NTLM single-sign on adjustments (XI)

Feature string literal NTLM_SSO renamed to NTLM_WB.
Preprocessor symbol USE_NTLM_SSO renamed to WINBIND_NTLM_AUTH_ENABLED.
curl's 'long' option 'ntlm-sso' renamed to 'ntlm-wb'.
Fix some comments to make clear that this is actually a NTLM delegation.

diff --git a/RELEASE-NOTES b/RELEASE-NOTES
index a232538ef8cc985066e2a4f8cc472327e6bb8e44..5e2d76dd89b72b54e8da4a81ef3eb459a3d7d964 100644 (file)
--- a/RELEASE-NOTES
+++ b/RELEASE-NOTES
@@ -10,7 +10,7 @@ Curl and libcurl 7.22.0
 This release includes the following changes:
 
  o Added CURLOPT_GSSAPI_DELEGATION
- o Added NTLM_SSO support
+ o Added support for NTLM delegation to Samba's winbind daemon helper ntlm_auth
  o Display notes from setup file in testcurl.pl
  o BSD-style lwIP TCP/IP stack support on Windows
  o OpenSSL: Use SSL_MODE_RELEASE_BUFFERS if available
@@ -19,7 +19,7 @@ This release includes the following changes:
 
 This release includes the following bugfixes:
 
- o curl_getdate: detect some illegal dates better'
+ o curl_getdate: detect some illegal dates better
  o when sending a request and an error is received before the (entire) request
    body is sent, stop sending the request and close the connection after
    having received the entire response. This is equally true if an Expect:

diff --git a/configure.ac b/configure.ac
index 830d379b8c067dbd3f1a77796271c6632e5cbb2e..7fb9cbf56fd546170f8a7d89d36bbce6edf87d9e 100644 (file)
--- a/configure.ac
+++ b/configure.ac
@@ -2996,7 +2996,7 @@ if test "x$CURL_DISABLE_HTTP" != "x1"; then
       -o "x$GNUTLS_ENABLED" = "x1" -o "x$NSS_ENABLED" = "x1"; then
     SUPPORT_FEATURES="$SUPPORT_FEATURES NTLM"
     if test "x$WINBIND_NTLM_AUTH_ENABLED" = "x1"; then
-      SUPPORT_FEATURES="$SUPPORT_FEATURES NTLM_SSO"
+      SUPPORT_FEATURES="$SUPPORT_FEATURES NTLM_WB"
     fi
   fi
 fi

diff --git a/lib/http.c b/lib/http.c
index fa8c7c39f8af9b9024507f82c3c4077ac9e2d7a2..54bb53527045c937e5730bd20ed697619740ccd9 100644 (file)
--- a/lib/http.c
+++ b/lib/http.c
@@ -545,16 +545,12 @@ output_auth_headers(struct connectdata *conn,
   }
   else
 #endif
-#ifdef USE_NTLM_SSO
-  if(authstatus->picked == CURLAUTH_NTLM_WB) {
-    auth="NTLM_SSO";
 #ifdef WINBIND_NTLM_AUTH_ENABLED
+  if(authstatus->picked == CURLAUTH_NTLM_WB) {
+    auth="NTLM_WB";
     result = Curl_output_ntlm_wb(conn, proxy);
     if(result)
       return result;
-#else
-    return CURLE_REMOTE_ACCESS_DENIED;
-#endif
   }
   else
 #endif

diff --git a/lib/setup.h b/lib/setup.h
index e34bf77f8002f039f9304438cd08d4d696317227..f90cf8f31ed1c8ca9c934109b8f4e6357eba3773 100644 (file)
--- a/lib/setup.h
+++ b/lib/setup.h
@@ -572,11 +572,6 @@ int netware_init(void);
 #if defined(USE_SSLEAY) || defined(USE_WINDOWS_SSPI) || \
    defined(USE_GNUTLS) || defined(USE_NSS)
 #define USE_NTLM
-#if defined(WINBIND_NTLM_AUTH_ENABLED)
-/* Support NTLM single-sign-on by using Samba's winbind daemon helper
-   'ntlm_auth' */
-#define USE_NTLM_SSO
-#endif
 #endif
 #endif
 

diff --git a/lib/url.c b/lib/url.c
index 0cd6ac1b2faf5d0f2c3cf926acadaf4f51c4eb6a..73f633f0da2b5cdc54f934719bc493220b2a6509 100644 (file)
--- a/lib/url.c
+++ b/lib/url.c
@@ -1388,9 +1388,8 @@ CURLcode Curl_setopt(struct SessionHandle *data, CURLoption option,
 #ifndef USE_NTLM
     auth &= ~CURLAUTH_NTLM; /* no NTLM without SSL */
 #endif
-#ifndef USE_NTLM_SSO
-    auth &= ~CURLAUTH_NTLM_WB; /* no NTLM single-sign-on without SSL
-                                  and ntlm_auth */
+#ifndef WINBIND_NTLM_AUTH_ENABLED
+    auth &= ~CURLAUTH_NTLM_WB;
 #endif
 #ifndef USE_HTTP_NEGOTIATE
     auth &= ~CURLAUTH_GSSNEGOTIATE; /* no GSS-Negotiate without GSSAPI or
@@ -1453,9 +1452,8 @@ CURLcode Curl_setopt(struct SessionHandle *data, CURLoption option,
 #ifndef USE_NTLM
     auth &= ~CURLAUTH_NTLM; /* no NTLM without SSL */
 #endif
-#ifndef USE_NTLM_SSO
-    auth &= ~CURLAUTH_NTLM_WB; /* no NTLM single-sign-on without SSL
-                                  and ntlm_auth */
+#ifndef WINBIND_NTLM_AUTH_ENABLED
+    auth &= ~CURLAUTH_NTLM_WB;
 #endif
 #ifndef USE_HTTP_NEGOTIATE
     auth &= ~CURLAUTH_GSSNEGOTIATE; /* no GSS-Negotiate without GSSAPI or

diff --git a/lib/version.c b/lib/version.c
index 03a8f875d2e5a119e9c4fb27677c1af901dff4fa..409d5d4c45b9d178869d80b96f7ca1fcb1e2dab0 100644 (file)
--- a/lib/version.c
+++ b/lib/version.c
@@ -240,7 +240,7 @@ static curl_version_info_data version_info = {
 #ifdef USE_NTLM
   | CURL_VERSION_NTLM
 #endif
-#ifdef USE_NTLM_SSO
+#ifdef WINBIND_NTLM_AUTH_ENABLED
   | CURL_VERSION_NTLM_WB
 #endif
 #ifdef USE_WINDOWS_SSPI

diff --git a/m4/curl-confopts.m4 b/m4/curl-confopts.m4
index 015101e7fba036acab9fee5ad84c5e4719454dae..190ff00a70734de06a9a9800f1c5e9ddd3fd7d93 100644 (file)
--- a/m4/curl-confopts.m4
+++ b/m4/curl-confopts.m4
@@ -508,8 +508,8 @@ AC_DEFUN([CURL_CHECK_OPTION_WINBIND_NTLM_AUTH], [
   AC_BEFORE([$0],[CURL_CHECK_WINBIND_NTLM_AUTH])dnl
   OPT_WINBIND_NTLM_AUTH="default"
   AC_ARG_ENABLE(wb-ntlm-auth,
-AC_HELP_STRING([--enable-wb-ntlm-auth@<:@=FILE@:>@],[Enable winbind's ntlm_auth helper for NTLM SSO, where FILE is ntlm_auth's absolute filename (default: /usr/bin/ntlm_auth)])
-AC_HELP_STRING([--disable-wb-ntlm-auth],[Disable winbind's ntlm_auth helper for NTLM SSO]),
+AC_HELP_STRING([--enable-wb-ntlm-auth@<:@=FILE@:>@],[Enable NTLM delegation to winbind's ntlm_auth helper, where FILE is ntlm_auth's absolute filename (default: /usr/bin/ntlm_auth)])
+AC_HELP_STRING([--disable-wb-ntlm-auth],[Disable NTLM delegation to winbind's ntlm_auth helper]),
   OPT_WINBIND_NTLM_AUTH=$enableval)
   want_wb_ntlm_auth_file="/usr/bin/ntlm_auth"
   case "$OPT_WINBIND_NTLM_AUTH" in
@@ -541,15 +541,16 @@ dnl given and target platform.
 AC_DEFUN([CURL_CHECK_WINBIND_NTLM_AUTH], [
   AC_REQUIRE([CURL_CHECK_OPTION_WINBIND_NTLM_AUTH])dnl
   AC_REQUIRE([CURL_CHECK_NATIVE_WINDOWS])dnl
-  AC_MSG_CHECKING([whether to enable winbind's ntlm_auth support for NTLM SSO])
-  if test "$ac_cv_native_windows" = "yes"; then
+  AC_MSG_CHECKING([whether to enable NTLM delegation to winbind's helper])
+  if test "$ac_cv_native_windows" = "yes" ||
+    test "x$SSL_ENABLED" = "x"; then
     want_wb_ntlm_auth_file=""
     want_wb_ntlm_auth="no"
   fi
   AC_MSG_RESULT([$want_wb_ntlm_auth])
   if test "$want_wb_ntlm_auth" = "yes"; then
     AC_DEFINE(WINBIND_NTLM_AUTH_ENABLED, 1,
-      [Define to enable winbind's ntlm_auth support for NTLM SSO.])
+      [Define to enable NTLM delegation to winbind's ntlm_auth helper.])
     AC_DEFINE_UNQUOTED(WINBIND_NTLM_AUTH_FILE, "$want_wb_ntlm_auth_file",
       [Define absolute filename for winbind's ntlm_auth helper.])
     WINBIND_NTLM_AUTH_ENABLED=1

diff --git a/src/main.c b/src/main.c
index e3d26a77251124b4b08d21b4fc78664bf99d8fbf..86a0c4389f225744af4ffa5b6ebafa408422257c 100644 (file)
--- a/src/main.c
+++ b/src/main.c
@@ -1879,7 +1879,7 @@ static ParameterError getparameter(char *flag, /* f or -long-flag */
     {"*k", "digest",     FALSE},
     {"*l", "negotiate",  FALSE},
     {"*m", "ntlm",       FALSE},
-    {"*M", "ntlm-sso",   FALSE},
+    {"*M", "ntlm-wb",    FALSE},
     {"*n", "basic",      FALSE},
     {"*o", "anyauth",    FALSE},
 #ifdef USE_WATT32
@@ -2235,7 +2235,7 @@ static ParameterError getparameter(char *flag, /* f or -long-flag */
           config->authtype &= ~CURLAUTH_NTLM;
         break;
 
-      case 'M': /* --ntlm-sso */
+      case 'M': /* --ntlm-wb */
         if(toggle) {
           if(curlinfo->features & CURL_VERSION_NTLM_WB)
             config->authtype |= CURLAUTH_NTLM_WB;
@@ -3229,7 +3229,7 @@ static ParameterError getparameter(char *flag, /* f or -long-flag */
           {"IPv6", CURL_VERSION_IPV6},
           {"Largefile", CURL_VERSION_LARGEFILE},
           {"NTLM", CURL_VERSION_NTLM},
-          {"NTLM_SSO", CURL_VERSION_NTLM_WB},
+          {"NTLM_WB", CURL_VERSION_NTLM_WB},
           {"SPNEGO", CURL_VERSION_SPNEGO},
           {"SSL",  CURL_VERSION_SSL},
           {"SSPI",  CURL_VERSION_SSPI},

diff --git a/tests/data/test1310 b/tests/data/test1310
index 9187acfe399600f2fd084325b7c458968cf3a3a2..fd389d3ef81fe62db02eab74df3866ed50ba47b9 100644 (file)
--- a/tests/data/test1310
+++ b/tests/data/test1310
@@ -55,7 +55,7 @@ Finally, this is the real page!
 # Client-side
 <client>
 <features>
-NTLM_SSO
+NTLM_WB
 debug
 </features>
 <server>
@@ -77,7 +77,7 @@ CURL_NTLM_AUTH_SRCDIR=%SRCDIR
 CURL_NTLM_AUTH_TESTNUM=1310
  </setenv>
  <command>
-http://%HOSTIP:%HTTPPORT/1310 -u testuser:anypasswd --ntlm-sso
+http://%HOSTIP:%HTTPPORT/1310 -u testuser:anypasswd --ntlm-wb
 </command>
 <precheck>
 chkhostname curlhost

diff --git a/tests/runtests.pl b/tests/runtests.pl
index 7ea269b2bc601f469eb664c775636383ed0b67ba..304021feb3091793797e7f7ed61ed8504a83df3c 100755 (executable)
--- a/tests/runtests.pl
+++ b/tests/runtests.pl
@@ -203,7 +203,7 @@ my $has_ipv6;    # set if libcurl is built with IPv6 support
 my $has_libz;    # set if libcurl is built with libz support
 my $has_getrlimit;  # set if system has getrlimit()
 my $has_ntlm;    # set if libcurl is built with NTLM support
-my $has_ntlm_sso; # set if libcurl is built with NTLM single-sign-on support
+my $has_ntlm_wb; # set if libcurl is built with NTLM delegation to winbind
 my $has_charconv;# set if libcurl is built with CharConv support
 my $has_tls_srp; # set if libcurl is built with TLS-SRP support
 
@@ -2174,9 +2174,9 @@ sub checksystem {
                 # NTLM enabled
                 $has_ntlm=1;
             }
-            if($feat =~ /NTLM_SSO/i) {
-                # NTLM single-sign-on enabled
-                $has_ntlm_sso=1;
+            if($feat =~ /NTLM_WB/i) {
+                # NTLM delegation to winbind daemon ntlm_auth helper enabled
+                $has_ntlm_wb=1;
             }
             if($feat =~ /CharConv/i) {
                 # CharConv enabled
@@ -2526,8 +2526,8 @@ sub singletest {
                 next;
             }
         }
-        elsif($f eq "NTLM_SSO") {
-            if($has_ntlm_sso) {
+        elsif($f eq "NTLM_WB") {
+            if($has_ntlm_wb) {
                 next;
             }
         }