aboutsummaryrefslogtreecommitdiff
path: root/lib/curl_sasl_sspi.c
AgeCommit message (Collapse)Author
2015-08-31sasl: Updated SPN variables and comments for consistencySteve Holme
In places the "host name" and "realm" variable was referred to as "instance" whilst in others it was referred to as "host".
2015-04-26sasl_sspi: Populate domain from the realm in the challengeGrant Pannell
Without this, SSPI based digest auth was broken. Bug: https://github.com/bagder/curl/pull/141.patch
2015-03-24curl_memory: make curl_memory.h the second-last header file loadedDan Fandrich
This header file must be included after all header files except memdebug.h, as it does similar memory function redefinitions and can be similarly affected by conflicting definitions in system or dependent library headers.
2015-03-16free: instead of Curl_safefree()Daniel Stenberg
Since we just started make use of free(NULL) in order to simplify code, this change takes it a step further and: - converts lots of Curl_safefree() calls to good old free() - makes Curl_safefree() not check the pointer before free() The (new) rule of thumb is: if you really want a function call that frees a pointer and then assigns it to NULL, then use Curl_safefree(). But we will prefer just using free() from now on.
2015-03-03mprintf.h: remove #ifdef CURLDEBUGDaniel Stenberg
... and as a consequence, introduce curl_printf.h with that re-define magic instead and make all libcurl code use that instead.
2014-12-05sasl: Corrected formatting of function descriptionsSteve Holme
2014-12-05sasl_sspi: Corrected some typosSteve Holme
2014-12-05sasl_sspi: Don't use hard coded sizes in Kerberos V5 security dataSteve Holme
Don't use a hard coded size of 4 for the security layer and buffer size in Curl_sasl_create_gssapi_security_message(), instead, use sizeof() as we have done in the sasl_gssapi module.
2014-12-05sasl_sspi: Free the Kerberos V5 challenge as soon as we're done with itSteve Holme
Reduced the amount of free's required for the decoded challenge message in Curl_sasl_create_gssapi_security_message() as a result of coding it differently in the sasl_gssapi module.
2014-12-04sasl_sspi: Added more Kerberos V5 decoding debug failure messagesSteve Holme
2014-11-23sasl: Tidied up some parameter commentsSteve Holme
2014-11-16sasl_sspi: Removed note about the NTLM functions being a wrapperSteve Holme
2014-11-16sasl_sspi: Fixed compilation warnings when no verbose string supportSteve Holme
2014-11-16sasl_sspi: Added base64 decoding debug failure messagesSteve Holme
Just like in the NTLM code, added infof() failure messages for DIGEST-MD5 and GSSAPI authentication when base64 decoding fails.
2014-11-16ntlm: Moved the SSPI based Type-3 message generation into the SASL moduleSteve Holme
2014-11-16ntlm: Moved the SSPI based Type-2 message decoding into the SASL moduleSteve Holme
2014-11-16ntlm: Moved the SSPI based Type-1 message generation into the SASL moduleSteve Holme
2014-11-16kerberos: Use symbol qualified with _KERBEROS5Michael Osipov
For consistency renamed USE_KRB5 to USE_KERBEROS5.
2014-11-15sasl: Corrected Curl_sasl_build_spn() function descriptionSteve Holme
There was a mismatch in function parameter names.
2014-11-14sasl_sspi: Corrected a couple of comment typosSteve Holme
2014-11-14sasl: Moved Curl_sasl_gssapi_cleanup() definition into header fileSteve Holme
Rather than define the function as extern in the source files that use it, moved the function declaration into the SASL header file just like the Digest and NTLM clean-up functions. Additionally, added a function description comment block.
2014-11-14sasl_sspi: Added missing RFC reference for HTTP Digest authenticationSteve Holme
2014-11-09ntlm: Added separate SSPI based functionsSteve Holme
In preparation for moving the NTLM message code into the SASL module, and separating the native code from the SSPI code, added functions that simply call the functions in curl_ntlm_msg.c.
2014-11-09ntlm: Moved SSPI clean-up code into SASL moduleSteve Holme
2014-11-06sasl_sspi: Tidy up of the existing digest codeSteve Holme
Following the addition of SSPI support for HTTP digest, synchronised elements of the email digest code with that of the new HTTP code.
2014-11-06http_digest: Fixed auth retry loop when SSPI based authentication failsSteve Holme
2014-11-06http_digest: Reworked the SSPI based input token storageSteve Holme
Reworked the input token (challenge message) storage as what is passed to the buf and desc in the response generation are typically blobs of data rather than strings, so this is more in keeping with other areas of the SSPI code, such as the NTLM message functions.
2014-11-06sasl_sspi: Fixed compilation warning from commit 2d2a62e3d9Steve Holme
Added void reference to unused 'data' parameter back to fix compilation warning.
2014-11-06sasl_sspi: Added HTTP digest response generation codeSteve Holme
2014-11-06http_digest: Added SSPI based challenge decoding codeSteve Holme
2014-11-06http_digest: Added SSPI based clean-up codeSteve Holme
2014-11-06http_digest: Added SSPI based authentication functionsSteve Holme
This temporarily breaks HTTP digest authentication in SSPI based builds, causing CURLE_NOT_BUILT_IN to be returned. A follow up commit will resume normal operation.
2014-11-05sspi: Define authentication package name constantsSteve Holme
These were previously hard coded, and whilst defined in security.h, they may or may not be present in old header files given that these defines were never used in the original code. Not only that, but there appears to be some ambiguity between the ANSI and UNICODE NTLM definition name in security.h.
2014-11-02sasl: Fixed Kerberos V5 inclusion when CURL_DISABLE_CRYPTO_AUTH is usedSteve Holme
Typically the USE_WINDOWS_SSPI definition would not be used when the CURL_DISABLE_CRYPTO_AUTH define is, however, it is still a valid build configuration and, as such, the SASL Kerberos V5 (GSSAPI) authentication data structures and functions would incorrectly be used when they shouldn't be. Introduced a new USE_KRB5 definition that takes into account the use of CURL_DISABLE_CRYPTO_AUTH like USE_SPNEGO and USE_NTLM do.
2014-10-29sspi: Return CURLE_LOGIN_DENIED on AcquireCredentialsHandle() failureSteve Holme
Return a more appropriate error, rather than CURLE_OUT_OF_MEMORY when acquiring the credentials handle fails. This is then consistent with the code prior to commit f7e24683c4 when log-in credentials were empty.
2014-10-29sasl_sspi: Allow DIGEST-MD5 to use current windows credentialsSteve Holme
Fixed the ability to use the current log-in credentials with DIGEST-MD5. I had previously disabled this functionality in commit 607883f13c as I couldn't get this to work under Windows 8, however, from testing HTTP Digest authentication through Windows SSPI and then further testing of this code I have found it works in Windows 7. Some further investigation is required to see what the differences are between Windows 7 and 8, but for now enable this functionality as the code will return an error when AcquireCredentialsHandle() fails.
2014-10-28sasl_sspi: Fixed typo in commentSteve Holme
2014-10-26sspi: Renamed expiry time stamp variablesSteve Holme
Code cleanup to try and synchronise code between the different SSPI based authentication mechanisms.
2014-10-26sspi: Only call CompleteAuthToken() when complete is neededSteve Holme
Don't call CompleteAuthToken() after InitializeSecurityContext() has returned SEC_I_CONTINUE_NEEDED as this return code only indicates the function should be called again after receiving a response back from the server. This only affected the Digest and NTLM authentication code.
2014-10-15sasl_sspi: Fixed some typosSteve Holme
2014-10-15sasl_sspi: Fixed Kerberos response buffer not being allocated when using SSOSteve Holme
2014-09-13sasl_sspi: Fixed Unicode buildMarcel Raad
Bug: http://curl.haxx.se/bug/view.cgi?id=1422 Verified-by: Steve Holme
2014-08-17sasl_sspi: Fixed a memory leak with the GSSAPI base-64 decoded challengeSteve Holme
2014-08-17sasl_sspi: Renamed GSSAPI mutual authentication parameterSteve Holme
...From "mutual" to "mutual_auth" which better describes what it is.
2014-08-17sasl_sspi: Corrected some of the GSSAPI security message error codesSteve Holme
Corrected a number of the error codes that can be returned from the Curl_sasl_create_gssapi_security_message() function when things go wrong. It makes more sense to return CURLE_BAD_CONTENT_ENCODING when the inbound security challenge can't be decoded correctly or doesn't contain the KERB_WRAP_NO_ENCRYPT flag and CURLE_OUT_OF_MEMORY when EncryptMessage() fails. Unfortunately the previous error code of CURLE_RECV_ERROR was a copy and paste mistakes on my part and should have been correct in commit 4b491c675f :(
2014-08-16sasl_sspi: Tell the server we don't support a GSSAPI receive bufferSteve Holme
2014-08-14curl_sasl_sspi.c: Fixed more compilation warnings from commit 4b491c675fSteve Holme
warning: unused variable 'resp' warning: no previous prototype for 'Curl_sasl_gssapi_cleanup'
2014-08-14SHA-1: 61c93383b7f6cf79d12ff99e9dced1d1cc2a7064Steve Holme
* curl_sasl_sspi.c: Fixed compilation warning from commit 4b491c675f warning: declaration of 'result' shadows a previous local
2014-08-14sasl_sspi: Added GSSAPI message functionsSteve Holme
2014-08-10sasl_sspi: Fixed hard coded buffer for response generationSteve Holme
Given the SSPI package info query indicates a token size of 4096 bytes, updated to use a dynamic buffer for the response message generation rather than a fixed buffer of 1024 bytes.