Age | Commit message (Collapse) | Author | |
---|---|---|---|
2006-04-05 | Michele Bini modified the NTLM code to work for his "weird IIS case" | Daniel Stenberg | |
(http://curl.haxx.se/mail/lib-2006-02/0154.html) by adding the NTLM hash function in addition to the LM one and making some other adjustments in the order the different parts of the data block are sent in the Type-2 reply. Inspiration for this work was taken from the Firefox NTLM implementation. I edited the existing 21(!) NTLM test cases to run fine with these news. Due to the fact that we now properly include the host name in the Type-2 message the test cases now only compare parts of that chunk. | |||
2005-11-14 | Quagmire reported that he needed to raise a NTLM buffer for SSPI to work | Daniel Stenberg | |
properly for a case, and so we did. We raised it even for non-SSPI builds but it should not do any harm. http://curl.haxx.se/bug/view.cgi?id=1356715 | |||
2005-11-08 | Dmitry Bartsevich discovered some issues in compatibilty of SSPI-enabled | Daniel Stenberg | |
version of libcurl with different Windows versions. Current version of libcurl imports SSPI functions from secur32.dll. However, under Windows NT 4.0 these functions are located in security.dll, under Windows 9x - in secur32.dll and Windows 2000 and XP contains both these DLLs (security.dll just forwards calls to secur32.dll). Dmitry's patch loads proper library dynamically depending on Windows version. Function InitSecurityInterface() is used to obtain pointers to all of SSPI function in one structure. : ---------------------------------------------------------------------- | |||
2005-10-13 | Make sure that the user and domain strings fit in the target buffer before we | Daniel Stenberg | |
copy them there. | |||
2005-10-02 | Avoid gcc warning "dereferencing type-punned pointer | Gisle Vanem | |
will break strict-aliasing rules". | |||
2005-09-20 | Uses __stdcall instead of SEC_ENTRY since it seems (at least) mingw doesn't | Daniel Stenberg | |
define SEC_ENTRY and thus fails unless this is done! | |||
2005-09-19 | Dmitry Bartsevich made the SSPI support work on Windows 9x as well | Daniel Stenberg | |
2005-04-07 | GnuTLS support added. There's now a "generic" SSL layer that we use all over | Daniel Stenberg | |
internally, with code provided by sslgen.c. All SSL-layer-specific code is then written in ssluse.c (for OpenSSL) and gtls.c (for GnuTLS). As far as possible, internals should not need to know what SSL layer that is in use. Building with GnuTLS currently makes two test cases fail. TODO.gnutls contains a few known outstanding issues for the GnuTLS support. GnuTLS support is enabled with configure --with-gnutls | |||
2005-03-14 | hushing up more warnings | Daniel Stenberg | |
2005-03-14 | Avoid "unused variable" warnings. | Gisle Vanem | |
2005-03-11 | Fixed some compiler warnings. | Dan Fandrich | |
2005-03-10 | Christopher R. Palmer made it possible to build libcurl with the | Daniel Stenberg | |
USE_WINDOWS_SSPI on Windows, and then libcurl will be built to use the native way to do NTLM. SSPI also allows libcurl to pass on the current user and its password in the request. | |||
2005-02-22 | Curl_base64_decode() now returns an allocated buffer | Daniel Stenberg | |
2005-02-22 | Thanks for the notification iDEFENCE. We are the "initial vendor" and we sure | Daniel Stenberg | |
got no notification, no mail, no nothing. You didn't even bother to mail us when you went public with this. Cool. NTLM buffer overflow fix, as reported here: http://www.securityfocus.com/archive/1/391042 | |||
2004-12-07 | Rene Bernhardt found and fixed a buffer overrun in the NTLM code, where | Daniel Stenberg | |
libcurl always and unconditionally overwrote a stack-based array with 3 zero bytes. I edited the fix to make it less likely to occur again (and added a comment explaining the reason to the buffer size). | |||
2004-07-04 | explicit typecasts to prevent warnings | Daniel Stenberg | |
2004-06-21 | typecasts to prevent compiler warnings | Daniel Stenberg | |
2004-05-25 | remove trailing whitespace | Daniel Stenberg | |
2004-05-11 | curl_global_init_mem() allows the memory functions to be replaced. | Daniel Stenberg | |
memory.h is included everywhere for this. | |||
2004-05-04 | General HTTP authentication cleanup and fixes | Daniel Stenberg | |
2004-03-30 | 'authdone' was added to the sessionhandle and thus was removed from the | Daniel Stenberg | |
argument to the NTLM function(s) | |||
2004-03-22 | Enabled 'NT responses' in the NTLM type-3 message. | Daniel Stenberg | |
2004-03-08 | don't compare signed/unsigned | Daniel Stenberg | |
2004-03-08 | strlen() returns size_t | Daniel Stenberg | |
2004-02-23 | adjusted to the modified base64 protos | Daniel Stenberg | |
2004-02-23 | The base64 encode function now takes a size_t for size, not an int as | Daniel Stenberg | |
previously. | |||
2004-01-07 | updated year in the copyright string | Daniel Stenberg | |
2003-10-17 | typecasts to prevent warnings | Daniel Stenberg | |
2003-10-17 | make no user or no password just mean blank fields, not aborted operation | Daniel Stenberg | |
2003-10-05 | weird typo removed | Daniel Stenberg | |
2003-09-15 | When we issue a HTTP request, first make sure if the authentication phase | Daniel Stenberg | |
is over or not, as if it isn't we shall not begin any PUT or POST operation. This cures bug report #805853, and test case 88 verifies it! | |||
2003-09-04 | no user or password set, bail out | Daniel Stenberg | |
2003-08-11 | added include "http.h" to prevent a warning | Daniel Stenberg | |
2003-08-11 | Serge Semashko added CURLOPT_PROXYAUTH support, and now NTLM for proxies | Daniel Stenberg | |
work. | |||
2003-07-22 | More support for NTLM on proxies, now proxy state and nonce is stored in | Daniel Stenberg | |
a separate struct properly. | |||
2003-07-21 | adjusted to support NTLM for proxies | Daniel Stenberg | |
2003-07-19 | Access the user and passwd fields from the connectdata struct now instead | Daniel Stenberg | |
of the sessionhandle struct, as that was not good. | |||
2003-07-15 | Moved the NTLM credentials to the connectdata struct instead, as NTLM | Daniel Stenberg | |
authenticates connections and not single requests. This should make it work better when we mix requests from multiple hosts. Problem pointed out by Cris Bailiff. | |||
2003-07-15 | Dan Winship's patch added that makes use of DOMAIN\USER or DOMAIN/USER | Daniel Stenberg | |
for the user field. I changed it slightly to stay with strchr() only instead of strpbrk() for portability reasons. | |||
2003-06-26 | Many fixes, most of them based on comments by Eric Glass | Daniel Stenberg | |
2003-06-13 | Cris Bailiff's patch that should make us do NTLM correctly. When we've | Daniel Stenberg | |
authenticated our connection, we can continue without any Authorization: headers as long as our connection is maintained. | |||
2003-06-13 | Cris Bailiff's bugfix | Daniel Stenberg | |
2003-06-13 | use more curlish strings, these should be able to change... | Daniel Stenberg | |
2003-06-12 | modified | Daniel Stenberg | |
2003-06-12 | make it build with older OpenSSL | Daniel Stenberg | |
2003-06-12 | attempt to make older OpenSSL versions work with the DES stuff | Daniel Stenberg | |
2003-06-11 | fixing details for NTLM | Daniel Stenberg | |
2003-06-11 | more how I envision it _should_ work, but it still doesn't... | Daniel Stenberg | |
2003-06-11 | correct mistakes | Daniel Stenberg | |
2003-06-11 | Initial take at NTLM authentication. It doesn't really work at this point | Daniel Stenberg | |
but the infrastructure is there. |