moparisthebest/curl
1
0
Fork 0
mirror of https://github.com/moparisthebest/curl synced 2025-03-11 07:39:50 -04:00
Code Issues Releases Wiki Activity

NTLM single-sign on adjustments (XI)

Browse Source 
Feature string literal NTLM_SSO renamed to NTLM_WB.
Preprocessor symbol USE_NTLM_SSO renamed to WINBIND_NTLM_AUTH_ENABLED.
curl's 'long' option 'ntlm-sso' renamed to 'ntlm-wb'.
Fix some comments to make clear that this is actually a NTLM delegation.
This commit is contained in:
Yang Tse 2011-08-27 01:32:49 +02:00
parent e18c3f447e
commit b4f6319cf7
10 changed files with 27 additions and 37 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
RELEASE-NOTES
View File

@ -10,7 +10,7 @@ Curl and libcurl 7.22.0
This release includes the following changes: This release includes the following changes:
o Added CURLOPT_GSSAPI_DELEGATION o Added CURLOPT_GSSAPI_DELEGATION
o Added NTLM_SSO support o Added support for NTLM delegation to Samba's winbind daemon helper ntlm_auth
o Display notes from setup file in testcurl.pl o Display notes from setup file in testcurl.pl
o BSD-style lwIP TCP/IP stack support on Windows o BSD-style lwIP TCP/IP stack support on Windows
o OpenSSL: Use SSL_MODE_RELEASE_BUFFERS if available o OpenSSL: Use SSL_MODE_RELEASE_BUFFERS if available
@ -19,7 +19,7 @@ This release includes the following changes:
This release includes the following bugfixes: This release includes the following bugfixes:
o curl_getdate: detect some illegal dates better' o curl_getdate: detect some illegal dates better
o when sending a request and an error is received before the (entire) request o when sending a request and an error is received before the (entire) request
body is sent, stop sending the request and close the connection after body is sent, stop sending the request and close the connection after
having received the entire response. This is equally true if an Expect: having received the entire response. This is equally true if an Expect:

2
configure.ac
View File

@ -2996,7 +2996,7 @@ if test "x$CURL_DISABLE_HTTP" != "x1"; then
-o "x$GNUTLS_ENABLED" = "x1" -o "x$NSS_ENABLED" = "x1"; then -o "x$GNUTLS_ENABLED" = "x1" -o "x$NSS_ENABLED" = "x1"; then
SUPPORT_FEATURES="$SUPPORT_FEATURES NTLM" SUPPORT_FEATURES="$SUPPORT_FEATURES NTLM"
if test "x$WINBIND_NTLM_AUTH_ENABLED" = "x1"; then if test "x$WINBIND_NTLM_AUTH_ENABLED" = "x1"; then
SUPPORT_FEATURES="$SUPPORT_FEATURES NTLM_SSO" SUPPORT_FEATURES="$SUPPORT_FEATURES NTLM_WB"
fi fi
fi fi
fi fi

8
lib/http.c
View File

@ -545,16 +545,12 @@ output_auth_headers(struct connectdata *conn,
} }
else else
#endif #endif
#ifdef USE_NTLM_SSO
if(authstatus->picked == CURLAUTH_NTLM_WB) {
auth="NTLM_SSO";
#ifdef WINBIND_NTLM_AUTH_ENABLED #ifdef WINBIND_NTLM_AUTH_ENABLED
if(authstatus->picked == CURLAUTH_NTLM_WB) {
auth="NTLM_WB";
result = Curl_output_ntlm_wb(conn, proxy); result = Curl_output_ntlm_wb(conn, proxy);
if(result) if(result)
return result; return result;
#else
return CURLE_REMOTE_ACCESS_DENIED;
#endif
} }
else else
#endif #endif

5
lib/setup.h
View File

@ -572,11 +572,6 @@ int netware_init(void);
#if defined(USE_SSLEAY) || defined(USE_WINDOWS_SSPI) || \ #if defined(USE_SSLEAY) || defined(USE_WINDOWS_SSPI) || \
defined(USE_GNUTLS) || defined(USE_NSS) defined(USE_GNUTLS) || defined(USE_NSS)
#define USE_NTLM #define USE_NTLM
#if defined(WINBIND_NTLM_AUTH_ENABLED)
/* Support NTLM single-sign-on by using Samba's winbind daemon helper
'ntlm_auth' */
#define USE_NTLM_SSO
#endif
#endif #endif
#endif #endif

10
lib/url.c
View File

@ -1388,9 +1388,8 @@ CURLcode Curl_setopt(struct SessionHandle *data, CURLoption option,
#ifndef USE_NTLM #ifndef USE_NTLM
auth &= ~CURLAUTH_NTLM; /* no NTLM without SSL */ auth &= ~CURLAUTH_NTLM; /* no NTLM without SSL */
#endif #endif
#ifndef USE_NTLM_SSO #ifndef WINBIND_NTLM_AUTH_ENABLED
auth &= ~CURLAUTH_NTLM_WB; /* no NTLM single-sign-on without SSL auth &= ~CURLAUTH_NTLM_WB;
and ntlm_auth */
#endif #endif
#ifndef USE_HTTP_NEGOTIATE #ifndef USE_HTTP_NEGOTIATE
auth &= ~CURLAUTH_GSSNEGOTIATE; /* no GSS-Negotiate without GSSAPI or auth &= ~CURLAUTH_GSSNEGOTIATE; /* no GSS-Negotiate without GSSAPI or
@ -1453,9 +1452,8 @@ CURLcode Curl_setopt(struct SessionHandle *data, CURLoption option,
#ifndef USE_NTLM #ifndef USE_NTLM
auth &= ~CURLAUTH_NTLM; /* no NTLM without SSL */ auth &= ~CURLAUTH_NTLM; /* no NTLM without SSL */
#endif #endif
#ifndef USE_NTLM_SSO #ifndef WINBIND_NTLM_AUTH_ENABLED
auth &= ~CURLAUTH_NTLM_WB; /* no NTLM single-sign-on without SSL auth &= ~CURLAUTH_NTLM_WB;
and ntlm_auth */
#endif #endif
#ifndef USE_HTTP_NEGOTIATE #ifndef USE_HTTP_NEGOTIATE
auth &= ~CURLAUTH_GSSNEGOTIATE; /* no GSS-Negotiate without GSSAPI or auth &= ~CURLAUTH_GSSNEGOTIATE; /* no GSS-Negotiate without GSSAPI or

2
lib/version.c
View File

@ -240,7 +240,7 @@ static curl_version_info_data version_info = {
#ifdef USE_NTLM #ifdef USE_NTLM
| CURL_VERSION_NTLM | CURL_VERSION_NTLM
#endif #endif
#ifdef USE_NTLM_SSO #ifdef WINBIND_NTLM_AUTH_ENABLED
| CURL_VERSION_NTLM_WB | CURL_VERSION_NTLM_WB
#endif #endif
#ifdef USE_WINDOWS_SSPI #ifdef USE_WINDOWS_SSPI

11
m4/curl-confopts.m4
View File

@ -508,8 +508,8 @@ AC_DEFUN([CURL_CHECK_OPTION_WINBIND_NTLM_AUTH], [
AC_BEFORE([$0],[CURL_CHECK_WINBIND_NTLM_AUTH])dnl AC_BEFORE([$0],[CURL_CHECK_WINBIND_NTLM_AUTH])dnl
OPT_WINBIND_NTLM_AUTH="default" OPT_WINBIND_NTLM_AUTH="default"
AC_ARG_ENABLE(wb-ntlm-auth, AC_ARG_ENABLE(wb-ntlm-auth,
AC_HELP_STRING([--enable-wb-ntlm-auth@<:@=FILE@:>@],[Enable winbind's ntlm_auth helper for NTLM SSO, where FILE is ntlm_auth's absolute filename (default: /usr/bin/ntlm_auth)]) AC_HELP_STRING([--enable-wb-ntlm-auth@<:@=FILE@:>@],[Enable NTLM delegation to winbind's ntlm_auth helper, where FILE is ntlm_auth's absolute filename (default: /usr/bin/ntlm_auth)])
AC_HELP_STRING([--disable-wb-ntlm-auth],[Disable winbind's ntlm_auth helper for NTLM SSO]), AC_HELP_STRING([--disable-wb-ntlm-auth],[Disable NTLM delegation to winbind's ntlm_auth helper]),
OPT_WINBIND_NTLM_AUTH=$enableval) OPT_WINBIND_NTLM_AUTH=$enableval)
want_wb_ntlm_auth_file="/usr/bin/ntlm_auth" want_wb_ntlm_auth_file="/usr/bin/ntlm_auth"
case "$OPT_WINBIND_NTLM_AUTH" in case "$OPT_WINBIND_NTLM_AUTH" in
@ -541,15 +541,16 @@ dnl given and target platform.
AC_DEFUN([CURL_CHECK_WINBIND_NTLM_AUTH], [ AC_DEFUN([CURL_CHECK_WINBIND_NTLM_AUTH], [
AC_REQUIRE([CURL_CHECK_OPTION_WINBIND_NTLM_AUTH])dnl AC_REQUIRE([CURL_CHECK_OPTION_WINBIND_NTLM_AUTH])dnl
AC_REQUIRE([CURL_CHECK_NATIVE_WINDOWS])dnl AC_REQUIRE([CURL_CHECK_NATIVE_WINDOWS])dnl
AC_MSG_CHECKING([whether to enable winbind's ntlm_auth support for NTLM SSO]) AC_MSG_CHECKING([whether to enable NTLM delegation to winbind's helper])
if test "$ac_cv_native_windows" = "yes"; then if test "$ac_cv_native_windows" = "yes" ||
test "x$SSL_ENABLED" = "x"; then
want_wb_ntlm_auth_file="" want_wb_ntlm_auth_file=""
want_wb_ntlm_auth="no" want_wb_ntlm_auth="no"
fi fi
AC_MSG_RESULT([$want_wb_ntlm_auth]) AC_MSG_RESULT([$want_wb_ntlm_auth])
if test "$want_wb_ntlm_auth" = "yes"; then if test "$want_wb_ntlm_auth" = "yes"; then
AC_DEFINE(WINBIND_NTLM_AUTH_ENABLED, 1, AC_DEFINE(WINBIND_NTLM_AUTH_ENABLED, 1,
[Define to enable winbind's ntlm_auth support for NTLM SSO.]) [Define to enable NTLM delegation to winbind's ntlm_auth helper.])
AC_DEFINE_UNQUOTED(WINBIND_NTLM_AUTH_FILE, "$want_wb_ntlm_auth_file", AC_DEFINE_UNQUOTED(WINBIND_NTLM_AUTH_FILE, "$want_wb_ntlm_auth_file",
[Define absolute filename for winbind's ntlm_auth helper.]) [Define absolute filename for winbind's ntlm_auth helper.])
WINBIND_NTLM_AUTH_ENABLED=1 WINBIND_NTLM_AUTH_ENABLED=1

6
src/main.c
View File

@ -1879,7 +1879,7 @@ static ParameterError getparameter(char *flag, /* f or -long-flag */
{"*k", "digest", FALSE}, {"*k", "digest", FALSE},
{"*l", "negotiate", FALSE}, {"*l", "negotiate", FALSE},
{"*m", "ntlm", FALSE}, {"*m", "ntlm", FALSE},
{"*M", "ntlm-sso", FALSE}, {"*M", "ntlm-wb", FALSE},
{"*n", "basic", FALSE}, {"*n", "basic", FALSE},
{"*o", "anyauth", FALSE}, {"*o", "anyauth", FALSE},
#ifdef USE_WATT32 #ifdef USE_WATT32
@ -2235,7 +2235,7 @@ static ParameterError getparameter(char *flag, /* f or -long-flag */
config->authtype &= ~CURLAUTH_NTLM; config->authtype &= ~CURLAUTH_NTLM;
break; break;
case 'M': /* --ntlm-sso */ case 'M': /* --ntlm-wb */
if(toggle) { if(toggle) {
if(curlinfo->features & CURL_VERSION_NTLM_WB) if(curlinfo->features & CURL_VERSION_NTLM_WB)
config->authtype |= CURLAUTH_NTLM_WB; config->authtype |= CURLAUTH_NTLM_WB;
@ -3229,7 +3229,7 @@ static ParameterError getparameter(char *flag, /* f or -long-flag */
{"IPv6", CURL_VERSION_IPV6}, {"IPv6", CURL_VERSION_IPV6},
{"Largefile", CURL_VERSION_LARGEFILE}, {"Largefile", CURL_VERSION_LARGEFILE},
{"NTLM", CURL_VERSION_NTLM}, {"NTLM", CURL_VERSION_NTLM},
{"NTLM_SSO", CURL_VERSION_NTLM_WB}, {"NTLM_WB", CURL_VERSION_NTLM_WB},
{"SPNEGO", CURL_VERSION_SPNEGO}, {"SPNEGO", CURL_VERSION_SPNEGO},
{"SSL", CURL_VERSION_SSL}, {"SSL", CURL_VERSION_SSL},
{"SSPI", CURL_VERSION_SSPI}, {"SSPI", CURL_VERSION_SSPI},

4
tests/data/test1310
View File

@ -55,7 +55,7 @@ Finally, this is the real page!
# Client-side # Client-side
<client> <client>
<features> <features>
NTLM_SSO NTLM_WB
debug debug
</features> </features>
<server> <server>
@ -77,7 +77,7 @@ CURL_NTLM_AUTH_SRCDIR=%SRCDIR
CURL_NTLM_AUTH_TESTNUM=1310 CURL_NTLM_AUTH_TESTNUM=1310
</setenv> </setenv>
<command> <command>
http://%HOSTIP:%HTTPPORT/1310 -u testuser:anypasswd --ntlm-sso http://%HOSTIP:%HTTPPORT/1310 -u testuser:anypasswd --ntlm-wb
</command> </command>
<precheck> <precheck>
chkhostname curlhost chkhostname curlhost

12
tests/runtests.pl
View File

@ -203,7 +203,7 @@ my $has_ipv6; # set if libcurl is built with IPv6 support
my $has_libz; # set if libcurl is built with libz support my $has_libz; # set if libcurl is built with libz support
my $has_getrlimit; # set if system has getrlimit() my $has_getrlimit; # set if system has getrlimit()
my $has_ntlm; # set if libcurl is built with NTLM support my $has_ntlm; # set if libcurl is built with NTLM support
my $has_ntlm_sso; # set if libcurl is built with NTLM single-sign-on support my $has_ntlm_wb; # set if libcurl is built with NTLM delegation to winbind
my $has_charconv;# set if libcurl is built with CharConv support my $has_charconv;# set if libcurl is built with CharConv support
my $has_tls_srp; # set if libcurl is built with TLS-SRP support my $has_tls_srp; # set if libcurl is built with TLS-SRP support
@ -2174,9 +2174,9 @@ sub checksystem {
# NTLM enabled # NTLM enabled
$has_ntlm=1; $has_ntlm=1;
} }
if($feat =~ /NTLM_SSO/i) { if($feat =~ /NTLM_WB/i) {
# NTLM single-sign-on enabled # NTLM delegation to winbind daemon ntlm_auth helper enabled
$has_ntlm_sso=1; $has_ntlm_wb=1;
} }
if($feat =~ /CharConv/i) { if($feat =~ /CharConv/i) {
# CharConv enabled # CharConv enabled
@ -2526,8 +2526,8 @@ sub singletest {
next; next;
} }
} }
elsif($f eq "NTLM_SSO") { elsif($f eq "NTLM_WB") {
if($has_ntlm_sso) { if($has_ntlm_wb) {
next; next;
} }
} }