| Age | Commit message (Collapse) | Author |
|---|
|
When multiple rounds are needed to establish a security context
(usually ntlm), we overwrite old token with a new one without free.
Found by proposed gss tests using stub a gss implementation (by
valgrind error), though I have confirmed the leak with a real
gssapi implementation as well.
Closes https://github.com/curl/curl/pull/1733
|
|
As Windows SSPI authentication calls fail when a particular mechanism
isn't available, introduced these functions for DIGEST, NTLM, Kerberos 5
and Negotiate to allow both HTTP and SASL authentication the opportunity
to query support for a supported mechanism before selecting it.
For now each function returns TRUE to maintain compatability with the
existing code when called.
|
|
Typo introduced in commit ad5e9bfd5d.
|
|
|
|
Closes #754
|
|
Reported-by: Michael Osipov
|
|
|
|
* Prefer dereference of string pointer rather than strlen()
* Free challenge pointer in one place
* Additional comments
|
|
To be consistent with the Kerberos 5 context and other authentication
code.
|
|
Corrected typos from commit ad5e9bfd5d and 6d6f9ca1d9.
|
|
Also display the GSS_C_GSS_CODE (major code) when specified instead of
only GSS_C_MECH_CODE (minor code).
In addition, the old code was printing a colon twice after the prefix
and also miscalculated the length of the buffer in between calls to
gss_display_status (the length of ": " was missing).
Also, gss_buffer is not guaranteed to be NULL terminated and thus need
to restrict reading by its length.
Closes #738
|
|
Part 2 of 2 - Moved the GSS-API based Negotiate authentication code.
|
