diff options
| author | Mandy Wu <mandy.wu@intel.com> | 2011-07-18 23:36:36 +0200 |
|---|---|---|
| committer | Daniel Stenberg <daniel@haxx.se> | 2011-07-18 23:36:36 +0200 |
| commit | a6d4807d028eb82f4a99587b0a8851727ca88566 (patch) | |
| tree | 0f2398259a279bd3d826eee2e78cc76aa1747e46 /lib/http.c | |
| parent | 650a504b2f244ad323f1b45c2f36a2f967f7870f (diff) | |
| download | curl-a6d4807d028eb82f4a99587b0a8851727ca88566.tar.gz | |
NTLM single-sign on supported
With the use of the 'ntlm_auth' tool from the Samba project
Diffstat (limited to 'lib/http.c')
| -rw-r--r-- | lib/http.c | 43 |
1 files changed, 39 insertions, 4 deletions
diff --git a/lib/http.c b/lib/http.c index 92f7c02a1..bb6af2cb4 100644 --- a/lib/http.c +++ b/lib/http.c @@ -307,6 +307,8 @@ static bool pickoneauth(struct auth *pick) pick->picked = CURLAUTH_DIGEST; else if(avail & CURLAUTH_NTLM) pick->picked = CURLAUTH_NTLM; + else if(avail & CURLAUTH_NTLM_SSO) + pick->picked = CURLAUTH_NTLM_SSO; else if(avail & CURLAUTH_BASIC) pick->picked = CURLAUTH_BASIC; else { @@ -393,7 +395,9 @@ static CURLcode http_perhapsrewind(struct connectdata *conn) if((expectsend == -1) || (expectsend > bytessent)) { /* There is still data left to send */ if((data->state.authproxy.picked == CURLAUTH_NTLM) || - (data->state.authhost.picked == CURLAUTH_NTLM)) { + (data->state.authhost.picked == CURLAUTH_NTLM) || + (data->state.authproxy.picked == CURLAUTH_NTLM_SSO) || + (data->state.authhost.picked == CURLAUTH_NTLM_SSO)) { if(((expectsend - bytessent) < 2000) || (conn->ntlm.state != NTLMSTATE_NONE)) { /* The NTLM-negotiation has started *OR* there is just a little (<2K) @@ -554,6 +558,15 @@ output_auth_headers(struct connectdata *conn, } else #endif +#ifdef USE_NTLM_SSO + if(authstatus->picked == CURLAUTH_NTLM_SSO) { + auth="NTLM_SSO"; + result = Curl_output_ntlm_sso(conn, proxy); + if(result) + return result; + } + else +#endif #ifndef CURL_DISABLE_CRYPTO_AUTH if(authstatus->picked == CURLAUTH_DIGEST) { auth="Digest"; @@ -766,13 +779,35 @@ CURLcode Curl_http_input_auth(struct connectdata *conn, if(checkprefix("NTLM", start)) { *availp |= CURLAUTH_NTLM; authp->avail |= CURLAUTH_NTLM; - if(authp->picked == CURLAUTH_NTLM) { + if(authp->picked == CURLAUTH_NTLM || + authp->picked == CURLAUTH_NTLM_SSO) { /* NTLM authentication is picked and activated */ CURLntlm ntlm = Curl_input_ntlm(conn, (bool)(httpcode == 407), start); - - if(CURLNTLM_BAD != ntlm) + if(CURLNTLM_BAD != ntlm) { data->state.authproblem = FALSE; +#ifdef USE_NTLM_SSO + if(authp->picked == CURLAUTH_NTLM_SSO) { + *availp &= ~CURLAUTH_NTLM; + authp->avail &= ~CURLAUTH_NTLM; + *availp |= CURLAUTH_NTLM_SSO; + authp->avail |= CURLAUTH_NTLM_SSO; + + /* Get the challenge-message which will be passed to + * ntlm_auth for generating the type 3 message later */ + while(*start && ISSPACE(*start)) + start++; + if(checkprefix("NTLM", start)) { + start += strlen("NTLM"); + while(*start && ISSPACE(*start)) + start++; + if(*start) + if((conn->challenge_header = strdup(start)) == NULL) + return CURLE_OUT_OF_MEMORY; + } + } +#endif + } else { infof(data, "Authentication problem. Ignoring this.\n"); data->state.authproblem = TRUE; |