Daniel Stenberg
d1d35ba85f
Christopher R. Palmer made it possible to build libcurl with the
...
USE_WINDOWS_SSPI on Windows, and then libcurl will be built to use the native
way to do NTLM. SSPI also allows libcurl to pass on the current user and its
password in the request.
2005-03-10 23:15:29 +00:00
Daniel Stenberg
527f70e540
Curl_base64_decode() now returns an allocated buffer
2005-02-22 12:10:30 +00:00
Daniel Stenberg
19f66c7575
Thanks for the notification iDEFENCE. We are the "initial vendor" and we sure
...
got no notification, no mail, no nothing.
You didn't even bother to mail us when you went public with this. Cool.
NTLM buffer overflow fix, as reported here:
http://www.securityfocus.com/archive/1/391042
2005-02-22 07:44:14 +00:00
Daniel Stenberg
80a324386b
Rene Bernhardt found and fixed a buffer overrun in the NTLM code, where
...
libcurl always and unconditionally overwrote a stack-based array with 3 zero
bytes. I edited the fix to make it less likely to occur again (and added
a comment explaining the reason to the buffer size).
2004-12-07 23:09:41 +00:00
Daniel Stenberg
dfda9cc007
explicit typecasts to prevent warnings
2004-07-04 21:54:49 +00:00
Daniel Stenberg
29c546b426
typecasts to prevent compiler warnings
2004-06-21 08:37:53 +00:00
Daniel Stenberg
6531a6116d
remove trailing whitespace
2004-05-25 11:13:49 +00:00
Daniel Stenberg
bbafb2eb27
curl_global_init_mem() allows the memory functions to be replaced.
...
memory.h is included everywhere for this.
2004-05-11 11:30:23 +00:00
Daniel Stenberg
fc6eff13b5
General HTTP authentication cleanup and fixes
2004-05-04 07:52:53 +00:00
Daniel Stenberg
5e75c310ba
'authdone' was added to the sessionhandle and thus was removed from the
...
argument to the NTLM function(s)
2004-03-30 06:39:24 +00:00
Daniel Stenberg
dd1ba7633e
Enabled 'NT responses' in the NTLM type-3 message.
2004-03-22 13:50:30 +00:00
Daniel Stenberg
702021e099
don't compare signed/unsigned
2004-03-08 16:20:51 +00:00
Daniel Stenberg
72a4715dff
strlen() returns size_t
2004-03-08 12:36:54 +00:00
Daniel Stenberg
f493081004
adjusted to the modified base64 protos
2004-02-23 08:24:53 +00:00
Daniel Stenberg
1aba4c519b
The base64 encode function now takes a size_t for size, not an int as
...
previously.
2004-02-23 08:07:55 +00:00
Daniel Stenberg
053f6c85ef
updated year in the copyright string
2004-01-07 09:19:33 +00:00
Daniel Stenberg
94568f884d
typecasts to prevent warnings
2003-10-17 12:44:54 +00:00
Daniel Stenberg
d42c6b7e78
make no user or no password just mean blank fields, not aborted operation
2003-10-17 09:29:06 +00:00
Daniel Stenberg
5564e9a321
weird typo removed
2003-10-05 15:03:37 +00:00
Daniel Stenberg
58b1437cae
When we issue a HTTP request, first make sure if the authentication phase
...
is over or not, as if it isn't we shall not begin any PUT or POST operation.
This cures bug report #805853 , and test case 88 verifies it!
2003-09-15 21:11:22 +00:00
Daniel Stenberg
df760a0a4b
no user or password set, bail out
2003-09-04 13:31:49 +00:00
Daniel Stenberg
c7be232fee
added include "http.h" to prevent a warning
2003-08-11 14:55:30 +00:00
Daniel Stenberg
7a19923afa
Serge Semashko added CURLOPT_PROXYAUTH support, and now NTLM for proxies
...
work.
2003-08-11 11:47:45 +00:00
Daniel Stenberg
416c92cc6f
More support for NTLM on proxies, now proxy state and nonce is stored in
...
a separate struct properly.
2003-07-22 09:59:36 +00:00
Daniel Stenberg
1a192c489b
adjusted to support NTLM for proxies
2003-07-21 13:16:01 +00:00
Daniel Stenberg
52b631fade
Access the user and passwd fields from the connectdata struct now instead
...
of the sessionhandle struct, as that was not good.
2003-07-19 23:56:33 +00:00
Daniel Stenberg
06c86d1a8c
Moved the NTLM credentials to the connectdata struct instead, as NTLM
...
authenticates connections and not single requests. This should make it work
better when we mix requests from multiple hosts. Problem pointed out by
Cris Bailiff.
2003-07-15 23:36:50 +00:00
Daniel Stenberg
b036986b3e
Dan Winship's patch added that makes use of DOMAIN\USER or DOMAIN/USER
...
for the user field. I changed it slightly to stay with strchr() only instead
of strpbrk() for portability reasons.
2003-07-15 22:58:36 +00:00
Daniel Stenberg
3b2b2496d7
Many fixes, most of them based on comments by Eric Glass
2003-06-26 11:26:26 +00:00
Daniel Stenberg
8288862b7e
Cris Bailiff's patch that should make us do NTLM correctly. When we've
...
authenticated our connection, we can continue without any Authorization:
headers as long as our connection is maintained.
2003-06-13 10:15:55 +00:00
Daniel Stenberg
27018882ec
Cris Bailiff's bugfix
2003-06-13 07:56:38 +00:00
Daniel Stenberg
caf6e9c540
use more curlish strings, these should be able to change...
2003-06-13 07:14:46 +00:00
Daniel Stenberg
d13202f43b
modified
2003-06-12 23:03:08 +00:00
Daniel Stenberg
5f62a0c1ca
make it build with older OpenSSL
2003-06-12 13:55:40 +00:00
Daniel Stenberg
ad1bf0f389
attempt to make older OpenSSL versions work with the DES stuff
2003-06-12 13:18:10 +00:00
Daniel Stenberg
80d6d5c5c4
fixing details for NTLM
2003-06-11 16:14:45 +00:00
Daniel Stenberg
c624be8388
more how I envision it _should_ work, but it still doesn't...
2003-06-11 15:33:09 +00:00
Daniel Stenberg
a2eef05198
correct mistakes
2003-06-11 14:05:13 +00:00
Daniel Stenberg
73c5f24fa4
Initial take at NTLM authentication. It doesn't really work at this point
...
but the infrastructure is there.
2003-06-11 13:38:55 +00:00