aboutsummaryrefslogtreecommitdiff
path: root/lib/curl_sasl.c
AgeCommit message (Collapse)Author
2016-03-12digest: Use boolean based success code for Curl_sasl_digest_get_pair()Steve Holme
Rather than use a 0 and 1 integer base result code use a TRUE / FALSE based success code.
2016-03-12digest: Corrected some typos in commentsSteve Holme
2016-03-12ntlm: Corrected some typos in function descriptionsSteve Holme
2016-02-19curl_sasl: Fix memory leak in digest parserEmil Lerner
If any parameter in a HTTP DIGEST challenge message is present multiple times, memory allocated for all but the last entry should be freed. Bug: https://github.com/curl/curl/pull/667
2016-02-03URLs: change all http:// URLs to https://Daniel Stenberg
2015-11-15sasl; fix checksrc warningsDaniel Stenberg
2015-11-15oauth2: Support OAUTHBEARER failures sent as continuation responsesSteve Holme
According to RFC7628 a failure message may be sent by the server in a base64 encoded JSON string as a continuation response. Currently only implemented for OAUTHBEARER and not XAUTH2.
2015-11-14oauth2: Added support for OAUTHBEARER SASL mechanism to IMAP, POP3 and SNMPSteve Holme
OAUTHBEARER is now the official "registered" SASL mechanism name for OAuth 2.0. However, we don't want to drop support for XOAUTH2 as some servers won't support the new mechanism yet.
2015-11-12sasl: Re-introduced XOAUTH2 in the default enabled authentication mechanismSteve Holme
Following the fix in commit d6d58dd558 it is necessary to re-introduce XOAUTH2 in the default enabled authentication mechanism, which was removed in commit 7b2012f262, otherwise users will have to specify AUTH=XOAUTH2 in the URL. Note: OAuth 2.0 will only be used when the bearer is specified.
2015-11-12oauth2: Re-factored OAuth 2.0 state variableSteve Holme
2015-11-12sasl: Don't choose OAuth 2.0 if mechanism not advertisedSteve Holme
Regression from commit 9e8ced9890 which meant if --oauth2-bearer was specified but the SASL mechanism wasn't supported by the server then the mechanism would be chosen.
2015-11-11oauth2: Introduced support for host and port detailsSteve Holme
Added support to the OAuth 2.0 message function for host and port, in order to accommodate the official OAUTHBEARER SASL mechanism which is to be added shortly.
2015-11-09oauth2: Don't use XAUTH2 in OAuth 2.0 function nameSteve Holme
2015-11-09oauth2: Don't use XOAUTH2 in OAuth 2.0 variablesSteve Holme
2015-08-31sasl: Updated SPN variables and comments for consistencySteve Holme
In places the "host name" and "realm" variable was referred to as "instance" whilst in others it was referred to as "host".
2015-04-26sasl_sspi: Populate domain from the realm in the challengeGrant Pannell
Without this, SSPI based digest auth was broken. Bug: https://github.com/bagder/curl/pull/141.patch
2015-03-24curl_memory: make curl_memory.h the second-last header file loadedDan Fandrich
This header file must be included after all header files except memdebug.h, as it does similar memory function redefinitions and can be similarly affected by conflicting definitions in system or dependent library headers.
2015-03-16free: instead of Curl_safefree()Daniel Stenberg
Since we just started make use of free(NULL) in order to simplify code, this change takes it a step further and: - converts lots of Curl_safefree() calls to good old free() - makes Curl_safefree() not check the pointer before free() The (new) rule of thumb is: if you really want a function call that frees a pointer and then assigns it to NULL, then use Curl_safefree(). But we will prefer just using free() from now on.
2015-03-03mprintf.h: remove #ifdef CURLDEBUGDaniel Stenberg
... and as a consequence, introduce curl_printf.h with that re-define magic instead and make all libcurl code use that instead.
2015-02-02curl_sasl.c: More code policingSteve Holme
Better use of 80 character line limit, comment corrections and line spacing preferences.
2015-01-29curl_sasl.c: Fixed compilation warning when cryptography is disabledSteve Holme
curl_sasl.c:1506: warning: unused variable 'chlg'
2015-01-28curl_sasl.c: Fixed compilation warning when verbose debug output disabledSteve Holme
curl_sasl.c:1317: warning: unused parameter 'conn'
2015-01-28sasl: Minor code policing and grammar correctionsSteve Holme
2015-01-27sasl: remove XOAUTH2 from default enabled authentication mechanism.Patrick Monnerat
2015-01-27sasl: implement EXTERNAL authentication mechanism.Patrick Monnerat
Its use is only enabled by explicit requirement in URL (;AUTH=EXTERNAL) and by not setting the password.
2015-01-22curl_sasl: Reinstate the sasl_ prefix for locally scoped functionsSteve Holme
Commit 7a8b2885e2 made some functions static and removed the public Curl_ prefix. Unfortunately, it also removed the sasl_ prefix, which is the naming convention we use in this source file.
2015-01-22curl_sasl: Minor code policing following recent commitsSteve Holme
2015-01-20curl_sasl.c: chlglen is not used when cryptography is disabledSteve Holme
2015-01-20curl_sasl.c: Fixed compilation warning when cyptography is disabledSteve Holme
curl_sasl.c:1453: warning C4101: 'serverdata' : unreferenced local variable
2015-01-20curl_sasl.c: Fixed compilation error when USE_WINDOWS_SSPI definedSteve Holme
curl_sasl.c:1221: error C2065: 'mechtable' : undeclared identifier This error could also happen for non-SSPI builds when cryptography is disabled (CURL_DISABLE_CRYPTO_AUTH is defined).
2015-01-20SASL: make some procedures local-scopedPatrick Monnerat
2015-01-20SASL: common state engine for imap/pop3/smtpPatrick Monnerat
2015-01-20SASL: common URL option and auth capabilities decoders for all protocolsPatrick Monnerat
2014-11-23sasl: Tidied up some parameter commentsSteve Holme
2014-11-23sasl: Reduced the need for two sets of NTLM functionsSteve Holme
2014-11-23ntlm: Moved NSS initialisation to base decode functionSteve Holme
2014-11-16kerberos: Use symbol qualified with _KERBEROS5Michael Osipov
For consistency renamed USE_KRB5 to USE_KERBEROS5.
2014-11-15sasl: Corrected Curl_sasl_build_spn() function descriptionSteve Holme
There was a mismatch in function parameter names.
2014-11-14sasl: Moved Curl_sasl_gssapi_cleanup() definition into header fileSteve Holme
Rather than define the function as extern in the source files that use it, moved the function declaration into the SASL header file just like the Digest and NTLM clean-up functions. Additionally, added a function description comment block.
2014-11-09ntlm: Added separate SSPI based functionsSteve Holme
In preparation for moving the NTLM message code into the SASL module, and separating the native code from the SSPI code, added functions that simply call the functions in curl_ntlm_msg.c.
2014-11-09ntlm: Moved the native Target Info clean-up from HTTP specific functionSteve Holme
2014-11-09ntlm: Moved SSPI clean-up code into SASL moduleSteve Holme
2014-11-07http_digest: Fixed some memory leaks introduced in commit 6f8d8131b1Steve Holme
Fixed a couple of memory leaks as a result of moving code that used to populate allocuserpwd and relied on it's clean up.
2014-11-06http_digest: Post SSPI support tidy upSteve Holme
Post tidy up to ensure commonality of code style and variable names.
2014-11-06sasl: Removed non-SSPI Digest functions and defines from SSPI based buildsSteve Holme
Introduced in commit 7e6d51a73c these functions and definitions are only required by the internal challenge-response functions now.
2014-11-06http_digest: Added SSPI based authentication functionsSteve Holme
This temporarily breaks HTTP digest authentication in SSPI based builds, causing CURLE_NOT_BUILT_IN to be returned. A follow up commit will resume normal operation.
2014-11-05sasl: Fixed HTTP digest challenges with spaces between auth parametersSteve Holme
Broken as part of the rework, in commit 7e6d51a73c, to assist with the addition of HTTP digest via Windows SSPI.
2014-11-05http_digest: Moved response generation into SASL moduleSteve Holme
2014-11-05http_digest: Moved challenge decoding into SASL moduleSteve Holme
2014-11-05http_digest: Moved clean-up function into SASL moduleSteve Holme