Age | Commit message (Collapse) | Author |
|
We had some confusions on when each function was used. We should not act
differently on different locales anyway.
|
|
... to make it less likely that we forget that the function actually
does case insentive compares. Also replaced several invokes of the
function with a plain strcmp when case sensitivity is not an issue (like
comparing with "-").
|
|
Only choose the GSSAPI authentication mechanism when the user name
contains a Windows domain name or the user is a valid UPN.
Fixes #718
|
|
Hooked up the SASL authentication layer to query the new 'is mechanism
supported' functions when deciding what mechanism to use.
For now existing functionality is maintained.
|
|
|
|
curl_printf.h defines printf to curl_mprintf, etc. This can cause
problems with external headers which may use
__attribute__((format(printf, ...))) markers etc.
To avoid that they cause problems with system includes, we include
curl_printf.h after any system headers. That makes the three last
headers to always be, and we keep them in this order:
curl_printf.h
curl_memory.h
memdebug.h
None of them include system headers, they all do funny #defines.
Reported-by: David Benjamin
Fixes #743
|
|
...when GSS-API or Windows SSPI are not used.
|
|
Allow the service name to be overridden for DIGIST-MD5 and Kerberos 5
authentication in FTP, IMAP, POP3 and SMTP.
|
|
Although this should never happen due to the relationship between the
'mech' and 'resp' variables, and the way they are allocated together,
it does cause problems for code analysis tools:
V595 The 'mech' pointer was utilized before it was verified against
nullptr. Check lines: 376, 381. curl_sasl.c 376
Bug: https://github.com/curl/curl/issues/745
Reported-by: Alexis La Goutte
|
|
For consistency with the spnego and oauth2 code moved the setting of
the host name outside of the Curl_auth_create_gssapi_user_messag()
function.
This will allow us to more easily override it in the future.
|
|
Renamed all the SASL functions that moved to the new vauth directory to
include the correct module name.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
warning C4706: assignment within conditional expression
|
|
|
|
Rather than use a 0 and 1 integer base result code use a TRUE / FALSE
based success code.
|
|
|
|
|
|
If any parameter in a HTTP DIGEST challenge message is present multiple
times, memory allocated for all but the last entry should be freed.
Bug: https://github.com/curl/curl/pull/667
|
|
|
|
|
|
According to RFC7628 a failure message may be sent by the server in a
base64 encoded JSON string as a continuation response.
Currently only implemented for OAUTHBEARER and not XAUTH2.
|
|
OAUTHBEARER is now the official "registered" SASL mechanism name for
OAuth 2.0. However, we don't want to drop support for XOAUTH2 as some
servers won't support the new mechanism yet.
|
|
Following the fix in commit d6d58dd558 it is necessary to re-introduce
XOAUTH2 in the default enabled authentication mechanism, which was
removed in commit 7b2012f262, otherwise users will have to specify
AUTH=XOAUTH2 in the URL.
Note: OAuth 2.0 will only be used when the bearer is specified.
|
|
|
|
Regression from commit 9e8ced9890 which meant if --oauth2-bearer was
specified but the SASL mechanism wasn't supported by the server then
the mechanism would be chosen.
|
|
Added support to the OAuth 2.0 message function for host and port, in
order to accommodate the official OAUTHBEARER SASL mechanism which is
to be added shortly.
|
|
|
|
|
|
In places the "host name" and "realm" variable was referred to as
"instance" whilst in others it was referred to as "host".
|
|
Without this, SSPI based digest auth was broken.
Bug: https://github.com/bagder/curl/pull/141.patch
|
|
This header file must be included after all header files except
memdebug.h, as it does similar memory function redefinitions and can be
similarly affected by conflicting definitions in system or dependent
library headers.
|
|
Since we just started make use of free(NULL) in order to simplify code,
this change takes it a step further and:
- converts lots of Curl_safefree() calls to good old free()
- makes Curl_safefree() not check the pointer before free()
The (new) rule of thumb is: if you really want a function call that
frees a pointer and then assigns it to NULL, then use Curl_safefree().
But we will prefer just using free() from now on.
|
|
... and as a consequence, introduce curl_printf.h with that re-define
magic instead and make all libcurl code use that instead.
|
|
Better use of 80 character line limit, comment corrections and line
spacing preferences.
|
|
curl_sasl.c:1506: warning: unused variable 'chlg'
|
|
curl_sasl.c:1317: warning: unused parameter 'conn'
|
|
|
|
|
|
Its use is only enabled by explicit requirement in URL (;AUTH=EXTERNAL) and
by not setting the password.
|
|
Commit 7a8b2885e2 made some functions static and removed the public
Curl_ prefix. Unfortunately, it also removed the sasl_ prefix, which
is the naming convention we use in this source file.
|
|
|
|
|
|
curl_sasl.c:1453: warning C4101: 'serverdata' : unreferenced local
variable
|
|
curl_sasl.c:1221: error C2065: 'mechtable' : undeclared identifier
This error could also happen for non-SSPI builds when cryptography is
disabled (CURL_DISABLE_CRYPTO_AUTH is defined).
|
|
|