summaryrefslogtreecommitdiff
path: root/lib/vauth/krb5_gssapi.c
Commit message (Collapse)AuthorAgeFilesLines
* auth: do not append zero-terminator to authorisation id in kerberosPatrick Monnerat2021-08-161-7/+4
| | | | | | | | | RFC4752 Section 3.1 states "The authorization identity is not terminated with a zero-valued (%x00) octet". Although a comment in code said it may be needed anyway, nothing confirms it. In addition, servers may consider it as part of the identity, causing a failure. Closes #7008
* auth: use sasl authzid option in kerberosPatrick Monnerat2021-08-161-37/+15
| | | | | ... instead of deriving it from active ticket. Closes #7008
* auth: we do not support a security layer after kerberos authenticationPatrick Monnerat2021-08-161-0/+1
| | | | Closes #7008
* auth: properly handle byte order in kerberos security messagePatrick Monnerat2021-08-161-13/+15
| | | | Closes #7008
* infof: remove newline from format strings, always append itDaniel Stenberg2021-07-071-4/+4
| | | | | | | | | | | | | | | | - the data needs to be "line-based" anyway since it's also passed to the debug callback/application - it makes infof() work like failf() and consistency is good - there's an assert that triggers on newlines in the format string - Also removes a few instances of "..." - Removes the code that would append "..." to the end of the data *iff* it was truncated in infof() Closes #7357
* vauth: factor base64 conversions out of authentication proceduresPatrick Monnerat2021-04-221-79/+21
| | | | | | | | Input challenges and returned messages are now in binary. Conversions from/to base64 are performed by callers (currently curl_sasl.c and http_ntlm.c). Closes #6654
* copyright: fix year rangesDaniel Stenberg2020-11-051-1/+1
| | | | Follow-up from 4d2f8006777
* curl.se: new homeDaniel Stenberg2020-11-041-1/+1
| | | | Closes #6172
* vauth: Use CURLE_AUTH_ERROR for auth function errorsJay Satiro2019-08-141-5/+5
| | | | | | | | | | | | | | - Add new error code CURLE_AUTH_ERROR. Prior to this change auth function errors were signaled by CURLE_OUT_OF_MEMORY and CURLE_RECV_ERROR, and neither one was technically correct. Ref: https://github.com/curl/curl/pull/3848 Co-authored-by: Dominik Hölzl Closes https://github.com/curl/curl/pull/3864
* auth: Rename the various authentication clean up functionsSteve Holme2019-05-121-3/+3
| | | | | | For consistency and to a avoid confusion. Closes #3869
* comment: Fix multiple typos in function parametersDaniel Gustafsson2018-10-031-1/+1
| | | | | | | | Ensure that the parameters in the comment match the actual names in the prototype. Closes #3079 Reviewed-by: Daniel Stenberg <daniel@haxx.se>
* spelling fixesklemens2017-03-261-2/+2
| | | | Closes #1356
* vauth: Introduced Curl_auth_is_<mechansism>_supported() functionsSteve Holme2016-08-181-0/+14
| | | | | | | | | | As Windows SSPI authentication calls fail when a particular mechanism isn't available, introduced these functions for DIGEST, NTLM, Kerberos 5 and Negotiate to allow both HTTP and SASL authentication the opportunity to query support for a supported mechanism before selecting it. For now each function returns TRUE to maintain compatability with the existing code when called.
* internals: rename the SessionHandle struct to Curl_easyDaniel Stenberg2016-06-221-2/+2
|
* vauth: Corrected a number of typos in commentsSteve Holme2016-04-061-2/+2
| | | | Reported-by: Michael Osipov
* vauth: Removed the need for a separate GSS-API based SPN functionSteve Holme2016-04-031-1/+1
|
* krb5: Small code tidy upSteve Holme2016-04-031-1/+2
| | | | | | * Prefer dereference of string pointer rather than strlen() * Free challenge pointer in one place * Additional comments
* krb5_gssapi: Only process challenge when presentSteve Holme2016-04-031-2/+2
| | | | | | | | | | This wouldn't cause a problem because of the way the function is called, but prior to this change, we were processing the challenge message when the credentials were NULL rather than when the challenge message was populated. This also brings this part of the Kerberos 5 code in line with the Negotiate code.
* krb5: Fixed missing client response when mutual authentication enabledSteve Holme2016-04-031-0/+5
| | | | | | Although mutual authentication is currently turned off and can only be enabled by changing libcurl source code, authentication using Kerberos 5 has been broken since commit 79543caf90 in this use case.
* krb5: Only generate a SPN when its not knownSteve Holme2016-04-031-2/+3
| | | | | | | | | | Prior to this change, we were generating the SPN in the SSPI code when the credentials were NULL and in the GSS-API code when the context was empty. It is better to decouple the SPN generation from these checks and only generate it when the SPN itself is NULL. This also brings this part of the Kerberos 5 code in line with the Negotiate code.
* krb5_gssapi: Renamed the status variablesSteve Holme2016-04-021-49/+49
| | | | For consistency with the spnego code.
* krb5: Moved host from Curl_auth_create_gssapi_user_message() to be argumentSteve Holme2016-04-021-2/+3
| | | | | | | | For consistency with the spnego and oauth2 code moved the setting of the host name outside of the Curl_auth_create_gssapi_user_messag() function. This will allow us to more easily override it in the future.
* GSS: make Curl_gss_log_error more verboseIsaac Boukris2016-03-291-8/+12
| | | | | | | | | | | | | | Also display the GSS_C_GSS_CODE (major code) when specified instead of only GSS_C_MECH_CODE (minor code). In addition, the old code was printing a colon twice after the prefix and also miscalculated the length of the buffer in between calls to gss_display_status (the length of ": " was missing). Also, gss_buffer is not guaranteed to be NULL terminated and thus need to restrict reading by its length. Closes #738
* vauth: Refactored function names after move to new vauth directorySteve Holme2016-03-251-7/+7
| | | | | Renamed all the SASL functions that moved to the new vauth directory to include the correct module name.
* vauth: Moved the Kerberos V5 authentication code to the new vauth directorySteve Holme2016-03-251-0/+375
View Lorry Controller Status