diff options
-rw-r--r-- | configure.ac | 6 | ||||
-rw-r--r-- | lib/http.c | 4 | ||||
-rw-r--r-- | lib/http_ntlm.c | 43 | ||||
-rw-r--r-- | lib/http_ntlm.h | 2 | ||||
-rw-r--r-- | lib/url.c | 6 | ||||
-rw-r--r-- | lib/urldata.h | 2 | ||||
-rw-r--r-- | lib/version.c | 2 | ||||
-rw-r--r-- | m4/curl-confopts.m4 | 68 | ||||
-rw-r--r-- | tests/data/test1310 | 4 |
9 files changed, 68 insertions, 69 deletions
diff --git a/configure.ac b/configure.ac index 7fb9cbf56..64ee1b7a6 100644 --- a/configure.ac +++ b/configure.ac @@ -2816,9 +2816,9 @@ AC_HELP_STRING([--disable-crypto-auth],[Disable cryptographic authentication]), AC_MSG_RESULT(yes) ) -CURL_CHECK_OPTION_WINBIND_NTLM_AUTH +CURL_CHECK_OPTION_NTLM_WB -CURL_CHECK_WINBIND_NTLM_AUTH +CURL_CHECK_NTLM_WB dnl ************************************************************ dnl disable TLS-SRP authentication @@ -2995,7 +2995,7 @@ if test "x$CURL_DISABLE_HTTP" != "x1"; then if test "x$USE_SSLEAY" = "x1" -o "x$USE_WINDOWS_SSPI" = "x1" \ -o "x$GNUTLS_ENABLED" = "x1" -o "x$NSS_ENABLED" = "x1"; then SUPPORT_FEATURES="$SUPPORT_FEATURES NTLM" - if test "x$WINBIND_NTLM_AUTH_ENABLED" = "x1"; then + if test "x$NTLM_WB_ENABLED" = "x1"; then SUPPORT_FEATURES="$SUPPORT_FEATURES NTLM_WB" fi fi diff --git a/lib/http.c b/lib/http.c index 54bb53527..c1a94712e 100644 --- a/lib/http.c +++ b/lib/http.c @@ -545,7 +545,7 @@ output_auth_headers(struct connectdata *conn, } else #endif -#ifdef WINBIND_NTLM_AUTH_ENABLED +#ifdef NTLM_WB_ENABLED if(authstatus->picked == CURLAUTH_NTLM_WB) { auth="NTLM_WB"; result = Curl_output_ntlm_wb(conn, proxy); @@ -773,7 +773,7 @@ CURLcode Curl_http_input_auth(struct connectdata *conn, Curl_input_ntlm(conn, (bool)(httpcode == 407), start); if(CURLE_OK == ntlm) { data->state.authproblem = FALSE; -#ifdef WINBIND_NTLM_AUTH_ENABLED +#ifdef NTLM_WB_ENABLED if(authp->picked == CURLAUTH_NTLM_WB) { *availp &= ~CURLAUTH_NTLM; authp->avail &= ~CURLAUTH_NTLM; diff --git a/lib/http_ntlm.c b/lib/http_ntlm.c index ccecc02b3..8d9a8a1b5 100644 --- a/lib/http_ntlm.c +++ b/lib/http_ntlm.c @@ -124,8 +124,8 @@ CURLcode Curl_input_ntlm(struct connectdata *conn, return result; } -#ifdef WINBIND_NTLM_AUTH_ENABLED -static void wb_ntlm_close(struct connectdata *conn) +#ifdef NTLM_WB_ENABLED +static void ntlm_wb_cleanup(struct connectdata *conn) { if(conn->ntlm_auth_hlpr_socket != CURL_SOCKET_BAD) { sclose(conn->ntlm_auth_hlpr_socket); @@ -163,8 +163,7 @@ static void wb_ntlm_close(struct connectdata *conn) conn->response_header = NULL; } -static CURLcode wb_ntlm_initiate(struct connectdata *conn, - const char *userp) +static CURLcode ntlm_wb_init(struct connectdata *conn, const char *userp) { curl_socket_t sockfds[2]; pid_t child_pid; @@ -190,16 +189,16 @@ static CURLcode wb_ntlm_initiate(struct connectdata *conn, } /* For testing purposes, when DEBUGBUILD is defined and environment - variable CURL_NTLM_AUTH is set a fake_ntlm is used to perform + variable CURL_NTLM_WB_FILE is set a fake_ntlm is used to perform NTLM challenge/response which only accepts commands and output strings pre-written in test case definitions */ #ifdef DEBUGBUILD - ntlm_auth_alloc = curl_getenv("CURL_NTLM_AUTH"); + ntlm_auth_alloc = curl_getenv("CURL_NTLM_WB_FILE"); if(ntlm_auth_alloc) ntlm_auth = ntlm_auth_alloc; else #endif - ntlm_auth = WINBIND_NTLM_AUTH_FILE; + ntlm_auth = NTLM_WB_FILE; if(access(ntlm_auth, X_OK) != 0) { error = ERRNO; @@ -279,7 +278,7 @@ done: return CURLE_REMOTE_ACCESS_DENIED; } -static CURLcode wb_ntlm_response(struct connectdata *conn, +static CURLcode ntlm_wb_response(struct connectdata *conn, const char *input, curlntlm state) { ssize_t size; @@ -347,7 +346,7 @@ done: CURLcode Curl_output_ntlm_wb(struct connectdata *conn, bool proxy) { - /* point to the address of the pointer that holds the string to sent to the + /* point to the address of the pointer that holds the string to send to the server, which is for a plain host or for a HTTP proxy */ char **allocuserpwd; /* point to the name and password for this */ @@ -383,23 +382,23 @@ CURLcode Curl_output_ntlm_wb(struct connectdata *conn, switch(ntlm->state) { case NTLMSTATE_TYPE1: default: - /* Use Samba's 'winbind' daemon to support NTLM single-sign-on, + /* Use Samba's 'winbind' daemon to support NTLM authentication, * by delegating the NTLM challenge/response protocal to a helper * in ntlm_auth. * http://devel.squid-cache.org/ntlm/squid_helper_protocol.html * http://www.samba.org/samba/docs/man/manpages-3/winbindd.8.html * http://www.samba.org/samba/docs/man/manpages-3/ntlm_auth.1.html - * Preprocessor symbol 'WINBIND_NTLM_AUTH_ENABLED' is defined when - * this feature is enabled and 'WINBIND_NTLM_AUTH_FILE' symbol holds - * absolute filename of ntlm_auth helper. - * If NTLM single-sign-on fails, go back to original request - * handling process. + * Preprocessor symbol 'NTLM_WB_ENABLED' is defined when this + * feature is enabled and 'NTLM_WB_FILE' symbol holds absolute + * filename of ntlm_auth helper. + * If NTLM authentication using winbind fails, go back to original + * request handling process. */ /* Create communication with ntlm_auth */ - res = wb_ntlm_initiate(conn, userp); + res = ntlm_wb_init(conn, userp); if(res) return res; - res = wb_ntlm_response(conn, "YR\n", ntlm->state); + res = ntlm_wb_response(conn, "YR\n", ntlm->state); if(res) return res; @@ -415,7 +414,7 @@ CURLcode Curl_output_ntlm_wb(struct connectdata *conn, input = aprintf("TT %s", conn->challenge_header); if(!input) return CURLE_OUT_OF_MEMORY; - res = wb_ntlm_response(conn, input, ntlm->state); + res = ntlm_wb_response(conn, input, ntlm->state); free(input); input = NULL; if(res) @@ -428,7 +427,7 @@ CURLcode Curl_output_ntlm_wb(struct connectdata *conn, DEBUG_OUT(fprintf(stderr, "**** %s\n ", *allocuserpwd)); ntlm->state = NTLMSTATE_TYPE3; /* we sent a type-3 */ authp->done = TRUE; - wb_ntlm_close(conn); + ntlm_wb_cleanup(conn); break; case NTLMSTATE_TYPE3: /* connection is already authenticated, @@ -443,7 +442,7 @@ CURLcode Curl_output_ntlm_wb(struct connectdata *conn, return CURLE_OK; } -#endif /* WINBIND_NTLM_AUTH_ENABLED */ +#endif /* NTLM_WB_ENABLED */ /* * This is for creating ntlm header output @@ -563,8 +562,8 @@ void Curl_http_ntlm_cleanup(struct connectdata *conn) #ifdef USE_WINDOWS_SSPI Curl_ntlm_sspi_cleanup(&conn->ntlm); Curl_ntlm_sspi_cleanup(&conn->proxyntlm); -#elif defined(WINBIND_NTLM_AUTH_ENABLED) - wb_ntlm_close(conn); +#elif defined(NTLM_WB_ENABLED) + ntlm_wb_cleanup(conn); #else (void)conn; #endif diff --git a/lib/http_ntlm.h b/lib/http_ntlm.h index d13998f4e..635d6313b 100644 --- a/lib/http_ntlm.h +++ b/lib/http_ntlm.h @@ -29,7 +29,7 @@ CURLcode Curl_input_ntlm(struct connectdata *conn, bool proxy, /* this is for creating ntlm header output */ CURLcode Curl_output_ntlm(struct connectdata *conn, bool proxy); -#ifdef WINBIND_NTLM_AUTH_ENABLED +#ifdef NTLM_WB_ENABLED /* this is for creating ntlm header output by delegating challenge/response to Samba's winbind daemon helper ntlm_auth */ CURLcode Curl_output_ntlm_wb(struct connectdata *conn, bool proxy); @@ -1388,7 +1388,7 @@ CURLcode Curl_setopt(struct SessionHandle *data, CURLoption option, #ifndef USE_NTLM auth &= ~CURLAUTH_NTLM; /* no NTLM without SSL */ #endif -#ifndef WINBIND_NTLM_AUTH_ENABLED +#ifndef NTLM_WB_ENABLED auth &= ~CURLAUTH_NTLM_WB; #endif #ifndef USE_HTTP_NEGOTIATE @@ -1452,7 +1452,7 @@ CURLcode Curl_setopt(struct SessionHandle *data, CURLoption option, #ifndef USE_NTLM auth &= ~CURLAUTH_NTLM; /* no NTLM without SSL */ #endif -#ifndef WINBIND_NTLM_AUTH_ENABLED +#ifndef NTLM_WB_ENABLED auth &= ~CURLAUTH_NTLM_WB; #endif #ifndef USE_HTTP_NEGOTIATE @@ -3526,7 +3526,7 @@ static struct connectdata *allocate_conn(struct SessionHandle *data) conn->ip_version = data->set.ipver; -#ifdef WINBIND_NTLM_AUTH_ENABLED +#ifdef NTLM_WB_ENABLED conn->ntlm_auth_hlpr_socket = CURL_SOCKET_BAD; conn->ntlm_auth_hlpr_pid = 0; conn->challenge_header = NULL; diff --git a/lib/urldata.h b/lib/urldata.h index b9439e458..8965c0bb2 100644 --- a/lib/urldata.h +++ b/lib/urldata.h @@ -905,7 +905,7 @@ struct connectdata { single requests! */ struct ntlmdata proxyntlm; /* NTLM data for proxy */ -#ifdef WINBIND_NTLM_AUTH_ENABLED +#ifdef NTLM_WB_ENABLED /* used for communication with Samba's winbind daemon helper ntlm_auth */ curl_socket_t ntlm_auth_hlpr_socket; pid_t ntlm_auth_hlpr_pid; diff --git a/lib/version.c b/lib/version.c index 409d5d4c4..fdf758f9a 100644 --- a/lib/version.c +++ b/lib/version.c @@ -240,7 +240,7 @@ static curl_version_info_data version_info = { #ifdef USE_NTLM | CURL_VERSION_NTLM #endif -#ifdef WINBIND_NTLM_AUTH_ENABLED +#ifdef NTLM_WB_ENABLED | CURL_VERSION_NTLM_WB #endif #ifdef USE_WINDOWS_SSPI diff --git a/m4/curl-confopts.m4 b/m4/curl-confopts.m4 index 190ff00a7..9d4315626 100644 --- a/m4/curl-confopts.m4 +++ b/m4/curl-confopts.m4 @@ -21,7 +21,7 @@ #*************************************************************************** # File version for 'aclocal' use. Keep it a single number. -# serial 15 +# serial 16 dnl CURL_CHECK_OPTION_THREADED_RESOLVER dnl ------------------------------------------------- @@ -497,63 +497,63 @@ AC_DEFUN([CURL_CHECK_LIB_ARES], [ ]) -dnl CURL_CHECK_OPTION_WINBIND_NTLM_AUTH +dnl CURL_CHECK_OPTION_NTLM_WB dnl ------------------------------------------------- dnl Verify if configure has been invoked with option -dnl --enable-ntlm-auth or --disable-ntlm-auth, and -dnl set shell variable want_wb_ntlm_auth and -dnl want_wb_ntlm_auth_file as appropriate. - -AC_DEFUN([CURL_CHECK_OPTION_WINBIND_NTLM_AUTH], [ - AC_BEFORE([$0],[CURL_CHECK_WINBIND_NTLM_AUTH])dnl - OPT_WINBIND_NTLM_AUTH="default" - AC_ARG_ENABLE(wb-ntlm-auth, -AC_HELP_STRING([--enable-wb-ntlm-auth@<:@=FILE@:>@],[Enable NTLM delegation to winbind's ntlm_auth helper, where FILE is ntlm_auth's absolute filename (default: /usr/bin/ntlm_auth)]) -AC_HELP_STRING([--disable-wb-ntlm-auth],[Disable NTLM delegation to winbind's ntlm_auth helper]), - OPT_WINBIND_NTLM_AUTH=$enableval) - want_wb_ntlm_auth_file="/usr/bin/ntlm_auth" - case "$OPT_WINBIND_NTLM_AUTH" in +dnl --enable-ntlm-wb or --disable-ntlm-wb, and set +dnl shell variable want_ntlm_wb and want_ntlm_wb_file +dnl as appropriate. + +AC_DEFUN([CURL_CHECK_OPTION_NTLM_WB], [ + AC_BEFORE([$0],[CURL_CHECK_NTLM_WB])dnl + OPT_NTLM_WB="default" + AC_ARG_ENABLE(ntlm-wb, +AC_HELP_STRING([--enable-ntlm-wb@<:@=FILE@:>@],[Enable NTLM delegation to winbind's ntlm_auth helper, where FILE is ntlm_auth's absolute filename (default: /usr/bin/ntlm_auth)]) +AC_HELP_STRING([--disable-ntlm-wb],[Disable NTLM delegation to winbind's ntlm_auth helper]), + OPT_NTLM_WB=$enableval) + want_ntlm_wb_file="/usr/bin/ntlm_auth" + case "$OPT_NTLM_WB" in no) - dnl --disable-wb-ntlm-auth option used - want_wb_ntlm_auth="no" + dnl --disable-ntlm-wb option used + want_ntlm_wb="no" ;; default) dnl configure option not specified - want_wb_ntlm_auth="yes" + want_ntlm_wb="yes" ;; *) - dnl --enable-wb-ntlm-auth option used - want_wb_ntlm_auth="yes" + dnl --enable-ntlm-wb option used + want_ntlm_wb="yes" if test -n "$enableval" && test "$enableval" != "yes"; then - want_wb_ntlm_auth_file="$enableval" + want_ntlm_wb_file="$enableval" fi ;; esac ]) -dnl CURL_CHECK_WINBIND_NTLM_AUTH +dnl CURL_CHECK_NTLM_WB dnl ------------------------------------------------- -dnl Check if winbind's ntlm_auth helper support will -dnl finally be enabled depending on configure option -dnl given and target platform. +dnl Check if support for NTLM delegation to winbind's +dnl ntlm_auth helper will finally be enabled depending +dnl on given configure options and target platform. -AC_DEFUN([CURL_CHECK_WINBIND_NTLM_AUTH], [ - AC_REQUIRE([CURL_CHECK_OPTION_WINBIND_NTLM_AUTH])dnl +AC_DEFUN([CURL_CHECK_NTLM_WB], [ + AC_REQUIRE([CURL_CHECK_OPTION_NTLM_WB])dnl AC_REQUIRE([CURL_CHECK_NATIVE_WINDOWS])dnl AC_MSG_CHECKING([whether to enable NTLM delegation to winbind's helper]) if test "$ac_cv_native_windows" = "yes" || test "x$SSL_ENABLED" = "x"; then - want_wb_ntlm_auth_file="" - want_wb_ntlm_auth="no" + want_ntlm_wb_file="" + want_ntlm_wb="no" fi - AC_MSG_RESULT([$want_wb_ntlm_auth]) - if test "$want_wb_ntlm_auth" = "yes"; then - AC_DEFINE(WINBIND_NTLM_AUTH_ENABLED, 1, + AC_MSG_RESULT([$want_ntlm_wb]) + if test "$want_ntlm_wb" = "yes"; then + AC_DEFINE(NTLM_WB_ENABLED, 1, [Define to enable NTLM delegation to winbind's ntlm_auth helper.]) - AC_DEFINE_UNQUOTED(WINBIND_NTLM_AUTH_FILE, "$want_wb_ntlm_auth_file", + AC_DEFINE_UNQUOTED(NTLM_WB_FILE, "$want_ntlm_wb_file", [Define absolute filename for winbind's ntlm_auth helper.]) - WINBIND_NTLM_AUTH_ENABLED=1 + NTLM_WB_ENABLED=1 fi ]) diff --git a/tests/data/test1310 b/tests/data/test1310 index fd389d3ef..840f3c5fa 100644 --- a/tests/data/test1310 +++ b/tests/data/test1310 @@ -62,7 +62,7 @@ debug http </server> <name> -HTTP with NTLM single-sign-on authorization +HTTP with NTLM delegation to winbind helper </name> <setenv> # we force our own host name, in order to make the test machine independent @@ -70,7 +70,7 @@ CURL_GETHOSTNAME=curlhost # we try to use the LD_PRELOAD hack, if not a debug build LD_PRELOAD=%PWD/libtest/.libs/libhostname.so # set path to fake_auth instead of real ntlm_auth to generate NTLM type1 and type 3 messages -CURL_NTLM_AUTH=%PWD/server/fake_ntlm +CURL_NTLM_WB_FILE=%PWD/server/fake_ntlm # set source directory so fake_ntlm can find the test files CURL_NTLM_AUTH_SRCDIR=%SRCDIR # set the test number |