Annotation of embedaddon/curl/lib/vauth/digest_sspi.c, revision 1.1.1.1
1.1 misho 1: /***************************************************************************
2: * _ _ ____ _
3: * Project ___| | | | _ \| |
4: * / __| | | | |_) | |
5: * | (__| |_| | _ <| |___
6: * \___|\___/|_| \_\_____|
7: *
8: * Copyright (C) 2014 - 2016, Steve Holme, <steve_holme@hotmail.com>.
9: * Copyright (C) 2015 - 2019, Daniel Stenberg, <daniel@haxx.se>, et al.
10: *
11: * This software is licensed as described in the file COPYING, which
12: * you should have received as part of this distribution. The terms
13: * are also available at https://curl.haxx.se/docs/copyright.html.
14: *
15: * You may opt to use, copy, modify, merge, publish, distribute and/or sell
16: * copies of the Software, and permit persons to whom the Software is
17: * furnished to do so, under the terms of the COPYING file.
18: *
19: * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
20: * KIND, either express or implied.
21: *
22: * RFC2831 DIGEST-MD5 authentication
23: *
24: ***************************************************************************/
25:
26: #include "curl_setup.h"
27:
28: #if defined(USE_WINDOWS_SSPI) && !defined(CURL_DISABLE_CRYPTO_AUTH)
29:
30: #include <curl/curl.h>
31:
32: #include "vauth/vauth.h"
33: #include "vauth/digest.h"
34: #include "urldata.h"
35: #include "curl_base64.h"
36: #include "warnless.h"
37: #include "curl_multibyte.h"
38: #include "sendf.h"
39: #include "strdup.h"
40: #include "strcase.h"
41:
42: /* The last #include files should be: */
43: #include "curl_memory.h"
44: #include "memdebug.h"
45:
46: /*
47: * Curl_auth_is_digest_supported()
48: *
49: * This is used to evaluate if DIGEST is supported.
50: *
51: * Parameters: None
52: *
53: * Returns TRUE if DIGEST is supported by Windows SSPI.
54: */
55: bool Curl_auth_is_digest_supported(void)
56: {
57: PSecPkgInfo SecurityPackage;
58: SECURITY_STATUS status;
59:
60: /* Query the security package for Digest */
61: status = s_pSecFn->QuerySecurityPackageInfo((TCHAR *) TEXT(SP_NAME_DIGEST),
62: &SecurityPackage);
63:
64: /* Release the package buffer as it is not required anymore */
65: if(status == SEC_E_OK) {
66: s_pSecFn->FreeContextBuffer(SecurityPackage);
67: }
68:
69: return (status == SEC_E_OK ? TRUE : FALSE);
70: }
71:
72: /*
73: * Curl_auth_create_digest_md5_message()
74: *
75: * This is used to generate an already encoded DIGEST-MD5 response message
76: * ready for sending to the recipient.
77: *
78: * Parameters:
79: *
80: * data [in] - The session handle.
81: * chlg64 [in] - The base64 encoded challenge message.
82: * userp [in] - The user name in the format User or Domain\User.
83: * passwdp [in] - The user's password.
84: * service [in] - The service type such as http, smtp, pop or imap.
85: * outptr [in/out] - The address where a pointer to newly allocated memory
86: * holding the result will be stored upon completion.
87: * outlen [out] - The length of the output message.
88: *
89: * Returns CURLE_OK on success.
90: */
91: CURLcode Curl_auth_create_digest_md5_message(struct Curl_easy *data,
92: const char *chlg64,
93: const char *userp,
94: const char *passwdp,
95: const char *service,
96: char **outptr, size_t *outlen)
97: {
98: CURLcode result = CURLE_OK;
99: TCHAR *spn = NULL;
100: size_t chlglen = 0;
101: size_t token_max = 0;
102: unsigned char *input_token = NULL;
103: unsigned char *output_token = NULL;
104: CredHandle credentials;
105: CtxtHandle context;
106: PSecPkgInfo SecurityPackage;
107: SEC_WINNT_AUTH_IDENTITY identity;
108: SEC_WINNT_AUTH_IDENTITY *p_identity;
109: SecBuffer chlg_buf;
110: SecBuffer resp_buf;
111: SecBufferDesc chlg_desc;
112: SecBufferDesc resp_desc;
113: SECURITY_STATUS status;
114: unsigned long attrs;
115: TimeStamp expiry; /* For Windows 9x compatibility of SSPI calls */
116:
117: /* Decode the base-64 encoded challenge message */
118: if(strlen(chlg64) && *chlg64 != '=') {
119: result = Curl_base64_decode(chlg64, &input_token, &chlglen);
120: if(result)
121: return result;
122: }
123:
124: /* Ensure we have a valid challenge message */
125: if(!input_token) {
126: infof(data, "DIGEST-MD5 handshake failure (empty challenge message)\n");
127:
128: return CURLE_BAD_CONTENT_ENCODING;
129: }
130:
131: /* Query the security package for DigestSSP */
132: status = s_pSecFn->QuerySecurityPackageInfo((TCHAR *) TEXT(SP_NAME_DIGEST),
133: &SecurityPackage);
134: if(status != SEC_E_OK) {
135: free(input_token);
136:
137: return CURLE_NOT_BUILT_IN;
138: }
139:
140: token_max = SecurityPackage->cbMaxToken;
141:
142: /* Release the package buffer as it is not required anymore */
143: s_pSecFn->FreeContextBuffer(SecurityPackage);
144:
145: /* Allocate our response buffer */
146: output_token = malloc(token_max);
147: if(!output_token) {
148: free(input_token);
149:
150: return CURLE_OUT_OF_MEMORY;
151: }
152:
153: /* Generate our SPN */
154: spn = Curl_auth_build_spn(service, data->conn->host.name, NULL);
155: if(!spn) {
156: free(output_token);
157: free(input_token);
158:
159: return CURLE_OUT_OF_MEMORY;
160: }
161:
162: if(userp && *userp) {
163: /* Populate our identity structure */
164: result = Curl_create_sspi_identity(userp, passwdp, &identity);
165: if(result) {
166: free(spn);
167: free(output_token);
168: free(input_token);
169:
170: return result;
171: }
172:
173: /* Allow proper cleanup of the identity structure */
174: p_identity = &identity;
175: }
176: else
177: /* Use the current Windows user */
178: p_identity = NULL;
179:
180: /* Acquire our credentials handle */
181: status = s_pSecFn->AcquireCredentialsHandle(NULL,
182: (TCHAR *) TEXT(SP_NAME_DIGEST),
183: SECPKG_CRED_OUTBOUND, NULL,
184: p_identity, NULL, NULL,
185: &credentials, &expiry);
186:
187: if(status != SEC_E_OK) {
188: Curl_sspi_free_identity(p_identity);
189: free(spn);
190: free(output_token);
191: free(input_token);
192:
193: return CURLE_LOGIN_DENIED;
194: }
195:
196: /* Setup the challenge "input" security buffer */
197: chlg_desc.ulVersion = SECBUFFER_VERSION;
198: chlg_desc.cBuffers = 1;
199: chlg_desc.pBuffers = &chlg_buf;
200: chlg_buf.BufferType = SECBUFFER_TOKEN;
201: chlg_buf.pvBuffer = input_token;
202: chlg_buf.cbBuffer = curlx_uztoul(chlglen);
203:
204: /* Setup the response "output" security buffer */
205: resp_desc.ulVersion = SECBUFFER_VERSION;
206: resp_desc.cBuffers = 1;
207: resp_desc.pBuffers = &resp_buf;
208: resp_buf.BufferType = SECBUFFER_TOKEN;
209: resp_buf.pvBuffer = output_token;
210: resp_buf.cbBuffer = curlx_uztoul(token_max);
211:
212: /* Generate our response message */
213: status = s_pSecFn->InitializeSecurityContext(&credentials, NULL, spn,
214: 0, 0, 0, &chlg_desc, 0,
215: &context, &resp_desc, &attrs,
216: &expiry);
217:
218: if(status == SEC_I_COMPLETE_NEEDED ||
219: status == SEC_I_COMPLETE_AND_CONTINUE)
220: s_pSecFn->CompleteAuthToken(&credentials, &resp_desc);
221: else if(status != SEC_E_OK && status != SEC_I_CONTINUE_NEEDED) {
222: s_pSecFn->FreeCredentialsHandle(&credentials);
223: Curl_sspi_free_identity(p_identity);
224: free(spn);
225: free(output_token);
226: free(input_token);
227:
228: if(status == SEC_E_INSUFFICIENT_MEMORY)
229: return CURLE_OUT_OF_MEMORY;
230:
231: return CURLE_AUTH_ERROR;
232: }
233:
234: /* Base64 encode the response */
235: result = Curl_base64_encode(data, (char *) output_token, resp_buf.cbBuffer,
236: outptr, outlen);
237:
238: /* Free our handles */
239: s_pSecFn->DeleteSecurityContext(&context);
240: s_pSecFn->FreeCredentialsHandle(&credentials);
241:
242: /* Free the identity structure */
243: Curl_sspi_free_identity(p_identity);
244:
245: /* Free the SPN */
246: free(spn);
247:
248: /* Free the response buffer */
249: free(output_token);
250:
251: /* Free the decoded challenge message */
252: free(input_token);
253:
254: return result;
255: }
256:
257: /*
258: * Curl_override_sspi_http_realm()
259: *
260: * This is used to populate the domain in a SSPI identity structure
261: * The realm is extracted from the challenge message and used as the
262: * domain if it is not already explicitly set.
263: *
264: * Parameters:
265: *
266: * chlg [in] - The challenge message.
267: * identity [in/out] - The identity structure.
268: *
269: * Returns CURLE_OK on success.
270: */
271: CURLcode Curl_override_sspi_http_realm(const char *chlg,
272: SEC_WINNT_AUTH_IDENTITY *identity)
273: {
274: xcharp_u domain, dup_domain;
275:
276: /* If domain is blank or unset, check challenge message for realm */
277: if(!identity->Domain || !identity->DomainLength) {
278: for(;;) {
279: char value[DIGEST_MAX_VALUE_LENGTH];
280: char content[DIGEST_MAX_CONTENT_LENGTH];
281:
282: /* Pass all additional spaces here */
283: while(*chlg && ISSPACE(*chlg))
284: chlg++;
285:
286: /* Extract a value=content pair */
287: if(Curl_auth_digest_get_pair(chlg, value, content, &chlg)) {
288: if(strcasecompare(value, "realm")) {
289:
290: /* Setup identity's domain and length */
291: domain.tchar_ptr = Curl_convert_UTF8_to_tchar((char *) content);
292: if(!domain.tchar_ptr)
293: return CURLE_OUT_OF_MEMORY;
294:
295: dup_domain.tchar_ptr = _tcsdup(domain.tchar_ptr);
296: if(!dup_domain.tchar_ptr) {
297: Curl_unicodefree(domain.tchar_ptr);
298: return CURLE_OUT_OF_MEMORY;
299: }
300:
301: free(identity->Domain);
302: identity->Domain = dup_domain.tbyte_ptr;
303: identity->DomainLength = curlx_uztoul(_tcslen(dup_domain.tchar_ptr));
304: dup_domain.tchar_ptr = NULL;
305:
306: Curl_unicodefree(domain.tchar_ptr);
307: }
308: else {
309: /* Unknown specifier, ignore it! */
310: }
311: }
312: else
313: break; /* We're done here */
314:
315: /* Pass all additional spaces here */
316: while(*chlg && ISSPACE(*chlg))
317: chlg++;
318:
319: /* Allow the list to be comma-separated */
320: if(',' == *chlg)
321: chlg++;
322: }
323: }
324:
325: return CURLE_OK;
326: }
327:
328: /*
329: * Curl_auth_decode_digest_http_message()
330: *
331: * This is used to decode a HTTP DIGEST challenge message into the separate
332: * attributes.
333: *
334: * Parameters:
335: *
336: * chlg [in] - The challenge message.
337: * digest [in/out] - The digest data struct being used and modified.
338: *
339: * Returns CURLE_OK on success.
340: */
341: CURLcode Curl_auth_decode_digest_http_message(const char *chlg,
342: struct digestdata *digest)
343: {
344: size_t chlglen = strlen(chlg);
345:
346: /* We had an input token before so if there's another one now that means we
347: provided bad credentials in the previous request or it's stale. */
348: if(digest->input_token) {
349: bool stale = false;
350: const char *p = chlg;
351:
352: /* Check for the 'stale' directive */
353: for(;;) {
354: char value[DIGEST_MAX_VALUE_LENGTH];
355: char content[DIGEST_MAX_CONTENT_LENGTH];
356:
357: while(*p && ISSPACE(*p))
358: p++;
359:
360: if(!Curl_auth_digest_get_pair(p, value, content, &p))
361: break;
362:
363: if(strcasecompare(value, "stale") &&
364: strcasecompare(content, "true")) {
365: stale = true;
366: break;
367: }
368:
369: while(*p && ISSPACE(*p))
370: p++;
371:
372: if(',' == *p)
373: p++;
374: }
375:
376: if(stale)
377: Curl_auth_digest_cleanup(digest);
378: else
379: return CURLE_LOGIN_DENIED;
380: }
381:
382: /* Store the challenge for use later */
383: digest->input_token = (BYTE *) Curl_memdup(chlg, chlglen + 1);
384: if(!digest->input_token)
385: return CURLE_OUT_OF_MEMORY;
386:
387: digest->input_token_len = chlglen;
388:
389: return CURLE_OK;
390: }
391:
392: /*
393: * Curl_auth_create_digest_http_message()
394: *
395: * This is used to generate a HTTP DIGEST response message ready for sending
396: * to the recipient.
397: *
398: * Parameters:
399: *
400: * data [in] - The session handle.
401: * userp [in] - The user name in the format User or Domain\User.
402: * passwdp [in] - The user's password.
403: * request [in] - The HTTP request.
404: * uripath [in] - The path of the HTTP uri.
405: * digest [in/out] - The digest data struct being used and modified.
406: * outptr [in/out] - The address where a pointer to newly allocated memory
407: * holding the result will be stored upon completion.
408: * outlen [out] - The length of the output message.
409: *
410: * Returns CURLE_OK on success.
411: */
412: CURLcode Curl_auth_create_digest_http_message(struct Curl_easy *data,
413: const char *userp,
414: const char *passwdp,
415: const unsigned char *request,
416: const unsigned char *uripath,
417: struct digestdata *digest,
418: char **outptr, size_t *outlen)
419: {
420: size_t token_max;
421: char *resp;
422: BYTE *output_token;
423: size_t output_token_len = 0;
424: PSecPkgInfo SecurityPackage;
425: SecBuffer chlg_buf[5];
426: SecBufferDesc chlg_desc;
427: SECURITY_STATUS status;
428:
429: (void) data;
430:
431: /* Query the security package for DigestSSP */
432: status = s_pSecFn->QuerySecurityPackageInfo((TCHAR *) TEXT(SP_NAME_DIGEST),
433: &SecurityPackage);
434: if(status != SEC_E_OK)
435: return CURLE_NOT_BUILT_IN;
436:
437: token_max = SecurityPackage->cbMaxToken;
438:
439: /* Release the package buffer as it is not required anymore */
440: s_pSecFn->FreeContextBuffer(SecurityPackage);
441:
442: /* Allocate the output buffer according to the max token size as indicated
443: by the security package */
444: output_token = malloc(token_max);
445: if(!output_token) {
446: return CURLE_OUT_OF_MEMORY;
447: }
448:
449: /* If the user/passwd that was used to make the identity for http_context
450: has changed then delete that context. */
451: if((userp && !digest->user) || (!userp && digest->user) ||
452: (passwdp && !digest->passwd) || (!passwdp && digest->passwd) ||
453: (userp && digest->user && strcmp(userp, digest->user)) ||
454: (passwdp && digest->passwd && strcmp(passwdp, digest->passwd))) {
455: if(digest->http_context) {
456: s_pSecFn->DeleteSecurityContext(digest->http_context);
457: Curl_safefree(digest->http_context);
458: }
459: Curl_safefree(digest->user);
460: Curl_safefree(digest->passwd);
461: }
462:
463: if(digest->http_context) {
464: chlg_desc.ulVersion = SECBUFFER_VERSION;
465: chlg_desc.cBuffers = 5;
466: chlg_desc.pBuffers = chlg_buf;
467: chlg_buf[0].BufferType = SECBUFFER_TOKEN;
468: chlg_buf[0].pvBuffer = NULL;
469: chlg_buf[0].cbBuffer = 0;
470: chlg_buf[1].BufferType = SECBUFFER_PKG_PARAMS;
471: chlg_buf[1].pvBuffer = (void *) request;
472: chlg_buf[1].cbBuffer = curlx_uztoul(strlen((const char *) request));
473: chlg_buf[2].BufferType = SECBUFFER_PKG_PARAMS;
474: chlg_buf[2].pvBuffer = (void *) uripath;
475: chlg_buf[2].cbBuffer = curlx_uztoul(strlen((const char *) uripath));
476: chlg_buf[3].BufferType = SECBUFFER_PKG_PARAMS;
477: chlg_buf[3].pvBuffer = NULL;
478: chlg_buf[3].cbBuffer = 0;
479: chlg_buf[4].BufferType = SECBUFFER_PADDING;
480: chlg_buf[4].pvBuffer = output_token;
481: chlg_buf[4].cbBuffer = curlx_uztoul(token_max);
482:
483: status = s_pSecFn->MakeSignature(digest->http_context, 0, &chlg_desc, 0);
484: if(status == SEC_E_OK)
485: output_token_len = chlg_buf[4].cbBuffer;
486: else { /* delete the context so a new one can be made */
487: infof(data, "digest_sspi: MakeSignature failed, error 0x%08lx\n",
488: (long)status);
489: s_pSecFn->DeleteSecurityContext(digest->http_context);
490: Curl_safefree(digest->http_context);
491: }
492: }
493:
494: if(!digest->http_context) {
495: CredHandle credentials;
496: SEC_WINNT_AUTH_IDENTITY identity;
497: SEC_WINNT_AUTH_IDENTITY *p_identity;
498: SecBuffer resp_buf;
499: SecBufferDesc resp_desc;
500: unsigned long attrs;
501: TimeStamp expiry; /* For Windows 9x compatibility of SSPI calls */
502: TCHAR *spn;
503:
504: /* free the copy of user/passwd used to make the previous identity */
505: Curl_safefree(digest->user);
506: Curl_safefree(digest->passwd);
507:
508: if(userp && *userp) {
509: /* Populate our identity structure */
510: if(Curl_create_sspi_identity(userp, passwdp, &identity)) {
511: free(output_token);
512: return CURLE_OUT_OF_MEMORY;
513: }
514:
515: /* Populate our identity domain */
516: if(Curl_override_sspi_http_realm((const char *) digest->input_token,
517: &identity)) {
518: free(output_token);
519: return CURLE_OUT_OF_MEMORY;
520: }
521:
522: /* Allow proper cleanup of the identity structure */
523: p_identity = &identity;
524: }
525: else
526: /* Use the current Windows user */
527: p_identity = NULL;
528:
529: if(userp) {
530: digest->user = strdup(userp);
531:
532: if(!digest->user) {
533: free(output_token);
534: return CURLE_OUT_OF_MEMORY;
535: }
536: }
537:
538: if(passwdp) {
539: digest->passwd = strdup(passwdp);
540:
541: if(!digest->passwd) {
542: free(output_token);
543: Curl_safefree(digest->user);
544: return CURLE_OUT_OF_MEMORY;
545: }
546: }
547:
548: /* Acquire our credentials handle */
549: status = s_pSecFn->AcquireCredentialsHandle(NULL,
550: (TCHAR *) TEXT(SP_NAME_DIGEST),
551: SECPKG_CRED_OUTBOUND, NULL,
552: p_identity, NULL, NULL,
553: &credentials, &expiry);
554: if(status != SEC_E_OK) {
555: Curl_sspi_free_identity(p_identity);
556: free(output_token);
557:
558: return CURLE_LOGIN_DENIED;
559: }
560:
561: /* Setup the challenge "input" security buffer if present */
562: chlg_desc.ulVersion = SECBUFFER_VERSION;
563: chlg_desc.cBuffers = 3;
564: chlg_desc.pBuffers = chlg_buf;
565: chlg_buf[0].BufferType = SECBUFFER_TOKEN;
566: chlg_buf[0].pvBuffer = digest->input_token;
567: chlg_buf[0].cbBuffer = curlx_uztoul(digest->input_token_len);
568: chlg_buf[1].BufferType = SECBUFFER_PKG_PARAMS;
569: chlg_buf[1].pvBuffer = (void *) request;
570: chlg_buf[1].cbBuffer = curlx_uztoul(strlen((const char *) request));
571: chlg_buf[2].BufferType = SECBUFFER_PKG_PARAMS;
572: chlg_buf[2].pvBuffer = NULL;
573: chlg_buf[2].cbBuffer = 0;
574:
575: /* Setup the response "output" security buffer */
576: resp_desc.ulVersion = SECBUFFER_VERSION;
577: resp_desc.cBuffers = 1;
578: resp_desc.pBuffers = &resp_buf;
579: resp_buf.BufferType = SECBUFFER_TOKEN;
580: resp_buf.pvBuffer = output_token;
581: resp_buf.cbBuffer = curlx_uztoul(token_max);
582:
583: spn = Curl_convert_UTF8_to_tchar((char *) uripath);
584: if(!spn) {
585: s_pSecFn->FreeCredentialsHandle(&credentials);
586:
587: Curl_sspi_free_identity(p_identity);
588: free(output_token);
589:
590: return CURLE_OUT_OF_MEMORY;
591: }
592:
593: /* Allocate our new context handle */
594: digest->http_context = calloc(1, sizeof(CtxtHandle));
595: if(!digest->http_context)
596: return CURLE_OUT_OF_MEMORY;
597:
598: /* Generate our response message */
599: status = s_pSecFn->InitializeSecurityContext(&credentials, NULL,
600: spn,
601: ISC_REQ_USE_HTTP_STYLE, 0, 0,
602: &chlg_desc, 0,
603: digest->http_context,
604: &resp_desc, &attrs, &expiry);
605: Curl_unicodefree(spn);
606:
607: if(status == SEC_I_COMPLETE_NEEDED ||
608: status == SEC_I_COMPLETE_AND_CONTINUE)
609: s_pSecFn->CompleteAuthToken(&credentials, &resp_desc);
610: else if(status != SEC_E_OK && status != SEC_I_CONTINUE_NEEDED) {
611: s_pSecFn->FreeCredentialsHandle(&credentials);
612:
613: Curl_sspi_free_identity(p_identity);
614: free(output_token);
615:
616: Curl_safefree(digest->http_context);
617:
618: if(status == SEC_E_INSUFFICIENT_MEMORY)
619: return CURLE_OUT_OF_MEMORY;
620:
621: return CURLE_AUTH_ERROR;
622: }
623:
624: output_token_len = resp_buf.cbBuffer;
625:
626: s_pSecFn->FreeCredentialsHandle(&credentials);
627: Curl_sspi_free_identity(p_identity);
628: }
629:
630: resp = malloc(output_token_len + 1);
631: if(!resp) {
632: free(output_token);
633:
634: return CURLE_OUT_OF_MEMORY;
635: }
636:
637: /* Copy the generated response */
638: memcpy(resp, output_token, output_token_len);
639: resp[output_token_len] = 0;
640:
641: /* Return the response */
642: *outptr = resp;
643: *outlen = output_token_len;
644:
645: /* Free the response buffer */
646: free(output_token);
647:
648: return CURLE_OK;
649: }
650:
651: /*
652: * Curl_auth_digest_cleanup()
653: *
654: * This is used to clean up the digest specific data.
655: *
656: * Parameters:
657: *
658: * digest [in/out] - The digest data struct being cleaned up.
659: *
660: */
661: void Curl_auth_digest_cleanup(struct digestdata *digest)
662: {
663: /* Free the input token */
664: Curl_safefree(digest->input_token);
665:
666: /* Reset any variables */
667: digest->input_token_len = 0;
668:
669: /* Delete security context */
670: if(digest->http_context) {
671: s_pSecFn->DeleteSecurityContext(digest->http_context);
672: Curl_safefree(digest->http_context);
673: }
674:
675: /* Free the copy of user/passwd used to make the identity for http_context */
676: Curl_safefree(digest->user);
677: Curl_safefree(digest->passwd);
678: }
679:
680: #endif /* USE_WINDOWS_SSPI && !CURL_DISABLE_CRYPTO_AUTH */
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>
![[BACK]](/icons/cvsweb/back.gif){kind=icon}
Return to digest_sspi.c CVS log ![[TXT]](/icons/cvsweb/text.gif){kind=icon}
![[DIR]](/icons/cvsweb/dir.gif){kind=icon}
Up to [ELWIX - Embedded LightWeight unIX -] / embedaddon / curl / lib / vauth