build: disable more code/data when built without proxy support

Added build to travis to verify

Closes #5466

copyright: fix year ranges

follow-up from dea17b519d (one of these days I'll learn to check before
I push)

http: move "oauth_bearer" from connectdata to Curl_easy

Fixes the bug where oauth_bearer gets deallocated when we re-use a
connection.

Closes #4824

sasl: Implement SASL authorisation identity via CURLOPT_SASL_AUTHZID

Added the ability for the calling program to specify the authorisation
identity (authzid), the identity to act as, in

sasl: Implement SASL authorisation identity via CURLOPT_SASL_AUTHZID

Added the ability for the calling program to specify the authorisation
identity (authzid), the identity to act as, in addition to the
authentication identity (authcid) and password when using SASL PLAIN
authentication.

Fixes #3653
Closes #3790

NOTE: This commit was cherry-picked and is part of a series of commits
that added the authzid feature for upcoming 7.66.0. The series was
temporarily reverted in db8ec1f so that it would not ship in a 7.65.x
patch release.

Closes https://github.com/curl/curl/pull/4186

show more ...

Revert all SASL authzid (new feature) commits

- Revert all commits related to the SASL authzid feature since the next
release will be a patch release, 7.65.1.

Prior to this ch

Revert all SASL authzid (new feature) commits

- Revert all commits related to the SASL authzid feature since the next
release will be a patch release, 7.65.1.

Prior to this change CURLOPT_SASL_AUTHZID / --sasl-authzid was destined
for the next release, assuming it would be a feature release 7.66.0.
However instead the next release will be a patch release, 7.65.1 and
will not contain any new features.

After the patch release after the reverted commits can be restored by
using cherry-pick:

git cherry-pick a14d72c a9499ff 8c1cc36 c2a8d52 0edf690

Details for all reverted commits:

Revert "os400: take care of CURLOPT_SASL_AUTHZID in curl_easy_setopt_ccsid()."

This reverts commit 0edf6907ae37e2020722e6f61229d8ec64095b0a.

Revert "tests: Fix the line endings for the SASL alt-auth tests"

This reverts commit c2a8d52a1356a722ff9f4aeb983cd4eaf80ef221.

Revert "examples: Added SASL PLAIN authorisation identity (authzid) examples"

This reverts commit 8c1cc369d0c7163c6dcc91fd38edfea1f509ae75.

Revert "curl: --sasl-authzid added to support CURLOPT_SASL_AUTHZID from the tool"

This reverts commit a9499ff136d89987af885e2d7dff0a066a3e5817.

Revert "sasl: Implement SASL authorisation identity via CURLOPT_SASL_AUTHZID"

This reverts commit a14d72ca2fec5d4eb5a043936e4f7ce08015c177.

show more ...

sasl: Implement SASL authorisation identity via CURLOPT_SASL_AUTHZID

Added the ability for the calling program to specify the authorisation
identity (authzid), the identity to act as, in

sasl: Implement SASL authorisation identity via CURLOPT_SASL_AUTHZID

Added the ability for the calling program to specify the authorisation
identity (authzid), the identity to act as, in addition to the
authentication identity (authcid) and password when using SASL PLAIN
authentication.

Fixed #3653
Closes #3790

show more ...

cleanup: remove FIXME and TODO comments

They serve very little purpose and mostly just add noise. Most of them
have been around for a very long time. I read them all before removing

cleanup: remove FIXME and TODO comments

They serve very little purpose and mostly just add noise. Most of them
have been around for a very long time. I read them all before removing
or rephrasing them.

Ref: #3876
Closes #3883

show more ...

sasl: only enable if there's a protocol enabled using it

auth: Rename the various authentication clean up functions

For consistency and to a avoid confusion.

Closes #3869

sasl: Don't send authcid as authzid for the PLAIN mechanism as per RFC 4616

RFC 4616 specifies the authzid is optional in the client authentication
message and that the server will deriv

sasl: Don't send authcid as authzid for the PLAIN mechanism as per RFC 4616

RFC 4616 specifies the authzid is optional in the client authentication
message and that the server will derive the authorisation identity
(authzid) from the authentication identity (authcid) when not specified
by the client.

show more ...

vauth/cleartext: Update the PLAIN login function signature to match RFC 4616

Functionally this doesn't change anything as we still use the username
for both the authorisation identity an

vauth/cleartext: Update the PLAIN login function signature to match RFC 4616

Functionally this doesn't change anything as we still use the username
for both the authorisation identity and the authentication identity.

Closes #3757

show more ...

vauth/oauth2: Fix OAUTHBEARER token generation

OAUTHBEARER tokens were incorrectly generated in a format similar to
XOAUTH2 tokens. These changes make OAUTHBEARER tokens conform to the

vauth/oauth2: Fix OAUTHBEARER token generation

OAUTHBEARER tokens were incorrectly generated in a format similar to
XOAUTH2 tokens. These changes make OAUTHBEARER tokens conform to the
RFC7628.

Fixes: #2487
Reported-by: Paolo Mossino

Closes https://github.com/curl/curl/pull/3377

show more ...

urldata: rename easy_conn to just conn

We use "conn" everywhere to be a pointer to the connection.

Introduces two functions that "attaches" and "detaches" the connection
to and

urldata: rename easy_conn to just conn

We use "conn" everywhere to be a pointer to the connection.

Introduces two functions that "attaches" and "detaches" the connection
to and from the transfer.

Going forward, we should favour using "data->conn" (since a transfer
always only has a single connection or none at all) to "conn->data"
(since a connection can have none, one or many transfers associated with
it and updating conn->data to be correct is error prone and a frequent
reason for internal issues).

Closes #3442

show more ...

cppcheck: fix warnings

- Get rid of variable that was generating false positive warning
(unitialized)

- Fix issues in tests

- Reduce scope of several variables all over

cppcheck: fix warnings

- Get rid of variable that was generating false positive warning
(unitialized)

- Fix issues in tests

- Reduce scope of several variables all over

etc

Closes #2631

show more ...

ntlm_sspi: fix authentication using Credential Manager

If you pass empty user/pass asking curl to use Windows Credential
Storage (as stated in the docs) and it has valid credentials for

ntlm_sspi: fix authentication using Credential Manager

If you pass empty user/pass asking curl to use Windows Credential
Storage (as stated in the docs) and it has valid credentials for the
domain, e.g.
curl -v -u : --ntlm example.com
currently authentication fails.
This change fixes it by providing proper SPN string to the SSPI API
calls.

Fixes https://github.com/curl/curl/issues/1622
Closes https://github.com/curl/curl/pull/1660

show more ...

sasl: prefer PLAIN mechanism over LOGIN

SASL PLAIN is a standard, LOGIN only a draft. The LOGIN draft says
PLAIN should be used instead if available.

Curl_base64_encode: always call with a real data handle.

Some calls in different modules were setting the data handle to NULL, causing
segmentation faults when using builds that enable c

Curl_base64_encode: always call with a real data handle.

Some calls in different modules were setting the data handle to NULL, causing
segmentation faults when using builds that enable character code conversions.

show more ...

curl_sasl: fix unused-variable warning

This fixes the following warning with CURL_DISABLE_CRYPTO_AUTH,
as seen in the autobuilds:

curl_sasl.c:417:9: warning: unused variable 'se

curl_sasl: fix unused-variable warning

This fixes the following warning with CURL_DISABLE_CRYPTO_AUTH,
as seen in the autobuilds:

curl_sasl.c:417:9: warning: unused variable 'serverdata'
[-Wunused-variable]

show more ...

curl_sasl: fix build error with CURL_DISABLE_CRYPTO_AUTH + USE_NTLM

Reported-by: wyattoday at github
Fixes #1487

curl_sasl: declare mechtable static

struct mechtable is only used locally here. It can be declared static.

checksrc: code style: use 'char *name' style

HTTPS-proxy: fixed mbedtls and polishing

strcasecompare: all case insensitive string compares ignore locale now

We had some confusions on when each function was used. We should not act
differently on different locales anyway.

strcasecompare: is the new name for strequal()

... to make it less likely that we forget that the function actually
does case insentive compares. Also replaced several invokes of the

strcasecompare: is the new name for strequal()

... to make it less likely that we forget that the function actually
does case insentive compares. Also replaced several invokes of the
function with a plain strcmp when case sensitivity is not an issue (like
comparing with "-").

show more ...

sasl: Don't use GSSAPI authentication when domain name not specified

Only choose the GSSAPI authentication mechanism when the user name
contains a Windows domain name or the user is a va

sasl: Don't use GSSAPI authentication when domain name not specified

Only choose the GSSAPI authentication mechanism when the user name
contains a Windows domain name or the user is a valid UPN.

Fixes #718

show more ...