lib: make SSPI global symbols use Curl_ prefix

Do not pollute the namespace.

Closes #14776

code: language cleanup in comments

Based on the standards and guidelines we use for our documentation.

- expand contractions (they're => they are etc)
- host name = > hostname

code: language cleanup in comments

Based on the standards and guidelines we use for our documentation.

- expand contractions (they're => they are etc)
- host name = > hostname
- file name => filename
- user name = username
- man page => manpage
- run-time => runtime
- set-up => setup
- back-end => backend
- a HTTP => an HTTP
- Two spaces after a period => one space after period

Closes #14073

show more ...

lib/v*: tidy up types and casts

Also add a couple of negative checks.

Cherry-picked from #13489
Closes #13622

copyright: update all copyright lines and remove year ranges

- they are mostly pointless in all major jurisdictions
- many big corporations and projects already don't use them
- save

copyright: update all copyright lines and remove year ranges

- they are mostly pointless in all major jurisdictions
- many big corporations and projects already don't use them
- saves us from pointless churn
- git keeps history for us
- the year range is kept in COPYING

checksrc is updated to allow non-year using copyright statements

Closes #10205

show more ...

copyright: make repository REUSE compliant

Add licensing and copyright information for all files in this repository. This
either happens in the file itself as a comment header or in the

copyright: make repository REUSE compliant

Add licensing and copyright information for all files in this repository. This
either happens in the file itself as a comment header or in the file
`.reuse/dep5`.

This commit also adds a Github workflow to check pull requests and adapts
copyright.pl to the changes.

Closes #8869

show more ...

lib: remove support for CURL_DOES_CONVERSIONS

TPF was the only user and support for that was dropped.

Closes #8378

infof: remove newline from format strings, always append it

- the data needs to be "line-based" anyway since it's also passed to the
debug callback/application

- it makes info

infof: remove newline from format strings, always append it

- the data needs to be "line-based" anyway since it's also passed to the
debug callback/application

- it makes infof() work like failf() and consistency is good

- there's an assert that triggers on newlines in the format string

- Also removes a few instances of "..."

- Removes the code that would append "..." to the end of the data *iff*
it was truncated in infof()

Closes #7357

show more ...

failf: remove newline from formatting strings

... as failf adds one itself.

Also: add an assert() to failf() that triggers on a newline in the
format string!

Closes #63

failf: remove newline from formatting strings

... as failf adds one itself.

Also: add an assert() to failf() that triggers on a newline in the
format string!

Closes #6365

show more ...

curl.se: new home

Closes #6172

copyright: updated year ranges out of sync

... and whitelisted a few more files in the the copyright.pl script.

*_sspi: fix bad uses of CURLE_NOT_BUILT_IN

Return CURLE_AUTH_ERROR instead of CURLE_NOT_BUILT_IN for other
instances of QuerySecurityPackageInfo failing, as in
commit 2a81439553286f1

*_sspi: fix bad uses of CURLE_NOT_BUILT_IN

Return CURLE_AUTH_ERROR instead of CURLE_NOT_BUILT_IN for other
instances of QuerySecurityPackageInfo failing, as in
commit 2a81439553286f12cd04a4bdcdf66d8e026d8201.

Closes #5355

show more ...

sspi: fix memory leaks

Closes #4299

vauth: return CURLE_AUTH_ERROR on gss_init_sec_context() failure

This is a follow-up to https://github.com/curl/curl/pull/3864 .

Closes #4224

spnego_sspi: add typecast to fix build warning

Reported in build "Win32 target on Debian Stretch (64-bit) -
i686-w64-mingw32 - gcc-20170516"

Closes #4245

vauth: Use CURLE_AUTH_ERROR for auth function errors

- Add new error code CURLE_AUTH_ERROR.

Prior to this change auth function errors were signaled by
CURLE_OUT_OF_MEMORY and CU

vauth: Use CURLE_AUTH_ERROR for auth function errors

- Add new error code CURLE_AUTH_ERROR.

Prior to this change auth function errors were signaled by
CURLE_OUT_OF_MEMORY and CURLE_RECV_ERROR, and neither one was
technically correct.

Ref: https://github.com/curl/curl/pull/3848

Co-authored-by: Dominik Hölzl

Closes https://github.com/curl/curl/pull/3864

show more ...

http_negotiate: Move the Negotiate state out of the negotiatedata structure

Given that this member variable is not used by the SASL based protocols
there is no need to have it here.

http_negotiate: Move the Negotiate state out of the negotiatedata structure

Given that this member variable is not used by the SASL based protocols
there is no need to have it here.

Closes #3882

show more ...

auth: Rename the various authentication clean up functions

For consistency and to a avoid confusion.

Closes #3869

Negotiate: fix for HTTP POST with Negotiate

* Adjusted unit tests 2056, 2057
* do not generally close connections with CURLAUTH_NEGOTIATE after every request
* moved negotiatedata fr

Negotiate: fix for HTTP POST with Negotiate

* Adjusted unit tests 2056, 2057
* do not generally close connections with CURLAUTH_NEGOTIATE after every request
* moved negotiatedata from UrlState to connectdata
* Added stream rewind logic for CURLAUTH_NEGOTIATE
* introduced negotiatedata::GSS_AUTHDONE and negotiatedata::GSS_AUTHSUCC
* Consider authproblem state for CURLAUTH_NEGOTIATE
* Consider reuse_forbid for CURLAUTH_NEGOTIATE
* moved and adjusted negotiate authentication state handling from
output_auth_headers into Curl_output_negotiate
* Curl_output_negotiate: ensure auth done is always set
* Curl_output_negotiate: Set auth done also if result code is
GSS_S_CONTINUE_NEEDED/SEC_I_CONTINUE_NEEDED as this result code may
also indicate the last challenge request (only works with disabled
Expect: 100-continue and CURLOPT_KEEP_SENDING_ON_ERROR -> 1)
* Consider "Persistent-Auth" header, detect if not present;
Reset/Cleanup negotiate after authentication if no persistent
authentication
* apply changes introduced with #2546 for negotiate rewind logic

Fixes #1261
Closes #1975

show more ...

strerror: make the strerror function use local buffers

Instead of using a fixed 256 byte buffer in the connectdata struct.

In my build, this reduces the size of the connectdata stru

strerror: make the strerror function use local buffers

Instead of using a fixed 256 byte buffer in the connectdata struct.

In my build, this reduces the size of the connectdata struct by 11.8%,
from 2160 to 1904 bytes with no functionality or performance loss.

This also fixes a bug in schannel's Curl_verify_certificate where it
called Curl_sspi_strerror when it should have called Curl_strerror for
string from GetLastError. the only effect would have been no text or the
wrong text being shown for the error.

Co-authored-by: Jay Satiro

Closes #3612

show more ...

spnego_sspi: add support for channel binding

Attempt to add support for Secure Channel binding when negotiate
authentication is used. The problem to solve is that by default IIS
acce

spnego_sspi: add support for channel binding

Attempt to add support for Secure Channel binding when negotiate
authentication is used. The problem to solve is that by default IIS
accepts channel binding and curl doesn't utilise them. The result was a
401 response. Scope affects only the Schannel(winssl)-SSPI combination.

Fixes https://github.com/curl/curl/issues/3503
Closes https://github.com/curl/curl/pull/3509

show more ...

urldata: rename easy_conn to just conn

We use "conn" everywhere to be a pointer to the connection.

Introduces two functions that "attaches" and "detaches" the connection
to and

urldata: rename easy_conn to just conn

We use "conn" everywhere to be a pointer to the connection.

Introduces two functions that "attaches" and "detaches" the connection
to and from the transfer.

Going forward, we should favour using "data->conn" (since a transfer
always only has a single connection or none at all) to "conn->data"
(since a connection can have none, one or many transfers associated with
it and updating conn->data to be correct is error prone and a frequent
reason for internal issues).

Closes #3442

show more ...

comment: Fix multiple typos in function parameters

Ensure that the parameters in the comment match the actual names in the
prototype.

Closes #3079
Reviewed-by: Daniel Stenbe

comment: Fix multiple typos in function parameters

Ensure that the parameters in the comment match the actual names in the
prototype.

Closes #3079
Reviewed-by: Daniel Stenberg <daniel@haxx.se>

show more ...

vauth: Fix typo

Address various spellings of "credentials".

Closes https://github.com/curl/curl/pull/2496

all: Refactor malloc+memset to use calloc

When a zeroed out allocation is required, use calloc() rather than
malloc() followed by an explicit memset(). The result will be the
same, b

all: Refactor malloc+memset to use calloc

When a zeroed out allocation is required, use calloc() rather than
malloc() followed by an explicit memset(). The result will be the
same, but using calloc() everywhere increases consistency in the
codebase and avoids the risk of subtle bugs when code is injected
between malloc and memset by accident.

Closes https://github.com/curl/curl/pull/2497

show more ...

sspi: print out InitializeSecurityContext() error message

Reported-by: Carsten (talksinmath)

Fixes #1384
Closes #1395