aboutsummaryrefslogtreecommitdiff
path: root/lib/http_ntlm.c
AgeCommit message (Collapse)Author
2005-02-22Thanks for the notification iDEFENCE. We are the "initial vendor" and we sureDaniel Stenberg
got no notification, no mail, no nothing. You didn't even bother to mail us when you went public with this. Cool. NTLM buffer overflow fix, as reported here: http://www.securityfocus.com/archive/1/391042
2004-12-07Rene Bernhardt found and fixed a buffer overrun in the NTLM code, whereDaniel Stenberg
libcurl always and unconditionally overwrote a stack-based array with 3 zero bytes. I edited the fix to make it less likely to occur again (and added a comment explaining the reason to the buffer size).
2004-07-04explicit typecasts to prevent warningsDaniel Stenberg
2004-06-21typecasts to prevent compiler warningsDaniel Stenberg
2004-05-25remove trailing whitespaceDaniel Stenberg
2004-05-11curl_global_init_mem() allows the memory functions to be replaced.Daniel Stenberg
memory.h is included everywhere for this.
2004-05-04General HTTP authentication cleanup and fixesDaniel Stenberg
2004-03-30'authdone' was added to the sessionhandle and thus was removed from theDaniel Stenberg
argument to the NTLM function(s)
2004-03-22Enabled 'NT responses' in the NTLM type-3 message.Daniel Stenberg
2004-03-08don't compare signed/unsignedDaniel Stenberg
2004-03-08strlen() returns size_tDaniel Stenberg
2004-02-23adjusted to the modified base64 protosDaniel Stenberg
2004-02-23The base64 encode function now takes a size_t for size, not an int asDaniel Stenberg
previously.
2004-01-07updated year in the copyright stringDaniel Stenberg
2003-10-17typecasts to prevent warningsDaniel Stenberg
2003-10-17make no user or no password just mean blank fields, not aborted operationDaniel Stenberg
2003-10-05weird typo removedDaniel Stenberg
2003-09-15When we issue a HTTP request, first make sure if the authentication phaseDaniel Stenberg
is over or not, as if it isn't we shall not begin any PUT or POST operation. This cures bug report #805853, and test case 88 verifies it!
2003-09-04no user or password set, bail outDaniel Stenberg
2003-08-11added include "http.h" to prevent a warningDaniel Stenberg
2003-08-11Serge Semashko added CURLOPT_PROXYAUTH support, and now NTLM for proxiesDaniel Stenberg
work.
2003-07-22More support for NTLM on proxies, now proxy state and nonce is stored inDaniel Stenberg
a separate struct properly.
2003-07-21adjusted to support NTLM for proxiesDaniel Stenberg
2003-07-19Access the user and passwd fields from the connectdata struct now insteadDaniel Stenberg
of the sessionhandle struct, as that was not good.
2003-07-15Moved the NTLM credentials to the connectdata struct instead, as NTLMDaniel Stenberg
authenticates connections and not single requests. This should make it work better when we mix requests from multiple hosts. Problem pointed out by Cris Bailiff.
2003-07-15Dan Winship's patch added that makes use of DOMAIN\USER or DOMAIN/USERDaniel Stenberg
for the user field. I changed it slightly to stay with strchr() only instead of strpbrk() for portability reasons.
2003-06-26Many fixes, most of them based on comments by Eric GlassDaniel Stenberg
2003-06-13Cris Bailiff's patch that should make us do NTLM correctly. When we'veDaniel Stenberg
authenticated our connection, we can continue without any Authorization: headers as long as our connection is maintained.
2003-06-13Cris Bailiff's bugfixDaniel Stenberg
2003-06-13use more curlish strings, these should be able to change...Daniel Stenberg
2003-06-12modifiedDaniel Stenberg
2003-06-12make it build with older OpenSSLDaniel Stenberg
2003-06-12attempt to make older OpenSSL versions work with the DES stuffDaniel Stenberg
2003-06-11fixing details for NTLMDaniel Stenberg
2003-06-11more how I envision it _should_ work, but it still doesn't...Daniel Stenberg
2003-06-11correct mistakesDaniel Stenberg
2003-06-11Initial take at NTLM authentication. It doesn't really work at this pointDaniel Stenberg
but the infrastructure is there.