diff options
author | Joe Orton <joe@manyfish.uk> | 2021-01-23 13:20:07 +0000 |
---|---|---|
committer | Joe Orton <joe@manyfish.uk> | 2021-01-23 13:20:07 +0000 |
commit | c7d9eb7e8f9295bcd9352aed10dae183d9f600ca (patch) | |
tree | 098750530c9e8cb2e2410947664e96d6062c1098 | |
parent | d54b0b78a2d97c798e3171bfc7138c1928e6f5e3 (diff) | |
download | neon-git-c7d9eb7e8f9295bcd9352aed10dae183d9f600ca.tar.gz |
Fix use of NE_AUTH_PROXY with new ne_auth_add() API:
* src/ne_auth.c (ne_add_auth): Always register both server and proxy
callbacks.
(get_credentials): Bitwise-OR NE_AUTH_PROXY with the protocol mask
for the new-style creds callback.
* test/auth.c (multi_provider_cb, serve_provider, multi_provider):
Update test to test proxy auth, and check for NE_AUTH_PROXY.
-rw-r--r-- | src/ne_auth.c | 14 | ||||
-rw-r--r-- | test/auth.c | 32 |
2 files changed, 31 insertions, 15 deletions
diff --git a/src/ne_auth.c b/src/ne_auth.c index 2ff4e40..0947697 100644 --- a/src/ne_auth.c +++ b/src/ne_auth.c @@ -155,17 +155,18 @@ static const struct auth_class { const char *id, *req_hdr, *resp_hdr, *resp_info_hdr; int status_code; /* Response status-code to trap. */ int fail_code; /* NE_* request to fail with. */ + unsigned protomask; /* protocol mask */ const char *error_noauth; /* Error message template use when * giving up authentication attempts. */ } ah_server_class = { HOOK_SERVER_ID, "Authorization", "WWW-Authenticate", "Authentication-Info", - 401, NE_AUTH, + 401, NE_AUTH, 0, N_("Could not authenticate to server: %s") }, ah_proxy_class = { HOOK_PROXY_ID, "Proxy-Authorization", "Proxy-Authenticate", "Proxy-Authentication-Info", - 407, NE_PROXYAUTH, + 407, NE_PROXYAUTH, NE_AUTH_PROXY, N_("Could not authenticate to proxy server: %s") }; @@ -409,12 +410,12 @@ static char *get_cnonce(void) static int get_credentials(auth_session *sess, ne_buffer **errmsg, int attempt, struct auth_challenge *chall, char *pwbuf) { + unsigned mask = chall->protocol->id | sess->spec->protomask; int rv; if (chall->handler->new_creds) rv = chall->handler->new_creds(chall->handler->userdata, - attempt, - chall->protocol->id, sess->realm, + attempt, mask, sess->realm, sess->username, pwbuf, ABUFSIZE); else @@ -1848,9 +1849,8 @@ void ne_add_proxy_auth(ne_session *sess, unsigned protocol, void ne_add_auth(ne_session *sess, unsigned protocol, ne_auth_provide new_creds, void *userdata) { - if (protocol & NE_AUTH_PROXY) - auth_register(sess, 0, protocol, &ah_proxy_class, HOOK_PROXY_ID, - NULL, new_creds, userdata); + auth_register(sess, 0, protocol, &ah_proxy_class, HOOK_PROXY_ID, + NULL, new_creds, userdata); auth_register(sess, 0, protocol, &ah_server_class, HOOK_SERVER_ID, NULL, new_creds, userdata); } diff --git a/test/auth.c b/test/auth.c index f6ccad1..4fa0957 100644 --- a/test/auth.c +++ b/test/auth.c @@ -1339,14 +1339,23 @@ static int multi_provider_cb(void *userdata, int attempt, char *un, char *pw, size_t buflen) { ne_buffer *buf = userdata; + const char *ctx; if (buflen == NE_ABUFSIZ) { NE_DEBUG(NE_DBG_HTTPAUTH, "auth: FAILED for short buffer length.\n"); return -1; } - ne_buffer_snprintf(buf, 128, "[proto=%u, realm=%s, attempt=%d]", - protocol, realm, attempt); + if ((protocol & NE_AUTH_PROXY) == NE_AUTH_PROXY) { + ctx = "proxy"; + protocol ^= NE_AUTH_PROXY; + } + else { + ctx = "server"; + } + + ne_buffer_snprintf(buf, 128, "[%s: proto=%u, realm=%s, attempt=%d]", + ctx, protocol, realm, attempt); ne_strnzcpy(un, "foo", buflen); ne_strnzcpy(pw, "bar", buflen); @@ -1357,6 +1366,10 @@ static int multi_provider_cb(void *userdata, int attempt, static int serve_provider(ne_socket *s, void *userdata) { CALL(serve_response(s, + "HTTP/1.1 407 Proxy Auth Plz\r\n" + "Proxy-Authenticate: Basic realm='proxy-realm'\r\n" + "Content-Length: 0\r\n" "\r\n")); + CALL(serve_response(s, "HTTP/1.1 401 Auth Denied\r\n" "WWW-Authenticate: " " Digest realm='sha512-realm', algorithm=SHA-512-256, qop=auth, nonce=gaga, " @@ -1387,21 +1400,24 @@ static int multi_provider(void) ONREQ(any_request(sess, "/fish")); exp = ne_buffer_create(); + ne_buffer_snprintf(exp, 100, + "[proxy: proto=%u, realm=proxy-realm, attempt=0]", + NE_AUTH_BASIC); if (has_sha512_256) - ne_buffer_snprintf(exp, 100, "[proto=%u, realm=sha512-realm, attempt=0]", + ne_buffer_snprintf(exp, 100, "[server: proto=%u, realm=sha512-realm, attempt=0]", NE_AUTH_DIGEST); if (has_sha256) - ne_buffer_snprintf(exp, 100, "[proto=%u, realm=sha256-realm, attempt=0]", + ne_buffer_snprintf(exp, 100, "[server: proto=%u, realm=sha256-realm, attempt=0]", NE_AUTH_DIGEST); ne_buffer_snprintf(exp, 100, - "[proto=%u, realm=md5-realm, attempt=0]" - "[proto=%u, realm=basic-realm, attempt=0]", + "[server: proto=%u, realm=md5-realm, attempt=0]" + "[server: proto=%u, realm=basic-realm, attempt=0]", NE_AUTH_DIGEST, NE_AUTH_BASIC); if (has_sha512_256) - ne_buffer_snprintf(exp, 100, "[proto=%u, realm=sha512-realm, attempt=1]", + ne_buffer_snprintf(exp, 100, "[server: proto=%u, realm=sha512-realm, attempt=1]", NE_AUTH_DIGEST); - ne_buffer_snprintf(exp, 100, "[proto=%u, realm=basic-realm, attempt=1]", + ne_buffer_snprintf(exp, 100, "[server: proto=%u, realm=basic-realm, attempt=1]", NE_AUTH_BASIC); ONV(strcmp(exp->data, buf->data), |