NTLM single-sign on adjustments (VIII)

  USE_MANUAL="no";

fi

dnl **********************************************************

dnl path of NTLM single-sign-on helper ntlm_auth

dnl

AC_ARG_WITH(ntlm-auth,

   AC_HELP_STRING([--with-ntlm-auth=PATH],

                  [Where to look for ntlm_auth, path points to ntlm_auth installation (default: /usr/bin/ntlm_auth);])

   AC_HELP_STRING([--without-ntlm-auth],

        [disable ntlm single-sign-on by using ntlm_auth]),

ntlm_auth="$withval",

        [if test "$ac_cv_native_windows" = "yes"; then ntlm_auth="no"; else ntlm_auth="/usr/bin/ntlm_auth"; fi])

AC_MSG_CHECKING([if using ntlm_auth is requested])

if test "$ntlm_auth" != "no"; then

  AC_DEFINE(USE_NTLM_AUTH, 1, [Whether or not use Samba's 'winbind' daemon helper 'ntlm_auth' for NTLM single-sign-on])

  AC_SUBST(USE_NTLM_AUTH, [1])

  if test "$ntlm_auth" = "yes"; then

    dnl --with-ntlm-auth (without path) used, use default path

    ntlm_auth="/usr/bin/ntlm_auth"

  fi

  AC_MSG_RESULT($ntlm_auth)

else

  AC_MSG_RESULT(no)

fi

AC_SUBST(ntlm_auth)

AC_DEFINE_UNQUOTED(NTLM_AUTH, "$ntlm_auth", [Samba's 'winbind' daemon helper 'ntlm_auth' which can be used for NTLM single-sign-on])

dnl *************************************************************************

dnl If the manual variable still is set, then we go with providing a built-in

dnl manual

       AC_MSG_RESULT(yes)

)

CURL_CHECK_OPTION_WINBIND_NTLM_AUTH

CURL_CHECK_WINBIND_NTLM_AUTH

dnl ************************************************************

dnl disable TLS-SRP authentication

dnl

  if test "x$USE_SSLEAY" = "x1" -o "x$USE_WINDOWS_SSPI" = "x1" \

      -o "x$GNUTLS_ENABLED" = "x1" -o "x$NSS_ENABLED" = "x1"; then

    SUPPORT_FEATURES="$SUPPORT_FEATURES NTLM"

    if test "x$USE_NTLM_AUTH" = "x1"; then

    if test "x$WINBIND_NTLM_AUTH_ENABLED" = "x1"; then

      SUPPORT_FEATURES="$SUPPORT_FEATURES NTLM_SSO"

    fi

  fi

#ifdef USE_NTLM_SSO

  if(authstatus->picked == CURLAUTH_NTLM_SSO) {

    auth="NTLM_SSO";

#ifdef WINBIND_NTLM_AUTH_ENABLED

    result = Curl_output_ntlm_sso(conn, proxy);

    if(result)

      return result;

#else

    return CURLE_REMOTE_ACCESS_DENIED;

#endif

  }

  else

#endif

          Curl_input_ntlm(conn, (bool)(httpcode == 407), start);

        if(CURLNTLM_BAD != ntlm) {

          data->state.authproblem = FALSE;

#ifdef USE_NTLM_SSO

#ifdef WINBIND_NTLM_AUTH_ENABLED

          if(authp->picked == CURLAUTH_NTLM_SSO) {

            *availp &= ~CURLAUTH_NTLM;

            authp->avail &= ~CURLAUTH_NTLM;

#define DEBUG_ME 0

#ifdef HAVE_SYS_TYPES_H

#include <sys/types.h>

#endif

#ifdef HAVE_UNISTD_H

#include <unistd.h>

#endif

#ifdef USE_NTLM_SSO

#include <unistd.h>

#include <sys/types.h>

#ifdef HAVE_SYS_WAIT_H

#include <sys/wait.h>

#endif

#ifdef HAVE_SIGNAL_H

#include <signal.h>

#endif

}

#endif

#ifdef USE_NTLM_SSO

#ifdef WINBIND_NTLM_AUTH_ENABLED

static void sso_ntlm_close(struct connectdata *conn)

{

  if(conn->ntlm_auth_hlpr_socket != CURL_SOCKET_BAD) {

    username = username + (slash - domain) + 1;

  }

  /* When DEBUGBUILD is defined and environment variable NTLM_AUTH is set

   * (in test case 2005), use a fake_ntlm to do NTLM challenge/response,

   * which only accept commands and output strings pre-written/saved in

   * test case 2005 */

  /* For testing purposes, when DEBUGBUILD is defined and environment

     variable CURL_NTLM_AUTH is set a fake_ntlm is used to perform

     NTLM challenge/response which only accepts commands and output

     strings pre-written in test case definitions */

#ifdef DEBUGBUILD

  ntlm_auth_alloc = curl_getenv("NTLM_AUTH");

  ntlm_auth_alloc = curl_getenv("CURL_NTLM_AUTH");

  if(ntlm_auth_alloc)

    ntlm_auth = ntlm_auth_alloc;

  else

#endif

    ntlm_auth = NTLM_AUTH;

    ntlm_auth = WINBIND_NTLM_AUTH_FILE;

  if(access(ntlm_auth, X_OK) != 0) {

    error = ERRNO;

     * http://devel.squid-cache.org/ntlm/squid_helper_protocol.html

     * http://www.samba.org/samba/docs/man/manpages-3/winbindd.8.html

     * http://www.samba.org/samba/docs/man/manpages-3/ntlm_auth.1.html

     * The preprocessor variable 'USE_NTLM_AUTH' indicates whether

     * this feature is enabled. Another one 'NTLM_AUTH' contains absolute

     * path of it.

     * Preprocessor symbol 'WINBIND_NTLM_AUTH_ENABLED' is defined when

     * this feature is enabled and 'WINBIND_NTLM_AUTH_FILE' symbol holds

     * absolute filename of ntlm_auth helper.

     * If NTLM single-sign-on fails, go back to original request

     * handling process.

     */

  return CURLE_OK;

}

#endif /* USE_NTLM_SSO */

#endif /* WINBIND_NTLM_AUTH_ENABLED */

/* this is for creating ntlm header output */

CURLcode Curl_output_ntlm(struct connectdata *conn,

  ntlm_sspi_cleanup(&conn->ntlm);

  ntlm_sspi_cleanup(&conn->proxyntlm);

#else

#ifdef USE_NTLM_SSO

#ifdef WINBIND_NTLM_AUTH_ENABLED

  sso_ntlm_close(conn);

#endif

  (void)conn;

#ifndef __HTTP_NTLM_H

#define __HTTP_NTLM_H

#ifndef HEADER_CURL_HTTP_NTLM_H

#define HEADER_CURL_HTTP_NTLM_H

/***************************************************************************

 *                                  _   _ ____  _

 *  Project                     ___| | | |  _ \| |

/* this is for creating ntlm header output */

CURLcode Curl_output_ntlm(struct connectdata *conn, bool proxy);

#ifdef USE_NTLM_SSO

#ifdef WINBIND_NTLM_AUTH_ENABLED

/* this is for creating ntlm header output by delegating challenge/response

 * to a Samba's daemon helper ntlm_auth */

   to Samba's winbind daemon helper ntlm_auth */

CURLcode Curl_output_ntlm_sso(struct connectdata *conn, bool proxy);

#endif

#define NTLMFLAG_NEGOTIATE_56                    (1<<31)

/* Indicates that 56-bit encryption is supported. */

#endif

#endif /* HEADER_CURL_HTTP_NTLM_H */

#if defined(USE_SSLEAY) || defined(USE_WINDOWS_SSPI) || \

   defined(USE_GNUTLS) || defined(USE_NSS)

#define USE_NTLM

#if defined(USE_NTLM_AUTH)

#if defined(WINBIND_NTLM_AUTH_ENABLED)

/* Support NTLM single-sign-on by using Samba's winbind daemon helper

   'ntlm_auth' */

#define USE_NTLM_SSO