NTLM single-sign on adjustments (X)

CURLAUTH_GSSNEGOTIATE           7.10.6

CURLAUTH_NONE                   7.10.6

CURLAUTH_NTLM                   7.10.6

CURLAUTH_NTLM_SSO               7.22.0

CURLAUTH_NTLM_WB                7.22.0

CURLAUTH_ONLY                   7.21.3

CURLCLOSEPOLICY_CALLBACK        7.7

CURLCLOSEPOLICY_LEAST_RECENTLY_USED 7.7

CURL_VERSION_LARGEFILE          7.11.1

CURL_VERSION_LIBZ               7.10

CURL_VERSION_NTLM               7.10.6

CURL_VERSION_NTLM_SSO           7.22.0

CURL_VERSION_NTLM_WB            7.22.0

CURL_VERSION_SPNEGO             7.10.8

CURL_VERSION_SSL                7.10

CURL_VERSION_SSPI               7.13.2

#define CURLAUTH_GSSNEGOTIATE (1<<2)  /* GSS-Negotiate */

#define CURLAUTH_NTLM         (1<<3)  /* NTLM */

#define CURLAUTH_DIGEST_IE    (1<<4)  /* Digest with IE flavour */

#define CURLAUTH_NTLM_SSO     (1<<5)  /* NTLM single-sign-on */

#define CURLAUTH_NTLM_WB      (1<<5)  /* NTLM delegating to winbind helper */

#define CURLAUTH_ONLY         (1<<31) /* used together with a single other

                                         type to force no auth or just that

                                         single type */

#define CURL_VERSION_CONV      (1<<12) /* character conversions supported */

#define CURL_VERSION_CURLDEBUG (1<<13) /* debug memory tracking supported */

#define CURL_VERSION_TLSAUTH_SRP (1<<14) /* TLS-SRP auth is supported */

#define CURL_VERSION_NTLM_SSO  (1<<15)  /* NTLM single-sign-on is supported

                                           by using ntlm_auth */

#define CURL_VERSION_NTLM_WB   (1<<15) /* NTLM delegating to winbind helper */

 /*

 * NAME curl_version_info()

 *

    pick->picked = CURLAUTH_DIGEST;

  else if(avail & CURLAUTH_NTLM)

    pick->picked = CURLAUTH_NTLM;

  else if(avail & CURLAUTH_NTLM_SSO)

    pick->picked = CURLAUTH_NTLM_SSO;

  else if(avail & CURLAUTH_NTLM_WB)

    pick->picked = CURLAUTH_NTLM_WB;

  else if(avail & CURLAUTH_BASIC)

    pick->picked = CURLAUTH_BASIC;

  else {

    /* There is still data left to send */

    if((data->state.authproxy.picked == CURLAUTH_NTLM) ||

       (data->state.authhost.picked == CURLAUTH_NTLM) ||

       (data->state.authproxy.picked == CURLAUTH_NTLM_SSO) ||

       (data->state.authhost.picked == CURLAUTH_NTLM_SSO)) {

       (data->state.authproxy.picked == CURLAUTH_NTLM_WB) ||

       (data->state.authhost.picked == CURLAUTH_NTLM_WB)) {

      if(((expectsend - bytessent) < 2000) ||

         (conn->ntlm.state != NTLMSTATE_NONE)) {

        /* The NTLM-negotiation has started *OR* there is just a little (<2K)

  else

#endif

#ifdef USE_NTLM_SSO

  if(authstatus->picked == CURLAUTH_NTLM_SSO) {

  if(authstatus->picked == CURLAUTH_NTLM_WB) {

    auth="NTLM_SSO";

#ifdef WINBIND_NTLM_AUTH_ENABLED

    result = Curl_output_ntlm_sso(conn, proxy);

    result = Curl_output_ntlm_wb(conn, proxy);

    if(result)

      return result;

#else

      *availp |= CURLAUTH_NTLM;

      authp->avail |= CURLAUTH_NTLM;

      if(authp->picked == CURLAUTH_NTLM ||

         authp->picked == CURLAUTH_NTLM_SSO) {

         authp->picked == CURLAUTH_NTLM_WB) {

        /* NTLM authentication is picked and activated */

        CURLcode ntlm =

          Curl_input_ntlm(conn, (bool)(httpcode == 407), start);

        if(CURLE_OK == ntlm) {

          data->state.authproblem = FALSE;

#ifdef WINBIND_NTLM_AUTH_ENABLED

          if(authp->picked == CURLAUTH_NTLM_SSO) {

          if(authp->picked == CURLAUTH_NTLM_WB) {

            *availp &= ~CURLAUTH_NTLM;

            authp->avail &= ~CURLAUTH_NTLM;

            *availp |= CURLAUTH_NTLM_SSO;

            authp->avail |= CURLAUTH_NTLM_SSO;

            *availp |= CURLAUTH_NTLM_WB;

            authp->avail |= CURLAUTH_NTLM_WB;

            /* Get the challenge-message which will be passed to

             * ntlm_auth for generating the type 3 message later */

}

#ifdef WINBIND_NTLM_AUTH_ENABLED

static void sso_ntlm_close(struct connectdata *conn)

static void wb_ntlm_close(struct connectdata *conn)

{

  if(conn->ntlm_auth_hlpr_socket != CURL_SOCKET_BAD) {

    sclose(conn->ntlm_auth_hlpr_socket);

  conn->response_header = NULL;

}

static CURLcode sso_ntlm_initiate(struct connectdata *conn,

static CURLcode wb_ntlm_initiate(struct connectdata *conn,

                                 const char *userp)

{

  curl_socket_t sockfds[2];

  return CURLE_REMOTE_ACCESS_DENIED;

}

static CURLcode sso_ntlm_response(struct connectdata *conn,

static CURLcode wb_ntlm_response(struct connectdata *conn,

                                 const char *input, curlntlm state)

{

  ssize_t size;

/*

 * This is for creating ntlm header output by delegating challenge/response

 * to a Samba's daemon helper ntlm_auth

 * to Samba's winbind daemon helper ntlm_auth.

 */

CURLcode Curl_output_ntlm_sso(struct connectdata *conn,

CURLcode Curl_output_ntlm_wb(struct connectdata *conn,

                              bool proxy)

{

  /* point to the address of the pointer that holds the string to sent to the

     * handling process.

     */

    /* Create communication with ntlm_auth */

    res = sso_ntlm_initiate(conn, userp);

    res = wb_ntlm_initiate(conn, userp);

    if(res)

      return res;

    res = sso_ntlm_response(conn, "YR\n", ntlm->state);

    res = wb_ntlm_response(conn, "YR\n", ntlm->state);

    if(res)

      return res;

    input = aprintf("TT %s", conn->challenge_header);

    if(!input)

      return CURLE_OUT_OF_MEMORY;

    res = sso_ntlm_response(conn,

                            input,

                            ntlm->state);

    res = wb_ntlm_response(conn, input, ntlm->state);

    free(input);

    input = NULL;

    if(res)

    DEBUG_OUT(fprintf(stderr, "**** %s\n ", *allocuserpwd));

    ntlm->state = NTLMSTATE_TYPE3; /* we sent a type-3 */

    authp->done = TRUE;

    sso_ntlm_close(conn);

    wb_ntlm_close(conn);

    break;

  case NTLMSTATE_TYPE3:

    /* connection is already authenticated,

  Curl_ntlm_sspi_cleanup(&conn->ntlm);

  Curl_ntlm_sspi_cleanup(&conn->proxyntlm);

#elif defined(WINBIND_NTLM_AUTH_ENABLED)

  sso_ntlm_close(conn);

  wb_ntlm_close(conn);

#else

  (void)conn;

#endif

#ifdef WINBIND_NTLM_AUTH_ENABLED

/* this is for creating ntlm header output by delegating challenge/response

   to Samba's winbind daemon helper ntlm_auth */

CURLcode Curl_output_ntlm_sso(struct connectdata *conn, bool proxy);

CURLcode Curl_output_ntlm_wb(struct connectdata *conn, bool proxy);

#endif

#ifdef USE_NTLM