summaryrefslogtreecommitdiff
path: root/lib/http_ntlm.c
Commit message (Collapse)AuthorAgeFilesLines
* use *.sourceforge.io and misc URL updatesViktor Szakats2017-02-061-1/+1
| | | | | Ref: https://sourceforge.net/blog/introducing-https-for-project-websites/ Closes: https://github.com/curl/curl/pull/1247
* proxy: Support HTTPS proxy and SOCKS+HTTP(s)Alex Rousskov2016-11-241-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * HTTPS proxies: An HTTPS proxy receives all transactions over an SSL/TLS connection. Once a secure connection with the proxy is established, the user agent uses the proxy as usual, including sending CONNECT requests to instruct the proxy to establish a [usually secure] TCP tunnel with an origin server. HTTPS proxies protect nearly all aspects of user-proxy communications as opposed to HTTP proxies that receive all requests (including CONNECT requests) in vulnerable clear text. With HTTPS proxies, it is possible to have two concurrent _nested_ SSL/TLS sessions: the "outer" one between the user agent and the proxy and the "inner" one between the user agent and the origin server (through the proxy). This change adds supports for such nested sessions as well. A secure connection with a proxy requires its own set of the usual SSL options (their actual descriptions differ and need polishing, see TODO): --proxy-cacert FILE CA certificate to verify peer against --proxy-capath DIR CA directory to verify peer against --proxy-cert CERT[:PASSWD] Client certificate file and password --proxy-cert-type TYPE Certificate file type (DER/PEM/ENG) --proxy-ciphers LIST SSL ciphers to use --proxy-crlfile FILE Get a CRL list in PEM format from the file --proxy-insecure Allow connections to proxies with bad certs --proxy-key KEY Private key file name --proxy-key-type TYPE Private key file type (DER/PEM/ENG) --proxy-pass PASS Pass phrase for the private key --proxy-ssl-allow-beast Allow security flaw to improve interop --proxy-sslv2 Use SSLv2 --proxy-sslv3 Use SSLv3 --proxy-tlsv1 Use TLSv1 --proxy-tlsuser USER TLS username --proxy-tlspassword STRING TLS password --proxy-tlsauthtype STRING TLS authentication type (default SRP) All --proxy-foo options are independent from their --foo counterparts, except --proxy-crlfile which defaults to --crlfile and --proxy-capath which defaults to --capath. Curl now also supports %{proxy_ssl_verify_result} --write-out variable, similar to the existing %{ssl_verify_result} variable. Supported backends: OpenSSL, GnuTLS, and NSS. * A SOCKS proxy + HTTP/HTTPS proxy combination: If both --socks* and --proxy options are given, Curl first connects to the SOCKS proxy and then connects (through SOCKS) to the HTTP or HTTPS proxy. TODO: Update documentation for the new APIs and --proxy-* options. Look for "Added in 7.XXX" marks.
* strcasecompare: all case insensitive string compares ignore locale nowDaniel Stenberg2016-10-311-1/+1
| | | | | We had some confusions on when each function was used. We should not act differently on different locales anyway.
* lib: include curl_printf.h as one of the last headersDaniel Stenberg2016-04-291-2/+2
| | | | | | | | | | | | | | | | | | | | curl_printf.h defines printf to curl_mprintf, etc. This can cause problems with external headers which may use __attribute__((format(printf, ...))) markers etc. To avoid that they cause problems with system includes, we include curl_printf.h after any system headers. That makes the three last headers to always be, and we keep them in this order: curl_printf.h curl_memory.h memdebug.h None of them include system headers, they all do funny #defines. Reported-by: David Benjamin Fixes #743
* URLs: change http to https in many placesViktor Szakats2016-04-061-1/+1
| | | | Closes #754
* http_ntlm: Renamed from curl_ntlm.[c|h]Steve Holme2016-03-271-0/+238
| | | | | | | | | | | Renamed the header and source files for this module as they are HTTP specific and as such, they should use the naming convention as other HTTP authentication source files do - this revert commit 260ee6b7bf. Note: We could also rename curl_ntlm_wb.[c|h], however, the Winbind code needs separating from the HTTP protocol and migrating into the vauth directory, thus adding support for Winbind to the SASL based protocols such as IMAP, POP3 and SMTP.
* NTLM: END of refactoring/splitting/movingYang Tse2011-08-281-253/+0
| | | | | | | | | | | | First: File curl_ntlm.h renamed curl_ntlm_msgs.h File curl_ntlm.c renamed curl_ntlm_msgs.c Afterwards: File http_ntlm.c renamed curl_ntlm.c File http_ntlm.h renamed curl_ntlm.h
* NTLM_WB: move NTLM_WB specifics into curl_ntlm_wb.[ch]Yang Tse2011-08-271-323/+3
|
* NTLM_WB: final congruency naming adjustmentsYang Tse2011-08-271-22/+21
| | | | | | | | | | | | | | Configure script option --enable-wb-ntlm-auth renamed to --enable-ntlm-wb Configure script option --disable-wb-ntlm-auth renamed to --disable-ntlm-wb Preprocessor symbol WINBIND_NTLM_AUTH_ENABLED renamed to NTLM_WB_ENABLED Preprocessor symbol WINBIND_NTLM_AUTH_FILE renamed to NTLM_WB_FILE Test harness env var CURL_NTLM_AUTH renamed to CURL_NTLM_WB_FILE Static function wb_ntlm_close renamed to ntlm_wb_cleanup Static function wb_ntlm_initiate renamed to ntlm_wb_init Static function wb_ntlm_response renamed to ntlm_wb_response
* NTLM single-sign on adjustments (X)Yang Tse2011-08-261-14/+12
| | | | | | | | | | | | | | Functions renamed: Curl_output_ntlm_sso -> Curl_output_ntlm_wb sso_ntlm_close -> wb_ntlm_close sso_ntlm_response -> wb_ntlm_response sso_ntlm_initiate -> wb_ntlm_initiate Preprocessor symbols renamed: CURLAUTH_NTLM_SSO -> CURLAUTH_NTLM_WB CURL_VERSION_NTLM_SSO -> CURL_VERSION_NTLM_WB
* http NTLM: refactoring followupSteve Holme2011-08-251-45/+20
| | | | | Output of Curl_ntlm_create_type1_message() and Curl_ntlm_create_type3_message() functions is now already base64 encoded.
* base64: fix Curl_base64_encode and Curl_base64_decode interfacesYang Tse2011-08-241-19/+26
| | | | | | | | | | | Previous interfaces for these libcurl internal functions did not allow to tell apart a legitimate zero size result from an error condition. These functions now return a CURLcode indicating function success or otherwise specific error. Output size is returned using a pointer argument. All usage of these two functions, and others closely related, has been adapted to the new interfaces. Relative error and OOM handling adapted or added where missing. Unit test 1302 also adapted.
* http NTLM: remaining bits from 0001-Moved-ntlm-[...]-curl_ntlm-mod_3.patchSteve Holme2011-08-221-3/+3
| | | | | | | | | | * Added function comments: - Curl_ntlm_decode_type2_message - Curl_ntlm_create_type1_message - Curl_ntlm_create_type3_message * Modification of ntlm processing state to NTLMSTATE_TYPE2 is now done only when Curl_ntlm_decode_type2_message() has fully succeeded.
* http NTLM: reinstate "nssg.h" "curl_sspi.h" header inclusionsYang Tse2011-08-151-0/+6
|
* http NTLM: reinstate "memdebug.h" header inclusionYang Tse2011-08-141-0/+3
| | | | Inclusion of header "memdebug.h" in http_ntlm.c got lost in commit 98fb0ef7.
* Curl_output_ntlm: remove unused variableDaniel Stenberg2011-08-141-4/+0
|
* http NTLM: fix 8 compiler warningsYang Tse2011-08-141-1/+1
| | | | | | | | | Strict splitting of http_ntlm.[ch] may trigger 8 compiler warnings when building with some compilers and strict compiler warnings enabled, depending on other specific configuration options some could get triggered or not. Seven are related with 'unused function parameters' and another one with 'var may be used before its value is set'.
* http NTLM: split http_ntlm.[ch] between http_ntlm.[ch] and curl_ntlm.[ch]Yang Tse2011-08-141-1141/+33
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | For modularity purposes, huge chunks of NTLM existing code is transformed into functions to allow future internal code reuse. Resulting three new libcurl private functions: - Curl_ntlm_create_type1_message() - Curl_ntlm_create_type3_message() - Curl_ntlm_decode_type2_message() Changing static ntlm_sspi_cleanup() into non-static Curl_ntlm_sspi_cleanup() This 'refactoring' has been prepared by previous commits to allow that this specific one does not introduce any change to existing code. All existing goodness and badness previous to this commit should remain the same once it is applied, the only difference should be that existing code is moved into functions. Given the quite big portions of code being moved around, and the importance of change traceability, this commit has been done in such a way that it is possible to perform a three-way diff from initial http_ntlm.[ch] to resulting http_ntlm.[ch] and curl_ntlm.[ch] to actually verify that no functional change is introduced here. Notice that Steve Holme has provided several patches, but these included this refactoring along with 'extra' fixes. I really wanted this 'clean' refactoring done first, in order to allow discussion or committing of 'extra' fixes on a case by case basis, so, I had to bite the bullet ;-) Comments, line adjustments, compiler warning fixes, whatever, may follow afterwards.
* http NTLM: change return type of Curl_input_ntlm() to CURLcodeYang Tse2011-08-131-8/+13
| | | | Remove CURLntlm enum, no longer required.
* http NTLM: update NTLM type-* message structure descriptions - followupYang Tse2011-08-131-3/+3
|
* http NTLM: update NTLM message structure notesYang Tse2011-08-121-6/+12
|
* http NTLM: more adjustments in preparation of code refactoringYang Tse2011-08-121-75/+91
| | | | | | | | | | Use preprocessor symbol NTLM_BUFSIZE to define private NTLM buffer fixed size. Use a SessionHandle 'data' pointer variable to ease refactoring. Update NTLM type-* message structure descriptions. Fix some more spacing and typos (Steve Holme).
* http NTLM: fix compiler warningYang Tse2011-08-111-1/+1
|
* http NTLM: Tidied up more inconsistent spacing.Steve Holme2011-08-111-92/+99
| | | | | | | | | | Moved NTLMSSP_SIGNATURE, HOSTNAME_MAX, SHORTPAIR and LONGQUARTET definitions in ready for move to curl_ntlm.c. Used separate variables for Windows SSPI and native code to ease moving of code to curl_ntlm.c. Fixed typographical erros where SPPI should be SSPI. Fixed compilation warnings on 64-bit builds when calling Windows SSPI functions.
* http NTLM: Further tiding up to libcurl standardsYang Tse2011-08-091-58/+53
|
* http NTLM: Tidied up http_ntlm prior to splitting the ntlm specific codeSteve Holme2011-08-091-136/+146
|
* NTLM single-sign on adjustments (IX)Yang Tse2011-08-071-2/+2
| | | | Use swrite/sread instead of write/read to avoid SIGPIPE
* NTLM single-sign on adjustments (VIII)Yang Tse2011-07-311-16/+18
| | | | | | | | | | | | Use preprocessor symbols WINBIND_NTLM_AUTH_ENABLED and WINBIND_NTLM_AUTH_FILE for Samba's winbind daemon ntlm_auth helper code implementation and filename. Retain preprocessor symbol USE_NTLM_SSO for NTLM single-sign-on feature availability implementation independent. For test harness, prefix NTLM_AUTH environment vars with CURL_ Refactor and rename configure option --with-ntlm-auth to --enable-wb-ntlm-auth[=FILE]
* NTLM single-sign on adjustments (VII)Yang Tse2011-07-291-5/+0
| | | | Initialize variables when connectdata object is created.
* socketpair() usage tracking to allow fd leak detectionYang Tse2011-07-291-27/+28
|
* Give the NTLM SSO helper a moment to cleanly shut down if neededDan Fandrich2011-07-281-1/+6
|
* Removed an extraneous \n that violated the SSO daemon protocolDan Fandrich2011-07-281-1/+1
| | | | | This caused fake_ntlm to abort due to an invalid command causing sporadic test 2005 failures.
* Fixed a couple of memory leaks in NTLM SSO supportDan Fandrich2011-07-271-1/+5
|
* NTLM single-sign on adjustments (IV)Yang Tse2011-07-271-1/+1
| | | | Fix compiler warning
* NTLM single-sign on adjustments (III)Yang Tse2011-07-271-15/+62
| | | | Provide some error tracing and fix execl() calling.
* stdio.h, stdlib.h, string.h, stdarg.h and ctype.h inclusion done in setup_once.hYang Tse2011-07-261-8/+1
|
* errno.h inclusion conditionally done in setup_once.hYang Tse2011-07-241-1/+0
|
* sso_ntlm_initiate: unassigned variableMichael Mueller2011-07-191-1/+1
| | | | Bug: http://curl.haxx.se/mail/lib-2011-07/0109.html
* NTLM single-sign on supportedMandy Wu2011-07-181-0/+283
| | | | With the use of the 'ntlm_auth' tool from the Samba project
* OpenSSL enabled: require OPENSSL_VERSION_NUMBER definition before usage.Yang Tse2011-06-021-0/+4
|
* compiler warning: fixYang Tse2011-05-231-1/+1
| | | | Fix variable declaration placement
* compiler warning: fixYang Tse2011-05-231-1/+1
| | | | Fix missing semicolon
* compiler warning: fixYang Tse2011-05-231-3/+7
| | | | Fix compiler warning: expression has no effect
* compiler warning: fixYang Tse2011-05-211-1/+1
| | | | Fix compiler warning: enumerated type mixed with another type
* source cleanup: unify look, style and indent levelsDaniel Stenberg2011-04-271-38/+38
| | | | | By the use of a the new lib/checksrc.pl script that checks that our basic source style rules are followed.
* Fixed compiler warning in Windows SSPI caseDan Fandrich2011-04-251-0/+2
|
* NTLM: work with unicodeDaniel Stenberg2011-04-221-10/+34
| | | | Rewritten code from a patch brought by Matteo Rocco.
* CURL_DOES_CONVERSIONS: cleanupDaniel Stenberg2011-04-201-22/+12
| | | | | Massively reduce #ifdefs all over (23 #ifdef lines less so far) Moved conversion-specific code to non-ascii.c
* NTLM tests: boost coverage by forcing the hostnameKamil Dudka2010-07-301-1/+2
| | | | | | | | | | | | | A shared library tests/libtest/.libs/lihostname.so is preloaded in NTLM test-cases to override the system implementation of gethostname(). It makes it possible to test the NTLM authentication for exact match, and this way test the implementation of MD4 and DES. If LD_PRELOAD doesn't work, a debug build willl also workk as debug builds are now made to prefer a specific environment variable and will then return that content as host name instead of the actual one. Kamil wrote the bulk of this, Daniel Stenberg polished it.
* http_ntlm: add support for NSSKamil Dudka2010-06-301-8/+118
| | | | | | | | | | | | | | | | | | | When configured with '--without-ssl --with-nss', NTLM authentication now uses NSS crypto library for MD5 and DES. For MD4 we have a local implementation in that case. More details are available at https://bugzilla.redhat.com/603783 In order to get it working, curl_global_init() must be called with CURL_GLOBAL_SSL or CURL_GLOBAL_ALL. That's necessary because NSS needs to be initialized globally and we do so only when the NSS library is actually required by protocol. The mentioned call of curl_global_init() is responsible for creating of the initialization mutex. There was also slightly changed the NSS initialization scenario, in particular, loading of the NSS PEM module. It used to be loaded always right after the NSS library was initialized. Now the library is initialized as soon as any SSL or NTLM is required, while the PEM module is prevented from being loaded until the SSL is actually required.