From 10a0bed48536e5a3fe801a5e0d94bd84ad80c559 Mon Sep 17 00:00:00 2001
From: Yang Tse <yangsita@gmail.com>
Date: Sun, 31 Jul 2011 20:44:41 +0200
Subject: NTLM single-sign on adjustments (VIII)

Use preprocessor symbols WINBIND_NTLM_AUTH_ENABLED and WINBIND_NTLM_AUTH_FILE
for Samba's winbind daemon ntlm_auth helper code implementation and filename.

Retain preprocessor symbol USE_NTLM_SSO for NTLM single-sign-on feature
availability implementation independent.

For test harness, prefix NTLM_AUTH environment vars with CURL_

Refactor and rename configure option --with-ntlm-auth to --enable-wb-ntlm-auth[=FILE]
---
 lib/http.c      |  6 +++++-
 lib/http_ntlm.c | 34 ++++++++++++++++++----------------
 lib/http_ntlm.h | 11 ++++++-----
 lib/setup.h     |  2 +-
 lib/url.c       |  2 +-
 lib/urldata.h   |  5 ++---
 6 files changed, 33 insertions(+), 27 deletions(-)

(limited to 'lib')

diff --git a/lib/http.c b/lib/http.c
index 97946f84d..97c904342 100644
--- a/lib/http.c
+++ b/lib/http.c
@@ -542,9 +542,13 @@ output_auth_headers(struct connectdata *conn,
 #ifdef USE_NTLM_SSO
   if(authstatus->picked == CURLAUTH_NTLM_SSO) {
     auth="NTLM_SSO";
+#ifdef WINBIND_NTLM_AUTH_ENABLED
     result = Curl_output_ntlm_sso(conn, proxy);
     if(result)
       return result;
+#else
+    return CURLE_REMOTE_ACCESS_DENIED;
+#endif
   }
   else
 #endif
@@ -767,7 +771,7 @@ CURLcode Curl_http_input_auth(struct connectdata *conn,
           Curl_input_ntlm(conn, (bool)(httpcode == 407), start);
         if(CURLNTLM_BAD != ntlm) {
           data->state.authproblem = FALSE;
-#ifdef USE_NTLM_SSO
+#ifdef WINBIND_NTLM_AUTH_ENABLED
           if(authp->picked == CURLAUTH_NTLM_SSO) {
             *availp &= ~CURLAUTH_NTLM;
             authp->avail &= ~CURLAUTH_NTLM;
diff --git a/lib/http_ntlm.c b/lib/http_ntlm.c
index ba0a4d717..9beedfb04 100644
--- a/lib/http_ntlm.c
+++ b/lib/http_ntlm.c
@@ -33,14 +33,16 @@
 
 #define DEBUG_ME 0
 
+#ifdef HAVE_SYS_TYPES_H
+#include <sys/types.h>
+#endif
 #ifdef HAVE_UNISTD_H
 #include <unistd.h>
 #endif
-
-#ifdef USE_NTLM_SSO
-#include <unistd.h>
-#include <sys/types.h>
+#ifdef HAVE_SYS_WAIT_H
 #include <sys/wait.h>
+#endif
+#ifdef HAVE_SIGNAL_H
 #include <signal.h>
 #endif
 
@@ -677,7 +679,7 @@ static void unicodecpy(unsigned char *dest,
 }
 #endif
 
-#ifdef USE_NTLM_SSO
+#ifdef WINBIND_NTLM_AUTH_ENABLED
 static void sso_ntlm_close(struct connectdata *conn)
 {
   if(conn->ntlm_auth_hlpr_socket != CURL_SOCKET_BAD) {
@@ -742,17 +744,17 @@ static CURLcode sso_ntlm_initiate(struct connectdata *conn,
     username = username + (slash - domain) + 1;
   }
 
-  /* When DEBUGBUILD is defined and environment variable NTLM_AUTH is set
-   * (in test case 2005), use a fake_ntlm to do NTLM challenge/response,
-   * which only accept commands and output strings pre-written/saved in
-   * test case 2005 */
+  /* For testing purposes, when DEBUGBUILD is defined and environment
+     variable CURL_NTLM_AUTH is set a fake_ntlm is used to perform
+     NTLM challenge/response which only accepts commands and output
+     strings pre-written in test case definitions */
 #ifdef DEBUGBUILD
-  ntlm_auth_alloc = curl_getenv("NTLM_AUTH");
+  ntlm_auth_alloc = curl_getenv("CURL_NTLM_AUTH");
   if(ntlm_auth_alloc)
     ntlm_auth = ntlm_auth_alloc;
   else
 #endif
-    ntlm_auth = NTLM_AUTH;
+    ntlm_auth = WINBIND_NTLM_AUTH_FILE;
 
   if(access(ntlm_auth, X_OK) != 0) {
     error = ERRNO;
@@ -940,9 +942,9 @@ CURLcode Curl_output_ntlm_sso(struct connectdata *conn,
      * http://devel.squid-cache.org/ntlm/squid_helper_protocol.html
      * http://www.samba.org/samba/docs/man/manpages-3/winbindd.8.html
      * http://www.samba.org/samba/docs/man/manpages-3/ntlm_auth.1.html
-     * The preprocessor variable 'USE_NTLM_AUTH' indicates whether
-     * this feature is enabled. Another one 'NTLM_AUTH' contains absolute
-     * path of it.
+     * Preprocessor symbol 'WINBIND_NTLM_AUTH_ENABLED' is defined when
+     * this feature is enabled and 'WINBIND_NTLM_AUTH_FILE' symbol holds
+     * absolute filename of ntlm_auth helper.
      * If NTLM single-sign-on fails, go back to original request
      * handling process.
      */
@@ -996,7 +998,7 @@ CURLcode Curl_output_ntlm_sso(struct connectdata *conn,
 
   return CURLE_OK;
 }
-#endif /* USE_NTLM_SSO */
+#endif /* WINBIND_NTLM_AUTH_ENABLED */
 
 /* this is for creating ntlm header output */
 CURLcode Curl_output_ntlm(struct connectdata *conn,
@@ -1644,7 +1646,7 @@ Curl_ntlm_cleanup(struct connectdata *conn)
   ntlm_sspi_cleanup(&conn->ntlm);
   ntlm_sspi_cleanup(&conn->proxyntlm);
 #else
-#ifdef USE_NTLM_SSO
+#ifdef WINBIND_NTLM_AUTH_ENABLED
   sso_ntlm_close(conn);
 #endif
   (void)conn;
diff --git a/lib/http_ntlm.h b/lib/http_ntlm.h
index faa7b0f31..5275e46ef 100644
--- a/lib/http_ntlm.h
+++ b/lib/http_ntlm.h
@@ -1,5 +1,5 @@
-#ifndef __HTTP_NTLM_H
-#define __HTTP_NTLM_H
+#ifndef HEADER_CURL_HTTP_NTLM_H
+#define HEADER_CURL_HTTP_NTLM_H
 /***************************************************************************
  *                                  _   _ ____  _
  *  Project                     ___| | | |  _ \| |
@@ -38,9 +38,9 @@ CURLntlm Curl_input_ntlm(struct connectdata *conn, bool proxy,
 /* this is for creating ntlm header output */
 CURLcode Curl_output_ntlm(struct connectdata *conn, bool proxy);
 
-#ifdef USE_NTLM_SSO
+#ifdef WINBIND_NTLM_AUTH_ENABLED
 /* this is for creating ntlm header output by delegating challenge/response
- * to a Samba's daemon helper ntlm_auth */
+   to Samba's winbind daemon helper ntlm_auth */
 CURLcode Curl_output_ntlm_sso(struct connectdata *conn, bool proxy);
 #endif
 
@@ -152,4 +152,5 @@ void Curl_ntlm_cleanup(struct connectdata *conn);
 
 #define NTLMFLAG_NEGOTIATE_56                    (1<<31)
 /* Indicates that 56-bit encryption is supported. */
-#endif
+
+#endif /* HEADER_CURL_HTTP_NTLM_H */
diff --git a/lib/setup.h b/lib/setup.h
index 2aaf564dc..eb19bafab 100644
--- a/lib/setup.h
+++ b/lib/setup.h
@@ -566,7 +566,7 @@ int netware_init(void);
 #if defined(USE_SSLEAY) || defined(USE_WINDOWS_SSPI) || \
    defined(USE_GNUTLS) || defined(USE_NSS)
 #define USE_NTLM
-#if defined(USE_NTLM_AUTH)
+#if defined(WINBIND_NTLM_AUTH_ENABLED)
 /* Support NTLM single-sign-on by using Samba's winbind daemon helper
    'ntlm_auth' */
 #define USE_NTLM_SSO
diff --git a/lib/url.c b/lib/url.c
index bffa23423..59da3e991 100644
--- a/lib/url.c
+++ b/lib/url.c
@@ -3515,7 +3515,7 @@ static struct connectdata *allocate_conn(struct SessionHandle *data)
 
   conn->ip_version = data->set.ipver;
 
-#ifdef USE_NTLM_SSO
+#ifdef WINBIND_NTLM_AUTH_ENABLED
   conn->ntlm_auth_hlpr_socket = CURL_SOCKET_BAD;
   conn->ntlm_auth_hlpr_pid = 0;
   conn->challenge_header = NULL;
diff --git a/lib/urldata.h b/lib/urldata.h
index f4057cbbd..6f81153de 100644
--- a/lib/urldata.h
+++ b/lib/urldata.h
@@ -905,9 +905,8 @@ struct connectdata {
                                single requests! */
   struct ntlmdata proxyntlm; /* NTLM data for proxy */
 
-#ifdef USE_NTLM_SSO
-  /* data used for communication with Samba's winbind daemon helper
-     ntlm_auth */
+#ifdef WINBIND_NTLM_AUTH_ENABLED
+  /* used for communication with Samba's winbind daemon helper ntlm_auth */
   curl_socket_t ntlm_auth_hlpr_socket;
   pid_t ntlm_auth_hlpr_pid;
   char* challenge_header;
-- 
cgit v1.2.3