Added CURLOPT_FTPSSLAUTH

CHANGES

@@ -7,6 +7,15 @@
                                   Changelog
 
 Daniel (16 September 2004)
+- Daniel at touchtunes uses the FTP+SSL server "BSDFTPD-SSL from
+  http://bsdftpd-ssl.sc.ru/" which accordingly doesn't properly work with curl
+  when "AUTH SSL" is issued (although the server responds fine and everything)
+  but requires that curl issues "AUTH TLS" instead. See
+  http://curl.haxx.se/feedback/display.cgi?id=10951944937603&support=yes
+
+  Introducing CURLOPT_FTPSSLAUTH that allows the application to select which
+  of the AUTH strings to attempt first.
+
 - Anonymous filed bug report #1029478 which identified a bug when you 1) used
   a URL without properly seperating the host name and the parameters with a
   slash. 2) the URL had parameters to the right of a ? that contains a slash
@@ -17,7 +26,7 @@ Daniel (16 September 2004)
   Test case 187 was added to verify that this was fixed properly.
 
 Daniel (11 September 2004)
-- Added parsedate.[ch] that contains a rewrite of the date parser currently
+- Added parsedate.c that contains a rewrite of the date parser currently
   provided by getdate.y. The new one is MUCH smaller and will allow us to run
   away from the yacc/bison jungle. It is also slightly lacking in features
   compared to the old one, but it supports parsing of all date formats HTTP

RELEASE-NOTES

@@ -10,6 +10,7 @@ Curl and libcurl 7.12.2
 
 This release includes the following changes:
 
+ o added CURLOPT_FTPSSLAUTH
  o curl_getdate() completely rewritten, which may affect curl -z use cases.
 
 This release includes the following bugfixes:
@@ -37,6 +38,6 @@ advice from friends like these:
 
  Casey O'Donnell, Roland Krikava, Alex, Alexander Krasnostavsky, Kjetil
  Jacobsen, Ling Thio, Roman Koifman, Harshal Pradhan, Jonas Forsman, David
- Tarendash
+ Tarendash, Daniel at touchtunes
 
         Thanks! (and sorry if I forgot to mention someone)

docs/libcurl/curl_easy_setopt.3

@@ -720,6 +720,18 @@ Require SSL for the control connection or fail with \fICURLE_FTP_SSL_FAILED\fP.
 .IP CURLFTPSSL_ALL
 Require SSL for all communication or fail with \fICURLE_FTP_SSL_FAILED\fP.
 .RE
+.IP CURLOPT_FTPSSLAUTH
+Pass a long using one of the values from below, to alter how libcurl issues
+\&"AUTH TLS" or "AUTH SSL" when FTP over SSL is activated (see
+\fICURLOPT_FTP_SSL\fP).
+.RS
+.IP CURLFTPAUTH_DEFAULT
+Allow libcurl to decide
+.IP CURLFTPAUTH_SSL
+Try "AUTH SSL" first, and only if that fails try "AUTH TLS"
+.IP CURLFTPAUTH_TLS
+Try "AUTH TLS" first, and only if that fails try "AUTH SSL"
+.RE
 .SH PROTOCOL OPTIONS
 .IP CURLOPT_TRANSFERTEXT
 A non-zero parameter tells the library to use ASCII mode for ftp transfers,

include/curl/curl.h

@@ -303,6 +303,7 @@ typedef enum {
 
 #define CURL_ERROR_SIZE 256
 
+/* parameter for the CURLOPT_FTP_SSL option */
 typedef enum {
   CURLFTPSSL_NONE,    /* do not attempt to use SSL */
   CURLFTPSSL_TRY,     /* try using SSL, proceed anyway otherwise */
@@ -311,6 +312,14 @@ typedef enum {
   CURLFTPSSL_LAST     /* not an option, never use */
 } curl_ftpssl;
 
+/* parameter for the CURLOPT_FTPSSLAUTH option */
+typedef enum {
+  CURLFTPAUTH_DEFAULT, /* let libcurl decide */
+  CURLFTPAUTH_SSL,     /* use "AUTH SSL" */
+  CURLFTPAUTH_TLS,     /* use "AUTH TLS" */
+  CURLFTPAUTH_LAST /* not an option, never use */
+} curl_ftpauth;
+
 /* long may be 32 or 64 bits, but we should never depend on anything else
    but 32 */
 #define CURLOPTTYPE_LONG          0
@@ -813,6 +822,18 @@ typedef enum {
      of commands with this */
   CINIT(SOURCE_POSTQUOTE, OBJECTPOINT, 128),
 
+  /* When FTP over SSL/TLS is selected (with CURLOPT_FTP_SSL), this option
+     can be used to change libcurl's default action which is to first try
+     "AUTH SSL" and then "AUTH TLS" in this order, and proceed when a OK
+     response has been received.
+
+     Available parameters are:
+     CURLFTPAUTH_DEFAULT - let libcurl decide
+     CURLFTPAUTH_SSL     - try "AUTH SSL" first, then TLS
+     CURLFTPAUTH_TLS     - try "AUTH TLS" first, then SSL
+  */
+  CINIT(FTPSSLAUTH, LONG, 129),
+
   CURLOPT_LASTENTRY /* the last unused */
 } CURLoption;
 

lib/ftp.c

@@ -540,8 +540,27 @@ CURLcode Curl_ftp_connect(struct connectdata *conn)
 
   if(data->set.ftp_ssl && !conn->ssl[FIRSTSOCKET].use) {
     /* we don't have a SSL/TLS connection, try a FTPS connection now */
+    int start;
+    int trynext;
+    int count=0;
 
-    for (try = 0; ftpauth[try]; try++) {
+    switch(data->set.ftpsslauth) {
+    case CURLFTPAUTH_DEFAULT:
+    case CURLFTPAUTH_SSL:
+      start = 0;
+      trynext = 1;
+      break;
+    case CURLFTPAUTH_TLS:
+      start = 1;
+      trynext = 0;
+      break;
+    default:
+      failf(data, "unsupported parameter to CURLOPT_FTPSSLAUTH: %d\n",
+            data->set.ftpsslauth);
+      return CURLE_FAILED_INIT; /* we don't know what to do */
+    }
+
+    for (try = start; ftpauth[count]; try=trynext, count++) {
 
       FTPSENDF(conn, "AUTH %s", ftpauth[try]);
 

lib/url.c

@@ -1338,6 +1338,13 @@ CURLcode Curl_setopt(struct SessionHandle *data, CURLoption option, ...)
     data->set.ftp_ssl = (curl_ftpssl)va_arg(param, long);
     break;
 
+  case CURLOPT_FTPSSLAUTH:
+    /*
+     * Set a specific auth for FTP-SSL transfers.
+     */
+    data->set.ftpsslauth = (curl_ftpauth)va_arg(param, long);
+    break;
+
   case CURLOPT_IPRESOLVE:
     data->set.ip_version = va_arg(param, long);
     break;

lib/urldata.h

@@ -920,6 +920,7 @@ struct UserDefined {
   bool ftp_use_epsv;     /* if EPSV is to be attempted or not */
   bool ftp_use_eprt;     /* if EPRT is to be attempted or not */
   curl_ftpssl ftp_ssl;   /* if AUTH TLS is to be attempted etc */
+  curl_ftpauth ftpsslauth; /* what AUTH XXX to be attempted */
   bool no_signal;        /* do not use any signal/alarm handler */
   bool global_dns_cache; /* subject for future removal */
   bool tcp_nodelay;      /* whether to enable TCP_NODELAY or not */