Граф коммитов

20 Коммитов

Автор SHA1 Сообщение Дата
Sergey Markelov e919848ead build: fix compiler warnings when CURL_DISABLE_VERBOSE_STRINGS
fix compiler warnings about unused variables and parameters when
built with --disable-verbose.

Closes https://github.com/curl/curl/pull/7377
2021-07-16 13:55:52 -04:00
Daniel Stenberg e7416cfd2b
infof: remove newline from format strings, always append it
- the data needs to be "line-based" anyway since it's also passed to the
  debug callback/application

- it makes infof() work like failf() and consistency is good

- there's an assert that triggers on newlines in the format string

- Also removes a few instances of "..."

- Removes the code that would append "..." to the end of the data *iff*
  it was truncated in infof()

Closes #7357
2021-07-07 22:54:01 +02:00
Patrick Monnerat 19ea52da4d
vauth: factor base64 conversions out of authentication procedures
Input challenges and returned messages are now in binary.
Conversions from/to base64 are performed by callers (currently curl_sasl.c
and http_ntlm.c).

Closes #6654
2021-04-22 09:06:07 +02:00
Daniel Stenberg aba01da639
failf: remove newline from formatting strings
... as failf adds one itself.

Also: add an assert() to failf() that triggers on a newline in the
format string!

Closes #6365
2020-12-25 23:42:16 +01:00
Daniel Stenberg 4d2f800677
curl.se: new home
Closes #6172
2020-11-04 23:59:47 +01:00
Daniel Stenberg 2a81439553
ntlm_sspi: fix bad use of CURLE_NOT_BUILT_IN
That return code is reserved for build-time conditional code not being
present while this was a regular run-time error from a Windows API.

Reported-by: wangp on github
Fixes #5349
Closes #5350
2020-05-07 12:58:57 +02:00
migueljcrum 67b30b3418
sspi: fix memory leaks
Closes #4299
2019-09-10 08:06:05 +02:00
Jay Satiro dca6f73613 vauth: Use CURLE_AUTH_ERROR for auth function errors
- Add new error code CURLE_AUTH_ERROR.

Prior to this change auth function errors were signaled by
CURLE_OUT_OF_MEMORY and CURLE_RECV_ERROR, and neither one was
technically correct.

Ref: https://github.com/curl/curl/pull/3848

Co-authored-by: Dominik Hölzl

Closes https://github.com/curl/curl/pull/3864
2019-08-14 03:14:01 -04:00
Steve Holme 52dfab65d6
auth: Rename the various authentication clean up functions
For consistency and to a avoid confusion.

Closes #3869
2019-05-12 18:37:00 +01:00
georgeok 0966233744 ntlm_sspi: add support for channel binding
Windows extended potection (aka ssl channel binding) is required
to login to ntlm IIS endpoint, otherwise the server returns 401
responses.

Fixes #3280
Closes #3321
2019-01-19 13:00:53 +01:00
Daniel Gustafsson e182fc1613 comment: Fix multiple typos in function parameters
Ensure that the parameters in the comment match the actual names in the
prototype.

Closes #3079
Reviewed-by: Daniel Stenberg <daniel@haxx.se>
2018-10-03 10:27:27 +02:00
toughengineer bc4b8c9717
ntlm_sspi: fix authentication using Credential Manager
If you pass empty user/pass asking curl to use Windows Credential
Storage (as stated in the docs) and it has valid credentials for the
domain, e.g.
curl -v -u : --ntlm example.com
currently authentication fails.
This change fixes it by providing proper SPN string to the SSPI API
calls.

Fixes https://github.com/curl/curl/issues/1622
Closes https://github.com/curl/curl/pull/1660
2018-04-16 20:43:21 +02:00
Daniel Gustafsson 94400f32e9 all: Refactor malloc+memset to use calloc
When a zeroed out allocation is required, use calloc() rather than
malloc() followed by an explicit memset(). The result will be the
same, but using calloc() everywhere increases consistency in the
codebase and avoids the risk of subtle bugs when code is injected
between malloc and memset by accident.

Closes https://github.com/curl/curl/pull/2497
2018-04-15 03:00:37 -04:00
Jay Satiro 953b5c4e26 ntlm: move NTLM_NEEDS_NSS_INIT define into core NTLM header
.. and include the core NTLM header in all NTLM-related source files.

Follow up to 6f86022. Since then http_ntlm checks NTLM_NEEDS_NSS_INIT
but did not include vtls.h where it was defined.

Closes https://github.com/curl/curl/pull/1911
2017-09-23 13:58:14 -04:00
Patrick Monnerat 6869d65f54 Curl_base64_encode: always call with a real data handle.
Some calls in different modules were setting the data handle to NULL, causing
segmentation faults when using builds that enable character code conversions.
2017-09-02 12:49:59 +01:00
Steve Holme 43dbd76616 vauth: Added check for supported SSPI based authentication mechanisms
Completing commit 00417fd66c and 2708d4259b.
2016-08-21 10:27:09 +01:00
Steve Holme a0f212946b vauth: Introduced Curl_auth_is_<mechansism>_supported() functions
As Windows SSPI authentication calls fail when a particular mechanism
isn't available, introduced these functions for DIGEST, NTLM, Kerberos 5
and Negotiate to allow both HTTP and SASL authentication the opportunity
to query support for a supported mechanism before selecting it.

For now each function returns TRUE to maintain compatability with the
existing code when called.
2016-08-18 20:31:20 +01:00
Daniel Stenberg 434f8d0389 internals: rename the SessionHandle struct to Curl_easy 2016-06-22 10:28:41 +02:00
Steve Holme 58a7bc96ec vauth: Refactored function names after move to new vauth directory
Renamed all the SASL functions that moved to the new vauth directory to
include the correct module name.
2016-03-25 17:40:12 +00:00
Steve Holme 6012fa5aee vauth: Moved the NTLM authentication code to the new vauth directory 2016-03-25 15:11:09 +00:00