Unable to get negotiate authentication to work in a libcurl program

Question

I am currently using libcurl(version 7.19.6 built with SPNEGO and GSS-Negotiate support) to write a client(C++/C) which connects to a protected webpage(Kerberos protected) behind a Tomcat Server. Using the command line:-

curl --negotiate -u: http://prtotectedpage.jsp --verbose

this works(the server returns an an HTTP 401 unauthorized and then it allows for the SPNEGO tokens to be passed and processed and I get access to the protected page).

However when I write the following code and try:-

using namespace std;
#include <stdio.h>
#include <curl.h>
#define YOUR_URL "http://protectedpage.jsp"
#define ANYUSER ""

int main(int argc, char* argv[])
{
    __asm int 3;               //a debugging thing

//initialize a curl object
CURLcode result;
int x;
CURL* curl = curl_easy_init();                   
if(curl){
    curl_easy_setopt(curl,CURLOPT_HTTPAUTH, CURLAUTH_GSSNEGOTIATE);         
    curl_easy_setopt(curl,CURLOPT_USERNAME, ANYUSER);                       
    curl_easy_setopt(curl,CURLOPT_VERBOSE, 1);
    curl_easy_setopt(curl, CURLOPT_URL,YOUR_URL);
    curl_easy_perform(curl);
    curl_easy_cleanup(curl);                            
}
return 0;
}

I get response from server after initial connection(error 302) which corresponds to the page is temporarily moved.

Does anyone know how this might happen.

Some other configurations for information (KDC = Windows Active Directory in Windows server 2008),

curl version(7.19.6) and

IDE = (Microsoft visual studio)

Ok I have done a little more investigating with wireshark and I found the following differences between their initial requests:-

For the command line one(i.e the successful one):-

GET /protected.jsp HTTP 1.1 \r\n
Host : somecomputername
User Agent: curl(7.19.6) (ipc-386-win32) libcurl/7.19.16 OPENSSL/0.9.8K \r\n
Accept */*\r\n
Full request: [http://somecomputername/protected.jsp]

Whereas for the client code(the one I wrote and failed):-

GET /protected.jsp HTTP 1.1 \r\n
Host : somecomputername   
Accept */*\r\n
Full request: [http://somecomputername/protected.jsp]

This would mean that the user agent is not passed in the program. I am still looking into it and some inputs would be much appreciated

Second edit:- I made an observation on the verbose output of both:-

For the command line version(working one) -

> GET /examples/ HTTP/1.1
> User-Agent: curl/7.19.6 (i386-pc-win32) libcurl/7.19.6 OpenSSL/0.9.8k
> Host: somecomputer
> Accept: */*

And for the non working one(the client code I wrote):-

> GET /examples HTTP/1.1
Authorization: Basic RGt1bUByMTIzOg==
User-Agent: curl/7.19.6 (i386-pc-win32) libcurl/7.19.6 OpenSSL/0.9.8k
Host: somecomputer
Accept: */*

Both of these are the first few lines of the output of the respective .exe files. Now I noticed two things. One the failed one goes to Basic by default. Two (this one is more disturbing), no arrows(>) in the Useragent and host lines in the failed one. Does this mean useragent is never sent?

Answer 1

Ok I finally got it to work, after some pointers by n.m and some struggling here and there I finally got a working code:-

using namespace std;

#include "stdafx.h"
#include <stdio.h>
#include <curl.h>

#define YOUR_URL "http://invr28ppqa24:8080/examples"
#define ANYUSER ""
#define ANYPWD ""

int main(int argc, char* argv[])
{
//__asm int 3;

//initialize a curl object
CURLcode result;
int x;
CURL* curl = curl_easy_init();                  //initialize a easy curl handle
if(curl){
    curl_easy_setopt(curl,CURLOPT_USERNAME, ANYUSER);                       //set second option to enable anyuser, a trick necessary for program to work
    curl_easy_setopt(curl,CURLOPT_USERNAME, ANYPWD);
    curl_easy_setopt(curl,CURLOPT_VERBOSE, 1);
    curl_easy_setopt(curl, CURLOPT_URL,YOUR_URL);
    curl_easy_setopt(curl, CURLOPT_FOLLOWLOCATION, "false");
    curl_easy_setopt(curl, CURLOPT_USERAGENT, "curl/7.19.6 (i386-pc-win32) libcurl/7.19.6 OpenSSL/0.9.8k");     
    curl_easy_setopt(curl,CURLOPT_HTTPAUTH, CURLAUTH_GSSNEGOTIATE);         //set first option to enable gssnegotiate authentication
    curl_easy_perform(curl);
    //curl_easy_cleanup(curl);
    scanf("%d", &x);                            //last statement used to get delay in demo situations
}
return 0;

}

The 302 still comes and I have to manually set the useragent (not so elegant). Because of follow location, the problem was primarily solved. Thanks.

The initial 302 error is still there and left unanswered.