aboutsummaryrefslogtreecommitdiff
path: root/lib/curl_sasl.c
AgeCommit message (Collapse)Author
2019-08-06sasl: Implement SASL authorisation identity via CURLOPT_SASL_AUTHZIDSteve Holme
Added the ability for the calling program to specify the authorisation identity (authzid), the identity to act as, in addition to the authentication identity (authcid) and password when using SASL PLAIN authentication. Fixes #3653 Closes #3790 NOTE: This commit was cherry-picked and is part of a series of commits that added the authzid feature for upcoming 7.66.0. The series was temporarily reverted in db8ec1f so that it would not ship in a 7.65.x patch release. Closes https://github.com/curl/curl/pull/4186
2019-05-25Revert all SASL authzid (new feature) commitsJay Satiro
- Revert all commits related to the SASL authzid feature since the next release will be a patch release, 7.65.1. Prior to this change CURLOPT_SASL_AUTHZID / --sasl-authzid was destined for the next release, assuming it would be a feature release 7.66.0. However instead the next release will be a patch release, 7.65.1 and will not contain any new features. After the patch release after the reverted commits can be restored by using cherry-pick: git cherry-pick a14d72c a9499ff 8c1cc36 c2a8d52 0edf690 Details for all reverted commits: Revert "os400: take care of CURLOPT_SASL_AUTHZID in curl_easy_setopt_ccsid()." This reverts commit 0edf6907ae37e2020722e6f61229d8ec64095b0a. Revert "tests: Fix the line endings for the SASL alt-auth tests" This reverts commit c2a8d52a1356a722ff9f4aeb983cd4eaf80ef221. Revert "examples: Added SASL PLAIN authorisation identity (authzid) examples" This reverts commit 8c1cc369d0c7163c6dcc91fd38edfea1f509ae75. Revert "curl: --sasl-authzid added to support CURLOPT_SASL_AUTHZID from the tool" This reverts commit a9499ff136d89987af885e2d7dff0a066a3e5817. Revert "sasl: Implement SASL authorisation identity via CURLOPT_SASL_AUTHZID" This reverts commit a14d72ca2fec5d4eb5a043936e4f7ce08015c177.
2019-05-22sasl: Implement SASL authorisation identity via CURLOPT_SASL_AUTHZIDSteve Holme
Added the ability for the calling program to specify the authorisation identity (authzid), the identity to act as, in addition to the authentication identity (authcid) and password when using SASL PLAIN authentication. Fixed #3653 Closes #3790
2019-05-16cleanup: remove FIXME and TODO commentsDaniel Stenberg
They serve very little purpose and mostly just add noise. Most of them have been around for a very long time. I read them all before removing or rephrasing them. Ref: #3876 Closes #3883
2019-05-13sasl: only enable if there's a protocol enabled using itDaniel Stenberg
2019-05-12auth: Rename the various authentication clean up functionsSteve Holme
For consistency and to a avoid confusion. Closes #3869
2019-04-22sasl: Don't send authcid as authzid for the PLAIN mechanism as per RFC 4616Steve Holme
RFC 4616 specifies the authzid is optional in the client authentication message and that the server will derive the authorisation identity (authzid) from the authentication identity (authcid) when not specified by the client.
2019-04-11vauth/cleartext: Update the PLAIN login function signature to match RFC 4616Steve Holme
Functionally this doesn't change anything as we still use the username for both the authorisation identity and the authentication identity. Closes #3757
2019-04-02vauth/oauth2: Fix OAUTHBEARER token generationMert Yazıcıoğlu
OAUTHBEARER tokens were incorrectly generated in a format similar to XOAUTH2 tokens. These changes make OAUTHBEARER tokens conform to the RFC7628. Fixes: #2487 Reported-by: Paolo Mossino Closes https://github.com/curl/curl/pull/3377
2019-01-11urldata: rename easy_conn to just connDaniel Stenberg
We use "conn" everywhere to be a pointer to the connection. Introduces two functions that "attaches" and "detaches" the connection to and from the transfer. Going forward, we should favour using "data->conn" (since a transfer always only has a single connection or none at all) to "conn->data" (since a connection can have none, one or many transfers associated with it and updating conn->data to be correct is error prone and a frequent reason for internal issues). Closes #3442
2018-06-11cppcheck: fix warningsMarian Klymov
- Get rid of variable that was generating false positive warning (unitialized) - Fix issues in tests - Reduce scope of several variables all over etc Closes #2631
2018-04-16ntlm_sspi: fix authentication using Credential Managertoughengineer
If you pass empty user/pass asking curl to use Windows Credential Storage (as stated in the docs) and it has valid credentials for the domain, e.g. curl -v -u : --ntlm example.com currently authentication fails. This change fixes it by providing proper SPN string to the SSPI API calls. Fixes https://github.com/curl/curl/issues/1622 Closes https://github.com/curl/curl/pull/1660
2018-02-21sasl: prefer PLAIN mechanism over LOGINPatrick Monnerat
SASL PLAIN is a standard, LOGIN only a draft. The LOGIN draft says PLAIN should be used instead if available.
2017-09-02Curl_base64_encode: always call with a real data handle.Patrick Monnerat
Some calls in different modules were setting the data handle to NULL, causing segmentation faults when using builds that enable character code conversions.
2017-06-03curl_sasl: fix unused-variable warningMarcel Raad
This fixes the following warning with CURL_DISABLE_CRYPTO_AUTH, as seen in the autobuilds: curl_sasl.c:417:9: warning: unused variable 'serverdata' [-Wunused-variable]
2017-05-16curl_sasl: fix build error with CURL_DISABLE_CRYPTO_AUTH + USE_NTLMDaniel Stenberg
Reported-by: wyattoday at github Fixes #1487
2017-04-04curl_sasl: declare mechtable staticMartin Kepplinger
struct mechtable is only used locally here. It can be declared static.
2016-11-24checksrc: code style: use 'char *name' styleDaniel Stenberg
2016-11-24HTTPS-proxy: fixed mbedtls and polishingOkhin Vasilij
2016-10-31strcasecompare: all case insensitive string compares ignore locale nowDaniel Stenberg
We had some confusions on when each function was used. We should not act differently on different locales anyway.
2016-10-31strcasecompare: is the new name for strequal()Daniel Stenberg
... to make it less likely that we forget that the function actually does case insentive compares. Also replaced several invokes of the function with a plain strcmp when case sensitivity is not an issue (like comparing with "-").
2016-08-21sasl: Don't use GSSAPI authentication when domain name not specifiedSteve Holme
Only choose the GSSAPI authentication mechanism when the user name contains a Windows domain name or the user is a valid UPN. Fixes #718
2016-08-20sasl: Added calls to Curl_auth_is_<mechansism>_supported()Steve Holme
Hooked up the SASL authentication layer to query the new 'is mechanism supported' functions when deciding what mechanism to use. For now existing functionality is maintained.
2016-06-22internals: rename the SessionHandle struct to Curl_easyDaniel Stenberg
2016-04-29lib: include curl_printf.h as one of the last headersDaniel Stenberg
curl_printf.h defines printf to curl_mprintf, etc. This can cause problems with external headers which may use __attribute__((format(printf, ...))) markers etc. To avoid that they cause problems with system includes, we include curl_printf.h after any system headers. That makes the three last headers to always be, and we keep them in this order: curl_printf.h curl_memory.h memdebug.h None of them include system headers, they all do funny #defines. Reported-by: David Benjamin Fixes #743
2016-04-09sasl: Fixed compilation errors from commit 9d89a0387Steve Holme
...when GSS-API or Windows SSPI are not used.
2016-04-08ftp/imap/pop3/smtp: Allow the service name to be overriddenSteve Holme
Allow the service name to be overridden for DIGIST-MD5 and Kerberos 5 authentication in FTP, IMAP, POP3 and SMTP.
2016-04-03curl_sasl: Fixed potential null pointer utilisationSteve Holme
Although this should never happen due to the relationship between the 'mech' and 'resp' variables, and the way they are allocated together, it does cause problems for code analysis tools: V595 The 'mech' pointer was utilized before it was verified against nullptr. Check lines: 376, 381. curl_sasl.c 376 Bug: https://github.com/curl/curl/issues/745 Reported-by: Alexis La Goutte
2016-04-02krb5: Moved host from Curl_auth_create_gssapi_user_message() to be argumentSteve Holme
For consistency with the spnego and oauth2 code moved the setting of the host name outside of the Curl_auth_create_gssapi_user_messag() function. This will allow us to more easily override it in the future.
2016-03-25vauth: Refactored function names after move to new vauth directorySteve Holme
Renamed all the SASL functions that moved to the new vauth directory to include the correct module name.
2016-03-25vauth: Moved the OAuth 2.0 authentication code to the new vauth directorySteve Holme
2016-03-25vauth: Moved the NTLM authentication code to the new vauth directorySteve Holme
2016-03-25vauth: Moved the DIGEST authentication code to the new vauth directorySteve Holme
2016-03-25vauth: Moved the CRAM-MD5 authentication code to the new vauth directorySteve Holme
2016-03-25vauth: Moved the ClearText authentication code to the new vauth directorySteve Holme
2016-03-25vauth: Moved Curl_sasl_build_spn() to create the initial vauth source filesSteve Holme
2016-03-19ftp/imap/pop3/smtp: Fixed compilation warning when /Wall enabledSteve Holme
warning C4706: assignment within conditional expression
2016-03-14curl_sasl.c: minor code indent fixesDaniel Stenberg
2016-03-12digest: Use boolean based success code for Curl_sasl_digest_get_pair()Steve Holme
Rather than use a 0 and 1 integer base result code use a TRUE / FALSE based success code.
2016-03-12digest: Corrected some typos in commentsSteve Holme
2016-03-12ntlm: Corrected some typos in function descriptionsSteve Holme
2016-02-19curl_sasl: Fix memory leak in digest parserEmil Lerner
If any parameter in a HTTP DIGEST challenge message is present multiple times, memory allocated for all but the last entry should be freed. Bug: https://github.com/curl/curl/pull/667
2016-02-03URLs: change all http:// URLs to https://Daniel Stenberg
2015-11-15sasl; fix checksrc warningsDaniel Stenberg
2015-11-15oauth2: Support OAUTHBEARER failures sent as continuation responsesSteve Holme
According to RFC7628 a failure message may be sent by the server in a base64 encoded JSON string as a continuation response. Currently only implemented for OAUTHBEARER and not XAUTH2.
2015-11-14oauth2: Added support for OAUTHBEARER SASL mechanism to IMAP, POP3 and SNMPSteve Holme
OAUTHBEARER is now the official "registered" SASL mechanism name for OAuth 2.0. However, we don't want to drop support for XOAUTH2 as some servers won't support the new mechanism yet.
2015-11-12sasl: Re-introduced XOAUTH2 in the default enabled authentication mechanismSteve Holme
Following the fix in commit d6d58dd558 it is necessary to re-introduce XOAUTH2 in the default enabled authentication mechanism, which was removed in commit 7b2012f262, otherwise users will have to specify AUTH=XOAUTH2 in the URL. Note: OAuth 2.0 will only be used when the bearer is specified.
2015-11-12oauth2: Re-factored OAuth 2.0 state variableSteve Holme
2015-11-12sasl: Don't choose OAuth 2.0 if mechanism not advertisedSteve Holme
Regression from commit 9e8ced9890 which meant if --oauth2-bearer was specified but the SASL mechanism wasn't supported by the server then the mechanism would be chosen.
2015-11-11oauth2: Introduced support for host and port detailsSteve Holme
Added support to the OAuth 2.0 message function for host and port, in order to accommodate the official OAUTHBEARER SASL mechanism which is to be added shortly.