aboutsummaryrefslogtreecommitdiff
path: root/lib/curl_sasl_sspi.c
AgeCommit message (Collapse)Author
2014-12-05sasl: Corrected formatting of function descriptionsSteve Holme
2014-12-05sasl_sspi: Corrected some typosSteve Holme
2014-12-05sasl_sspi: Don't use hard coded sizes in Kerberos V5 security dataSteve Holme
Don't use a hard coded size of 4 for the security layer and buffer size in Curl_sasl_create_gssapi_security_message(), instead, use sizeof() as we have done in the sasl_gssapi module.
2014-12-05sasl_sspi: Free the Kerberos V5 challenge as soon as we're done with itSteve Holme
Reduced the amount of free's required for the decoded challenge message in Curl_sasl_create_gssapi_security_message() as a result of coding it differently in the sasl_gssapi module.
2014-12-04sasl_sspi: Added more Kerberos V5 decoding debug failure messagesSteve Holme
2014-11-23sasl: Tidied up some parameter commentsSteve Holme
2014-11-16sasl_sspi: Removed note about the NTLM functions being a wrapperSteve Holme
2014-11-16sasl_sspi: Fixed compilation warnings when no verbose string supportSteve Holme
2014-11-16sasl_sspi: Added base64 decoding debug failure messagesSteve Holme
Just like in the NTLM code, added infof() failure messages for DIGEST-MD5 and GSSAPI authentication when base64 decoding fails.
2014-11-16ntlm: Moved the SSPI based Type-3 message generation into the SASL moduleSteve Holme
2014-11-16ntlm: Moved the SSPI based Type-2 message decoding into the SASL moduleSteve Holme
2014-11-16ntlm: Moved the SSPI based Type-1 message generation into the SASL moduleSteve Holme
2014-11-16kerberos: Use symbol qualified with _KERBEROS5Michael Osipov
For consistency renamed USE_KRB5 to USE_KERBEROS5.
2014-11-15sasl: Corrected Curl_sasl_build_spn() function descriptionSteve Holme
There was a mismatch in function parameter names.
2014-11-14sasl_sspi: Corrected a couple of comment typosSteve Holme
2014-11-14sasl: Moved Curl_sasl_gssapi_cleanup() definition into header fileSteve Holme
Rather than define the function as extern in the source files that use it, moved the function declaration into the SASL header file just like the Digest and NTLM clean-up functions. Additionally, added a function description comment block.
2014-11-14sasl_sspi: Added missing RFC reference for HTTP Digest authenticationSteve Holme
2014-11-09ntlm: Added separate SSPI based functionsSteve Holme
In preparation for moving the NTLM message code into the SASL module, and separating the native code from the SSPI code, added functions that simply call the functions in curl_ntlm_msg.c.
2014-11-09ntlm: Moved SSPI clean-up code into SASL moduleSteve Holme
2014-11-06sasl_sspi: Tidy up of the existing digest codeSteve Holme
Following the addition of SSPI support for HTTP digest, synchronised elements of the email digest code with that of the new HTTP code.
2014-11-06http_digest: Fixed auth retry loop when SSPI based authentication failsSteve Holme
2014-11-06http_digest: Reworked the SSPI based input token storageSteve Holme
Reworked the input token (challenge message) storage as what is passed to the buf and desc in the response generation are typically blobs of data rather than strings, so this is more in keeping with other areas of the SSPI code, such as the NTLM message functions.
2014-11-06sasl_sspi: Fixed compilation warning from commit 2d2a62e3d9Steve Holme
Added void reference to unused 'data' parameter back to fix compilation warning.
2014-11-06sasl_sspi: Added HTTP digest response generation codeSteve Holme
2014-11-06http_digest: Added SSPI based challenge decoding codeSteve Holme
2014-11-06http_digest: Added SSPI based clean-up codeSteve Holme
2014-11-06http_digest: Added SSPI based authentication functionsSteve Holme
This temporarily breaks HTTP digest authentication in SSPI based builds, causing CURLE_NOT_BUILT_IN to be returned. A follow up commit will resume normal operation.
2014-11-05sspi: Define authentication package name constantsSteve Holme
These were previously hard coded, and whilst defined in security.h, they may or may not be present in old header files given that these defines were never used in the original code. Not only that, but there appears to be some ambiguity between the ANSI and UNICODE NTLM definition name in security.h.
2014-11-02sasl: Fixed Kerberos V5 inclusion when CURL_DISABLE_CRYPTO_AUTH is usedSteve Holme
Typically the USE_WINDOWS_SSPI definition would not be used when the CURL_DISABLE_CRYPTO_AUTH define is, however, it is still a valid build configuration and, as such, the SASL Kerberos V5 (GSSAPI) authentication data structures and functions would incorrectly be used when they shouldn't be. Introduced a new USE_KRB5 definition that takes into account the use of CURL_DISABLE_CRYPTO_AUTH like USE_SPNEGO and USE_NTLM do.
2014-10-29sspi: Return CURLE_LOGIN_DENIED on AcquireCredentialsHandle() failureSteve Holme
Return a more appropriate error, rather than CURLE_OUT_OF_MEMORY when acquiring the credentials handle fails. This is then consistent with the code prior to commit f7e24683c4 when log-in credentials were empty.
2014-10-29sasl_sspi: Allow DIGEST-MD5 to use current windows credentialsSteve Holme
Fixed the ability to use the current log-in credentials with DIGEST-MD5. I had previously disabled this functionality in commit 607883f13c as I couldn't get this to work under Windows 8, however, from testing HTTP Digest authentication through Windows SSPI and then further testing of this code I have found it works in Windows 7. Some further investigation is required to see what the differences are between Windows 7 and 8, but for now enable this functionality as the code will return an error when AcquireCredentialsHandle() fails.
2014-10-28sasl_sspi: Fixed typo in commentSteve Holme
2014-10-26sspi: Renamed expiry time stamp variablesSteve Holme
Code cleanup to try and synchronise code between the different SSPI based authentication mechanisms.
2014-10-26sspi: Only call CompleteAuthToken() when complete is neededSteve Holme
Don't call CompleteAuthToken() after InitializeSecurityContext() has returned SEC_I_CONTINUE_NEEDED as this return code only indicates the function should be called again after receiving a response back from the server. This only affected the Digest and NTLM authentication code.
2014-10-15sasl_sspi: Fixed some typosSteve Holme
2014-10-15sasl_sspi: Fixed Kerberos response buffer not being allocated when using SSOSteve Holme
2014-09-13sasl_sspi: Fixed Unicode buildMarcel Raad
Bug: http://curl.haxx.se/bug/view.cgi?id=1422 Verified-by: Steve Holme
2014-08-17sasl_sspi: Fixed a memory leak with the GSSAPI base-64 decoded challengeSteve Holme
2014-08-17sasl_sspi: Renamed GSSAPI mutual authentication parameterSteve Holme
...From "mutual" to "mutual_auth" which better describes what it is.
2014-08-17sasl_sspi: Corrected some of the GSSAPI security message error codesSteve Holme
Corrected a number of the error codes that can be returned from the Curl_sasl_create_gssapi_security_message() function when things go wrong. It makes more sense to return CURLE_BAD_CONTENT_ENCODING when the inbound security challenge can't be decoded correctly or doesn't contain the KERB_WRAP_NO_ENCRYPT flag and CURLE_OUT_OF_MEMORY when EncryptMessage() fails. Unfortunately the previous error code of CURLE_RECV_ERROR was a copy and paste mistakes on my part and should have been correct in commit 4b491c675f :(
2014-08-16sasl_sspi: Tell the server we don't support a GSSAPI receive bufferSteve Holme
2014-08-14curl_sasl_sspi.c: Fixed more compilation warnings from commit 4b491c675fSteve Holme
warning: unused variable 'resp' warning: no previous prototype for 'Curl_sasl_gssapi_cleanup'
2014-08-14SHA-1: 61c93383b7f6cf79d12ff99e9dced1d1cc2a7064Steve Holme
* curl_sasl_sspi.c: Fixed compilation warning from commit 4b491c675f warning: declaration of 'result' shadows a previous local
2014-08-14sasl_sspi: Added GSSAPI message functionsSteve Holme
2014-08-10sasl_sspi: Fixed hard coded buffer for response generationSteve Holme
Given the SSPI package info query indicates a token size of 4096 bytes, updated to use a dynamic buffer for the response message generation rather than a fixed buffer of 1024 bytes.
2014-08-10sasl_sspi: Fixed missing free of challenge buffer on SPN failureSteve Holme
2014-08-09sasl_sspi: Fixed SPN not being converted to wchar under Unicode buildsSteve Holme
Curl_sasl_create_digest_md5_message() would simply cast the SPN variable to a TCHAR when calling InitializeSecurityContext(). This meant that, under Unicode builds, it would not be valid wide character string. Updated to use the recently introduced Curl_sasl_build_spn() function which performs the correct conversion for us.
2014-08-09sasl: Introduced Curl_sasl_build_spn() for building a SPNSteve Holme
Various parts of the libcurl source code build a SPN for inclusion in authentication data. This information is either used by our own native generation routines or passed to authentication functions in third-party libraries such as SSPI. However, some of these instances use fixed buffers rather than dynamically allocated ones and not all of those that should, convert to wide character strings in Unicode builds. Implemented a common function that generates a SPN and performs the wide character conversion where necessary.
2014-08-09sasl_sspi: Fixed memory leak with not releasing Package Info structSteve Holme
Curl_sasl_create_digest_md5_message() wouldn't free the Package Info structure after QuerySecurityPackageInfo() had allocated it.
2014-06-01curl_sasl_sspi: Fixed corrupt hostname in DIGEST-MD5 SPN generationSteve Holme