Age | Commit message (Collapse) | Author | |
---|---|---|---|
2016-04-09 | sasl: Fixed compilation errors from commit 9d89a0387 | Steve Holme | |
...when GSS-API or Windows SSPI are not used. | |||
2016-04-08 | ftp/imap/pop3/smtp: Allow the service name to be overridden | Steve Holme | |
Allow the service name to be overridden for DIGIST-MD5 and Kerberos 5 authentication in FTP, IMAP, POP3 and SMTP. | |||
2016-04-03 | curl_sasl: Fixed potential null pointer utilisation | Steve Holme | |
Although this should never happen due to the relationship between the 'mech' and 'resp' variables, and the way they are allocated together, it does cause problems for code analysis tools: V595 The 'mech' pointer was utilized before it was verified against nullptr. Check lines: 376, 381. curl_sasl.c 376 Bug: https://github.com/curl/curl/issues/745 Reported-by: Alexis La Goutte | |||
2016-04-02 | krb5: Moved host from Curl_auth_create_gssapi_user_message() to be argument | Steve Holme | |
For consistency with the spnego and oauth2 code moved the setting of the host name outside of the Curl_auth_create_gssapi_user_messag() function. This will allow us to more easily override it in the future. | |||
2016-03-25 | vauth: Refactored function names after move to new vauth directory | Steve Holme | |
Renamed all the SASL functions that moved to the new vauth directory to include the correct module name. | |||
2016-03-25 | vauth: Moved the OAuth 2.0 authentication code to the new vauth directory | Steve Holme | |
2016-03-25 | vauth: Moved the NTLM authentication code to the new vauth directory | Steve Holme | |
2016-03-25 | vauth: Moved the DIGEST authentication code to the new vauth directory | Steve Holme | |
2016-03-25 | vauth: Moved the CRAM-MD5 authentication code to the new vauth directory | Steve Holme | |
2016-03-25 | vauth: Moved the ClearText authentication code to the new vauth directory | Steve Holme | |
2016-03-25 | vauth: Moved Curl_sasl_build_spn() to create the initial vauth source files | Steve Holme | |
2016-03-19 | ftp/imap/pop3/smtp: Fixed compilation warning when /Wall enabled | Steve Holme | |
warning C4706: assignment within conditional expression | |||
2016-03-14 | curl_sasl.c: minor code indent fixes | Daniel Stenberg | |
2016-03-12 | digest: Use boolean based success code for Curl_sasl_digest_get_pair() | Steve Holme | |
Rather than use a 0 and 1 integer base result code use a TRUE / FALSE based success code. | |||
2016-03-12 | digest: Corrected some typos in comments | Steve Holme | |
2016-03-12 | ntlm: Corrected some typos in function descriptions | Steve Holme | |
2016-02-19 | curl_sasl: Fix memory leak in digest parser | Emil Lerner | |
If any parameter in a HTTP DIGEST challenge message is present multiple times, memory allocated for all but the last entry should be freed. Bug: https://github.com/curl/curl/pull/667 | |||
2016-02-03 | URLs: change all http:// URLs to https:// | Daniel Stenberg | |
2015-11-15 | sasl; fix checksrc warnings | Daniel Stenberg | |
2015-11-15 | oauth2: Support OAUTHBEARER failures sent as continuation responses | Steve Holme | |
According to RFC7628 a failure message may be sent by the server in a base64 encoded JSON string as a continuation response. Currently only implemented for OAUTHBEARER and not XAUTH2. | |||
2015-11-14 | oauth2: Added support for OAUTHBEARER SASL mechanism to IMAP, POP3 and SNMP | Steve Holme | |
OAUTHBEARER is now the official "registered" SASL mechanism name for OAuth 2.0. However, we don't want to drop support for XOAUTH2 as some servers won't support the new mechanism yet. | |||
2015-11-12 | sasl: Re-introduced XOAUTH2 in the default enabled authentication mechanism | Steve Holme | |
Following the fix in commit d6d58dd558 it is necessary to re-introduce XOAUTH2 in the default enabled authentication mechanism, which was removed in commit 7b2012f262, otherwise users will have to specify AUTH=XOAUTH2 in the URL. Note: OAuth 2.0 will only be used when the bearer is specified. | |||
2015-11-12 | oauth2: Re-factored OAuth 2.0 state variable | Steve Holme | |
2015-11-12 | sasl: Don't choose OAuth 2.0 if mechanism not advertised | Steve Holme | |
Regression from commit 9e8ced9890 which meant if --oauth2-bearer was specified but the SASL mechanism wasn't supported by the server then the mechanism would be chosen. | |||
2015-11-11 | oauth2: Introduced support for host and port details | Steve Holme | |
Added support to the OAuth 2.0 message function for host and port, in order to accommodate the official OAUTHBEARER SASL mechanism which is to be added shortly. | |||
2015-11-09 | oauth2: Don't use XAUTH2 in OAuth 2.0 function name | Steve Holme | |
2015-11-09 | oauth2: Don't use XOAUTH2 in OAuth 2.0 variables | Steve Holme | |
2015-08-31 | sasl: Updated SPN variables and comments for consistency | Steve Holme | |
In places the "host name" and "realm" variable was referred to as "instance" whilst in others it was referred to as "host". | |||
2015-04-26 | sasl_sspi: Populate domain from the realm in the challenge | Grant Pannell | |
Without this, SSPI based digest auth was broken. Bug: https://github.com/bagder/curl/pull/141.patch | |||
2015-03-24 | curl_memory: make curl_memory.h the second-last header file loaded | Dan Fandrich | |
This header file must be included after all header files except memdebug.h, as it does similar memory function redefinitions and can be similarly affected by conflicting definitions in system or dependent library headers. | |||
2015-03-16 | free: instead of Curl_safefree() | Daniel Stenberg | |
Since we just started make use of free(NULL) in order to simplify code, this change takes it a step further and: - converts lots of Curl_safefree() calls to good old free() - makes Curl_safefree() not check the pointer before free() The (new) rule of thumb is: if you really want a function call that frees a pointer and then assigns it to NULL, then use Curl_safefree(). But we will prefer just using free() from now on. | |||
2015-03-03 | mprintf.h: remove #ifdef CURLDEBUG | Daniel Stenberg | |
... and as a consequence, introduce curl_printf.h with that re-define magic instead and make all libcurl code use that instead. | |||
2015-02-02 | curl_sasl.c: More code policing | Steve Holme | |
Better use of 80 character line limit, comment corrections and line spacing preferences. | |||
2015-01-29 | curl_sasl.c: Fixed compilation warning when cryptography is disabled | Steve Holme | |
curl_sasl.c:1506: warning: unused variable 'chlg' | |||
2015-01-28 | curl_sasl.c: Fixed compilation warning when verbose debug output disabled | Steve Holme | |
curl_sasl.c:1317: warning: unused parameter 'conn' | |||
2015-01-28 | sasl: Minor code policing and grammar corrections | Steve Holme | |
2015-01-27 | sasl: remove XOAUTH2 from default enabled authentication mechanism. | Patrick Monnerat | |
2015-01-27 | sasl: implement EXTERNAL authentication mechanism. | Patrick Monnerat | |
Its use is only enabled by explicit requirement in URL (;AUTH=EXTERNAL) and by not setting the password. | |||
2015-01-22 | curl_sasl: Reinstate the sasl_ prefix for locally scoped functions | Steve Holme | |
Commit 7a8b2885e2 made some functions static and removed the public Curl_ prefix. Unfortunately, it also removed the sasl_ prefix, which is the naming convention we use in this source file. | |||
2015-01-22 | curl_sasl: Minor code policing following recent commits | Steve Holme | |
2015-01-20 | curl_sasl.c: chlglen is not used when cryptography is disabled | Steve Holme | |
2015-01-20 | curl_sasl.c: Fixed compilation warning when cyptography is disabled | Steve Holme | |
curl_sasl.c:1453: warning C4101: 'serverdata' : unreferenced local variable | |||
2015-01-20 | curl_sasl.c: Fixed compilation error when USE_WINDOWS_SSPI defined | Steve Holme | |
curl_sasl.c:1221: error C2065: 'mechtable' : undeclared identifier This error could also happen for non-SSPI builds when cryptography is disabled (CURL_DISABLE_CRYPTO_AUTH is defined). | |||
2015-01-20 | SASL: make some procedures local-scoped | Patrick Monnerat | |
2015-01-20 | SASL: common state engine for imap/pop3/smtp | Patrick Monnerat | |
2015-01-20 | SASL: common URL option and auth capabilities decoders for all protocols | Patrick Monnerat | |
2014-11-23 | sasl: Tidied up some parameter comments | Steve Holme | |
2014-11-23 | sasl: Reduced the need for two sets of NTLM functions | Steve Holme | |
2014-11-23 | ntlm: Moved NSS initialisation to base decode function | Steve Holme | |
2014-11-16 | kerberos: Use symbol qualified with _KERBEROS5 | Michael Osipov | |
For consistency renamed USE_KRB5 to USE_KERBEROS5. |