diff --git a/RELEASE-NOTES b/RELEASE-NOTES index a232538ef..5e2d76dd8 100644 --- a/RELEASE-NOTES +++ b/RELEASE-NOTES @@ -10,7 +10,7 @@ Curl and libcurl 7.22.0 This release includes the following changes: o Added CURLOPT_GSSAPI_DELEGATION - o Added NTLM_SSO support + o Added support for NTLM delegation to Samba's winbind daemon helper ntlm_auth o Display notes from setup file in testcurl.pl o BSD-style lwIP TCP/IP stack support on Windows o OpenSSL: Use SSL_MODE_RELEASE_BUFFERS if available @@ -19,7 +19,7 @@ This release includes the following changes: This release includes the following bugfixes: - o curl_getdate: detect some illegal dates better' + o curl_getdate: detect some illegal dates better o when sending a request and an error is received before the (entire) request body is sent, stop sending the request and close the connection after having received the entire response. This is equally true if an Expect: diff --git a/configure.ac b/configure.ac index 830d379b8..7fb9cbf56 100644 --- a/configure.ac +++ b/configure.ac @@ -2996,7 +2996,7 @@ if test "x$CURL_DISABLE_HTTP" != "x1"; then -o "x$GNUTLS_ENABLED" = "x1" -o "x$NSS_ENABLED" = "x1"; then SUPPORT_FEATURES="$SUPPORT_FEATURES NTLM" if test "x$WINBIND_NTLM_AUTH_ENABLED" = "x1"; then - SUPPORT_FEATURES="$SUPPORT_FEATURES NTLM_SSO" + SUPPORT_FEATURES="$SUPPORT_FEATURES NTLM_WB" fi fi fi diff --git a/lib/http.c b/lib/http.c index fa8c7c39f..54bb53527 100644 --- a/lib/http.c +++ b/lib/http.c @@ -545,16 +545,12 @@ output_auth_headers(struct connectdata *conn, } else #endif -#ifdef USE_NTLM_SSO - if(authstatus->picked == CURLAUTH_NTLM_WB) { - auth="NTLM_SSO"; #ifdef WINBIND_NTLM_AUTH_ENABLED + if(authstatus->picked == CURLAUTH_NTLM_WB) { + auth="NTLM_WB"; result = Curl_output_ntlm_wb(conn, proxy); if(result) return result; -#else - return CURLE_REMOTE_ACCESS_DENIED; -#endif } else #endif diff --git a/lib/setup.h b/lib/setup.h index e34bf77f8..f90cf8f31 100644 --- a/lib/setup.h +++ b/lib/setup.h @@ -572,11 +572,6 @@ int netware_init(void); #if defined(USE_SSLEAY) || defined(USE_WINDOWS_SSPI) || \ defined(USE_GNUTLS) || defined(USE_NSS) #define USE_NTLM -#if defined(WINBIND_NTLM_AUTH_ENABLED) -/* Support NTLM single-sign-on by using Samba's winbind daemon helper - 'ntlm_auth' */ -#define USE_NTLM_SSO -#endif #endif #endif diff --git a/lib/url.c b/lib/url.c index 0cd6ac1b2..73f633f0d 100644 --- a/lib/url.c +++ b/lib/url.c @@ -1388,9 +1388,8 @@ CURLcode Curl_setopt(struct SessionHandle *data, CURLoption option, #ifndef USE_NTLM auth &= ~CURLAUTH_NTLM; /* no NTLM without SSL */ #endif -#ifndef USE_NTLM_SSO - auth &= ~CURLAUTH_NTLM_WB; /* no NTLM single-sign-on without SSL - and ntlm_auth */ +#ifndef WINBIND_NTLM_AUTH_ENABLED + auth &= ~CURLAUTH_NTLM_WB; #endif #ifndef USE_HTTP_NEGOTIATE auth &= ~CURLAUTH_GSSNEGOTIATE; /* no GSS-Negotiate without GSSAPI or @@ -1453,9 +1452,8 @@ CURLcode Curl_setopt(struct SessionHandle *data, CURLoption option, #ifndef USE_NTLM auth &= ~CURLAUTH_NTLM; /* no NTLM without SSL */ #endif -#ifndef USE_NTLM_SSO - auth &= ~CURLAUTH_NTLM_WB; /* no NTLM single-sign-on without SSL - and ntlm_auth */ +#ifndef WINBIND_NTLM_AUTH_ENABLED + auth &= ~CURLAUTH_NTLM_WB; #endif #ifndef USE_HTTP_NEGOTIATE auth &= ~CURLAUTH_GSSNEGOTIATE; /* no GSS-Negotiate without GSSAPI or diff --git a/lib/version.c b/lib/version.c index 03a8f875d..409d5d4c4 100644 --- a/lib/version.c +++ b/lib/version.c @@ -240,7 +240,7 @@ static curl_version_info_data version_info = { #ifdef USE_NTLM | CURL_VERSION_NTLM #endif -#ifdef USE_NTLM_SSO +#ifdef WINBIND_NTLM_AUTH_ENABLED | CURL_VERSION_NTLM_WB #endif #ifdef USE_WINDOWS_SSPI diff --git a/m4/curl-confopts.m4 b/m4/curl-confopts.m4 index 015101e7f..190ff00a7 100644 --- a/m4/curl-confopts.m4 +++ b/m4/curl-confopts.m4 @@ -508,8 +508,8 @@ AC_DEFUN([CURL_CHECK_OPTION_WINBIND_NTLM_AUTH], [ AC_BEFORE([$0],[CURL_CHECK_WINBIND_NTLM_AUTH])dnl OPT_WINBIND_NTLM_AUTH="default" AC_ARG_ENABLE(wb-ntlm-auth, -AC_HELP_STRING([--enable-wb-ntlm-auth@<:@=FILE@:>@],[Enable winbind's ntlm_auth helper for NTLM SSO, where FILE is ntlm_auth's absolute filename (default: /usr/bin/ntlm_auth)]) -AC_HELP_STRING([--disable-wb-ntlm-auth],[Disable winbind's ntlm_auth helper for NTLM SSO]), +AC_HELP_STRING([--enable-wb-ntlm-auth@<:@=FILE@:>@],[Enable NTLM delegation to winbind's ntlm_auth helper, where FILE is ntlm_auth's absolute filename (default: /usr/bin/ntlm_auth)]) +AC_HELP_STRING([--disable-wb-ntlm-auth],[Disable NTLM delegation to winbind's ntlm_auth helper]), OPT_WINBIND_NTLM_AUTH=$enableval) want_wb_ntlm_auth_file="/usr/bin/ntlm_auth" case "$OPT_WINBIND_NTLM_AUTH" in @@ -541,15 +541,16 @@ dnl given and target platform. AC_DEFUN([CURL_CHECK_WINBIND_NTLM_AUTH], [ AC_REQUIRE([CURL_CHECK_OPTION_WINBIND_NTLM_AUTH])dnl AC_REQUIRE([CURL_CHECK_NATIVE_WINDOWS])dnl - AC_MSG_CHECKING([whether to enable winbind's ntlm_auth support for NTLM SSO]) - if test "$ac_cv_native_windows" = "yes"; then + AC_MSG_CHECKING([whether to enable NTLM delegation to winbind's helper]) + if test "$ac_cv_native_windows" = "yes" || + test "x$SSL_ENABLED" = "x"; then want_wb_ntlm_auth_file="" want_wb_ntlm_auth="no" fi AC_MSG_RESULT([$want_wb_ntlm_auth]) if test "$want_wb_ntlm_auth" = "yes"; then AC_DEFINE(WINBIND_NTLM_AUTH_ENABLED, 1, - [Define to enable winbind's ntlm_auth support for NTLM SSO.]) + [Define to enable NTLM delegation to winbind's ntlm_auth helper.]) AC_DEFINE_UNQUOTED(WINBIND_NTLM_AUTH_FILE, "$want_wb_ntlm_auth_file", [Define absolute filename for winbind's ntlm_auth helper.]) WINBIND_NTLM_AUTH_ENABLED=1 diff --git a/src/main.c b/src/main.c index e3d26a772..86a0c4389 100644 --- a/src/main.c +++ b/src/main.c @@ -1879,7 +1879,7 @@ static ParameterError getparameter(char *flag, /* f or -long-flag */ {"*k", "digest", FALSE}, {"*l", "negotiate", FALSE}, {"*m", "ntlm", FALSE}, - {"*M", "ntlm-sso", FALSE}, + {"*M", "ntlm-wb", FALSE}, {"*n", "basic", FALSE}, {"*o", "anyauth", FALSE}, #ifdef USE_WATT32 @@ -2235,7 +2235,7 @@ static ParameterError getparameter(char *flag, /* f or -long-flag */ config->authtype &= ~CURLAUTH_NTLM; break; - case 'M': /* --ntlm-sso */ + case 'M': /* --ntlm-wb */ if(toggle) { if(curlinfo->features & CURL_VERSION_NTLM_WB) config->authtype |= CURLAUTH_NTLM_WB; @@ -3229,7 +3229,7 @@ static ParameterError getparameter(char *flag, /* f or -long-flag */ {"IPv6", CURL_VERSION_IPV6}, {"Largefile", CURL_VERSION_LARGEFILE}, {"NTLM", CURL_VERSION_NTLM}, - {"NTLM_SSO", CURL_VERSION_NTLM_WB}, + {"NTLM_WB", CURL_VERSION_NTLM_WB}, {"SPNEGO", CURL_VERSION_SPNEGO}, {"SSL", CURL_VERSION_SSL}, {"SSPI", CURL_VERSION_SSPI}, diff --git a/tests/data/test1310 b/tests/data/test1310 index 9187acfe3..fd389d3ef 100644 --- a/tests/data/test1310 +++ b/tests/data/test1310 @@ -55,7 +55,7 @@ Finally, this is the real page! # Client-side -NTLM_SSO +NTLM_WB debug @@ -77,7 +77,7 @@ CURL_NTLM_AUTH_SRCDIR=%SRCDIR CURL_NTLM_AUTH_TESTNUM=1310 -http://%HOSTIP:%HTTPPORT/1310 -u testuser:anypasswd --ntlm-sso +http://%HOSTIP:%HTTPPORT/1310 -u testuser:anypasswd --ntlm-wb chkhostname curlhost diff --git a/tests/runtests.pl b/tests/runtests.pl index 7ea269b2b..304021feb 100755 --- a/tests/runtests.pl +++ b/tests/runtests.pl @@ -203,7 +203,7 @@ my $has_ipv6; # set if libcurl is built with IPv6 support my $has_libz; # set if libcurl is built with libz support my $has_getrlimit; # set if system has getrlimit() my $has_ntlm; # set if libcurl is built with NTLM support -my $has_ntlm_sso; # set if libcurl is built with NTLM single-sign-on support +my $has_ntlm_wb; # set if libcurl is built with NTLM delegation to winbind my $has_charconv;# set if libcurl is built with CharConv support my $has_tls_srp; # set if libcurl is built with TLS-SRP support @@ -2174,9 +2174,9 @@ sub checksystem { # NTLM enabled $has_ntlm=1; } - if($feat =~ /NTLM_SSO/i) { - # NTLM single-sign-on enabled - $has_ntlm_sso=1; + if($feat =~ /NTLM_WB/i) { + # NTLM delegation to winbind daemon ntlm_auth helper enabled + $has_ntlm_wb=1; } if($feat =~ /CharConv/i) { # CharConv enabled @@ -2526,8 +2526,8 @@ sub singletest { next; } } - elsif($f eq "NTLM_SSO") { - if($has_ntlm_sso) { + elsif($f eq "NTLM_WB") { + if($has_ntlm_wb) { next; } }