curl-library
Re: [PATCH 2/2] ntlm_wb: Avoid invoking ntlm_auth helper with empty username
Date: Fri, 11 Jul 2014 13:04:37 +0200
Am 2014-07-11 12:36, schrieb David Woodhouse:
> From: David Woodhouse <David.Woodhouse_at_intel.com>
>
> ---
> lib/curl_ntlm_wb.c | 15 +++++++++++++++
> 1 file changed, 15 insertions(+)
>
> diff --git a/lib/curl_ntlm_wb.c b/lib/curl_ntlm_wb.c
> index 52d1323..ac05fbb 100644
> --- a/lib/curl_ntlm_wb.c
> +++ b/lib/curl_ntlm_wb.c
> @@ -124,6 +124,21 @@ static CURLcode ntlm_wb_init(struct connectdata *conn, const char *userp)
> return CURLE_OK;
>
> username = userp;
> + /* The real ntlm_auth really doesn't like being invoked with an
> + empty username. It won't make inferences for itself, and expects
> + the client to do so (mostly because it's really designed for
> + servers like squid to use for auth, and client support is an
> + afterthought for it). So try hard to provide a suitable username
> + if we don't already have one. But if we can't, provide the
> + empty one anyway. Perhaps they have an implementation of the
> + ntlm_auth helper which *doesn't* need it so we might as well try */
> + if(*username == '\0') {
> + username = getenv("NTLMUSER");
> + if(!username)
> + username = getenv("LOGNAME");
> + if(!username)
> + username = userp;
> + }
> slash = strpbrk(username, "\\/");
^^^
Why do you provide a slash as a breaking char too? Backslash is the only
used char to separate domain from samaccountname.
Michael
-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette: http://curl.haxx.se/mail/etiquette.html
Received on 2014-07-11