curl-library
Re: [PATCH 2/2] ntlm_wb: Avoid invoking ntlm_auth helper with empty username
Date: Sat, 12 Jul 2014 02:49:57 +0200
On Fri, Jul 11, 2014 at 11:36:46AM +0100, David Woodhouse wrote:
> From: David Woodhouse <David.Woodhouse_at_intel.com>
>
> ---
> lib/curl_ntlm_wb.c | 15 +++++++++++++++
> 1 file changed, 15 insertions(+)
>
> diff --git a/lib/curl_ntlm_wb.c b/lib/curl_ntlm_wb.c
> index 52d1323..ac05fbb 100644
> --- a/lib/curl_ntlm_wb.c
> +++ b/lib/curl_ntlm_wb.c
> @@ -124,6 +124,21 @@ static CURLcode ntlm_wb_init(struct connectdata *conn, const char *userp)
> return CURLE_OK;
>
> username = userp;
> + /* The real ntlm_auth really doesn't like being invoked with an
> + empty username. It won't make inferences for itself, and expects
> + the client to do so (mostly because it's really designed for
> + servers like squid to use for auth, and client support is an
> + afterthought for it). So try hard to provide a suitable username
> + if we don't already have one. But if we can't, provide the
> + empty one anyway. Perhaps they have an implementation of the
> + ntlm_auth helper which *doesn't* need it so we might as well try */
> + if(*username == '\0') {
> + username = getenv("NTLMUSER");
> + if(!username)
> + username = getenv("LOGNAME");
> + if(!username)
> + username = userp;
> + }
> slash = strpbrk(username, "\\/");
> if(slash) {
> if((domain = strdup(username)) == NULL)
If the intent is to get the current user name, getpwuid(geteuid())->pw_name
seems to me like the best way to get it (but actually using the reentrant
versions with appropriate error checking). Falling back to environment
variables seems like a bit of a hack, although I could see the utility of
having a way to override the current user through a variable in some cases.
I'm not sure on where the variable NTLMUSER is used, but if this code is going
to end up checking environment variabless, USER is another one reasonable one
to try.
>>> Dan
-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette: http://curl.haxx.se/mail/etiquette.html
Received on 2014-07-12