aboutsummaryrefslogtreecommitdiff
path: root/lib/curl_sasl_sspi.c
AgeCommit message (Collapse)Author
2014-11-06http_digest: Added SSPI based authentication functionsSteve Holme
This temporarily breaks HTTP digest authentication in SSPI based builds, causing CURLE_NOT_BUILT_IN to be returned. A follow up commit will resume normal operation.
2014-11-05sspi: Define authentication package name constantsSteve Holme
These were previously hard coded, and whilst defined in security.h, they may or may not be present in old header files given that these defines were never used in the original code. Not only that, but there appears to be some ambiguity between the ANSI and UNICODE NTLM definition name in security.h.
2014-11-02sasl: Fixed Kerberos V5 inclusion when CURL_DISABLE_CRYPTO_AUTH is usedSteve Holme
Typically the USE_WINDOWS_SSPI definition would not be used when the CURL_DISABLE_CRYPTO_AUTH define is, however, it is still a valid build configuration and, as such, the SASL Kerberos V5 (GSSAPI) authentication data structures and functions would incorrectly be used when they shouldn't be. Introduced a new USE_KRB5 definition that takes into account the use of CURL_DISABLE_CRYPTO_AUTH like USE_SPNEGO and USE_NTLM do.
2014-10-29sspi: Return CURLE_LOGIN_DENIED on AcquireCredentialsHandle() failureSteve Holme
Return a more appropriate error, rather than CURLE_OUT_OF_MEMORY when acquiring the credentials handle fails. This is then consistent with the code prior to commit f7e24683c4 when log-in credentials were empty.
2014-10-29sasl_sspi: Allow DIGEST-MD5 to use current windows credentialsSteve Holme
Fixed the ability to use the current log-in credentials with DIGEST-MD5. I had previously disabled this functionality in commit 607883f13c as I couldn't get this to work under Windows 8, however, from testing HTTP Digest authentication through Windows SSPI and then further testing of this code I have found it works in Windows 7. Some further investigation is required to see what the differences are between Windows 7 and 8, but for now enable this functionality as the code will return an error when AcquireCredentialsHandle() fails.
2014-10-28sasl_sspi: Fixed typo in commentSteve Holme
2014-10-26sspi: Renamed expiry time stamp variablesSteve Holme
Code cleanup to try and synchronise code between the different SSPI based authentication mechanisms.
2014-10-26sspi: Only call CompleteAuthToken() when complete is neededSteve Holme
Don't call CompleteAuthToken() after InitializeSecurityContext() has returned SEC_I_CONTINUE_NEEDED as this return code only indicates the function should be called again after receiving a response back from the server. This only affected the Digest and NTLM authentication code.
2014-10-15sasl_sspi: Fixed some typosSteve Holme
2014-10-15sasl_sspi: Fixed Kerberos response buffer not being allocated when using SSOSteve Holme
2014-09-13sasl_sspi: Fixed Unicode buildMarcel Raad
Bug: http://curl.haxx.se/bug/view.cgi?id=1422 Verified-by: Steve Holme
2014-08-17sasl_sspi: Fixed a memory leak with the GSSAPI base-64 decoded challengeSteve Holme
2014-08-17sasl_sspi: Renamed GSSAPI mutual authentication parameterSteve Holme
...From "mutual" to "mutual_auth" which better describes what it is.
2014-08-17sasl_sspi: Corrected some of the GSSAPI security message error codesSteve Holme
Corrected a number of the error codes that can be returned from the Curl_sasl_create_gssapi_security_message() function when things go wrong. It makes more sense to return CURLE_BAD_CONTENT_ENCODING when the inbound security challenge can't be decoded correctly or doesn't contain the KERB_WRAP_NO_ENCRYPT flag and CURLE_OUT_OF_MEMORY when EncryptMessage() fails. Unfortunately the previous error code of CURLE_RECV_ERROR was a copy and paste mistakes on my part and should have been correct in commit 4b491c675f :(
2014-08-16sasl_sspi: Tell the server we don't support a GSSAPI receive bufferSteve Holme
2014-08-14curl_sasl_sspi.c: Fixed more compilation warnings from commit 4b491c675fSteve Holme
warning: unused variable 'resp' warning: no previous prototype for 'Curl_sasl_gssapi_cleanup'
2014-08-14SHA-1: 61c93383b7f6cf79d12ff99e9dced1d1cc2a7064Steve Holme
* curl_sasl_sspi.c: Fixed compilation warning from commit 4b491c675f warning: declaration of 'result' shadows a previous local
2014-08-14sasl_sspi: Added GSSAPI message functionsSteve Holme
2014-08-10sasl_sspi: Fixed hard coded buffer for response generationSteve Holme
Given the SSPI package info query indicates a token size of 4096 bytes, updated to use a dynamic buffer for the response message generation rather than a fixed buffer of 1024 bytes.
2014-08-10sasl_sspi: Fixed missing free of challenge buffer on SPN failureSteve Holme
2014-08-09sasl_sspi: Fixed SPN not being converted to wchar under Unicode buildsSteve Holme
Curl_sasl_create_digest_md5_message() would simply cast the SPN variable to a TCHAR when calling InitializeSecurityContext(). This meant that, under Unicode builds, it would not be valid wide character string. Updated to use the recently introduced Curl_sasl_build_spn() function which performs the correct conversion for us.
2014-08-09sasl: Introduced Curl_sasl_build_spn() for building a SPNSteve Holme
Various parts of the libcurl source code build a SPN for inclusion in authentication data. This information is either used by our own native generation routines or passed to authentication functions in third-party libraries such as SSPI. However, some of these instances use fixed buffers rather than dynamically allocated ones and not all of those that should, convert to wide character strings in Unicode builds. Implemented a common function that generates a SPN and performs the wide character conversion where necessary.
2014-08-09sasl_sspi: Fixed memory leak with not releasing Package Info structSteve Holme
Curl_sasl_create_digest_md5_message() wouldn't free the Package Info structure after QuerySecurityPackageInfo() had allocated it.
2014-06-01curl_sasl_sspi: Fixed corrupt hostname in DIGEST-MD5 SPN generationSteve Holme
2014-04-06sasl: Fixed compilation warningSteve Holme
warning: no previous prototype for 'Curl_sasl_create_digest_md5_message'
2014-04-06sasl: Added curl_memory.h include as per test 1132Steve Holme
2014-04-06sasl: Corrected missing free of decoded challenge message from 607883f13cSteve Holme
2014-04-06sasl: Post DIGEST-MD5 SSPI code tidy upSteve Holme
* Added comments to SSPI NTLM message generation * Added comments to native DIGEST-MD5 code * Removed redundant identity pointer
2014-04-06sasl: Corrected pre-processor inclusion of SSPI based DIGEST-MD5 codeSteve Holme
When CURL_DISABLE_CRYPTO_AUTH is defined the DIGEST-MD5 code should not be included, regardless of whether USE__WINDOWS_SSPI is defined or not. This is indicated by the definition of USE_HTTP_NEGOTIATE and USE_NTLM in curl_setup.h.
2014-04-06sasl: Added support for DIGEST-MD5 via Windows SSPISteve Holme
2014-04-06sasl: Renamed SSPI module following short name clashSteve Holme