNC_SOCKET
+CURL_CHECK_FUNC_SOCKETPAIR
 CURL_CHECK_FUNC_STRCASECMP
 CURL_CHECK_FUNC_STRCASESTR
 CURL_CHECK_FUNC_STRCMPI
@@ -2794,6 +2816,10 @@ AC_HELP_STRING([--disable-crypto-auth],[Disable cryptographic authentication]),
        AC_MSG_RESULT(yes)
 )
 
+CURL_CHECK_OPTION_NTLM_WB
+
+CURL_CHECK_NTLM_WB
+
 dnl ************************************************************
 dnl disable TLS-SRP authentication
 dnl
@@ -2969,6 +2995,9 @@ if test "x$CURL_DISABLE_HTTP" != "x1"; then
   if test "x$USE_SSLEAY" = "x1" -o "x$USE_WINDOWS_SSPI" = "x1" \
       -o "x$GNUTLS_ENABLED" = "x1" -o "x$NSS_ENABLED" = "x1"; then
     SUPPORT_FEATURES="$SUPPORT_FEATURES NTLM"
+    if test "x$NTLM_WB_ENABLED" = "x1"; then
+      SUPPORT_FEATURES="$SUPPORT_FEATURES NTLM_WB"
+    fi
   fi
 fi
 if test "x$USE_TLS_SRP" = "x1"; then

docs/BUGS

@@ -6,21 +6,34 @@
 
 BUGS
 
+ 1. Bugs
+  1.1 There are still bugs
+  1.2 Where to report
+  1.3 What to report
+  1.4 libcurl problems
+  1.5 Who will fix the problems
+  1.6 How to get a stack trace
+  1.7 Bugs in libcurl bindings
+
+==============================================================================
+
+1.1 There are still bugs
+
   Curl and libcurl have grown substantially since the beginning. At the time
-  of writing (July 2007), there are about 47000 lines of source code, and by
-  the time you read this it has probably grown even more.
+  of writing (September 2011), there are about 66000 lines of source code, and
+  by the time you read this it has probably grown even more.
 
   Of course there are lots of bugs left. And lots of misfeatures.
 
   To help us make curl the stable and solid product we want it to be, we need
   bug reports and bug fixes.
 
-WHERE TO REPORT
+1.2 Where to report
 
   If you can't fix a bug yourself and submit a fix for it, try to report an as
   detailed report as possible to a curl mailing list to allow one of us to
-  have a go at a solution. You should also post your bug/problem at curl's bug
-  tracking system over at
+  have a go at a solution. You can optionally also post your bug/problem at
+  curl's bug tracking system over at
 
         http://sourceforge.net/bugs/?group_id=976
 
@@ -29,16 +42,18 @@ WHERE TO REPORT
   If you feel you need to ask around first, find a suitable mailing list and
   post there. The lists are available on http://curl.haxx.se/mail/
 
-WHAT TO REPORT
+1.3 What to report
 
   When reporting a bug, you should include all information that will help us
   understand what's wrong, what you expected to happen and how to repeat the
   bad behavior. You therefore need to tell us:
 
-   - your operating system's name and version number (uname -a under a unix
-     is fine)
+   - your operating system's name and version number
+
    - what version of curl you're using (curl -V is fine)
+
    - versions of the used libraries that libcurl is built to use
+
    - what URL you were working with (if possible), at least which protocol
 
   and anything and everything else you think matters. Tell us what you
@@ -59,7 +74,48 @@ WHAT TO REPORT
   The address and how to subscribe to the mailing lists are detailed in the
   MANUAL file.
 
-HOW TO GET A STACK TRACE
+1.4 libcurl problems
+
+  First, post all libcurl problems on the curl-library mailing list.
+
+  When you've written your own application with libcurl to perform transfers,
+  it is even more important to be specific and detailed when reporting bugs.
+
+  Tell us the libcurl version and your operating system. Tell us the name and
+  version of all relevant sub-components like for example the SSL library
+  you're using and what name resolving your libcurl uses. If you use SFTP or
+  SCP, the libssh2 version is relevant etc.
+
+  Showing us a real source code example repeating your problem is the best way
+  to get our attention and it will greatly increase our chances to understand
+  your problem and to work on a fix (if we agree it truly is a problem).
+
+  Lots of problems that appear to be libcurl problems are actually just abuses
+  of the libcurl API or other malfunctions in your applications. It is adviced
+  that you run your problematic program using a memory debug tool like
+  valgrind or similar before you post memory-related or "crashing" problems to
+  us.
+
+1.5 Who will fix the problems
+
+  If the problems or bugs you describe are considered to be bugs, we want to
+  have the problems fixed.
+
+  There are no developers in the curl project that are paid to work on bugs.
+  All developers that take on reported bugs do this on a voluntary basis. We
+  do it out of an ambition to keep curl and libcurl excellent products and out
+  of pride.
+
+  But please do not assume that you can just lump over something to us and it
+  will then magically be fixed after some given time. Most often we need
+  feedback and help to understand what you've experienced and how to repeat a
+  problem. Then we may only be able to assist YOU to debug the problem and to
+  track down the proper fix.
+
+  We get reports from many people every month and each report can take a
+  considerable amount of time to really go to the bottom with.
+
+1.6 How to get a stack trace
 
   First, you must make sure that you compile all sources with -g and that you
   don't 'strip' the final executable. Try to avoid optimizing the code as
@@ -79,3 +135,12 @@ HOW TO GET A STACK TRACE
   crashed. Include the stack trace with your detailed bug report. It'll help a
   lot.
 
+1.7 Bugs in libcurl bindings
+
+  There will of course pop up bugs in libcurl bindings. You should then
+  primarily approach the team that works on that particular binding and see
+  what you can do to help them fix the problem.
+
+  If you suspect that the problem exists in the underlying libcurl, then
+  please convert your program over to plain C and follow the steps outlined
+  above.

docs/INSTALL

@@ -467,6 +467,34 @@ Win32
      in the vc6libcurl.dsw/vc6libcurl.dsp Visual C++ 6 IDE project.
 
 
+   Using BSD-style lwIP instead of Winsock TCP/IP stack in Win32 builds
+   --------------------------------------------------------------------
+
+   In order to compile libcurl and curl using BSD-style lwIP TCP/IP stack
+   it is necessary to make definition of preprocessor symbol USE_LWIPSOCK
+   visible to libcurl and curl compilation processes. To set this definition
+   you have the following alternatives:
+
+   - Modify lib/config-win32.h and src/config-win32.h
+   - Modify lib/Makefile.vc6
+   - Add definition to Project/Settings/C/C++/General/Preprocessor Definitions
+     in the vc6libcurl.dsw/vc6libcurl.dsp Visual C++ 6 IDE project.
+
+   Once that libcurl has been built with BSD-style lwIP TCP/IP stack support,
+   in order to use it with your program it is mandatory that your program
+   includes lwIP header file <lwip/opt.h> (or another lwIP header that includes
+   this) before including any libcurl header. Your program does not need the
+   USE_LWIPSOCK preprocessor definition which is for libcurl internals only.
+
+   Compilation has been verified with lwIP 1.4.0 and contrib-1.4.0 from:
+
+   http://download.savannah.gnu.org/releases/lwip/lwip-1.4.0.zip
+   http://download.savannah.gnu.org/releases/lwip/contrib-1.4.0.zip
+
+   This BSD-style lwIP TCP/IP stack support must be considered experimental
+   given that it has been verified that lwIP 1.4.0 still needs some polish,
+   and libcurl might yet need some additional adjustment, caveat emptor.
+
    Important static libcurl usage note
    -----------------------------------
 

docs/KNOWN_BUGS

@@ -12,12 +12,6 @@ may have been fixed since this was written!
   http://curl.haxx.se/mail/lib-2009-10/0024.html
   http://curl.haxx.se/bug/view.cgi?id=2944325
 
-74. The HTTP spec allows headers to be merged and become comma-separated
-  instead of being repeated several times. This also include Authenticate: and
-  Proxy-Authenticate: headers and while this hardly every happens in real life
-  it will confuse libcurl which does not properly support it for all headers -
-  like those Authenticate headers.
-
 73. if a connection is made to a FTP server but the server then just never
   sends the 220 response or otherwise is dead slow, libcurl will not
   acknowledge the connection timeout during that phase but only the "real"

docs/THANKS

@@ -5,15 +5,20 @@
  If you have contributed but are missing here, please let us know!
 
 Aaron Oneal
+Aaron Orenstein
 Adam D. Moss
 Adam Light
 Adam Piggott
+Adam Tkac
 Adrian Schuur
+Adriano Meirelles
 Akos Pasztory
 Alan Pinstein
+Albert Chin
 Albert Chin-A-Young
 Albert Choy
 Ale Vesely
+Alejandro Alvarez
 Aleksandar Milivojevic
 Alessandro Vesely
 Alex Bligh
@@ -29,6 +34,7 @@ Alexander Zhuravlev
 Alexey Borzov
 Alexey Pesternikov
 Alexey Simak
+Alexey Zakhlestin
 Alexis Carvalho
 Alfred Gebert
 Allen Pulsifer
@@ -63,6 +69,7 @@ Andy Tsouladze
 Angus Mackay
 Anthony Bryan
 Antoine Calando
+Anton Bychkov
 Anton Kalmykov
 Arkadiusz Miskiewicz
 Armel Asselin
@@ -80,6 +87,7 @@ Ben Greear
 Ben Madsen
 Ben Noordhuis
 Ben Van Hof
+Ben Winslow
 Benbuck Nason
 Benjamin Gerard
 Bernard Leak
@@ -125,6 +133,7 @@ Chris Gaukroger
 Chris Maltby
 Chris Mumford
 Chris Smowton
+Christian Hagele
 Christian Krause
 Christian Kurz
 Christian Robottom Reis
@@ -135,6 +144,7 @@ Christophe Legry
 Christopher Conroy
 Christopher Palow
 Christopher R. Palmer
+Christopher Stone
 Ciprian Badescu
 Claes Jakobsson
 Clarence Gardner
@@ -149,8 +159,10 @@ Craig A West
 Craig Davison
 Craig Markwardt
 Cris Bailiff
+Cristian Rodriguez
 Curt Bogmine
 Cyrill Osterwalder
+Dagobert Michelsen
 Damien Adant
 Dan Becker
 Dan C
@@ -218,6 +230,7 @@ Dmitry Rechkin
 Dolbneff A.V
 Domenico Andreoli
 Dominick Meglio
+Dominique Leuenberger
 Doug Kaufman
 Doug Porter
 Douglas E. Wegscheid
@@ -258,6 +271,7 @@ Erwin Authried
 Eugene Kotlyarov
 Evan Jordan
 Eygene Ryabinkin
+Fabian Hiernaux
 Fabian Keil
 Fabrizio Ammollo
 Fedor Karpelevitch
@@ -270,11 +284,13 @@ Frank Keeney
 Frank McGeough
 Frank Meier
 Frank Ticheler
+Frank Van Uffelen
 Fred Machado
 Fred New
 Fred Noz
 Frederic Lepied
 Gabriel Kuri
+Garrett Holmstrom
 Gary Maxwell
 Gautam Kachroo
 Gautam Mani
@@ -298,6 +314,7 @@ Giuseppe Attardi
 Giuseppe D'Ambrosio
 Glen Nakamura
 Glen Scott
+Gokhan Sengun
 Grant Erickson
 Greg Hewgill
 Greg Morse
@@ -323,6 +340,7 @@ Heinrich Ko
 Hendrik Visage
 Henrik Storner
 Henry Ludemann
+Herve Amblard
 Hidemoto Nakada
 Hoi-Ho Chan
 Hongli Lai
@@ -384,11 +402,13 @@ Jeffrey Pohlmeyer
 Jeremy Friesner
 Jerome Muffat-Meridol
 Jerome Vouillon
+Jerry Wu
 Jes Badwal
 Jesper Jensen
 Jesse Noller
 Jim Drash
 Jim Freeman
+Jim Hollinger
 Jim Meyering
 Jocelyn Jaubert
 Joe Halpin
@@ -432,6 +452,7 @@ Juergen Wilke
 Jukka Pihl
 Julian Noble
 Julien Chaffraix
+Julien Royer
 Jun-ichiro itojun Hagino
 Jurij Smakov
 Justin Fletcher
@@ -503,12 +524,14 @@ Luke Call
 Luong Dinh Dung
 Maciej Karpiuk
 Maciej W. Rozycki
+Mandy Wu
 Manfred Schwarb
 Manuel Massing
 Marc Boucher
 Marc Kleine-Budde
 Marcel Roelofs
 Marcelo Juchem
+Marcin Adamski
 Marcin Konicki
 Marco G. Salvagno
 Marco Maggi
@@ -544,6 +567,7 @@ Matt Kraai
 Matt Veenstra
 Matt Witherspoon
 Matt Wixson
+Matteo Rocco
 Matthew Blain
 Matthew Clarke
 Matthias Bolte
@@ -563,6 +587,7 @@ Michael Goffioul
 Michael Jahn
 Michael Jerris
 Michael Mealling
+Michael Mueller
 Michael Smith
 Michael Stillwell
 Michael Wallner
@@ -615,7 +640,9 @@ Ofer
 Olaf Stueben
 Olaf St<53>ben
 Oren Tirosh
+Ori Avtalion
 P R Schaffner
+Paolo Piacentini
 Pascal Terjan
 Pasha Kuznetsov
 Pat Ray
@@ -624,6 +651,7 @@ Patrick Monnerat
 Patrick Scott
 Patrick Smith
 Patrik Thunstrom
+Pau Garcia i Quiles
 Paul Harrington
 Paul Howarth
 Paul Marquis
@@ -641,6 +669,7 @@ Pete Su
 Peter Bray
 Peter Forret
 Peter Heuchert
+Peter Hjalmarsson
 Peter Korsgaard
 Peter Lamberg
 Peter O'Gorman
@@ -700,6 +729,7 @@ Richard Clayton
 Richard Cooper
 Richard Gorton
 Richard Prescott
+Richard Silverman
 Rick Jones
 Rick Richardson
 Rob Crittenden
@@ -778,6 +808,7 @@ Stephen Kick
 Stephen More
 Sterling Hughes
 Steve Green
+Steve Holme
 Steve Lhomme
 Steve Little
 Steve Marx
@@ -786,6 +817,7 @@ Steve Roskowski
 Steven Bazyl
 Steven G. Johnson
 Steven M. Schweda
+Steven Parkes
 Stoned Elipot
 Sven Anders
 Sven Neuhaus
@@ -793,10 +825,12 @@ Sven Wegener
 S<EFBFBD>bastien Willemijns
 T. Bharath
 T. Yamada
+Taneli Vahakangas
 Tanguy Fautre
 Temprimus
 Thomas J. Moore
 Thomas Klausner
+Thomas L. Shinnick
 Thomas Lopatic
 Thomas Schwinge
 Thomas Tonino
@@ -805,6 +839,7 @@ Tim Baker
 Tim Bartley
 Tim Chen
 Tim Costello
+Tim Harder
 Tim Newsome
 Tim Sneddon
 Tinus van den Berg
@@ -820,6 +855,7 @@ Tom Mattison
 Tom Moers
 Tom Mueller
 Tom Regner
+Tom Wright
 Tom Zerucha
 Tomas Pospisek
 Tomas Szepe
@@ -849,6 +885,7 @@ Vincent Sanders
 Vincent Torri
 Vlad Grachov
 Vlad Ureche
+Vladimir Grishchenko
 Vladimir Lazarenko
 Vojtech Janota
 Vojtech Minarik
@@ -861,10 +898,12 @@ Wesley Miaw
 Wez Furlong
 Wilfredo Sanchez
 Wojciech Zwiefka
+Wu Yongzheng
 Xavier Bouchoux
 Yang Tse
 Yarram Sunil
 Yehoshua Hershberg
+Yukihiro Kawada
 Yuriy Sosov
 Yves Lejeune
 Zmey Petroff

docs/TODO

@@ -12,16 +12,15 @@
  All bugs documented in the KNOWN_BUGS document are subject for fixing!
 
  1. libcurl
- 1.1 Zero-copy interface
  1.2 More data sharing
  1.3 struct lifreq
  1.4 signal-based resolver timeouts
  1.5 get rid of PATH_MAX
+ 1.6 progress callback without doubles
 
  2. libcurl - multi interface
  2.1 More non-blocking
  2.2 Remove easy interface internally
- 2.3 Avoid having to remove/readd handles
  2.4 Fix HTTP Pipelining for PUT
 
  3. Documentation
@@ -54,12 +53,10 @@
  7.5 Export session ids
  7.6 Provide callback for cert verification
  7.7 Support other SSL libraries
- 7.8  Support SRP on the TLS layer
  7.9 improve configure --with-ssl
 
  8. GnuTLS
  8.1 SSL engine stuff
- 8.2 SRP
  8.3 check connection
  8.4 non-gcrypt
 
@@ -77,6 +74,7 @@
  11.6 url-specific options
  11.7 metalink support
  11.8 warning when setting an option
+ 11.9 IPv6 addresses with globbing
 
  12. Build
  12.1 roffit
@@ -100,17 +98,13 @@
  15.5 remove CURLOPT_FAILONERROR
  15.6 remove CURLOPT_DNS_USE_GLOBAL_CACHE
  15.7 remove progress meter from libcurl
+ 15.8 remove 'curl_httppost' from public
+ 15.9 have form functions use CURL handle argument
 
 ==============================================================================
 
 1. libcurl
 
-1.1 Zero-copy interface
-
- Introduce another callback interface for upload/download that makes one less
- copy of data and thus a faster operation.
- [http://curl.haxx.se/dev/no_copy_callbacks.txt]
-
 1.2 More data sharing
 
  curl_share_* functions already exist and work, and they can be extended to
@@ -144,6 +138,15 @@
  we need libssh2 to properly tell us when we pass in a too small buffer and
  its current API (as of libssh2 1.2.7) doesn't.
 
+1.6 progress callback without doubles
+
+ The progress callback was introduced way back in the days and the choice to
+ use doubles in the arguments was possibly good at the time. Today the doubles
+ only confuse users and make the amounts less precise. We should introduce
+ another progress callback option that take precedence over the old one and
+ have both co-exist for a forseeable time until we can remove the double-using
+ one.
+
 2. libcurl - multi interface
 
 2.1 More non-blocking
@@ -170,23 +173,6 @@
  internally use and assume the multi interface. The select()-loop should use
  curl_multi_socket().
 
-2.3 Avoid having to remove/readd handles
-
- curl_multi_handle_control() - this can control the easy handle (while) added
- to a multi handle in various ways:
-
- o RESTART, unconditionally restart this easy handle's transfer from the
-   start, re-init the state
-
- o RESTART_COMPLETED, restart this easy handle's transfer but only if the
-   existing transfer has already completed and it is in a "finished state".
-
- o STOP, just stop this transfer and consider it completed
-
- o PAUSE?
-
- o RESUME?
-
 2.4 Fix HTTP Pipelining for PUT
 
  HTTP Pipelining can be a way to greatly enhance performance for multiple
@@ -334,12 +320,6 @@ to provide the data to send.
  Make curl's SSL layer capable of using other free SSL libraries.  Such as
  MatrixSSL (http://www.matrixssl.org/).
 
-7.8  Support SRP on the TLS layer
-
- Peter Sylvester's patch for SRP on the TLS layer.  Awaits OpenSSL support for
- this, no need to support this in libcurl before there's an OpenSSL release
- that does it.
-
 7.9 improve configure --with-ssl
 
  make the configure --with-ssl option first check for OpenSSL, then GnuTLS,
@@ -351,11 +331,6 @@ to provide the data to send.
 
  Is this even possible?
 
-8.2 SRP
-
- Work out a common method with Peter Sylvester's OpenSSL-patch for SRP on the
- TLS to provide name and password. GnuTLS already supports it...
-
 8.3 check connection
 
  Add a way to check if the connection seems to be alive, to correspond to the
@@ -451,6 +426,13 @@ to provide the data to send.
   This can be useful to tell when support for a particular feature hasn't been
   compiled into the library.
 
+11.9 IPv6 addresses with globbing
+
+  Currently the command line client needs to get url globbing disabled (with
+  -g) for it to support IPv6 numerical addresses. This is a rather silly flaw
+  that should be corrected. It probably involves a smarter detection of the
+  '[' and ']' letters.
+
 12. Build
 
 12.1 roffit
@@ -569,3 +551,20 @@ to provide the data to send.
  The progress callback should then be bumped as well to get proper 64bit
  variable types passed to it instead of doubles so that big files work
  correctly.
+
+15.8 remove 'curl_httppost' from public
+
+ curl_formadd() was made to fill in a public struct, but the fact that the
+ struct is public is never really used by application for their own advantage
+ but instead often restricts how the form functions can or can't be modified.
+
+ Changing them to return a private handle will benefit the implementation and
+ allow us much greater freedoms while still maintining a solid API and ABI.
+
+15.9 have form functions use CURL handle argument
+
+ curl_formadd() and curl_formget() both currently have no CURL handle
+ argument, but both can use a callback that is set in the easy handle, and
+ thus curl_formget() with callback cannot function without first having
+ curl_easy_perform() (or similar) called - which is hard to grasp and a design
+ mistake.

docs/VERSIONS

@@ -11,32 +11,25 @@ Version Numbers and Releases
 
  The version numbering is always built up using the same system:
 
-        X.Y[.Z][-preN]
+        X.Y[.Z]
 
  Where
    X is main version number
    Y is release number
    Z is patch number
-   N is pre-release number
 
  One of these numbers will get bumped in each new release. The numbers to the
  right of a bumped number will be reset to zero. If Z is zero, it may not be
- included in the version number. The pre release number is only included in
- pre releases (they're never used in public, official, releases).
+ included in the version number.
 
  The main version number will get bumped when *really* big, world colliding
- changes are made. The release number is bumped when big changes are
- performed. The patch number is bumped when the changes are mere bugfixes and
- only minor feature changes. The pre-release is a counter, to identify which
- pre-release a certain release is.
-
- When reaching the end of a pre-release period, the version without the
- pre-release part will be released as a public release.
+ changes are made. The release number is bumped when changes are performed or
+ things/features are added. The patch number is bumped when the changes are
+ mere bugfixes.
 
  It means that after release 1.2.3, we can release 2.0 if something really big
  has been made, 1.3 if not that big changes were made or 1.2.4 if mostly bugs
- were fixed. Before 1.2.4 is released, we might release a 1.2.4-pre1 release
- for the brave people to try before the actual release.
+ were fixed.
 
  Bumping, as in increasing the number with 1, is unconditionally only
  affecting one of the numbers (except the ones to the right of it, that may be
@@ -56,12 +49,12 @@ Version Numbers and Releases
         #define LIBCURL_VERSION_NUM 0xXXYYZZ
 
  Where XX, YY and ZZ are the main version, release and patch numbers in
- hexadecimal. All three numbers are always represented using two digits.  1.2
- would appear as "0x010200" while version 9.11.7 appears as "0x090b07".
+ hexadecimal. All three number fields are always represented using two digits
+ (eight bits each). 1.2 would appear as "0x010200" while version 9.11.7
+ appears as "0x090b07".
 
- This 6-digit hexadecimal number does not show pre-release number, and it is
- always a greater number in a more recent release. It makes comparisons with
- greater than and less than work.
+ This 6-digit hexadecimal number is always a greater number in a more recent
+ release. It makes comparisons with greater than and less than work.
 
  This number is also available as three separate defines:
  LIBCURL_VERSION_MAJOR, LIBCURL_VERSION_MINOR and LIBCURL_VERSION_PATCH.

docs/curl.1

@@ -110,7 +110,8 @@ the --option version of them. (This concept with --no options was added in
 7.19.0. Previously most options were toggled on/off on repeated use of the
 same command line option.)
 .IP "-#, --progress-bar"
-Make curl display progress information as a progress bar instead of the
+Make curl display progress as a simple progress bar instead of the standard,
+more informational, meter.
 .IP "-0, --http1.0"
 (HTTP) Forces curl to issue its requests using HTTP 1.0 instead of using its
 internally preferred: HTTP 1.1.
@@ -194,7 +195,10 @@ no file will be written. The file will be written using the Netscape cookie
 file format. If you set the file name to a single dash, "-", the cookies will
 be written to stdout.
 
-.B NOTE
+This command line option will activate the cookie engine that makes curl
+record and use cookies. Another way to activate it is to use the \fI-b,
+--cookie\fP option.
+
 If the cookie jar can't be created or written to, the whole curl operation
 won't fail or even report an error clearly. Using -v will get a warning
 displayed, but that is the only visible feedback you get about this possibly
@@ -320,6 +324,18 @@ URL-encode that data and pass it on in the POST. The name part gets an equal
 sign appended, resulting in \fIname=urlencoded-file-content\fP. Note that the
 name is expected to be URL-encoded already.
 .RE
+.IP "--delegation LEVEL"
+Set \fILEVEL\fP to tell the server what it is allowed to delegate when it
+comes to user credentials. Used with GSS/kerberos.
+.RS
+.IP "none"
+Don't allow any delegation.
+.IP "policy"
+Delegates if and only if the OK-AS-DELEGATE flag is set in the Kerberos
+service ticket, which is a matter of realm policy.
+.IP "always"
+Unconditionally allow the server to delegate.
+.RE
 .IP "--digest"
 (HTTP) Enables HTTP Digest authentication. This is a authentication that
 prevents the password from being sent over the wire in clear text. Use this in
@@ -348,7 +364,7 @@ passive mode you need to not use \fI-P, --ftp-port\fP or force it with
 transfers. Curl will normally always first attempt to use EPSV before PASV,
 but with this option, it will not try using EPSV.
 
-\fB--epsv\fP can be used to explicitly enable EPRT again and \fB--no-epsv\fP
+\fB--epsv\fP can be used to explicitly enable EPSV again and \fB--no-epsv\fP
 is an alias for \fB--disable-epsv\fP.
 
 Disabling EPSV only changes the passive behavior. If you want to switch to
@@ -577,7 +593,9 @@ header will be used instead of the internal one. This allows you to make even
 trickier stuff than curl would normally do. You should not replace internally
 set headers without knowing perfectly well what you're doing. Remove an
 internal header by giving a replacement without content on the right side of
-the colon, as in: -H \&"Host:".
+the colon, as in: -H \&"Host:". If you send the custom header with no-value then
+its header must be terminated with a semicolon, such as \-H "X-Custom-Header;"
+to send "X-Custom-Header:".
 
 curl will make sure that each header you add/replace is sent with the proper
 end-of-line marker, you should thus \fBnot\fP add that as a part of the header
@@ -1068,16 +1086,18 @@ file will not be read and used. See the \fI-K, --config\fP for details on the
 default config file search path.
 .IP "-Q, --quote <command>"
 (FTP/SFTP) Send an arbitrary command to the remote FTP or SFTP server. Quote
-commands are sent BEFORE the transfer takes place (just after the
-initial PWD command in an FTP transfer, to be exact). To make commands
-take place after a successful transfer, prefix them with a dash '-'.
-To make commands be sent after libcurl has changed the working directory,
-just before the transfer command(s), prefix the command with a '+' (this
-is only supported for FTP). You may specify any number of commands. If
-the server returns failure for one of the commands, the entire operation
-will be aborted. You must send syntactically correct FTP commands as
-RFC 959 defines to FTP servers, or one of the commands listed below to
-SFTP servers.  This option can be used multiple times.
+commands are sent BEFORE the transfer takes place (just after the initial PWD
+command in an FTP transfer, to be exact). To make commands take place after a
+successful transfer, prefix them with a dash '-'.  To make commands be sent
+after libcurl has changed the working directory, just before the transfer
+command(s), prefix the command with a '+' (this is only supported for
+FTP). You may specify any number of commands. If the server returns failure
+for one of the commands, the entire operation will be aborted. You must send
+syntactically correct FTP commands as RFC 959 defines to FTP servers, or one
+of the commands listed below to SFTP servers.  This option can be used
+multiple times. When speaking to a FTP server, prefix the command with an
+asterisk (*) to make libcurl continue even if the command fails as by default
+curl will stop at first failure.
 
 SFTP is a binary protocol. Unlike for FTP, libcurl interprets SFTP quote
 commands itself before sending them to the server.  File names may be quoted
@@ -1266,9 +1286,8 @@ the port number is not specified, it is assumed at port 1080. (Added in
 This option overrides any previous use of \fI-x, --proxy\fP, as they are
 mutually exclusive.
 
-Since 7.21.7, this option is superfluous since you can specify a
-socks5-hostnamae proxy with \fI-x, --proxy\fP using a socks5h:// protocol
-prefix.
+Since 7.21.7, this option is superfluous since you can specify a socks5
+hostname proxy with \fI-x, --proxy\fP using a socks5h:// protocol prefix.
 
 If this option is used several times, the last one will be used. (This option
 was previously wrongly documented and used as --socks without the number
@@ -1576,6 +1595,14 @@ Specifies a custom FTP command to use instead of LIST when doing file lists
 with FTP.
 
 If this option is used several times, the last one will be used.
+
+.IP "--xattr"
+When saving output to a file, this option tells curl to store certain file
+metadata in extened file attributes. Currently, the URL is stored in the
+xdg.origin.url attribute and, for HTTP, the content type is stored in
+the mime_type attribute. If the file system does not support extended
+attributes, a warning is issued.
+
 .IP "-y, --speed-time <time>"
 If a download is slower than speed-limit bytes per second during a speed-time
 period, the download gets aborted. If speed-time is used, the default
@@ -1656,22 +1683,39 @@ Default config file, see \fI-K, --config\fP for details.
 The environment variables can be specified in lower case or upper case. The
 lower case version has precedence. http_proxy is an exception as it is only
 available in lower case.
+
+Using an environment variable to set the proxy has the same effect as using
+the \fI--proxy\fP option.
+
 .IP "http_proxy [protocol://]<host>[:port]"
 Sets the proxy server to use for HTTP.
 .IP "HTTPS_PROXY [protocol://]<host>[:port]"
 Sets the proxy server to use for HTTPS.
-.IP "FTP_PROXY [protocol://]<host>[:port]"
-Sets the proxy server to use for FTP.
+.IP "[url-protocol]_PROXY [protocol://]<host>[:port]"
+Sets the proxy server to use for [url-protocol], where the protocol is a
+protocol that curl supports and as specified in a URL. FTP, FTPS, POP3, IMAP,
+SMTP, LDAP etc.
 .IP "ALL_PROXY [protocol://]<host>[:port]"
 Sets the proxy server to use if no protocol-specific proxy is set.
 .IP "NO_PROXY <comma-separated list of hosts>"
 list of host names that shouldn't go through any proxy. If set to a asterisk
 \&'*' only, it matches all hosts.
+.SH "PROXY PROTOCOL PREFIXES"
+Since curl version 7.21.7, the proxy string may be specified with a
+protocol:// prefix to specify alternative proxy protocols.
 
-Since 7.21.7, the proxy string may be specified with a protocol:// prefix to
-specify alternative proxy protocols. Use socks4://, socks4a:// or socks5:// to
-request the specific SOCKS version to be used. No protocol specified, http://
-and all others will be treated as HTTP proxies.
+If no protocol is specified in the proxy string or if the string doesn't match
+a supported one, the proxy will be treated as a HTTP proxy.
+
+The supported proxy protocol prefixes are as follows:
+.IP "socks4://"
+Makes it the equivalent of \fI--socks4\fP
+.IP "socks4a://"
+Makes it the equivalent of \fI--socks4a\fP
+.IP "socks5://"
+Makes it the equivalent of \fI--socks5\fP
+.IP "socks5h://"
+Makes it the equivalent of \fI--socks5-hostname\fP
 .SH EXIT CODES
 There are a bunch of different error codes and their corresponding error
 messages that may appear during bad conditions. At the time of this writing,
@@ -1852,4 +1896,3 @@ ftp://ftp.sunet.se/pub/www/utilities/curl/
 .SH "SEE ALSO"
 .BR ftp (1),
 .BR wget (1)
-

docs/examples/.gitignore

@@ -4,6 +4,7 @@ certinfo
 chkspeed
 cookie_interface
 debug
+externalsocket
 fileupload
 fopen
 ftp-wildcard
@@ -25,6 +26,9 @@ multi-single
 persistant
 post-callback
 postit2
+progressfunc
+resolve
+rtsp
 sendrecv
 sepheaders
 simple

docs/examples/Makefile.am

@@ -23,7 +23,7 @@
 AUTOMAKE_OPTIONS = foreign nostdinc
 
 EXTRA_DIST = README Makefile.example Makefile.inc Makefile.m32 \
-	makefile.dj $(COMPLICATED_EXAMPLES)
+	Makefile.netware makefile.dj printf_macro.h $(COMPLICATED_EXAMPLES)
 
 # Specify our include paths here, and do it relative to $(top_srcdir) and
 # $(top_builddir), to ensure that these paths which belong to the library

docs/examples/Makefile.inc

@@ -4,7 +4,8 @@ check_PROGRAMS = 10-at-a-time anyauthput cookie_interface debug fileupload \
   https multi-app multi-debugcallback multi-double multi-post multi-single \
   persistant post-callback postit2 sepheaders simple simplepost simplessl  \
   sendrecv httpcustomheader certinfo chkspeed ftpgetinfo ftp-wildcard \
-  smtp-multi simplesmtp smtp-tls
+  smtp-multi simplesmtp smtp-tls rtsp externalsocket resolve \
+  progressfunc
 
 # These examples require external dependencies that may not be commonly
 # available on POSIX systems, so don't bother attempting to compile them here.

docs/examples/Makefile.m32

@@ -19,31 +19,50 @@
 # KIND, either express or implied.
 #
 ###########################################################################
-#########################################################################
 #
-## Makefile for building curl examples with MingW32
-## and optionally OpenSSL (0.9.8), libssh2 (0.18), zlib (1.2.3)
+## Makefile for building curl examples with MingW (GCC-3.2 or later)
+## and optionally OpenSSL (0.9.8), libssh2 (1.3), zlib (1.2.5), librtmp (2.3)
 ##
-## Usage:
-## mingw32-make -f Makefile.m32 [SSL=1] [SSH2=1] [ZLIB=1] [SSPI=1] [IPV6=1] [DYN=1]
+## Usage:   mingw32-make -f Makefile.m32 CFG=-feature1[-feature2][-feature3][...]
+## Example: mingw32-make -f Makefile.m32 CFG=-zlib-ssl-spi-winidn
 ##
 ## Hint: you can also set environment vars to control the build, f.e.:
-## set ZLIB_PATH=c:/zlib-1.2.3
+## set ZLIB_PATH=c:/zlib-1.2.5
 ## set ZLIB=1
-##
-#########################################################################
+#
+###########################################################################
 
 # Edit the path below to point to the base of your Zlib sources.
 ifndef ZLIB_PATH
-ZLIB_PATH = ../../zlib-1.2.3
+ZLIB_PATH = ../../../zlib-1.2.5
 endif
 # Edit the path below to point to the base of your OpenSSL package.
 ifndef OPENSSL_PATH
-OPENSSL_PATH = ../../openssl-0.9.8k
+OPENSSL_PATH = ../../../openssl-0.9.8r
+endif
+ifndef OPENSSL_LIBPATH
+OPENSSL_LIBPATH = $(OPENSSL_PATH)/out
+endif
+ifndef OPENSSL_LIBS
+OPENSSL_LIBS = -leay32 -lssl32
 endif
 # Edit the path below to point to the base of your LibSSH2 package.
 ifndef LIBSSH2_PATH
-LIBSSH2_PATH = ../../libssh2-1.2
+LIBSSH2_PATH = ../../../libssh2-1.3.0
+endif
+# Edit the path below to point to the base of your librtmp package.
+ifndef LIBRTMP_PATH
+LIBRTMP_PATH = ../../../librtmp-2.3
+endif
+# Edit the path below to point to the base of your libidn package.
+ifndef LIBIDN_PATH
+LIBIDN_PATH = ../../../libidn-1.18
+endif
+# Edit the path below to point to the base of your MS idndlpackage. 
+# Microsoft Internationalized Domain Names (IDN) Mitigation APIs 1.1
+# http://www.microsoft.com/downloads/en/details.aspx?FamilyID=ad6158d7-ddba-416a-9109-07607425a815
+ifndef WINIDN_PATH
+WINIDN_PATH = ../../../Microsoft IDN Mitigation APIs
 endif
 # Edit the path below to point to the base of your Novell LDAP NDK.
 ifndef LDAP_SDK
@@ -51,25 +70,76 @@ LDAP_SDK = c:/novell/ndk/cldapsdk/win32
 endif
 
 PROOT = ../..
-ARES_LIB = $(PROOT)/ares
 
-SSL = 1
-ZLIB = 1
+# Edit the path below to point to the base of your c-ares package.
+ifndef LIBCARES_PATH
+LIBCARES_PATH = $(PROOT)/ares
+endif
+
+# Edit the var below to set to your architecture or set environment var.
+ifndef ARCH
+ARCH = w32
+endif
 
 CC = gcc
 CFLAGS = -g -O2 -Wall
+CFLAGS += -fno-strict-aliasing
+ifeq ($(ARCH),w64)
+CFLAGS += -D_AMD64_
+endif
 # comment LDFLAGS below to keep debug info
 LDFLAGS = -s
 RC = windres
 RCFLAGS = --include-dir=$(PROOT)/include -O COFF -i
-RM = del /q /f > NUL 2>&1
+
+RM = del /q /f 2>NUL
 CP = copy
 
 ########################################################
 ## Nothing more to do below this line!
 
+ifeq ($(findstring -dyn,$(CFG)),-dyn)
+DYN = 1
+endif
+ifeq ($(findstring -ares,$(CFG)),-ares)
+ARES = 1
+endif
+ifeq ($(findstring -rtmp,$(CFG)),-rtmp)
+RTMP = 1
+SSL = 1
+ZLIB = 1
+endif
+ifeq ($(findstring -ssh2,$(CFG)),-ssh2)
+SSH2 = 1
+SSL = 1
+ZLIB = 1
+endif
+ifeq ($(findstring -ssl,$(CFG)),-ssl)
+SSL = 1
+endif
+ifeq ($(findstring -zlib,$(CFG)),-zlib)
+ZLIB = 1
+endif
+ifeq ($(findstring -idn,$(CFG)),-idn)
+IDN = 1
+endif
+ifeq ($(findstring -winidn,$(CFG)),-winidn)
+WINIDN = 1
+endif
+ifeq ($(findstring -sspi,$(CFG)),-sspi)
+SSPI = 1
+endif
+ifeq ($(findstring -spnego,$(CFG)),-spnego)
+SPNEGO = 1
+endif
+ifeq ($(findstring -ldaps,$(CFG)),-ldaps)
+LDAPS = 1
+endif
+ifeq ($(findstring -ipv6,$(CFG)),-ipv6)
+IPV6 = 1
+endif
+
 INCLUDES = -I. -I$(PROOT) -I$(PROOT)/include -I$(PROOT)/lib
-LINK = $(CC) $(LDFLAGS) -o $@
 
 ifdef DYN
   curl_DEPENDENCIES = $(PROOT)/lib/libcurldll.a $(PROOT)/lib/libcurl.dll
@@ -81,34 +151,45 @@ else
 endif
 ifdef ARES
   ifndef DYN
-    curl_DEPENDENCIES += $(ARES_LIB)/libcares.a
+    curl_DEPENDENCIES += $(LIBCARES_PATH)/libcares.a
   endif
   CFLAGS += -DUSE_ARES
-  curl_LDADD += -L$(ARES_LIB) -lcares
+  curl_LDADD += -L"$(LIBCARES_PATH)" -lcares
+endif
+ifdef RTMP
+  CFLAGS += -DUSE_LIBRTMP
+  curl_LDADD += -L"$(LIBRTMP_PATH)/librtmp" -lrtmp -lwinmm
 endif
 ifdef SSH2
   CFLAGS += -DUSE_LIBSSH2 -DHAVE_LIBSSH2_H
-  curl_LDADD += -L$(LIBSSH2_PATH)/win32 -lssh2
+  curl_LDADD += -L"$(LIBSSH2_PATH)/win32" -lssh2
 endif
 ifdef SSL
-  INCLUDES += -I"$(OPENSSL_PATH)/outinc"
   CFLAGS += -DUSE_SSLEAY -DHAVE_OPENSSL_ENGINE_H
-  ifdef DYN
-    curl_LDADD += -L$(OPENSSL_PATH)/out -leay32 -lssl32
-  else
-    curl_LDADD += -L$(OPENSSL_PATH)/out -lssl -lcrypto -lgdi32
-  endif
+  curl_LDADD += -L"$(OPENSSL_LIBPATH)" $(OPENSSL_LIBS)
 endif
 ifdef ZLIB
   INCLUDES += -I"$(ZLIB_PATH)"
   CFLAGS += -DHAVE_LIBZ -DHAVE_ZLIB_H
-  curl_LDADD += -L$(ZLIB_PATH) -lz
+  curl_LDADD += -L"$(ZLIB_PATH)" -lz
+endif
+ifdef IDN
+  CFLAGS += -DUSE_LIBIDN
+  curl_LDADD += -L"$(LIBIDN_PATH)/lib" -lidn
+else
+ifdef WINIDN
+  CFLAGS += -DUSE_WIN32_IDN
+  curl_LDADD += -L"$(WINIDN_PATH)" -lnormaliz
+endif
 endif
 ifdef SSPI
   CFLAGS += -DUSE_WINDOWS_SSPI
 endif
+ifdef SPNEGO
+  CFLAGS += -DHAVE_SPNEGO
+endif
 ifdef IPV6
-  CFLAGS += -DENABLE_IPV6
+  CFLAGS += -DENABLE_IPV6 -D_WIN32_WINNT=0x0501
 endif
 ifdef LDAPS
   CFLAGS += -DHAVE_LDAP_SSL
@@ -123,32 +204,32 @@ ifdef USE_LDAP_OPENLDAP
 endif
 ifndef USE_LDAP_NOVELL
 ifndef USE_LDAP_OPENLDAP
-curl_LDADD += -lwldap32
+  curl_LDADD += -lwldap32
 endif
 endif
 curl_LDADD += -lws2_32
-COMPILE = $(CC) $(INCLUDES) $(CFLAGS)
 
 # Makefile.inc provides the check_PROGRAMS and COMPLICATED_EXAMPLES defines
 include Makefile.inc
 
-example_PROGRAMS := $(patsubst %,%.exe,$(strip $(check_PROGRAMS)))
-
-.SUFFIXES: .rc .res .o .exe
+check_PROGRAMS := $(patsubst %,%.exe,$(strip $(check_PROGRAMS)))
+check_PROGRAMS += ftpuploadresume.exe synctime.exe
 
 
-all: $(example_PROGRAMS)
+all: $(check_PROGRAMS)
 
-.o.exe: $(curl_DEPENDENCIES)
-	$(LINK) $< $(curl_LDADD)
+%.exe: %.o $(curl_DEPENDENCIES)
+	$(CC) $(LDFLAGS) -o $@ $< $(curl_LDADD)
 
-.c.o:
-	$(COMPILE) -c $<
+%.o: %.c
+	$(CC) $(INCLUDES) $(CFLAGS) -c $<
 
-.rc.res:
+%.res: %.rc
 	$(RC) $(RCFLAGS) $< -o $@
 
 clean:
-	$(RM) $(example_PROGRAMS)
+	-$(RM) $(check_PROGRAMS:.exe=.o)
 
+distclean vclean: clean
+	-$(RM) $(check_PROGRAMS)
 

docs/examples/Makefile.netware

@@ -0,0 +1,441 @@
+#################################################################
+#
+## Makefile for building curl.nlm (NetWare version - gnu make)
+## Use: make -f Makefile.netware
+##
+## Comments to: Guenter Knauf http://www.gknw.net/phpbb
+#
+#################################################################
+
+# Edit the path below to point to the base of your Novell NDK.
+ifndef NDKBASE
+NDKBASE	= c:/novell
+endif
+
+# Edit the path below to point to the base of your Zlib sources.
+ifndef ZLIB_PATH
+ZLIB_PATH = ../../../zlib-1.2.5
+endif
+
+# Edit the path below to point to the base of your OpenSSL package.
+ifndef OPENSSL_PATH
+OPENSSL_PATH = ../../../openssl-0.9.8r
+endif
+
+# Edit the path below to point to the base of your LibSSH2 package.
+ifndef LIBSSH2_PATH
+LIBSSH2_PATH = ../../../libssh2-1.3.0
+endif
+
+# Edit the path below to point to the base of your axTLS package.
+ifndef AXTLS_PATH
+AXTLS_PATH = ../../../axTLS-1.2.7
+endif
+
+# Edit the path below to point to the base of your libidn package.
+ifndef LIBIDN_PATH
+LIBIDN_PATH = ../../../libidn-1.18
+endif
+
+# Edit the path below to point to the base of your librtmp package.
+ifndef LIBRTMP_PATH
+LIBRTMP_PATH = ../../../librtmp-2.3
+endif
+
+# Edit the path below to point to the base of your fbopenssl package.
+ifndef FBOPENSSL_PATH
+FBOPENSSL_PATH = ../../fbopenssl-0.4
+endif
+
+# Edit the path below to point to the base of your c-ares package.
+ifndef LIBCARES_PATH
+LIBCARES_PATH = ../../ares
+endif
+
+ifndef INSTDIR
+INSTDIR	= ..$(DS)..$(DS)curl-$(LIBCURL_VERSION_STR)-bin-nw
+endif
+
+# Edit the vars below to change NLM target settings.
+TARGET  = examples
+VERSION	= $(LIBCURL_VERSION)
+COPYR	= Copyright (C) $(LIBCURL_COPYRIGHT_STR)
+DESCR	= cURL ($(LIBARCH))
+MTSAFE	= YES
+STACK	= 8192
+SCREEN	= Example Program
+# Comment the line below if you dont want to load protected automatically.
+# LDRING = 3
+
+# Uncomment the next line to enable linking with POSIX semantics.
+# POSIXFL = 1
+
+# Edit the var below to point to your lib architecture.
+ifndef LIBARCH
+LIBARCH = LIBC
+endif
+
+# must be equal to NDEBUG or DEBUG, CURLDEBUG
+ifndef DB
+DB	= NDEBUG
+endif
+# Optimization: -O<n> or debugging: -g
+ifeq ($(DB),NDEBUG)
+	OPT	= -O2
+	OBJDIR	= release
+else
+	OPT	= -g
+	OBJDIR	= debug
+endif
+
+# The following lines defines your compiler.
+ifdef CWFolder
+	METROWERKS = $(CWFolder)
+endif
+ifdef METROWERKS
+	# MWCW_PATH = $(subst \,/,$(METROWERKS))/Novell Support
+	MWCW_PATH = $(subst \,/,$(METROWERKS))/Novell Support/Metrowerks Support
+	CC = mwccnlm
+else
+	CC = gcc
+endif
+PERL	= perl
+# Here you can find a native Win32 binary of the original awk:
+# http://www.gknw.net/development/prgtools/awk-20100523.zip
+AWK	= awk
+CP	= cp -afv
+MKDIR	= mkdir
+# RM	= rm -f
+# If you want to mark the target as MTSAFE you will need a tool for
+# generating the xdc data for the linker; here's a minimal tool:
+# http://www.gknw.net/development/prgtools/mkxdc.zip
+MPKXDC	= mkxdc
+
+# LIBARCH_U = $(shell $(AWK) 'BEGIN {print toupper(ARGV[1])}' $(LIBARCH))
+LIBARCH_L = $(shell $(AWK) 'BEGIN {print tolower(ARGV[1])}' $(LIBARCH))
+
+# Include the version info retrieved from curlver.h
+-include $(OBJDIR)/version.inc
+
+# Global flags for all compilers
+CFLAGS	+= $(OPT) -D$(DB) -DNETWARE -DHAVE_CONFIG_H -nostdinc
+
+ifeq ($(CC),mwccnlm)
+LD	= mwldnlm
+LDFLAGS	= -nostdlib $< $(PRELUDE) $(LDLIBS) -o $@ -commandfile
+LIBEXT	= lib
+CFLAGS	+= -gccinc -inline off -opt nointrinsics -proc 586
+CFLAGS	+= -relax_pointers
+#CFLAGS	+= -w on
+ifeq ($(LIBARCH),LIBC)
+ifeq ($(POSIXFL),1)
+	PRELUDE = $(NDK_LIBC)/imports/posixpre.o
+else
+	PRELUDE = $(NDK_LIBC)/imports/libcpre.o
+endif
+	CFLAGS += -align 4
+else
+	# PRELUDE = $(NDK_CLIB)/imports/clibpre.o
+	# to avoid the __init_* / __deinit_* whoes dont use prelude from NDK
+	PRELUDE = "$(MWCW_PATH)/libraries/runtime/prelude.obj"
+	# CFLAGS += -include "$(MWCW_PATH)/headers/nlm_clib_prefix.h"
+	CFLAGS += -align 1
+endif
+else
+LD	= nlmconv
+LDFLAGS	= -T
+LIBEXT	= a
+CFLAGS	+= -m32
+CFLAGS  += -fno-builtin -fno-strict-aliasing
+ifeq ($(findstring gcc,$(CC)),gcc)
+CFLAGS  += -fpcc-struct-return
+endif
+CFLAGS	+= -Wall # -pedantic
+ifeq ($(LIBARCH),LIBC)
+ifeq ($(POSIXFL),1)
+	PRELUDE = $(NDK_LIBC)/imports/posixpre.gcc.o
+else
+	PRELUDE = $(NDK_LIBC)/imports/libcpre.gcc.o
+endif
+else
+	# PRELUDE = $(NDK_CLIB)/imports/clibpre.gcc.o
+	# to avoid the __init_* / __deinit_* whoes dont use prelude from NDK
+	# http://www.gknw.net/development/mk_nlm/gcc_pre.zip
+	PRELUDE = $(NDK_ROOT)/pre/prelude.o
+	CFLAGS += -include $(NDKBASE)/nlmconv/genlm.h
+endif
+endif
+
+NDK_ROOT = $(NDKBASE)/ndk
+ifndef NDK_CLIB
+NDK_CLIB = $(NDK_ROOT)/nwsdk
+endif
+ifndef NDK_LIBC
+NDK_LIBC = $(NDK_ROOT)/libc
+endif
+ifndef NDK_LDAP
+NDK_LDAP = $(NDK_ROOT)/cldapsdk/netware
+endif
+CURL_INC = ../../include
+CURL_LIB = ../../lib
+
+INCLUDES = -I$(CURL_INC)
+
+ifeq ($(findstring -static,$(CFG)),-static)
+LINK_STATIC = 1
+endif
+ifeq ($(findstring -ares,$(CFG)),-ares)
+WITH_ARES = 1
+endif
+ifeq ($(findstring -rtmp,$(CFG)),-rtmp)
+WITH_RTMP = 1
+WITH_SSL = 1
+WITH_ZLIB = 1
+endif
+ifeq ($(findstring -ssh2,$(CFG)),-ssh2)
+WITH_SSH2 = 1
+WITH_SSL = 1
+WITH_ZLIB = 1
+endif
+ifeq ($(findstring -axtls,$(CFG)),-axtls)
+WITH_AXTLS = 1
+WITH_SSL =
+else
+ifeq ($(findstring -ssl,$(CFG)),-ssl)
+WITH_SSL = 1
+endif
+endif
+ifeq ($(findstring -zlib,$(CFG)),-zlib)
+WITH_ZLIB = 1
+endif
+ifeq ($(findstring -idn,$(CFG)),-idn)
+WITH_IDN = 1
+endif
+ifeq ($(findstring -spnego,$(CFG)),-spnego)
+WITH_SPNEGO = 1
+endif
+ifeq ($(findstring -ipv6,$(CFG)),-ipv6)
+ENABLE_IPV6 = 1
+endif
+
+ifdef LINK_STATIC
+	LDLIBS	= $(CURL_LIB)/libcurl.$(LIBEXT)
+ifdef WITH_ARES
+	LDLIBS += $(LIBCARES_PATH)/libcares.$(LIBEXT)
+endif
+else
+	MODULES	= libcurl.nlm
+	IMPORTS	= @$(CURL_LIB)/libcurl.imp
+endif
+ifdef WITH_SSH2
+	# INCLUDES += -I$(LIBSSH2_PATH)/include
+ifdef LINK_STATIC
+	LDLIBS += $(LIBSSH2_PATH)/nw/libssh2.$(LIBEXT)
+else
+	MODULES += libssh2.nlm
+	IMPORTS += @$(LIBSSH2_PATH)/nw/libssh2.imp
+endif
+endif
+ifdef WITH_RTMP
+	# INCLUDES += -I$(LIBRTMP_PATH)
+ifdef LINK_STATIC
+	LDLIBS += $(LIBRTMP_PATH)/librtmp/librtmp.$(LIBEXT)
+endif
+endif
+ifdef WITH_SSL
+	INCLUDES += -I$(OPENSSL_PATH)/outinc_nw_$(LIBARCH_L)
+	LDLIBS += $(OPENSSL_PATH)/out_nw_$(LIBARCH_L)/ssl.$(LIBEXT)
+	LDLIBS += $(OPENSSL_PATH)/out_nw_$(LIBARCH_L)/crypto.$(LIBEXT)
+	IMPORTS += GetProcessSwitchCount RunningProcess
+ifdef WITH_SPNEGO
+	# INCLUDES += -I$(FBOPENSSL_PATH)/include
+	LDLIBS += $(FBOPENSSL_PATH)/nw/fbopenssl.$(LIBEXT)
+endif
+else
+ifdef WITH_AXTLS
+	INCLUDES += -I$(AXTLS_PATH)/inc
+ifdef LINK_STATIC
+	LDLIBS += $(AXTLS_PATH)/lib/libaxtls.$(LIBEXT)
+else
+	MODULES += libaxtls.nlm
+	IMPORTS += $(AXTLS_PATH)/lib/libaxtls.imp
+endif
+endif
+endif
+ifdef WITH_ZLIB
+	# INCLUDES += -I$(ZLIB_PATH)
+ifdef LINK_STATIC
+	LDLIBS += $(ZLIB_PATH)/nw/$(LIBARCH)/libz.$(LIBEXT)
+else
+	MODULES += libz.nlm
+	IMPORTS += @$(ZLIB_PATH)/nw/$(LIBARCH)/libz.imp
+endif
+endif
+ifdef WITH_IDN
+	# INCLUDES += -I$(LIBIDN_PATH)/include
+	LDLIBS += $(LIBIDN_PATH)/lib/libidn.$(LIBEXT)
+endif
+
+ifeq ($(LIBARCH),LIBC)
+	INCLUDES += -I$(NDK_LIBC)/include
+	# INCLUDES += -I$(NDK_LIBC)/include/nks
+	# INCLUDES += -I$(NDK_LIBC)/include/winsock
+	CFLAGS += -D_POSIX_SOURCE
+else
+	INCLUDES += -I$(NDK_CLIB)/include/nlm
+	# INCLUDES += -I$(NDK_CLIB)/include
+endif
+ifndef DISABLE_LDAP
+	# INCLUDES += -I$(NDK_LDAP)/$(LIBARCH_L)/inc
+endif
+CFLAGS	+= $(INCLUDES)
+
+ifeq ($(MTSAFE),YES)
+	XDCOPT = -n
+endif
+ifeq ($(MTSAFE),NO)
+	XDCOPT = -u
+endif
+ifdef XDCOPT
+	XDCDATA = $(OBJDIR)/$(TARGET).xdc
+endif
+
+ifeq ($(findstring /sh,$(SHELL)),/sh)
+DL	= '
+DS	= /
+PCT	= %
+#-include $(NDKBASE)/nlmconv/ncpfs.inc
+else
+DS	= \\
+PCT	= %%
+endif
+
+# Makefile.inc provides the CSOURCES and HHEADERS defines
+include Makefile.inc
+
+check_PROGRAMS := $(patsubst %,%.nlm,$(strip $(check_PROGRAMS)))
+
+.PRECIOUS: $(OBJDIR)/%.o $(OBJDIR)/%.def $(OBJDIR)/%.xdc
+
+
+all: prebuild $(check_PROGRAMS)
+
+prebuild: $(OBJDIR) $(OBJDIR)/version.inc
+
+$(OBJDIR)/%.o: %.c
+	@echo Compiling $<
+	$(CC) $(CFLAGS) -c $< -o $@
+
+$(OBJDIR)/version.inc: $(CURL_INC)/curl/curlver.h $(OBJDIR)
+	@echo Creating $@
+	@$(AWK) -f ../../packages/NetWare/get_ver.awk $< > $@
+
+install: $(INSTDIR) all
+	@$(CP) $(check_PROGRAMS) $(INSTDIR)
+
+clean:
+	-$(RM) -r $(OBJDIR)
+
+distclean vclean: clean
+	-$(RM) $(check_PROGRAMS)
+
+$(OBJDIR) $(INSTDIR):
+	@$(MKDIR) $@
+
+%.nlm: $(OBJDIR)/%.o $(OBJDIR)/%.def $(XDCDATA)
+	@echo Linking $@
+	@-$(RM) $@
+	@$(LD) $(LDFLAGS) $(OBJDIR)/$(@:.nlm=.def)
+
+$(OBJDIR)/%.xdc: Makefile.netware
+	@echo Creating $@
+	@$(MPKXDC) $(XDCOPT) $@
+
+$(OBJDIR)/%.def: Makefile.netware
+	@echo $(DL)# DEF file for linking with $(LD)$(DL) > $@
+	@echo $(DL)# Do not edit this file - it is created by Make!$(DL) >> $@
+	@echo $(DL)# All your changes will be lost!!$(DL) >> $@
+	@echo $(DL)#$(DL) >> $@
+	@echo $(DL)copyright "$(COPYR)"$(DL) >> $@
+	@echo $(DL)description "$(DESCR) $(notdir $(@:.def=)) Example"$(DL) >> $@
+	@echo $(DL)version $(VERSION)$(DL) >> $@
+ifdef NLMTYPE
+	@echo $(DL)type $(NLMTYPE)$(DL) >> $@
+endif
+ifdef STACK
+	@echo $(DL)stack $(STACK)$(DL) >> $@
+endif
+ifdef SCREEN
+	@echo $(DL)screenname "$(DESCR) $(notdir $(@:.def=)) $(SCREEN)"$(DL) >> $@
+else
+	@echo $(DL)screenname "DEFAULT"$(DL) >> $@
+endif
+ifneq ($(DB),NDEBUG)
+	@echo $(DL)debug$(DL) >> $@
+endif
+	@echo $(DL)threadname "_$(notdir $(@:.def=))"$(DL) >> $@
+ifdef XDCDATA
+	@echo $(DL)xdcdata $(XDCDATA)$(DL) >> $@
+endif
+ifeq ($(LDRING),0)
+	@echo $(DL)flag_on 16$(DL) >> $@
+endif
+ifeq ($(LDRING),3)
+	@echo $(DL)flag_on 512$(DL) >> $@
+endif
+ifeq ($(LIBARCH),CLIB)
+	@echo $(DL)start _Prelude$(DL) >> $@
+	@echo $(DL)exit _Stop$(DL) >> $@
+	@echo $(DL)import @$(NDK_CLIB)/imports/clib.imp$(DL) >> $@
+	@echo $(DL)import @$(NDK_CLIB)/imports/threads.imp$(DL) >> $@
+	@echo $(DL)import @$(NDK_CLIB)/imports/nlmlib.imp$(DL) >> $@
+	@echo $(DL)import @$(NDK_CLIB)/imports/socklib.imp$(DL) >> $@
+	@echo $(DL)module clib$(DL) >> $@
+ifndef DISABLE_LDAP
+	@echo $(DL)import @$(NDK_LDAP)/clib/imports/ldapsdk.imp$(DL) >> $@
+	@echo $(DL)import @$(NDK_LDAP)/clib/imports/ldapssl.imp$(DL) >> $@
+#	@echo $(DL)import @$(NDK_LDAP)/clib/imports/ldapx.imp$(DL) >> $@
+	@echo $(DL)module ldapsdk ldapssl$(DL) >> $@
+endif
+else
+ifeq ($(POSIXFL),1)
+	@echo $(DL)flag_on 4194304$(DL) >> $@
+endif
+	@echo $(DL)flag_on 64$(DL) >> $@
+	@echo $(DL)pseudopreemption$(DL) >> $@
+ifeq ($(findstring posixpre,$(PRELUDE)),posixpre)
+	@echo $(DL)start POSIX_Start$(DL) >> $@
+	@echo $(DL)exit POSIX_Stop$(DL) >> $@
+	@echo $(DL)check POSIX_CheckUnload$(DL) >> $@
+else
+	@echo $(DL)start _LibCPrelude$(DL) >> $@
+	@echo $(DL)exit _LibCPostlude$(DL) >> $@
+	@echo $(DL)check _LibCCheckUnload$(DL) >> $@
+endif
+	@echo $(DL)import @$(NDK_LIBC)/imports/libc.imp$(DL) >> $@
+	@echo $(DL)import @$(NDK_LIBC)/imports/netware.imp$(DL) >> $@
+	@echo $(DL)module libc$(DL) >> $@
+ifndef DISABLE_LDAP
+	@echo $(DL)import @$(NDK_LDAP)/libc/imports/lldapsdk.imp$(DL) >> $@
+	@echo $(DL)import @$(NDK_LDAP)/libc/imports/lldapssl.imp$(DL) >> $@
+#	@echo $(DL)import @$(NDK_LDAP)/libc/imports/lldapx.imp$(DL) >> $@
+	@echo $(DL)module lldapsdk lldapssl$(DL) >> $@
+endif
+endif
+ifdef MODULES
+	@echo $(DL)module $(MODULES)$(DL) >> $@
+endif
+ifdef EXPORTS
+	@echo $(DL)export $(EXPORTS)$(DL) >> $@
+endif
+ifdef IMPORTS
+	@echo $(DL)import $(IMPORTS)$(DL) >> $@
+endif
+ifeq ($(findstring nlmconv,$(LD)),nlmconv)
+	@echo $(DL)input $(PRELUDE)$(DL) >> $@
+	@echo $(DL)input $(@:.def=.o)$(DL) >> $@
+ifdef LDLIBS
+	@echo $(DL)input $(LDLIBS)$(DL) >> $@
+endif
+	@echo $(DL)output $(notdir $(@:.def=.nlm))$(DL) >> $@
+endif

docs/examples/anyauthput.c

@@ -41,6 +41,7 @@
 #endif
 
 #include <curl/curl.h>
+#include "printf_macro.h"
 
 #if LIBCURL_VERSION_NUM < 0x070c03
 #error "upgrade your libcurl to no less than 7.12.3"
@@ -92,7 +93,7 @@ static size_t read_callback(void *ptr, size_t size, size_t nmemb, void *stream)
 
   retcode = read(fd, ptr, size * nmemb);
 
-  fprintf(stderr, "*** We read %d bytes from file\n", retcode);
+  fprintf(stderr, "*** We read %" _FMT_SIZE_T " bytes from file\n", retcode);
 
   return retcode;
 }

docs/examples/certinfo.c

@@ -22,8 +22,6 @@
 #include <stdio.h>
 
 #include <curl/curl.h>
-#include <curl/types.h>
-#include <curl/easy.h>
 
 static size_t wrfu(void *ptr,  size_t  size,  size_t  nmemb,  void *stream)
 {

docs/examples/chkspeed.c

@@ -35,8 +35,6 @@
 #include <time.h>
 
 #include <curl/curl.h>
-#include <curl/types.h>
-#include <curl/easy.h>
 
 #define URL_BASE "http://speedtest.your.domain/"
 #define URL_1M   URL_BASE "file_1M.bin"

docs/examples/curlgtk.c

@@ -13,8 +13,6 @@
 #include <gtk/gtk.h>
 
 #include <curl/curl.h>
-#include <curl/types.h> /* new for v7 */
-#include <curl/easy.h> /* new for v7 */
 
 GtkWidget *Bar;
 

docs/examples/externalsocket.c

@@ -0,0 +1,142 @@
+/***************************************************************************
+ *                                  _   _ ____  _
+ *  Project                     ___| | | |  _ \| |
+ *                             / __| | | | |_) | |
+ *                            | (__| |_| |  _ <| |___
+ *                             \___|\___/|_| \_\_____|
+ *
+ * Copyright (C) 1998 - 2011, Daniel Stenberg, <daniel@haxx.se>, et al.
+ *
+ * This software is licensed as described in the file COPYING, which
+ * you should have received as part of this distribution. The terms
+ * are also available at http://curl.haxx.se/docs/copyright.html.
+ *
+ * You may opt to use, copy, modify, merge, publish, distribute and/or sell
+ * copies of the Software, and permit persons to whom the Software is
+ * furnished to do so, under the terms of the COPYING file.
+ *
+ * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
+ * KIND, either express or implied.
+ *
+ ***************************************************************************/
+/*
+ * This is an example demonstrating how an application can pass in a custom
+ * socket to libcurl to use. This example also handles the connect itself.
+ */
+#include <stdio.h>
+#include <string.h>
+#include <stdlib.h>
+#include <curl/curl.h>
+
+#ifdef WIN32
+#include <windows.h>
+#include <winsock2.h>
+#include <ws2tcpip.h>
+#define close closesocket
+#else
+#include <sys/types.h>        /*  socket types              */
+#include <sys/socket.h>       /*  socket definitions        */
+#include <arpa/inet.h>        /*  inet (3) funtions         */
+#include <unistd.h>           /*  misc. UNIX functions      */
+#endif
+
+#include <errno.h>
+
+/* The IP address and port number to connect to */
+#define IPADDR "127.0.0.1"
+#define PORTNUM 80
+
+static size_t write_data(void *ptr, size_t size, size_t nmemb, void *stream)
+{
+  int written = fwrite(ptr, size, nmemb, (FILE *)stream);
+  return written;
+}
+
+static curl_socket_t opensocket(void *clientp,
+                                curlsocktype purpose,
+                                struct curl_sockaddr *address)
+{
+  curl_socket_t sockfd = *(curl_socket_t *)clientp;
+  /* the actual externally set socket is passed in via the OPENSOCKETDATA
+     option */
+  return sockfd;
+}
+
+static int sockopt_callback(void *clientp, curl_socket_t curlfd,
+                            curlsocktype purpose)
+{
+  /* This return code was added in libcurl 7.21.5 */
+  return CURL_SOCKOPT_ALREADY_CONNECTED;
+}
+
+int main(void)
+{
+  CURL *curl;
+  CURLcode res;
+  struct sockaddr_in servaddr;  /*  socket address structure  */
+  curl_socket_t sockfd;
+
+#ifdef WIN32
+  WSADATA wsaData;
+  int initwsa;
+
+  if((initwsa = WSAStartup(MAKEWORD(2,0), &wsaData)) != 0) {
+    printf("WSAStartup failed: %d\n", initwsa);
+    return 1;
+  }
+#endif
+
+  curl = curl_easy_init();
+  if(curl) {
+    /*
+     * Note that libcurl will internally think that you connect to the host
+     * and port that you specify in the URL option.
+     */
+    curl_easy_setopt(curl, CURLOPT_URL, "http://99.99.99.99:9999");
+
+    /* Create the socket "manually" */
+    if( (sockfd = socket(AF_INET, SOCK_STREAM, 0)) < 0 ) {
+      printf("Error creating listening socket.\n");
+      return 3;
+    }
+
+    memset(&servaddr, 0, sizeof(servaddr));
+    servaddr.sin_family = AF_INET;
+    servaddr.sin_port   = htons(PORTNUM);
+
+    if (INADDR_NONE == (servaddr.sin_addr.s_addr = inet_addr(IPADDR)))
+      return 2;
+
+    if(connect(sockfd,(struct sockaddr *) &servaddr, sizeof(servaddr)) ==
+       -1) {
+      close(sockfd);
+      printf("client error: connect: %s\n", strerror(errno));
+      return 1;
+    }
+
+    /* no progress meter please */
+    curl_easy_setopt(curl, CURLOPT_NOPROGRESS, 1L);
+
+    /* send all data to this function  */
+    curl_easy_setopt(curl, CURLOPT_WRITEFUNCTION, write_data);
+
+    /* call this function to get a socket */
+    curl_easy_setopt(curl, CURLOPT_OPENSOCKETFUNCTION, opensocket);
+    curl_easy_setopt(curl, CURLOPT_OPENSOCKETDATA, &sockfd);
+
+    /* call this function to set options for the socket */
+    curl_easy_setopt(curl, CURLOPT_SOCKOPTFUNCTION, sockopt_callback);
+
+    curl_easy_setopt(curl, CURLOPT_VERBOSE, 1);
+
+    res = curl_easy_perform(curl);
+
+    curl_easy_cleanup(curl);
+
+    if(res) {
+      printf("libcurl error: %d\n", res);
+      return 4;
+    }
+  }
+  return 0;
+}

docs/examples/ftpget.c

@@ -22,8 +22,6 @@
 #include <stdio.h>
 
 #include <curl/curl.h>
-#include <curl/types.h>
-#include <curl/easy.h>
 
 /*
  * This is an example showing how to get a single file from an FTP server.

docs/examples/ftpgetinfo.c

@@ -23,8 +23,6 @@
 #include <string.h>
 
 #include <curl/curl.h>
-#include <curl/types.h>
-#include <curl/easy.h>
 
 /*
  * This is an example showing how to check a single file's size and mtime

docs/examples/ftpgetresp.c

@@ -22,8 +22,6 @@
 #include <stdio.h>
 
 #include <curl/curl.h>
-#include <curl/types.h>
-#include <curl/easy.h>
 
 /*
  * Similar to ftpget.c but this also stores the received response-lines

docs/examples/ftpupload.c

@@ -32,6 +32,7 @@
 #else
 #include <unistd.h>
 #endif
+#include "printf_macro.h"
 
 /*
  * This example shows an FTP upload, with a rename of the file just after
@@ -56,7 +57,7 @@ static size_t read_callback(void *ptr, size_t size, size_t nmemb, void *stream)
      by default internally */
   size_t retcode = fread(ptr, size, nmemb, stream);
 
-  fprintf(stderr, "*** We read %d bytes from file\n", retcode);
+  fprintf(stderr, "*** We read %" _FMT_SIZE_T " bytes from file\n", retcode);
   return retcode;
 }
 

docs/examples/ftpuploadresume.c

@@ -39,7 +39,7 @@
 
 /* The MinGW headers are missing a few Win32 function definitions,
    you shouldn't need this if you use VC++ */
-#ifdef __MINGW32__
+#if defined(__MINGW32__) && !defined(__MINGW64__)
 int __cdecl _snscanf(const char * input, size_t length, const char * format, ...);
 #endif
 

docs/examples/getinmemory.c

@@ -36,10 +36,10 @@ struct MemoryStruct {
 
 
 static size_t
-WriteMemoryCallback(void *ptr, size_t size, size_t nmemb, void *data)
+WriteMemoryCallback(void *contents, size_t size, size_t nmemb, void *userp)
 {
   size_t realsize = size * nmemb;
-  struct MemoryStruct *mem = (struct MemoryStruct *)data;
+  struct MemoryStruct *mem = (struct MemoryStruct *)userp;
 
   mem->memory = realloc(mem->memory, mem->size + realsize + 1);
   if (mem->memory == NULL) {
@@ -48,7 +48,7 @@ WriteMemoryCallback(void *ptr, size_t size, size_t nmemb, void *data)
     exit(EXIT_FAILURE);
   }
 
-  memcpy(&(mem->memory[mem->size]), ptr, realsize);
+  memcpy(&(mem->memory[mem->size]), contents, realsize);
   mem->size += realsize;
   mem->memory[mem->size] = 0;
 

docs/examples/httpput.c

@@ -25,6 +25,7 @@
 #include <unistd.h>
 
 #include <curl/curl.h>
+#include "printf_macro.h"
 
 /*
  * This example shows a HTTP PUT operation. PUTs a file given as a command
@@ -45,7 +46,7 @@ static size_t read_callback(void *ptr, size_t size, size_t nmemb, void *stream)
      by default internally */
   retcode = fread(ptr, size, nmemb, stream);
 
-  fprintf(stderr, "*** We read %d bytes from file\n", retcode);
+  fprintf(stderr, "*** We read %" _FMT_SIZE_T " bytes from file\n", retcode);
 
   return retcode;
 }

docs/examples/postit2.c

@@ -37,8 +37,6 @@
 #include <string.h>
 
 #include <curl/curl.h>
-#include <curl/types.h>
-#include <curl/easy.h>
 
 int main(int argc, char *argv[])
 {

docs/examples/printf_macro.h

@@ -0,0 +1,45 @@
+/***************************************************************************
+ *                                  _   _ ____  _
+ *  Project                     ___| | | |  _ \| |
+ *                             / __| | | | |_) | |
+ *                            | (__| |_| |  _ <| |___
+ *                             \___|\___/|_| \_\_____|
+ *
+ * Copyright (C) 1998 - 2011, Daniel Stenberg, <daniel@haxx.se>, et al.
+ *
+ * This software is licensed as described in the file COPYING, which
+ * you should have received as part of this distribution. The terms
+ * are also available at http://curl.haxx.se/docs/copyright.html.
+ *
+ * You may opt to use, copy, modify, merge, publish, distribute and/or sell
+ * copies of the Software, and permit persons to whom the Software is
+ * furnished to do so, under the terms of the COPYING file.
+ *
+ * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
+ * KIND, either express or implied.
+ *
+ ***************************************************************************/
+/* Simple hack trying to get a valid printf format string for size_t.
+ * If that fails for your platform you can define your own _FMT_SIZE_T,
+ * f.e.: -D_FMT_SIZE_T="zd"
+ */
+#ifndef _PRINTF_MACRO_H
+#define _PRINTF_MACRO_H
+
+#ifndef _FMT_SIZE_T
+#ifdef WIN32
+#define _FMT_SIZE_T "Id"
+#else
+/*
+"zd" is a GNU extension to POSIX; so we dont use it for size_t but hack around
+#define _FMT_SIZE_T "zd"
+*/
+#ifdef __x86_64__
+#define _FMT_SIZE_T "lu"
+#else
+#define _FMT_SIZE_T "u"
+#endif /* __x86_64__ */
+#endif /* WIN32 */
+#endif /* !_FMT_SIZE_T */
+
+#endif /* !_PRINTF_MACRO_H */

docs/examples/progressfunc.c

@@ -0,0 +1,58 @@
+/***************************************************************************
+ *                                  _   _ ____  _
+ *  Project                     ___| | | |  _ \| |
+ *                             / __| | | | |_) | |
+ *                            | (__| |_| |  _ <| |___
+ *                             \___|\___/|_| \_\_____|
+ *
+ * Copyright (C) 1998 - 2011, Daniel Stenberg, <daniel@haxx.se>, et al.
+ *
+ * This software is licensed as described in the file COPYING, which
+ * you should have received as part of this distribution. The terms
+ * are also available at http://curl.haxx.se/docs/copyright.html.
+ *
+ * You may opt to use, copy, modify, merge, publish, distribute and/or sell
+ * copies of the Software, and permit persons to whom the Software is
+ * furnished to do so, under the terms of the COPYING file.
+ *
+ * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
+ * KIND, either express or implied.
+ *
+ ***************************************************************************/
+#include <stdio.h>
+#include <curl/curl.h>
+
+#define STOP_DOWNLOAD_AFTER_THIS_MANY_BYTES 6000
+
+static int progress(void *p,
+                    double dltotal, double dlnow,
+                    double ultotal, double ulnow)
+{
+  fprintf(stderr, "UP: %g of %g  DOWN: %g of %g\r\n",
+          ulnow, ultotal, dlnow, dltotal);
+
+  if(dlnow > STOP_DOWNLOAD_AFTER_THIS_MANY_BYTES)
+    return 1;
+  return 0;
+}
+
+int main(void)
+{
+  CURL *curl;
+  CURLcode res=0;
+
+  curl = curl_easy_init();
+  if(curl) {
+    curl_easy_setopt(curl, CURLOPT_URL, "http://example.com/");
+    curl_easy_setopt(curl, CURLOPT_PROGRESSFUNCTION, progress);
+    curl_easy_setopt(curl, CURLOPT_NOPROGRESS, 0L);
+    res = curl_easy_perform(curl);
+
+    if(res)
+      fprintf(stderr, "%s\n", curl_easy_strerror(res));
+
+    /* always cleanup */
+    curl_easy_cleanup(curl);
+  }
+  return (int)res;
+}

docs/examples/resolve.c

@@ -0,0 +1,51 @@
+/***************************************************************************
+ *                                  _   _ ____  _
+ *  Project                     ___| | | |  _ \| |
+ *                             / __| | | | |_) | |
+ *                            | (__| |_| |  _ <| |___
+ *                             \___|\___/|_| \_\_____|
+ *
+ * Copyright (C) 1998 - 2011, Daniel Stenberg, <daniel@haxx.se>, et al.
+ *
+ * This software is licensed as described in the file COPYING, which
+ * you should have received as part of this distribution. The terms
+ * are also available at http://curl.haxx.se/docs/copyright.html.
+ *
+ * You may opt to use, copy, modify, merge, publish, distribute and/or sell
+ * copies of the Software, and permit persons to whom the Software is
+ * furnished to do so, under the terms of the COPYING file.
+ *
+ * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
+ * KIND, either express or implied.
+ *
+ ***************************************************************************/
+#include <stdio.h>
+#include <curl/curl.h>
+
+int main(void)
+{
+  CURL *curl;
+  CURLcode res = CURLE_OK;
+  struct curl_slist *host = NULL;
+
+  /* Each single name resolve string should be written using the format
+     HOST:PORT:ADDRESS where HOST is the name libcurl will try to resolve,
+     PORT is the port number of the service where libcurl wants to connect to
+     the HOST and ADDRESS is the numerical IP address
+   */
+  host = curl_slist_append(NULL, "example.com:80:127.0.0.1");
+
+  curl = curl_easy_init();
+  if(curl) {
+    curl_easy_setopt(curl, CURLOPT_RESOLVE, host);
+    curl_easy_setopt(curl, CURLOPT_URL, "http://example.com");
+    res = curl_easy_perform(curl);
+
+    /* always cleanup */
+    curl_easy_cleanup(curl);
+  }
+
+  curl_slist_free_all(host);
+
+  return (int)res;
+}

docs/examples/rtsp.c

@@ -0,0 +1,271 @@
+/*
+ * Copyright (c) 2011, Jim Hollinger
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *   * Redistributions of source code must retain the above copyright
+ *     notice, this list of conditions and the following disclaimer.
+ *   * Redistributions in binary form must reproduce the above copyright
+ *     notice, this list of conditions and the following disclaimer in the
+ *     documentation and/or other materials provided with the distribution.
+ *   * Neither the name of Jim Hollinger nor the names of its contributors
+ *     may be used to endorse or promote products derived from this
+ *     software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+ * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+ * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+ * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+
+#if defined (WIN32)
+#  include <conio.h>  /* _getch() */
+#else
+#  include <termios.h>
+#  include <unistd.h>
+
+static int _getch(void)
+{
+  struct termios oldt, newt;
+  int ch;
+  tcgetattr( STDIN_FILENO, &oldt );
+  newt = oldt;
+  newt.c_lflag &= ~( ICANON | ECHO );
+  tcsetattr( STDIN_FILENO, TCSANOW, &newt );
+  ch = getchar();
+  tcsetattr( STDIN_FILENO, TCSANOW, &oldt );
+  return ch;
+}
+#endif
+
+#include <curl/curl.h>
+
+#define VERSION_STR  "V1.0"
+
+/* error handling macros */
+#define my_curl_easy_setopt(A, B, C) \
+  if ((res = curl_easy_setopt((A), (B), (C))) != CURLE_OK) \
+    fprintf(stderr, "curl_easy_setopt(%s, %s, %s) failed: %d\n", \
+            #A, #B, #C, res);
+
+#define my_curl_easy_perform(A) \
+  if ((res = curl_easy_perform((A))) != CURLE_OK) \
+    fprintf(stderr, "curl_easy_perform(%s) failed: %d\n", #A, res);
+
+
+/* send RTSP OPTIONS request */
+static void rtsp_options(CURL *curl, const char *uri)
+{
+  CURLcode res = CURLE_OK;
+  printf("\nRTSP: OPTIONS %s\n", uri);
+  my_curl_easy_setopt(curl, CURLOPT_RTSP_STREAM_URI, uri);
+  my_curl_easy_setopt(curl, CURLOPT_RTSP_REQUEST, (long)CURL_RTSPREQ_OPTIONS);
+  my_curl_easy_perform(curl);
+}
+
+
+/* send RTSP DESCRIBE request and write sdp response to a file */
+static void rtsp_describe(CURL *curl, const char *uri,
+                          const char *sdp_filename)
+{
+  CURLcode res = CURLE_OK;
+  FILE *sdp_fp = fopen(sdp_filename, "wt");
+  printf("\nRTSP: DESCRIBE %s\n", uri);
+  if (sdp_fp == NULL) {
+    fprintf(stderr, "Could not open '%s' for writing\n", sdp_filename);
+    sdp_fp = stdout;
+  }
+  else {
+    printf("Writing SDP to '%s'\n", sdp_filename);
+  }
+  my_curl_easy_setopt(curl, CURLOPT_WRITEDATA, sdp_fp);
+  my_curl_easy_setopt(curl, CURLOPT_RTSP_REQUEST, (long)CURL_RTSPREQ_DESCRIBE);
+  my_curl_easy_perform(curl);
+  my_curl_easy_setopt(curl, CURLOPT_WRITEDATA, stdout);
+  if (sdp_fp != stdout) {
+    fclose(sdp_fp);
+  }
+}
+
+/* send RTSP SETUP request */
+static void rtsp_setup(CURL *curl, const char *uri, const char *transport)
+{
+  CURLcode res = CURLE_OK;
+  printf("\nRTSP: SETUP %s\n", uri);
+  printf("      TRANSPORT %s\n", transport);
+  my_curl_easy_setopt(curl, CURLOPT_RTSP_STREAM_URI, uri);
+  my_curl_easy_setopt(curl, CURLOPT_RTSP_TRANSPORT, transport);
+  my_curl_easy_setopt(curl, CURLOPT_RTSP_REQUEST, (long)CURL_RTSPREQ_SETUP);
+  my_curl_easy_perform(curl);
+}
+
+
+/* send RTSP PLAY request */
+static void rtsp_play(CURL *curl, const char *uri, const char *range)
+{
+  CURLcode res = CURLE_OK;
+  printf("\nRTSP: PLAY %s\n", uri);
+  my_curl_easy_setopt(curl, CURLOPT_RTSP_STREAM_URI, uri);
+  my_curl_easy_setopt(curl, CURLOPT_RANGE, range);
+  my_curl_easy_setopt(curl, CURLOPT_RTSP_REQUEST, (long)CURL_RTSPREQ_PLAY);
+  my_curl_easy_perform(curl);
+}
+
+
+/* send RTSP TEARDOWN request */
+static void rtsp_teardown(CURL *curl, const char *uri)
+{
+  CURLcode res = CURLE_OK;
+  printf("\nRTSP: TEARDOWN %s\n", uri);
+  my_curl_easy_setopt(curl, CURLOPT_RTSP_REQUEST, (long)CURL_RTSPREQ_TEARDOWN);
+  my_curl_easy_perform(curl);
+}
+
+
+/* convert url into an sdp filename */
+static void get_sdp_filename(const char *url, char *sdp_filename)
+{
+  const char *s = strrchr(url, '/');
+  strcpy(sdp_filename, "video.sdp");
+  if (s != NULL) {
+    s++;
+    if (s[0] != '\0') {
+      sprintf(sdp_filename, "%s.sdp", s);
+    }
+  }
+}
+
+
+/* scan sdp file for media control attribute */
+static void get_media_control_attribute(const char *sdp_filename,
+                                        char *control)
+{
+  int max_len = 256;
+  char *s = malloc(max_len);
+  FILE *sdp_fp = fopen(sdp_filename, "rt");
+  control[0] = '\0';
+  if (sdp_fp != NULL) {
+    while (fgets(s, max_len - 2, sdp_fp) != NULL) {
+      sscanf(s, " a = control: %s", control);
+    }
+    fclose(sdp_fp);
+  }
+  free(s);
+}
+
+
+/* main app */
+int main(int argc, char * const argv[])
+{
+#if 1
+  const char *transport = "RTP/AVP;unicast;client_port=1234-1235";  /* UDP */
+#else
+  const char *transport = "RTP/AVP/TCP;unicast;client_port=1234-1235";  /* TCP */
+#endif
+  const char *range = "0.000-";
+  int rc = EXIT_SUCCESS;
+  char *basename = NULL;
+
+  printf("\nRTSP request %s\n", VERSION_STR);
+  printf("    Project web site: http://code.google.com/p/rtsprequest/\n");
+  printf("    Requires cURL V7.20 or greater\n\n");
+
+  /* check command line */
+  if ((argc != 2) && (argc != 3)) {
+    basename = strrchr(argv[0], '/');
+    if (basename == NULL) {
+      basename = strrchr(argv[0], '\\');
+    }
+    if (basename == NULL) {
+      basename = argv[0];
+    } else {
+      basename++;
+    }
+    printf("Usage:   %s url [transport]\n", basename);
+    printf("         url of video server\n");
+    printf("         transport (optional) specifier for media stream protocol\n");
+    printf("         default transport: %s\n", transport);
+    printf("Example: %s rtsp://192.168.0.2/media/video1\n\n", basename);
+    rc = EXIT_FAILURE;
+  } else {
+    const char *url = argv[1];
+    char *uri = malloc(strlen(url) + 32);
+    char *sdp_filename = malloc(strlen(url) + 32);
+    char *control = malloc(strlen(url) + 32);
+    CURLcode res;
+    get_sdp_filename(url, sdp_filename);
+    if (argc == 3) {
+      transport = argv[2];
+    }
+
+    /* initialize curl */
+    res = curl_global_init(CURL_GLOBAL_ALL);
+    if (res == CURLE_OK) {
+      curl_version_info_data *data = curl_version_info(CURLVERSION_NOW);
+      CURL *curl;
+      fprintf(stderr, "    cURL V%s loaded\n", data->version);
+
+      /* initialize this curl session */
+      curl = curl_easy_init();
+      if (curl != NULL) {
+        my_curl_easy_setopt(curl, CURLOPT_VERBOSE, 0L);
+        my_curl_easy_setopt(curl, CURLOPT_NOPROGRESS, 1L);
+        my_curl_easy_setopt(curl, CURLOPT_WRITEHEADER, stdout);
+        my_curl_easy_setopt(curl, CURLOPT_URL, url);
+
+        /* request server options */
+        sprintf(uri, "%s", url);
+        rtsp_options(curl, uri);
+
+        /* request session description and write response to sdp file */
+        rtsp_describe(curl, uri, sdp_filename);
+
+        /* get media control attribute from sdp file */
+        get_media_control_attribute(sdp_filename, control);
+
+        /* setup media stream */
+        sprintf(uri, "%s/%s", url, control);
+        rtsp_setup(curl, uri, transport);
+
+        /* start playing media stream */
+        sprintf(uri, "%s/", url);
+        rtsp_play(curl, uri, range);
+        printf("Playing video, press any key to stop ...");
+        _getch();
+        printf("\n");
+
+        /* teardown session */
+        rtsp_teardown(curl, uri);
+
+        /* cleanup */
+        curl_easy_cleanup(curl);
+        curl = NULL;
+      } else {
+        fprintf(stderr, "curl_easy_init() failed\n");
+      }
+      curl_global_cleanup();
+    } else {
+      fprintf(stderr, "curl_global_init(%s) failed: %d\n",
+              "CURL_GLOBAL_ALL", res);
+    }
+    free(control);
+    free(sdp_filename);
+    free(uri);
+  }
+
+  return rc;
+}

docs/examples/sendrecv.c

@@ -24,6 +24,7 @@
 #include <stdio.h>
 #include <string.h>
 #include <curl/curl.h>
+#include "printf_macro.h"
 
 /* Auxiliary function that waits on the socket. */
 static int wait_on_socket(curl_socket_t sockfd, int for_recv, long timeout_ms)
@@ -122,7 +123,7 @@ int main(void)
       if(CURLE_OK != res)
         break;
 
-      printf("Received %u bytes.\n", iolen);
+      printf("Received %" _FMT_SIZE_T " bytes.\n", iolen);
     }
 
     /* always cleanup */

docs/examples/sepheaders.c

@@ -24,8 +24,6 @@
 #include <unistd.h>
 
 #include <curl/curl.h>
-#include <curl/types.h>
-#include <curl/easy.h>
 
 static size_t write_data(void *ptr, size_t size, size_t nmemb, void *stream)
 {

docs/examples/simplessl.c

@@ -22,9 +22,6 @@
 #include <stdio.h>
 
 #include <curl/curl.h>
-#include <curl/types.h>
-#include <curl/easy.h>
-
 
 /* some requirements for this to work:
    1.   set pCertFile to the file with the client certificate

docs/examples/smooth-gtk-thread.c

@@ -37,8 +37,6 @@
 #include <pthread.h>
 
 #include <curl/curl.h>
-#include <curl/types.h> /* new for v7 */
-#include <curl/easy.h> /* new for v7 */
 
 #define NUMT 4
 

docs/examples/smtp-multi.c

@@ -123,13 +123,13 @@ int main(void)
    curl_easy_setopt(curl, CURLOPT_READFUNCTION, read_callback);
    curl_easy_setopt(curl, CURLOPT_MAIL_FROM, MAILFROM);
    curl_easy_setopt(curl, CURLOPT_MAIL_RCPT, rcpt_list);
-   curl_easy_setopt(curl, CURLOPT_USE_SSL, CURLUSESSL_ALL);
-   curl_easy_setopt(curl, CURLOPT_SSL_VERIFYPEER,0);
-   curl_easy_setopt(curl, CURLOPT_SSL_VERIFYHOST, 0);
+   curl_easy_setopt(curl, CURLOPT_USE_SSL, (long)CURLUSESSL_ALL);
+   curl_easy_setopt(curl, CURLOPT_SSL_VERIFYPEER, 0L);
+   curl_easy_setopt(curl, CURLOPT_SSL_VERIFYHOST, 0L);
    curl_easy_setopt(curl, CURLOPT_READDATA, &pooh);
-   curl_easy_setopt(curl, CURLOPT_VERBOSE, 1);
-   curl_easy_setopt(curl, CURLOPT_SSLVERSION, 0);
-   curl_easy_setopt(curl, CURLOPT_SSL_SESSIONID_CACHE, 0);
+   curl_easy_setopt(curl, CURLOPT_VERBOSE, 1L);
+   curl_easy_setopt(curl, CURLOPT_SSLVERSION, 0L);
+   curl_easy_setopt(curl, CURLOPT_SSL_SESSIONID_CACHE, 0L);
    curl_multi_add_handle(mcurl, curl);
 
    mp_timedout = 0;

docs/examples/smtp-tls.c

@@ -94,13 +94,13 @@ int main(void)
      * of using CURLUSESSL_TRY here, because if TLS upgrade fails, the transfer
      * will continue anyway - see the security discussion in the libcurl
      * tutorial for more details. */
-    curl_easy_setopt(curl, CURLOPT_USE_SSL, CURLUSESSL_ALL);
+    curl_easy_setopt(curl, CURLOPT_USE_SSL, (long)CURLUSESSL_ALL);
 
     /* If your server doesn't have a valid certificate, then you can disable
      * part of the Transport Layer Security protection by setting the
      * CURLOPT_SSL_VERIFYPEER and CURLOPT_SSL_VERIFYHOST options to 0 (false).
-     *   curl_easy_setopt(curl, CURLOPT_SSL_VERIFYPEER, 0);
-     *   curl_easy_setopt(curl, CURLOPT_SSL_VERIFYHOST, 0);
+     *   curl_easy_setopt(curl, CURLOPT_SSL_VERIFYPEER, 0L);
+     *   curl_easy_setopt(curl, CURLOPT_SSL_VERIFYHOST, 0L);
      * That is, in general, a bad idea. It is still better than sending your
      * authentication details in plain text though.
      * Instead, you should get the issuer certificate (or the host certificate
@@ -135,7 +135,7 @@ int main(void)
     /* Since the traffic will be encrypted, it is very useful to turn on debug
      * information within libcurl to see what is happening during the transfer.
      */
-    curl_easy_setopt(curl, CURLOPT_VERBOSE, 1);
+    curl_easy_setopt(curl, CURLOPT_VERBOSE, 1L);
 
     /* send the message (including headers) */
     res = curl_easy_perform(curl);

docs/examples/synctime.c

@@ -147,7 +147,7 @@ size_t SyncTime_CURL_WriteHeader(void *ptr, size_t size, size_t nmemb,
                                          TmpStr1 & 2? */
         AutoSyncTime = 0;
       else {
-        RetVal = sscanf ((char *)(ptr), "Date: %s %d %s %d %d:%d:%d",
+        RetVal = sscanf ((char *)(ptr), "Date: %s %hu %s %hu %hu:%hu:%hu",
                          TmpStr1, &SYSTime.wDay, TmpStr2, &SYSTime.wYear,
                          &SYSTime.wHour, &SYSTime.wMinute, &SYSTime.wSecond);
 

docs/libcurl/curl_easy_cleanup.3

@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2007, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) 1998 - 2011, Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
@@ -37,8 +37,15 @@ This will effectively close all connections this handle has used and possibly
 has kept open until now. Don't call this function if you intend to transfer
 more files.
 
-Any uses of the \fBhandle\fP after this function has been called are
-illegal. This kills the handle and all memory associated with it!
+Occasionally you may get your progress callback or header callback called from
+within \fIcurl_easy_cleanup(3)\fP (if previously set for the handle using
+\fIcurl_easy_setopt(3)\fP). Like if libcurl decides to shut down the
+connection and the protocol is of a kind that requires a command/response
+sequence before disconnect. Examples of such protocols are FTP, POP3 and IMAP.
+
+Any uses of the \fBhandle\fP after this function has been called and have
+returned, are illegal. This kills the handle and all memory associated with
+it!
 
 With libcurl versions prior to 7.17.: when you've called this, you can safely
 remove all the strings you've previously told libcurl to use, as it won't use

docs/libcurl/curl_easy_setopt.3

@@ -91,7 +91,9 @@ SIGPIPE signals, which otherwise are sent by the system when trying to send
 data to a socket which is closed in the other end. libcurl makes an effort to
 never cause such SIGPIPEs to trigger, but some operating systems have no way
 to avoid them and even on those that have there are some corner cases when
-they may still happen, contrary to our desire.
+they may still happen, contrary to our desire. In addition, using
+\fICURLAUTH_NTLM_WB\fP authentication could cause a SIGCHLD signal to be
+raised.
 .IP CURLOPT_WILDCARDMATCH
 Set this option to 1 if you want to transfer multiple files according to a
 file name pattern. The pattern can be specified as part of the
@@ -169,8 +171,12 @@ Set the \fIuserdata\fP argument with the \fICURLOPT_WRITEDATA\fP option.
 
 The callback function will be passed as much data as possible in all invokes,
 but you cannot possibly make any assumptions. It may be one byte, it may be
-thousands. The maximum amount of data that can be passed to the write callback
-is defined in the curl.h header file: CURL_MAX_WRITE_SIZE.
+thousands. The maximum amount of body data that can be passed to the write
+callback is defined in the curl.h header file: CURL_MAX_WRITE_SIZE (the usual
+default is 16K). If you however have \fICURLOPT_HEADER\fP set, which sends
+header data to the write callback, you can get up to
+\fICURL_MAX_HTTP_HEADER\fP bytes of header data passed into it. This usually
+means 100K.
 .IP CURLOPT_WRITEDATA
 Data pointer to pass to the file write function. If you use the
 \fICURLOPT_WRITEFUNCTION\fP option, this is the pointer you'll get as
@@ -352,6 +358,9 @@ of bytes actually taken care of. If that amount differs from the amount passed
 to your function, it'll signal an error to the library. This will abort the
 transfer and return \fICURL_WRITE_ERROR\fP.
 
+A complete header that is passed to this function can be up to
+\fICURL_MAX_HTTP_HEADER\fP (100K) bytes.
+
 If this option is not set, or if it is set to NULL, but
 \fICURLOPT_HEADERDATA\fP (\fICURLOPT_WRITEHEADER\fP) is set to anything but
 NULL, the function used to accept response data will be used instead. That is,
@@ -582,20 +591,162 @@ POST/PUT and a 401 or 407 is received immediately afterwards.
 .SH NETWORK OPTIONS
 .IP CURLOPT_URL
 The actual URL to deal with. The parameter should be a char * to a zero
-terminated string.
+terminated string which must be URL-encoded in the following format:
 
-If the given URL lacks the protocol part ("http://" or "ftp://" etc), it will
-attempt to guess which protocol to use based on the given host name. If the
-given protocol of the set URL is not supported, libcurl will return on error
-(\fICURLE_UNSUPPORTED_PROTOCOL\fP) when you call \fIcurl_easy_perform(3)\fP or
-\fIcurl_multi_perform(3)\fP. Use \fIcurl_version_info(3)\fP for detailed info
-on which protocols are supported.
+scheme://host:port/path
 
-The string given to CURLOPT_URL must be url-encoded and follow RFC 2396
+For a greater explanation of the format please see RFC 2396
 (http://curl.haxx.se/rfc/rfc2396.txt).
 
-Starting with version 7.20.0, the fragment part of the URI will not be send as
-part of the path, which was the case previously.
+If the given URL lacks the scheme, or protocol, part ("http://" or "ftp://"
+etc), libcurl will attempt to resolve which protocol to use based on the
+given host mame. If the protocol is not supported, libcurl will return
+(\fICURLE_UNSUPPORTED_PROTOCOL\fP) when you call \fIcurl_easy_perform(3)\fP
+or \fIcurl_multi_perform(3)\fP. Use \fIcurl_version_info(3)\fP for detailed
+information on which protocols are supported.
+
+The host part of the URL contains the address of the server that you want to
+connect to. This can be the fully qualified domain name of the server, the
+local network name of the machine on your network or the IP address of the
+server or machine represented by either an IPv4 or IPv6 address. For example:
+
+http://www.example.com/
+
+http://hostname/
+
+http://192.168.0.1/
+
+http://[2001:1890:1112:1::20]/
+
+It is also possible to specify the user name and password as part of the
+host, for some protocols, when connecting to servers that require
+authentication.
+
+For example the following types of authentication support this:
+
+http://user:password@www.domain.com
+ftp://user:password@ftp.domain.com
+pop3://user:password@mail.domain.com
+
+The port is optional and when not specified libcurl will use the default port
+based on the determined or specified protocol: 80 for http, 21 for ftp and 25
+for smtp, etc. The following examples show how to specify the port:
+
+http://www.weirdserver.com:8080/ - This will connect to a web server using
+port 8080.
+
+smtp://mail.domain.com:587/ - This will connect to a smtp server on the
+alternative mail port.
+
+The path part of the URL is protocol specific and whilst some examples are
+given below this list is not conclusive:
+
+.B HTTP
+
+The path part of a HTTP request specifies the file to retrieve and from what
+directory. If the directory is not specified then the web server's root
+directory is used. If the file is omitted then the default document will be
+retrieved for either the directory specified or the root directory. The
+exact resource returned for each URL is entirely dependent on the server's
+configuration.
+
+http://www.netscape.com - This gets the main page (index.html in this
+example) from Netscape's web server.
+
+http://www.netscape.com/index.html - This returns the main page from Netscape
+by specifying the page to get.
+
+http://www.netscape.com/contactus/ - This returns the default document from
+the contactus directory.
+
+.B FTP
+
+The path part of an FTP request specifies the file to retrieve and from what
+directory. If the file part is omitted then libcurl downloads the directory
+listing for the directory specified. If the directory is omitted then
+the directory listing for the root / home directory will be returned.
+
+ftp://cool.haxx.se - This retrieves the directory listing for our FTP server.
+
+ftp://cool.haxx.se/readme.txt - This downloads the file readme.txt from the
+root directory.
+
+ftp://cool.haxx.se/libcurl/readme.txt - This downloads readme.txt from the
+libcurl directory.
+
+ftp://user:password@my.example.com/readme.txt - This retrieves the readme.txt
+file from the user's home directory. When a username and password is
+specified, everything that is specified in the path part is relative to the
+user's home directory. To retrieve files from the root directory or a
+directory underneath the root directory then the absolute path must be
+specified by prepending an additional forward slash to the beginning of the
+path.
+
+ftp://user:password@my.example.com//readme.txt - This retrieves the readme.txt
+from the root directory when logging in as a specified user.
+
+.B SMTP
+
+The path part of a SMTP request specifies the host name to present during
+communication with the mail server. If the path is omitted then libcurl will
+attempt to resolve the local computer's host name. However, this may not
+return the fully qualified domain name that is required by some mail servers
+and specifying this path allows you to set an alternative name, such as
+your machine's fully qualified domain name, which you might have obtained
+from an external function such as gethostname or getaddrinfo.
+
+smtp://mail.domain.com - This connects to the mail server at domain.com and
+sends your local computer's host name in the HELO / EHLO command.
+
+smtp://mail.domain.com/client.domain.com - This will send client.domain.com in
+the HELO / EHLO command to the mail server at domain.com.
+
+.B POP3
+
+The path part of a POP3 request specifies the mailbox (message) to retrieve.
+If the mailbox is not specified then a list of waiting messages is returned
+instead.
+
+pop3://user:password@mail.domain.com - This lists the available messages
+pop3://user:password@mail.domain.com/1 - This retrieves the first message
+
+.B SCP
+
+The path part of an SCP request specifies the file to retrieve and from what
+directory. The file part may not be omitted. The file is taken as an absolute
+path from the root directory on the server. To specify a path relative to
+the user's home directory on the server, prepend ~/ to the path portion.
+If the user name is not embedded in the URL, it can be set with the
+\fICURLOPT_USERPWD\fP or \fBCURLOPT_USERNAME\fP option.
+
+scp://user@example.com/etc/issue - This specifies the file /etc/issue
+
+scp://example.com/~/my-file - This specifies the file my-file in the
+user's home directory on the server
+
+.B SFTP
+
+The path part of an SFTP request specifies the file to retrieve and from what
+directory. If the file part is omitted then libcurl downloads the directory
+listing for the directory specified.  If the path ends in a / then a directory
+listing is returned instead of a file.  If the path is omitted entirely then
+the directory listing for the root / home directory will be returned.
+If the user name is not embedded in the URL, it can be set with the
+\fICURLOPT_USERPWD\fP or \fBCURLOPT_USERNAME\fP option.
+
+sftp://user:password@example.com/etc/issue - This specifies the file
+/etc/issue
+
+sftp://user@example.com/~/my-file - This specifies the file my-file in the
+user's home directory
+
+sftp://ssh.example.com/~/Documents/ - This requests a directory listing
+of the Documents directory under the user's home directory
+
+.B NOTES
+
+Starting with version 7.20.0, the fragment part of the URI will not be sent as
+part of the path, which was previously the case.
 
 \fICURLOPT_URL\fP is the only option that \fBmust\fP be set before
 \fIcurl_easy_perform(3)\fP is called.
@@ -664,10 +815,10 @@ this are \fICURLPROXY_HTTP\fP, \fICURLPROXY_HTTP_1_0\fP (added in 7.19.4),
 
 If you set \fBCURLOPT_PROXYTYPE\fP to \fICURLPROXY_HTTP_1_0\fP, it will only
 affect how libcurl speaks to a proxy when CONNECT is used. The HTTP version
-used for "regular" HTTP requests is instead controled with
+used for "regular" HTTP requests is instead controlled with
 \fICURLOPT_HTTP_VERSION\fP.
 .IP CURLOPT_NOPROXY
-Pass a pointer to a zero terminated string. The should be a comma- separated
+Pass a pointer to a zero terminated string. The should be a comma separated
 list of hosts which do not use a proxy, if one is specified.  The only
 wildcard is a single * character, which matches all hosts, and effectively
 disables the proxy. Each name in this list is matched as either a domain which
@@ -890,6 +1041,20 @@ prevent the password from being eavesdropped.
 
 You need to build libcurl with OpenSSL support for this option to work, or
 build libcurl on Windows.
+.IP CURLAUTH_NTLM_WB
+NTLM delegating to winbind helper. Authentication is performed by a separate
+binary application that is executed when needed. The name of the application
+is specified at compile time but is typically /usr/bin/ntlm_auth
+(Added in 7.22.0)
+
+Note that libcurl will fork when necessary to run the winbind application and
+kill it when complete, calling waitpid() to await its exit when done. On POSIX
+operating systems, killing the process will cause a SIGCHLD signal to be
+raised (regardless of whether \fICURLOPT_NOSIGNAL\fP is set), which must be
+handled intelligently by the application. In particular, the application must
+not unconditionally call wait() in its SIGCHLD signal handler to avoid being
+subject to a race condition.  This behavior is subject to change in future
+versions of libcurl.
 .IP CURLAUTH_ANY
 This is a convenience macro that sets all bits and thus makes libcurl pick any
 it finds suitable. libcurl will automatically select the one it finds most
@@ -917,12 +1082,12 @@ You need to build libcurl with GnuTLS or OpenSSL with TLS-SRP support for this
 to work. (Added in 7.21.4)
 .RE
 .IP CURLOPT_TLSAUTH_USERNAME
-Pass a char * as parameter, which should point to the zero-terminated username
+Pass a char * as parameter, which should point to the zero terminated username
 to use for the TLS authentication method specified with the
 \fICURLOPT_TLSAUTH_TYPE\fP option. Requires that the
 \fICURLOPT_TLS_PASSWORD\fP option also be set. (Added in 7.21.4)
 .IP CURLOPT_TLSAUTH_PASSWORD
-Pass a char * as parameter, which should point to the zero-terminated password
+Pass a char * as parameter, which should point to the zero terminated password
 to use for the TLS authentication method specified with the
 \fICURLOPT_TLSAUTH_TYPE\fP option. Requires that the
 \fICURLOPT_TLS_USERNAME\fP option also be set. (Added in 7.21.4)
@@ -1313,18 +1478,22 @@ Examples with specified ports:
 You disable PORT again and go back to using the passive version by setting
 this option to NULL.
 .IP CURLOPT_QUOTE
-Pass a pointer to a linked list of FTP or SFTP commands to pass to
-the server prior to your FTP request. This will be done before any
-other commands are issued (even before the CWD command for FTP). The
-linked list should be a fully valid list of 'struct curl_slist' structs
-properly filled in with text strings. Use \fIcurl_slist_append(3)\fP
-to append strings (commands) to the list, and clear the entire list
-afterwards with \fIcurl_slist_free_all(3)\fP. Disable this operation
-again by setting a NULL to this option.
-The set of valid FTP commands depends on the server (see RFC959 for a
-list of mandatory commands).
-The valid SFTP commands are: chgrp, chmod, chown, ln, mkdir, pwd,
-rename, rm, rmdir, symlink (see
+Pass a pointer to a linked list of FTP or SFTP commands to pass to the server
+prior to your FTP request. This will be done before any other commands are
+issued (even before the CWD command for FTP). The linked list should be a
+fully valid list of 'struct curl_slist' structs properly filled in with text
+strings. Use \fIcurl_slist_append(3)\fP to append strings (commands) to the
+list, and clear the entire list afterwards with
+\fIcurl_slist_free_all(3)\fP. Disable this operation again by setting a NULL
+to this option. When speaking to a FTP server, prefix the command with an
+asterisk (*) to make libcurl continue even if the command fails as by default
+libcurl will stop at first failure.
+
+The set of valid FTP commands depends on the server (see RFC959 for a list of
+mandatory commands).
+
+The valid SFTP commands are: chgrp, chmod, chown, ln, mkdir, pwd, rename, rm,
+rmdir, symlink (see
 .BR curl (1))
 (SFTP support added in 7.16.3)
 .IP CURLOPT_POSTQUOTE
@@ -1451,7 +1620,7 @@ a reply.
 Initiate the shutdown and wait for a reply.
 .RE
 .IP CURLOPT_FTP_ACCOUNT
-Pass a pointer to a zero-terminated string (or NULL to disable). When an FTP
+Pass a pointer to a zero terminated string (or NULL to disable). When an FTP
 server asks for "account data" after user name and password has been provided,
 this data is sent off using the ACCT command. (Added in 7.13.0)
 .IP CURLOPT_FTP_FILEMETHOD
@@ -2105,6 +2274,14 @@ of these, 'private' will be used. Set the string to NULL to disable kerberos
 support for FTP.
 
 (This option was known as CURLOPT_KRB4LEVEL up to 7.16.3)
+.IP CURLOPT_GSSAPI_DELEGATION
+Set the parameter to CURLGSSAPI_DELEGATION_FLAG to allow unconditional GSSAPI
+credential delegation.  The delegation is disabled by default since 7.21.7.
+Set the parameter to CURLGSSAPI_DELEGATION_POLICY_FLAG to delegate only if
+the OK-AS-DELEGATE flag is set in the service ticket in case this feature is
+supported by the GSSAPI implementation and the definition of
+GSS_C_DELEG_POLICY_FLAG was available at compile-time.
+(Added in 7.22.0)
 .SH SSH OPTIONS
 .IP CURLOPT_SSH_AUTH_TYPES
 Pass a long set to a bitmask consisting of one or more of

docs/libcurl/curl_multi_fdset.3

@@ -40,19 +40,28 @@ but be sure to FD_ZERO them before calling this function as
 otherwise remove any others. The \fIcurl_multi_perform(3)\fP function should be
 called as soon as one of them is ready to be read from or written to.
 
-To be sure to have up-to-date results, you should call
-\fIcurl_multi_perform\fP until it does not return CURLM_CALL_MULTI_PERFORM
-prior to calling \fIcurl_multi_fdset\fP.  This will make sure that libcurl has
-updated the handles' socket states.
-
 If no file descriptors are set by libcurl, \fImax_fd\fP will contain -1 when
 this function returns. Otherwise it will contain the higher descriptor number
-libcurl set.
+libcurl set. When libcurl returns -1 in \fImax_fd\fP, it is because libcurl
+currently does something that isn't possible for your application to monitor
+with a socket and unfortunately you can then not know exactly when the current
+action is completed using select(). When max_fd returns with -1, you need to
+wait a while and then proceed and call \fIcurl_multi_perform\fP anyway. How
+long to wait? I would suggest 100 milliseconds at least, but you may want to
+test it out in your own particular conditions to find a suitable value.
 
 When doing select(), you should use \fBcurl_multi_timeout\fP to figure out how
 long to wait for action. Call \fIcurl_multi_perform\fP even if no activity has
 been seen on the fd_sets after the timeout expires as otherwise internal
 retries and timeouts may not work as you'd think and want.
+
+If one of the sockets used by libcurl happens to be larger than what can be
+set in an fd_set, which on POSIX systems means that the file descriptor is
+larger than FD_SETSIZE, then libcurl will try to not set it. Setting a too
+large file descriptor in an fd_set implies an out of bounds write which can
+cause crashes, or worse. The effect of NOT storing it will possibly save you
+from the crash, but will make your program NOT wait for sockets it should wait
+for...
 .SH RETURN VALUE
 CURLMcode type, general libcurl multi interface error code. See
 \fIlibcurl-errors(3)\fP

docs/libcurl/curl_share_setopt.3

@@ -64,6 +64,11 @@ Cached DNS hosts will be shared across the easy handles using this shared
 object. Note that when you use the multi interface, all easy handles added to
 the same multi handle will share DNS cache by default without this having to
 be used!
+.IP CURL_LOCK_DATA_SSL_SESSION
+SSL session IDs will be shared accross the easy handles using this shared
+object. This will reduce the time spent in the SSL handshake when reconnecting
+to the same server. Note SSL session IDs are reused within the same easy handle
+by default.
 .RE
 .IP CURLSHOPT_UNSHARE
 This option does the opposite of \fICURLSHOPT_SHARE\fP. It specifies that

docs/libcurl/curl_version_info.3

@@ -128,6 +128,11 @@ the app having to pass them on. (Added in 7.13.2)
 .IP CURL_VERSION_CONV
 libcurl was built with support for character conversions, as provided by the
 CURLOPT_CONV_* callbacks. (Added in 7.15.4)
+.IP CURL_VERSION_TLSAUTH_SRP
+libcurl was built with support for TLS-SRP. (Added in 7.21.4)
+.IP CURL_VERSION_NTLM_WB
+libcurl was built with support for NTLM delegation to a winbind helper.
+(Added in 7.22.0)
 .RE
 \fIssl_version\fP is an ASCII string for the OpenSSL version used. If libcurl
 has no SSL support, this is NULL.

docs/libcurl/libcurl-errors.3

@@ -277,3 +277,6 @@ An invalid share object was passed to the function.
 .IP "CURLSHE_NOMEM (4)"
 Not enough memory was available.
 (Added in 7.12.0)
+.IP "CURLSHE_NOT_BUILT_IN (5)"
+The requsted sharing could not be done because the library you use don't have
+that particular feature enabled. (Added in 7.23.0)

docs/libcurl/libcurl-multi.3

@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2010, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) 1998 - 2011, Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
@@ -82,14 +82,6 @@ might need attention. This also makes it very easy for your program to wait
 for input on your own private file descriptors at the same time or perhaps
 timeout every now and then, should you want that.
 
-A little note here about the return codes from the multi functions, and
-especially the \fIcurl_multi_perform(3)\fP: if you receive
-\fICURLM_CALL_MULTI_PERFORM\fP, this basically means that you should call
-\fIcurl_multi_perform(3)\fP again, before you select() on more actions. You
-don't have to do it immediately, but the return code means that libcurl may
-have more data available to return or that there may be more data to send off
-before it is "satisfied".
-
 \fIcurl_multi_perform(3)\fP stores the number of still running transfers in
 one of its input arguments, and by reading that you can figure out when all
 the transfers in the multi handles are done. 'done' does not mean
@@ -118,21 +110,39 @@ If you want to re-use an easy handle that was added to the multi handle for
 transfer, you must first remove it from the multi stack and then re-add it
 again (possibly after having altered some options at your own choice).
 .SH "MULTI_SOCKET"
-Since 7.16.0, the \fIcurl_multi_socket_action(3)\fP function offers a way for
-applications to not only avoid being forced to use select(), but it also
-offers a much more high-performance API that will make a significant
-difference for applications using large numbers of simultaneous connections.
+\fIcurl_multi_socket_action(3)\fP function offers a way for applications to
+not only avoid being forced to use select(), but it also offers a much more
+high-performance API that will make a significant difference for applications
+using large numbers of simultaneous connections.
 
-\fIcurl_multi_socket_action(3)\fP is then used
-instead of \fIcurl_multi_perform(3)\fP.
+\fIcurl_multi_socket_action(3)\fP is then used instead of
+\fIcurl_multi_perform(3)\fP.
+
+When using this API, you add easy handles to the multi handle just as with the
+normal multi interface. Then you also set two callbacks with the
+CURLMOPT_SOCKETFUNCTION and CURLMOPT_TIMERFUNCTION options to
+\fIcurl_multi_setopt(3)\fP.
+
+The API is then designed to inform your application about which sockets
+libcurl is currently using and for what activities (read and/or write) on
+those sockets your application is expected to wait for.
+
+Your application must then make sure to receive all sockets informed about in
+the CURLMOPT_SOCKETFUNCTION callback and make sure it reacts on the given
+activity on them. When a socket has the given activity, you call
+\fIcurl_multi_socket_action(3)\fP specifying which socket and action there
+are.
+
+The CURLMOPT_TIMERFUNCTION callback is called to set a timeout. When that
+timeout expires, your application should call the
+\fIcurl_multi_socket_action(3)\fP function saying it was due to a timeout.
 .SH "BLOCKING"
 A few areas in the code are still using blocking code, even when used from the
 multi interface. While we certainly want and intend for these to get fixed in
 the future, you should be aware of the following current restrictions:
 
 .nf
- - Name resolves on non-windows unless c-ares is used
- - GnuTLS SSL connections
+ - Name resolves unless the c-ares or threaded-resolver backends are used
  - NSS SSL connections
  - Active FTP connections
  - HTTP proxy CONNECT operations

docs/libcurl/libcurl-tutorial.3

@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2010, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) 1998 - 2011, Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
@@ -249,9 +249,11 @@ complication for you. Given simply the URL to a file, libcurl will take care
 of all the details needed to get the file moved from one machine to another.
 
 .SH "Multi-threading Issues"
-The first basic rule is that you must \fBnever\fP share a libcurl handle (be
-it easy or multi or whatever) between multiple threads. Only use one handle in
-one thread at a time.
+The first basic rule is that you must \fBnever\fP simultaneously share a
+libcurl handle (be it easy or multi or whatever) between multiple
+threads. Only use one handle in one thread at any time. You can pass the
+handles around among threads, but you must never use a single handle from more
+than one thread at any given time.
 
 libcurl is completely thread safe, except for two issues: signals and SSL/TLS
 handlers. Signals are used for timing out name resolves (during DNS lookup) -

docs/libcurl/libcurl.m4

@@ -157,6 +157,7 @@ x=CURLOPT_FILE;
 x=CURLOPT_ERRORBUFFER;
 x=CURLOPT_STDERR;
 x=CURLOPT_VERBOSE;
+if (x) ;
 ])],libcurl_cv_lib_curl_usable=yes,libcurl_cv_lib_curl_usable=no)
 
            CPPFLAGS=$_libcurl_save_cppflags

docs/libcurl/symbols-in-versions

@@ -20,6 +20,7 @@ CURLAUTH_DIGEST_IE              7.19.3
 CURLAUTH_GSSNEGOTIATE           7.10.6
 CURLAUTH_NONE                   7.10.6
 CURLAUTH_NTLM                   7.10.6
+CURLAUTH_NTLM_WB                7.22.0
 CURLAUTH_ONLY                   7.21.3
 CURLCLOSEPOLICY_CALLBACK        7.7
 CURLCLOSEPOLICY_LEAST_RECENTLY_USED 7.7
@@ -186,6 +187,9 @@ CURLFTPSSL_TRY                  7.11.0        7.17.0
 CURLFTP_CREATE_DIR              7.19.4
 CURLFTP_CREATE_DIR_NONE         7.19.4
 CURLFTP_CREATE_DIR_RETRY        7.19.4
+CURLGSSAPI_DELEGATION_FLAG      7.22.0
+CURLGSSAPI_DELEGATION_NONE      7.22.0
+CURLGSSAPI_DELEGATION_POLICY_FLAG 7.22.0
 CURLINFO_APPCONNECT_TIME        7.19.0
 CURLINFO_CERTINFO               7.19.1
 CURLINFO_CONDITION_UNMET        7.19.4
@@ -344,6 +348,7 @@ CURLOPT_FTP_SSL_CCC             7.16.1
 CURLOPT_FTP_USE_EPRT            7.10.5
 CURLOPT_FTP_USE_EPSV            7.9.2
 CURLOPT_FTP_USE_PRET            7.20.0
+CURLOPT_GSSAPI_DELEGATION       7.22.0
 CURLOPT_HEADER                  7.1
 CURLOPT_HEADERDATA              7.10
 CURLOPT_HEADERFUNCTION          7.7.2
@@ -545,6 +550,7 @@ CURLSHE_BAD_OPTION              7.10.3
 CURLSHE_INVALID                 7.10.3
 CURLSHE_IN_USE                  7.10.3
 CURLSHE_NOMEM                   7.12.0
+CURLSHE_NOT_BUILT_IN            7.23.0
 CURLSHE_OK                      7.10.3
 CURLSHOPT_LOCKFUNC              7.10.3
 CURLSHOPT_NONE                  7.10.3
@@ -675,6 +681,7 @@ CURL_VERSION_KERBEROS4          7.10
 CURL_VERSION_LARGEFILE          7.11.1
 CURL_VERSION_LIBZ               7.10
 CURL_VERSION_NTLM               7.10.6
+CURL_VERSION_NTLM_WB            7.22.0
 CURL_VERSION_SPNEGO             7.10.8
 CURL_VERSION_SSL                7.10
 CURL_VERSION_SSPI               7.13.2

include/curl/curl.h

@@ -55,18 +55,17 @@
 #include <sys/types.h>
 #include <time.h>
 
-#if defined(WIN32) && !defined(_WIN32_WCE) && !defined(__GNUC__) && \
-  !defined(__CYGWIN__) || defined(__MINGW32__)
-#if !(defined(_WINSOCKAPI_) || defined(_WINSOCK_H))
+#if defined(WIN32) && !defined(_WIN32_WCE) && !defined(__CYGWIN__)
+#if !(defined(_WINSOCKAPI_) || defined(_WINSOCK_H) || defined(__LWIP_OPT_H__))
 /* The check above prevents the winsock2 inclusion if winsock.h already was
    included, since they can't co-exist without problems */
 #include <winsock2.h>
 #include <ws2tcpip.h>
 #endif
-#else
+#endif
 
 /* HP-UX systems version 9, 10 and 11 lack sys/select.h and so does oldish
-   libc5-based Linux systems. Only include it on system that are known to
+   libc5-based Linux systems. Only include it on systems that are known to
    require it! */
 #if defined(_AIX) || defined(__NOVELL_LIBC__) || defined(__NetBSD__) || \
     defined(__minix) || defined(__SYMBIAN32__) || defined(__INTEGRITY) || \
@@ -75,14 +74,13 @@
 #include <sys/select.h>
 #endif
 
-#ifndef _WIN32_WCE
+#if !defined(WIN32) && !defined(_WIN32_WCE)
 #include <sys/socket.h>
 #endif
+
 #if !defined(WIN32) && !defined(__WATCOMC__) && !defined(__VXWORKS__)
 #include <sys/time.h>
 #endif
-#include <sys/types.h>
-#endif
 
 #ifdef __BEOS__
 #include <support/SupportDefs.h>
@@ -122,7 +120,7 @@ typedef void CURL;
 
 #ifndef curl_socket_typedef
 /* socket typedef */
-#ifdef WIN32
+#if defined(WIN32) && !defined(__LWIP_OPT_H__)
 typedef SOCKET curl_socket_t;
 #define CURL_SOCKET_BAD INVALID_SOCKET
 #else
@@ -189,10 +187,10 @@ typedef int (*curl_progress_callback)(void *clientp,
 #define CURL_MAX_HTTP_HEADER (100*1024)
 #endif
 
-
 /* This is a magic return code for the write callback that, when returned,
    will signal libcurl to pause receiving on the current transfer. */
 #define CURL_WRITEFUNC_PAUSE 0x10000001
+
 typedef size_t (*curl_write_callback)(char *buffer,
                                       size_t size,
                                       size_t nitems,
@@ -600,6 +598,7 @@ typedef enum {
 #define CURLAUTH_GSSNEGOTIATE (1<<2)  /* GSS-Negotiate */
 #define CURLAUTH_NTLM         (1<<3)  /* NTLM */
 #define CURLAUTH_DIGEST_IE    (1<<4)  /* Digest with IE flavour */
+#define CURLAUTH_NTLM_WB      (1<<5)  /* NTLM delegating to winbind helper */
 #define CURLAUTH_ONLY         (1<<31) /* used together with a single other
                                          type to force no auth or just that
                                          single type */
@@ -614,6 +613,10 @@ typedef enum {
 #define CURLSSH_AUTH_KEYBOARD  (1<<3) /* keyboard interactive */
 #define CURLSSH_AUTH_DEFAULT CURLSSH_AUTH_ANY
 
+#define CURLGSSAPI_DELEGATION_NONE        0      /* no delegation (default) */
+#define CURLGSSAPI_DELEGATION_POLICY_FLAG (1<<0) /* if permitted by policy */
+#define CURLGSSAPI_DELEGATION_FLAG        (1<<1) /* delegate always */
+
 #define CURL_ERROR_SIZE 256
 
 struct curl_khkey {
@@ -916,9 +919,7 @@ typedef enum {
   /* send linked-list of post-transfer QUOTE commands */
   CINIT(POSTQUOTE, OBJECTPOINT, 39),
 
-  /* Pass a pointer to string of the output using full variable-replacement
-     as described elsewhere. */
-  CINIT(WRITEINFO, OBJECTPOINT, 40),
+  CINIT(WRITEINFO, OBJECTPOINT, 40), /* DEPRECATED, do not use! */
 
   CINIT(VERBOSE, LONG, 41),      /* talk a lot */
   CINIT(HEADER, LONG, 42),       /* throw the header out too */
@@ -994,8 +995,7 @@ typedef enum {
   /* Max amount of cached alive connections */
   CINIT(MAXCONNECTS, LONG, 71),
 
-  /* 72 - DEPRECATED */
-  CINIT(CLOSEPOLICY, LONG, 72),
+  CINIT(CLOSEPOLICY, LONG, 72), /* DEPRECATED, do not use! */
 
   /* 73 = OBSOLETE */
 
@@ -1069,7 +1069,7 @@ typedef enum {
   CINIT(SSLENGINE_DEFAULT, LONG, 90),
 
   /* Non-zero value means to use the global dns cache */
-  CINIT(DNS_USE_GLOBAL_CACHE, LONG, 91), /* To become OBSOLETE soon */
+  CINIT(DNS_USE_GLOBAL_CACHE, LONG, 91), /* DEPRECATED, do not use! */
 
   /* DNS cache timeout */
   CINIT(DNS_CACHE_TIMEOUT, LONG, 92),
@@ -1483,6 +1483,9 @@ typedef enum {
   CINIT(CLOSESOCKETFUNCTION, FUNCTIONPOINT, 208),
   CINIT(CLOSESOCKETDATA, OBJECTPOINT, 209),
 
+  /* allow GSSAPI credential delegation */
+  CINIT(GSSAPI_DELEGATION, LONG, 210),
+
   CURLOPT_LASTENTRY /* the last unused */
 } CURLoption;
 
@@ -2011,8 +2014,9 @@ typedef enum {
   CURLSHE_BAD_OPTION, /* 1 */
   CURLSHE_IN_USE,     /* 2 */
   CURLSHE_INVALID,    /* 3 */
-  CURLSHE_NOMEM,      /* out of memory */
-  CURLSHE_LAST /* never use */
+  CURLSHE_NOMEM,      /* 4 out of memory */
+  CURLSHE_NOT_BUILT_IN, /* 5 feature not present in lib */
+  CURLSHE_LAST        /* never use */
 } CURLSHcode;
 
 typedef enum {
@@ -2092,8 +2096,9 @@ typedef struct {
 #define CURL_VERSION_CONV      (1<<12) /* character conversions supported */
 #define CURL_VERSION_CURLDEBUG (1<<13) /* debug memory tracking supported */
 #define CURL_VERSION_TLSAUTH_SRP (1<<14) /* TLS-SRP auth is supported */
+#define CURL_VERSION_NTLM_WB   (1<<15) /* NTLM delegating to winbind helper */
 
-/*
+ /*
  * NAME curl_version_info()
  *
  * DESCRIPTION

include/curl/curlver.h

@@ -30,13 +30,13 @@
 
 /* This is the version number of the libcurl package from which this header
    file origins: */
-#define LIBCURL_VERSION "7.21.7-DEV"
+#define LIBCURL_VERSION "7.24.0-DEV"
 
 /* The numeric version number is also available "in parts" by using these
    defines: */
 #define LIBCURL_VERSION_MAJOR 7
-#define LIBCURL_VERSION_MINOR 21
-#define LIBCURL_VERSION_PATCH 7
+#define LIBCURL_VERSION_MINOR 24
+#define LIBCURL_VERSION_PATCH 0
 
 /* This is the numeric version of the libcurl version number, meant for easier
    parsing and comparions by programs. The LIBCURL_VERSION_NUM define will
@@ -53,7 +53,7 @@
    and it is always a greater number in a more recent release. It makes
    comparisons with greater than and less than work.
 */
-#define LIBCURL_VERSION_NUM 0x071507
+#define LIBCURL_VERSION_NUM 0x071800
 
 /*
  * This is the date and time when the full source package was created. The

include/curl/typecheck-gcc.h

@@ -392,7 +392,8 @@ _CURL_WARNING(_curl_easy_getinfo_err_curl_slist,
 /* evaluates to true if expr is abuffer suitable for CURLOPT_ERRORBUFFER */
 /* XXX: also check size of an char[] array? */
 #define _curl_is_error_buffer(expr)                                           \
-  (__builtin_types_compatible_p(__typeof__(expr), char *) ||                  \
+  (_curl_is_NULL(expr) ||                                                     \
+   __builtin_types_compatible_p(__typeof__(expr), char *) ||                  \
    __builtin_types_compatible_p(__typeof__(expr), char[]))
 
 /* evaluates to true if expr is of type (const) void* or (const) FILE* */
@@ -521,7 +522,11 @@ typedef int (_curl_progress_callback2)(const void *,
    _curl_callback_compatible((expr), _curl_debug_callback1) ||                \
    _curl_callback_compatible((expr), _curl_debug_callback2) ||                \
    _curl_callback_compatible((expr), _curl_debug_callback3) ||                \
-   _curl_callback_compatible((expr), _curl_debug_callback4))
+   _curl_callback_compatible((expr), _curl_debug_callback4) ||                \
+   _curl_callback_compatible((expr), _curl_debug_callback5) ||                \
+   _curl_callback_compatible((expr), _curl_debug_callback6) ||                \
+   _curl_callback_compatible((expr), _curl_debug_callback7) ||                \
+   _curl_callback_compatible((expr), _curl_debug_callback8))
 typedef int (_curl_debug_callback1) (CURL *,
     curl_infotype, char *, size_t, void *);
 typedef int (_curl_debug_callback2) (CURL *,
@@ -530,6 +535,14 @@ typedef int (_curl_debug_callback3) (CURL *,
     curl_infotype, const char *, size_t, void *);
 typedef int (_curl_debug_callback4) (CURL *,
     curl_infotype, const char *, size_t, const void *);
+typedef int (_curl_debug_callback5) (CURL *,
+    curl_infotype, unsigned char *, size_t, void *);
+typedef int (_curl_debug_callback6) (CURL *,
+    curl_infotype, unsigned char *, size_t, const void *);
+typedef int (_curl_debug_callback7) (CURL *,
+    curl_infotype, const unsigned char *, size_t, void *);
+typedef int (_curl_debug_callback8) (CURL *,
+    curl_infotype, const unsigned char *, size_t, const void *);
 
 /* evaluates to true if expr is of type curl_ssl_ctx_callback or "similar" */
 /* this is getting even messier... */

lib/Makefile.Watcom

@@ -89,7 +89,7 @@ ZLIB_ROOT = ..$(DS)..$(DS)zlib-1.2.5
 !ifdef %libssh2_root
 LIBSSH2_ROOT = $(%libssh2_root)
 !else
-LIBSSH2_ROOT = ..$(DS)..$(DS)libssh2-1.2.8
+LIBSSH2_ROOT = ..$(DS)..$(DS)libssh2-1.3.0
 !endif
 
 !ifdef %librtmp_root

lib/Makefile.inc

@@ -14,7 +14,7 @@ CSOURCES = file.c timeval.c base64.c hostip.c progress.c formdata.c	\
   curl_fnmatch.c fileinfo.c ftplistparser.c wildcard.c krb5.c		\
   memdebug.c http_chunks.c strtok.c connect.c llist.c hash.c multi.c	\
   content_encoding.c share.c http_digest.c md4.c md5.c curl_rand.c	\
-  http_negotiate.c http_ntlm.c inet_pton.c strtoofft.c strerror.c	\
+  http_negotiate.c inet_pton.c strtoofft.c strerror.c			\
   hostasyn.c hostip4.c hostip6.c hostsyn.c inet_ntop.c parsedate.c	\
   select.c gtls.c sslgen.c tftp.c splay.c strdup.c socks.c ssh.c nss.c	\
   qssl.c rawstr.c curl_addrinfo.c socks_gssapi.c socks_sspi.c		\
@@ -22,7 +22,8 @@ CSOURCES = file.c timeval.c base64.c hostip.c progress.c formdata.c	\
   pingpong.c rtsp.c curl_threads.c warnless.c hmac.c polarssl.c		\
   curl_rtmp.c openldap.c curl_gethostname.c gopher.c axtls.c		\
   idn_win32.c http_negotiate_sspi.c cyassl.c http_proxy.c non-ascii.c	\
-  asyn-ares.c asyn-thread.c
+  asyn-ares.c asyn-thread.c curl_gssapi.c curl_ntlm.c curl_ntlm_wb.c	\
+  curl_ntlm_core.c curl_ntlm_msgs.c
 
 HHEADERS = arpa_telnet.h netrc.h file.h timeval.h qssl.h hostip.h	\
   progress.h formdata.h cookie.h http.h sendf.h ftp.h url.h dict.h	\
@@ -30,11 +31,12 @@ HHEADERS = arpa_telnet.h netrc.h file.h timeval.h qssl.h hostip.h	\
   getinfo.h strequal.h krb4.h memdebug.h http_chunks.h curl_rand.h	\
   curl_fnmatch.h wildcard.h fileinfo.h ftplistparser.h strtok.h		\
   connect.h llist.h hash.h content_encoding.h share.h curl_md4.h	\
-  curl_md5.h http_digest.h http_negotiate.h http_ntlm.h inet_pton.h	\
+  curl_md5.h http_digest.h http_negotiate.h inet_pton.h			\
   strtoofft.h strerror.h inet_ntop.h curlx.h curl_memory.h setup.h	\
   transfer.h select.h easyif.h multiif.h parsedate.h sslgen.h gtls.h	\
   tftp.h sockaddr.h splay.h strdup.h setup_once.h socks.h ssh.h nssg.h	\
   curl_base64.h rawstr.h curl_addrinfo.h curl_sspi.h slist.h nonblock.h	\
   curl_memrchr.h imap.h pop3.h smtp.h pingpong.h rtsp.h curl_threads.h	\
   warnless.h curl_hmac.h polarssl.h curl_rtmp.h curl_gethostname.h	\
-  gopher.h axtls.h cyassl.h http_proxy.h non-ascii.h asyn.h
+  gopher.h axtls.h cyassl.h http_proxy.h non-ascii.h asyn.h curl_ntlm.h \
+  curl_gssapi.h curl_ntlm_wb.h curl_ntlm_core.h curl_ntlm_msgs.h

lib/Makefile.m32

@@ -1,7 +1,7 @@
-#########################################################################
+###########################################################################
 #
-## Makefile for building libcurl.a with MingW32 (GCC-3.2 or later)
-## and optionally OpenSSL (0.9.8), libssh2 (1.2), zlib (1.2.5), librtmp (2.3)
+## Makefile for building libcurl.a with MingW (GCC-3.2 or later)
+## and optionally OpenSSL (0.9.8), libssh2 (1.3), zlib (1.2.5), librtmp (2.3)
 ##
 ## Usage:   mingw32-make -f Makefile.m32 CFG=-feature1[-feature2][-feature3][...]
 ## Example: mingw32-make -f Makefile.m32 CFG=-zlib-ssl-sspi-winidn
@@ -9,10 +9,8 @@
 ## Hint: you can also set environment vars to control the build, f.e.:
 ## set ZLIB_PATH=c:/zlib-1.2.5
 ## set ZLIB=1
-##
-## Comments to: Troy Engel <tengel@sonic.net> or
-##              Joern Hartroth <hartroth@acm.org>
-#########################################################################
+#
+###########################################################################
 
 # Edit the path below to point to the base of your Zlib sources.
 ifndef ZLIB_PATH
@@ -22,9 +20,18 @@ endif
 ifndef OPENSSL_PATH
 OPENSSL_PATH = ../../openssl-0.9.8r
 endif
+ifndef OPENSSL_INCLUDE
+OPENSSL_INCLUDE = $(OPENSSL_PATH)/outinc
+endif
+ifndef OPENSSL_LIBPATH
+OPENSSL_LIBPATH = $(OPENSSL_PATH)/out
+endif
+ifndef OPENSSL_LIBS
+OPENSSL_LIBS = -leay32 -lssl32
+endif
 # Edit the path below to point to the base of your LibSSH2 package.
 ifndef LIBSSH2_PATH
-LIBSSH2_PATH = ../../libssh2-1.2.8
+LIBSSH2_PATH = ../../libssh2-1.3.0
 endif
 # Edit the path below to point to the base of your librtmp package.
 ifndef LIBRTMP_PATH
@@ -45,22 +52,35 @@ ifndef LDAP_SDK
 LDAP_SDK = c:/novell/ndk/cldapsdk/win32
 endif
 
+PROOT = ..
+
 # Edit the path below to point to the base of your c-ares package.
 ifndef LIBCARES_PATH
-LIBCARES_PATH = ../ares
+LIBCARES_PATH = $(PROOT)/ares
+endif
+
+# Edit the var below to set to your architecture or set environment var.
+ifndef ARCH
+ARCH = w32
 endif
 
 CC = gcc
 CFLAGS = -g -O2 -Wall
+CFLAGS += -fno-strict-aliasing
+ifeq ($(ARCH),w64)
+CFLAGS += -D_AMD64_
+endif
 # comment LDFLAGS below to keep debug info
 LDFLAGS = -s
 AR = ar
 RANLIB = ranlib
 RC = windres
-RCFLAGS = --include-dir=../include -DDEBUGBUILD=0 -O COFF -i
-RM = del /q /f 2>NUL
+RCFLAGS = --include-dir=$(PROOT)/include -DDEBUGBUILD=0 -O COFF -i
 STRIP = strip -g
 
+RM = del /q /f 2>NUL
+CP = copy
+
 ########################################################
 ## Nothing more to do below this line!
 
@@ -95,6 +115,9 @@ endif
 ifeq ($(findstring -sspi,$(CFG)),-sspi)
 SSPI = 1
 endif
+ifeq ($(findstring -spnego,$(CFG)),-spnego)
+SPNEGO = 1
+endif
 ifeq ($(findstring -ldaps,$(CFG)),-ldaps)
 LDAPS = 1
 endif
@@ -104,10 +127,11 @@ endif
 
 INCLUDES = -I. -I../include
 CFLAGS += -DBUILDING_LIBCURL
+
 ifdef ARES
-  INCLUDES += -I$(LIBCARES_PATH)
+  INCLUDES += -I"$(LIBCARES_PATH)"
   CFLAGS += -DUSE_ARES
-  DLL_LIBS += -L$(LIBCARES_PATH) -lcares
+  DLL_LIBS += -L"$(LIBCARES_PATH)" -lcares
   libcurl_dll_DEPENDENCIES = $(LIBCARES_PATH)/libcares.a
 endif
 ifdef RTMP
@@ -118,37 +142,39 @@ endif
 ifdef SSH2
   INCLUDES += -I"$(LIBSSH2_PATH)/include" -I"$(LIBSSH2_PATH)/win32"
   CFLAGS += -DUSE_LIBSSH2 -DHAVE_LIBSSH2_H
-  DLL_LIBS += -L$(LIBSSH2_PATH)/win32 -lssh2
+  DLL_LIBS += -L"$(LIBSSH2_PATH)/win32" -lssh2
 endif
 ifdef SSL
-  INCLUDES += -I"$(OPENSSL_PATH)/outinc" -I"$(OPENSSL_PATH)/outinc/openssl"
+  INCLUDES += -I"$(OPENSSL_INCLUDE)"
   CFLAGS += -DUSE_SSLEAY -DUSE_OPENSSL -DHAVE_OPENSSL_ENGINE_H -DHAVE_OPENSSL_PKCS12_H \
             -DHAVE_ENGINE_LOAD_BUILTIN_ENGINES -DOPENSSL_NO_KRB5 \
             -DCURL_WANTS_CA_BUNDLE_ENV
-  DLL_LIBS += -L$(OPENSSL_PATH)/out -leay32 -lssl32
+  DLL_LIBS += -L"$(OPENSSL_LIBPATH)" $(OPENSSL_LIBS)
 endif
 ifdef ZLIB
   INCLUDES += -I"$(ZLIB_PATH)"
   CFLAGS += -DHAVE_LIBZ -DHAVE_ZLIB_H
-  DLL_LIBS += -L$(ZLIB_PATH) -lz
+  DLL_LIBS += -L"$(ZLIB_PATH)" -lz
 endif
 ifdef IDN
   INCLUDES += -I"$(LIBIDN_PATH)/include"
   CFLAGS += -DUSE_LIBIDN
-  DLL_LIBS += -L$(LIBIDN_PATH)/lib -lidn
+  DLL_LIBS += -L"$(LIBIDN_PATH)/lib" -lidn
 else
 ifdef WINIDN
-  INCLUDES += -I"$(WINIDN_PATH)/include"
-  CFLAGS += -DHAVE_NORMALIZATION_H
   CFLAGS += -DUSE_WIN32_IDN
+  CFLAGS += -DWANT_IDN_PROTOTYPES
   DLL_LIBS += -L"$(WINIDN_PATH)" -lnormaliz
 endif
 endif
 ifdef SSPI
   CFLAGS += -DUSE_WINDOWS_SSPI
 endif
+ifdef SPNEGO
+  CFLAGS += -DHAVE_SPNEGO
+endif
 ifdef IPV6
-  CFLAGS += -DENABLE_IPV6
+  CFLAGS += -DENABLE_IPV6 -D_WIN32_WINNT=0x0501
 endif
 ifdef LDAPS
   CFLAGS += -DHAVE_LDAP_SSL
@@ -165,11 +191,10 @@ ifdef USE_LDAP_OPENLDAP
 endif
 ifndef USE_LDAP_NOVELL
 ifndef USE_LDAP_OPENLDAP
-DLL_LIBS += -lwldap32
+  DLL_LIBS += -lwldap32
 endif
 endif
 DLL_LIBS += -lws2_32
-COMPILE = $(CC) $(INCLUDES) $(CFLAGS)
 
 # Makefile.inc provides the CSOURCES and HHEADERS defines
 include Makefile.inc
@@ -183,7 +208,6 @@ libcurl_a_DEPENDENCIES := $(strip $(CSOURCES) $(HHEADERS))
 
 RESOURCE = libcurl.res
 
-.SUFFIXES: .rc .res
 
 all: $(libcurl_a_LIBRARY) $(libcurl_dll_LIBRARY)
 
@@ -200,20 +224,25 @@ $(libcurl_dll_LIBRARY): $(libcurl_a_OBJECTS) $(RESOURCE) $(libcurl_dll_DEPENDENC
 	$(CC) $(LDFLAGS) -shared -Wl,--out-implib,$(libcurl_dll_a_LIBRARY) \
 	  -o $@ $(libcurl_a_OBJECTS) $(RESOURCE) $(DLL_LIBS)
 
-.c.o:
-	$(COMPILE) -c $<
+%.o: %.c $(PROOT)/include/curl/curlbuild.h
+	$(CC) $(INCLUDES) $(CFLAGS) -c $<
 
-.rc.res:
+%.res: %.rc
 	$(RC) $(RCFLAGS) $< -o $@
 
 clean:
+ifeq "$(wildcard $(PROOT)/include/curl/curlbuild.h.dist)" "$(PROOT)/include/curl/curlbuild.h.dist"
+	-$(RM) $(subst /,\,$(PROOT)/include/curl/curlbuild.h)
+endif
 	-$(RM) $(libcurl_a_OBJECTS) $(RESOURCE)
 
 distclean vclean: clean
 	-$(RM) $(libcurl_a_LIBRARY) $(libcurl_dll_LIBRARY) $(libcurl_dll_a_LIBRARY)
 
-FORCE: ;
-
 $(LIBCARES_PATH)/libcares.a:
 	$(MAKE) -C $(LIBCARES_PATH) -f Makefile.m32
 
+$(PROOT)/include/curl/curlbuild.h:
+	@echo Creating $@
+	@$(CP) $(subst /,\,$@).dist $(subst /,\,$@)
+

lib/Makefile.netware

@@ -24,7 +24,7 @@ endif
 
 # Edit the path below to point to the base of your LibSSH2 package.
 ifndef LIBSSH2_PATH
-LIBSSH2_PATH = ../../libssh2-1.2.8
+LIBSSH2_PATH = ../../libssh2-1.3.0
 endif
 
 # Edit the path below to point to the base of your axTLS package.
@@ -42,6 +42,11 @@ ifndef LIBRTMP_PATH
 LIBRTMP_PATH = ../../librtmp-2.3
 endif
 
+# Edit the path below to point to the base of your fbopenssl package.
+ifndef FBOPENSSL_PATH
+FBOPENSSL_PATH = ../../fbopenssl-0.4
+endif
+
 # Edit the path below to point to the base of your c-ares package.
 ifndef LIBCARES_PATH
 LIBCARES_PATH = ../ares
@@ -95,7 +100,7 @@ else
 endif
 PERL	= perl
 # Here you can find a native Win32 binary of the original awk:
-# http://www.gknw.net/development/prgtools/awk-20070501.zip
+# http://www.gknw.net/development/prgtools/awk-20100523.zip
 AWK	= awk
 CP	= cp -afv
 MKDIR	= mkdir
@@ -181,6 +186,43 @@ CURL_LIB = ../lib
 
 INCLUDES = -I$(CURL_INC) -I$(CURL_LIB)
 
+ifeq ($(findstring -static,$(CFG)),-static)
+LINK_STATIC = 1
+endif
+ifeq ($(findstring -ares,$(CFG)),-ares)
+WITH_ARES = 1
+endif
+ifeq ($(findstring -rtmp,$(CFG)),-rtmp)
+WITH_RTMP = 1
+WITH_SSL = 1
+WITH_ZLIB = 1
+endif
+ifeq ($(findstring -ssh2,$(CFG)),-ssh2)
+WITH_SSH2 = 1
+WITH_SSL = 1
+WITH_ZLIB = 1
+endif
+ifeq ($(findstring -axtls,$(CFG)),-axtls)
+WITH_AXTLS = 1
+WITH_SSL =
+else
+ifeq ($(findstring -ssl,$(CFG)),-ssl)
+WITH_SSL = 1
+endif
+endif
+ifeq ($(findstring -zlib,$(CFG)),-zlib)
+WITH_ZLIB = 1
+endif
+ifeq ($(findstring -idn,$(CFG)),-idn)
+WITH_IDN = 1
+endif
+ifeq ($(findstring -spnego,$(CFG)),-spnego)
+WITH_SPNEGO = 1
+endif
+ifeq ($(findstring -ipv6,$(CFG)),-ipv6)
+ENABLE_IPV6 = 1
+endif
+
 ifdef WITH_ARES
 	INCLUDES += -I$(LIBCARES_PATH)
 	LDLIBS += $(LIBCARES_PATH)/libcares.$(LIBEXT)
@@ -204,6 +246,10 @@ ifdef WITH_SSL
 	LDLIBS += $(OPENSSL_PATH)/out_nw_$(LIBARCH_L)/crypto.$(LIBEXT)
 	IMPORTS += GetProcessSwitchCount RunningProcess
 	INSTDEP += ca-bundle.crt
+ifdef WITH_SPNEGO
+	INCLUDES += -I$(FBOPENSSL_PATH)/include
+	LDLIBS += $(FBOPENSSL_PATH)/nw/fbopenssl.$(LIBEXT)
+endif
 else
 ifdef WITH_AXTLS
 	INCLUDES += -I$(AXTLS_PATH)/inc
@@ -498,6 +544,7 @@ endif
 	@echo $(DL)#define USE_MANUAL 1$(DL) >> $@
 	@echo $(DL)#define HAVE_ARPA_INET_H 1$(DL) >> $@
 	@echo $(DL)#define HAVE_ASSERT_H 1$(DL) >> $@
+	@echo $(DL)#define HAVE_ERRNO_H 1$(DL) >> $@
 	@echo $(DL)#define HAVE_ERR_H 1$(DL) >> $@
 	@echo $(DL)#define HAVE_FCNTL_H 1$(DL) >> $@
 	@echo $(DL)#define HAVE_GETHOSTBYADDR 1$(DL) >> $@
@@ -583,6 +630,9 @@ ifdef WITH_SSL
 	@echo $(DL)#define HAVE_LIBSSL 1$(DL) >> $@
 	@echo $(DL)#define HAVE_LIBCRYPTO 1$(DL) >> $@
 	@echo $(DL)#define OPENSSL_NO_KRB5 1$(DL) >> $@
+ifdef WITH_SPNEGO
+	@echo $(DL)#define HAVE_SPNEGO 1$(DL) >> $@
+endif
 else
 ifdef WITH_AXTLS
 	@echo $(DL)#define USE_AXTLS 1$(DL) >> $@

lib/Makefile.vc6

@@ -20,6 +20,11 @@
 #
 #***************************************************************************
 
+# All files in the Makefile.vc* series are generated automatically from the
+# one made for MSVC version 6. Alas, if you want to do changes to any of the
+# fiels and send back to the project, edit the version six, make your diff and
+# mail curl-library.
+
 ###########################################################################
 #
 # Makefile for building libcurl with MSVC6
@@ -59,13 +64,14 @@
 
 !INCLUDE ..\Makefile.msvc.names
 
-
-
-
 !IFNDEF OPENSSL_PATH
 OPENSSL_PATH   = ../../openssl-0.9.8r
 !ENDIF
 
+!IFNDEF LIBSSH2_PATH
+LIBSSH2_PATH   = ../../libssh2-1.2.8
+!ENDIF
+
 !IFNDEF ZLIB_PATH
 ZLIB_PATH  = ../../zlib-1.2.5
 !ENDIF
@@ -100,6 +106,7 @@ WINDOWS_SDK_PATH = "$(PROGRAMFILES)\Microsoft SDK"
 CCNODBG    = cl.exe /O2 /DNDEBUG
 CCDEBUG    = cl.exe /Od /Gm /Zi /D_DEBUG /GZ
 CFLAGSSSL  = /DUSE_SSLEAY /I "$(OPENSSL_PATH)/inc32" /I "$(OPENSSL_PATH)/inc32/openssl"
+CFLAGSSSH2 = /DUSE_LIBSSH2 /DCURL_DISABLE_LDAP /DHAVE_LIBSSH2 /DHAVE_LIBSSH2_H /DLIBSSH2_WIN32 /DLIBSSH2_LIBRARY /I "$(LIBSSH2_PATH)/include"
 CFLAGSZLIB = /DHAVE_ZLIB_H /DHAVE_ZLIB /DHAVE_LIBZ /I "$(ZLIB_PATH)"
 CFLAGS     = /I. /I../include /nologo /W3 /GX /DWIN32 /YX /FD /c /DBUILDING_LIBCURL /D_BIND_TO_CURRENT_VCLIBS_VERSION=1
 CFLAGSLIB  = /DCURL_STATICLIB
@@ -219,6 +226,36 @@ CC       = $(CCNODBG) $(RTLIB) $(CFLAGSSSL) $(CFLAGSZLIB) $(CFLAGSLIB)
 CFGSET   = TRUE
 !ENDIF
 
+######################
+# release-ssl-ssh2-zlib
+
+!IF "$(CFG)" == "release-ssl-ssh2-zlib"
+TARGET   = $(LIB_NAME).lib
+DIROBJ   = $(CFG)
+LFLAGSSSL = "/LIBPATH:$(OPENSSL_PATH)\out32"
+LFLAGSSSH2 = "/LIBPATH:$(LIBSSH2_PATH)"
+LFLAGSZLIB = "/LIBPATH:$(ZLIB_PATH)"
+LNK      = $(LNKLIB) $(LFLAGSSSL) $(LFLAGSSSH2) $(LFLAGSZLIB) /out:$(DIROBJ)\$(TARGET)
+CC       = $(CCNODBG) $(RTLIB) $(CFLAGSSSL) $(CFLAGSSSH2) $(CFLAGSZLIB) $(CFLAGSLIB)
+CFGSET   = TRUE
+RESOURCE = $(LIBSSH2_PATH)/Release/src/libssh2.lib $(ZLIB_PATH)/zlib.lib
+!ENDIF
+
+######################
+# debug-ssl-ssh2-zlib
+
+!IF "$(CFG)" == "debug-ssl-ssh2-zlib"
+TARGET   = $(LIB_NAME_DEBUG).lib
+DIROBJ   = $(CFG)
+LFLAGSZLIB = "/LIBPATH:$(ZLIB_PATH)"
+LFLAGSSSH2 = "/LIBPATH:$(LIBSSH2_PATH)"
+LFLAGSSSL = "/LIBPATH:$(OPENSSL_PATH)\out32"
+LNK      = $(LNKLIB) $(ZLIBLIBS) $(LFLAGSSSL) $(LFLAGSSSH2) $(LFLAGSZLIB) /out:$(DIROBJ)\$(TARGET)
+CC       = $(CCDEBUG) $(RTLIBD) $(CFLAGSSSL) $(CFLAGSSSH2) $(CFLAGSZLIB) $(CFLAGSLIB)
+CFGSET   = TRUE
+RESOURCE = $(LIBSSH2_PATH)/Release/src/libssh2.lib $(ZLIB_PATH)/zlib.lib
+!ENDIF
+
 ######################
 # release-dll
 
@@ -418,6 +455,7 @@ RESOURCE = $(DIROBJ)\libcurl.res
 !MESSAGE   release-ssl                  - release static library with ssl
 !MESSAGE   release-zlib                 - release static library with zlib
 !MESSAGE   release-ssl-zlib             - release static library with ssl and zlib
+!MESSAGE   release-ssl-ssh2-zlib        - release static library with ssl, ssh2 and zlib
 !MESSAGE   release-ssl-dll              - release static library with dynamic ssl
 !MESSAGE   release-zlib-dll             - release static library with dynamic zlib
 !MESSAGE   release-ssl-dll-zlib-dll     - release static library with dynamic ssl and dynamic zlib
@@ -425,6 +463,7 @@ RESOURCE = $(DIROBJ)\libcurl.res
 !MESSAGE   release-dll-ssl-dll          - release dynamic library with dynamic ssl
 !MESSAGE   release-dll-zlib-dll         - release dynamic library with dynamic zlib
 !MESSAGE   release-dll-ssl-dll-zlib-dll - release dynamic library with dynamic ssl and dynamic zlib
+!MESSAGE   debug-ssl-ssh2-zlib          - debug static library with ssl, ssh2 and zlib
 !MESSAGE   debug                        - debug static library
 !MESSAGE   debug-ssl                    - debug static library with ssl
 !MESSAGE   debug-zlib                   - debug static library with zlib
@@ -467,6 +506,10 @@ X_OBJS= \
 	$(DIROBJ)\curl_fnmatch.obj \
 	$(DIROBJ)\curl_gethostname.obj \
 	$(DIROBJ)\curl_memrchr.obj \
+	$(DIROBJ)\curl_ntlm.obj \
+	$(DIROBJ)\curl_ntlm_core.obj \
+	$(DIROBJ)\curl_ntlm_msgs.obj \
+	$(DIROBJ)\curl_ntlm_wb.obj \
 	$(DIROBJ)\curl_rand.obj \
 	$(DIROBJ)\curl_rtmp.obj \
 	$(DIROBJ)\curl_sspi.obj \
@@ -494,7 +537,6 @@ X_OBJS= \
 	$(DIROBJ)\http_digest.obj \
 	$(DIROBJ)\http_negotiate.obj \
         $(DIROBJ)\http_negotiate_sspi.obj \
-	$(DIROBJ)\http_ntlm.obj \
 	$(DIROBJ)\http.obj \
 	$(DIROBJ)\http_proxy.obj \
 	$(DIROBJ)\if2ip.obj \

lib/asyn-ares.c

@@ -22,8 +22,6 @@
 
 #include "setup.h"
 
-#include <string.h>
-
 #ifdef HAVE_LIMITS_H
 #include <limits.h>
 #endif
@@ -39,16 +37,12 @@
 #ifdef HAVE_ARPA_INET_H
 #include <arpa/inet.h>
 #endif
-#ifdef HAVE_STDLIB_H
-#include <stdlib.h>     /* required for free() prototypes */
-#endif
 #ifdef HAVE_UNISTD_H
 #include <unistd.h>     /* for the close() proto */
 #endif
 #ifdef __VMS
 #include <in.h>
 #include <inet.h>
-#include <stdlib.h>
 #endif
 
 #ifdef HAVE_PROCESS_H

lib/asyn-thread.c

@@ -22,9 +22,6 @@
 
 #include "setup.h"
 
-#include <string.h>
-#include <errno.h>
-
 #ifdef HAVE_SYS_SOCKET_H
 #include <sys/socket.h>
 #endif
@@ -37,16 +34,12 @@
 #ifdef HAVE_ARPA_INET_H
 #include <arpa/inet.h>
 #endif
-#ifdef HAVE_STDLIB_H
-#include <stdlib.h>     /* required for free() prototypes */
-#endif
 #ifdef HAVE_UNISTD_H
 #include <unistd.h>     /* for the close() proto */
 #endif
 #ifdef __VMS
 #include <in.h>
 #include <inet.h>
-#include <stdlib.h>
 #endif
 
 #if defined(USE_THREADS_POSIX)
@@ -421,7 +414,7 @@ static bool init_resolve_thread (struct connectdata *conn,
    socket error string function can be used for this pupose. */
 static const char *gai_strerror(int ecode)
 {
-  switch (ecode){
+  switch (ecode) {
   case EAI_AGAIN:
     return "The name could not be resolved at this time";
   case EAI_BADFLAGS:
@@ -633,14 +626,28 @@ Curl_addrinfo *Curl_resolver_getaddrinfo(struct connectdata *conn,
                                          int *waitp)
 {
   struct addrinfo hints;
+  struct in_addr in;
   Curl_addrinfo *res;
   int error;
   char sbuf[NI_MAXSERV];
   int pf = PF_INET;
+#ifdef CURLRES_IPV6
+  struct in6_addr in6;
+#endif /* CURLRES_IPV6 */
 
   *waitp = 0; /* default to synchronous response */
 
-#ifndef CURLRES_IPV4
+  /* First check if this is an IPv4 address string */
+  if(Curl_inet_pton(AF_INET, hostname, &in) > 0)
+    /* This is a dotted IP address 123.123.123.123-style */
+    return Curl_ip2addr(AF_INET, &in, hostname, port);
+
+#ifdef CURLRES_IPV6
+  /* check if this is an IPv6 address string */
+  if(Curl_inet_pton (AF_INET6, hostname, &in6) > 0)
+    /* This is an IPv6 address literal */
+    return Curl_ip2addr(AF_INET6, &in6, hostname, port);
+
   /*
    * Check if a limited name resolve has been requested.
    */
@@ -660,7 +667,7 @@ Curl_addrinfo *Curl_resolver_getaddrinfo(struct connectdata *conn,
     /* the stack seems to be a non-ipv6 one */
     pf = PF_INET;
 
-#endif /* !CURLRES_IPV4 */
+#endif /* CURLRES_IPV6 */
 
   memset(&hints, 0, sizeof(hints));
   hints.ai_family = pf;

lib/asyn.h

@@ -146,15 +146,15 @@ Curl_addrinfo *Curl_resolver_getaddrinfo(struct connectdata *conn,
 
 #ifndef CURLRES_ASYNCH
 /* convert these functions if an asynch resolver isn't used */
-#define Curl_resolver_cancel(x)
+#define Curl_resolver_cancel(x) Curl_nop_stmt
 #define Curl_resolver_is_resolved(x,y) CURLE_COULDNT_RESOLVE_HOST
 #define Curl_resolver_wait_resolv(x,y) CURLE_COULDNT_RESOLVE_HOST
 #define Curl_resolver_getsock(x,y,z) 0
 #define Curl_resolver_duphandle(x,y) CURLE_OK
 #define Curl_resolver_init(x) CURLE_OK
 #define Curl_resolver_global_init() CURLE_OK
-#define Curl_resolver_global_cleanup()
-#define Curl_resolver_cleanup(x)
+#define Curl_resolver_global_cleanup() Curl_nop_stmt
+#define Curl_resolver_cleanup(x) Curl_nop_stmt
 #endif
 
 #ifdef CURLRES_ASYNCH

lib/axtls.c

@@ -27,13 +27,11 @@
  */
 
 #include "setup.h"
+
 #ifdef USE_AXTLS
 #include <axTLS/ssl.h>
 #include "axtls.h"
 
-#include <string.h>
-#include <stdlib.h>
-#include <ctype.h>
 #ifdef HAVE_SYS_SOCKET_H
 #include <sys/socket.h>
 #endif
@@ -58,7 +56,7 @@ static int SSL_read(SSL *ssl, void *buf, int num)
 
   while((ret = ssl_read(ssl, &read_buf)) == SSL_OK);
 
-  if(ret > SSL_OK){
+  if(ret > SSL_OK) {
     memcpy(buf, read_buf, ret > num ? num : ret);
   }
 
@@ -187,10 +185,10 @@ Curl_axtls_connect(struct connectdata *conn,
   /* Load the trusted CA cert bundle file */
   if(data->set.ssl.CAfile) {
     if(ssl_obj_load(ssl_ctx, SSL_OBJ_X509_CACERT, data->set.ssl.CAfile, NULL)
-       != SSL_OK){
+       != SSL_OK) {
       infof(data, "error reading ca cert file %s \n",
             data->set.ssl.CAfile);
-      if(data->set.ssl.verifypeer){
+      if(data->set.ssl.verifypeer) {
         Curl_axtls_close(conn, sockindex);
         return CURLE_SSL_CACERT_BADFILE;
       }
@@ -208,13 +206,13 @@ Curl_axtls_connect(struct connectdata *conn,
    */
 
   /* Load client certificate */
-  if(data->set.str[STRING_CERT]){
+  if(data->set.str[STRING_CERT]) {
     i=0;
     /* Instead of trying to analyze cert type here, let axTLS try them all. */
-    while(cert_types[i] != 0){
+    while(cert_types[i] != 0) {
       ssl_fcn_return = ssl_obj_load(ssl_ctx, cert_types[i],
                                     data->set.str[STRING_CERT], NULL);
-      if(ssl_fcn_return == SSL_OK){
+      if(ssl_fcn_return == SSL_OK) {
         infof(data, "successfully read cert file %s \n",
               data->set.str[STRING_CERT]);
         break;
@@ -222,7 +220,7 @@ Curl_axtls_connect(struct connectdata *conn,
       i++;
     }
     /* Tried all cert types, none worked. */
-    if(cert_types[i] == 0){
+    if(cert_types[i] == 0) {
       failf(data, "%s is not x509 or pkcs12 format",
             data->set.str[STRING_CERT]);
       Curl_axtls_close(conn, sockindex);
@@ -233,13 +231,13 @@ Curl_axtls_connect(struct connectdata *conn,
   /* Load client key.
      If a pkcs12 file successfully loaded a cert, then there's nothing to do
      because the key has already been loaded. */
-  if(data->set.str[STRING_KEY] && cert_types[i] != SSL_OBJ_PKCS12){
+  if(data->set.str[STRING_KEY] && cert_types[i] != SSL_OBJ_PKCS12) {
     i=0;
     /* Instead of trying to analyze key type here, let axTLS try them all. */
-    while(key_types[i] != 0){
+    while(key_types[i] != 0) {
       ssl_fcn_return = ssl_obj_load(ssl_ctx, key_types[i],
                                     data->set.str[STRING_KEY], NULL);
-      if(ssl_fcn_return == SSL_OK){
+      if(ssl_fcn_return == SSL_OK) {
         infof(data, "successfully read key file %s \n",
               data->set.str[STRING_KEY]);
         break;
@@ -247,7 +245,7 @@ Curl_axtls_connect(struct connectdata *conn,
       i++;
     }
     /* Tried all key types, none worked. */
-    if(key_types[i] == 0){
+    if(key_types[i] == 0) {
       failf(data, "Failure: %s is not a supported key file",
             data->set.str[STRING_KEY]);
       Curl_axtls_close(conn, sockindex);
@@ -273,7 +271,7 @@ Curl_axtls_connect(struct connectdata *conn,
 
   /* Check to make sure handshake was ok. */
   ssl_fcn_return = ssl_handshake_status(ssl);
-  if(ssl_fcn_return != SSL_OK){
+  if(ssl_fcn_return != SSL_OK) {
     Curl_axtls_close(conn, sockindex);
     ssl_display_error(ssl_fcn_return); /* goes to stdout. */
     return map_error_to_curl(ssl_fcn_return);
@@ -285,8 +283,8 @@ Curl_axtls_connect(struct connectdata *conn,
    */
 
   /* Verify server's certificate */
-  if(data->set.ssl.verifypeer){
-    if(ssl_verify_cert(ssl) != SSL_OK){
+  if(data->set.ssl.verifypeer) {
+    if(ssl_verify_cert(ssl) != SSL_OK) {
       Curl_axtls_close(conn, sockindex);
       failf(data, "server cert verify failed");
       return CURLE_SSL_CONNECT_ERROR;
@@ -415,7 +413,7 @@ int Curl_axtls_shutdown(struct connectdata *conn, int sockindex)
       nread = (ssize_t)SSL_read(conn->ssl[sockindex].ssl, buf,
                                 sizeof(buf));
 
-      if(nread < SSL_OK){
+      if(nread < SSL_OK) {
         failf(data, "close notify alert not received during shutdown");
         retval = -1;
       }
@@ -447,13 +445,13 @@ static ssize_t axtls_recv(struct connectdata *conn, /* connection data */
 
   infof(conn->data, "  axtls_recv\n");
 
-  if(connssl){
+  if(connssl) {
     ret = (ssize_t)SSL_read(conn->ssl[num].ssl, buf, (int)buffersize);
 
     /* axTLS isn't terribly generous about error reporting */
     /* With patched axTLS, SSL_CLOSE_NOTIFY=-3.  Hard-coding until axTLS
        team approves proposed fix. */
-    if(ret == -3 ){
+    if(ret == -3 ) {
       Curl_axtls_close(conn, num);
     }
     else if(ret < 0) {

lib/base64.c

@@ -24,9 +24,6 @@
 
 #include "setup.h"
 
-#include <stdlib.h>
-#include <string.h>
-
 #define _MPRINTF_REPLACE /* use our functions only */
 #include <curl/mprintf.h>
 
@@ -71,12 +68,19 @@ static void decodeQuantum(unsigned char *dest, const char *src)
 /*
  * Curl_base64_decode()
  *
- * Given a base64 string at src, decode it and return an allocated memory in
- * the *outptr. Returns the length of the decoded data.
+ * Given a base64 NUL-terminated string at src, decode it and return a
+ * pointer in *outptr to a newly allocated memory area holding decoded
+ * data. Size of decoded data is returned in variable pointed by outlen.
+ *
+ * Returns CURLE_OK on success, otherwise specific error code. Function
+ * output shall not be considered valid unless CURLE_OK is returned.
+ *
+ * When decoded data length is 0, returns NULL in *outptr.
  *
  * @unittest: 1302
  */
-size_t Curl_base64_decode(const char *src, unsigned char **outptr)
+CURLcode Curl_base64_decode(const char *src,
+                            unsigned char **outptr, size_t *outlen)
 {
   size_t length = 0;
   size_t equalsTerm = 0;
@@ -87,6 +91,7 @@ size_t Curl_base64_decode(const char *src, unsigned char **outptr)
   unsigned char *newstr;
 
   *outptr = NULL;
+  *outlen = 0;
 
   while((src[length] != '=') && src[length])
     length++;
@@ -100,7 +105,7 @@ size_t Curl_base64_decode(const char *src, unsigned char **outptr)
 
   /* Don't allocate a buffer if the decoded length is 0 */
   if(numQuantums == 0)
-    return 0;
+    return CURLE_OK;
 
   rawlen = (numQuantums * 3) - equalsTerm;
 
@@ -108,7 +113,7 @@ size_t Curl_base64_decode(const char *src, unsigned char **outptr)
   (which may be partially thrown out) and the zero terminator. */
   newstr = malloc(rawlen+4);
   if(!newstr)
-    return 0;
+    return CURLE_OUT_OF_MEMORY;
 
   *outptr = newstr;
 
@@ -127,23 +132,34 @@ size_t Curl_base64_decode(const char *src, unsigned char **outptr)
     newstr[i] = lastQuantum[i];
 
   newstr[i] = '\0'; /* zero terminate */
-  return rawlen;
+
+  *outlen = rawlen; /* return size of decoded data */
+
+  return CURLE_OK;
 }
 
 /*
  * Curl_base64_encode()
  *
- * Returns the length of the newly created base64 string. The third argument
- * is a pointer to an allocated area holding the base64 data. If something
- * went wrong, 0 is returned.
+ * Given a pointer to an input buffer and an input size, encode it and
+ * return a pointer in *outptr to a newly allocated memory area holding
+ * encoded data. Size of encoded data is returned in variable pointed by
+ * outlen.
+ *
+ * Input length of 0 indicates input buffer holds a NUL-terminated string.
+ *
+ * Returns CURLE_OK on success, otherwise specific error code. Function
+ * output shall not be considered valid unless CURLE_OK is returned.
+ *
+ * When encoded data length is 0, returns NULL in *outptr.
  *
  * @unittest: 1302
  */
-size_t Curl_base64_encode(struct SessionHandle *data,
-                          const char *inputbuff, size_t insize,
-                          char **outptr)
+CURLcode Curl_base64_encode(struct SessionHandle *data,
+                            const char *inputbuff, size_t insize,
+                            char **outptr, size_t *outlen)
 {
-  CURLcode res;
+  CURLcode error;
   unsigned char ibuf[3];
   unsigned char obuf[4];
   int i;
@@ -154,24 +170,25 @@ size_t Curl_base64_encode(struct SessionHandle *data,
 
   const char *indata = inputbuff;
 
-  *outptr = NULL; /* set to NULL in case of failure before we reach the end */
+  *outptr = NULL;
+  *outlen = 0;
 
   if(0 == insize)
     insize = strlen(indata);
 
   base64data = output = malloc(insize*4/3+4);
   if(NULL == output)
-    return 0;
+    return CURLE_OUT_OF_MEMORY;
 
   /*
    * The base64 data needs to be created using the network encoding
    * not the host encoding.  And we can't change the actual input
    * so we copy it to a buffer, translate it, and use that instead.
    */
-  res = Curl_convert_clone(data, indata, insize, &convbuf);
-  if(res) {
+  error = Curl_convert_clone(data, indata, insize, &convbuf);
+  if(error) {
     free(output);
-    return 0;
+    return error;
   }
 
   if(convbuf)
@@ -218,12 +235,14 @@ size_t Curl_base64_encode(struct SessionHandle *data,
     }
     output += 4;
   }
-  *output=0;
-  *outptr = base64data; /* make it return the actual data memory */
+  *output = '\0';
+  *outptr = base64data; /* return pointer to new data, allocated memory */
 
   if(convbuf)
     free(convbuf);
 
-  return strlen(base64data); /* return the length of the new data */
+  *outlen = strlen(base64data); /* return the length of the new data */
+
+  return CURLE_OK;
 }
 /* ---- End of Base64 Encoding ---- */

lib/checksrc.pl

@@ -62,7 +62,7 @@ while(1) {
         next;
     }
     elsif($file =~ /-W(.*)/) {
-        $wlist = $1;
+        $wlist .= " $1 ";
         $file = shift @ARGV;
         next;
     }
@@ -79,7 +79,7 @@ if(!$file) {
 }
 
 do {
-    if($file ne "$wlist") {
+    if("$wlist" !~ / $file /) {
         my $fullname = $file;
         $fullname = "$dir/$file" if ($fullname !~ '^\.?\.?/');
         scanfile($fullname);
@@ -145,9 +145,14 @@ sub scanfile {
         }
 
         # check for "} else"
-        if($l =~ /^(.*)\} else/) {
+        if($l =~ /^(.*)\} *else/) {
             checkwarn($line, length($1), $file, $l, "else after closing brace on same line");
         }
+        # check for "){"
+        if($l =~ /^(.*)\)\{/) {
+            checkwarn($line, length($1)+1, $file, $l, "missing space after close paren");
+        }
+
         # check for open brace first on line but not first column
         # only alert if previous line ended with a close paren and wasn't a cpp
         # line

lib/config-amigaos.h

@@ -7,7 +7,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2009, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2011, Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
@@ -26,6 +26,7 @@
 
 #define HAVE_ARPA_INET_H 1
 #define HAVE_CLOSESOCKET_CAMEL 1
+#define HAVE_ERRNO_H 1
 #define HAVE_GETHOSTBYADDR 1
 #define HAVE_INET_ADDR 1
 #define HAVE_INTTYPES_H 1

lib/config-dos.h

@@ -40,6 +40,7 @@
 #define PACKAGE  "curl"
 
 #define HAVE_ARPA_INET_H       1
+#define HAVE_ERRNO_H           1
 #define HAVE_FCNTL_H           1
 #define HAVE_GETADDRINFO       1
 #define HAVE_GETNAMEINFO       1

lib/config-mac.h

@@ -30,6 +30,7 @@
 
 #define OS "mac"
 
+#define HAVE_ERRNO_H            1
 #define HAVE_NETINET_IN_H       1
 #define HAVE_SYS_SOCKET_H       1
 #define HAVE_SYS_SELECT_H       1

lib/config-os400.h

@@ -97,6 +97,9 @@
 /* Define if you have the <des.h> header file. */
 #undef HAVE_DES_H
 
+/* Define if you have the <errno.h> header file. */
+#define HAVE_ERRNO_H
+
 /* Define if you have the <err.h> header file. */
 #undef HAVE_ERR_H
 

lib/config-riscos.h

@@ -92,6 +92,9 @@
 /* Define if you have the <des.h> header file. */
 #undef HAVE_DES_H
 
+/* Define if you have the <errno.h> header file. */
+#define HAVE_ERRNO_H
+
 /* Define if you have the <err.h> header file. */
 #undef HAVE_ERR_H
 

lib/config-vms.h

@@ -143,6 +143,9 @@
 /* Define if you have the uname function.  */
 #define HAVE_UNAME 1
 
+/* Define if you have the <errno.h> header file.  */
+#define HAVE_ERRNO_H 1
+
 /* Define if you have the <err.h> header file.  */
 #define HAVE_ERR_H 1
 

lib/config-win32.h

@@ -1,5 +1,5 @@
-#ifndef __LIB_CONFIG_WIN32_H
-#define __LIB_CONFIG_WIN32_H
+#ifndef HEADER_CURL_CONFIG_WIN32_H
+#define HEADER_CURL_CONFIG_WIN32_H
 /***************************************************************************
  *                                  _   _ ____  _
  *  Project                     ___| | | |  _ \| |
@@ -23,49 +23,57 @@
  ***************************************************************************/
 
 /* ================================================================ */
-/*    lib/config-win32.h - Hand crafted config file for Windows     */
+/*               Hand crafted config file for Windows               */
 /* ================================================================ */
 
 /* ---------------------------------------------------------------- */
 /*                          HEADER FILES                            */
 /* ---------------------------------------------------------------- */
 
-/* Define if you have the <arpa/inet.h> header file.  */
+/* Define if you have the <arpa/inet.h> header file. */
 /* #define HAVE_ARPA_INET_H 1 */
 
-/* Define if you have the <assert.h> header file.  */
+/* Define if you have the <assert.h> header file. */
 #define HAVE_ASSERT_H 1
 
-/* Define if you have the <crypto.h> header file.  */
+/* Define if you have the <crypto.h> header file. */
 /* #define HAVE_CRYPTO_H 1 */
 
-/* Define if you have the <err.h> header file.  */
+/* Define if you have the <errno.h> header file. */
+#define HAVE_ERRNO_H 1
+
+/* Define if you have the <err.h> header file. */
 /* #define HAVE_ERR_H 1 */
 
-/* Define if you have the <fcntl.h> header file.  */
+/* Define if you have the <fcntl.h> header file. */
 #define HAVE_FCNTL_H 1
 
-/* Define if you have the <getopt.h> header file.  */
-/* #define HAVE_GETOPT_H 1 */
+/* Define if you have the <getopt.h> header file. */
+#if defined(__MINGW32__) || defined(__POCC__)
+#define HAVE_GETOPT_H 1
+#endif
 
-/* Define if you have the <io.h> header file.  */
+/* Define if you have the <io.h> header file. */
 #define HAVE_IO_H 1
 
-/* Define if you have the <limits.h> header file.  */
+/* Define if you have the <limits.h> header file. */
 #define HAVE_LIMITS_H 1
 
-/* Define if you need the malloc.h header file even with stdlib.h  */
+/* Define if you have the <locale.h> header file. */
+#define HAVE_LOCALE_H 1
+
+/* Define if you need <malloc.h> header even with <stdlib.h> header file. */
 #if !defined(__SALFORDC__) && !defined(__POCC__)
 #define NEED_MALLOC_H 1
 #endif
 
-/* Define if you have the <netdb.h> header file.  */
+/* Define if you have the <netdb.h> header file. */
 /* #define HAVE_NETDB_H 1 */
 
-/* Define if you have the <netinet/in.h> header file.  */
+/* Define if you have the <netinet/in.h> header file. */
 /* #define HAVE_NETINET_IN_H 1 */
 
-/* Define if you have the <process.h> header file.  */
+/* Define if you have the <process.h> header file. */
 #ifndef __SALFORDC__
 #define HAVE_PROCESS_H 1
 #endif
@@ -73,68 +81,68 @@
 /* Define if you have the <signal.h> header file. */
 #define HAVE_SIGNAL_H 1
 
-/* Define if you have the <sgtty.h> header file.  */
+/* Define if you have the <sgtty.h> header file. */
 /* #define HAVE_SGTTY_H 1 */
 
-/* Define if you have the <ssl.h> header file.  */
+/* Define if you have the <ssl.h> header file. */
 /* #define HAVE_SSL_H 1 */
 
-/* Define if you have the <stdlib.h> header file.  */
+/* Define if you have the <stdlib.h> header file. */
 #define HAVE_STDLIB_H 1
 
-/* Define if you have the <sys/param.h> header file.  */
+/* Define if you have the <sys/param.h> header file. */
 /* #define HAVE_SYS_PARAM_H 1 */
 
-/* Define if you have the <sys/select.h> header file.  */
+/* Define if you have the <sys/select.h> header file. */
 /* #define HAVE_SYS_SELECT_H 1 */
 
-/* Define if you have the <sys/socket.h> header file.  */
+/* Define if you have the <sys/socket.h> header file. */
 /* #define HAVE_SYS_SOCKET_H 1 */
 
-/* Define if you have the <sys/sockio.h> header file.  */
+/* Define if you have the <sys/sockio.h> header file. */
 /* #define HAVE_SYS_SOCKIO_H 1 */
 
-/* Define if you have the <sys/stat.h> header file.  */
+/* Define if you have the <sys/stat.h> header file. */
 #define HAVE_SYS_STAT_H 1
 
-/* Define if you have the <sys/time.h> header file */
+/* Define if you have the <sys/time.h> header file. */
 /* #define HAVE_SYS_TIME_H 1 */
 
-/* Define if you have the <sys/types.h> header file.  */
+/* Define if you have the <sys/types.h> header file. */
 #define HAVE_SYS_TYPES_H 1
 
-/* Define if you have the <sys/utime.h> header file.  */
+/* Define if you have the <sys/utime.h> header file. */
 #ifndef __BORLANDC__
 #define HAVE_SYS_UTIME_H 1
 #endif
 
-/* Define if you have the <termio.h> header file.  */
+/* Define if you have the <termio.h> header file. */
 /* #define HAVE_TERMIO_H 1 */
 
-/* Define if you have the <termios.h> header file.  */
+/* Define if you have the <termios.h> header file. */
 /* #define HAVE_TERMIOS_H 1 */
 
-/* Define if you have the <time.h> header file.  */
+/* Define if you have the <time.h> header file. */
 #define HAVE_TIME_H 1
 
-/* Define if you have the <unistd.h> header file.  */
+/* Define if you have the <unistd.h> header file. */
 #if defined(__MINGW32__) || defined(__WATCOMC__) || defined(__LCC__) || \
     defined(__POCC__)
 #define HAVE_UNISTD_H 1
 #endif
 
-/* Define if you have the <windows.h> header file.  */
+/* Define if you have the <windows.h> header file. */
 #define HAVE_WINDOWS_H 1
 
-/* Define if you have the <winsock.h> header file.  */
+/* Define if you have the <winsock.h> header file. */
 #define HAVE_WINSOCK_H 1
 
-/* Define if you have the <winsock2.h> header file.  */
+/* Define if you have the <winsock2.h> header file. */
 #ifndef __SALFORDC__
 #define HAVE_WINSOCK2_H 1
 #endif
 
-/* Define if you have the <ws2tcpip.h> header file.  */
+/* Define if you have the <ws2tcpip.h> header file. */
 #ifndef __SALFORDC__
 #define HAVE_WS2TCPIP_H 1
 #endif
@@ -146,41 +154,44 @@
 /* Define if sig_atomic_t is an available typedef. */
 #define HAVE_SIG_ATOMIC_T 1
 
-/* Define if you have the ANSI C header files.  */
+/* Define if you have the ANSI C header files. */
 #define STDC_HEADERS 1
 
-/* Define if you can safely include both <sys/time.h> and <time.h>.  */
+/* Define if you can safely include both <sys/time.h> and <time.h>. */
 /* #define TIME_WITH_SYS_TIME 1 */
 
 /* ---------------------------------------------------------------- */
 /*                             FUNCTIONS                            */
 /* ---------------------------------------------------------------- */
 
-/* Define if you have the closesocket function.  */
+/* Define if you have the closesocket function. */
 #define HAVE_CLOSESOCKET 1
 
-/* Define if you don't have vprintf but do have _doprnt.  */
+/* Define if you don't have vprintf but do have _doprnt. */
 /* #define HAVE_DOPRNT 1 */
 
-/* Define if you have the gethostbyaddr function.  */
+/* Define if you have the ftruncate function. */
+#define HAVE_FTRUNCATE 1
+
+/* Define if you have the gethostbyaddr function. */
 #define HAVE_GETHOSTBYADDR 1
 
-/* Define if you have the gethostname function.  */
+/* Define if you have the gethostname function. */
 #define HAVE_GETHOSTNAME 1
 
-/* Define if you have the getpass function.  */
+/* Define if you have the getpass function. */
 /* #define HAVE_GETPASS 1 */
 
-/* Define if you have the getservbyname function.  */
+/* Define if you have the getservbyname function. */
 #define HAVE_GETSERVBYNAME 1
 
-/* Define if you have the getprotobyname function.  */
+/* Define if you have the getprotobyname function. */
 #define HAVE_GETPROTOBYNAME
 
-/* Define if you have the gettimeofday function.  */
+/* Define if you have the gettimeofday function. */
 /* #define HAVE_GETTIMEOFDAY 1 */
 
-/* Define if you have the inet_addr function.  */
+/* Define if you have the inet_addr function. */
 #define HAVE_INET_ADDR 1
 
 /* Define if you have the ioctlsocket function. */
@@ -189,35 +200,41 @@
 /* Define if you have a working ioctlsocket FIONBIO function. */
 #define HAVE_IOCTLSOCKET_FIONBIO 1
 
-/* Define if you have the perror function.  */
+/* Define if you have the perror function. */
 #define HAVE_PERROR 1
 
-/* Define if you have the RAND_screen function when using SSL  */
+/* Define if you have the RAND_screen function when using SSL. */
 #define HAVE_RAND_SCREEN 1
 
 /* Define if you have the `RAND_status' function when using SSL. */
 #define HAVE_RAND_STATUS 1
 
-/* Define to 1 if you have the `CRYPTO_cleanup_all_ex_data' function.
+/* Define if you have the `CRYPTO_cleanup_all_ex_data' function.
    This is present in OpenSSL versions after 0.9.6b */
 #define HAVE_CRYPTO_CLEANUP_ALL_EX_DATA 1
 
-/* Define if you have the select function.  */
+/* Define if you have the select function. */
 #define HAVE_SELECT 1
 
-/* Define if you have the setvbuf function.  */
+/* Define if you have the setlocale function. */
+#define HAVE_SETLOCALE 1
+
+/* Define if you have the setmode function. */
+#define HAVE_SETMODE 1
+
+/* Define if you have the setvbuf function. */
 #define HAVE_SETVBUF 1
 
-/* Define if you have the socket function.  */
+/* Define if you have the socket function. */
 #define HAVE_SOCKET 1
 
-/* Define if you have the strcasecmp function.  */
+/* Define if you have the strcasecmp function. */
 /* #define HAVE_STRCASECMP 1 */
 
-/* Define if you have the strdup function.  */
+/* Define if you have the strdup function. */
 #define HAVE_STRDUP 1
 
-/* Define if you have the strftime function.  */
+/* Define if you have the strftime function. */
 #define HAVE_STRFTIME 1
 
 /* Define if you have the stricmp function. */
@@ -229,21 +246,21 @@
 /* Define if you have the strnicmp function. */
 #define HAVE_STRNICMP 1
 
-/* Define if you have the strstr function.  */
+/* Define if you have the strstr function. */
 #define HAVE_STRSTR 1
 
-/* Define if you have the strtoll function.  */
+/* Define if you have the strtoll function. */
 #if defined(__MINGW32__) || defined(__WATCOMC__) || defined(__POCC__)
 #define HAVE_STRTOLL 1
 #endif
 
-/* Define if you have the tcgetattr function.  */
+/* Define if you have the tcgetattr function. */
 /* #define HAVE_TCGETATTR 1 */
 
-/* Define if you have the tcsetattr function.  */
+/* Define if you have the tcsetattr function. */
 /* #define HAVE_TCSETATTR 1 */
 
-/* Define if you have the utime function */
+/* Define if you have the utime function. */
 #ifndef __BORLANDC__
 #define HAVE_UTIME 1
 #endif
@@ -330,13 +347,13 @@
 /*                       TYPEDEF REPLACEMENTS                       */
 /* ---------------------------------------------------------------- */
 
-/* Define this if in_addr_t is not an available 'typedefed' type */
+/* Define if in_addr_t is not an available 'typedefed' type. */
 #define in_addr_t unsigned long
 
-/* Define as the return type of signal handlers (int or void).  */
+/* Define to the return type of signal handlers (int or void). */
 #define RETSIGTYPE void
 
-/* Define ssize_t if it is not an available 'typedefed' type */
+/* Define if ssize_t is not an available 'typedefed' type. */
 #ifndef _SSIZE_T_DEFINED
 #  if (defined(__WATCOMC__) && (__WATCOMC__ >= 1240)) || \
       defined(__POCC__) || \
@@ -354,19 +371,19 @@
 /*                            TYPE SIZES                            */
 /* ---------------------------------------------------------------- */
 
-/* The size of `int', as computed by sizeof. */
+/* Define to the size of `int', as computed by sizeof. */
 #define SIZEOF_INT 4
 
-/* The size of `long double', as computed by sizeof. */
+/* Define to the size of `long double', as computed by sizeof. */
 #define SIZEOF_LONG_DOUBLE 16
 
-/* The size of `long long', as computed by sizeof. */
+/* Define to the size of `long long', as computed by sizeof. */
 /* #define SIZEOF_LONG_LONG 8 */
 
-/* The size of `short', as computed by sizeof. */
+/* Define to the size of `short', as computed by sizeof. */
 #define SIZEOF_SHORT 2
 
-/* The size of `size_t', as computed by sizeof. */
+/* Define to the size of `size_t', as computed by sizeof. */
 #if defined(_WIN64)
 #  define SIZEOF_SIZE_T 8
 #else
@@ -377,14 +394,49 @@
 /*                          STRUCT RELATED                          */
 /* ---------------------------------------------------------------- */
 
-/* Define this if you have struct sockaddr_storage */
+/* Define if you have struct sockaddr_storage. */
 #if !defined(__SALFORDC__) && !defined(__BORLANDC__)
 #define HAVE_STRUCT_SOCKADDR_STORAGE 1
 #endif
 
-/* Define this if you have struct timeval */
+/* Define if you have struct timeval. */
 #define HAVE_STRUCT_TIMEVAL 1
 
+/* Define if struct sockaddr_in6 has the sin6_scope_id member. */
+#define HAVE_SOCKADDR_IN6_SIN6_SCOPE_ID 1
+
+/* ---------------------------------------------------------------- */
+/*               BSD-style lwIP TCP/IP stack SPECIFIC               */
+/* ---------------------------------------------------------------- */
+
+/* Define to use BSD-style lwIP TCP/IP stack. */
+/* #define USE_LWIPSOCK 1 */
+
+#ifdef USE_LWIPSOCK
+#  undef USE_WINSOCK
+#  undef HAVE_WINSOCK_H
+#  undef HAVE_WINSOCK2_H
+#  undef HAVE_WS2TCPIP_H
+#  undef HAVE_ERRNO_H
+#  undef HAVE_GETHOSTNAME
+#  undef HAVE_GETNAMEINFO
+#  undef LWIP_POSIX_SOCKETS_IO_NAMES
+#  undef RECV_TYPE_ARG1
+#  undef RECV_TYPE_ARG3
+#  undef SEND_TYPE_ARG1
+#  undef SEND_TYPE_ARG3
+#  define HAVE_FREEADDRINFO
+#  define HAVE_GETADDRINFO
+#  define HAVE_GETHOSTBYNAME
+#  define HAVE_GETHOSTBYNAME_R
+#  define HAVE_GETHOSTBYNAME_R_6
+#  define LWIP_POSIX_SOCKETS_IO_NAMES 0
+#  define RECV_TYPE_ARG1 int
+#  define RECV_TYPE_ARG3 size_t
+#  define SEND_TYPE_ARG1 int
+#  define SEND_TYPE_ARG3 size_t
+#endif
+
 /* ---------------------------------------------------------------- */
 /*                        Watt-32 tcp/ip SPECIFIC                   */
 /* ---------------------------------------------------------------- */
@@ -413,8 +465,11 @@
 /*                        COMPILER SPECIFIC                         */
 /* ---------------------------------------------------------------- */
 
-/* Undef keyword 'const' if it does not work.  */
-/* #undef const */
+/* Define to nothing if compiler does not support 'const' qualifier. */
+/* #define const */
+
+/* Define to nothing if compiler does not support 'volatile' qualifier. */
+/* #define volatile */
 
 /* Windows should not have HAVE_GMTIME_R defined */
 /* #undef HAVE_GMTIME_R */
@@ -429,14 +484,14 @@
 #define HAVE_LONGLONG 1
 #endif
 
-/* Define to avoid VS2005 complaining about portable C functions */
+/* Define to avoid VS2005 complaining about portable C functions. */
 #if defined(_MSC_VER) && (_MSC_VER >= 1400)
 #define _CRT_SECURE_NO_DEPRECATE 1
 #define _CRT_NONSTDC_NO_DEPRECATE 1
 #endif
 
-/* VS2005 and later dafault size for time_t is 64-bit, unless */
-/* _USE_32BIT_TIME_T has been defined to get a 32-bit time_t. */
+/* VS2005 and later dafault size for time_t is 64-bit, unless
+   _USE_32BIT_TIME_T has been defined to get a 32-bit time_t. */
 #if defined(_MSC_VER) && (_MSC_VER >= 1400)
 #  ifndef _USE_32BIT_TIME_T
 #    define SIZEOF_TIME_T 8
@@ -446,12 +501,13 @@
 #endif
 
 /* Officially, Microsoft's Windows SDK versions 6.X do not support Windows
-   2000 as a supported build target. VS2008 default installations provide an
-   embedded Windows SDK v6.0A along with the claim that Windows 2000 is a
-   valid build target for VS2008. Popular belief is that binaries built using
-   Windows SDK versions 6.X and Windows 2000 as a build target are functional */
+   2000 as a supported build target. VS2008 default installations provide
+   an embedded Windows SDK v6.0A along with the claim that Windows 2000 is
+   a valid build target for VS2008. Popular belief is that binaries built
+   with VS2008 using Windows SDK versions 6.X and Windows 2000 as a build
+   target are functional. */
 #if defined(_MSC_VER) && (_MSC_VER >= 1500)
-#  define VS2008_MINIMUM_TARGET 0x0500
+#  define VS2008_MIN_TARGET 0x0500
 #endif
 
 /* When no build target is specified VS2008 default build target is Windows
@@ -459,18 +515,18 @@
    for VS2008 we will target the minimum Officially supported build target,
    which happens to be Windows XP. */
 #if defined(_MSC_VER) && (_MSC_VER >= 1500)
-#  define VS2008_DEFAULT_TARGET  0x0501
+#  define VS2008_DEF_TARGET  0x0501
 #endif
 
-/* VS2008 default target settings and minimum build target check */
+/* VS2008 default target settings and minimum build target check. */
 #if defined(_MSC_VER) && (_MSC_VER >= 1500)
 #  ifndef _WIN32_WINNT
-#    define _WIN32_WINNT VS2008_DEFAULT_TARGET
+#    define _WIN32_WINNT VS2008_DEF_TARGET
 #  endif
 #  ifndef WINVER
-#    define WINVER VS2008_DEFAULT_TARGET
+#    define WINVER VS2008_DEF_TARGET
 #  endif
-#  if (_WIN32_WINNT < VS2008_MINIMUM_TARGET) || (WINVER < VS2008_MINIMUM_TARGET)
+#  if (_WIN32_WINNT < VS2008_MIN_TARGET) || (WINVER < VS2008_MIN_TARGET)
 #    error VS2008 does not support Windows build targets prior to Windows 2000
 #  endif
 #endif
@@ -549,13 +605,13 @@
 /* ---------------------------------------------------------------- */
 
 /*
- * Undefine both USE_ARES and USE_THREADS_WIN32 for synchronous DNS
+ * Undefine both USE_ARES and USE_THREADS_WIN32 for synchronous DNS.
  */
 
-/* Define USE_ARES to enable c-ares asynchronous DNS lookups */
+/* Define to enable c-ares asynchronous DNS lookups. */
 /* #define USE_ARES 1 */
 
-/* Define USE_THREADS_WIN32 to enable threaded asynchronous DNS lookups */
+/* Define to enable threaded asynchronous DNS lookups. */
 #define USE_THREADS_WIN32 1
 
 #if defined(USE_ARES) && defined(USE_THREADS_WIN32)
@@ -597,10 +653,10 @@
 #undef OS
 #if defined(_M_IX86) || defined(__i386__) /* x86 (MSVC or gcc) */
 #define OS "i386-pc-win32"
+#elif defined(_M_X64) || defined(__x86_64__) /* x86_64 (MSVC >=2005 or gcc) */
+#define OS "x86_64-pc-win32"
 #elif defined(_M_IA64) /* Itanium */
 #define OS "ia64-pc-win32"
-#elif defined(_M_X64) /* AMD64/EM64T - Not defined until MSVC 2005 */
-#define OS "amd64-pc-win32"
 #else
 #define OS "unknown-pc-win32"
 #endif
@@ -608,8 +664,11 @@
 /* Name of package */
 #define PACKAGE "curl"
 
+/* If you want to build curl with the built-in manual */
+#define USE_MANUAL 1
+
 #if defined(__POCC__) || (USE_IPV6)
 #  define ENABLE_IPV6 1
 #endif
 
-#endif /* __LIB_CONFIG_WIN32_H */
+#endif /* HEADER_CURL_CONFIG_WIN32_H */

lib/config-win32ce.h

@@ -39,6 +39,9 @@
 /* Define if you have the <crypto.h> header file.  */
 /* #define HAVE_CRYPTO_H 1 */
 
+/* Define if you have the <errno.h> header file.  */
+/* #define HAVE_ERRNO_H 1 */
+
 /* Define if you have the <err.h> header file.  */
 /* #define HAVE_ERR_H 1 */
 

lib/connect.c

@@ -22,9 +22,6 @@
 
 #include "setup.h"
 
-#ifdef HAVE_SYS_TIME_H
-#include <sys/time.h>
-#endif
 #ifdef HAVE_SYS_SOCKET_H
 #include <sys/socket.h>
 #endif
@@ -52,9 +49,6 @@
 #ifdef HAVE_ARPA_INET_H
 #include <arpa/inet.h>
 #endif
-#ifdef HAVE_STDLIB_H
-#include <stdlib.h>
-#endif
 
 #if (defined(HAVE_IOCTL_FIONBIO) && defined(NETWARE))
 #include <sys/filio.h>
@@ -68,10 +62,6 @@
 #include <inet.h>
 #endif
 
-#include <stdio.h>
-#include <errno.h>
-#include <string.h>
-
 #define _MPRINTF_REPLACE /* use our functions only */
 #include <curl/mprintf.h>
 
@@ -669,7 +659,7 @@ CURLcode Curl_is_connected(struct connectdata *conn,
 
   *connected = FALSE; /* a very negative world view is best */
 
-  if(conn->bits.tcpconnect) {
+  if(conn->bits.tcpconnect[sockindex]) {
     /* we are connected already! */
     *connected = TRUE;
     return CURLE_OK;
@@ -708,9 +698,10 @@ CURLcode Curl_is_connected(struct connectdata *conn,
       if(code)
         return code;
 
-      conn->bits.tcpconnect = TRUE;
+      conn->bits.tcpconnect[sockindex] = TRUE;
       *connected = TRUE;
-      Curl_pgrsTime(data, TIMER_CONNECT); /* connect done */
+      if(sockindex == FIRSTSOCKET)
+        Curl_pgrsTime(data, TIMER_CONNECT); /* connect done */
       Curl_verboseconnect(conn);
       Curl_updateconninfo(conn, sockfd);
 
@@ -756,7 +747,7 @@ static void tcpnodelay(struct connectdata *conn,
 #ifdef TCP_NODELAY
   struct SessionHandle *data= conn->data;
   curl_socklen_t onoff = (curl_socklen_t) data->set.tcp_nodelay;
-  int proto = IPPROTO_TCP;
+  int level = IPPROTO_TCP;
 
 #if 0
   /* The use of getprotobyname() is disabled since it isn't thread-safe on
@@ -768,10 +759,10 @@ static void tcpnodelay(struct connectdata *conn,
      detected. */
   struct protoent *pe = getprotobyname("tcp");
   if(pe)
-    proto = pe->p_proto;
+    level = pe->p_proto;
 #endif
 
-  if(setsockopt(sockfd, proto, TCP_NODELAY, (void *)&onoff,
+  if(setsockopt(sockfd, level, TCP_NODELAY, (void *)&onoff,
                 sizeof(onoff)) < 0)
     infof(data, "Could not set TCP_NODELAY: %s\n",
           Curl_strerror(conn, SOCKERRNO));
@@ -799,10 +790,10 @@ static void nosigpipe(struct connectdata *conn,
           Curl_strerror(conn, SOCKERRNO));
 }
 #else
-#define nosigpipe(x,y)
+#define nosigpipe(x,y) Curl_nop_stmt
 #endif
 
-#ifdef WIN32
+#ifdef USE_WINSOCK
 /* When you run a program that uses the Windows Sockets API, you may
    experience slow performance when you copy data to a TCP server.
 
@@ -845,7 +836,7 @@ singleipconnect(struct connectdata *conn,
 {
   struct Curl_sockaddr_ex addr;
   int rc;
-  int error;
+  int error = 0;
   bool isconnected = FALSE;
   struct SessionHandle *data = conn->data;
   curl_socket_t sockfd;
@@ -916,11 +907,6 @@ singleipconnect(struct connectdata *conn,
 
   Curl_persistconninfo(conn);
 
-#ifdef ENABLE_IPV6
-  if(addr.family == AF_INET6)
-    conn->bits.ipv6 = TRUE;
-#endif
-
   if(data->set.tcp_nodelay)
     tcpnodelay(conn, sockfd);
 
@@ -955,6 +941,8 @@ singleipconnect(struct connectdata *conn,
   /* Connect TCP sockets, bind UDP */
   if(!isconnected && (conn->socktype == SOCK_STREAM)) {
     rc = connect(sockfd, &addr.sa_addr, addr.addrlen);
+    if(-1 == rc)
+      error = SOCKERRNO;
     conn->connecttime = Curl_tvnow();
     if(conn->num_addr > 1)
       Curl_expire(data, conn->timeoutms_per_addr);
@@ -963,8 +951,6 @@ singleipconnect(struct connectdata *conn,
     rc = 0;
 
   if(-1 == rc) {
-    error = SOCKERRNO;
-
     switch (error) {
     case EINPROGRESS:
     case EWOULDBLOCK:
@@ -1008,6 +994,10 @@ singleipconnect(struct connectdata *conn,
     /* we are connected, awesome! */
     *connected = TRUE; /* this is a true connect */
     infof(data, "connected\n");
+#ifdef ENABLE_IPV6
+    conn->bits.ipv6 = (addr.family == AF_INET6)?TRUE:FALSE;
+#endif
+
     Curl_updateconninfo(conn, sockfd);
     *sockp = sockfd;
     return CURLE_OK;

lib/connect.h

@@ -1,5 +1,5 @@
-#ifndef __CONNECT_H
-#define __CONNECT_H
+#ifndef HEADER_CURL_CONNECT_H
+#define HEADER_CURL_CONNECT_H
 /***************************************************************************
  *                                  _   _ ____  _
  *  Project                     ___| | | |  _ \| |
@@ -21,6 +21,7 @@
  * KIND, either express or implied.
  *
  ***************************************************************************/
+#include "setup.h"
 
 #include "nonblock.h" /* for curlx_nonblock(), formerly Curl_nonblock() */
 
@@ -52,7 +53,7 @@ long Curl_timeleft(struct SessionHandle *data,
 curl_socket_t Curl_getconnectinfo(struct SessionHandle *data,
                                   struct connectdata **connp);
 
-#ifdef WIN32
+#ifdef USE_WINSOCK
 /* When you run a program that uses the Windows Sockets API, you may
    experience slow performance when you copy data to a TCP server.
 
@@ -64,10 +65,11 @@ curl_socket_t Curl_getconnectinfo(struct SessionHandle *data,
 */
 void Curl_sndbufset(curl_socket_t sockfd);
 #else
-#define Curl_sndbufset(y)
+#define Curl_sndbufset(y) Curl_nop_stmt
 #endif
 
 void Curl_updateconninfo(struct connectdata *conn, curl_socket_t sockfd);
 void Curl_persistconninfo(struct connectdata *conn);
 int Curl_closesocket(struct connectdata *conn, curl_socket_t sock);
-#endif
+
+#endif /* HEADER_CURL_CONNECT_H */

lib/content_encoding.c

@@ -24,9 +24,6 @@
 
 #ifdef HAVE_LIBZ
 
-#include <stdlib.h>
-#include <string.h>
-
 #include "urldata.h"
 #include <curl/curl.h>
 #include "sendf.h"
@@ -52,6 +49,21 @@
 #define COMMENT      0x10 /* bit 4 set: file comment present */
 #define RESERVED     0xE0 /* bits 5..7: reserved */
 
+static voidpf
+zalloc_cb(voidpf opaque, unsigned int items, unsigned int size)
+{
+  (void) opaque;
+  /* not a typo, keep it calloc() */
+  return (voidpf) calloc(items, size);
+}
+
+static void
+zfree_cb(voidpf opaque, voidpf ptr)
+{
+  (void) opaque;
+  free(ptr);
+}
+
 static CURLcode
 process_zlib_error(struct connectdata *conn, z_stream *z)
 {
@@ -161,11 +173,10 @@ Curl_unencode_deflate_write(struct connectdata *conn,
 
   /* Initialize zlib? */
   if(k->zlib_init == ZLIB_UNINIT) {
-    z->zalloc = (alloc_func)Z_NULL;
-    z->zfree = (free_func)Z_NULL;
-    z->opaque = 0;
-    z->next_in = NULL;
-    z->avail_in = 0;
+    memset(z, 0, sizeof(z_stream));
+    z->zalloc = (alloc_func)zalloc_cb;
+    z->zfree = (free_func)zfree_cb;
+
     if(inflateInit(z) != Z_OK)
       return process_zlib_error(conn, z);
     k->zlib_init = ZLIB_INIT;
@@ -272,11 +283,9 @@ Curl_unencode_gzip_write(struct connectdata *conn,
 
   /* Initialize zlib? */
   if(k->zlib_init == ZLIB_UNINIT) {
-    z->zalloc = (alloc_func)Z_NULL;
-    z->zfree = (free_func)Z_NULL;
-    z->opaque = 0;
-    z->next_in = NULL;
-    z->avail_in = 0;
+    memset(z, 0, sizeof(z_stream));
+    z->zalloc = (alloc_func)zalloc_cb;
+    z->zfree = (free_func)zfree_cb;
 
     if(strcmp(zlibVersion(), "1.2.0.4") >= 0) {
       /* zlib ver. >= 1.2.0.4 supports transparent gzip decompressing */

lib/content_encoding.h

@@ -1,5 +1,5 @@
-#ifndef __CURL_CONTENT_ENCODING_H
-#define __CURL_CONTENT_ENCODING_H
+#ifndef HEADER_CURL_CONTENT_ENCODING_H
+#define HEADER_CURL_CONTENT_ENCODING_H
 /***************************************************************************
  *                                  _   _ ____  _
  *  Project                     ___| | | |  _ \| |
@@ -7,7 +7,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2009, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2011, Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
@@ -32,7 +32,7 @@
 void Curl_unencode_cleanup(struct connectdata *conn);
 #else
 #define ALL_CONTENT_ENCODINGS "identity"
-#define Curl_unencode_cleanup(x)
+#define Curl_unencode_cleanup(x) Curl_nop_stmt
 #endif
 
 CURLcode Curl_unencode_deflate_write(struct connectdata *conn,
@@ -45,4 +45,4 @@ Curl_unencode_gzip_write(struct connectdata *conn,
                          ssize_t nread);
 
 
-#endif
+#endif /* HEADER_CURL_CONTENT_ENCODING_H */

lib/cookie.c

@@ -81,9 +81,6 @@ Example set of cookies:
 
 #if !defined(CURL_DISABLE_HTTP) && !defined(CURL_DISABLE_COOKIES)
 
-#include <stdlib.h>
-#include <string.h>
-
 #define _MPRINTF_REPLACE
 #include <curl/mprintf.h>
 
@@ -129,7 +126,7 @@ static bool tailmatch(const char *little, const char *bigone)
   if(littlelen > biglen)
     return FALSE;
 
-  return (bool)Curl_raw_equal(little, bigone+biglen-littlelen);
+  return Curl_raw_equal(little, bigone+biglen-littlelen) ? TRUE : FALSE;
 }
 
 /*
@@ -147,9 +144,9 @@ void Curl_cookie_loadfiles(struct SessionHandle *data)
                                        data->set.cookiesession);
       list = list->next;
     }
-    Curl_share_unlock(data, CURL_LOCK_DATA_COOKIE);
     curl_slist_free_all(data->change.cookielist); /* clean up list */
     data->change.cookielist = NULL; /* don't do this again! */
+    Curl_share_unlock(data, CURL_LOCK_DATA_COOKIE);
   }
 }
 
@@ -209,7 +206,6 @@ Curl_cookie_add(struct SessionHandle *data,
   if(httpheader) {
     /* This line was read off a HTTP-header */
     const char *ptr;
-    const char *sep;
     const char *semiptr;
     char *what;
 
@@ -226,185 +222,186 @@ Curl_cookie_add(struct SessionHandle *data,
 
     ptr = lineptr;
     do {
-      /* we have a <what>=<this> pair or a 'secure' word here */
-      sep = strchr(ptr, '=');
-      if(sep && (!semiptr || (semiptr>sep)) ) {
-        /*
-         * There is a = sign and if there was a semicolon too, which make sure
-         * that the semicolon comes _after_ the equal sign.
-         */
+      /* we have a <what>=<this> pair or a stand-alone word here */
+      name[0]=what[0]=0; /* init the buffers */
+      if(1 <= sscanf(ptr, "%" MAX_NAME_TXT "[^;\r\n =]=%"
+                     MAX_COOKIE_LINE_TXT "[^;\r\n]",
+                     name, what)) {
+        /* Use strstore() below to properly deal with received cookie
+           headers that have the same string property set more than once,
+           and then we use the last one. */
+        const char *whatptr;
+        bool done = FALSE;
+        bool sep;
+        size_t len=strlen(what);
+        const char *endofn = &ptr[ strlen(name) ];
 
-        name[0]=what[0]=0; /* init the buffers */
-        if(1 <= sscanf(ptr, "%" MAX_NAME_TXT "[^;=]=%"
-                       MAX_COOKIE_LINE_TXT "[^;\r\n]",
-                       name, what)) {
-          /* this is a <name>=<what> pair. We use strstore() below to properly
-             deal with received cookie headers that have the same string
-             property set more than once, and then we use the last one. */
+        /* skip trailing spaces in name */
+        while(*endofn && ISBLANK(*endofn))
+          endofn++;
 
-          const char *whatptr;
+        /* name ends with a '=' ? */
+        sep = (*endofn == '=')?TRUE:FALSE;
 
-          /* Strip off trailing whitespace from the 'what' */
-          size_t len=strlen(what);
-          while(len && ISBLANK(what[len-1])) {
-            what[len-1]=0;
-            len--;
+        /* Strip off trailing whitespace from the 'what' */
+        while(len && ISBLANK(what[len-1])) {
+          what[len-1]=0;
+          len--;
+        }
+
+        /* Skip leading whitespace from the 'what' */
+        whatptr=what;
+        while(*whatptr && ISBLANK(*whatptr))
+          whatptr++;
+
+        if(!len) {
+          /* this was a "<name>=" with no content, and we must allow
+             'secure' and 'httponly' specified this weirdly */
+          done = TRUE;
+          if(Curl_raw_equal("secure", name))
+            co->secure = TRUE;
+          else if(Curl_raw_equal("httponly", name))
+            co->httponly = TRUE;
+          else if(sep)
+            /* there was a '=' so we're not done parsing this field */
+            done = FALSE;
+        }
+        if(done)
+          ;
+        else if(Curl_raw_equal("path", name)) {
+          strstore(&co->path, whatptr);
+          if(!co->path) {
+            badcookie = TRUE; /* out of memory bad */
+            break;
           }
+        }
+        else if(Curl_raw_equal("domain", name)) {
+          /* note that this name may or may not have a preceding dot, but
+             we don't care about that, we treat the names the same anyway */
 
-          /* Skip leading whitespace from the 'what' */
-          whatptr=what;
-          while(*whatptr && ISBLANK(*whatptr)) {
-            whatptr++;
-          }
+          const char *domptr=whatptr;
+          const char *nextptr;
+          int dotcount=1;
 
-          if(Curl_raw_equal("path", name)) {
-            strstore(&co->path, whatptr);
-            if(!co->path) {
-              badcookie = TRUE; /* out of memory bad */
-              break;
+          /* Count the dots, we need to make sure that there are enough
+             of them. */
+
+          if('.' == whatptr[0])
+            /* don't count the initial dot, assume it */
+            domptr++;
+
+          do {
+            nextptr = strchr(domptr, '.');
+            if(nextptr) {
+              if(domptr != nextptr)
+                dotcount++;
+              domptr = nextptr+1;
             }
+          } while(nextptr);
+
+          /* The original Netscape cookie spec defined that this domain name
+             MUST have three dots (or two if one of the seven holy TLDs),
+             but it seems that these kinds of cookies are in use "out there"
+             so we cannot be that strict. I've therefore lowered the check
+             to not allow less than two dots. */
+
+          if(dotcount < 2) {
+            /* Received and skipped a cookie with a domain using too few
+               dots. */
+            badcookie=TRUE; /* mark this as a bad cookie */
+            infof(data, "skipped cookie with illegal dotcount domain: %s\n",
+                  whatptr);
           }
-          else if(Curl_raw_equal("domain", name)) {
-            /* note that this name may or may not have a preceding dot, but
-               we don't care about that, we treat the names the same anyway */
-
-            const char *domptr=whatptr;
-            const char *nextptr;
-            int dotcount=1;
-
-            /* Count the dots, we need to make sure that there are enough
-               of them. */
+          else {
+            /* Now, we make sure that our host is within the given domain,
+               or the given domain is not valid and thus cannot be set. */
 
             if('.' == whatptr[0])
-              /* don't count the initial dot, assume it */
-              domptr++;
+              whatptr++; /* ignore preceding dot */
 
-            do {
-              nextptr = strchr(domptr, '.');
-              if(nextptr) {
-                if(domptr != nextptr)
-                  dotcount++;
-                domptr = nextptr+1;
+            if(!domain || tailmatch(whatptr, domain)) {
+              const char *tailptr=whatptr;
+              if(tailptr[0] == '.')
+                tailptr++;
+              strstore(&co->domain, tailptr); /* don't prefix w/dots
+                                                 internally */
+              if(!co->domain) {
+                badcookie = TRUE;
+                break;
               }
-            } while(nextptr);
-
-            /* The original Netscape cookie spec defined that this domain name
-               MUST have three dots (or two if one of the seven holy TLDs),
-               but it seems that these kinds of cookies are in use "out there"
-               so we cannot be that strict. I've therefore lowered the check
-               to not allow less than two dots. */
-
-            if(dotcount < 2) {
-              /* Received and skipped a cookie with a domain using too few
-                 dots. */
-              badcookie=TRUE; /* mark this as a bad cookie */
-              infof(data, "skipped cookie with illegal dotcount domain: %s\n",
-                    whatptr);
+              co->tailmatch=TRUE; /* we always do that if the domain name was
+                                     given */
             }
             else {
-              /* Now, we make sure that our host is within the given domain,
-                 or the given domain is not valid and thus cannot be set. */
-
-              if('.' == whatptr[0])
-                whatptr++; /* ignore preceding dot */
-
-              if(!domain || tailmatch(whatptr, domain)) {
-                const char *tailptr=whatptr;
-                if(tailptr[0] == '.')
-                  tailptr++;
-                strstore(&co->domain, tailptr); /* don't prefix w/dots
-                                                   internally */
-                if(!co->domain) {
-                  badcookie = TRUE;
-                  break;
-                }
-                co->tailmatch=TRUE; /* we always do that if the domain name was
-                                       given */
-              }
-              else {
-                /* we did not get a tailmatch and then the attempted set domain
-                   is not a domain to which the current host belongs. Mark as
-                   bad. */
-                badcookie=TRUE;
-                infof(data, "skipped cookie with bad tailmatch domain: %s\n",
-                      whatptr);
-              }
+              /* we did not get a tailmatch and then the attempted set domain
+                 is not a domain to which the current host belongs. Mark as
+                 bad. */
+              badcookie=TRUE;
+              infof(data, "skipped cookie with bad tailmatch domain: %s\n",
+                    whatptr);
             }
           }
-          else if(Curl_raw_equal("version", name)) {
-            strstore(&co->version, whatptr);
-            if(!co->version) {
-              badcookie = TRUE;
-              break;
-            }
-          }
-          else if(Curl_raw_equal("max-age", name)) {
-            /* Defined in RFC2109:
-
-               Optional.  The Max-Age attribute defines the lifetime of the
-               cookie, in seconds.  The delta-seconds value is a decimal non-
-               negative integer.  After delta-seconds seconds elapse, the
-               client should discard the cookie.  A value of zero means the
-               cookie should be discarded immediately.
-
-             */
-            strstore(&co->maxage, whatptr);
-            if(!co->maxage) {
-              badcookie = TRUE;
-              break;
-            }
-            co->expires =
-              strtol((*co->maxage=='\"')?&co->maxage[1]:&co->maxage[0],NULL,10)
-                + (long)now;
-          }
-          else if(Curl_raw_equal("expires", name)) {
-            strstore(&co->expirestr, whatptr);
-            if(!co->expirestr) {
-              badcookie = TRUE;
-              break;
-            }
-            /* Note that if the date couldn't get parsed for whatever reason,
-               the cookie will be treated as a session cookie */
-            co->expires = curl_getdate(what, &now);
-
-            /* Session cookies have expires set to 0 so if we get that back
-               from the date parser let's add a second to make it a
-               non-session cookie */
-            if(co->expires == 0)
-              co->expires = 1;
-            else if(co->expires < 0)
-              co->expires = 0;
-          }
-          else if(!co->name) {
-            co->name = strdup(name);
-            co->value = strdup(whatptr);
-            if(!co->name || !co->value) {
-              badcookie = TRUE;
-              break;
-            }
-          }
-          /*
-            else this is the second (or more) name we don't know
-            about! */
         }
-        else {
-          /* this is an "illegal" <what>=<this> pair */
+        else if(Curl_raw_equal("version", name)) {
+          strstore(&co->version, whatptr);
+          if(!co->version) {
+            badcookie = TRUE;
+            break;
+          }
         }
+        else if(Curl_raw_equal("max-age", name)) {
+          /* Defined in RFC2109:
+
+             Optional.  The Max-Age attribute defines the lifetime of the
+             cookie, in seconds.  The delta-seconds value is a decimal non-
+             negative integer.  After delta-seconds seconds elapse, the
+             client should discard the cookie.  A value of zero means the
+             cookie should be discarded immediately.
+
+          */
+          strstore(&co->maxage, whatptr);
+          if(!co->maxage) {
+            badcookie = TRUE;
+            break;
+          }
+          co->expires =
+            strtol((*co->maxage=='\"')?&co->maxage[1]:&co->maxage[0],NULL,10)
+            + (long)now;
+        }
+        else if(Curl_raw_equal("expires", name)) {
+          strstore(&co->expirestr, whatptr);
+          if(!co->expirestr) {
+            badcookie = TRUE;
+            break;
+          }
+          /* Note that if the date couldn't get parsed for whatever reason,
+             the cookie will be treated as a session cookie */
+          co->expires = curl_getdate(what, &now);
+
+          /* Session cookies have expires set to 0 so if we get that back
+             from the date parser let's add a second to make it a
+             non-session cookie */
+          if(co->expires == 0)
+            co->expires = 1;
+          else if(co->expires < 0)
+            co->expires = 0;
+        }
+        else if(!co->name) {
+          co->name = strdup(name);
+          co->value = strdup(whatptr);
+          if(!co->name || !co->value) {
+            badcookie = TRUE;
+            break;
+          }
+        }
+        /*
+          else this is the second (or more) name we don't know
+          about! */
       }
       else {
-        if(sscanf(ptr, "%" MAX_COOKIE_LINE_TXT "[^;\r\n]",
-                  what)) {
-          if(Curl_raw_equal("secure", what)) {
-            co->secure = TRUE;
-          }
-          else if(Curl_raw_equal("httponly", what)) {
-            co->httponly = TRUE;
-          }
-          /* else,
-             unsupported keyword without assign! */
-
-        }
+        /* this is an "illegal" <what>=<this> pair */
       }
+
       if(!semiptr || !*semiptr) {
         /* we already know there are no more cookies */
         semiptr = NULL;
@@ -530,7 +527,7 @@ Curl_cookie_add(struct SessionHandle *data,
            As far as I can see, it is set to true when the cookie says
            .domain.com and to false when the domain is complete www.domain.com
         */
-        co->tailmatch=(bool)Curl_raw_equal(ptr, "TRUE");
+        co->tailmatch = Curl_raw_equal(ptr, "TRUE")?TRUE:FALSE;
         break;
       case 2:
         /* It turns out, that sometimes the file format allows the path
@@ -550,7 +547,7 @@ Curl_cookie_add(struct SessionHandle *data,
         fields++; /* add a field and fall down to secure */
         /* FALLTHROUGH */
       case 3:
-        co->secure = (bool)Curl_raw_equal(ptr, "TRUE");
+        co->secure = Curl_raw_equal(ptr, "TRUE")?TRUE:FALSE;
         break;
       case 4:
         co->expires = curlx_strtoofft(ptr, NULL, 10);
@@ -1110,23 +1107,20 @@ struct curl_slist *Curl_cookie_list(struct SessionHandle *data)
 
   c = data->cookies->cookies;
 
-  beg = list;
   while(c) {
     /* fill the list with _all_ the cookies we know */
     line = get_netscape_format(c);
-    if(line == NULL) {
-      curl_slist_free_all(beg);
+    if(!line) {
+      curl_slist_free_all(list);
       return NULL;
     }
-    list = curl_slist_append(list, line);
+    beg = curl_slist_append(list, line);
     free(line);
-    if(list == NULL) {
-      curl_slist_free_all(beg);
+    if(!beg) {
+      curl_slist_free_all(list);
       return NULL;
     }
-    else if(beg == NULL) {
-      beg = list;
-    }
+    list = beg;
     c = c->next;
   }
 
@@ -1151,10 +1145,12 @@ void Curl_flush_cookies(struct SessionHandle *data, int cleanup)
             data->set.str[STRING_COOKIEJAR]);
   }
   else {
-    if(cleanup && data->change.cookielist)
+    if(cleanup && data->change.cookielist) {
       /* since nothing is written, we can just free the list of cookie file
          names */
       curl_slist_free_all(data->change.cookielist); /* clean up list */
+      data->change.cookielist = NULL;
+    }
     Curl_share_lock(data, CURL_LOCK_DATA_COOKIE, CURL_LOCK_ACCESS_SINGLE);
   }
 

lib/cookie.h

@@ -21,15 +21,7 @@
  * KIND, either express or implied.
  *
  ***************************************************************************/
-
-#include <stdio.h>
-#if defined(WIN32)
-#include <time.h>
-#else
-#ifdef HAVE_SYS_TIME_H
-#include <sys/time.h>
-#endif
-#endif
+#include "setup.h"
 
 #include <curl/curl.h>
 
@@ -95,10 +87,10 @@ void Curl_cookie_clearsess(struct CookieInfo *cookies);
 
 #if defined(CURL_DISABLE_HTTP) || defined(CURL_DISABLE_COOKIES)
 #define Curl_cookie_list(x) NULL
-#define Curl_cookie_loadfiles(x) do { } while (0)
+#define Curl_cookie_loadfiles(x) Curl_nop_stmt
 #define Curl_cookie_init(x,y,z,w) NULL
-#define Curl_cookie_cleanup(x) do { } while (0)
-#define Curl_flush_cookies(x,y)
+#define Curl_cookie_cleanup(x) Curl_nop_stmt
+#define Curl_flush_cookies(x,y) Curl_nop_stmt
 #else
 void Curl_flush_cookies(struct SessionHandle *data, int cleanup);
 void Curl_cookie_cleanup(struct CookieInfo *);

lib/curl_addrinfo.c

@@ -40,7 +40,6 @@
 #ifdef __VMS
 #  include <in.h>
 #  include <inet.h>
-#  include <stdlib.h>
 #endif
 
 #if defined(NETWARE) && defined(__NOVELL_LIBC__)

lib/curl_base64.h

@@ -7,7 +7,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2009, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2011, Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
@@ -22,10 +22,11 @@
  *
  ***************************************************************************/
 
-size_t Curl_base64_encode(struct SessionHandle *data,
-                          const char *inputbuff, size_t insize,
-                          char **outptr);
+CURLcode Curl_base64_encode(struct SessionHandle *data,
+                            const char *inputbuff, size_t insize,
+                            char **outptr, size_t *outlen);
 
-size_t Curl_base64_decode(const char *src, unsigned char **outptr);
+CURLcode Curl_base64_decode(const char *src,
+                            unsigned char **outptr, size_t *outlen);
 
 #endif /* HEADER_CURL_BASE64_H */

lib/curl_gethostname.c

@@ -32,12 +32,16 @@
  * Curl_gethostname() is a wrapper around gethostname() which allows
  * overriding the host name that the function would normally return.
  * This capability is used by the test suite to verify exact matching
- * of NTLM authentication, which exercises libcurl's MD4 and DES code.
+ * of NTLM authentication, which exercises libcurl's MD4 and DES code
+ * as well as by the SMTP module when a hostname is not provided.
  *
  * For libcurl debug enabled builds host name overriding takes place
  * when environment variable CURL_GETHOSTNAME is set, using the value
  * held by the variable to override returned host name.
  *
+ * Note: The function always returns the un-qualified hostname rather
+ * than being provider dependent.
+ *
  * For libcurl shared library release builds the test suite preloads
  * another shared library named libhostname using the LD_PRELOAD
  * mechanism which intercepts, and might override, the gethostname()
@@ -58,6 +62,8 @@ int Curl_gethostname(char *name, GETHOSTNAME_TYPE_ARG2 namelen) {
   return -1;
 
 #else
+  int err;
+  char* dot;
 
 #ifdef DEBUGBUILD
 
@@ -65,17 +71,34 @@ int Curl_gethostname(char *name, GETHOSTNAME_TYPE_ARG2 namelen) {
   const char *force_hostname = getenv("CURL_GETHOSTNAME");
   if(force_hostname) {
     strncpy(name, force_hostname, namelen);
-    name[namelen-1] = '\0';
-    return 0;
+    err = 0;
+  }
+  else {
+    name[0] = '\0';
+    err = gethostname(name, namelen);
   }
 
-#endif /* DEBUGBUILD */
+#else /* DEBUGBUILD */
 
   /* The call to system's gethostname() might get intercepted by the
      libhostname library when libcurl is built as a non-debug shared
      library when running the test suite. */
-  return gethostname(name, namelen);
+  name[0] = '\0';
+  err = gethostname(name, namelen);
 
 #endif
 
+  name[namelen - 1] = '\0';
+
+  if(err)
+    return err;
+
+  /* Truncate domain, leave only machine name */
+  dot = strchr(name, '.');
+  if(dot)
+    *dot = '\0';
+
+  return 0;
+#endif
+
 }

lib/curl_gethostname.h

@@ -22,6 +22,10 @@
  *
  ***************************************************************************/
 
+/* Hostname buffer size */
+#define HOSTNAME_MAX 1024
+
+/* This returns the local machine's un-qualified hostname */
 int Curl_gethostname(char *name, GETHOSTNAME_TYPE_ARG2 namelen);
 
 #endif /* HEADER_CURL_GETHOSTNAME_H */

lib/curl_gssapi.c

@@ -0,0 +1,69 @@
+/***************************************************************************
+ *                                  _   _ ____  _
+ *  Project                     ___| | | |  _ \| |
+ *                             / __| | | | |_) | |
+ *                            | (__| |_| |  _ <| |___
+ *                             \___|\___/|_| \_\_____|
+ *
+ * Copyright (C) 2011, Daniel Stenberg, <daniel@haxx.se>, et al.
+ *
+ * This software is licensed as described in the file COPYING, which
+ * you should have received as part of this distribution. The terms
+ * are also available at http://curl.haxx.se/docs/copyright.html.
+ *
+ * You may opt to use, copy, modify, merge, publish, distribute and/or sell
+ * copies of the Software, and permit persons to whom the Software is
+ * furnished to do so, under the terms of the COPYING file.
+ *
+ * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
+ * KIND, either express or implied.
+ *
+ ***************************************************************************/
+
+#include "setup.h"
+
+#ifdef HAVE_GSSAPI
+
+#include "curl_gssapi.h"
+#include "sendf.h"
+
+OM_uint32 Curl_gss_init_sec_context(
+    struct SessionHandle *data,
+    OM_uint32 * minor_status,
+    gss_ctx_id_t * context,
+    gss_name_t target_name,
+    gss_channel_bindings_t input_chan_bindings,
+    gss_buffer_t input_token,
+    gss_buffer_t output_token,
+    OM_uint32 * ret_flags)
+{
+  OM_uint32 req_flags = GSS_C_MUTUAL_FLAG | GSS_C_REPLAY_FLAG;
+
+  if(data->set.gssapi_delegation & CURLGSSAPI_DELEGATION_POLICY_FLAG) {
+#ifdef GSS_C_DELEG_POLICY_FLAG
+    req_flags |= GSS_C_DELEG_POLICY_FLAG;
+#else
+    infof(data, "warning: support for CURLGSSAPI_DELEGATION_POLICY_FLAG not "
+        "compiled in\n");
+#endif
+  }
+
+  if(data->set.gssapi_delegation & CURLGSSAPI_DELEGATION_FLAG)
+    req_flags |= GSS_C_DELEG_FLAG;
+
+  return gss_init_sec_context(minor_status,
+                              GSS_C_NO_CREDENTIAL, /* cred_handle */
+                              context,
+                              target_name,
+                              GSS_C_NO_OID, /* mech_type */
+                              req_flags,
+                              0, /* time_req */
+                              input_chan_bindings,
+                              input_token,
+                              NULL, /* actual_mech_type */
+                              output_token,
+                              ret_flags,
+                              NULL /* time_rec */);
+}
+
+#endif /* HAVE_GSSAPI */

lib/curl_gssapi.h

@@ -0,0 +1,57 @@
+#ifndef HEADER_CURL_GSSAPI_H
+#define HEADER_CURL_GSSAPI_H
+/***************************************************************************
+ *                                  _   _ ____  _
+ *  Project                     ___| | | |  _ \| |
+ *                             / __| | | | |_) | |
+ *                            | (__| |_| |  _ <| |___
+ *                             \___|\___/|_| \_\_____|
+ *
+ * Copyright (C) 2011, Daniel Stenberg, <daniel@haxx.se>, et al.
+ *
+ * This software is licensed as described in the file COPYING, which
+ * you should have received as part of this distribution. The terms
+ * are also available at http://curl.haxx.se/docs/copyright.html.
+ *
+ * You may opt to use, copy, modify, merge, publish, distribute and/or sell
+ * copies of the Software, and permit persons to whom the Software is
+ * furnished to do so, under the terms of the COPYING file.
+ *
+ * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
+ * KIND, either express or implied.
+ *
+ ***************************************************************************/
+
+#include "setup.h"
+#include "urldata.h"
+
+#ifdef HAVE_GSSAPI
+
+#ifdef HAVE_GSSGNU
+#  include <gss.h>
+#elif defined HAVE_GSSMIT
+   /* MIT style */
+#  include <gssapi/gssapi.h>
+#  include <gssapi/gssapi_generic.h>
+#  include <gssapi/gssapi_krb5.h>
+#else
+   /* Heimdal-style */
+#  include <gssapi.h>
+#endif
+
+
+/* Common method for using gss api */
+
+OM_uint32 Curl_gss_init_sec_context(
+    struct SessionHandle *data,
+    OM_uint32 * minor_status,
+    gss_ctx_id_t * context,
+    gss_name_t target_name,
+    gss_channel_bindings_t input_chan_bindings,
+    gss_buffer_t input_token,
+    gss_buffer_t output_token,
+    OM_uint32 * ret_flags);
+
+#endif /* HAVE_GSSAPI */
+
+#endif /* HEADER_CURL_GSSAPI_H */

lib/curl_ntlm.c

@@ -0,0 +1,238 @@
+/***************************************************************************
+ *                                  _   _ ____  _
+ *  Project                     ___| | | |  _ \| |
+ *                             / __| | | | |_) | |
+ *                            | (__| |_| |  _ <| |___
+ *                             \___|\___/|_| \_\_____|
+ *
+ * Copyright (C) 1998 - 2011, Daniel Stenberg, <daniel@haxx.se>, et al.
+ *
+ * This software is licensed as described in the file COPYING, which
+ * you should have received as part of this distribution. The terms
+ * are also available at http://curl.haxx.se/docs/copyright.html.
+ *
+ * You may opt to use, copy, modify, merge, publish, distribute and/or sell
+ * copies of the Software, and permit persons to whom the Software is
+ * furnished to do so, under the terms of the COPYING file.
+ *
+ * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
+ * KIND, either express or implied.
+ *
+ ***************************************************************************/
+
+#include "setup.h"
+
+#ifdef USE_NTLM
+
+/*
+ * NTLM details:
+ *
+ * http://davenport.sourceforge.net/ntlm.html
+ * http://www.innovation.ch/java/ntlm.html
+ */
+
+#define DEBUG_ME 0
+
+#include "urldata.h"
+#include "sendf.h"
+#include "rawstr.h"
+#include "curl_ntlm.h"
+#include "curl_ntlm_msgs.h"
+#include "curl_ntlm_wb.h"
+#include "url.h"
+#include "curl_memory.h"
+
+#define _MPRINTF_REPLACE /* use our functions only */
+#include <curl/mprintf.h>
+
+#if defined(USE_NSS)
+#include "nssg.h"
+#elif defined(USE_WINDOWS_SSPI)
+#include "curl_sspi.h"
+#endif
+
+/* The last #include file should be: */
+#include "memdebug.h"
+
+#if DEBUG_ME
+# define DEBUG_OUT(x) x
+#else
+# define DEBUG_OUT(x) Curl_nop_stmt
+#endif
+
+CURLcode Curl_input_ntlm(struct connectdata *conn,
+                         bool proxy,         /* if proxy or not */
+                         const char *header) /* rest of the www-authenticate:
+                                                header */
+{
+  /* point to the correct struct with this */
+  struct ntlmdata *ntlm;
+  CURLcode result = CURLE_OK;
+
+#ifdef USE_NSS
+  result = Curl_nss_force_init(conn->data);
+  if(result)
+    return result;
+#endif
+
+  ntlm = proxy ? &conn->proxyntlm : &conn->ntlm;
+
+  /* skip initial whitespaces */
+  while(*header && ISSPACE(*header))
+    header++;
+
+  if(checkprefix("NTLM", header)) {
+    header += strlen("NTLM");
+
+    while(*header && ISSPACE(*header))
+      header++;
+
+    if(*header) {
+      result = Curl_ntlm_decode_type2_message(conn->data, header, ntlm);
+      if(CURLE_OK != result)
+        return result;
+
+      ntlm->state = NTLMSTATE_TYPE2; /* We got a type-2 message */
+    }
+    else {
+      if(ntlm->state >= NTLMSTATE_TYPE1) {
+        infof(conn->data, "NTLM handshake failure (internal error)\n");
+        return CURLE_REMOTE_ACCESS_DENIED;
+      }
+
+      ntlm->state = NTLMSTATE_TYPE1; /* We should send away a type-1 */
+    }
+  }
+
+  return result;
+}
+
+/*
+ * This is for creating ntlm header output
+ */
+CURLcode Curl_output_ntlm(struct connectdata *conn,
+                          bool proxy)
+{
+  char *base64 = NULL;
+  size_t len = 0;
+  CURLcode error;
+
+  /* point to the address of the pointer that holds the string to send to the
+     server, which is for a plain host or for a HTTP proxy */
+  char **allocuserpwd;
+
+  /* point to the name and password for this */
+  const char *userp;
+  const char *passwdp;
+
+  /* point to the correct struct with this */
+  struct ntlmdata *ntlm;
+  struct auth *authp;
+
+  DEBUGASSERT(conn);
+  DEBUGASSERT(conn->data);
+
+#ifdef USE_NSS
+  if(CURLE_OK != Curl_nss_force_init(conn->data))
+    return CURLE_OUT_OF_MEMORY;
+#endif
+
+  if(proxy) {
+    allocuserpwd = &conn->allocptr.proxyuserpwd;
+    userp = conn->proxyuser;
+    passwdp = conn->proxypasswd;
+    ntlm = &conn->proxyntlm;
+    authp = &conn->data->state.authproxy;
+  }
+  else {
+    allocuserpwd = &conn->allocptr.userpwd;
+    userp = conn->user;
+    passwdp = conn->passwd;
+    ntlm = &conn->ntlm;
+    authp = &conn->data->state.authhost;
+  }
+  authp->done = FALSE;
+
+  /* not set means empty */
+  if(!userp)
+    userp = "";
+
+  if(!passwdp)
+    passwdp = "";
+
+#ifdef USE_WINDOWS_SSPI
+  if(s_hSecDll == NULL) {
+    /* not thread safe and leaks - use curl_global_init() to avoid */
+    CURLcode err = Curl_sspi_global_init();
+    if(s_hSecDll == NULL)
+      return err;
+  }
+#endif
+
+  switch(ntlm->state) {
+  case NTLMSTATE_TYPE1:
+  default: /* for the weird cases we (re)start here */
+    /* Create a type-1 message */
+    error = Curl_ntlm_create_type1_message(userp, passwdp, ntlm, &base64,
+                                           &len);
+
+    if(error)
+      return error;
+
+    if(base64) {
+      Curl_safefree(*allocuserpwd);
+      *allocuserpwd = aprintf("%sAuthorization: NTLM %s\r\n",
+                              proxy ? "Proxy-" : "",
+                              base64);
+      DEBUG_OUT(fprintf(stderr, "**** Header %s\n ", *allocuserpwd));
+      free(base64);
+    }
+    break;
+
+  case NTLMSTATE_TYPE2:
+    /* We already received the type-2 message, create a type-3 message */
+    error = Curl_ntlm_create_type3_message(conn->data, userp, passwdp,
+                                           ntlm, &base64, &len);
+    if(error)
+      return error;
+
+    if(base64) {
+      Curl_safefree(*allocuserpwd);
+      *allocuserpwd = aprintf("%sAuthorization: NTLM %s\r\n",
+                              proxy ? "Proxy-" : "",
+                              base64);
+      DEBUG_OUT(fprintf(stderr, "**** %s\n ", *allocuserpwd));
+      free(base64);
+
+      ntlm->state = NTLMSTATE_TYPE3; /* we send a type-3 */
+      authp->done = TRUE;
+    }
+    break;
+
+  case NTLMSTATE_TYPE3:
+    /* connection is already authenticated,
+     * don't send a header in future requests */
+    if(*allocuserpwd) {
+      free(*allocuserpwd);
+      *allocuserpwd = NULL;
+    }
+    authp->done = TRUE;
+    break;
+  }
+
+  return CURLE_OK;
+}
+
+void Curl_http_ntlm_cleanup(struct connectdata *conn)
+{
+#ifdef USE_WINDOWS_SSPI
+  Curl_ntlm_sspi_cleanup(&conn->ntlm);
+  Curl_ntlm_sspi_cleanup(&conn->proxyntlm);
+#elif defined(NTLM_WB_ENABLED)
+  Curl_ntlm_wb_cleanup(conn);
+#else
+  (void)conn;
+#endif
+}
+
+#endif /* USE_NTLM */

lib/curl_ntlm.h

@@ -0,0 +1,44 @@
+#ifndef HEADER_CURL_NTLM_H
+#define HEADER_CURL_NTLM_H
+/***************************************************************************
+ *                                  _   _ ____  _
+ *  Project                     ___| | | |  _ \| |
+ *                             / __| | | | |_) | |
+ *                            | (__| |_| |  _ <| |___
+ *                             \___|\___/|_| \_\_____|
+ *
+ * Copyright (C) 1998 - 2011, Daniel Stenberg, <daniel@haxx.se>, et al.
+ *
+ * This software is licensed as described in the file COPYING, which
+ * you should have received as part of this distribution. The terms
+ * are also available at http://curl.haxx.se/docs/copyright.html.
+ *
+ * You may opt to use, copy, modify, merge, publish, distribute and/or sell
+ * copies of the Software, and permit persons to whom the Software is
+ * furnished to do so, under the terms of the COPYING file.
+ *
+ * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
+ * KIND, either express or implied.
+ *
+ ***************************************************************************/
+
+#include "setup.h"
+
+#ifdef USE_NTLM
+
+/* this is for ntlm header input */
+CURLcode Curl_input_ntlm(struct connectdata *conn, bool proxy,
+                         const char *header);
+
+/* this is for creating ntlm header output */
+CURLcode Curl_output_ntlm(struct connectdata *conn, bool proxy);
+
+void Curl_http_ntlm_cleanup(struct connectdata *conn);
+
+#else
+
+#define Curl_http_ntlm_cleanup(a) Curl_nop_stmt
+
+#endif
+
+#endif /* HEADER_CURL_NTLM_H */

lib/curl_ntlm_core.c

@@ -0,0 +1,379 @@
+/***************************************************************************
+ *                                  _   _ ____  _
+ *  Project                     ___| | | |  _ \| |
+ *                             / __| | | | |_) | |
+ *                            | (__| |_| |  _ <| |___
+ *                             \___|\___/|_| \_\_____|
+ *
+ * Copyright (C) 1998 - 2011, Daniel Stenberg, <daniel@haxx.se>, et al.
+ *
+ * This software is licensed as described in the file COPYING, which
+ * you should have received as part of this distribution. The terms
+ * are also available at http://curl.haxx.se/docs/copyright.html.
+ *
+ * You may opt to use, copy, modify, merge, publish, distribute and/or sell
+ * copies of the Software, and permit persons to whom the Software is
+ * furnished to do so, under the terms of the COPYING file.
+ *
+ * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
+ * KIND, either express or implied.
+ *
+ ***************************************************************************/
+
+#include "setup.h"
+
+#if defined(USE_NTLM) && !defined(USE_WINDOWS_SSPI)
+
+/*
+ * NTLM details:
+ *
+ * http://davenport.sourceforge.net/ntlm.html
+ * http://www.innovation.ch/java/ntlm.html
+ */
+
+#ifdef USE_SSLEAY
+
+#  ifdef USE_OPENSSL
+#    include <openssl/des.h>
+#    ifndef OPENSSL_NO_MD4
+#      include <openssl/md4.h>
+#    endif
+#    include <openssl/md5.h>
+#    include <openssl/ssl.h>
+#    include <openssl/rand.h>
+#  else
+#    include <des.h>
+#    ifndef OPENSSL_NO_MD4
+#      include <md4.h>
+#    endif
+#    include <md5.h>
+#    include <ssl.h>
+#    include <rand.h>
+#  endif
+#  if (OPENSSL_VERSION_NUMBER < 0x00907001L)
+#    define DES_key_schedule des_key_schedule
+#    define DES_cblock des_cblock
+#    define DES_set_odd_parity des_set_odd_parity
+#    define DES_set_key des_set_key
+#    define DES_ecb_encrypt des_ecb_encrypt
+#    define DESKEY(x) x
+#    define DESKEYARG(x) x
+#  else
+#    define DESKEYARG(x) *x
+#    define DESKEY(x) &x
+#  endif
+
+#elif defined(USE_GNUTLS)
+
+#  include <gcrypt.h>
+#  define MD5_DIGEST_LENGTH 16
+#  define MD4_DIGEST_LENGTH 16
+
+#elif defined(USE_NSS)
+
+#  include <nss.h>
+#  include <pk11pub.h>
+#  include <hasht.h>
+#  include "curl_md4.h"
+#  define MD5_DIGEST_LENGTH MD5_LENGTH
+
+#else
+#  error "Can't compile NTLM support without a crypto library."
+#endif
+
+#include "urldata.h"
+#include "non-ascii.h"
+#include "rawstr.h"
+#include "curl_memory.h"
+#include "curl_ntlm_core.h"
+
+#define _MPRINTF_REPLACE /* use our functions only */
+#include <curl/mprintf.h>
+
+/* The last #include file should be: */
+#include "memdebug.h"
+
+#ifdef USE_SSLEAY
+/*
+ * Turns a 56 bit key into the 64 bit, odd parity key and sets the key.  The
+ * key schedule ks is also set.
+ */
+static void setup_des_key(const unsigned char *key_56,
+                          DES_key_schedule DESKEYARG(ks))
+{
+  DES_cblock key;
+
+  key[0] = key_56[0];
+  key[1] = (unsigned char)(((key_56[0] << 7) & 0xFF) | (key_56[1] >> 1));
+  key[2] = (unsigned char)(((key_56[1] << 6) & 0xFF) | (key_56[2] >> 2));
+  key[3] = (unsigned char)(((key_56[2] << 5) & 0xFF) | (key_56[3] >> 3));
+  key[4] = (unsigned char)(((key_56[3] << 4) & 0xFF) | (key_56[4] >> 4));
+  key[5] = (unsigned char)(((key_56[4] << 3) & 0xFF) | (key_56[5] >> 5));
+  key[6] = (unsigned char)(((key_56[5] << 2) & 0xFF) | (key_56[6] >> 6));
+  key[7] = (unsigned char) ((key_56[6] << 1) & 0xFF);
+
+  DES_set_odd_parity(&key);
+  DES_set_key(&key, ks);
+}
+
+#else /* defined(USE_SSLEAY) */
+
+/*
+ * Turns a 56 bit key into the 64 bit, odd parity key.  Used by GnuTLS and NSS.
+ */
+static void extend_key_56_to_64(const unsigned char *key_56, char *key)
+{
+  key[0] = key_56[0];
+  key[1] = (unsigned char)(((key_56[0] << 7) & 0xFF) | (key_56[1] >> 1));
+  key[2] = (unsigned char)(((key_56[1] << 6) & 0xFF) | (key_56[2] >> 2));
+  key[3] = (unsigned char)(((key_56[2] << 5) & 0xFF) | (key_56[3] >> 3));
+  key[4] = (unsigned char)(((key_56[3] << 4) & 0xFF) | (key_56[4] >> 4));
+  key[5] = (unsigned char)(((key_56[4] << 3) & 0xFF) | (key_56[5] >> 5));
+  key[6] = (unsigned char)(((key_56[5] << 2) & 0xFF) | (key_56[6] >> 6));
+  key[7] = (unsigned char) ((key_56[6] << 1) & 0xFF);
+}
+
+#if defined(USE_GNUTLS)
+
+/*
+ * Turns a 56 bit key into the 64 bit, odd parity key and sets the key.
+ */
+static void setup_des_key(const unsigned char *key_56,
+                          gcry_cipher_hd_t *des)
+{
+  char key[8];
+  extend_key_56_to_64(key_56, key);
+  gcry_cipher_setkey(*des, key, 8);
+}
+
+#elif defined(USE_NSS)
+
+/*
+ * Expands a 56 bit key KEY_56 to 64 bit and encrypts 64 bit of data, using
+ * the expanded key.  The caller is responsible for giving 64 bit of valid
+ * data is IN and (at least) 64 bit large buffer as OUT.
+ */
+static bool encrypt_des(const unsigned char *in, unsigned char *out,
+                        const unsigned char *key_56)
+{
+  const CK_MECHANISM_TYPE mech = CKM_DES_ECB; /* DES cipher in ECB mode */
+  PK11SlotInfo *slot = NULL;
+  char key[8];                                /* expanded 64 bit key */
+  SECItem key_item;
+  PK11SymKey *symkey = NULL;
+  SECItem *param = NULL;
+  PK11Context *ctx = NULL;
+  int out_len;                                /* not used, required by NSS */
+  bool rv = FALSE;
+
+  /* use internal slot for DES encryption (requires NSS to be initialized) */
+  slot = PK11_GetInternalKeySlot();
+  if(!slot)
+    return FALSE;
+
+  /* expand the 56 bit key to 64 bit and wrap by NSS */
+  extend_key_56_to_64(key_56, key);
+  key_item.data = (unsigned char *)key;
+  key_item.len = /* hard-wired */ 8;
+  symkey = PK11_ImportSymKey(slot, mech, PK11_OriginUnwrap, CKA_ENCRYPT,
+                             &key_item, NULL);
+  if(!symkey)
+    goto fail;
+
+  /* create DES encryption context */
+  param = PK11_ParamFromIV(mech, /* no IV in ECB mode */ NULL);
+  if(!param)
+    goto fail;
+  ctx = PK11_CreateContextBySymKey(mech, CKA_ENCRYPT, symkey, param);
+  if(!ctx)
+    goto fail;
+
+  /* perform the encryption */
+  if(SECSuccess == PK11_CipherOp(ctx, out, &out_len, /* outbuflen */ 8,
+                                 (unsigned char *)in, /* inbuflen */ 8)
+      && SECSuccess == PK11_Finalize(ctx))
+    rv = /* all OK */ TRUE;
+
+fail:
+  /* cleanup */
+  if(ctx)
+    PK11_DestroyContext(ctx, PR_TRUE);
+  if(symkey)
+    PK11_FreeSymKey(symkey);
+  if(param)
+    SECITEM_FreeItem(param, PR_TRUE);
+  PK11_FreeSlot(slot);
+  return rv;
+}
+
+#endif /* defined(USE_NSS) */
+
+#endif /* defined(USE_SSLEAY) */
+
+ /*
+  * takes a 21 byte array and treats it as 3 56-bit DES keys. The
+  * 8 byte plaintext is encrypted with each key and the resulting 24
+  * bytes are stored in the results array.
+  */
+void Curl_ntlm_core_lm_resp(const unsigned char *keys,
+                            const unsigned char *plaintext,
+                            unsigned char *results)
+{
+#ifdef USE_SSLEAY
+  DES_key_schedule ks;
+
+  setup_des_key(keys, DESKEY(ks));
+  DES_ecb_encrypt((DES_cblock*) plaintext, (DES_cblock*) results,
+                  DESKEY(ks), DES_ENCRYPT);
+
+  setup_des_key(keys + 7, DESKEY(ks));
+  DES_ecb_encrypt((DES_cblock*) plaintext, (DES_cblock*) (results + 8),
+                  DESKEY(ks), DES_ENCRYPT);
+
+  setup_des_key(keys + 14, DESKEY(ks));
+  DES_ecb_encrypt((DES_cblock*) plaintext, (DES_cblock*) (results + 16),
+                  DESKEY(ks), DES_ENCRYPT);
+#elif defined(USE_GNUTLS)
+  gcry_cipher_hd_t des;
+
+  gcry_cipher_open(&des, GCRY_CIPHER_DES, GCRY_CIPHER_MODE_ECB, 0);
+  setup_des_key(keys, &des);
+  gcry_cipher_encrypt(des, results, 8, plaintext, 8);
+  gcry_cipher_close(des);
+
+  gcry_cipher_open(&des, GCRY_CIPHER_DES, GCRY_CIPHER_MODE_ECB, 0);
+  setup_des_key(keys + 7, &des);
+  gcry_cipher_encrypt(des, results + 8, 8, plaintext, 8);
+  gcry_cipher_close(des);
+
+  gcry_cipher_open(&des, GCRY_CIPHER_DES, GCRY_CIPHER_MODE_ECB, 0);
+  setup_des_key(keys + 14, &des);
+  gcry_cipher_encrypt(des, results + 16, 8, plaintext, 8);
+  gcry_cipher_close(des);
+#elif defined(USE_NSS)
+  encrypt_des(plaintext, results, keys);
+  encrypt_des(plaintext, results + 8, keys + 7);
+  encrypt_des(plaintext, results + 16, keys + 14);
+#endif
+}
+
+/*
+ * Set up lanmanager hashed password
+ */
+void Curl_ntlm_core_mk_lm_hash(struct SessionHandle *data,
+                               const char *password,
+                               unsigned char *lmbuffer /* 21 bytes */)
+{
+  CURLcode res;
+  unsigned char pw[14];
+  static const unsigned char magic[] = {
+    0x4B, 0x47, 0x53, 0x21, 0x40, 0x23, 0x24, 0x25 /* i.e. KGS!@#$% */
+  };
+  size_t len = CURLMIN(strlen(password), 14);
+
+  Curl_strntoupper((char *)pw, password, len);
+  memset(&pw[len], 0, 14 - len);
+
+  /*
+   * The LanManager hashed password needs to be created using the
+   * password in the network encoding not the host encoding.
+   */
+  res = Curl_convert_to_network(data, (char *)pw, 14);
+  if(res)
+    return;
+
+  {
+    /* Create LanManager hashed password. */
+
+#ifdef USE_SSLEAY
+    DES_key_schedule ks;
+
+    setup_des_key(pw, DESKEY(ks));
+    DES_ecb_encrypt((DES_cblock *)magic, (DES_cblock *)lmbuffer,
+                    DESKEY(ks), DES_ENCRYPT);
+
+    setup_des_key(pw + 7, DESKEY(ks));
+    DES_ecb_encrypt((DES_cblock *)magic, (DES_cblock *)(lmbuffer + 8),
+                    DESKEY(ks), DES_ENCRYPT);
+#elif defined(USE_GNUTLS)
+    gcry_cipher_hd_t des;
+
+    gcry_cipher_open(&des, GCRY_CIPHER_DES, GCRY_CIPHER_MODE_ECB, 0);
+    setup_des_key(pw, &des);
+    gcry_cipher_encrypt(des, lmbuffer, 8, magic, 8);
+    gcry_cipher_close(des);
+
+    gcry_cipher_open(&des, GCRY_CIPHER_DES, GCRY_CIPHER_MODE_ECB, 0);
+    setup_des_key(pw + 7, &des);
+    gcry_cipher_encrypt(des, lmbuffer + 8, 8, magic, 8);
+    gcry_cipher_close(des);
+#elif defined(USE_NSS)
+    encrypt_des(magic, lmbuffer, pw);
+    encrypt_des(magic, lmbuffer + 8, pw + 7);
+#endif
+
+    memset(lmbuffer + 16, 0, 21 - 16);
+  }
+}
+
+#if USE_NTRESPONSES
+static void ascii_to_unicode_le(unsigned char *dest, const char *src,
+                                size_t srclen)
+{
+  size_t i;
+  for(i = 0; i < srclen; i++) {
+    dest[2 * i] = (unsigned char)src[i];
+    dest[2 * i + 1] = '\0';
+  }
+}
+
+/*
+ * Set up nt hashed passwords
+ */
+CURLcode Curl_ntlm_core_mk_nt_hash(struct SessionHandle *data,
+                                   const char *password,
+                                   unsigned char *ntbuffer /* 21 bytes */)
+{
+  size_t len = strlen(password);
+  unsigned char *pw = malloc(len * 2);
+  CURLcode result;
+  if(!pw)
+    return CURLE_OUT_OF_MEMORY;
+
+  ascii_to_unicode_le(pw, password, len);
+
+  /*
+   * The NT hashed password needs to be created using the password in the
+   * network encoding not the host encoding.
+   */
+  result = Curl_convert_to_network(data, (char *)pw, len * 2);
+  if(result)
+    return result;
+
+  {
+    /* Create NT hashed password. */
+#ifdef USE_SSLEAY
+    MD4_CTX MD4pw;
+    MD4_Init(&MD4pw);
+    MD4_Update(&MD4pw, pw, 2 * len);
+    MD4_Final(ntbuffer, &MD4pw);
+#elif defined(USE_GNUTLS)
+    gcry_md_hd_t MD4pw;
+    gcry_md_open(&MD4pw, GCRY_MD_MD4, 0);
+    gcry_md_write(MD4pw, pw, 2 * len);
+    memcpy (ntbuffer, gcry_md_read (MD4pw, 0), MD4_DIGEST_LENGTH);
+    gcry_md_close(MD4pw);
+#elif defined(USE_NSS)
+    Curl_md4it(ntbuffer, pw, 2 * len);
+#endif
+
+    memset(ntbuffer + 16, 0, 21 - 16);
+  }
+
+  free(pw);
+
+  return CURLE_OK;
+}
+#endif /* USE_NTRESPONSES */
+
+#endif /* USE_NTLM && !USE_WINDOWS_SSPI */

lib/curl_ntlm_core.h

@@ -0,0 +1,68 @@
+#ifndef HEADER_CURL_NTLM_CORE_H
+#define HEADER_CURL_NTLM_CORE_H
+/***************************************************************************
+ *                                  _   _ ____  _
+ *  Project                     ___| | | |  _ \| |
+ *                             / __| | | | |_) | |
+ *                            | (__| |_| |  _ <| |___
+ *                             \___|\___/|_| \_\_____|
+ *
+ * Copyright (C) 1998 - 2011, Daniel Stenberg, <daniel@haxx.se>, et al.
+ *
+ * This software is licensed as described in the file COPYING, which
+ * you should have received as part of this distribution. The terms
+ * are also available at http://curl.haxx.se/docs/copyright.html.
+ *
+ * You may opt to use, copy, modify, merge, publish, distribute and/or sell
+ * copies of the Software, and permit persons to whom the Software is
+ * furnished to do so, under the terms of the COPYING file.
+ *
+ * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
+ * KIND, either express or implied.
+ *
+ ***************************************************************************/
+
+#include "setup.h"
+
+#if defined(USE_NTLM) && !defined(USE_WINDOWS_SSPI)
+
+#ifdef USE_SSLEAY
+#  if !defined(OPENSSL_VERSION_NUMBER) && \
+      !defined(HEADER_SSL_H) && !defined(HEADER_MD5_H)
+#    error "curl_ntlm_core.h shall not be included before OpenSSL headers."
+#  endif
+#  ifdef OPENSSL_NO_MD4
+#    define USE_NTRESPONSES 0
+#    define USE_NTLM2SESSION 0
+#  endif
+#endif
+
+/*
+ * Define USE_NTRESPONSES to 1 in order to make the type-3 message include
+ * the NT response message. Define USE_NTLM2SESSION to 1 in order to make
+ * the type-3 message include the NTLM2Session response message, requires
+ * USE_NTRESPONSES defined to 1.
+ */
+
+#ifndef USE_NTRESPONSES
+#  define USE_NTRESPONSES 1
+#  define USE_NTLM2SESSION 1
+#endif
+
+void Curl_ntlm_core_lm_resp(const unsigned char *keys,
+                            const unsigned char *plaintext,
+                            unsigned char *results);
+
+void Curl_ntlm_core_mk_lm_hash(struct SessionHandle *data,
+                               const char *password,
+                               unsigned char *lmbuffer /* 21 bytes */);
+
+#if USE_NTRESPONSES
+CURLcode Curl_ntlm_core_mk_nt_hash(struct SessionHandle *data,
+                                   const char *password,
+                                   unsigned char *ntbuffer /* 21 bytes */);
+#endif
+
+#endif /* USE_NTLM && !USE_WINDOWS_SSPI */
+
+#endif /* HEADER_CURL_NTLM_CORE_H */

lib/curl_ntlm_msgs.c

@@ -0,0 +1,958 @@
+/***************************************************************************
+ *                                  _   _ ____  _
+ *  Project                     ___| | | |  _ \| |
+ *                             / __| | | | |_) | |
+ *                            | (__| |_| |  _ <| |___
+ *                             \___|\___/|_| \_\_____|
+ *
+ * Copyright (C) 1998 - 2011, Daniel Stenberg, <daniel@haxx.se>, et al.
+ *
+ * This software is licensed as described in the file COPYING, which
+ * you should have received as part of this distribution. The terms
+ * are also available at http://curl.haxx.se/docs/copyright.html.
+ *
+ * You may opt to use, copy, modify, merge, publish, distribute and/or sell
+ * copies of the Software, and permit persons to whom the Software is
+ * furnished to do so, under the terms of the COPYING file.
+ *
+ * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
+ * KIND, either express or implied.
+ *
+ ***************************************************************************/
+
+#include "setup.h"
+
+#ifdef USE_NTLM
+
+/*
+ * NTLM details:
+ *
+ * http://davenport.sourceforge.net/ntlm.html
+ * http://www.innovation.ch/java/ntlm.html
+ */
+
+#define DEBUG_ME 0
+
+#ifdef USE_SSLEAY
+
+#  ifdef USE_OPENSSL
+#    include <openssl/des.h>
+#    ifndef OPENSSL_NO_MD4
+#      include <openssl/md4.h>
+#    endif
+#    include <openssl/md5.h>
+#    include <openssl/ssl.h>
+#    include <openssl/rand.h>
+#  else
+#    include <des.h>
+#    ifndef OPENSSL_NO_MD4
+#      include <md4.h>
+#    endif
+#    include <md5.h>
+#    include <ssl.h>
+#    include <rand.h>
+#  endif
+#  include "ssluse.h"
+
+#elif defined(USE_GNUTLS)
+
+#  include <gcrypt.h>
+#  include "gtls.h"
+#  define MD5_DIGEST_LENGTH 16
+#  define MD4_DIGEST_LENGTH 16
+
+#elif defined(USE_NSS)
+
+#  include <nss.h>
+#  include <pk11pub.h>
+#  include <hasht.h>
+#  include "nssg.h"
+#  include "curl_md4.h"
+#  define MD5_DIGEST_LENGTH MD5_LENGTH
+
+#elif defined(USE_WINDOWS_SSPI)
+#  include "curl_sspi.h"
+#else
+#  error "Can't compile NTLM support without a crypto library."
+#endif
+
+#include "urldata.h"
+#include "non-ascii.h"
+#include "sendf.h"
+#include "curl_base64.h"
+#include "curl_ntlm_core.h"
+#include "curl_gethostname.h"
+#include "curl_memory.h"
+
+#define BUILDING_CURL_NTLM_MSGS_C
+#include "curl_ntlm_msgs.h"
+
+#define _MPRINTF_REPLACE /* use our functions only */
+#include <curl/mprintf.h>
+
+/* The last #include file should be: */
+#include "memdebug.h"
+
+/* "NTLMSSP" signature is always in ASCII regardless of the platform */
+#define NTLMSSP_SIGNATURE "\x4e\x54\x4c\x4d\x53\x53\x50"
+
+#define SHORTPAIR(x) ((x) & 0xff), (((x) >> 8) & 0xff)
+#define LONGQUARTET(x) ((x) & 0xff), (((x) >> 8) & 0xff), \
+  (((x) >> 16) & 0xff), (((x) >> 24) & 0xff)
+
+#if DEBUG_ME
+# define DEBUG_OUT(x) x
+static void ntlm_print_flags(FILE *handle, unsigned long flags)
+{
+  if(flags & NTLMFLAG_NEGOTIATE_UNICODE)
+    fprintf(handle, "NTLMFLAG_NEGOTIATE_UNICODE ");
+  if(flags & NTLMFLAG_NEGOTIATE_OEM)
+    fprintf(handle, "NTLMFLAG_NEGOTIATE_OEM ");
+  if(flags & NTLMFLAG_REQUEST_TARGET)
+    fprintf(handle, "NTLMFLAG_REQUEST_TARGET ");
+  if(flags & (1<<3))
+    fprintf(handle, "NTLMFLAG_UNKNOWN_3 ");
+  if(flags & NTLMFLAG_NEGOTIATE_SIGN)
+    fprintf(handle, "NTLMFLAG_NEGOTIATE_SIGN ");
+  if(flags & NTLMFLAG_NEGOTIATE_SEAL)
+    fprintf(handle, "NTLMFLAG_NEGOTIATE_SEAL ");
+  if(flags & NTLMFLAG_NEGOTIATE_DATAGRAM_STYLE)
+    fprintf(handle, "NTLMFLAG_NEGOTIATE_DATAGRAM_STYLE ");
+  if(flags & NTLMFLAG_NEGOTIATE_LM_KEY)
+    fprintf(handle, "NTLMFLAG_NEGOTIATE_LM_KEY ");
+  if(flags & NTLMFLAG_NEGOTIATE_NETWARE)
+    fprintf(handle, "NTLMFLAG_NEGOTIATE_NETWARE ");
+  if(flags & NTLMFLAG_NEGOTIATE_NTLM_KEY)
+    fprintf(handle, "NTLMFLAG_NEGOTIATE_NTLM_KEY ");
+  if(flags & (1<<10))
+    fprintf(handle, "NTLMFLAG_UNKNOWN_10 ");
+  if(flags & NTLMFLAG_NEGOTIATE_ANONYMOUS)
+    fprintf(handle, "NTLMFLAG_NEGOTIATE_ANONYMOUS ");
+  if(flags & NTLMFLAG_NEGOTIATE_DOMAIN_SUPPLIED)
+    fprintf(handle, "NTLMFLAG_NEGOTIATE_DOMAIN_SUPPLIED ");
+  if(flags & NTLMFLAG_NEGOTIATE_WORKSTATION_SUPPLIED)
+    fprintf(handle, "NTLMFLAG_NEGOTIATE_WORKSTATION_SUPPLIED ");
+  if(flags & NTLMFLAG_NEGOTIATE_LOCAL_CALL)
+    fprintf(handle, "NTLMFLAG_NEGOTIATE_LOCAL_CALL ");
+  if(flags & NTLMFLAG_NEGOTIATE_ALWAYS_SIGN)
+    fprintf(handle, "NTLMFLAG_NEGOTIATE_ALWAYS_SIGN ");
+  if(flags & NTLMFLAG_TARGET_TYPE_DOMAIN)
+    fprintf(handle, "NTLMFLAG_TARGET_TYPE_DOMAIN ");
+  if(flags & NTLMFLAG_TARGET_TYPE_SERVER)
+    fprintf(handle, "NTLMFLAG_TARGET_TYPE_SERVER ");
+  if(flags & NTLMFLAG_TARGET_TYPE_SHARE)
+    fprintf(handle, "NTLMFLAG_TARGET_TYPE_SHARE ");
+  if(flags & NTLMFLAG_NEGOTIATE_NTLM2_KEY)
+    fprintf(handle, "NTLMFLAG_NEGOTIATE_NTLM2_KEY ");
+  if(flags & NTLMFLAG_REQUEST_INIT_RESPONSE)
+    fprintf(handle, "NTLMFLAG_REQUEST_INIT_RESPONSE ");
+  if(flags & NTLMFLAG_REQUEST_ACCEPT_RESPONSE)
+    fprintf(handle, "NTLMFLAG_REQUEST_ACCEPT_RESPONSE ");
+  if(flags & NTLMFLAG_REQUEST_NONNT_SESSION_KEY)
+    fprintf(handle, "NTLMFLAG_REQUEST_NONNT_SESSION_KEY ");
+  if(flags & NTLMFLAG_NEGOTIATE_TARGET_INFO)
+    fprintf(handle, "NTLMFLAG_NEGOTIATE_TARGET_INFO ");
+  if(flags & (1<<24))
+    fprintf(handle, "NTLMFLAG_UNKNOWN_24 ");
+  if(flags & (1<<25))
+    fprintf(handle, "NTLMFLAG_UNKNOWN_25 ");
+  if(flags & (1<<26))
+    fprintf(handle, "NTLMFLAG_UNKNOWN_26 ");
+  if(flags & (1<<27))
+    fprintf(handle, "NTLMFLAG_UNKNOWN_27 ");
+  if(flags & (1<<28))
+    fprintf(handle, "NTLMFLAG_UNKNOWN_28 ");
+  if(flags & NTLMFLAG_NEGOTIATE_128)
+    fprintf(handle, "NTLMFLAG_NEGOTIATE_128 ");
+  if(flags & NTLMFLAG_NEGOTIATE_KEY_EXCHANGE)
+    fprintf(handle, "NTLMFLAG_NEGOTIATE_KEY_EXCHANGE ");
+  if(flags & NTLMFLAG_NEGOTIATE_56)
+    fprintf(handle, "NTLMFLAG_NEGOTIATE_56 ");
+}
+
+static void ntlm_print_hex(FILE *handle, const char *buf, size_t len)
+{
+  const char *p = buf;
+  (void)handle;
+  fprintf(stderr, "0x");
+  while(len-- > 0)
+    fprintf(stderr, "%02.2x", (unsigned int)*p++);
+}
+#else
+# define DEBUG_OUT(x) Curl_nop_stmt
+#endif
+
+#ifndef USE_WINDOWS_SSPI
+/*
+ * This function converts from the little endian format used in the
+ * incoming package to whatever endian format we're using natively.
+ * Argument is a pointer to a 4 byte buffer.
+ */
+static unsigned int readint_le(unsigned char *buf)
+{
+  return ((unsigned int)buf[0]) | ((unsigned int)buf[1] << 8) |
+    ((unsigned int)buf[2] << 16) | ((unsigned int)buf[3] << 24);
+}
+#endif
+
+/*
+  NTLM message structure notes:
+
+  A 'short' is a 'network short', a little-endian 16-bit unsigned value.
+
+  A 'long' is a 'network long', a little-endian, 32-bit unsigned value.
+
+  A 'security buffer' represents a triplet used to point to a buffer,
+  consisting of two shorts and one long:
+
+    1. A 'short' containing the length of the buffer content in bytes.
+    2. A 'short' containing the allocated space for the buffer in bytes.
+    3. A 'long' containing the offset to the start of the buffer in bytes,
+       from the beginning of the NTLM message.
+*/
+
+/*
+ * Curl_ntlm_decode_type2_message()
+ *
+ * This is used to decode a ntlm type-2 message received from a: HTTP, SMTP
+ * or POP3 server. The message is first decoded from a base64 string into a
+ * raw ntlm message and checked for validity before the appropriate data for
+ * creating a type-3 message is written to the given ntlm data structure.
+ *
+ * Parameters:
+ *
+ * data    [in]     - Pointer to session handle.
+ * header  [in]     - Pointer to the input buffer.
+ * ntlm    [in]     - Pointer to ntlm data struct being used and modified.
+ *
+ * Returns CURLE_OK on success.
+ */
+CURLcode Curl_ntlm_decode_type2_message(struct SessionHandle *data,
+                                        const char* header,
+                                        struct ntlmdata* ntlm)
+{
+#ifndef USE_WINDOWS_SSPI
+  static const char type2_marker[] = { 0x02, 0x00, 0x00, 0x00 };
+#endif
+
+  /* NTLM type-2 message structure:
+
+          Index  Description            Content
+            0    NTLMSSP Signature      Null-terminated ASCII "NTLMSSP"
+                                        (0x4e544c4d53535000)
+            8    NTLM Message Type      long (0x02000000)
+           12    Target Name            security buffer
+           20    Flags                  long
+           24    Challenge              8 bytes
+          (32)   Context                8 bytes (two consecutive longs) (*)
+          (40)   Target Information     security buffer (*)
+          (48)   OS Version Structure   8 bytes (*)
+  32 (48) (56)   Start of data block    (*)
+                                        (*) -> Optional
+  */
+
+  size_t size = 0;
+  unsigned char *buffer = NULL;
+  CURLcode error;
+
+#if defined(CURL_DISABLE_VERBOSE_STRINGS) || defined(USE_WINDOWS_SSPI)
+  (void)data;
+#endif
+
+  error = Curl_base64_decode(header, &buffer, &size);
+  if(error)
+    return error;
+
+  if(!buffer) {
+    infof(data, "NTLM handshake failure (unhandled condition)\n");
+    return CURLE_REMOTE_ACCESS_DENIED;
+  }
+
+#ifdef USE_WINDOWS_SSPI
+  ntlm->type_2 = malloc(size + 1);
+  if(ntlm->type_2 == NULL) {
+    free(buffer);
+    return CURLE_OUT_OF_MEMORY;
+  }
+  ntlm->n_type_2 = (unsigned long)size;
+  memcpy(ntlm->type_2, buffer, size);
+#else
+  ntlm->flags = 0;
+
+  if((size < 32) ||
+     (memcmp(buffer, NTLMSSP_SIGNATURE, 8) != 0) ||
+     (memcmp(buffer + 8, type2_marker, sizeof(type2_marker)) != 0)) {
+    /* This was not a good enough type-2 message */
+    free(buffer);
+    infof(data, "NTLM handshake failure (bad type-2 message)\n");
+    return CURLE_REMOTE_ACCESS_DENIED;
+  }
+
+  ntlm->flags = readint_le(&buffer[20]);
+  memcpy(ntlm->nonce, &buffer[24], 8);
+
+  DEBUG_OUT({
+    fprintf(stderr, "**** TYPE2 header flags=0x%08.8lx ", ntlm->flags);
+    ntlm_print_flags(stderr, ntlm->flags);
+    fprintf(stderr, "\n                  nonce=");
+    ntlm_print_hex(stderr, (char *)ntlm->nonce, 8);
+    fprintf(stderr, "\n****\n");
+    fprintf(stderr, "**** Header %s\n ", header);
+  });
+#endif
+  free(buffer);
+
+  return CURLE_OK;
+}
+
+#ifdef USE_WINDOWS_SSPI
+void Curl_ntlm_sspi_cleanup(struct ntlmdata *ntlm)
+{
+  if(ntlm->type_2) {
+    free(ntlm->type_2);
+    ntlm->type_2 = NULL;
+  }
+  if(ntlm->has_handles) {
+    s_pSecFn->DeleteSecurityContext(&ntlm->c_handle);
+    s_pSecFn->FreeCredentialsHandle(&ntlm->handle);
+    ntlm->has_handles = 0;
+  }
+  if(ntlm->p_identity) {
+    if(ntlm->identity.User) free(ntlm->identity.User);
+    if(ntlm->identity.Password) free(ntlm->identity.Password);
+    if(ntlm->identity.Domain) free(ntlm->identity.Domain);
+    ntlm->p_identity = NULL;
+  }
+}
+#endif
+
+#ifndef USE_WINDOWS_SSPI
+/* copy the source to the destination and fill in zeroes in every
+   other destination byte! */
+static void unicodecpy(unsigned char *dest,
+                       const char *src, size_t length)
+{
+  size_t i;
+  for(i = 0; i < length; i++) {
+    dest[2 * i] = (unsigned char)src[i];
+    dest[2 * i + 1] = '\0';
+  }
+}
+#endif
+
+/*
+ * Curl_ntlm_create_type1_message()
+ *
+ * This is used to generate an already encoded NTLM type-1 message ready
+ * for sending to the recipient, be it a: HTTP, SMTP or POP3 server,
+ * using the appropriate compile time crypo API.
+ *
+ * Parameters:
+ *
+ * userp   [in]     - The user name in the format User or Domain\User.
+ * passdwp [in]     - The user's password.
+ * ntlm    [in/out] - The ntlm data struct being used and modified.
+ * outptr  [in/out] - The adress where a pointer to newly allocated memory
+ *                    holding the result will be stored upon completion.
+ * outlen  [out]    - The length of the output message.
+ *
+ * Returns CURLE_OK on success.
+ */
+CURLcode Curl_ntlm_create_type1_message(const char *userp,
+                                        const char *passwdp,
+                                        struct ntlmdata *ntlm,
+                                        char **outptr,
+                                        size_t *outlen)
+{
+  /* NTLM type-1 message structure:
+
+       Index  Description            Content
+         0    NTLMSSP Signature      Null-terminated ASCII "NTLMSSP"
+                                     (0x4e544c4d53535000)
+         8    NTLM Message Type      long (0x01000000)
+        12    Flags                  long
+       (16)   Supplied Domain        security buffer (*)
+       (24)   Supplied Workstation   security buffer (*)
+       (32)   OS Version Structure   8 bytes (*)
+  (32) (40)   Start of data block    (*)
+                                     (*) -> Optional
+  */
+
+  unsigned char ntlmbuf[NTLM_BUFSIZE];
+  size_t size;
+
+#ifdef USE_WINDOWS_SSPI
+
+  SecBuffer buf;
+  SecBufferDesc desc;
+  SECURITY_STATUS status;
+  ULONG attrs;
+  const char *dest = "";
+  const char *user;
+  const char *domain = "";
+  size_t userlen = 0;
+  size_t domlen = 0;
+  size_t passwdlen = 0;
+  TimeStamp tsDummy; /* For Windows 9x compatibility of SSPI calls */
+
+  Curl_ntlm_sspi_cleanup(ntlm);
+
+  user = strchr(userp, '\\');
+  if(!user)
+    user = strchr(userp, '/');
+
+  if(user) {
+    domain = userp;
+    domlen = user - userp;
+    user++;
+  }
+  else {
+    user = userp;
+    domain = "";
+    domlen = 0;
+  }
+
+  if(user)
+    userlen = strlen(user);
+
+  if(passwdp)
+    passwdlen = strlen(passwdp);
+
+  if(userlen > 0) {
+    /* note: initialize all of this before doing the mallocs so that
+     * it can be cleaned up later without leaking memory.
+     */
+    ntlm->p_identity = &ntlm->identity;
+    memset(ntlm->p_identity, 0, sizeof(*ntlm->p_identity));
+    if((ntlm->identity.User = (unsigned char *)strdup(user)) == NULL)
+      return CURLE_OUT_OF_MEMORY;
+
+    ntlm->identity.UserLength = (unsigned long)userlen;
+    if((ntlm->identity.Password = (unsigned char *)strdup(passwdp)) == NULL)
+      return CURLE_OUT_OF_MEMORY;
+
+    ntlm->identity.PasswordLength = (unsigned long)strlen(passwdp);
+    if((ntlm->identity.Domain = malloc(domlen + 1)) == NULL)
+      return CURLE_OUT_OF_MEMORY;
+
+    strncpy((char *)ntlm->identity.Domain, domain, domlen);
+    ntlm->identity.Domain[domlen] = '\0';
+    ntlm->identity.DomainLength = (unsigned long)domlen;
+    ntlm->identity.Flags = SEC_WINNT_AUTH_IDENTITY_ANSI;
+  }
+  else
+    ntlm->p_identity = NULL;
+
+  status = s_pSecFn->AcquireCredentialsHandleA(NULL, (void *)"NTLM",
+                                               SECPKG_CRED_OUTBOUND, NULL,
+                                               ntlm->p_identity, NULL, NULL,
+                                               &ntlm->handle, &tsDummy);
+  if(status != SEC_E_OK)
+    return CURLE_OUT_OF_MEMORY;
+
+  desc.ulVersion = SECBUFFER_VERSION;
+  desc.cBuffers  = 1;
+  desc.pBuffers  = &buf;
+  buf.cbBuffer   = NTLM_BUFSIZE;
+  buf.BufferType = SECBUFFER_TOKEN;
+  buf.pvBuffer   = ntlmbuf;
+
+  status = s_pSecFn->InitializeSecurityContextA(&ntlm->handle, NULL,
+                                                (void *)dest,
+                                                ISC_REQ_CONFIDENTIALITY |
+                                                ISC_REQ_REPLAY_DETECT |
+                                                ISC_REQ_CONNECTION,
+                                                0, SECURITY_NETWORK_DREP,
+                                                NULL, 0,
+                                                &ntlm->c_handle, &desc,
+                                                &attrs, &tsDummy);
+
+  if(status == SEC_I_COMPLETE_AND_CONTINUE ||
+     status == SEC_I_CONTINUE_NEEDED)
+    s_pSecFn->CompleteAuthToken(&ntlm->c_handle, &desc);
+  else if(status != SEC_E_OK) {
+    s_pSecFn->FreeCredentialsHandle(&ntlm->handle);
+    return CURLE_RECV_ERROR;
+  }
+
+  ntlm->has_handles = 1;
+  size = buf.cbBuffer;
+
+#else
+
+  const char *host = "";              /* empty */
+  const char *domain = "";            /* empty */
+  size_t hostlen = 0;
+  size_t domlen = 0;
+  size_t hostoff = 0;
+  size_t domoff = hostoff + hostlen;  /* This is 0: remember that host and
+                                         domain are empty */
+  (void)userp;
+  (void)passwdp;
+  (void)ntlm;
+
+#if USE_NTLM2SESSION
+#define NTLM2FLAG NTLMFLAG_NEGOTIATE_NTLM2_KEY
+#else
+#define NTLM2FLAG 0
+#endif
+  snprintf((char *)ntlmbuf, NTLM_BUFSIZE,
+           NTLMSSP_SIGNATURE "%c"
+           "\x01%c%c%c" /* 32-bit type = 1 */
+           "%c%c%c%c"   /* 32-bit NTLM flag field */
+           "%c%c"       /* domain length */
+           "%c%c"       /* domain allocated space */
+           "%c%c"       /* domain name offset */
+           "%c%c"       /* 2 zeroes */
+           "%c%c"       /* host length */
+           "%c%c"       /* host allocated space */
+           "%c%c"       /* host name offset */
+           "%c%c"       /* 2 zeroes */
+           "%s"         /* host name */
+           "%s",        /* domain string */
+           0,           /* trailing zero */
+           0, 0, 0,     /* part of type-1 long */
+
+           LONGQUARTET(NTLMFLAG_NEGOTIATE_OEM |
+                       NTLMFLAG_REQUEST_TARGET |
+                       NTLMFLAG_NEGOTIATE_NTLM_KEY |
+                       NTLM2FLAG |
+                       NTLMFLAG_NEGOTIATE_ALWAYS_SIGN),
+           SHORTPAIR(domlen),
+           SHORTPAIR(domlen),
+           SHORTPAIR(domoff),
+           0, 0,
+           SHORTPAIR(hostlen),
+           SHORTPAIR(hostlen),
+           SHORTPAIR(hostoff),
+           0, 0,
+           host,  /* this is empty */
+           domain /* this is empty */);
+
+  /* Initial packet length */
+  size = 32 + hostlen + domlen;
+
+#endif
+
+  DEBUG_OUT({
+    fprintf(stderr, "* TYPE1 header flags=0x%02.2x%02.2x%02.2x%02.2x "
+            "0x%08.8x ",
+            LONGQUARTET(NTLMFLAG_NEGOTIATE_OEM |
+                        NTLMFLAG_REQUEST_TARGET |
+                        NTLMFLAG_NEGOTIATE_NTLM_KEY |
+                        NTLM2FLAG |
+                        NTLMFLAG_NEGOTIATE_ALWAYS_SIGN),
+            NTLMFLAG_NEGOTIATE_OEM |
+            NTLMFLAG_REQUEST_TARGET |
+            NTLMFLAG_NEGOTIATE_NTLM_KEY |
+            NTLM2FLAG |
+            NTLMFLAG_NEGOTIATE_ALWAYS_SIGN);
+    ntlm_print_flags(stderr,
+                     NTLMFLAG_NEGOTIATE_OEM |
+                     NTLMFLAG_REQUEST_TARGET |
+                     NTLMFLAG_NEGOTIATE_NTLM_KEY |
+                     NTLM2FLAG |
+                     NTLMFLAG_NEGOTIATE_ALWAYS_SIGN);
+    fprintf(stderr, "\n****\n");
+  });
+
+  /* Return with binary blob encoded into base64 */
+  return Curl_base64_encode(NULL, (char *)ntlmbuf, size, outptr, outlen);
+}
+
+/*
+ * Curl_ntlm_create_type3_message()
+ *
+ * This is used to generate an already encoded NTLM type-3 message ready
+ * for sending to the recipient, be it a: HTTP, SMTP or POP3 server,
+ * using the appropriate compile time crypo API.
+ *
+ * Parameters:
+ *
+ * data    [in]     - The session handle.
+ * userp   [in]     - The user name in the format User or Domain\User.
+ * passdwp [in]     - The user's password.
+ * ntlm    [in/out] - The ntlm data struct being used and modified.
+ * outptr  [in/out] - The adress where a pointer to newly allocated memory
+ *                    holding the result will be stored upon completion.
+ * outlen  [out]    - The length of the output message.
+ *
+ * Returns CURLE_OK on success.
+ */
+CURLcode Curl_ntlm_create_type3_message(struct SessionHandle *data,
+                                        const char *userp,
+                                        const char *passwdp,
+                                        struct ntlmdata *ntlm,
+                                        char **outptr,
+                                        size_t *outlen)
+{
+  /* NTLM type-3 message structure:
+
+          Index  Description            Content
+            0    NTLMSSP Signature      Null-terminated ASCII "NTLMSSP"
+                                        (0x4e544c4d53535000)
+            8    NTLM Message Type      long (0x03000000)
+           12    LM/LMv2 Response       security buffer
+           20    NTLM/NTLMv2 Response   security buffer
+           28    Target Name            security buffer
+           36    User Name              security buffer
+           44    Workstation Name       security buffer
+          (52)   Session Key            security buffer (*)
+          (60)   Flags                  long (*)
+          (64)   OS Version Structure   8 bytes (*)
+  52 (64) (72)   Start of data block
+                                          (*) -> Optional
+  */
+
+  unsigned char ntlmbuf[NTLM_BUFSIZE];
+  size_t size;
+
+#ifdef USE_WINDOWS_SSPI
+  const char *dest = "";
+  SecBuffer type_2;
+  SecBuffer type_3;
+  SecBufferDesc type_2_desc;
+  SecBufferDesc type_3_desc;
+  SECURITY_STATUS status;
+  ULONG attrs;
+  TimeStamp tsDummy; /* For Windows 9x compatibility of SSPI calls */
+
+  (void)passwdp;
+  (void)userp;
+  (void)data;
+
+  type_2_desc.ulVersion = type_3_desc.ulVersion  = SECBUFFER_VERSION;
+  type_2_desc.cBuffers  = type_3_desc.cBuffers   = 1;
+  type_2_desc.pBuffers  = &type_2;
+  type_3_desc.pBuffers  = &type_3;
+
+  type_2.BufferType = SECBUFFER_TOKEN;
+  type_2.pvBuffer   = ntlm->type_2;
+  type_2.cbBuffer   = ntlm->n_type_2;
+  type_3.BufferType = SECBUFFER_TOKEN;
+  type_3.pvBuffer   = ntlmbuf;
+  type_3.cbBuffer   = NTLM_BUFSIZE;
+
+  status = s_pSecFn->InitializeSecurityContextA(&ntlm->handle,
+                                                &ntlm->c_handle,
+                                                (void *)dest,
+                                                ISC_REQ_CONFIDENTIALITY |
+                                                ISC_REQ_REPLAY_DETECT |
+                                                ISC_REQ_CONNECTION,
+                                                0, SECURITY_NETWORK_DREP,
+                                                &type_2_desc,
+                                                0, &ntlm->c_handle,
+                                                &type_3_desc,
+                                                &attrs, &tsDummy);
+  if(status != SEC_E_OK)
+    return CURLE_RECV_ERROR;
+
+  size = type_3.cbBuffer;
+
+  Curl_ntlm_sspi_cleanup(ntlm);
+
+#else
+  int lmrespoff;
+  unsigned char lmresp[24]; /* fixed-size */
+#if USE_NTRESPONSES
+  int ntrespoff;
+  unsigned char ntresp[24]; /* fixed-size */
+#endif
+  bool unicode = (ntlm->flags & NTLMFLAG_NEGOTIATE_UNICODE) ? TRUE : FALSE;
+  char host[HOSTNAME_MAX + 1] = "";
+  const char *user;
+  const char *domain = "";
+  size_t hostoff = 0;
+  size_t useroff = 0;
+  size_t domoff = 0;
+  size_t hostlen = 0;
+  size_t userlen = 0;
+  size_t domlen = 0;
+  CURLcode res;
+
+  user = strchr(userp, '\\');
+  if(!user)
+    user = strchr(userp, '/');
+
+  if(user) {
+    domain = userp;
+    domlen = (user - domain);
+    user++;
+  }
+  else
+    user = userp;
+
+  if(user)
+    userlen = strlen(user);
+
+  /* Get the machine's un-qualified host name as NTLM doesn't like the fully
+     qualified domain name */
+  if(Curl_gethostname(host, sizeof(host))) {
+    infof(data, "gethostname() failed, continuing without!");
+    hostlen = 0;
+  }
+  else {
+    hostlen = strlen(host);
+  }
+
+  if(unicode) {
+    domlen = domlen * 2;
+    userlen = userlen * 2;
+    hostlen = hostlen * 2;
+  }
+
+#if USE_NTLM2SESSION
+  /* We don't support NTLM2 if we don't have USE_NTRESPONSES */
+  if(ntlm->flags & NTLMFLAG_NEGOTIATE_NTLM2_KEY) {
+    unsigned char ntbuffer[0x18];
+    unsigned char tmp[0x18];
+    unsigned char md5sum[MD5_DIGEST_LENGTH];
+    unsigned char entropy[8];
+
+    /* Need to create 8 bytes random data */
+#ifdef USE_SSLEAY
+    MD5_CTX MD5pw;
+    Curl_ossl_seed(data); /* Initiate the seed if not already done */
+    RAND_bytes(entropy, 8);
+#elif defined(USE_GNUTLS)
+    gcry_md_hd_t MD5pw;
+    Curl_gtls_seed(data); /* Initiate the seed if not already done */
+    gcry_randomize(entropy, 8, GCRY_STRONG_RANDOM);
+#elif defined(USE_NSS)
+    PK11Context *MD5pw;
+    unsigned int MD5len;
+    Curl_nss_seed(data);  /* Initiate the seed if not already done */
+    PK11_GenerateRandom(entropy, 8);
+#endif
+
+    /* 8 bytes random data as challenge in lmresp */
+    memcpy(lmresp, entropy, 8);
+
+    /* Pad with zeros */
+    memset(lmresp + 8, 0, 0x10);
+
+    /* Fill tmp with challenge(nonce?) + entropy */
+    memcpy(tmp, &ntlm->nonce[0], 8);
+    memcpy(tmp + 8, entropy, 8);
+
+#ifdef USE_SSLEAY
+    MD5_Init(&MD5pw);
+    MD5_Update(&MD5pw, tmp, 16);
+    MD5_Final(md5sum, &MD5pw);
+#elif defined(USE_GNUTLS)
+    gcry_md_open(&MD5pw, GCRY_MD_MD5, 0);
+    gcry_md_write(MD5pw, tmp, MD5_DIGEST_LENGTH);
+    memcpy(md5sum, gcry_md_read (MD5pw, 0), MD5_DIGEST_LENGTH);
+    gcry_md_close(MD5pw);
+#elif defined(USE_NSS)
+    MD5pw = PK11_CreateDigestContext(SEC_OID_MD5);
+    PK11_DigestOp(MD5pw, tmp, 16);
+    PK11_DigestFinal(MD5pw, md5sum, &MD5len, MD5_DIGEST_LENGTH);
+    PK11_DestroyContext(MD5pw, PR_TRUE);
+#endif
+
+    /* We shall only use the first 8 bytes of md5sum, but the des
+       code in Curl_ntlm_core_lm_resp only encrypt the first 8 bytes */
+    if(CURLE_OUT_OF_MEMORY ==
+       Curl_ntlm_core_mk_nt_hash(data, passwdp, ntbuffer))
+      return CURLE_OUT_OF_MEMORY;
+    Curl_ntlm_core_lm_resp(ntbuffer, md5sum, ntresp);
+
+    /* End of NTLM2 Session code */
+  }
+  else
+#endif
+  {
+
+#if USE_NTRESPONSES
+    unsigned char ntbuffer[0x18];
+#endif
+    unsigned char lmbuffer[0x18];
+
+#if USE_NTRESPONSES
+    if(CURLE_OUT_OF_MEMORY ==
+       Curl_ntlm_core_mk_nt_hash(data, passwdp, ntbuffer))
+      return CURLE_OUT_OF_MEMORY;
+    Curl_ntlm_core_lm_resp(ntbuffer, &ntlm->nonce[0], ntresp);
+#endif
+
+    Curl_ntlm_core_mk_lm_hash(data, passwdp, lmbuffer);
+    Curl_ntlm_core_lm_resp(lmbuffer, &ntlm->nonce[0], lmresp);
+    /* A safer but less compatible alternative is:
+     *   Curl_ntlm_core_lm_resp(ntbuffer, &ntlm->nonce[0], lmresp);
+     * See http://davenport.sourceforge.net/ntlm.html#ntlmVersion2 */
+  }
+
+  lmrespoff = 64; /* size of the message header */
+#if USE_NTRESPONSES
+  ntrespoff = lmrespoff + 0x18;
+  domoff = ntrespoff + 0x18;
+#else
+  domoff = lmrespoff + 0x18;
+#endif
+  useroff = domoff + domlen;
+  hostoff = useroff + userlen;
+
+  /* Create the big type-3 message binary blob */
+  size = snprintf((char *)ntlmbuf, NTLM_BUFSIZE,
+                  NTLMSSP_SIGNATURE "%c"
+                  "\x03%c%c%c"  /* 32-bit type = 3 */
+
+                  "%c%c"  /* LanManager length */
+                  "%c%c"  /* LanManager allocated space */
+                  "%c%c"  /* LanManager offset */
+                  "%c%c"  /* 2 zeroes */
+
+                  "%c%c"  /* NT-response length */
+                  "%c%c"  /* NT-response allocated space */
+                  "%c%c"  /* NT-response offset */
+                  "%c%c"  /* 2 zeroes */
+
+                  "%c%c"  /* domain length */
+                  "%c%c"  /* domain allocated space */
+                  "%c%c"  /* domain name offset */
+                  "%c%c"  /* 2 zeroes */
+
+                  "%c%c"  /* user length */
+                  "%c%c"  /* user allocated space */
+                  "%c%c"  /* user offset */
+                  "%c%c"  /* 2 zeroes */
+
+                  "%c%c"  /* host length */
+                  "%c%c"  /* host allocated space */
+                  "%c%c"  /* host offset */
+                  "%c%c"  /* 2 zeroes */
+
+                  "%c%c"  /* session key length (unknown purpose) */
+                  "%c%c"  /* session key allocated space (unknown purpose) */
+                  "%c%c"  /* session key offset (unknown purpose) */
+                  "%c%c"  /* 2 zeroes */
+
+                  "%c%c%c%c",  /* flags */
+
+                  /* domain string */
+                  /* user string */
+                  /* host string */
+                  /* LanManager response */
+                  /* NT response */
+
+                  0,                /* zero termination */
+                  0, 0, 0,          /* type-3 long, the 24 upper bits */
+
+                  SHORTPAIR(0x18),  /* LanManager response length, twice */
+                  SHORTPAIR(0x18),
+                  SHORTPAIR(lmrespoff),
+                  0x0, 0x0,
+
+#if USE_NTRESPONSES
+                  SHORTPAIR(0x18),  /* NT-response length, twice */
+                  SHORTPAIR(0x18),
+                  SHORTPAIR(ntrespoff),
+                  0x0, 0x0,
+#else
+                  0x0, 0x0,
+                  0x0, 0x0,
+                  0x0, 0x0,
+                  0x0, 0x0,
+#endif
+                  SHORTPAIR(domlen),
+                  SHORTPAIR(domlen),
+                  SHORTPAIR(domoff),
+                  0x0, 0x0,
+
+                  SHORTPAIR(userlen),
+                  SHORTPAIR(userlen),
+                  SHORTPAIR(useroff),
+                  0x0, 0x0,
+
+                  SHORTPAIR(hostlen),
+                  SHORTPAIR(hostlen),
+                  SHORTPAIR(hostoff),
+                  0x0, 0x0,
+
+                  0x0, 0x0,
+                  0x0, 0x0,
+                  0x0, 0x0,
+                  0x0, 0x0,
+
+                  LONGQUARTET(ntlm->flags));
+
+  DEBUGASSERT(size == 64);
+  DEBUGASSERT(size == (size_t)lmrespoff);
+
+  /* We append the binary hashes */
+  if(size < (NTLM_BUFSIZE - 0x18)) {
+    memcpy(&ntlmbuf[size], lmresp, 0x18);
+    size += 0x18;
+  }
+
+  DEBUG_OUT({
+    fprintf(stderr, "**** TYPE3 header lmresp=");
+    ntlm_print_hex(stderr, (char *)&ntlmbuf[lmrespoff], 0x18);
+  });
+
+#if USE_NTRESPONSES
+  if(size < (NTLM_BUFSIZE - 0x18)) {
+    DEBUGASSERT(size == (size_t)ntrespoff);
+    memcpy(&ntlmbuf[size], ntresp, 0x18);
+    size += 0x18;
+  }
+
+  DEBUG_OUT({
+    fprintf(stderr, "\n   ntresp=");
+    ntlm_print_hex(stderr, (char *)&ntlmbuf[ntrespoff], 0x18);
+  });
+
+#endif
+
+  DEBUG_OUT({
+    fprintf(stderr, "\n   flags=0x%02.2x%02.2x%02.2x%02.2x 0x%08.8x ",
+            LONGQUARTET(ntlm->flags), ntlm->flags);
+    ntlm_print_flags(stderr, ntlm->flags);
+    fprintf(stderr, "\n****\n");
+  });
+
+  /* Make sure that the domain, user and host strings fit in the
+     buffer before we copy them there. */
+  if(size + userlen + domlen + hostlen >= NTLM_BUFSIZE) {
+    failf(data, "user + domain + host name too big");
+    return CURLE_OUT_OF_MEMORY;
+  }
+
+  DEBUGASSERT(size == domoff);
+  if(unicode)
+    unicodecpy(&ntlmbuf[size], domain, domlen / 2);
+  else
+    memcpy(&ntlmbuf[size], domain, domlen);
+
+  size += domlen;
+
+  DEBUGASSERT(size == useroff);
+  if(unicode)
+    unicodecpy(&ntlmbuf[size], user, userlen / 2);
+  else
+    memcpy(&ntlmbuf[size], user, userlen);
+
+  size += userlen;
+
+  DEBUGASSERT(size == hostoff);
+  if(unicode)
+    unicodecpy(&ntlmbuf[size], host, hostlen / 2);
+  else
+    memcpy(&ntlmbuf[size], host, hostlen);
+
+  size += hostlen;
+
+  /* Convert domain, user, and host to ASCII but leave the rest as-is */
+  res = Curl_convert_to_network(data, (char *)&ntlmbuf[domoff],
+                                size - domoff);
+  if(res)
+    return CURLE_CONV_FAILED;
+
+#endif
+
+  /* Return with binary blob encoded into base64 */
+  return Curl_base64_encode(NULL, (char *)ntlmbuf, size, outptr, outlen);
+}
+
+#endif /* USE_NTLM */

lib/curl_ntlm_msgs.h

@@ -1,5 +1,5 @@
-#ifndef __HTTP_NTLM_H
-#define __HTTP_NTLM_H
+#ifndef HEADER_CURL_NTLM_MSGS_H
+#define HEADER_CURL_NTLM_MSGS_H
 /***************************************************************************
  *                                  _   _ ____  _
  *  Project                     ___| | | |  _ \| |
@@ -7,7 +7,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2009, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2011, Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
@@ -22,27 +22,43 @@
  *
  ***************************************************************************/
 
-typedef enum {
-  CURLNTLM_NONE, /* not a ntlm */
-  CURLNTLM_BAD,  /* an ntlm, but one we don't like */
-  CURLNTLM_FIRST, /* the first 401-reply we got with NTLM */
-  CURLNTLM_FINE, /* an ntlm we act on */
+#include "setup.h"
 
-  CURLNTLM_LAST  /* last entry in this enum, don't use */
-} CURLntlm;
+#ifdef USE_NTLM
 
-/* this is for ntlm header input */
-CURLntlm Curl_input_ntlm(struct connectdata *conn, bool proxy,
-                         const char *header);
+/* This is to generate a base64 encoded NTLM type-1 message */
+CURLcode Curl_ntlm_create_type1_message(const char *userp,
+                                        const char *passwdp,
+                                        struct ntlmdata *ntlm,
+                                        char **outptr,
+                                        size_t *outlen);
 
-/* this is for creating ntlm header output */
-CURLcode Curl_output_ntlm(struct connectdata *conn, bool proxy);
+/* This is to generate a base64 encoded NTLM type-3 message */
+CURLcode Curl_ntlm_create_type3_message(struct SessionHandle *data,
+                                        const char *userp,
+                                        const char *passwdp,
+                                        struct ntlmdata *ntlm,
+                                        char **outptr,
+                                        size_t *outlen);
 
-void Curl_ntlm_cleanup(struct connectdata *conn);
-#ifndef USE_NTLM
-#define Curl_ntlm_cleanup(x)
+/* This is to decode a NTLM type-2 message */
+CURLcode Curl_ntlm_decode_type2_message(struct SessionHandle *data,
+                                        const char* header,
+                                        struct ntlmdata* ntlm);
+
+/* This is to clean up the ntlm data structure */
+#ifdef USE_WINDOWS_SSPI
+void Curl_ntlm_sspi_cleanup(struct ntlmdata *ntlm);
+#else
+#define Curl_ntlm_sspi_cleanup(x)
 #endif
 
+/* NTLM buffer fixed size, large enough for long user + host + domain */
+#define NTLM_BUFSIZE 1024
+
+/* Stuff only required for curl_ntlm_msgs.c */
+#ifdef BUILDING_CURL_NTLM_MSGS_C
+
 /* Flag bits definitions based on http://davenport.sourceforge.net/ntlm.html */
 
 #define NTLMFLAG_NEGOTIATE_UNICODE               (1<<0)
@@ -146,4 +162,9 @@ void Curl_ntlm_cleanup(struct connectdata *conn);
 
 #define NTLMFLAG_NEGOTIATE_56                    (1<<31)
 /* Indicates that 56-bit encryption is supported. */
-#endif
+
+#endif /* BUILDING_CURL_NTLM_MSGS_C */
+
+#endif /* USE_NTLM */
+
+#endif /* HEADER_CURL_NTLM_MSGS_H */

lib/curl_ntlm_wb.c

@@ -0,0 +1,394 @@
+/***************************************************************************
+ *                                  _   _ ____  _
+ *  Project                     ___| | | |  _ \| |
+ *                             / __| | | | |_) | |
+ *                            | (__| |_| |  _ <| |___
+ *                             \___|\___/|_| \_\_____|
+ *
+ * Copyright (C) 1998 - 2011, Daniel Stenberg, <daniel@haxx.se>, et al.
+ *
+ * This software is licensed as described in the file COPYING, which
+ * you should have received as part of this distribution. The terms
+ * are also available at http://curl.haxx.se/docs/copyright.html.
+ *
+ * You may opt to use, copy, modify, merge, publish, distribute and/or sell
+ * copies of the Software, and permit persons to whom the Software is
+ * furnished to do so, under the terms of the COPYING file.
+ *
+ * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
+ * KIND, either express or implied.
+ *
+ ***************************************************************************/
+
+#include "setup.h"
+
+#if defined(USE_NTLM) && defined(NTLM_WB_ENABLED)
+
+/*
+ * NTLM details:
+ *
+ * http://davenport.sourceforge.net/ntlm.html
+ * http://www.innovation.ch/java/ntlm.html
+ */
+
+#define DEBUG_ME 0
+
+#ifdef HAVE_UNISTD_H
+#include <unistd.h>
+#endif
+#ifdef HAVE_SYS_WAIT_H
+#include <sys/wait.h>
+#endif
+#ifdef HAVE_SIGNAL_H
+#include <signal.h>
+#endif
+
+#include "urldata.h"
+#include "sendf.h"
+#include "select.h"
+#include "curl_ntlm_wb.h"
+#include "url.h"
+#include "strerror.h"
+#include "curl_memory.h"
+
+#define _MPRINTF_REPLACE /* use our functions only */
+#include <curl/mprintf.h>
+
+/* The last #include file should be: */
+#include "memdebug.h"
+
+#if DEBUG_ME
+# define DEBUG_OUT(x) x
+#else
+# define DEBUG_OUT(x) Curl_nop_stmt
+#endif
+
+/* Portable 'sclose_nolog' used only in child process instead of 'sclose'
+   to avoid fooling the socket leak detector */
+#if defined(HAVE_CLOSESOCKET)
+#  define sclose_nolog(x)  closesocket((x))
+#elif defined(HAVE_CLOSESOCKET_CAMEL)
+#  define sclose_nolog(x)  CloseSocket((x))
+#else
+#  define sclose_nolog(x)  close((x))
+#endif
+
+void Curl_ntlm_wb_cleanup(struct connectdata *conn)
+{
+  if(conn->ntlm_auth_hlpr_socket != CURL_SOCKET_BAD) {
+    sclose(conn->ntlm_auth_hlpr_socket);
+    conn->ntlm_auth_hlpr_socket = CURL_SOCKET_BAD;
+  }
+
+  if(conn->ntlm_auth_hlpr_pid) {
+    int i;
+    for(i = 0; i < 4; i++) {
+      pid_t ret = waitpid(conn->ntlm_auth_hlpr_pid, NULL, WNOHANG);
+      if(ret == conn->ntlm_auth_hlpr_pid || errno == ECHILD)
+        break;
+      switch(i) {
+      case 0:
+        kill(conn->ntlm_auth_hlpr_pid, SIGTERM);
+        break;
+      case 1:
+        /* Give the process another moment to shut down cleanly before
+           bringing down the axe */
+        Curl_wait_ms(1);
+        break;
+      case 2:
+        kill(conn->ntlm_auth_hlpr_pid, SIGKILL);
+        break;
+      case 3:
+        break;
+      }
+    }
+    conn->ntlm_auth_hlpr_pid = 0;
+  }
+
+  Curl_safefree(conn->challenge_header);
+  conn->challenge_header = NULL;
+  Curl_safefree(conn->response_header);
+  conn->response_header = NULL;
+}
+
+static CURLcode ntlm_wb_init(struct connectdata *conn, const char *userp)
+{
+  curl_socket_t sockfds[2];
+  pid_t child_pid;
+  const char *username;
+  char *slash, *domain = NULL;
+  const char *ntlm_auth = NULL;
+  char *ntlm_auth_alloc = NULL;
+  int error;
+
+  /* Return if communication with ntlm_auth already set up */
+  if(conn->ntlm_auth_hlpr_socket != CURL_SOCKET_BAD ||
+     conn->ntlm_auth_hlpr_pid)
+    return CURLE_OK;
+
+  username = userp;
+  slash = strpbrk(username, "\\/");
+  if(slash) {
+    if((domain = strdup(username)) == NULL)
+      return CURLE_OUT_OF_MEMORY;
+    slash = domain + (slash - username);
+    *slash = '\0';
+    username = username + (slash - domain) + 1;
+  }
+
+  /* For testing purposes, when DEBUGBUILD is defined and environment
+     variable CURL_NTLM_WB_FILE is set a fake_ntlm is used to perform
+     NTLM challenge/response which only accepts commands and output
+     strings pre-written in test case definitions */
+#ifdef DEBUGBUILD
+  ntlm_auth_alloc = curl_getenv("CURL_NTLM_WB_FILE");
+  if(ntlm_auth_alloc)
+    ntlm_auth = ntlm_auth_alloc;
+  else
+#endif
+    ntlm_auth = NTLM_WB_FILE;
+
+  if(access(ntlm_auth, X_OK) != 0) {
+    error = ERRNO;
+    failf(conn->data, "Could not access ntlm_auth: %s errno %d: %s",
+          ntlm_auth, error, Curl_strerror(conn, error));
+    goto done;
+  }
+
+  if(socketpair(AF_UNIX, SOCK_STREAM, 0, sockfds)) {
+    error = ERRNO;
+    failf(conn->data, "Could not open socket pair. errno %d: %s",
+          error, Curl_strerror(conn, error));
+    goto done;
+  }
+
+  child_pid = fork();
+  if(child_pid == -1) {
+    error = ERRNO;
+    sclose(sockfds[0]);
+    sclose(sockfds[1]);
+    failf(conn->data, "Could not fork. errno %d: %s",
+          error, Curl_strerror(conn, error));
+    goto done;
+  }
+  else if(!child_pid) {
+    /*
+     * child process
+     */
+
+    /* Don't use sclose in the child since it fools the socket leak detector */
+    sclose_nolog(sockfds[0]);
+    if(dup2(sockfds[1], STDIN_FILENO) == -1) {
+      error = ERRNO;
+      failf(conn->data, "Could not redirect child stdin. errno %d: %s",
+            error, Curl_strerror(conn, error));
+      exit(1);
+    }
+
+    if(dup2(sockfds[1], STDOUT_FILENO) == -1) {
+      error = ERRNO;
+      failf(conn->data, "Could not redirect child stdout. errno %d: %s",
+            error, Curl_strerror(conn, error));
+      exit(1);
+    }
+
+    if(domain)
+      execl(ntlm_auth, ntlm_auth,
+            "--helper-protocol", "ntlmssp-client-1",
+            "--use-cached-creds",
+            "--username", username,
+            "--domain", domain,
+            NULL);
+    else
+      execl(ntlm_auth, ntlm_auth,
+            "--helper-protocol", "ntlmssp-client-1",
+            "--use-cached-creds",
+            "--username", username,
+            NULL);
+
+    error = ERRNO;
+    sclose_nolog(sockfds[1]);
+    failf(conn->data, "Could not execl(). errno %d: %s",
+          error, Curl_strerror(conn, error));
+    exit(1);
+  }
+
+  sclose(sockfds[1]);
+  conn->ntlm_auth_hlpr_socket = sockfds[0];
+  conn->ntlm_auth_hlpr_pid = child_pid;
+  Curl_safefree(domain);
+  Curl_safefree(ntlm_auth_alloc);
+  return CURLE_OK;
+
+done:
+  Curl_safefree(domain);
+  Curl_safefree(ntlm_auth_alloc);
+  return CURLE_REMOTE_ACCESS_DENIED;
+}
+
+static CURLcode ntlm_wb_response(struct connectdata *conn,
+                                 const char *input, curlntlm state)
+{
+  ssize_t size;
+  char buf[200]; /* enough, type 1, 3 message length is less then 200 */
+  char *tmpbuf = buf;
+  size_t len_in = strlen(input), len_out = sizeof(buf);
+
+  while(len_in > 0) {
+    ssize_t written = swrite(conn->ntlm_auth_hlpr_socket, input, len_in);
+    if(written == -1) {
+      /* Interrupted by a signal, retry it */
+      if(errno == EINTR)
+        continue;
+      /* write failed if other errors happen */
+      goto done;
+    }
+    input += written;
+    len_in -= written;
+  }
+  /* Read one line */
+  while(len_out > 0) {
+    size = sread(conn->ntlm_auth_hlpr_socket, tmpbuf, len_out);
+    if(size == -1) {
+      if(errno == EINTR)
+        continue;
+      goto done;
+    }
+    else if(size == 0)
+      goto done;
+    else if(tmpbuf[size - 1] == '\n') {
+      tmpbuf[size - 1] = '\0';
+      goto wrfinish;
+    }
+    tmpbuf += size;
+    len_out -= size;
+  }
+  goto done;
+wrfinish:
+  /* Samba/winbind installed but not configured */
+  if(state == NTLMSTATE_TYPE1 &&
+     size == 3 &&
+     buf[0] == 'P' && buf[1] == 'W')
+    return CURLE_REMOTE_ACCESS_DENIED;
+  /* invalid response */
+  if(size < 4)
+    goto done;
+  if(state == NTLMSTATE_TYPE1 &&
+     (buf[0]!='Y' || buf[1]!='R' || buf[2]!=' '))
+    goto done;
+  if(state == NTLMSTATE_TYPE2 &&
+     (buf[0]!='K' || buf[1]!='K' || buf[2]!=' ') &&
+     (buf[0]!='A' || buf[1]!='F' || buf[2]!=' '))
+    goto done;
+
+  conn->response_header = aprintf("NTLM %.*s", size - 4, buf + 3);
+  return CURLE_OK;
+done:
+  return CURLE_REMOTE_ACCESS_DENIED;
+}
+
+/*
+ * This is for creating ntlm header output by delegating challenge/response
+ * to Samba's winbind daemon helper ntlm_auth.
+ */
+CURLcode Curl_output_ntlm_wb(struct connectdata *conn,
+                              bool proxy)
+{
+  /* point to the address of the pointer that holds the string to send to the
+     server, which is for a plain host or for a HTTP proxy */
+  char **allocuserpwd;
+  /* point to the name and password for this */
+  const char *userp;
+  /* point to the correct struct with this */
+  struct ntlmdata *ntlm;
+  struct auth *authp;
+
+  CURLcode res = CURLE_OK;
+  char *input;
+
+  DEBUGASSERT(conn);
+  DEBUGASSERT(conn->data);
+
+  if(proxy) {
+    allocuserpwd = &conn->allocptr.proxyuserpwd;
+    userp = conn->proxyuser;
+    ntlm = &conn->proxyntlm;
+    authp = &conn->data->state.authproxy;
+  }
+  else {
+    allocuserpwd = &conn->allocptr.userpwd;
+    userp = conn->user;
+    ntlm = &conn->ntlm;
+    authp = &conn->data->state.authhost;
+  }
+  authp->done = FALSE;
+
+  /* not set means empty */
+  if(!userp)
+    userp="";
+
+  switch(ntlm->state) {
+  case NTLMSTATE_TYPE1:
+  default:
+    /* Use Samba's 'winbind' daemon to support NTLM authentication,
+     * by delegating the NTLM challenge/response protocal to a helper
+     * in ntlm_auth.
+     * http://devel.squid-cache.org/ntlm/squid_helper_protocol.html
+     * http://www.samba.org/samba/docs/man/manpages-3/winbindd.8.html
+     * http://www.samba.org/samba/docs/man/manpages-3/ntlm_auth.1.html
+     * Preprocessor symbol 'NTLM_WB_ENABLED' is defined when this
+     * feature is enabled and 'NTLM_WB_FILE' symbol holds absolute
+     * filename of ntlm_auth helper.
+     * If NTLM authentication using winbind fails, go back to original
+     * request handling process.
+     */
+    /* Create communication with ntlm_auth */
+    res = ntlm_wb_init(conn, userp);
+    if(res)
+      return res;
+    res = ntlm_wb_response(conn, "YR\n", ntlm->state);
+    if(res)
+      return res;
+
+    Curl_safefree(*allocuserpwd);
+    *allocuserpwd = aprintf("%sAuthorization: %s\r\n",
+                            proxy ? "Proxy-" : "",
+                            conn->response_header);
+    DEBUG_OUT(fprintf(stderr, "**** Header %s\n ", *allocuserpwd));
+    Curl_safefree(conn->response_header);
+    conn->response_header = NULL;
+    break;
+  case NTLMSTATE_TYPE2:
+    input = aprintf("TT %s", conn->challenge_header);
+    if(!input)
+      return CURLE_OUT_OF_MEMORY;
+    res = ntlm_wb_response(conn, input, ntlm->state);
+    free(input);
+    input = NULL;
+    if(res)
+      return res;
+
+    Curl_safefree(*allocuserpwd);
+    *allocuserpwd = aprintf("%sAuthorization: %s\r\n",
+                            proxy ? "Proxy-" : "",
+                            conn->response_header);
+    DEBUG_OUT(fprintf(stderr, "**** %s\n ", *allocuserpwd));
+    ntlm->state = NTLMSTATE_TYPE3; /* we sent a type-3 */
+    authp->done = TRUE;
+    Curl_ntlm_wb_cleanup(conn);
+    break;
+  case NTLMSTATE_TYPE3:
+    /* connection is already authenticated,
+     * don't send a header in future requests */
+    if(*allocuserpwd) {
+      free(*allocuserpwd);
+      *allocuserpwd=NULL;
+    }
+    authp->done = TRUE;
+    break;
+  }
+
+  return CURLE_OK;
+}
+
+#endif /* USE_NTLM && NTLM_WB_ENABLED */

lib/curl_ntlm_wb.h

@@ -0,0 +1,37 @@
+#ifndef HEADER_CURL_NTLM_WB_H
+#define HEADER_CURL_NTLM_WB_H
+/***************************************************************************
+ *                                  _   _ ____  _
+ *  Project                     ___| | | |  _ \| |
+ *                             / __| | | | |_) | |
+ *                            | (__| |_| |  _ <| |___
+ *                             \___|\___/|_| \_\_____|
+ *
+ * Copyright (C) 1998 - 2011, Daniel Stenberg, <daniel@haxx.se>, et al.
+ *
+ * This software is licensed as described in the file COPYING, which
+ * you should have received as part of this distribution. The terms
+ * are also available at http://curl.haxx.se/docs/copyright.html.
+ *
+ * You may opt to use, copy, modify, merge, publish, distribute and/or sell
+ * copies of the Software, and permit persons to whom the Software is
+ * furnished to do so, under the terms of the COPYING file.
+ *
+ * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
+ * KIND, either express or implied.
+ *
+ ***************************************************************************/
+
+#include "setup.h"
+
+#if defined(USE_NTLM) && defined(NTLM_WB_ENABLED)
+
+/* this is for creating ntlm header output by delegating challenge/response
+   to Samba's winbind daemon helper ntlm_auth */
+CURLcode Curl_output_ntlm_wb(struct connectdata *conn, bool proxy);
+
+void Curl_ntlm_wb_cleanup(struct connectdata *conn);
+
+#endif /* USE_NTLM && NTLM_WB_ENABLED */
+
+#endif /* HEADER_CURL_NTLM_WB_H */

lib/curl_rtmp.c

@@ -71,6 +71,7 @@ const struct Curl_handler Curl_handler_rtmp = {
   ZERO_NULL,                            /* doing */
   ZERO_NULL,                            /* proto_getsock */
   ZERO_NULL,                            /* doing_getsock */
+  ZERO_NULL,                            /* domore_getsock */
   ZERO_NULL,                            /* perform_getsock */
   rtmp_disconnect,                      /* disconnect */
   ZERO_NULL,                            /* readwrite */
@@ -90,6 +91,7 @@ const struct Curl_handler Curl_handler_rtmpt = {
   ZERO_NULL,                            /* doing */
   ZERO_NULL,                            /* proto_getsock */
   ZERO_NULL,                            /* doing_getsock */
+  ZERO_NULL,                            /* domore_getsock */
   ZERO_NULL,                            /* perform_getsock */
   rtmp_disconnect,                      /* disconnect */
   ZERO_NULL,                            /* readwrite */
@@ -109,6 +111,7 @@ const struct Curl_handler Curl_handler_rtmpe = {
   ZERO_NULL,                            /* doing */
   ZERO_NULL,                            /* proto_getsock */
   ZERO_NULL,                            /* doing_getsock */
+  ZERO_NULL,                            /* domore_getsock */
   ZERO_NULL,                            /* perform_getsock */
   rtmp_disconnect,                      /* disconnect */
   ZERO_NULL,                            /* readwrite */
@@ -128,6 +131,7 @@ const struct Curl_handler Curl_handler_rtmpte = {
   ZERO_NULL,                            /* doing */
   ZERO_NULL,                            /* proto_getsock */
   ZERO_NULL,                            /* doing_getsock */
+  ZERO_NULL,                            /* domore_getsock */
   ZERO_NULL,                            /* perform_getsock */
   rtmp_disconnect,                      /* disconnect */
   ZERO_NULL,                            /* readwrite */
@@ -147,6 +151,7 @@ const struct Curl_handler Curl_handler_rtmps = {
   ZERO_NULL,                            /* doing */
   ZERO_NULL,                            /* proto_getsock */
   ZERO_NULL,                            /* doing_getsock */
+  ZERO_NULL,                            /* domore_getsock */
   ZERO_NULL,                            /* perform_getsock */
   rtmp_disconnect,                      /* disconnect */
   ZERO_NULL,                            /* readwrite */
@@ -166,6 +171,7 @@ const struct Curl_handler Curl_handler_rtmpts = {
   ZERO_NULL,                            /* doing */
   ZERO_NULL,                            /* proto_getsock */
   ZERO_NULL,                            /* doing_getsock */
+  ZERO_NULL,                            /* domore_getsock */
   ZERO_NULL,                            /* perform_getsock */
   rtmp_disconnect,                      /* disconnect */
   ZERO_NULL,                            /* readwrite */

lib/curl_threads.c

@@ -19,6 +19,7 @@
  * KIND, either express or implied.
  *
  ***************************************************************************/
+
 #include "setup.h"
 
 #if defined(USE_THREADS_POSIX)