diff options
| author | Yang Tse <yangsita@gmail.com> | 2011-07-31 20:44:41 +0200 |
|---|---|---|
| committer | Yang Tse <yangsita@gmail.com> | 2011-07-31 20:44:41 +0200 |
| commit | 10a0bed48536e5a3fe801a5e0d94bd84ad80c559 (patch) | |
| tree | 931c4a697c2aaf437067ca38914c57c1aa5c32f0 /lib | |
| parent | cc3e01cfae461c69c240f21a7b10fb31e1314fb7 (diff) | |
NTLM single-sign on adjustments (VIII)
Use preprocessor symbols WINBIND_NTLM_AUTH_ENABLED and WINBIND_NTLM_AUTH_FILE
for Samba's winbind daemon ntlm_auth helper code implementation and filename.
Retain preprocessor symbol USE_NTLM_SSO for NTLM single-sign-on feature
availability implementation independent.
For test harness, prefix NTLM_AUTH environment vars with CURL_
Refactor and rename configure option --with-ntlm-auth to --enable-wb-ntlm-auth[=FILE]
Diffstat (limited to 'lib')
| -rw-r--r-- | lib/http.c | 6 | ||||
| -rw-r--r-- | lib/http_ntlm.c | 34 | ||||
| -rw-r--r-- | lib/http_ntlm.h | 11 | ||||
| -rw-r--r-- | lib/setup.h | 2 | ||||
| -rw-r--r-- | lib/url.c | 2 | ||||
| -rw-r--r-- | lib/urldata.h | 5 |
6 files changed, 33 insertions, 27 deletions
diff --git a/lib/http.c b/lib/http.c index 97946f84d..97c904342 100644 --- a/lib/http.c +++ b/lib/http.c @@ -542,9 +542,13 @@ output_auth_headers(struct connectdata *conn, #ifdef USE_NTLM_SSO if(authstatus->picked == CURLAUTH_NTLM_SSO) { auth="NTLM_SSO"; +#ifdef WINBIND_NTLM_AUTH_ENABLED result = Curl_output_ntlm_sso(conn, proxy); if(result) return result; +#else + return CURLE_REMOTE_ACCESS_DENIED; +#endif } else #endif @@ -767,7 +771,7 @@ CURLcode Curl_http_input_auth(struct connectdata *conn, Curl_input_ntlm(conn, (bool)(httpcode == 407), start); if(CURLNTLM_BAD != ntlm) { data->state.authproblem = FALSE; -#ifdef USE_NTLM_SSO +#ifdef WINBIND_NTLM_AUTH_ENABLED if(authp->picked == CURLAUTH_NTLM_SSO) { *availp &= ~CURLAUTH_NTLM; authp->avail &= ~CURLAUTH_NTLM; diff --git a/lib/http_ntlm.c b/lib/http_ntlm.c index ba0a4d717..9beedfb04 100644 --- a/lib/http_ntlm.c +++ b/lib/http_ntlm.c @@ -33,14 +33,16 @@ #define DEBUG_ME 0 +#ifdef HAVE_SYS_TYPES_H +#include <sys/types.h> +#endif #ifdef HAVE_UNISTD_H #include <unistd.h> #endif - -#ifdef USE_NTLM_SSO -#include <unistd.h> -#include <sys/types.h> +#ifdef HAVE_SYS_WAIT_H #include <sys/wait.h> +#endif +#ifdef HAVE_SIGNAL_H #include <signal.h> #endif @@ -677,7 +679,7 @@ static void unicodecpy(unsigned char *dest, } #endif -#ifdef USE_NTLM_SSO +#ifdef WINBIND_NTLM_AUTH_ENABLED static void sso_ntlm_close(struct connectdata *conn) { if(conn->ntlm_auth_hlpr_socket != CURL_SOCKET_BAD) { @@ -742,17 +744,17 @@ static CURLcode sso_ntlm_initiate(struct connectdata *conn, username = username + (slash - domain) + 1; } - /* When DEBUGBUILD is defined and environment variable NTLM_AUTH is set - * (in test case 2005), use a fake_ntlm to do NTLM challenge/response, - * which only accept commands and output strings pre-written/saved in - * test case 2005 */ + /* For testing purposes, when DEBUGBUILD is defined and environment + variable CURL_NTLM_AUTH is set a fake_ntlm is used to perform + NTLM challenge/response which only accepts commands and output + strings pre-written in test case definitions */ #ifdef DEBUGBUILD - ntlm_auth_alloc = curl_getenv("NTLM_AUTH"); + ntlm_auth_alloc = curl_getenv("CURL_NTLM_AUTH"); if(ntlm_auth_alloc) ntlm_auth = ntlm_auth_alloc; else #endif - ntlm_auth = NTLM_AUTH; + ntlm_auth = WINBIND_NTLM_AUTH_FILE; if(access(ntlm_auth, X_OK) != 0) { error = ERRNO; @@ -940,9 +942,9 @@ CURLcode Curl_output_ntlm_sso(struct connectdata *conn, * http://devel.squid-cache.org/ntlm/squid_helper_protocol.html * http://www.samba.org/samba/docs/man/manpages-3/winbindd.8.html * http://www.samba.org/samba/docs/man/manpages-3/ntlm_auth.1.html - * The preprocessor variable 'USE_NTLM_AUTH' indicates whether - * this feature is enabled. Another one 'NTLM_AUTH' contains absolute - * path of it. + * Preprocessor symbol 'WINBIND_NTLM_AUTH_ENABLED' is defined when + * this feature is enabled and 'WINBIND_NTLM_AUTH_FILE' symbol holds + * absolute filename of ntlm_auth helper. * If NTLM single-sign-on fails, go back to original request * handling process. */ @@ -996,7 +998,7 @@ CURLcode Curl_output_ntlm_sso(struct connectdata *conn, return CURLE_OK; } -#endif /* USE_NTLM_SSO */ +#endif /* WINBIND_NTLM_AUTH_ENABLED */ /* this is for creating ntlm header output */ CURLcode Curl_output_ntlm(struct connectdata *conn, @@ -1644,7 +1646,7 @@ Curl_ntlm_cleanup(struct connectdata *conn) ntlm_sspi_cleanup(&conn->ntlm); ntlm_sspi_cleanup(&conn->proxyntlm); #else -#ifdef USE_NTLM_SSO +#ifdef WINBIND_NTLM_AUTH_ENABLED sso_ntlm_close(conn); #endif (void)conn; diff --git a/lib/http_ntlm.h b/lib/http_ntlm.h index faa7b0f31..5275e46ef 100644 --- a/lib/http_ntlm.h +++ b/lib/http_ntlm.h @@ -1,5 +1,5 @@ -#ifndef __HTTP_NTLM_H -#define __HTTP_NTLM_H +#ifndef HEADER_CURL_HTTP_NTLM_H +#define HEADER_CURL_HTTP_NTLM_H /*************************************************************************** * _ _ ____ _ * Project ___| | | | _ \| | @@ -38,9 +38,9 @@ CURLntlm Curl_input_ntlm(struct connectdata *conn, bool proxy, /* this is for creating ntlm header output */ CURLcode Curl_output_ntlm(struct connectdata *conn, bool proxy); -#ifdef USE_NTLM_SSO +#ifdef WINBIND_NTLM_AUTH_ENABLED /* this is for creating ntlm header output by delegating challenge/response - * to a Samba's daemon helper ntlm_auth */ + to Samba's winbind daemon helper ntlm_auth */ CURLcode Curl_output_ntlm_sso(struct connectdata *conn, bool proxy); #endif @@ -152,4 +152,5 @@ void Curl_ntlm_cleanup(struct connectdata *conn); #define NTLMFLAG_NEGOTIATE_56 (1<<31) /* Indicates that 56-bit encryption is supported. */ -#endif + +#endif /* HEADER_CURL_HTTP_NTLM_H */ diff --git a/lib/setup.h b/lib/setup.h index 2aaf564dc..eb19bafab 100644 --- a/lib/setup.h +++ b/lib/setup.h @@ -566,7 +566,7 @@ int netware_init(void); #if defined(USE_SSLEAY) || defined(USE_WINDOWS_SSPI) || \ defined(USE_GNUTLS) || defined(USE_NSS) #define USE_NTLM -#if defined(USE_NTLM_AUTH) +#if defined(WINBIND_NTLM_AUTH_ENABLED) /* Support NTLM single-sign-on by using Samba's winbind daemon helper 'ntlm_auth' */ #define USE_NTLM_SSO @@ -3515,7 +3515,7 @@ static struct connectdata *allocate_conn(struct SessionHandle *data) conn->ip_version = data->set.ipver; -#ifdef USE_NTLM_SSO +#ifdef WINBIND_NTLM_AUTH_ENABLED conn->ntlm_auth_hlpr_socket = CURL_SOCKET_BAD; conn->ntlm_auth_hlpr_pid = 0; conn->challenge_header = NULL; diff --git a/lib/urldata.h b/lib/urldata.h index f4057cbbd..6f81153de 100644 --- a/lib/urldata.h +++ b/lib/urldata.h @@ -905,9 +905,8 @@ struct connectdata { single requests! */ struct ntlmdata proxyntlm; /* NTLM data for proxy */ -#ifdef USE_NTLM_SSO - /* data used for communication with Samba's winbind daemon helper - ntlm_auth */ +#ifdef WINBIND_NTLM_AUTH_ENABLED + /* used for communication with Samba's winbind daemon helper ntlm_auth */ curl_socket_t ntlm_auth_hlpr_socket; pid_t ntlm_auth_hlpr_pid; char* challenge_header; |