NTLM single-sign on adjustments (XI)
Feature string literal NTLM_SSO renamed to NTLM_WB. Preprocessor symbol USE_NTLM_SSO renamed to WINBIND_NTLM_AUTH_ENABLED. curl's 'long' option 'ntlm-sso' renamed to 'ntlm-wb'. Fix some comments to make clear that this is actually a NTLM delegation.
This commit is contained in:
parent
e18c3f447e
commit
b4f6319cf7
@ -10,7 +10,7 @@ Curl and libcurl 7.22.0
|
||||
This release includes the following changes:
|
||||
|
||||
o Added CURLOPT_GSSAPI_DELEGATION
|
||||
o Added NTLM_SSO support
|
||||
o Added support for NTLM delegation to Samba's winbind daemon helper ntlm_auth
|
||||
o Display notes from setup file in testcurl.pl
|
||||
o BSD-style lwIP TCP/IP stack support on Windows
|
||||
o OpenSSL: Use SSL_MODE_RELEASE_BUFFERS if available
|
||||
@ -19,7 +19,7 @@ This release includes the following changes:
|
||||
|
||||
This release includes the following bugfixes:
|
||||
|
||||
o curl_getdate: detect some illegal dates better'
|
||||
o curl_getdate: detect some illegal dates better
|
||||
o when sending a request and an error is received before the (entire) request
|
||||
body is sent, stop sending the request and close the connection after
|
||||
having received the entire response. This is equally true if an Expect:
|
||||
|
@ -2996,7 +2996,7 @@ if test "x$CURL_DISABLE_HTTP" != "x1"; then
|
||||
-o "x$GNUTLS_ENABLED" = "x1" -o "x$NSS_ENABLED" = "x1"; then
|
||||
SUPPORT_FEATURES="$SUPPORT_FEATURES NTLM"
|
||||
if test "x$WINBIND_NTLM_AUTH_ENABLED" = "x1"; then
|
||||
SUPPORT_FEATURES="$SUPPORT_FEATURES NTLM_SSO"
|
||||
SUPPORT_FEATURES="$SUPPORT_FEATURES NTLM_WB"
|
||||
fi
|
||||
fi
|
||||
fi
|
||||
|
@ -545,16 +545,12 @@ output_auth_headers(struct connectdata *conn,
|
||||
}
|
||||
else
|
||||
#endif
|
||||
#ifdef USE_NTLM_SSO
|
||||
if(authstatus->picked == CURLAUTH_NTLM_WB) {
|
||||
auth="NTLM_SSO";
|
||||
#ifdef WINBIND_NTLM_AUTH_ENABLED
|
||||
if(authstatus->picked == CURLAUTH_NTLM_WB) {
|
||||
auth="NTLM_WB";
|
||||
result = Curl_output_ntlm_wb(conn, proxy);
|
||||
if(result)
|
||||
return result;
|
||||
#else
|
||||
return CURLE_REMOTE_ACCESS_DENIED;
|
||||
#endif
|
||||
}
|
||||
else
|
||||
#endif
|
||||
|
@ -572,11 +572,6 @@ int netware_init(void);
|
||||
#if defined(USE_SSLEAY) || defined(USE_WINDOWS_SSPI) || \
|
||||
defined(USE_GNUTLS) || defined(USE_NSS)
|
||||
#define USE_NTLM
|
||||
#if defined(WINBIND_NTLM_AUTH_ENABLED)
|
||||
/* Support NTLM single-sign-on by using Samba's winbind daemon helper
|
||||
'ntlm_auth' */
|
||||
#define USE_NTLM_SSO
|
||||
#endif
|
||||
#endif
|
||||
#endif
|
||||
|
||||
|
10
lib/url.c
10
lib/url.c
@ -1388,9 +1388,8 @@ CURLcode Curl_setopt(struct SessionHandle *data, CURLoption option,
|
||||
#ifndef USE_NTLM
|
||||
auth &= ~CURLAUTH_NTLM; /* no NTLM without SSL */
|
||||
#endif
|
||||
#ifndef USE_NTLM_SSO
|
||||
auth &= ~CURLAUTH_NTLM_WB; /* no NTLM single-sign-on without SSL
|
||||
and ntlm_auth */
|
||||
#ifndef WINBIND_NTLM_AUTH_ENABLED
|
||||
auth &= ~CURLAUTH_NTLM_WB;
|
||||
#endif
|
||||
#ifndef USE_HTTP_NEGOTIATE
|
||||
auth &= ~CURLAUTH_GSSNEGOTIATE; /* no GSS-Negotiate without GSSAPI or
|
||||
@ -1453,9 +1452,8 @@ CURLcode Curl_setopt(struct SessionHandle *data, CURLoption option,
|
||||
#ifndef USE_NTLM
|
||||
auth &= ~CURLAUTH_NTLM; /* no NTLM without SSL */
|
||||
#endif
|
||||
#ifndef USE_NTLM_SSO
|
||||
auth &= ~CURLAUTH_NTLM_WB; /* no NTLM single-sign-on without SSL
|
||||
and ntlm_auth */
|
||||
#ifndef WINBIND_NTLM_AUTH_ENABLED
|
||||
auth &= ~CURLAUTH_NTLM_WB;
|
||||
#endif
|
||||
#ifndef USE_HTTP_NEGOTIATE
|
||||
auth &= ~CURLAUTH_GSSNEGOTIATE; /* no GSS-Negotiate without GSSAPI or
|
||||
|
@ -240,7 +240,7 @@ static curl_version_info_data version_info = {
|
||||
#ifdef USE_NTLM
|
||||
| CURL_VERSION_NTLM
|
||||
#endif
|
||||
#ifdef USE_NTLM_SSO
|
||||
#ifdef WINBIND_NTLM_AUTH_ENABLED
|
||||
| CURL_VERSION_NTLM_WB
|
||||
#endif
|
||||
#ifdef USE_WINDOWS_SSPI
|
||||
|
@ -508,8 +508,8 @@ AC_DEFUN([CURL_CHECK_OPTION_WINBIND_NTLM_AUTH], [
|
||||
AC_BEFORE([$0],[CURL_CHECK_WINBIND_NTLM_AUTH])dnl
|
||||
OPT_WINBIND_NTLM_AUTH="default"
|
||||
AC_ARG_ENABLE(wb-ntlm-auth,
|
||||
AC_HELP_STRING([--enable-wb-ntlm-auth@<:@=FILE@:>@],[Enable winbind's ntlm_auth helper for NTLM SSO, where FILE is ntlm_auth's absolute filename (default: /usr/bin/ntlm_auth)])
|
||||
AC_HELP_STRING([--disable-wb-ntlm-auth],[Disable winbind's ntlm_auth helper for NTLM SSO]),
|
||||
AC_HELP_STRING([--enable-wb-ntlm-auth@<:@=FILE@:>@],[Enable NTLM delegation to winbind's ntlm_auth helper, where FILE is ntlm_auth's absolute filename (default: /usr/bin/ntlm_auth)])
|
||||
AC_HELP_STRING([--disable-wb-ntlm-auth],[Disable NTLM delegation to winbind's ntlm_auth helper]),
|
||||
OPT_WINBIND_NTLM_AUTH=$enableval)
|
||||
want_wb_ntlm_auth_file="/usr/bin/ntlm_auth"
|
||||
case "$OPT_WINBIND_NTLM_AUTH" in
|
||||
@ -541,15 +541,16 @@ dnl given and target platform.
|
||||
AC_DEFUN([CURL_CHECK_WINBIND_NTLM_AUTH], [
|
||||
AC_REQUIRE([CURL_CHECK_OPTION_WINBIND_NTLM_AUTH])dnl
|
||||
AC_REQUIRE([CURL_CHECK_NATIVE_WINDOWS])dnl
|
||||
AC_MSG_CHECKING([whether to enable winbind's ntlm_auth support for NTLM SSO])
|
||||
if test "$ac_cv_native_windows" = "yes"; then
|
||||
AC_MSG_CHECKING([whether to enable NTLM delegation to winbind's helper])
|
||||
if test "$ac_cv_native_windows" = "yes" ||
|
||||
test "x$SSL_ENABLED" = "x"; then
|
||||
want_wb_ntlm_auth_file=""
|
||||
want_wb_ntlm_auth="no"
|
||||
fi
|
||||
AC_MSG_RESULT([$want_wb_ntlm_auth])
|
||||
if test "$want_wb_ntlm_auth" = "yes"; then
|
||||
AC_DEFINE(WINBIND_NTLM_AUTH_ENABLED, 1,
|
||||
[Define to enable winbind's ntlm_auth support for NTLM SSO.])
|
||||
[Define to enable NTLM delegation to winbind's ntlm_auth helper.])
|
||||
AC_DEFINE_UNQUOTED(WINBIND_NTLM_AUTH_FILE, "$want_wb_ntlm_auth_file",
|
||||
[Define absolute filename for winbind's ntlm_auth helper.])
|
||||
WINBIND_NTLM_AUTH_ENABLED=1
|
||||
|
@ -1879,7 +1879,7 @@ static ParameterError getparameter(char *flag, /* f or -long-flag */
|
||||
{"*k", "digest", FALSE},
|
||||
{"*l", "negotiate", FALSE},
|
||||
{"*m", "ntlm", FALSE},
|
||||
{"*M", "ntlm-sso", FALSE},
|
||||
{"*M", "ntlm-wb", FALSE},
|
||||
{"*n", "basic", FALSE},
|
||||
{"*o", "anyauth", FALSE},
|
||||
#ifdef USE_WATT32
|
||||
@ -2235,7 +2235,7 @@ static ParameterError getparameter(char *flag, /* f or -long-flag */
|
||||
config->authtype &= ~CURLAUTH_NTLM;
|
||||
break;
|
||||
|
||||
case 'M': /* --ntlm-sso */
|
||||
case 'M': /* --ntlm-wb */
|
||||
if(toggle) {
|
||||
if(curlinfo->features & CURL_VERSION_NTLM_WB)
|
||||
config->authtype |= CURLAUTH_NTLM_WB;
|
||||
@ -3229,7 +3229,7 @@ static ParameterError getparameter(char *flag, /* f or -long-flag */
|
||||
{"IPv6", CURL_VERSION_IPV6},
|
||||
{"Largefile", CURL_VERSION_LARGEFILE},
|
||||
{"NTLM", CURL_VERSION_NTLM},
|
||||
{"NTLM_SSO", CURL_VERSION_NTLM_WB},
|
||||
{"NTLM_WB", CURL_VERSION_NTLM_WB},
|
||||
{"SPNEGO", CURL_VERSION_SPNEGO},
|
||||
{"SSL", CURL_VERSION_SSL},
|
||||
{"SSPI", CURL_VERSION_SSPI},
|
||||
|
@ -55,7 +55,7 @@ Finally, this is the real page!
|
||||
# Client-side
|
||||
<client>
|
||||
<features>
|
||||
NTLM_SSO
|
||||
NTLM_WB
|
||||
debug
|
||||
</features>
|
||||
<server>
|
||||
@ -77,7 +77,7 @@ CURL_NTLM_AUTH_SRCDIR=%SRCDIR
|
||||
CURL_NTLM_AUTH_TESTNUM=1310
|
||||
</setenv>
|
||||
<command>
|
||||
http://%HOSTIP:%HTTPPORT/1310 -u testuser:anypasswd --ntlm-sso
|
||||
http://%HOSTIP:%HTTPPORT/1310 -u testuser:anypasswd --ntlm-wb
|
||||
</command>
|
||||
<precheck>
|
||||
chkhostname curlhost
|
||||
|
@ -203,7 +203,7 @@ my $has_ipv6; # set if libcurl is built with IPv6 support
|
||||
my $has_libz; # set if libcurl is built with libz support
|
||||
my $has_getrlimit; # set if system has getrlimit()
|
||||
my $has_ntlm; # set if libcurl is built with NTLM support
|
||||
my $has_ntlm_sso; # set if libcurl is built with NTLM single-sign-on support
|
||||
my $has_ntlm_wb; # set if libcurl is built with NTLM delegation to winbind
|
||||
my $has_charconv;# set if libcurl is built with CharConv support
|
||||
my $has_tls_srp; # set if libcurl is built with TLS-SRP support
|
||||
|
||||
@ -2174,9 +2174,9 @@ sub checksystem {
|
||||
# NTLM enabled
|
||||
$has_ntlm=1;
|
||||
}
|
||||
if($feat =~ /NTLM_SSO/i) {
|
||||
# NTLM single-sign-on enabled
|
||||
$has_ntlm_sso=1;
|
||||
if($feat =~ /NTLM_WB/i) {
|
||||
# NTLM delegation to winbind daemon ntlm_auth helper enabled
|
||||
$has_ntlm_wb=1;
|
||||
}
|
||||
if($feat =~ /CharConv/i) {
|
||||
# CharConv enabled
|
||||
@ -2526,8 +2526,8 @@ sub singletest {
|
||||
next;
|
||||
}
|
||||
}
|
||||
elsif($f eq "NTLM_SSO") {
|
||||
if($has_ntlm_sso) {
|
||||
elsif($f eq "NTLM_WB") {
|
||||
if($has_ntlm_wb) {
|
||||
next;
|
||||
}
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user