aboutsummaryrefslogtreecommitdiff
path: root/lib/vauth/digest_sspi.c
AgeCommit message (Collapse)Author
2017-02-27digest_sspi: fix compilation warningMarcel Raad
MSVC complains: warning C4701: potentially uninitialized local variable 'output_token_len' used
2017-02-21digest_sspi: Handle 'stale=TRUE' directive in HTTP digestJay Satiro
- If the server has provided another challenge use it as the replacement input token if stale=TRUE. Otherwise previous credentials have failed so return CURLE_LOGIN_DENIED. Prior to this change the stale directive was ignored and if another challenge was received it would cause error CURLE_BAD_CONTENT_ENCODING. Ref: https://tools.ietf.org/html/rfc2617#page-10 Bug: https://github.com/curl/curl/issues/928 Reported-by: tarek112@users.noreply.github.com
2017-02-20digest_sspi: Fix nonce-count generation in HTTP digestMax Khon
- on the first invocation: keep security context returned by InitializeSecurityContext() - on subsequent invocations: use MakeSignature() instead of InitializeSecurityContext() to generate HTTP digest response Bug: https://github.com/curl/curl/issues/870 Reported-by: Andreas Roth Closes https://github.com/curl/curl/pull/1251
2016-12-29digest_sspi: copy terminating NUL as wellMax Khon
Curl_auth_decode_digest_http_message(): copy terminating NUL as later Curl_override_sspi_http_realm() expects a NUL-terminated string. Fixes #1180
2016-11-24checksrc: white space edits to comply to stricter checksrcDaniel Stenberg
2016-10-31digest_sspi: fix includeMarcel Raad
Fix compile break from 811a693b80
2016-10-31strcasecompare: all case insensitive string compares ignore locale nowDaniel Stenberg
We had some confusions on when each function was used. We should not act differently on different locales anyway.
2016-08-21vauth: Added check for supported SSPI based authentication mechanismsSteve Holme
Completing commit 00417fd66c and 2708d4259b.
2016-08-18vauth: Introduced Curl_auth_is_<mechansism>_supported() functionsSteve Holme
As Windows SSPI authentication calls fail when a particular mechanism isn't available, introduced these functions for DIGEST, NTLM, Kerberos 5 and Negotiate to allow both HTTP and SASL authentication the opportunity to query support for a supported mechanism before selecting it. For now each function returns TRUE to maintain compatability with the existing code when called.
2016-07-20vauth: Fix memleak by freeing credentials if out of memoryJay Satiro
This is a follow up to the parent commit dcdd4be which fixes one leak but creates another by failing to free the credentials handle if out of memory. Also there's a second location a few lines down where we fail to do same. This commit fixes both of those issues.
2016-07-20vauth: Fixed memory leak due to function returning without freeSaurav Babu
This patch allocates memory to "output_token" only when it is required so that memory is not leaked if function returns.
2016-06-22internals: rename the SessionHandle struct to Curl_easyDaniel Stenberg
2016-04-06URLs: change http to https in many placesViktor Szakats
Closes #754
2016-04-06vauth: Corrected a number of typos in commentsSteve Holme
Reported-by: Michael Osipov
2016-04-03vauth: Removed the need for a separate GSS-API based SPN functionSteve Holme
2016-03-25vauth: Refactored function names after move to new vauth directorySteve Holme
Renamed all the SASL functions that moved to the new vauth directory to include the correct module name.
2016-03-25vauth: Updated the copyright year after recent changesSteve Holme
As most of this work was performed in 2015 but not pushed until 2016 updated the copyright year to reflect the public facing changes.
2016-03-25vauth: Moved the DIGEST authentication code to the new vauth directorySteve Holme