From: Viktor Szakats Date: Mon, 9 Sep 2024 09:10:19 +0000 (+0200) Subject: NTLM_WB: delete remains in tests, docs updates X-Git-Tag: curl-8_10_0~4 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=805bbf7c55b3fd6b26a830d2680b4107a4c681af;p=thirdparty%2Fcurl.git NTLM_WB: delete remains in tests, docs updates Also update more docs to reflect the removal of NTLM_WB. Follow-up to 50def7c881ba560ab6e0235990e8f07fa69f4bc8 #13249 Closes #14832 --- diff --git a/.github/labeler.yml b/.github/labeler.yml index 3284d2ad83..57e87aa917 100644 --- a/.github/labeler.yml +++ b/.github/labeler.yml @@ -53,8 +53,7 @@ authentication: lib/http_aws*,\ lib/http_digest.*,\ lib/http_negotiate.*,\ - lib/vauth/**,\ - tests/server/fake_ntlm.c\ + lib/vauth/**\ }" build: diff --git a/docs/cmdline-opts/version.md b/docs/cmdline-opts/version.md index 6a7919f890..948e9672f1 100644 --- a/docs/cmdline-opts/version.md +++ b/docs/cmdline-opts/version.md @@ -92,6 +92,7 @@ NTLM authentication is supported. ## `NTLM_WB` NTLM delegation to winbind helper is supported. +This feature was removed from curl in 8.8.0. ## `PSL` PSL is short for Public Suffix List and means that this curl has been built diff --git a/docs/libcurl/libcurl-env-dbg.md b/docs/libcurl/libcurl-env-dbg.md index e20ebfacc9..73217ca209 100644 --- a/docs/libcurl/libcurl-env-dbg.md +++ b/docs/libcurl/libcurl-env-dbg.md @@ -120,10 +120,6 @@ LDAP tracing is enabled if this variable exists and its value is 1 or greater. OpenLDAP tracing is separate. Refer to CURL_OPENLDAP_TRACE. -## CURL_NTLM_WB_FILE - -Debug-version of the *ntlm-wb* executable. - ## CURL_OPENLDAP_TRACE OpenLDAP tracing is enabled if this variable exists and its value is 1 or diff --git a/docs/libcurl/libcurl-security.md b/docs/libcurl/libcurl-security.md index d13dceffe0..466506bf96 100644 --- a/docs/libcurl/libcurl-security.md +++ b/docs/libcurl/libcurl-security.md @@ -462,6 +462,8 @@ libcurl itself uses *fork()* and *execl()* if told to use the command in a child process with file descriptors duplicated. Make sure that only the trusted and reliable helper program is invoked! +This feature was removed from curl in 8.8.0. + # Secrets in memory When applications pass usernames, passwords or other sensitive data to diff --git a/docs/libcurl/symbols-in-versions b/docs/libcurl/symbols-in-versions index 69246c013d..cbabc48bf1 100644 --- a/docs/libcurl/symbols-in-versions +++ b/docs/libcurl/symbols-in-versions @@ -177,7 +177,7 @@ CURL_VERSION_LARGEFILE 7.11.1 CURL_VERSION_LIBZ 7.10 CURL_VERSION_MULTI_SSL 7.56.0 CURL_VERSION_NTLM 7.10.6 -CURL_VERSION_NTLM_WB 7.22.0 +CURL_VERSION_NTLM_WB 7.22.0 8.8.0 CURL_VERSION_PSL 7.47.0 CURL_VERSION_SPNEGO 7.10.8 CURL_VERSION_SSL 7.10 @@ -210,7 +210,7 @@ CURLAUTH_GSSNEGOTIATE 7.10.6 7.38.0 CURLAUTH_NEGOTIATE 7.38.0 CURLAUTH_NONE 7.10.6 CURLAUTH_NTLM 7.10.6 -CURLAUTH_NTLM_WB 7.22.0 +CURLAUTH_NTLM_WB 7.22.0 8.8.0 CURLAUTH_ONLY 7.21.3 CURLCLOSEPOLICY_CALLBACK 7.7 7.16.1 CURLCLOSEPOLICY_LEAST_RECENTLY_USED 7.7 7.16.1 diff --git a/tests/data/Makefile.am b/tests/data/Makefile.am index c691e610fa..7cce30f913 100644 --- a/tests/data/Makefile.am +++ b/tests/data/Makefile.am @@ -170,7 +170,7 @@ test1271 test1272 test1273 test1274 test1275 test1276 test1277 test1278 \ test1279 test1280 test1281 test1282 test1283 test1284 test1285 test1286 \ test1287 test1288 test1289 test1290 test1291 test1292 test1293 test1294 \ test1295 test1296 test1297 test1298 test1299 test1300 test1301 test1302 \ -test1303 test1304 test1305 test1306 test1307 test1308 test1309 test1310 \ +test1303 test1304 test1305 test1306 test1307 test1308 test1309 \ test1311 test1312 test1313 test1314 test1315 test1316 test1317 test1318 \ test1319 test1320 test1321 test1322 test1323 test1324 test1325 test1326 \ test1327 test1328 test1329 test1330 test1331 test1332 test1333 test1334 \ diff --git a/tests/data/test1310 b/tests/data/test1310 deleted file mode 100644 index c935a783f0..0000000000 --- a/tests/data/test1310 +++ /dev/null @@ -1,117 +0,0 @@ - - - -HTTP -HTTP GET -HTTP NTLM auth - - -# Server-side - - - - - -HTTP/1.1 401 Now gimme that second request of crap -Server: Microsoft-IIS/5.0 -Content-Type: text/html; charset=iso-8859-1 -Content-Length: 34 -WWW-Authenticate: NTLM TlRMTVNTUAACAAAAAgACADAAAAAGgoEAc51AYVDgyNcAAAAAAAAAAG4AbgAyAAAAQ0MCAAQAQwBDAAEAEgBFAEwASQBTAEEAQgBFAFQASAAEABgAYwBjAC4AaQBjAGUAZABlAHYALgBuAHUAAwAsAGUAbABpAHMAYQBiAGUAdABoAC4AYwBjAC4AaQBjAGUAZABlAHYALgBuAHUAAAAAAA== - -This is not the real page either! - - -# This is supposed to be returned when the server gets the second -# Authorization: NTLM line passed-in from the client - -HTTP/1.1 200 Things are fine in server land swsclose -Server: Microsoft-IIS/5.0 -Content-Type: text/html; charset=iso-8859-1 -Content-Length: 32 - -Finally, this is the real page! - - - -HTTP/1.1 401 Now gimme that second request of crap -Server: Microsoft-IIS/5.0 -Content-Type: text/html; charset=iso-8859-1 -Content-Length: 34 -WWW-Authenticate: NTLM TlRMTVNTUAACAAAAAgACADAAAAAGgoEAc51AYVDgyNcAAAAAAAAAAG4AbgAyAAAAQ0MCAAQAQwBDAAEAEgBFAEwASQBTAEEAQgBFAFQASAAEABgAYwBjAC4AaQBjAGUAZABlAHYALgBuAHUAAwAsAGUAbABpAHMAYQBiAGUAdABoAC4AYwBjAC4AaQBjAGUAZABlAHYALgBuAHUAAAAAAA== - -HTTP/1.1 200 Things are fine in server land swsclose -Server: Microsoft-IIS/5.0 -Content-Type: text/html; charset=iso-8859-1 -Content-Length: 32 - -Finally, this is the real page! - - - - -# Client-side - - -NTLM_WB -Debug - - -http - - -HTTP with NTLM delegation to winbind helper - - -# set path to fake_auth instead of real ntlm_auth to generate NTLM type1 and type 3 messages -CURL_NTLM_WB_FILE=%PWD/server/fake_ntlm -# set source directory so fake_ntlm can find the test files -CURL_NTLM_AUTH_SRCDIR=%SRCDIR -# set source directory so fake_ntlm can find the test and log files -CURL_NTLM_LOGDIR=%LOGDIR -# set the test number -CURL_NTLM_AUTH_TESTNUM=%TESTNUMBER - - -http://%HOSTIP:%HTTPPORT/%TESTNUMBER -u testuser:anypasswd --ntlm-wb - - - -# Verify data after the test has been "shot" - - -GET /%TESTNUMBER HTTP/1.1 -Host: %HOSTIP:%HTTPPORT -Authorization: NTLM TlRMTVNTUAABAAAABoIIAAAAAAAAAAAAAAAAAAAAAAAAAAAAMAAAAAAAAAAwAAAA -User-Agent: curl/%VERSION -Accept: */* - -GET /%TESTNUMBER HTTP/1.1 -Host: %HOSTIP:%HTTPPORT -Authorization: NTLM TlRMTVNTUAADAAAAGAAYAE8AAAAYABgAZwAAAAAAAABAAAAACAAIAEAAAAAHAAcASAAAAAAAAAAAAAAAggEAAHRlc3R1c2VyVU5LTk9XTlpkQwKRCZFMhjj0tw47wEjKHRHlvzfxQamFcheMuv8v+xeqphEO5V41xRd7R9deOQ== -User-Agent: curl/%VERSION -Accept: */* - - - -# Input and output (type 1 message) for fake_ntlm - - -YR - - -YR TlRMTVNTUAABAAAABoIIAAAAAAAAAAAAAAAAAAAAAAAAAAAAMAAAAAAAAAAwAAAA - - -# Input and output (type 3 message) for fake_ntlm - - -TT TlRMTVNTUAACAAAAAgACADAAAAAGgoEAc51AYVDgyNcAAAAAAAAAAG4AbgAyAAAAQ0MCAAQAQwBDAAEAEgBFAEwASQBTAEEAQgBFAFQASAAEABgAYwBjAC4AaQBjAGUAZABlAHYALgBuAHUAAwAsAGUAbABpAHMAYQBiAGUAdABoAC4AYwBjAC4AaQBjAGUAZABlAHYALgBuAHUAAAAAAA== - - -KK TlRMTVNTUAADAAAAGAAYAE8AAAAYABgAZwAAAAAAAABAAAAACAAIAEAAAAAHAAcASAAAAAAAAAAAAAAAggEAAHRlc3R1c2VyVU5LTk9XTlpkQwKRCZFMhjj0tw47wEjKHRHlvzfxQamFcheMuv8v+xeqphEO5V41xRd7R9deOQ== - - - diff --git a/tests/server/.gitignore b/tests/server/.gitignore index 3149a27180..57c685b4e3 100644 --- a/tests/server/.gitignore +++ b/tests/server/.gitignore @@ -2,7 +2,6 @@ # # SPDX-License-Identifier: curl -fake_ntlm getpart resolve rtspd diff --git a/tests/server/Makefile.inc b/tests/server/Makefile.inc index efd2fa05e1..575a4d121c 100644 --- a/tests/server/Makefile.inc +++ b/tests/server/Makefile.inc @@ -22,7 +22,7 @@ # ########################################################################### -noinst_PROGRAMS = getpart resolve rtspd sockfilt sws tftpd fake_ntlm \ +noinst_PROGRAMS = getpart resolve rtspd sockfilt sws tftpd \ socksd disabled mqttd CURLX_SRCS = \ @@ -109,9 +109,4 @@ tftpd_SOURCES = $(CURLX_SRCS) $(CURLX_HDRS) $(USEFUL) $(UTIL) \ tftpd_LDADD = @CURL_NETWORK_AND_TIME_LIBS@ tftpd_CFLAGS = $(AM_CFLAGS) -fake_ntlm_SOURCES = $(CURLX_SRCS) $(CURLX_HDRS) $(USEFUL) $(UTIL) \ - fake_ntlm.c -fake_ntlm_LDADD = @CURL_NETWORK_AND_TIME_LIBS@ -fake_ntlm_CFLAGS = $(AM_CFLAGS) - disabled_SOURCES = disabled.c diff --git a/tests/server/fake_ntlm.c b/tests/server/fake_ntlm.c deleted file mode 100644 index 4c02e69fe5..0000000000 --- a/tests/server/fake_ntlm.c +++ /dev/null @@ -1,285 +0,0 @@ -/*************************************************************************** - * _ _ ____ _ - * Project ___| | | | _ \| | - * / __| | | | |_) | | - * | (__| |_| | _ <| |___ - * \___|\___/|_| \_\_____| - * - * Copyright (C) Mandy Wu, - * Copyright (C) Daniel Stenberg, , et al. - * - * This software is licensed as described in the file COPYING, which - * you should have received as part of this distribution. The terms - * are also available at https://curl.se/docs/copyright.html. - * - * You may opt to use, copy, modify, merge, publish, distribute and/or sell - * copies of the Software, and permit persons to whom the Software is - * furnished to do so, under the terms of the COPYING file. - * - * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY - * KIND, either express or implied. - * - * SPDX-License-Identifier: curl - * - ***************************************************************************/ -#include "server_setup.h" - -/* - * This is a fake ntlm_auth, which is used for testing NTLM single-sign-on. - * When DEBUGBUILD is defined, libcurl invoke this tool instead of real winbind - * daemon helper /usr/bin/ntlm_auth. This tool will accept commands and - * responses with a pre-written string saved in test case test2005. - */ - -#include "curlx.h" /* from the private lib dir */ -#include "getpart.h" -#include "util.h" - -/* include memdebug.h last */ -#include "memdebug.h" - -#define LOGFILE "%s/fake_ntlm%ld.log" -static const char *logdir = "log"; - -const char *serverlogfile; - -/* - * Returns an allocated buffer with printable representation of input - * buffer contents or returns NULL on out of memory condition. - */ -static char *printable(char *inbuf, size_t inlength) -{ - char *outbuf; - char *newbuf; - size_t newsize; - size_t outsize; - size_t outincr = 0; - size_t i, o = 0; - -#define HEX_FMT_STR "[0x%02X]" -#define HEX_STR_LEN 6 -#define NOTHING_STR "[NOTHING]" -#define NOTHING_LEN 9 - - if(!inlength) - inlength = strlen(inbuf); - - if(inlength) { - outincr = ((inlength/2) < (HEX_STR_LEN + 1)) ? - HEX_STR_LEN + 1 : inlength/2; - outsize = inlength + outincr; - } - else - outsize = NOTHING_LEN + 1; - - outbuf = malloc(outsize); - if(!outbuf) - return NULL; - - if(!inlength) { - msnprintf(&outbuf[0], outsize, "%s", NOTHING_STR); - return outbuf; - } - - for(i = 0; i outsize - (HEX_STR_LEN + 1)) { - newsize = outsize + outincr; - newbuf = realloc(outbuf, newsize); - if(!newbuf) { - free(outbuf); - return NULL; - } - outbuf = newbuf; - outsize = newsize; - } - - if((inbuf[i] > 0x20) && (inbuf[i] < 0x7F)) { - outbuf[o] = inbuf[i]; - o++; - } - else { - msnprintf(&outbuf[o], outsize - o, HEX_FMT_STR, inbuf[i]); - o += HEX_STR_LEN; - } - - } - outbuf[o] = '\0'; - - return outbuf; -} - -int main(int argc, char *argv[]) -{ - char buf[1024]; - char logfilename[256]; - FILE *stream; - int error; - char *type1_input = NULL, *type3_input = NULL; - char *type1_output = NULL, *type3_output = NULL; - size_t size = 0; - long testnum; - const char *env; - int arg = 1; - const char *helper_user = "unknown"; - const char *helper_proto = "unknown"; - const char *helper_domain = "unknown"; - bool use_cached_creds = FALSE; - char *msgbuf; - - buf[0] = '\0'; - - while(argc > arg) { - if(!strcmp("--use-cached-creds", argv[arg])) { - use_cached_creds = TRUE; - arg++; - } - else if(!strcmp("--helper-protocol", argv[arg])) { - arg++; - if(argc > arg) - helper_proto = argv[arg++]; - } - else if(!strcmp("--username", argv[arg])) { - arg++; - if(argc > arg) - helper_user = argv[arg++]; - } - else if(!strcmp("--domain", argv[arg])) { - arg++; - if(argc > arg) - helper_domain = argv[arg++]; - } - else { - puts("Usage: fake_ntlm [option]\n" - " --use-cached-creds\n" - " --helper-protocol [protocol]\n" - " --username [username]\n" - " --domain [domain]"); - exit(1); - } - } - - env = getenv("CURL_NTLM_LOGDIR"); - if(env) { - logdir = env; - } - - env = getenv("CURL_NTLM_AUTH_TESTNUM"); - if(env) { - char *endptr; - long lnum = strtol(env, &endptr, 10); - if((endptr != env + strlen(env)) || (lnum < 1L)) { - fprintf(stderr, "Test number not valid in CURL_NTLM_AUTH_TESTNUM"); - exit(1); - } - testnum = lnum; - } - else { - fprintf(stderr, "Test number not specified in CURL_NTLM_AUTH_TESTNUM"); - exit(1); - } - - /* logmsg cannot be used until this file name is set */ - msnprintf(logfilename, sizeof(logfilename), LOGFILE, logdir, testnum); - serverlogfile = logfilename; - - logmsg("fake_ntlm (user: %s) (proto: %s) (domain: %s) (cached creds: %s)", - helper_user, helper_proto, helper_domain, - (use_cached_creds) ? "yes" : "no"); - - env = getenv("CURL_NTLM_AUTH_SRCDIR"); - if(env) { - path = env; - } - - stream = test2fopen(testnum, logdir); - if(!stream) { - error = errno; - logmsg("fopen() failed with error: %d %s", error, strerror(error)); - logmsg("Couldn't open test file %ld", testnum); - exit(1); - } - else { - /* get the ntlm_auth input/output */ - error = getpart(&type1_input, &size, "ntlm_auth_type1", "input", stream); - fclose(stream); - if(error || size == 0) { - logmsg("getpart() type 1 input failed with error: %d", error); - exit(1); - } - } - - stream = test2fopen(testnum, logdir); - if(!stream) { - error = errno; - logmsg("fopen() failed with error: %d %s", error, strerror(error)); - logmsg("Couldn't open test file %ld", testnum); - } - else { - size = 0; - error = getpart(&type3_input, &size, "ntlm_auth_type3", "input", stream); - fclose(stream); - if(error || size == 0) { - logmsg("getpart() type 3 input failed with error: %d", error); - exit(1); - } - } - - while(fgets(buf, sizeof(buf), stdin)) { - if(strcmp(buf, type1_input) == 0) { - stream = test2fopen(testnum, logdir); - if(!stream) { - error = errno; - logmsg("fopen() failed with error: %d %s", error, strerror(error)); - logmsg("Couldn't open test file %ld", testnum); - exit(1); - } - else { - size = 0; - error = getpart(&type1_output, &size, "ntlm_auth_type1", "output", - stream); - fclose(stream); - if(error || size == 0) { - logmsg("getpart() type 1 output failed with error: %d", error); - exit(1); - } - } - printf("%s", type1_output); - fflush(stdout); - } - else if(strncmp(buf, type3_input, strlen(type3_input)) == 0) { - stream = test2fopen(testnum, logdir); - if(!stream) { - error = errno; - logmsg("fopen() failed with error: %d %s", error, strerror(error)); - logmsg("Couldn't open test file %ld", testnum); - exit(1); - } - else { - size = 0; - error = getpart(&type3_output, &size, "ntlm_auth_type3", "output", - stream); - fclose(stream); - if(error || size == 0) { - logmsg("getpart() type 3 output failed with error: %d", error); - exit(1); - } - } - printf("%s", type3_output); - fflush(stdout); - } - else { - printf("Unknown request\n"); - msgbuf = printable(buf, 0); - if(msgbuf) { - logmsg("invalid input: '%s'\n", msgbuf); - free(msgbuf); - } - else - logmsg("OOM formatting invalid input: '%s'\n", buf); - exit(1); - } - } - logmsg("Exit"); - return 1; -}