Commit Graph

46 Commits

Author SHA1 Message Date
Daniel Stenberg
6e376532b0 - Internet Explorer had a broken HTTP digest authentication before v7 and
there are servers "out there" that relies on the client doing this broken
  Digest authentication. Apache even comes with an option to work with such
  broken clients.

  The difference is only for URLs that contain a query-part (a '?'-letter and
  text to the right of it).

  libcurl now supports this quirk, and you enable it by setting the
  CURLAUTH_DIGEST_IE bit in the bitmask you pass to the CURLOPT_HTTPAUTH or
  CURLOPT_PROXYAUTH options. They are thus individually controlled to server
  and proxy.
2008-12-10 23:13:31 +00:00
Daniel Stenberg
baeebb2b57 narrow the comment to < 80 columns 2008-11-26 12:35:24 +00:00
Daniel Stenberg
b701ea36a7 moved the Curl_raw_ functions into the new lib/rawstr.c file for easier curlx_
inclusion by the curl tool without colliding with the curl_strequal functions.
2008-10-23 11:49:19 +00:00
Daniel Stenberg
9d16b4081e Renamed Curl_ascii_equal to Curl_raw_equal and bugfixed the my_toupper function
used in strequal.c so now all test cases run fine for me again.
2008-10-16 08:23:48 +00:00
Daniel Stenberg
a579d67064 - Pascal Terjan filed bug #2154627
(http://curl.haxx.se/bug/view.cgi?id=2154627) which pointed out that libcurl
  uses strcasecmp() in multiple places where it causes failures when the
  Turkish locale is used. This is because 'i' and 'I' isn't the same letter so
  strcasecmp() on those letters are different in Turkish than in English (or
  just about all other languages). I thus introduced a totally new internal
  function in libcurl (called Curl_ascii_equal) for doing case insentive
  comparisons for english-(ascii?) style strings that thus will make "file"
  and "FILE" match even if the Turkish locale is selected.
2008-10-15 21:43:48 +00:00
Daniel Stenberg
1b9d311b5c - Fixed the HTTP Digest auth code to not behave badly when getting a blank realm
with realm="". http://curl.haxx.se/bug/view.cgi?id=2126435
2008-09-25 14:09:22 +00:00
Yang Tse
59e378f48f remove unnecessary typecasting of malloc() 2008-09-06 05:29:05 +00:00
Yang Tse
861b647e7b remove unnecessary typecasting of realloc() 2008-09-06 04:28:43 +00:00
Yang Tse
3dcd2b82c4 fix print formatting string directives 2008-09-04 18:59:05 +00:00
Dan Fandrich
934708d950 Made some variables const which eliminated some casts 2008-09-02 17:41:20 +00:00
Yang Tse
ac18b471d2 libcurl internal base64.h header file renamed to curl_base64.h 2008-08-17 00:25:38 +00:00
Yang Tse
bbe2386bff libcurl internal md5.h header file renamed to curl_md5.h 2008-08-17 00:01:26 +00:00
Daniel Stenberg
0ce484eed9 Nikitinskit Dmitriy filed bug report #1868255
(http://curl.haxx.se/bug/view.cgi?id=1868255) with a patch. It identifies
and fixes a problem with parsing WWW-Authenticate: headers with additional
spaces in the line that the parser wasn't written to deal with.
2008-01-10 09:17:07 +00:00
Daniel Stenberg
45a2240ead A bug report on the curl-library list showed a HTTP Digest session going on
with a 700+ letter nonce. Previously libcurl only support 127 letter ones
and now I bumped it to 1023.
2007-11-29 22:14:48 +00:00
Daniel Stenberg
cbd1a77ec2 if () => if()
while () => while()
and some other minor re-indentings
2007-11-07 09:21:35 +00:00
Dan Fandrich
8cf0814a14 Fixed some minor type mismatches and missing consts mainly found by splint. 2007-08-27 06:31:28 +00:00
Daniel Stenberg
9af807a5ce HTTP Digest auth fix on a re-used connection 2007-07-22 10:17:52 +00:00
Daniel Stenberg
7444342675 Jose Kahan pointed out a Digest server that provided the algorith last in the
header line without quotes and with a CRLF immediately following...
2007-02-26 22:03:01 +00:00
Daniel Stenberg
0fb5a65a58 - David McCreedy provided libcurl changes for doing HTTP communication on
non-ASCII platforms. It does add some complexity, most notably with more
  #ifdefs, but I want to see this supported added and I can't see how we can
  add it without the extra stuff added.
2007-01-14 14:57:51 +00:00
Daniel Stenberg
359d500908 - David McCreedy made changes to allow base64 encoding/decoding to work on
non-ASCII platforms.
2007-01-03 23:04:38 +00:00
Daniel Stenberg
44d84ac164 Avoid typecasting a signed char to an int when using is*() functions, as that
could very well cause a negate number get passed in and thus cause reading
outside of the array usually used for this purpose.

We avoid this by using the uppercase macro versions introduced just now that
does some extra crazy typecasts to avoid byte codes > 127 to cause negative
int values.
2006-10-17 21:32:56 +00:00
Daniel Stenberg
752acedc0b Olaf Stben fixed a bug that caused Digest authentication with md5-sess to
fail. When using the md5-sess, the result was not Md5 encoded and Base64
transformed.
2006-05-25 23:04:20 +00:00
Daniel Stenberg
94043b1150 Dan Fandrich added the --disable-crypto-auth option to configure to allow
libcurl to build without Digest support. (I figure it should also explicitly
disable Negotiate and NTLM.)
2004-11-12 09:18:14 +00:00
Daniel Stenberg
39af394a1c removed tabs and trailing whitespace from source 2004-10-06 07:50:18 +00:00
Daniel Stenberg
81c48aa43d Joel Chen reported that we assumed content within quotes a bit too much in
the digest code. This fixes it.
2004-07-31 07:36:01 +00:00
Daniel Stenberg
feb2dd2835 Replaced all uses of sprintf() with the safer snprintf(). It is just a
precaution to prevent mistakes to lead to buffer overflows.
2004-06-24 11:54:11 +00:00
Daniel Stenberg
70f08b5baa Vincent Bronner made the code use the correct user name + password when
doing proxy authentication.
2004-06-03 10:42:20 +00:00
Daniel Stenberg
78aba6e4cd return CURLDIGEST_NOMEM when a memory function fails to deliver 2004-05-13 14:14:03 +00:00
Daniel Stenberg
fd775454ca Check that memory functions return non-NULL or return error. 2004-05-12 13:24:40 +00:00
Daniel Stenberg
bbafb2eb27 curl_global_init_mem() allows the memory functions to be replaced.
memory.h is included everywhere for this.
2004-05-11 11:30:23 +00:00
Daniel Stenberg
fff01f24bf Luca fixed the nc= in the digest line since it apparantly should not have
quotes...
2004-05-10 08:09:15 +00:00
Daniel Stenberg
1354671c90 use %ld to printf now.tv_sec 2004-05-06 07:21:19 +00:00
Daniel Stenberg
fc6eff13b5 General HTTP authentication cleanup and fixes 2004-05-04 07:52:53 +00:00
Daniel Stenberg
1756499b11 oops, a bad strtok() was fixed by Luca 2004-04-30 05:53:42 +00:00
Daniel Stenberg
b34c40dcf5 Luca Altea's major HTTP Digest update 2004-04-29 08:18:32 +00:00
Daniel Stenberg
cd95bb22ea added include to fix warning 2004-03-31 11:55:56 +00:00
Daniel Stenberg
1745ecd8ac * Fixed a memory leak when doing repeated re-negotiations.
* Made the incoming line parser more forgiving to allow "name=contents" pairs
where the contents isn't within double quotes.
* Made the digest code return CURLDIGEST_BADALGO if a requested algorithm
isn't supported by the code.
2004-03-31 11:55:07 +00:00
Daniel Stenberg
2c11425868 first attempt to support stale=true 2004-03-30 13:00:32 +00:00
Daniel Stenberg
385086b460 size_t/int fix 2004-03-08 12:37:11 +00:00
Daniel Stenberg
053f6c85ef updated year in the copyright string 2004-01-07 09:19:33 +00:00
Daniel Stenberg
f7db3023a8 wrap at 80 cols 2003-09-02 07:48:58 +00:00
Daniel Stenberg
52b631fade Access the user and passwd fields from the connectdata struct now instead
of the sessionhandle struct, as that was not good.
2003-07-19 23:56:33 +00:00
Daniel Stenberg
308bc9d919 use CURLDEBUG instead of MALLOCDEBUG for preprocessor conditions 2003-06-26 11:22:12 +00:00
Daniel Stenberg
a39d77227f Better Digest stuff 2003-05-22 22:39:38 +00:00
Daniel Stenberg
87f8c0d471 hush the compiler 2003-05-22 16:12:30 +00:00
Daniel Stenberg
334d78cd18 Initial Digest support. At least partly working. 2003-05-22 16:09:54 +00:00