Curl options equivalent to "useDefaultCredentials" by Net.Webclient

Question

I try to access to the web with curl in a php script :

$ch = curl_init();

curl_setopt($ch, CURLOPT_URL, "https://www.google.fr");
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);

$result = curl_exec($ch);
if (curl_errno($ch)) {
    echo 'Error:' . curl_error($ch);
}

curl_close ($ch);

It returns :

Failed to connect to www.google.fr port 443: Connection refused

That's normal, I'm behind a proxy, which require my Windows credentials (NTLM) to allow internet trafic.

In MS Powershell, this works :

$request = New-Object System.Net.WebCLient
$request.UseDefaultCredentials = $true
$request.Proxy.Credentials = $request.Credentials
$request.DownloadFile($url, $path)

Using the "DefaultCredentials" (= Windows Credentials) and send them to the proxy allows me to access to the web. But I don't now how it works.

If I navigate using Firefox, Firefox always add a Proxy-Authorization header, with value : Negociate blablablablababalazdlad...

I want to transpose the .NET useDefaultCredentials solution to cURL, I tried :

$ch = curl_init();

curl_setopt($ch, CURLOPT_URL, "https://www.google.fr");
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);

curl_setopt($ch, CURLOPT_HTTPAUTH, CURLAUTH_NTLM );
curl_setopt($ch, CURLOPT_PROXYAUTH, CURLAUTH_NTLM );

$result = curl_exec($ch);
if (curl_errno($ch)) {
    echo 'Error:' . curl_error($ch);
}

curl_close ($ch);

Without success

Answer 1

curl can do this if it was built with "SSPI" support enabled. You can normally run curl -V on a prompt to check that. or php -i or invoke phpinfo(); from within PHP itself.

With SSPI

You set the CURLOPT_PROXYUSERPWD option to a blank user/passwd (in addition to the other options) just to trigger authentication, but it will then get the default credentials for you:

curl_setopt($ch, CURLOPT_PROXYUSERPWD, ":" );

The full code would then look something like this below. Note also that CURLOPT_HTTPAUTH is for authentication to the remote server, not the proxy. And I figure it unlikely you actually want HTTP auth with google...

$ch = curl_init();

curl_setopt($ch, CURLOPT_URL, "https://www.google.fr");
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_PROXY, "http://proxyhost.example.com:8080/");
curl_setopt($ch, CURLOPT_PROXYAUTH, CURLAUTH_NTLM );
curl_setopt($ch, CURLOPT_PROXYUSERPWD, ":" );

$result = curl_exec($ch);
if (curl_errno($ch)) {
    echo 'Error:' . curl_error($ch);
}

curl_close ($ch);

Without SSPI

Then curl can't figure out the default credentials but instead you must set the user name and password with the CURLOPT_PROXYUSERPWD option, like this:

curl_setopt($ch, CURLOPT_PROXYUSERPWD, "clark%20kent:superman");

Answer 2

I try to access to the web with curl in a php script : https://www.google.fr

The problem is that google content is served over ssl i.e https: I've modified your code to allow https connection:

$ch = curl_init();

curl_setopt($ch, CURLOPT_URL, "https://www.google.fr");
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);

curl_setopt( $ch, CURLOPT_SSL_VERIFYHOST, FALSE );
curl_setopt( $ch, CURLOPT_SSL_VERIFYPEER, FALSE );
curl_setopt( $ch, CURLOPT_USERAGENT,"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)");

$result = curl_exec($ch);
if (curl_errno($ch)) {
    echo 'Error:' . curl_error($ch);
}

curl_close ($ch);

print_r( $result );

Using HTTP NTLM Authentication | CURLAUTH_NTLM

HTTP NTLM authentication. A proprietary protocol invented and used by Microsoft. It uses a challenge-response and hash concept similar to Digest, to prevent the password from being eavesdropped.

You need to build libcurl with either OpenSSL, GnuTLS or NSS support for this option to work, or build libcurl on Windows with SSPI support.

Let's put this into a simple function.

function Auth($username, $password, $endpoint)
{
    $username = ( isset( $username ) && !empty($username) ) ? trim( $username ) : '';
    $password = ( isset( $password ) && !empty($password) ) ? trim( $password ) : '';
    $proxy_address = "local.domain.com:1024";


    $ch = curl_init();

    if($ch)
        {
            curl_setopt($ch, CURLOPT_URL, $endpoint );  
            /* make use of proxy */
            curl_setopt(curl, CURLOPT_PROXY, $proxy_address );
            curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);

            /* Allow ANY Auth */
            curl_setopt(curl,CURLOPT_PROXYAUTH, CURLAUTH_ANY );

            /* Set credentials or leave empty to prompt */
            curl_setopt(curl,CURLOPT_PROXYUSERPWD, "$username:$password" );

            $result = curl_exec($ch);

            if (curl_errno($ch)) {
                echo 'Error:' . curl_error($ch);
            }   

            curl_close($ch);
        }
}

Usage: Auth("username", "yourPassWord", "http://local.domain.com:1080/");

Let others know if this helps you