luo980/curl
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

NTLM single-sign on adjustments (X)

Browse Source 
Functions renamed:

Curl_output_ntlm_sso -> Curl_output_ntlm_wb
sso_ntlm_close -> wb_ntlm_close
sso_ntlm_response -> wb_ntlm_response
sso_ntlm_initiate -> wb_ntlm_initiate

Preprocessor symbols renamed:

CURLAUTH_NTLM_SSO -> CURLAUTH_NTLM_WB
CURL_VERSION_NTLM_SSO -> CURL_VERSION_NTLM_WB
This commit is contained in:
Yang Tse 2011-08-26 18:57:50 +02:00
parent 186463e7fa
commit 407e08baad
8 changed files with 38 additions and 40 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
docs/libcurl/symbols-in-versions
View File

@ -20,7 +20,7 @@ CURLAUTH_DIGEST_IE 7.19.3
CURLAUTH_GSSNEGOTIATE 7.10.6 CURLAUTH_GSSNEGOTIATE 7.10.6
CURLAUTH_NONE 7.10.6 CURLAUTH_NONE 7.10.6
CURLAUTH_NTLM 7.10.6 CURLAUTH_NTLM 7.10.6
CURLAUTH_NTLM_SSO 7.22.0 CURLAUTH_NTLM_WB 7.22.0
CURLAUTH_ONLY 7.21.3 CURLAUTH_ONLY 7.21.3
CURLCLOSEPOLICY_CALLBACK 7.7 CURLCLOSEPOLICY_CALLBACK 7.7
CURLCLOSEPOLICY_LEAST_RECENTLY_USED 7.7 CURLCLOSEPOLICY_LEAST_RECENTLY_USED 7.7
@ -680,7 +680,7 @@ CURL_VERSION_KERBEROS4 7.10
CURL_VERSION_LARGEFILE 7.11.1 CURL_VERSION_LARGEFILE 7.11.1
CURL_VERSION_LIBZ 7.10 CURL_VERSION_LIBZ 7.10
CURL_VERSION_NTLM 7.10.6 CURL_VERSION_NTLM 7.10.6
CURL_VERSION_NTLM_SSO 7.22.0 CURL_VERSION_NTLM_WB 7.22.0
CURL_VERSION_SPNEGO 7.10.8 CURL_VERSION_SPNEGO 7.10.8
CURL_VERSION_SSL 7.10 CURL_VERSION_SSL 7.10
CURL_VERSION_SSPI 7.13.2 CURL_VERSION_SSPI 7.13.2

6
include/curl/curl.h
View File

@ -598,7 +598,7 @@ typedef enum {
#define CURLAUTH_GSSNEGOTIATE (1<<2) /* GSS-Negotiate */ #define CURLAUTH_GSSNEGOTIATE (1<<2) /* GSS-Negotiate */
#define CURLAUTH_NTLM (1<<3) /* NTLM */ #define CURLAUTH_NTLM (1<<3) /* NTLM */
#define CURLAUTH_DIGEST_IE (1<<4) /* Digest with IE flavour */ #define CURLAUTH_DIGEST_IE (1<<4) /* Digest with IE flavour */
#define CURLAUTH_NTLM_SSO (1<<5) /* NTLM single-sign-on */ #define CURLAUTH_NTLM_WB (1<<5) /* NTLM delegating to winbind helper */
#define CURLAUTH_ONLY (1<<31) /* used together with a single other #define CURLAUTH_ONLY (1<<31) /* used together with a single other
type to force no auth or just that type to force no auth or just that
single type */ single type */
@ -2095,8 +2095,8 @@ typedef struct {
#define CURL_VERSION_CONV (1<<12) /* character conversions supported */ #define CURL_VERSION_CONV (1<<12) /* character conversions supported */
#define CURL_VERSION_CURLDEBUG (1<<13) /* debug memory tracking supported */ #define CURL_VERSION_CURLDEBUG (1<<13) /* debug memory tracking supported */
#define CURL_VERSION_TLSAUTH_SRP (1<<14) /* TLS-SRP auth is supported */ #define CURL_VERSION_TLSAUTH_SRP (1<<14) /* TLS-SRP auth is supported */
#define CURL_VERSION_NTLM_SSO (1<<15) /* NTLM single-sign-on is supported #define CURL_VERSION_NTLM_WB (1<<15) /* NTLM delegating to winbind helper */
by using ntlm_auth */
/* /*
* NAME curl_version_info() * NAME curl_version_info()
* *

20
lib/http.c
View File

@ -292,8 +292,8 @@ static bool pickoneauth(struct auth *pick)
pick->picked = CURLAUTH_DIGEST; pick->picked = CURLAUTH_DIGEST;
else if(avail & CURLAUTH_NTLM) else if(avail & CURLAUTH_NTLM)
pick->picked = CURLAUTH_NTLM; pick->picked = CURLAUTH_NTLM;
else if(avail & CURLAUTH_NTLM_SSO) else if(avail & CURLAUTH_NTLM_WB)
pick->picked = CURLAUTH_NTLM_SSO; pick->picked = CURLAUTH_NTLM_WB;
else if(avail & CURLAUTH_BASIC) else if(avail & CURLAUTH_BASIC)
pick->picked = CURLAUTH_BASIC; pick->picked = CURLAUTH_BASIC;
else { else {
@ -381,8 +381,8 @@ static CURLcode http_perhapsrewind(struct connectdata *conn)
/* There is still data left to send */ /* There is still data left to send */
if((data->state.authproxy.picked == CURLAUTH_NTLM) || if((data->state.authproxy.picked == CURLAUTH_NTLM) ||
(data->state.authhost.picked == CURLAUTH_NTLM) || (data->state.authhost.picked == CURLAUTH_NTLM) ||
(data->state.authproxy.picked == CURLAUTH_NTLM_SSO) || (data->state.authproxy.picked == CURLAUTH_NTLM_WB) ||
(data->state.authhost.picked == CURLAUTH_NTLM_SSO)) { (data->state.authhost.picked == CURLAUTH_NTLM_WB)) {
if(((expectsend - bytessent) < 2000) || if(((expectsend - bytessent) < 2000) ||
(conn->ntlm.state != NTLMSTATE_NONE)) { (conn->ntlm.state != NTLMSTATE_NONE)) {
/* The NTLM-negotiation has started *OR* there is just a little (<2K) /* The NTLM-negotiation has started *OR* there is just a little (<2K)
@ -546,10 +546,10 @@ output_auth_headers(struct connectdata *conn,
else else
#endif #endif
#ifdef USE_NTLM_SSO #ifdef USE_NTLM_SSO
if(authstatus->picked == CURLAUTH_NTLM_SSO) { if(authstatus->picked == CURLAUTH_NTLM_WB) {
auth="NTLM_SSO"; auth="NTLM_SSO";
#ifdef WINBIND_NTLM_AUTH_ENABLED #ifdef WINBIND_NTLM_AUTH_ENABLED
result = Curl_output_ntlm_sso(conn, proxy); result = Curl_output_ntlm_wb(conn, proxy);
if(result) if(result)
return result; return result;
#else #else
@ -771,18 +771,18 @@ CURLcode Curl_http_input_auth(struct connectdata *conn,
*availp |= CURLAUTH_NTLM; *availp |= CURLAUTH_NTLM;
authp->avail |= CURLAUTH_NTLM; authp->avail |= CURLAUTH_NTLM;
if(authp->picked == CURLAUTH_NTLM || if(authp->picked == CURLAUTH_NTLM ||
authp->picked == CURLAUTH_NTLM_SSO) { authp->picked == CURLAUTH_NTLM_WB) {
/* NTLM authentication is picked and activated */ /* NTLM authentication is picked and activated */
CURLcode ntlm = CURLcode ntlm =
Curl_input_ntlm(conn, (bool)(httpcode == 407), start); Curl_input_ntlm(conn, (bool)(httpcode == 407), start);
if(CURLE_OK == ntlm) { if(CURLE_OK == ntlm) {
data->state.authproblem = FALSE; data->state.authproblem = FALSE;
#ifdef WINBIND_NTLM_AUTH_ENABLED #ifdef WINBIND_NTLM_AUTH_ENABLED
if(authp->picked == CURLAUTH_NTLM_SSO) { if(authp->picked == CURLAUTH_NTLM_WB) {
*availp &= ~CURLAUTH_NTLM; *availp &= ~CURLAUTH_NTLM;
authp->avail &= ~CURLAUTH_NTLM; authp->avail &= ~CURLAUTH_NTLM;
*availp |= CURLAUTH_NTLM_SSO; *availp |= CURLAUTH_NTLM_WB;
authp->avail |= CURLAUTH_NTLM_SSO; authp->avail |= CURLAUTH_NTLM_WB;
/* Get the challenge-message which will be passed to /* Get the challenge-message which will be passed to
* ntlm_auth for generating the type 3 message later */ * ntlm_auth for generating the type 3 message later */

26
lib/http_ntlm.c
View File

@ -125,7 +125,7 @@ CURLcode Curl_input_ntlm(struct connectdata *conn,
} }
#ifdef WINBIND_NTLM_AUTH_ENABLED #ifdef WINBIND_NTLM_AUTH_ENABLED
static void sso_ntlm_close(struct connectdata *conn) static void wb_ntlm_close(struct connectdata *conn)
{ {
if(conn->ntlm_auth_hlpr_socket != CURL_SOCKET_BAD) { if(conn->ntlm_auth_hlpr_socket != CURL_SOCKET_BAD) {
sclose(conn->ntlm_auth_hlpr_socket); sclose(conn->ntlm_auth_hlpr_socket);
@ -163,8 +163,8 @@ static void sso_ntlm_close(struct connectdata *conn)
conn->response_header = NULL; conn->response_header = NULL;
} }
static CURLcode sso_ntlm_initiate(struct connectdata *conn, static CURLcode wb_ntlm_initiate(struct connectdata *conn,
const char *userp) const char *userp)
{ {
curl_socket_t sockfds[2]; curl_socket_t sockfds[2];
pid_t child_pid; pid_t child_pid;
@ -279,8 +279,8 @@ done:
return CURLE_REMOTE_ACCESS_DENIED; return CURLE_REMOTE_ACCESS_DENIED;
} }
static CURLcode sso_ntlm_response(struct connectdata *conn, static CURLcode wb_ntlm_response(struct connectdata *conn,
const char *input, curlntlm state) const char *input, curlntlm state)
{ {
ssize_t size; ssize_t size;
char buf[200]; /* enough, type 1, 3 message length is less then 200 */ char buf[200]; /* enough, type 1, 3 message length is less then 200 */
@ -342,9 +342,9 @@ done:
/* /*
* This is for creating ntlm header output by delegating challenge/response * This is for creating ntlm header output by delegating challenge/response
* to a Samba's daemon helper ntlm_auth * to Samba's winbind daemon helper ntlm_auth.
*/ */
CURLcode Curl_output_ntlm_sso(struct connectdata *conn, CURLcode Curl_output_ntlm_wb(struct connectdata *conn,
bool proxy) bool proxy)
{ {
/* point to the address of the pointer that holds the string to sent to the /* point to the address of the pointer that holds the string to sent to the
@ -396,10 +396,10 @@ CURLcode Curl_output_ntlm_sso(struct connectdata *conn,
* handling process. * handling process.
*/ */
/* Create communication with ntlm_auth */ /* Create communication with ntlm_auth */
res = sso_ntlm_initiate(conn, userp); res = wb_ntlm_initiate(conn, userp);
if(res) if(res)
return res; return res;
res = sso_ntlm_response(conn, "YR\n", ntlm->state); res = wb_ntlm_response(conn, "YR\n", ntlm->state);
if(res) if(res)
return res; return res;
@ -415,9 +415,7 @@ CURLcode Curl_output_ntlm_sso(struct connectdata *conn,
input = aprintf("TT %s", conn->challenge_header); input = aprintf("TT %s", conn->challenge_header);
if(!input) if(!input)
return CURLE_OUT_OF_MEMORY; return CURLE_OUT_OF_MEMORY;
res = sso_ntlm_response(conn, res = wb_ntlm_response(conn, input, ntlm->state);
input,
ntlm->state);
free(input); free(input);
input = NULL; input = NULL;
if(res) if(res)
@ -430,7 +428,7 @@ CURLcode Curl_output_ntlm_sso(struct connectdata *conn,
DEBUG_OUT(fprintf(stderr, "**** %s\n ", *allocuserpwd)); DEBUG_OUT(fprintf(stderr, "**** %s\n ", *allocuserpwd));
ntlm->state = NTLMSTATE_TYPE3; /* we sent a type-3 */ ntlm->state = NTLMSTATE_TYPE3; /* we sent a type-3 */
authp->done = TRUE; authp->done = TRUE;
sso_ntlm_close(conn); wb_ntlm_close(conn);
break; break;
case NTLMSTATE_TYPE3: case NTLMSTATE_TYPE3:
/* connection is already authenticated, /* connection is already authenticated,
@ -566,7 +564,7 @@ void Curl_http_ntlm_cleanup(struct connectdata *conn)
Curl_ntlm_sspi_cleanup(&conn->ntlm); Curl_ntlm_sspi_cleanup(&conn->ntlm);
Curl_ntlm_sspi_cleanup(&conn->proxyntlm); Curl_ntlm_sspi_cleanup(&conn->proxyntlm);
#elif defined(WINBIND_NTLM_AUTH_ENABLED) #elif defined(WINBIND_NTLM_AUTH_ENABLED)
sso_ntlm_close(conn); wb_ntlm_close(conn);
#else #else
(void)conn; (void)conn;
#endif #endif

2
lib/http_ntlm.h
View File

@ -32,7 +32,7 @@ CURLcode Curl_output_ntlm(struct connectdata *conn, bool proxy);
#ifdef WINBIND_NTLM_AUTH_ENABLED #ifdef WINBIND_NTLM_AUTH_ENABLED
/* this is for creating ntlm header output by delegating challenge/response /* this is for creating ntlm header output by delegating challenge/response
to Samba's winbind daemon helper ntlm_auth */ to Samba's winbind daemon helper ntlm_auth */
CURLcode Curl_output_ntlm_sso(struct connectdata *conn, bool proxy); CURLcode Curl_output_ntlm_wb(struct connectdata *conn, bool proxy);
#endif #endif
#ifdef USE_NTLM #ifdef USE_NTLM

10
lib/url.c
View File

@ -1389,8 +1389,8 @@ CURLcode Curl_setopt(struct SessionHandle *data, CURLoption option,
auth &= ~CURLAUTH_NTLM; /* no NTLM without SSL */ auth &= ~CURLAUTH_NTLM; /* no NTLM without SSL */
#endif #endif
#ifndef USE_NTLM_SSO #ifndef USE_NTLM_SSO
auth &= ~CURLAUTH_NTLM_SSO; /* no NTLM single-sign-on without SSL auth &= ~CURLAUTH_NTLM_WB; /* no NTLM single-sign-on without SSL
and ntlm_auth */ and ntlm_auth */
#endif #endif
#ifndef USE_HTTP_NEGOTIATE #ifndef USE_HTTP_NEGOTIATE
auth &= ~CURLAUTH_GSSNEGOTIATE; /* no GSS-Negotiate without GSSAPI or auth &= ~CURLAUTH_GSSNEGOTIATE; /* no GSS-Negotiate without GSSAPI or
@ -1454,8 +1454,8 @@ CURLcode Curl_setopt(struct SessionHandle *data, CURLoption option,
auth &= ~CURLAUTH_NTLM; /* no NTLM without SSL */ auth &= ~CURLAUTH_NTLM; /* no NTLM without SSL */
#endif #endif
#ifndef USE_NTLM_SSO #ifndef USE_NTLM_SSO
auth &= ~CURLAUTH_NTLM_SSO; /* no NTLM single-sign-on without SSL auth &= ~CURLAUTH_NTLM_WB; /* no NTLM single-sign-on without SSL
and ntlm_auth */ and ntlm_auth */
#endif #endif
#ifndef USE_HTTP_NEGOTIATE #ifndef USE_HTTP_NEGOTIATE
auth &= ~CURLAUTH_GSSNEGOTIATE; /* no GSS-Negotiate without GSSAPI or auth &= ~CURLAUTH_GSSNEGOTIATE; /* no GSS-Negotiate without GSSAPI or
@ -2999,7 +2999,7 @@ ConnectionExists(struct SessionHandle *data,
if((needle->handler->protocol & CURLPROTO_FTP) || if((needle->handler->protocol & CURLPROTO_FTP) ||
((needle->handler->protocol & CURLPROTO_HTTP) && ((needle->handler->protocol & CURLPROTO_HTTP) &&
((data->state.authhost.want==CURLAUTH_NTLM) || ((data->state.authhost.want==CURLAUTH_NTLM) ||
(data->state.authhost.want==CURLAUTH_NTLM_SSO)))) { (data->state.authhost.want==CURLAUTH_NTLM_WB)))) {
/* This is FTP or HTTP+NTLM, verify that we're using the same name /* This is FTP or HTTP+NTLM, verify that we're using the same name
and password as well */ and password as well */
if(!strequal(needle->user, check->user) || if(!strequal(needle->user, check->user) ||

2
lib/version.c
View File

@ -241,7 +241,7 @@ static curl_version_info_data version_info = {
| CURL_VERSION_NTLM | CURL_VERSION_NTLM
#endif #endif
#ifdef USE_NTLM_SSO #ifdef USE_NTLM_SSO
| CURL_VERSION_NTLM_SSO | CURL_VERSION_NTLM_WB
#endif #endif
#ifdef USE_WINDOWS_SSPI #ifdef USE_WINDOWS_SSPI
| CURL_VERSION_SSPI | CURL_VERSION_SSPI

8
src/main.c
View File

@ -2237,13 +2237,13 @@ static ParameterError getparameter(char *flag, /* f or -long-flag */
case 'M': /* --ntlm-sso */ case 'M': /* --ntlm-sso */
if(toggle) { if(toggle) {
if(curlinfo->features & CURL_VERSION_NTLM_SSO) if(curlinfo->features & CURL_VERSION_NTLM_WB)
config->authtype |= CURLAUTH_NTLM_SSO; config->authtype |= CURLAUTH_NTLM_WB;
else else
return PARAM_LIBCURL_DOESNT_SUPPORT; return PARAM_LIBCURL_DOESNT_SUPPORT;
} }
else else
config->authtype &= ~CURLAUTH_NTLM_SSO; config->authtype &= ~CURLAUTH_NTLM_WB;
break; break;
case 'n': /* --basic for completeness */ case 'n': /* --basic for completeness */
@ -3229,7 +3229,7 @@ static ParameterError getparameter(char *flag, /* f or -long-flag */
{"IPv6", CURL_VERSION_IPV6}, {"IPv6", CURL_VERSION_IPV6},
{"Largefile", CURL_VERSION_LARGEFILE}, {"Largefile", CURL_VERSION_LARGEFILE},
{"NTLM", CURL_VERSION_NTLM}, {"NTLM", CURL_VERSION_NTLM},
{"NTLM_SSO", CURL_VERSION_NTLM_SSO}, {"NTLM_SSO", CURL_VERSION_NTLM_WB},
{"SPNEGO", CURL_VERSION_SPNEGO}, {"SPNEGO", CURL_VERSION_SPNEGO},
{"SSL", CURL_VERSION_SSL}, {"SSL", CURL_VERSION_SSL},
{"SSPI", CURL_VERSION_SSPI}, {"SSPI", CURL_VERSION_SSPI},