aboutsummaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2014-12-05sasl_sspi: Don't use hard coded sizes in Kerberos V5 security dataSteve Holme
Don't use a hard coded size of 4 for the security layer and buffer size in Curl_sasl_create_gssapi_security_message(), instead, use sizeof() as we have done in the sasl_gssapi module.
2014-12-05sasl_sspi: Free the Kerberos V5 challenge as soon as we're done with itSteve Holme
Reduced the amount of free's required for the decoded challenge message in Curl_sasl_create_gssapi_security_message() as a result of coding it differently in the sasl_gssapi module.
2014-12-05gssapi: Corrected typo in commentsSteve Holme
2014-12-05sasl_gssapi: Added body to Curl_sasl_create_gssapi_security_message()Steve Holme
2014-12-04http_perhapsrewind: don't abort CONNECT requestsStefan Bühler
...they never have a body
2014-12-04HTTP: Free (proxy)userpwd for NTLM/Negotiate after sending a requestStefan Bühler
Sending NTLM/Negotiate header again after successful authentication breaks the connection with certain Proxies and request types (POST to MS Forefront).
2014-12-04HTTP: don't abort connections with pending Negotiate authenticationStefan Bühler
... similarly to how NTLM works as Negotiate is in fact often NTLM with another name.
2014-12-04fix gdb libtool invocation pathStefan Bühler
2014-12-04sasl_gssapi: Fixed missing include from commit d3cca934eeSteve Holme
2014-12-04examples: remove sony.com from 10-at-a-timeJay Satiro
Prior to this change the 10-at-a-time example showed CURLE_RECV_ERROR for the sony website because it ends the connection when the request is missing a user agent.
2014-12-04sasl_gssapi: Fixed missing decoding debug failure messageSteve Holme
2014-12-04sasl_gssapi: Fixed honouring of no mutual authenticationSteve Holme
2014-12-04sasl_sspi: Added more Kerberos V5 decoding debug failure messagesSteve Holme
2014-12-04docs: Fix FAILONERROR typosAnthon Pang
It returns error for >= 400 HTTP responses. Bug: https://github.com/bagder/curl/pull/129
2014-12-04tool: fix CURLOPT_UNIX_SOCKET_PATH in --libcurl outputPeter Wu
Mark CURLOPT_UNIX_SOCKET_PATH as string to ensure that it ends up as option in the file generated by --libcurl. Signed-off-by: Peter Wu <peter@lekensteyn.nl>
2014-12-04opts: fix CURLOPT_UNIX_SOCKET_PATH formattingPeter Wu
Add .nf and .fi such that the code gets wrapped in a pre on the web. Fixed grammar, fixed formatting of the "See also" items. Signed-off-by: Peter Wu <peter@lekensteyn.nl>
2014-12-04OS400: enable Unix sockets.Patrick Monnerat
2014-12-03RELEASE-NOTES: synced with b216427e73b5e9Daniel Stenberg
2014-12-03opts: added CURLOPT_UNIX_SOCKET_PATH to Makefile.amDaniel Stenberg
2014-12-04updateconninfo: clear destination struct before getsockname()Daniel Stenberg
Otherwise we may read uninitialized bytes later in the unix-domain sockets case.
2014-12-04curl.1: added --unix-socketDaniel Stenberg
2014-12-04tool: add --unix-socket optionPeter Wu
Signed-off-by: Peter Wu <peter@lekensteyn.nl>
2014-12-04libcurl: add UNIX domain sockets supportPeter Wu
The ability to do HTTP requests over a UNIX domain socket has been requested before, in Apr 2008 [0][1] and Sep 2010 [2]. While a discussion happened, no patch seems to get through. I decided to give it a go since I need to test a nginx HTTP server which listens on a UNIX domain socket. One patch [3] seems to make it possible to use the CURLOPT_OPENSOCKETFUNCTION function to gain a UNIX domain socket. Another person wrote a Go program which can do HTTP over a UNIX socket for Docker[4] which uses a special URL scheme (though the name contains cURL, it has no relation to the cURL library). This patch considers support for UNIX domain sockets at the same level as HTTP proxies / IPv6, it acts as an intermediate socket provider and not as a separate protocol. Since this feature affects network operations, a new feature flag was added ("unix-sockets") with a corresponding CURL_VERSION_UNIX_SOCKETS macro. A new CURLOPT_UNIX_SOCKET_PATH option is added and documented. This option enables UNIX domain sockets support for all requests on the handle (replacing IP sockets and skipping proxies). A new configure option (--enable-unix-sockets) and CMake option (ENABLE_UNIX_SOCKETS) can disable this optional feature. Note that I deliberately did not mark this feature as advanced, this is a feature/component that should easily be available. [0]: http://curl.haxx.se/mail/lib-2008-04/0279.html [1]: http://daniel.haxx.se/blog/2008/04/14/http-over-unix-domain-sockets/ [2]: http://sourceforge.net/p/curl/feature-requests/53/ [3]: http://curl.haxx.se/mail/lib-2008-04/0361.html [4]: https://github.com/Soulou/curl-unix-socket Signed-off-by: Peter Wu <peter@lekensteyn.nl>
2014-12-04tests: add two HTTP over UNIX socket testsPeter Wu
test1435: a simple test that checks whether a HTTP request can be performed over the UNIX socket. The hostname/port are interpreted by sws and should be ignored by cURL. test1436: test for the ability to do two requests to the same host, interleaved with one to a different hostname. Signed-off-by: Peter Wu <peter@lekensteyn.nl>
2014-12-04tests: add HTTP UNIX socket server testing supportPeter Wu
The variable `$ipvnum` can now contain "unix" besides the integers 4 and 6 since the variable. Functions which receive this parameter have their `$port` parameter renamed to `$port_or_path` to support a path to the UNIX domain socket (as a "port" is only meaningful for TCP). Signed-off-by: Peter Wu <peter@lekensteyn.nl>
2014-12-04sws: try to remove socket and retry bindPeter Wu
If sws is killed it might leave a stale socket file on the filesystem which would cause an EADDRINUSE error. After this patch, it is checked whether the socket is really stale and if so, the socket file gets removed and another bind is executed. Signed-off-by: Peter Wu <peter@lekensteyn.nl>
2014-12-04sws: add UNIX domain socket supportPeter Wu
This extends sws with a --unix-socket option which causes the port to be ignored (as the server now listens on the path specified by --unix-socket). This feature will be available in the following patch that enables checking for UNIX domain socket support. Proxy support (CONNECT) is not considered nor tested. It does not make sense anyway, first connecting through a TCP proxy, then let that TCP proxy connect to a UNIX socket. Signed-off-by: Peter Wu <peter@lekensteyn.nl>
2014-12-04sws: restrict TCP_NODELAY to IP socketsPeter Wu
TCP_NODELAY does not make sense for Unix sockets, so enable it only if the socket is using IP. Signed-off-by: Peter Wu <peter@lekensteyn.nl>
2014-12-03curl.1: fix trivial typoDave Reisner
2014-12-03sasl_gssapi: Added body to Curl_sasl_create_gssapi_user_message()Steve Holme
2014-12-03sasl_gssapi: Added body to Curl_sasl_gssapi_cleanup()Steve Holme
2014-12-03sasl_gssapi: Added Curl_sasl_build_gssapi_spn() functionSteve Holme
Added helper function for returning a GSS-API compatible SPN.
2014-12-03NSS: enable the CAPATH optionDaniel Stenberg
Bug: http://curl.haxx.se/bug/view.cgi?id=1457 Patch-by: Tomasz Kojm
2014-12-03sasl_gssapi: Enable USE_KERBEROS5 for GSS-API based buildsSteve Holme
2014-12-03sasl_gssapi: Added GSS-API based Kerberos V5 variablesSteve Holme
2014-12-03sws.c: Fixed compilation warning when IPv6 is disabledSteve Holme
sws.c:69: warning: comma at end of enumerator list
2014-12-02sasl_gssapi: Made log_gss_error() a common GSS-API functionSteve Holme
Made log_gss_error() a common function so that it can be used in both the http_negotiate code as well as the curl_sasl_gssapi code.
2014-12-02sasl_gssapi: Introduced GSS-API based SASL moduleSteve Holme
Added the initial version of curl_sasl_gssapi.c and updated the project files in preparation for adding GSS-API based Kerberos V5 support.
2014-12-02smb: Don't try to connect with empty credentialsSteve Holme
On some platforms curl would crash if no credentials were used. As such added detection of such a use case to prevent this from happening. Reported-by: Gisle Vanem
2014-12-02smb.c: Coding policing of pointer usageSteve Holme
2014-12-02configure: Fixed inclusion of SMB when no crypto engines availableSteve Holme
2014-12-01build: in Makefile.m32 simplified autodetection.Guenter Knauf
2014-11-30sws: move away from IPv4/IPv4-only assumptionPeter Wu
Instead of depending the socket domain type on use_ipv6, specify the domain type (AF_INET / AF_INET6) as variable. An enum is used here with switch to avoid compiler warnings in connect_to, complaining that rc is possibly undefined (which is not possible as socket_domain is always set). Besides abstracting the socket type, make the debugging messages be independent on IP (introduce location_str which points to "port XXXXX"). Rename "ipv_inuse" to "socket_type" and tighten the scope (main). Signed-off-by: Peter Wu <peter@lekensteyn.nl>
2014-11-30lib/connect: restrict IP/TCP options to said socketsPeter Wu
This patch prepares for adding UNIX domain sockets support. TCP_NODELAY and TCP_KEEPALIVE are specific to TCP/IP sockets, so do not apply these to other socket types. bindlocal only works for IP sockets (independent of TCP/UDP), so filter that out too for other types. Signed-off-by: Peter Wu <peter@lekensteyn.nl>
2014-11-30smb.c: use size_t as input argument types for msg sizesDaniel Stenberg
This fixes warnings about conversions to int
2014-11-30version: The next release will become 7.40.0Steve Holme
2014-11-30docs: Updated for the SMB protocolBill Nagel
This patch updates the documentation for the SMB/CIFS protocol.
2014-11-30curl tool: Exclude SMB from the protocol redirectSteve Holme
As local files could be accessed through \\localhost\c$.
2014-11-30curl tool: Enable support for the SMB protocolBill Nagel
This patch enables SMB/CIFS support in the curl command-line tool.
2014-11-30smb.c: Fixed compilation warningsSteve Holme
smb.c:398: warning: comparison of integers of different signs: 'ssize_t' (aka 'long') and 'unsigned long' smb.c:443: warning: comparison of integers of different signs: 'ssize_t' (aka 'long') and 'unsigned long'