From 4eb08ac1c005cfc1ea7e09d5e10697bab08e3cac Mon Sep 17 00:00:00 2001 From: Yang Tse Date: Wed, 27 Jul 2011 19:12:06 +0200 Subject: NTLM single-sign on adjustments (III) Provide some error tracing and fix execl() calling. --- lib/http_ntlm.c | 77 ++++++++++++++++++++++++++++++++++++++++++++++----------- 1 file changed, 62 insertions(+), 15 deletions(-) (limited to 'lib/http_ntlm.c') diff --git a/lib/http_ntlm.c b/lib/http_ntlm.c index dfd243030..77f678630 100644 --- a/lib/http_ntlm.c +++ b/lib/http_ntlm.c @@ -55,6 +55,7 @@ #include "curl_base64.h" #include "http_ntlm.h" #include "url.h" +#include "strerror.h" #include "curl_gethostname.h" #include "curl_memory.h" @@ -718,6 +719,8 @@ static CURLcode sso_ntlm_initiate(struct connectdata *conn, const char *username; char *slash, *domain = NULL; const char *ntlm_auth = NULL; + char *ntlm_auth_alloc = NULL; + int error; /* Return if communication with ntlm_auth already set up */ if(conn->fd_helper != -1 || conn->pid) { @@ -739,33 +742,76 @@ static CURLcode sso_ntlm_initiate(struct connectdata *conn, * which only accept commands and output strings pre-written/saved in * test case 2005 */ #ifdef DEBUGBUILD - ntlm_auth=getenv("NTLM_AUTH"); + ntlm_auth_alloc = curl_getenv("NTLM_AUTH"); + if(ntlm_auth_alloc) + ntlm_auth = ntlm_auth_alloc; + else #endif - if(!ntlm_auth) ntlm_auth = NTLM_AUTH; - if(access(ntlm_auth, X_OK) != 0) + if(access(ntlm_auth, X_OK) != 0) { + error = ERRNO; + failf(conn->data, "Could not access ntlm_auth: %s errno %d: %s", + ntlm_auth, error, Curl_strerror(conn, error)); goto done; + } - if(socketpair(AF_UNIX, SOCK_STREAM, 0, sockfds)) + if(socketpair(AF_UNIX, SOCK_STREAM, 0, sockfds)) { + error = ERRNO; + failf(conn->data, "Could not open socket pair. errno %d: %s", + error, Curl_strerror(conn, error)); goto done; + } pid = fork(); - if(!pid) { - /* child process */ - if(dup2(sockfds[1], 0) == -1 || dup2(sockfds[1], 1) == -1) - exit(1); - - execl(ntlm_auth, "--helper-protocol", "ntlmssp-client-1", - "--use-cached-creds", "--username", username, - domain?"--domain":NULL, domain, NULL); - exit(1); - } - else if(pid == -1) { + if(pid == -1) { + error = ERRNO; close(sockfds[0]); close(sockfds[1]); + failf(conn->data, "Could not fork. errno %d: %s", + error, Curl_strerror(conn, error)); goto done; } + else if(!pid) { + /* + * child process + */ + + close(sockfds[0]); + + if(dup2(sockfds[1], STDIN_FILENO) == -1) { + error = ERRNO; + failf(conn->data, "Could not redirect child stdin. errno %d: %s", + error, Curl_strerror(conn, error)); + exit(1); + } + + if(dup2(sockfds[1], STDOUT_FILENO) == -1) { + error = ERRNO; + failf(conn->data, "Could not redirect child stdout. errno %d: %s", + error, Curl_strerror(conn, error)); + exit(1); + } + + if(domain) + execl(ntlm_auth, ntlm_auth, + "--helper-protocol", "ntlmssp-client-1", + "--use-cached-creds", + "--username", username, + "--domain", domain, + NULL); + else + execl(ntlm_auth, ntlm_auth, + "--helper-protocol", "ntlmssp-client-1", + "--use-cached-creds", + "--username", username, + NULL); + + error = ERRNO; + failf(conn->data, "Could not execl(). errno %d: %s", + error, Curl_strerror(conn, error)); + exit(1); + } close(sockfds[1]); conn->fd_helper = sockfds[0]; @@ -775,6 +821,7 @@ static CURLcode sso_ntlm_initiate(struct connectdata *conn, done: Curl_safefree(domain); + Curl_safefree(ntlm_auth_alloc); return CURLE_REMOTE_ACCESS_DENIED; } -- cgit v1.2.3