Age | Commit message (Collapse) | Author |
|
This was done to make sure NTLM state that is bound to a connection
doesn't survive and gets used for the subsequent request - but
disconnects can also be done to for example make room in the connection
cache and thus that connection is not strictly related to the easy
handle's current operation.
The http authentication state is still kept in the easy handle since all
http auth _except_ NTLM is connection independent and thus survive over
multiple connections.
Bug: http://curl.haxx.se/mail/lib-2014-08/0148.html
Reported-by: Paras S
|
|
Bug: http://curl.haxx.se/bug/view.cgi?id=1414
Reported-by: teo8976
|
|
|
|
|
|
Problem: if CURLOPT_FORBID_REUSE is set, requests using NTLM failed
since NTLM requires multiple requests that re-use the same connection
for the authentication to work
Solution: Ignore the forbid reuse flag in case the NTLM authentication
handshake is in progress, according to the NTLM state flag.
Fixed known bug #77.
|
|
|
|
warning: declaration of 'minor' shadows a global declaration
|
|
A conditionally compiled block in connect.c references WinSock 2
symbols, but used `#ifdef HAVE_WINSOCK_H` instead of `#ifdef
HAVE_WINSOCK2_H`.
Bug: http://curl.haxx.se/mail/lib-2014-08/0155.html
|
|
The URL is not a property of the connection so it should not be freed in
the connection disconnect but in the Curl_close() that frees the easy
handle.
Bug: http://curl.haxx.se/mail/lib-2014-08/0148.html
Reported-by: Paras S
|
|
Should've been amended in the previous commit but wasn't due to a
mistake.
|
|
... and some other cleanups
|
|
|
|
|
|
...From "mutual" to "mutual_auth" which better describes what it is.
|
|
Corrected a number of the error codes that can be returned from the
Curl_sasl_create_gssapi_security_message() function when things go
wrong.
It makes more sense to return CURLE_BAD_CONTENT_ENCODING when the
inbound security challenge can't be decoded correctly or doesn't
contain the KERB_WRAP_NO_ENCRYPT flag and CURLE_OUT_OF_MEMORY when
EncryptMessage() fails. Unfortunately the previous error code of
CURLE_RECV_ERROR was a copy and paste mistakes on my part and should
have been correct in commit 4b491c675f :(
|
|
|
|
Updated "FTP 4.6 GSSAPI via Windows SSPI" and "SASL 14.1 Other
authentication mechanisms" following recent additions.
Added SASL 14.2 GSSAPI via GSS-API libraries.
|
|
This repeats what has already been documented in both the curl manpage
and CURLOPT_USERPWD documentation but is provided here for completeness
as someone may not especially read the latter when using libcurl.
|
|
Added information about Kerberos V5 requiring the domain part in the
user name.
Mentioned that the user name can be specified in UPN format, and not
just in Down-Level Logon Name format, following the information
added in commit 7679cb3fa8 reworking the exisitng information in the
process.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
... to handle "*/[total]". Also, removed the strange hack that made
CURLOPT_FAILONERROR on a 416 response after a *RESUME_FROM return
CURLE_OK.
Reported-by: Dimitrios Siganos
Bug: http://curl.haxx.se/mail/lib-2014-06/0221.html
|
|
|
|
warning: unused variable 'resp'
warning: no previous prototype for 'Curl_sasl_gssapi_cleanup'
|
|
* curl_sasl_sspi.c: Fixed compilation warning from commit 4b491c675f
warning: declaration of 'result' shadows a previous local
|
|
warning: 'struct kerberos5data' declared inside parameter list
Due to missing forward declaration.
|
|
warning: extra tokens at end of #endif directive
|
|
|
|
Added a kerberos5data structure which is similar in nature to the
ntlmdata and negotiatedata structures.
|
|
In preparation for the upcoming SSPI implementation of GSSAPI
authentication, moved the definition of KERB_WRAP_NO_ENCRYPT from
socks_sspi.c to curl_sspi.h allowing it to be shared amongst other
SSPI based code.
|
|
|
|
... as mxr.mozilla.org is due to be retired.
The new host doesn't support If-Modified-Since nor ETags, meaning that
the script will now defer to download and do a post-transfer checksum
check to see if a new output is to be generated. The new output format
will hold the SHA1 checksum of the source file for that purpose.
We call this version 1.22
Reported-by: Ed Morley
Bug: http://curl.haxx.se/bug/view.cgi?id=1409
|
|
Fixed libcurl to correctly output the newer versions of OpenSSL 0.9.8,
starting from openssl-0.9.8za.
|
|
Bringing back the old functionality that was mistakenly removed when the
connection cache was remade. When creating a new connection, all the
existing ones are checked and those that are known to be dead get
disconnected for real and removed from the connection cache. It helps
the cache from holding on to very many stale connections and aids in
keeping down the number of system sockets in wait states.
Help-by: Jonatan Vela <jonatan.vela@ergon.ch>
Bug: http://curl.haxx.se/mail/lib-2014-06/0189.html
|
|
Bug: http://curl.haxx.se/mail/lib-2014-07/0335.html
Reported-by: David Shaw
|
|
Curl_poll and Curl_wait_ms require the fix applied to Curl_socket_check
in commits b61e8b8 and c771968:
When poll or select are interrupted and coincides with the timeout
elapsing, the functions return -1 indicating an error instead of 0 for
the timeout.
|
|
|
|
|
|
Added copyright due to warning from checksrc.pl.
|
|
|
|
Given the SSPI package info query indicates a token size of 4096 bytes,
updated to use a dynamic buffer for the response message generation
rather than a fixed buffer of 1024 bytes.
|
|
|
|
Due to the reduction of code in commit 3b924b29 of get_gss_name() the
function isn't necessary anymore.
|
|
Updated to use a dynamic buffer for the SPN generation via the recently
introduced Curl_sasl_build_spn() function rather than a fixed buffer of
1024 characters, which should have been more than enough, but by using
the new function removes the need for another variable sname to do the
wide character conversion in Unicode builds.
|