Blob Blame Raw
From 5285b2518773185c049b0c2af980654a0b1c6871 Mon Sep 17 00:00:00 2001
From: Kamil Dudka <kdudka@redhat.com>
Date: Wed, 8 Mar 2017 12:21:09 +0100
Subject: [PATCH 1/4] socks: use proxy_user instead of proxy_name

... to make it obvious what the data is used for

Upstream-commit: 641072b919b1a52c58664cd18619f8dd1c4c0cee
Signed-off-by: Kamil Dudka <kdudka@redhat.com>
---
 lib/socks.c | 30 +++++++++++++++---------------
 1 file changed, 15 insertions(+), 15 deletions(-)

diff --git a/lib/socks.c b/lib/socks.c
index 0cf397c..9aac9ca 100644
--- a/lib/socks.c
+++ b/lib/socks.c
@@ -106,7 +106,7 @@ int Curl_blockread_all(struct connectdata *conn, /* connection data */
 *   Set protocol4a=true for  "SOCKS 4A (Simple Extension to SOCKS 4 Protocol)"
 *   Nonsupport "Identification Protocol (RFC1413)"
 */
-CURLcode Curl_SOCKS4(const char *proxy_name,
+CURLcode Curl_SOCKS4(const char *proxy_user,
                      const char *hostname,
                      int remote_port,
                      int sockindex,
@@ -200,8 +200,8 @@ CURLcode Curl_SOCKS4(const char *proxy_name,
    * This is currently not supporting "Identification Protocol (RFC1413)".
    */
   socksreq[8] = 0; /* ensure empty userid is NUL-terminated */
-  if(proxy_name)
-    strlcat((char*)socksreq + 8, proxy_name, sizeof(socksreq) - 8);
+  if(proxy_user)
+    strlcat((char*)socksreq + 8, proxy_user, sizeof(socksreq) - 8);
 
   /*
    * Make connection
@@ -337,7 +337,7 @@ CURLcode Curl_SOCKS4(const char *proxy_name,
  * This function logs in to a SOCKS5 proxy and sends the specifics to the final
  * destination server.
  */
-CURLcode Curl_SOCKS5(const char *proxy_name,
+CURLcode Curl_SOCKS5(const char *proxy_user,
                      const char *proxy_password,
                      const char *hostname,
                      int remote_port,
@@ -410,12 +410,12 @@ CURLcode Curl_SOCKS5(const char *proxy_name,
 
   socksreq[0] = 5; /* version */
 #if defined(HAVE_GSSAPI) || defined(USE_WINDOWS_SSPI)
-  socksreq[1] = (char)(proxy_name ? 3 : 2); /* number of methods (below) */
+  socksreq[1] = (char)(proxy_user ? 3 : 2); /* number of methods (below) */
   socksreq[2] = 0; /* no authentication */
   socksreq[3] = 1; /* gssapi */
   socksreq[4] = 2; /* username/password */
 #else
-  socksreq[1] = (char)(proxy_name ? 2 : 1); /* number of methods (below) */
+  socksreq[1] = (char)(proxy_user ? 2 : 1); /* number of methods (below) */
   socksreq[2] = 0; /* no authentication */
   socksreq[3] = 2; /* username/password */
 #endif
@@ -474,13 +474,13 @@ CURLcode Curl_SOCKS5(const char *proxy_name,
 #endif
   else if(socksreq[1] == 2) {
     /* Needs user name and password */
-    size_t proxy_name_len, proxy_password_len;
-    if(proxy_name && proxy_password) {
-      proxy_name_len = strlen(proxy_name);
+    size_t proxy_user_len, proxy_password_len;
+    if(proxy_user && proxy_password) {
+      proxy_user_len = strlen(proxy_user);
       proxy_password_len = strlen(proxy_password);
     }
     else {
-      proxy_name_len = 0;
+      proxy_user_len = 0;
       proxy_password_len = 0;
     }
 
@@ -493,10 +493,10 @@ CURLcode Curl_SOCKS5(const char *proxy_name,
      */
     len = 0;
     socksreq[len++] = 1;    /* username/pw subnegotiation version */
-    socksreq[len++] = (unsigned char) proxy_name_len;
-    if(proxy_name && proxy_name_len)
-      memcpy(socksreq + len, proxy_name, proxy_name_len);
-    len += proxy_name_len;
+    socksreq[len++] = (unsigned char) proxy_user_len;
+    if(proxy_user && proxy_user_len)
+      memcpy(socksreq + len, proxy_user, proxy_user_len);
+    len += proxy_user_len;
     socksreq[len++] = (unsigned char) proxy_password_len;
     if(proxy_password && proxy_password_len)
       memcpy(socksreq + len, proxy_password, proxy_password_len);
@@ -535,7 +535,7 @@ CURLcode Curl_SOCKS5(const char *proxy_name,
     }
     else if(socksreq[1] == 255) {
 #endif
-      if(!proxy_name || !*proxy_name) {
+      if(!proxy_user || !*proxy_user) {
         failf(data,
               "No authentication method was acceptable. (It is quite likely"
               " that the SOCKS5 server wanted a username/password, since none"
-- 
2.13.5


From 3676c3fab628e848270e2169398f912a1449c31b Mon Sep 17 00:00:00 2001
From: Kamil Dudka <kdudka@redhat.com>
Date: Wed, 8 Mar 2017 12:16:01 +0100
Subject: [PATCH 2/4] socks: deduplicate the code for auth request

Upstream-commit: cd1c9f08078d4a8566ed10f6df9ae9a729f3290b
Signed-off-by: Kamil Dudka <kdudka@redhat.com>
---
 lib/socks.c | 19 ++++++++++---------
 1 file changed, 10 insertions(+), 9 deletions(-)

diff --git a/lib/socks.c b/lib/socks.c
index 9aac9ca..398e0ac 100644
--- a/lib/socks.c
+++ b/lib/socks.c
@@ -362,6 +362,7 @@ CURLcode Curl_SOCKS5(const char *proxy_user,
   */
 
   unsigned char socksreq[600]; /* room for large user/pw (255 max each) */
+  int idx;
   ssize_t actualread;
   ssize_t written;
   int result;
@@ -408,17 +409,17 @@ CURLcode Curl_SOCKS5(const char *proxy_user,
     return CURLE_COULDNT_CONNECT;
   }
 
-  socksreq[0] = 5; /* version */
+  idx = 0;
+  socksreq[idx++] = 5;   /* version */
+  idx++;                 /* reserve for the number of authentication methods */
+  socksreq[idx++] = 0;   /* no authentication */
 #if defined(HAVE_GSSAPI) || defined(USE_WINDOWS_SSPI)
-  socksreq[1] = (char)(proxy_user ? 3 : 2); /* number of methods (below) */
-  socksreq[2] = 0; /* no authentication */
-  socksreq[3] = 1; /* gssapi */
-  socksreq[4] = 2; /* username/password */
-#else
-  socksreq[1] = (char)(proxy_user ? 2 : 1); /* number of methods (below) */
-  socksreq[2] = 0; /* no authentication */
-  socksreq[3] = 2; /* username/password */
+  socksreq[idx++] = 1;   /* GSS-API */
 #endif
+  if(proxy_user)
+    socksreq[idx++] = 2; /* username/password */
+  /* write the number of authentication methods */
+  socksreq[1] = (unsigned char) (idx - 2);
 
   curlx_nonblock(sock, FALSE);
 
-- 
2.13.5


From a76468431c030fc832aed7a5fa5b4b3f9acfe2ae Mon Sep 17 00:00:00 2001
From: Kamil Dudka <kdudka@redhat.com>
Date: Thu, 27 Apr 2017 15:18:49 +0200
Subject: [PATCH 3/4] CURLOPT_SOCKS5_AUTH: allowed methods for SOCKS5 proxy
 auth

If libcurl was built with GSS-API support, it unconditionally advertised
GSS-API authentication while connecting to a SOCKS5 proxy.  This caused
problems in environments with improperly configured Kerberos: a stock
libcurl failed to connect, despite libcurl built without GSS-API
connected fine using username and password.

This commit introduces the CURLOPT_SOCKS5_AUTH option to control the
allowed methods for SOCKS5 authentication at run time.

Note that a new option was preferred over reusing CURLOPT_PROXYAUTH
for compatibility reasons because the set of authentication methods
allowed by default was different for HTTP and SOCKS5 proxies.

Bug: https://curl.haxx.se/mail/lib-2017-01/0005.html
Closes https://github.com/curl/curl/pull/1454

Upstream-commit: 8924f58c370afa756fc4fd13916dfdea91d21b21
Signed-off-by: Kamil Dudka <kdudka@redhat.com>
---
 docs/libcurl/curl_easy_setopt.3  |  8 ++++++++
 docs/libcurl/symbols-in-versions |  2 ++
 include/curl/curl.h              |  6 ++++++
 lib/socks.c                      | 27 ++++++++++++++++++---------
 lib/url.c                        |  8 ++++++++
 lib/urldata.h                    |  1 +
 6 files changed, 43 insertions(+), 9 deletions(-)

diff --git a/docs/libcurl/curl_easy_setopt.3 b/docs/libcurl/curl_easy_setopt.3
index 0a9375e..4ce8207 100644
--- a/docs/libcurl/curl_easy_setopt.3
+++ b/docs/libcurl/curl_easy_setopt.3
@@ -862,6 +862,14 @@ Set the parameter to 1 to make the library tunnel all operations through a
 given HTTP proxy. There is a big difference between using a proxy and to
 tunnel through it. If you don't know what this means, you probably don't want
 this tunneling option.
+.IP CURLOPT_SOCKS5_AUTH
+Pass a long as parameter, which is set to a bitmask, to tell libcurl which
+authentication method(s) are allowed for SOCKS5 proxy authentication.  The only
+supported flags are \fICURLAUTH_BASIC\fP, which allows username/password
+authentication, \fICURLAUTH_GSSAPI\fP, which allows GSS-API authentication, and
+\fICURLAUTH_NONE\fP, which allows no authentication.  Set the actual user name
+and password with the \fICURLOPT_PROXYUSERPWD(3)\fP option.  Defaults to
+\fICURLAUTH_BASIC|CURLAUTH_GSSAPI\fP.  (Added in 7.55.0)
 .IP CURLOPT_SOCKS5_GSSAPI_SERVICE
 Pass a char * as parameter to a string holding the name of the service. The
 default service name for a SOCKS5 server is rcmd/server-fqdn. This option
diff --git a/docs/libcurl/symbols-in-versions b/docs/libcurl/symbols-in-versions
index 0f7469d..b0b6232 100644
--- a/docs/libcurl/symbols-in-versions
+++ b/docs/libcurl/symbols-in-versions
@@ -17,6 +17,7 @@ CURLAUTH_ANYSAFE                7.10.6
 CURLAUTH_BASIC                  7.10.6
 CURLAUTH_DIGEST                 7.10.6
 CURLAUTH_DIGEST_IE              7.19.3
+CURLAUTH_GSSAPI                 7.55.0
 CURLAUTH_GSSNEGOTIATE           7.10.6
 CURLAUTH_NONE                   7.10.6
 CURLAUTH_NTLM                   7.10.6
@@ -454,6 +455,7 @@ CURLOPT_SERVER_RESPONSE_TIMEOUT 7.20.0
 CURLOPT_SHARE                   7.10
 CURLOPT_SOCKOPTDATA             7.16.0
 CURLOPT_SOCKOPTFUNCTION         7.16.0
+CURLOPT_SOCKS5_AUTH             7.55.0
 CURLOPT_SOCKS5_GSSAPI_NEC       7.19.4
 CURLOPT_SOCKS5_GSSAPI_SERVICE   7.19.4
 CURLOPT_SOURCE_HOST             7.12.1        -           7.15.5
diff --git a/include/curl/curl.h b/include/curl/curl.h
index 14f6fd7..0375a64 100644
--- a/include/curl/curl.h
+++ b/include/curl/curl.h
@@ -626,6 +626,9 @@ typedef enum {
 #define CURLAUTH_ANY          (~CURLAUTH_DIGEST_IE)
 #define CURLAUTH_ANYSAFE      (~(CURLAUTH_BASIC|CURLAUTH_DIGEST_IE))
 
+/* Used for CURLOPT_SOCKS5_AUTH to stay terminologically correct */
+#define CURLAUTH_GSSAPI CURLAUTH_GSSNEGOTIATE
+
 #define CURLSSH_AUTH_ANY       ~0     /* all types supported by the server */
 #define CURLSSH_AUTH_NONE      0      /* none allowed, silly but complete */
 #define CURLSSH_AUTH_PUBLICKEY (1<<0) /* public/private key files */
@@ -1539,6 +1542,9 @@ typedef enum {
   /* Path to UNIX domain socket */
   CINIT(UNIX_SOCKET_PATH, OBJECTPOINT, 231),
 
+  /* bitmask of allowed auth methods for connections to SOCKS5 proxies */
+  CINIT(SOCKS5_AUTH, LONG, 267),
+
   CURLOPT_LASTENTRY /* the last unused */
 } CURLoption;
 
diff --git a/lib/socks.c b/lib/socks.c
index 398e0ac..5900063 100644
--- a/lib/socks.c
+++ b/lib/socks.c
@@ -373,6 +373,8 @@ CURLcode Curl_SOCKS5(const char *proxy_user,
   bool socks5_resolve_local = (conn->proxytype == CURLPROXY_SOCKS5)?TRUE:FALSE;
   const size_t hostname_len = strlen(hostname);
   ssize_t len = 0;
+  const unsigned long auth = data->set.socks5auth;
+  bool allow_gssapi = FALSE;
 
   /* RFC1928 chapter 5 specifies max 255 chars for domain name in packet */
   if(!socks5_resolve_local && hostname_len > 255) {
@@ -409,13 +411,24 @@ CURLcode Curl_SOCKS5(const char *proxy_user,
     return CURLE_COULDNT_CONNECT;
   }
 
+  if(auth & ~(CURLAUTH_BASIC | CURLAUTH_GSSAPI))
+    infof(conn->data,
+        "warning: unsupported value passed to CURLOPT_SOCKS5_AUTH: %lu\n",
+        auth);
+  if(!(auth & CURLAUTH_BASIC))
+    /* disable username/password auth */
+    proxy_user = NULL;
+#if defined(HAVE_GSSAPI) || defined(USE_WINDOWS_SSPI)
+  if(auth & CURLAUTH_GSSAPI)
+    allow_gssapi = TRUE;
+#endif
+
   idx = 0;
   socksreq[idx++] = 5;   /* version */
   idx++;                 /* reserve for the number of authentication methods */
   socksreq[idx++] = 0;   /* no authentication */
-#if defined(HAVE_GSSAPI) || defined(USE_WINDOWS_SSPI)
-  socksreq[idx++] = 1;   /* GSS-API */
-#endif
+  if(allow_gssapi)
+    socksreq[idx++] = 1; /* GSS-API */
   if(proxy_user)
     socksreq[idx++] = 2; /* username/password */
   /* write the number of authentication methods */
@@ -465,7 +478,7 @@ CURLcode Curl_SOCKS5(const char *proxy_user,
     ;
   }
 #if defined(HAVE_GSSAPI) || defined(USE_WINDOWS_SSPI)
-  else if(socksreq[1] == 1) {
+  else if(allow_gssapi && (socksreq[1] == 1)) {
     code = Curl_SOCKS5_gssapi_negotiate(sockindex, conn);
     if(code != CURLE_OK) {
       failf(data, "Unable to negotiate SOCKS5 gssapi context.");
@@ -526,16 +539,12 @@ CURLcode Curl_SOCKS5(const char *proxy_user,
   }
   else {
     /* error */
-#if defined(HAVE_GSSAPI) || defined(USE_WINDOWS_SSPI)
-    if(socksreq[1] == 255) {
-#else
-    if(socksreq[1] == 1) {
+    if(!allow_gssapi && (socksreq[1] == 1)) {
       failf(data,
             "SOCKS5 GSSAPI per-message authentication is not supported.");
       return CURLE_COULDNT_CONNECT;
     }
     else if(socksreq[1] == 255) {
-#endif
       if(!proxy_user || !*proxy_user) {
         failf(data,
               "No authentication method was acceptable. (It is quite likely"
diff --git a/lib/url.c b/lib/url.c
index 19a40c7..d632813 100644
--- a/lib/url.c
+++ b/lib/url.c
@@ -516,6 +516,9 @@ CURLcode Curl_init_userdefined(struct UserDefined *set)
   set->httpauth = CURLAUTH_BASIC;  /* defaults to basic */
   set->proxyauth = CURLAUTH_BASIC; /* defaults to basic */
 
+  /* SOCKS5 proxy auth defaults to username/password + GSS-API */
+  set->socks5auth = CURLAUTH_BASIC | CURLAUTH_GSSAPI;
+
   /* make libcurl quiet by default: */
   set->hide_progress = TRUE;  /* CURLOPT_NOPROGRESS changes these */
 
@@ -1380,6 +1383,11 @@ CURLcode Curl_setopt(struct SessionHandle *data, CURLoption option,
     break;
 #endif   /* CURL_DISABLE_PROXY */
 
+  case CURLOPT_SOCKS5_AUTH:
+    data->set.socks5auth = va_arg(param, unsigned long);
+    if(data->set.socks5auth & ~(CURLAUTH_BASIC | CURLAUTH_GSSAPI))
+      result = CURLE_NOT_BUILT_IN;
+    break;
 #if defined(HAVE_GSSAPI) || defined(USE_WINDOWS_SSPI)
   case CURLOPT_SOCKS5_GSSAPI_SERVICE:
     /*
diff --git a/lib/urldata.h b/lib/urldata.h
index f4c6222..3e6ace5 100644
--- a/lib/urldata.h
+++ b/lib/urldata.h
@@ -1406,6 +1406,7 @@ struct UserDefined {
   long use_port;     /* which port to use (when not using default) */
   unsigned long httpauth;  /* kind of HTTP authentication to use (bitmask) */
   unsigned long proxyauth; /* kind of proxy authentication to use (bitmask) */
+  unsigned long socks5auth;/* kind of SOCKS5 authentication to use (bitmask) */
   long followlocation; /* as in HTTP Location: */
   long maxredirs;    /* maximum no. of http(s) redirects to follow, set to -1
                         for infinity */
-- 
2.13.5


From 08f6dc218afe2d7e74f87996965f0770a566f185 Mon Sep 17 00:00:00 2001
From: Kamil Dudka <kdudka@redhat.com>
Date: Fri, 19 May 2017 18:11:47 +0200
Subject: [PATCH 4/4] curl --socks5-{basic,gssapi}: control socks5 auth

Closes https://github.com/curl/curl/pull/1454

Upstream-commit: ce2c3ebda20919fe636e675f219ae387e386f508
Signed-off-by: Kamil Dudka <kdudka@redhat.com>
---
 docs/curl.1         | 10 ++++++++++
 src/tool_cfgable.h  |  1 +
 src/tool_getparam.c | 16 ++++++++++++++++
 src/tool_help.c     |  2 ++
 src/tool_operate.c  |  5 +++++
 src/tool_setopt.c   |  1 +
 src/tool_setopt.h   |  1 +
 7 files changed, 36 insertions(+)

diff --git a/docs/curl.1 b/docs/curl.1
index c9bb336..7906f1f 100644
--- a/docs/curl.1
+++ b/docs/curl.1
@@ -1343,6 +1343,16 @@ Since 7.21.7, this option is superfluous since you can specify a socks4a proxy
 with \fI-x, --proxy\fP using a socks4a:// protocol prefix.
 
 If this option is used several times, the last one will be used.
+.IP "--socks5-basic"
+Tells curl to use username/password authentication when connecting to a SOCKS5
+proxy.  The username/password authentication is enabled by default.  Use
+\fI--socks5-gssapi\fP to force GSS-API authentication to SOCKS5 proxies.
+(Added in 7.55.0)
+.IP "--socks5-gssapi"
+Tells curl to use GSS-API authentication when connecting to a SOCKS5 proxy.
+The GSS-API authentication is enabled by default (if curl is compiled with
+GSS-API support).  Use \fI--socks5-basic\fP to force username/password
+authentication to SOCKS5 proxies.  (Added in 7.55.0)
 .IP "--socks5-hostname <host[:port]>"
 Use the specified SOCKS5 proxy (and let the proxy resolve the host name). If
 the port number is not specified, it is assumed at port 1080. (Added in
diff --git a/src/tool_cfgable.h b/src/tool_cfgable.h
index a9b033b..68d0297 100644
--- a/src/tool_cfgable.h
+++ b/src/tool_cfgable.h
@@ -172,6 +172,7 @@ struct Configurable {
                                  * default rcmd */
   int socks5_gssapi_nec ;   /* The NEC reference server does not protect
                              * the encryption type exchange */
+  unsigned long socks5_auth;/* auth bitmask for socks5 proxies */
 
   bool tcp_nodelay;
   long req_retry;           /* number of retries */
diff --git a/src/tool_getparam.c b/src/tool_getparam.c
index 33db742..32fc68b 100644
--- a/src/tool_getparam.c
+++ b/src/tool_getparam.c
@@ -210,6 +210,8 @@ static const struct LongShort aliases[]= {
   {"El", "tlspassword",              TRUE},
   {"Em", "tlsauthtype",              TRUE},
   {"En", "ssl-allow-beast",          FALSE},
+  {"EA", "socks5-basic",             FALSE},
+  {"EB", "socks5-gssapi",            FALSE},
   {"f",  "fail",                     FALSE},
   {"F",  "form",                     TRUE},
   {"Fs", "form-string",              TRUE},
@@ -1324,6 +1326,20 @@ ParameterError getparameter(char *flag,    /* f or -long-flag */
         if(curlinfo->features & CURL_VERSION_SSL)
           config->ssl_allow_beast = toggle;
         break;
+      case 'A':
+        /* --socks5-basic */
+        if(toggle)
+          config->socks5_auth |= CURLAUTH_BASIC;
+        else
+          config->socks5_auth &= ~CURLAUTH_BASIC;
+        break;
+      case 'B':
+        /* --socks5-gssapi */
+        if(toggle)
+          config->socks5_auth |= CURLAUTH_GSSAPI;
+        else
+          config->socks5_auth &= ~CURLAUTH_GSSAPI;
+        break;
       default: /* certificate file */
       {
         char *certname, *passphrase;
diff --git a/src/tool_help.c b/src/tool_help.c
index 3a64e35..c2883eb 100644
--- a/src/tool_help.c
+++ b/src/tool_help.c
@@ -179,6 +179,8 @@ static const char *const helptext[] = {
   "     --socks4 HOST[:PORT]  SOCKS4 proxy on given host + port",
   "     --socks4a HOST[:PORT]  SOCKS4a proxy on given host + port",
   "     --socks5 HOST[:PORT]  SOCKS5 proxy on given host + port",
+  "     --socks5-basic  Enable username/password auth for SOCKS5 proxies",
+  "     --socks5-gssapi Enable GSS-API auth for SOCKS5 proxies",
   "     --socks5-hostname HOST[:PORT] "
   "SOCKS5 proxy, pass host name to proxy",
 #if defined(HAVE_GSSAPI) || defined(USE_WINDOWS_SSPI)
diff --git a/src/tool_operate.c b/src/tool_operate.c
index 41b0e6b..185f9c6 100644
--- a/src/tool_operate.c
+++ b/src/tool_operate.c
@@ -1208,6 +1208,11 @@ int operate(struct Configurable *config, int argc, argv_item_t argv[])
           if(config->socks5_gssapi_nec)
             my_setopt_str(curl, CURLOPT_SOCKS5_GSSAPI_NEC,
                           config->socks5_gssapi_nec);
+
+          /* new in curl 7.55.0 */
+          if(config->socks5_auth)
+            my_setopt_bitmask(curl, CURLOPT_SOCKS5_AUTH,
+                              (long)config->socks5_auth);
         }
 #endif
         /* curl 7.13.0 */
diff --git a/src/tool_setopt.c b/src/tool_setopt.c
index 9860117..5ae32cd 100644
--- a/src/tool_setopt.c
+++ b/src/tool_setopt.c
@@ -130,6 +130,7 @@ const NameValue setopt_nv_CURLPROTO[] = {
 static const NameValue setopt_nv_CURLNONZERODEFAULTS[] = {
   NV1(CURLOPT_SSL_VERIFYPEER, 1),
   NV1(CURLOPT_SSL_VERIFYHOST, 1),
+  NV1(CURLOPT_SOCKS5_AUTH, 1),
   NVEND
 };
 
diff --git a/src/tool_setopt.h b/src/tool_setopt.h
index d107756..60e614c 100644
--- a/src/tool_setopt.h
+++ b/src/tool_setopt.h
@@ -64,6 +64,7 @@ extern const NameValueUnsigned setopt_nv_CURLAUTH[];
 #define setopt_nv_CURLOPT_REDIR_PROTOCOLS setopt_nv_CURLPROTO
 #define setopt_nv_CURLOPT_PROXYTYPE setopt_nv_CURLPROXY
 #define setopt_nv_CURLOPT_PROXYAUTH setopt_nv_CURLAUTH
+#define setopt_nv_CURLOPT_SOCKS5_AUTH setopt_nv_CURLAUTH
 
 /* Intercept setopt calls for --libcurl */
 
-- 
2.13.5