NTLM single-sign on adjustments (X) (407e08ba) · Commits · CYBER - Cyber Security / TS 103 523 MSP / TLMSP / TLMSP curl

docs/libcurl/symbols-in-versions

+2 −2

Original line number	Diff line number	Diff line
		@@ -20,7 +20,7 @@ CURLAUTH_DIGEST_IE 7.19.3
		CURLAUTH_GSSNEGOTIATE 7.10.6
		CURLAUTH_NONE 7.10.6
		CURLAUTH_NTLM 7.10.6
		CURLAUTH_NTLM_SSO 7.22.0
		CURLAUTH_NTLM_WB 7.22.0
		CURLAUTH_ONLY 7.21.3
		CURLCLOSEPOLICY_CALLBACK 7.7
		CURLCLOSEPOLICY_LEAST_RECENTLY_USED 7.7
		@@ -680,7 +680,7 @@ CURL_VERSION_KERBEROS4 7.10
		CURL_VERSION_LARGEFILE 7.11.1
		CURL_VERSION_LIBZ 7.10
		CURL_VERSION_NTLM 7.10.6
		CURL_VERSION_NTLM_SSO 7.22.0
		CURL_VERSION_NTLM_WB 7.22.0
		CURL_VERSION_SPNEGO 7.10.8
		CURL_VERSION_SSL 7.10
		CURL_VERSION_SSPI 7.13.2

include/curl/curl.h

+3 −3

Original line number	Diff line number	Diff line
		@@ -598,7 +598,7 @@ typedef enum {
		#define CURLAUTH_GSSNEGOTIATE (1<<2) /* GSS-Negotiate */
		#define CURLAUTH_NTLM (1<<3) /* NTLM */
		#define CURLAUTH_DIGEST_IE (1<<4) /* Digest with IE flavour */
		#define CURLAUTH_NTLM_SSO (1<<5) /* NTLM single-sign-on */
		#define CURLAUTH_NTLM_WB (1<<5) /* NTLM delegating to winbind helper */
		#define CURLAUTH_ONLY (1<<31) /* used together with a single other
		type to force no auth or just that
		single type */
		@@ -2095,8 +2095,8 @@ typedef struct {
		#define CURL_VERSION_CONV (1<<12) /* character conversions supported */
		#define CURL_VERSION_CURLDEBUG (1<<13) /* debug memory tracking supported */
		#define CURL_VERSION_TLSAUTH_SRP (1<<14) /* TLS-SRP auth is supported */
		#define CURL_VERSION_NTLM_SSO (1<<15) /* NTLM single-sign-on is supported
		by using ntlm_auth */
		#define CURL_VERSION_NTLM_WB (1<<15) /* NTLM delegating to winbind helper */

		/*
		* NAME curl_version_info()
		*

lib/http.c

+10 −10

Original line number	Diff line number	Diff line
		@@ -292,8 +292,8 @@ static bool pickoneauth(struct auth *pick)
		pick->picked = CURLAUTH_DIGEST;
		else if(avail & CURLAUTH_NTLM)
		pick->picked = CURLAUTH_NTLM;
		else if(avail & CURLAUTH_NTLM_SSO)
		pick->picked = CURLAUTH_NTLM_SSO;
		else if(avail & CURLAUTH_NTLM_WB)
		pick->picked = CURLAUTH_NTLM_WB;
		else if(avail & CURLAUTH_BASIC)
		pick->picked = CURLAUTH_BASIC;
		else {
		@@ -381,8 +381,8 @@ static CURLcode http_perhapsrewind(struct connectdata *conn)
		/* There is still data left to send */
		if((data->state.authproxy.picked == CURLAUTH_NTLM) \|\|
		(data->state.authhost.picked == CURLAUTH_NTLM) \|\|
		(data->state.authproxy.picked == CURLAUTH_NTLM_SSO) \|\|
		(data->state.authhost.picked == CURLAUTH_NTLM_SSO)) {
		(data->state.authproxy.picked == CURLAUTH_NTLM_WB) \|\|
		(data->state.authhost.picked == CURLAUTH_NTLM_WB)) {
		if(((expectsend - bytessent) < 2000) \|\|
		(conn->ntlm.state != NTLMSTATE_NONE)) {
		/* The NTLM-negotiation has started OR there is just a little (<2K)
		@@ -546,10 +546,10 @@ output_auth_headers(struct connectdata *conn,
		else
		#endif
		#ifdef USE_NTLM_SSO
		if(authstatus->picked == CURLAUTH_NTLM_SSO) {
		if(authstatus->picked == CURLAUTH_NTLM_WB) {
		auth="NTLM_SSO";
		#ifdef WINBIND_NTLM_AUTH_ENABLED
		result = Curl_output_ntlm_sso(conn, proxy);
		result = Curl_output_ntlm_wb(conn, proxy);
		if(result)
		return result;
		#else
		@@ -771,18 +771,18 @@ CURLcode Curl_http_input_auth(struct connectdata *conn,
		*availp \|= CURLAUTH_NTLM;
		authp->avail \|= CURLAUTH_NTLM;
		if(authp->picked == CURLAUTH_NTLM \|\|
		authp->picked == CURLAUTH_NTLM_SSO) {
		authp->picked == CURLAUTH_NTLM_WB) {
		/* NTLM authentication is picked and activated */
		CURLcode ntlm =
		Curl_input_ntlm(conn, (bool)(httpcode == 407), start);
		if(CURLE_OK == ntlm) {
		data->state.authproblem = FALSE;
		#ifdef WINBIND_NTLM_AUTH_ENABLED
		if(authp->picked == CURLAUTH_NTLM_SSO) {
		if(authp->picked == CURLAUTH_NTLM_WB) {
		*availp &= ~CURLAUTH_NTLM;
		authp->avail &= ~CURLAUTH_NTLM;
		*availp \|= CURLAUTH_NTLM_SSO;
		authp->avail \|= CURLAUTH_NTLM_SSO;
		*availp \|= CURLAUTH_NTLM_WB;
		authp->avail \|= CURLAUTH_NTLM_WB;

		/* Get the challenge-message which will be passed to
		* ntlm_auth for generating the type 3 message later */

lib/http_ntlm.c

+12 −14

Original line number	Diff line number	Diff line
		@@ -125,7 +125,7 @@ CURLcode Curl_input_ntlm(struct connectdata *conn,
		}

		#ifdef WINBIND_NTLM_AUTH_ENABLED
		static void sso_ntlm_close(struct connectdata *conn)
		static void wb_ntlm_close(struct connectdata *conn)
		{
		if(conn->ntlm_auth_hlpr_socket != CURL_SOCKET_BAD) {
		sclose(conn->ntlm_auth_hlpr_socket);
		@@ -163,7 +163,7 @@ static void sso_ntlm_close(struct connectdata *conn)
		conn->response_header = NULL;
		}

		static CURLcode sso_ntlm_initiate(struct connectdata *conn,
		static CURLcode wb_ntlm_initiate(struct connectdata *conn,
		const char *userp)
		{
		curl_socket_t sockfds[2];
		@@ -279,7 +279,7 @@ done:
		return CURLE_REMOTE_ACCESS_DENIED;
		}

		static CURLcode sso_ntlm_response(struct connectdata *conn,
		static CURLcode wb_ntlm_response(struct connectdata *conn,
		const char *input, curlntlm state)
		{
		ssize_t size;
		@@ -342,9 +342,9 @@ done:

		/*
		* This is for creating ntlm header output by delegating challenge/response
		* to a Samba's daemon helper ntlm_auth
		* to Samba's winbind daemon helper ntlm_auth.
		*/
		CURLcode Curl_output_ntlm_sso(struct connectdata *conn,
		CURLcode Curl_output_ntlm_wb(struct connectdata *conn,
		bool proxy)
		{
		/* point to the address of the pointer that holds the string to sent to the
		@@ -396,10 +396,10 @@ CURLcode Curl_output_ntlm_sso(struct connectdata *conn,
		* handling process.
		*/
		/* Create communication with ntlm_auth */
		res = sso_ntlm_initiate(conn, userp);
		res = wb_ntlm_initiate(conn, userp);
		if(res)
		return res;
		res = sso_ntlm_response(conn, "YR\n", ntlm->state);
		res = wb_ntlm_response(conn, "YR\n", ntlm->state);
		if(res)
		return res;

		@@ -415,9 +415,7 @@ CURLcode Curl_output_ntlm_sso(struct connectdata *conn,
		input = aprintf("TT %s", conn->challenge_header);
		if(!input)
		return CURLE_OUT_OF_MEMORY;
		res = sso_ntlm_response(conn,
		input,
		ntlm->state);
		res = wb_ntlm_response(conn, input, ntlm->state);
		free(input);
		input = NULL;
		if(res)
		@@ -430,7 +428,7 @@ CURLcode Curl_output_ntlm_sso(struct connectdata *conn,
		DEBUG_OUT(fprintf(stderr, "**** %s\n ", *allocuserpwd));
		ntlm->state = NTLMSTATE_TYPE3; /* we sent a type-3 */
		authp->done = TRUE;
		sso_ntlm_close(conn);
		wb_ntlm_close(conn);
		break;
		case NTLMSTATE_TYPE3:
		/* connection is already authenticated,
		@@ -566,7 +564,7 @@ void Curl_http_ntlm_cleanup(struct connectdata *conn)
		Curl_ntlm_sspi_cleanup(&conn->ntlm);
		Curl_ntlm_sspi_cleanup(&conn->proxyntlm);
		#elif defined(WINBIND_NTLM_AUTH_ENABLED)
		sso_ntlm_close(conn);
		wb_ntlm_close(conn);
		#else
		(void)conn;
		#endif

lib/http_ntlm.h

+1 −1

Original line number	Diff line number	Diff line
		@@ -32,7 +32,7 @@ CURLcode Curl_output_ntlm(struct connectdata *conn, bool proxy);
		#ifdef WINBIND_NTLM_AUTH_ENABLED
		/* this is for creating ntlm header output by delegating challenge/response
		to Samba's winbind daemon helper ntlm_auth */
		CURLcode Curl_output_ntlm_sso(struct connectdata *conn, bool proxy);
		CURLcode Curl_output_ntlm_wb(struct connectdata *conn, bool proxy);
		#endif

		#ifdef USE_NTLM

Admin message