summaryrefslogtreecommitdiff
path: root/lib/vauth/spnego_sspi.c
Commit message (Collapse)AuthorAgeFilesLines
* sspi: fix memory leaksmigueljcrum2019-09-101-0/+6
| | | | Closes #4299
* vauth: return CURLE_AUTH_ERROR on gss_init_sec_context() failureKamil Dudka2019-08-261-1/+1
| | | | | | This is a follow-up to https://github.com/curl/curl/pull/3864 . Closes #4224
* spnego_sspi: add typecast to fix build warningDaniel Stenberg2019-08-201-2/+2
| | | | | | | Reported in build "Win32 target on Debian Stretch (64-bit) - i686-w64-mingw32 - gcc-20170516" Closes #4245
* vauth: Use CURLE_AUTH_ERROR for auth function errorsJay Satiro2019-08-141-2/+13
| | | | | | | | | | | | | | - Add new error code CURLE_AUTH_ERROR. Prior to this change auth function errors were signaled by CURLE_OUT_OF_MEMORY and CURLE_RECV_ERROR, and neither one was technically correct. Ref: https://github.com/curl/curl/pull/3848 Co-authored-by: Dominik Hölzl Closes https://github.com/curl/curl/pull/3864
* http_negotiate: Move the Negotiate state out of the negotiatedata structureSteve Holme2019-05-151-1/+0
| | | | | | | Given that this member variable is not used by the SASL based protocols there is no need to have it here. Closes #3882
* auth: Rename the various authentication clean up functionsSteve Holme2019-05-121-3/+3
| | | | | | For consistency and to a avoid confusion. Closes #3869
* Negotiate: fix for HTTP POST with NegotiateDominik Hölzl2019-03-141-0/+5
| | | | | | | | | | | | | | | | | | | | | | | | * Adjusted unit tests 2056, 2057 * do not generally close connections with CURLAUTH_NEGOTIATE after every request * moved negotiatedata from UrlState to connectdata * Added stream rewind logic for CURLAUTH_NEGOTIATE * introduced negotiatedata::GSS_AUTHDONE and negotiatedata::GSS_AUTHSUCC * Consider authproblem state for CURLAUTH_NEGOTIATE * Consider reuse_forbid for CURLAUTH_NEGOTIATE * moved and adjusted negotiate authentication state handling from output_auth_headers into Curl_output_negotiate * Curl_output_negotiate: ensure auth done is always set * Curl_output_negotiate: Set auth done also if result code is GSS_S_CONTINUE_NEEDED/SEC_I_CONTINUE_NEEDED as this result code may also indicate the last challenge request (only works with disabled Expect: 100-continue and CURLOPT_KEEP_SENDING_ON_ERROR -> 1) * Consider "Persistent-Auth" header, detect if not present; Reset/Cleanup negotiate after authentication if no persistent authentication * apply changes introduced with #2546 for negotiate rewind logic Fixes #1261 Closes #1975
* strerror: make the strerror function use local buffersDaniel Stenberg2019-02-261-1/+2
| | | | | | | | | | | | | | | | Instead of using a fixed 256 byte buffer in the connectdata struct. In my build, this reduces the size of the connectdata struct by 11.8%, from 2160 to 1904 bytes with no functionality or performance loss. This also fixes a bug in schannel's Curl_verify_certificate where it called Curl_sspi_strerror when it should have called Curl_strerror for string from GetLastError. the only effect would have been no text or the wrong text being shown for the error. Co-authored-by: Jay Satiro Closes #3612
* spnego_sspi: add support for channel bindinggeorgeok2019-02-011-7/+34
| | | | | | | | | | Attempt to add support for Secure Channel binding when negotiate authentication is used. The problem to solve is that by default IIS accepts channel binding and curl doesn't utilise them. The result was a 401 response. Scope affects only the Schannel(winssl)-SSPI combination. Fixes https://github.com/curl/curl/issues/3503 Closes https://github.com/curl/curl/pull/3509
* urldata: rename easy_conn to just connDaniel Stenberg2019-01-111-2/+2
| | | | | | | | | | | | | | | We use "conn" everywhere to be a pointer to the connection. Introduces two functions that "attaches" and "detaches" the connection to and from the transfer. Going forward, we should favour using "data->conn" (since a transfer always only has a single connection or none at all) to "conn->data" (since a connection can have none, one or many transfers associated with it and updating conn->data to be correct is error prone and a frequent reason for internal issues). Closes #3442
* comment: Fix multiple typos in function parametersDaniel Gustafsson2018-10-031-2/+2
| | | | | | | | Ensure that the parameters in the comment match the actual names in the prototype. Closes #3079 Reviewed-by: Daniel Stenberg <daniel@haxx.se>
* vauth: Fix typoDaniel Gustafsson2018-04-151-1/+1
| | | | | | Address various spellings of "credentials". Closes https://github.com/curl/curl/pull/2496
* all: Refactor malloc+memset to use callocDaniel Gustafsson2018-04-151-6/+2
| | | | | | | | | | When a zeroed out allocation is required, use calloc() rather than malloc() followed by an explicit memset(). The result will be the same, but using calloc() everywhere increases consistency in the codebase and avoids the risk of subtle bugs when code is injected between malloc and memset by accident. Closes https://github.com/curl/curl/pull/2497
* sspi: print out InitializeSecurityContext() error messageIsaac Boukris2017-04-071-0/+3
| | | | | | | Reported-by: Carsten (talksinmath) Fixes #1384 Closes #1395
* checksrc: white space edits to comply to stricter checksrcDaniel Stenberg2016-11-241-1/+1
|
* vauth: Added check for supported SSPI based authentication mechanismsSteve Holme2016-08-211-3/+9
| | | | Completing commit 00417fd66c and 2708d4259b.
* spnego_sspi: fix memory leak in case *outlen is zero (#970)Miroslav Franc2016-08-191-1/+3
|
* vauth: Introduced Curl_auth_is_<mechansism>_supported() functionsSteve Holme2016-08-181-0/+16
| | | | | | | | | | As Windows SSPI authentication calls fail when a particular mechanism isn't available, introduced these functions for DIGEST, NTLM, Kerberos 5 and Negotiate to allow both HTTP and SASL authentication the opportunity to query support for a supported mechanism before selecting it. For now each function returns TRUE to maintain compatability with the existing code when called.
* spnego: Corrected miss-placed * in Curl_auth_spnego_cleanup() declarationSteve Holme2016-07-231-1/+1
| | | | Typo introduced in commit ad5e9bfd5d.
* internals: rename the SessionHandle struct to Curl_easyDaniel Stenberg2016-06-221-2/+2
|
* URLs: change http to https in many placesViktor Szakats2016-04-061-1/+1
| | | | Closes #754
* vauth: Corrected a number of typos in commentsSteve Holme2016-04-061-1/+1
| | | | Reported-by: Michael Osipov
* vauth: Removed the need for a separate GSS-API based SPN functionSteve Holme2016-04-031-1/+1
|
* spnego: Small code tidy upSteve Holme2016-04-031-7/+6
| | | | | | * Prefer dereference of string pointer rather than strlen() * Free challenge pointer in one place * Additional comments
* spnego: Renamed the context's SPN variableSteve Holme2016-04-021-5/+5
| | | | | To be consistent with the Kerberos 5 context and other authentication code.
* spnego: Corrected some typos in commentsSteve Holme2016-04-011-1/+1
| | | | Corrected typos from commit ad5e9bfd5d and 6d6f9ca1d9.
* vauth: Moved the Negotiate authentication code to the new vauth directorySteve Holme2016-03-261-0/+1
| | | | Part 2 of 2 - Moved the GSS-API based Negotiate authentication code.
* vauth: Moved the Negotiate authentication code to the new vauth directorySteve Holme2016-03-261-0/+297
Part 1 of 2 - Moved the SSPI based Negotiate authentication code.
View Lorry Controller Status