aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--configure.ac34
-rw-r--r--lib/http.c6
-rw-r--r--lib/http_ntlm.c34
-rw-r--r--lib/http_ntlm.h11
-rw-r--r--lib/setup.h2
-rw-r--r--lib/url.c2
-rw-r--r--lib/urldata.h5
-rw-r--r--m4/curl-confopts.m464
-rw-r--r--tests/data/test13106
-rw-r--r--tests/server/fake_ntlm.c8
10 files changed, 107 insertions, 65 deletions
diff --git a/configure.ac b/configure.ac
index da19ad9e2..77c613e07 100644
--- a/configure.ac
+++ b/configure.ac
@@ -2687,34 +2687,6 @@ then
USE_MANUAL="no";
fi
-dnl **********************************************************
-dnl path of NTLM single-sign-on helper ntlm_auth
-dnl
-AC_ARG_WITH(ntlm-auth,
- AC_HELP_STRING([--with-ntlm-auth=PATH],
- [Where to look for ntlm_auth, path points to ntlm_auth installation (default: /usr/bin/ntlm_auth);])
- AC_HELP_STRING([--without-ntlm-auth],
- [disable ntlm single-sign-on by using ntlm_auth]),
-ntlm_auth="$withval",
- [if test "$ac_cv_native_windows" = "yes"; then ntlm_auth="no"; else ntlm_auth="/usr/bin/ntlm_auth"; fi])
-
-AC_MSG_CHECKING([if using ntlm_auth is requested])
-
-if test "$ntlm_auth" != "no"; then
- AC_DEFINE(USE_NTLM_AUTH, 1, [Whether or not use Samba's 'winbind' daemon helper 'ntlm_auth' for NTLM single-sign-on])
- AC_SUBST(USE_NTLM_AUTH, [1])
- if test "$ntlm_auth" = "yes"; then
- dnl --with-ntlm-auth (without path) used, use default path
- ntlm_auth="/usr/bin/ntlm_auth"
- fi
- AC_MSG_RESULT($ntlm_auth)
-else
- AC_MSG_RESULT(no)
-fi
-AC_SUBST(ntlm_auth)
-AC_DEFINE_UNQUOTED(NTLM_AUTH, "$ntlm_auth", [Samba's 'winbind' daemon helper 'ntlm_auth' which can be used for NTLM single-sign-on])
-
-
dnl *************************************************************************
dnl If the manual variable still is set, then we go with providing a built-in
dnl manual
@@ -2823,6 +2795,10 @@ AC_HELP_STRING([--disable-crypto-auth],[Disable cryptographic authentication]),
AC_MSG_RESULT(yes)
)
+CURL_CHECK_OPTION_WINBIND_NTLM_AUTH
+
+CURL_CHECK_WINBIND_NTLM_AUTH
+
dnl ************************************************************
dnl disable TLS-SRP authentication
dnl
@@ -2998,7 +2974,7 @@ if test "x$CURL_DISABLE_HTTP" != "x1"; then
if test "x$USE_SSLEAY" = "x1" -o "x$USE_WINDOWS_SSPI" = "x1" \
-o "x$GNUTLS_ENABLED" = "x1" -o "x$NSS_ENABLED" = "x1"; then
SUPPORT_FEATURES="$SUPPORT_FEATURES NTLM"
- if test "x$USE_NTLM_AUTH" = "x1"; then
+ if test "x$WINBIND_NTLM_AUTH_ENABLED" = "x1"; then
SUPPORT_FEATURES="$SUPPORT_FEATURES NTLM_SSO"
fi
fi
diff --git a/lib/http.c b/lib/http.c
index 97946f84d..97c904342 100644
--- a/lib/http.c
+++ b/lib/http.c
@@ -542,9 +542,13 @@ output_auth_headers(struct connectdata *conn,
#ifdef USE_NTLM_SSO
if(authstatus->picked == CURLAUTH_NTLM_SSO) {
auth="NTLM_SSO";
+#ifdef WINBIND_NTLM_AUTH_ENABLED
result = Curl_output_ntlm_sso(conn, proxy);
if(result)
return result;
+#else
+ return CURLE_REMOTE_ACCESS_DENIED;
+#endif
}
else
#endif
@@ -767,7 +771,7 @@ CURLcode Curl_http_input_auth(struct connectdata *conn,
Curl_input_ntlm(conn, (bool)(httpcode == 407), start);
if(CURLNTLM_BAD != ntlm) {
data->state.authproblem = FALSE;
-#ifdef USE_NTLM_SSO
+#ifdef WINBIND_NTLM_AUTH_ENABLED
if(authp->picked == CURLAUTH_NTLM_SSO) {
*availp &= ~CURLAUTH_NTLM;
authp->avail &= ~CURLAUTH_NTLM;
diff --git a/lib/http_ntlm.c b/lib/http_ntlm.c
index ba0a4d717..9beedfb04 100644
--- a/lib/http_ntlm.c
+++ b/lib/http_ntlm.c
@@ -33,14 +33,16 @@
#define DEBUG_ME 0
+#ifdef HAVE_SYS_TYPES_H
+#include <sys/types.h>
+#endif
#ifdef HAVE_UNISTD_H
#include <unistd.h>
#endif
-
-#ifdef USE_NTLM_SSO
-#include <unistd.h>
-#include <sys/types.h>
+#ifdef HAVE_SYS_WAIT_H
#include <sys/wait.h>
+#endif
+#ifdef HAVE_SIGNAL_H
#include <signal.h>
#endif
@@ -677,7 +679,7 @@ static void unicodecpy(unsigned char *dest,
}
#endif
-#ifdef USE_NTLM_SSO
+#ifdef WINBIND_NTLM_AUTH_ENABLED
static void sso_ntlm_close(struct connectdata *conn)
{
if(conn->ntlm_auth_hlpr_socket != CURL_SOCKET_BAD) {
@@ -742,17 +744,17 @@ static CURLcode sso_ntlm_initiate(struct connectdata *conn,
username = username + (slash - domain) + 1;
}
- /* When DEBUGBUILD is defined and environment variable NTLM_AUTH is set
- * (in test case 2005), use a fake_ntlm to do NTLM challenge/response,
- * which only accept commands and output strings pre-written/saved in
- * test case 2005 */
+ /* For testing purposes, when DEBUGBUILD is defined and environment
+ variable CURL_NTLM_AUTH is set a fake_ntlm is used to perform
+ NTLM challenge/response which only accepts commands and output
+ strings pre-written in test case definitions */
#ifdef DEBUGBUILD
- ntlm_auth_alloc = curl_getenv("NTLM_AUTH");
+ ntlm_auth_alloc = curl_getenv("CURL_NTLM_AUTH");
if(ntlm_auth_alloc)
ntlm_auth = ntlm_auth_alloc;
else
#endif
- ntlm_auth = NTLM_AUTH;
+ ntlm_auth = WINBIND_NTLM_AUTH_FILE;
if(access(ntlm_auth, X_OK) != 0) {
error = ERRNO;
@@ -940,9 +942,9 @@ CURLcode Curl_output_ntlm_sso(struct connectdata *conn,
* http://devel.squid-cache.org/ntlm/squid_helper_protocol.html
* http://www.samba.org/samba/docs/man/manpages-3/winbindd.8.html
* http://www.samba.org/samba/docs/man/manpages-3/ntlm_auth.1.html
- * The preprocessor variable 'USE_NTLM_AUTH' indicates whether
- * this feature is enabled. Another one 'NTLM_AUTH' contains absolute
- * path of it.
+ * Preprocessor symbol 'WINBIND_NTLM_AUTH_ENABLED' is defined when
+ * this feature is enabled and 'WINBIND_NTLM_AUTH_FILE' symbol holds
+ * absolute filename of ntlm_auth helper.
* If NTLM single-sign-on fails, go back to original request
* handling process.
*/
@@ -996,7 +998,7 @@ CURLcode Curl_output_ntlm_sso(struct connectdata *conn,
return CURLE_OK;
}
-#endif /* USE_NTLM_SSO */
+#endif /* WINBIND_NTLM_AUTH_ENABLED */
/* this is for creating ntlm header output */
CURLcode Curl_output_ntlm(struct connectdata *conn,
@@ -1644,7 +1646,7 @@ Curl_ntlm_cleanup(struct connectdata *conn)
ntlm_sspi_cleanup(&conn->ntlm);
ntlm_sspi_cleanup(&conn->proxyntlm);
#else
-#ifdef USE_NTLM_SSO
+#ifdef WINBIND_NTLM_AUTH_ENABLED
sso_ntlm_close(conn);
#endif
(void)conn;
diff --git a/lib/http_ntlm.h b/lib/http_ntlm.h
index faa7b0f31..5275e46ef 100644
--- a/lib/http_ntlm.h
+++ b/lib/http_ntlm.h
@@ -1,5 +1,5 @@
-#ifndef __HTTP_NTLM_H
-#define __HTTP_NTLM_H
+#ifndef HEADER_CURL_HTTP_NTLM_H
+#define HEADER_CURL_HTTP_NTLM_H
/***************************************************************************
* _ _ ____ _
* Project ___| | | | _ \| |
@@ -38,9 +38,9 @@ CURLntlm Curl_input_ntlm(struct connectdata *conn, bool proxy,
/* this is for creating ntlm header output */
CURLcode Curl_output_ntlm(struct connectdata *conn, bool proxy);
-#ifdef USE_NTLM_SSO
+#ifdef WINBIND_NTLM_AUTH_ENABLED
/* this is for creating ntlm header output by delegating challenge/response
- * to a Samba's daemon helper ntlm_auth */
+ to Samba's winbind daemon helper ntlm_auth */
CURLcode Curl_output_ntlm_sso(struct connectdata *conn, bool proxy);
#endif
@@ -152,4 +152,5 @@ void Curl_ntlm_cleanup(struct connectdata *conn);
#define NTLMFLAG_NEGOTIATE_56 (1<<31)
/* Indicates that 56-bit encryption is supported. */
-#endif
+
+#endif /* HEADER_CURL_HTTP_NTLM_H */
diff --git a/lib/setup.h b/lib/setup.h
index 2aaf564dc..eb19bafab 100644
--- a/lib/setup.h
+++ b/lib/setup.h
@@ -566,7 +566,7 @@ int netware_init(void);
#if defined(USE_SSLEAY) || defined(USE_WINDOWS_SSPI) || \
defined(USE_GNUTLS) || defined(USE_NSS)
#define USE_NTLM
-#if defined(USE_NTLM_AUTH)
+#if defined(WINBIND_NTLM_AUTH_ENABLED)
/* Support NTLM single-sign-on by using Samba's winbind daemon helper
'ntlm_auth' */
#define USE_NTLM_SSO
diff --git a/lib/url.c b/lib/url.c
index bffa23423..59da3e991 100644
--- a/lib/url.c
+++ b/lib/url.c
@@ -3515,7 +3515,7 @@ static struct connectdata *allocate_conn(struct SessionHandle *data)
conn->ip_version = data->set.ipver;
-#ifdef USE_NTLM_SSO
+#ifdef WINBIND_NTLM_AUTH_ENABLED
conn->ntlm_auth_hlpr_socket = CURL_SOCKET_BAD;
conn->ntlm_auth_hlpr_pid = 0;
conn->challenge_header = NULL;
diff --git a/lib/urldata.h b/lib/urldata.h
index f4057cbbd..6f81153de 100644
--- a/lib/urldata.h
+++ b/lib/urldata.h
@@ -905,9 +905,8 @@ struct connectdata {
single requests! */
struct ntlmdata proxyntlm; /* NTLM data for proxy */
-#ifdef USE_NTLM_SSO
- /* data used for communication with Samba's winbind daemon helper
- ntlm_auth */
+#ifdef WINBIND_NTLM_AUTH_ENABLED
+ /* used for communication with Samba's winbind daemon helper ntlm_auth */
curl_socket_t ntlm_auth_hlpr_socket;
pid_t ntlm_auth_hlpr_pid;
char* challenge_header;
diff --git a/m4/curl-confopts.m4 b/m4/curl-confopts.m4
index 30fb025fd..015101e7f 100644
--- a/m4/curl-confopts.m4
+++ b/m4/curl-confopts.m4
@@ -5,7 +5,7 @@
# | (__| |_| | _ <| |___
# \___|\___/|_| \_\_____|
#
-# Copyright (C) 1998 - 2010, Daniel Stenberg, <daniel@haxx.se>, et al.
+# Copyright (C) 1998 - 2011, Daniel Stenberg, <daniel@haxx.se>, et al.
#
# This software is licensed as described in the file COPYING, which
# you should have received as part of this distribution. The terms
@@ -21,7 +21,7 @@
#***************************************************************************
# File version for 'aclocal' use. Keep it a single number.
-# serial 14
+# serial 15
dnl CURL_CHECK_OPTION_THREADED_RESOLVER
dnl -------------------------------------------------
@@ -496,3 +496,63 @@ AC_DEFUN([CURL_CHECK_LIB_ARES], [
fi
])
+
+dnl CURL_CHECK_OPTION_WINBIND_NTLM_AUTH
+dnl -------------------------------------------------
+dnl Verify if configure has been invoked with option
+dnl --enable-ntlm-auth or --disable-ntlm-auth, and
+dnl set shell variable want_wb_ntlm_auth and
+dnl want_wb_ntlm_auth_file as appropriate.
+
+AC_DEFUN([CURL_CHECK_OPTION_WINBIND_NTLM_AUTH], [
+ AC_BEFORE([$0],[CURL_CHECK_WINBIND_NTLM_AUTH])dnl
+ OPT_WINBIND_NTLM_AUTH="default"
+ AC_ARG_ENABLE(wb-ntlm-auth,
+AC_HELP_STRING([--enable-wb-ntlm-auth@<:@=FILE@:>@],[Enable winbind's ntlm_auth helper for NTLM SSO, where FILE is ntlm_auth's absolute filename (default: /usr/bin/ntlm_auth)])
+AC_HELP_STRING([--disable-wb-ntlm-auth],[Disable winbind's ntlm_auth helper for NTLM SSO]),
+ OPT_WINBIND_NTLM_AUTH=$enableval)
+ want_wb_ntlm_auth_file="/usr/bin/ntlm_auth"
+ case "$OPT_WINBIND_NTLM_AUTH" in
+ no)
+ dnl --disable-wb-ntlm-auth option used
+ want_wb_ntlm_auth="no"
+ ;;
+ default)
+ dnl configure option not specified
+ want_wb_ntlm_auth="yes"
+ ;;
+ *)
+ dnl --enable-wb-ntlm-auth option used
+ want_wb_ntlm_auth="yes"
+ if test -n "$enableval" && test "$enableval" != "yes"; then
+ want_wb_ntlm_auth_file="$enableval"
+ fi
+ ;;
+ esac
+])
+
+
+dnl CURL_CHECK_WINBIND_NTLM_AUTH
+dnl -------------------------------------------------
+dnl Check if winbind's ntlm_auth helper support will
+dnl finally be enabled depending on configure option
+dnl given and target platform.
+
+AC_DEFUN([CURL_CHECK_WINBIND_NTLM_AUTH], [
+ AC_REQUIRE([CURL_CHECK_OPTION_WINBIND_NTLM_AUTH])dnl
+ AC_REQUIRE([CURL_CHECK_NATIVE_WINDOWS])dnl
+ AC_MSG_CHECKING([whether to enable winbind's ntlm_auth support for NTLM SSO])
+ if test "$ac_cv_native_windows" = "yes"; then
+ want_wb_ntlm_auth_file=""
+ want_wb_ntlm_auth="no"
+ fi
+ AC_MSG_RESULT([$want_wb_ntlm_auth])
+ if test "$want_wb_ntlm_auth" = "yes"; then
+ AC_DEFINE(WINBIND_NTLM_AUTH_ENABLED, 1,
+ [Define to enable winbind's ntlm_auth support for NTLM SSO.])
+ AC_DEFINE_UNQUOTED(WINBIND_NTLM_AUTH_FILE, "$want_wb_ntlm_auth_file",
+ [Define absolute filename for winbind's ntlm_auth helper.])
+ WINBIND_NTLM_AUTH_ENABLED=1
+ fi
+])
+
diff --git a/tests/data/test1310 b/tests/data/test1310
index e101fd71f..9187acfe3 100644
--- a/tests/data/test1310
+++ b/tests/data/test1310
@@ -70,11 +70,11 @@ CURL_GETHOSTNAME=curlhost
# we try to use the LD_PRELOAD hack, if not a debug build
LD_PRELOAD=%PWD/libtest/.libs/libhostname.so
# set path to fake_auth instead of real ntlm_auth to generate NTLM type1 and type 3 messages
-NTLM_AUTH=%PWD/server/fake_ntlm
+CURL_NTLM_AUTH=%PWD/server/fake_ntlm
# set source directory so fake_ntlm can find the test files
-NTLM_AUTH_SRCDIR=%SRCDIR
+CURL_NTLM_AUTH_SRCDIR=%SRCDIR
# set the test number
-NTLM_AUTH_TESTNUM=1310
+CURL_NTLM_AUTH_TESTNUM=1310
</setenv>
<command>
http://%HOSTIP:%HTTPPORT/1310 -u testuser:anypasswd --ntlm-sso
diff --git a/tests/server/fake_ntlm.c b/tests/server/fake_ntlm.c
index c0aa1e048..e97cef9af 100644
--- a/tests/server/fake_ntlm.c
+++ b/tests/server/fake_ntlm.c
@@ -168,21 +168,21 @@ int main(int argc, char *argv[])
helper_user, helper_proto, helper_domain,
(use_cached_creds == TRUE) ? "yes" : "no");
- env = getenv("NTLM_AUTH_TESTNUM");
+ env = getenv("CURL_NTLM_AUTH_TESTNUM");
if (env) {
char *endptr;
long lnum = strtol(env, &endptr, 10);
if((endptr != env + strlen(env)) || (lnum < 1L)) {
- logmsg("Test number not valid in NTLM_AUTH_TESTNUM");
+ logmsg("Test number not valid in CURL_NTLM_AUTH_TESTNUM");
exit(1);
}
testnum = lnum;
} else {
- logmsg("Test number not specified in NTLM_AUTH_TESTNUM");
+ logmsg("Test number not specified in CURL_NTLM_AUTH_TESTNUM");
exit(1);
}
- env = getenv("NTLM_AUTH_SRCDIR");
+ env = getenv("CURL_NTLM_AUTH_SRCDIR");
if (env) {
path = env;
}