Commit Graph

25 Commits

Author SHA1 Message Date
Steve Holme
c2c6805797 sspi: Renamed expiry time stamp variables
Code cleanup to try and synchronise code between the different SSPI
based authentication mechanisms.
2014-10-26 14:34:06 +00:00
Steve Holme
9c613ade7a sspi: Only call CompleteAuthToken() when complete is needed
Don't call CompleteAuthToken() after InitializeSecurityContext() has
returned SEC_I_CONTINUE_NEEDED as this return code only indicates the
function should be called again after receiving a response back from
the server.

This only affected the Digest and NTLM authentication code.
2014-10-26 14:33:19 +00:00
Steve Holme
d4ea51734e sasl_sspi: Fixed some typos 2014-10-15 21:58:30 +01:00
Steve Holme
2ae142e663 sasl_sspi: Fixed Kerberos response buffer not being allocated when using SSO 2014-10-15 21:24:10 +01:00
Marcel Raad
bd3df5ec6d sasl_sspi: Fixed Unicode build
Bug: http://curl.haxx.se/bug/view.cgi?id=1422
Verified-by: Steve Holme
2014-09-13 10:06:44 +01:00
Steve Holme
23d52ca4a7 sasl_sspi: Fixed a memory leak with the GSSAPI base-64 decoded challenge 2014-08-17 23:08:55 +01:00
Steve Holme
437b9ba46f sasl_sspi: Renamed GSSAPI mutual authentication parameter
...From "mutual" to "mutual_auth" which better describes what it is.
2014-08-17 23:08:53 +01:00
Steve Holme
f6e15d25a3 sasl_sspi: Corrected some of the GSSAPI security message error codes
Corrected a number of the error codes that can be returned from the
Curl_sasl_create_gssapi_security_message() function when things go
wrong.

It makes more sense to return CURLE_BAD_CONTENT_ENCODING when the
inbound security challenge can't be decoded correctly or doesn't
contain the KERB_WRAP_NO_ENCRYPT flag and CURLE_OUT_OF_MEMORY when
EncryptMessage() fails. Unfortunately the previous error code of
CURLE_RECV_ERROR was a copy and paste mistakes on my part and should
have been correct in commit 4b491c675f :(
2014-08-17 22:38:25 +01:00
Steve Holme
14b3a2e4c3 sasl_sspi: Tell the server we don't support a GSSAPI receive buffer 2014-08-16 09:18:38 +01:00
Steve Holme
629f52843f curl_sasl_sspi.c: Fixed more compilation warnings from commit 4b491c675f
warning: unused variable 'resp'

warning: no previous prototype for 'Curl_sasl_gssapi_cleanup'
2014-08-14 16:03:16 +01:00
Steve Holme
c126bac153 SHA-1: 61c93383b7f6cf79d12ff99e9dced1d1cc2a7064
* curl_sasl_sspi.c: Fixed compilation warning from commit 4b491c675f

warning: declaration of 'result' shadows a previous local
2014-08-14 15:56:13 +01:00
Steve Holme
4b491c675f sasl_sspi: Added GSSAPI message functions 2014-08-14 10:37:01 +01:00
Steve Holme
cd6ecf6a89 sasl_sspi: Fixed hard coded buffer for response generation
Given the SSPI package info query indicates a token size of 4096 bytes,
updated to use a dynamic buffer for the response message generation
rather than a fixed buffer of 1024 bytes.
2014-08-10 11:11:20 +01:00
Steve Holme
d804ff0d6b sasl_sspi: Fixed missing free of challenge buffer on SPN failure 2014-08-10 10:35:57 +01:00
Steve Holme
f187372f0a sasl_sspi: Fixed SPN not being converted to wchar under Unicode builds
Curl_sasl_create_digest_md5_message() would simply cast the SPN variable
to a TCHAR when calling InitializeSecurityContext(). This meant that,
under Unicode builds, it would not be valid wide character string.

Updated to use the recently introduced Curl_sasl_build_spn() function
which performs the correct conversion for us.
2014-08-09 17:05:42 +01:00
Steve Holme
1b69122810 sasl: Introduced Curl_sasl_build_spn() for building a SPN
Various parts of the libcurl source code build a SPN for inclusion in
authentication data. This information is either used by our own native
generation routines or passed to authentication functions in third-party
libraries such as SSPI. However, some of these instances use fixed
buffers rather than dynamically allocated ones and not all of those that
should, convert to wide character strings in Unicode builds.

Implemented a common function that generates a SPN and performs the
wide character conversion where necessary.
2014-08-09 16:40:24 +01:00
Steve Holme
e9b4a96975 sasl_sspi: Fixed memory leak with not releasing Package Info struct
Curl_sasl_create_digest_md5_message() wouldn't free the Package Info
structure after QuerySecurityPackageInfo() had allocated it.
2014-08-09 12:34:22 +01:00
Steve Holme
aa6be2ef13 curl_sasl_sspi: Fixed corrupt hostname in DIGEST-MD5 SPN generation 2014-06-01 10:35:52 +01:00
Steve Holme
537b571c90 sasl: Fixed compilation warning
warning: no previous prototype for 'Curl_sasl_create_digest_md5_message'
2014-04-06 16:32:28 +01:00
Steve Holme
fe15ea67cc sasl: Added curl_memory.h include as per test 1132 2014-04-06 16:09:19 +01:00
Steve Holme
f700eb7d9a sasl: Corrected missing free of decoded challenge message from 607883f13c 2014-04-06 14:18:31 +01:00
Steve Holme
ee40136f6c sasl: Post DIGEST-MD5 SSPI code tidy up
* Added comments to SSPI NTLM message generation
* Added comments to native DIGEST-MD5 code
* Removed redundant identity pointer
2014-04-06 13:30:52 +01:00
Steve Holme
19a514237d sasl: Corrected pre-processor inclusion of SSPI based DIGEST-MD5 code
When CURL_DISABLE_CRYPTO_AUTH is defined the DIGEST-MD5 code should not
be included, regardless of whether USE__WINDOWS_SSPI is defined or not.
This is indicated by the definition of USE_HTTP_NEGOTIATE and USE_NTLM
in curl_setup.h.
2014-04-06 13:01:14 +01:00
Steve Holme
607883f13c sasl: Added support for DIGEST-MD5 via Windows SSPI 2014-04-06 12:49:32 +01:00
Steve Holme
ff853960bd sasl: Renamed SSPI module following short name clash 2014-04-06 00:35:01 +01:00