diff options
| author | joe <joe@61a7d7f5-40b7-0310-9c16-bb0ea8cb1845> | 2010-10-14 15:00:53 +0000 |
|---|---|---|
| committer | joe <joe@61a7d7f5-40b7-0310-9c16-bb0ea8cb1845> | 2010-10-14 15:00:53 +0000 |
| commit | a649d73392a57b4f71b781701d7753496c003f86 (patch) | |
| tree | f4aa742bc681b387df2765fd1ed3e1ce6f13e59a | |
| parent | 8b7abbe764261a69d11bc141615526544e379fe4 (diff) | |
| download | neon-a649d73392a57b4f71b781701d7753496c003f86.tar.gz | |
Merge r1797 from trunk:
* src/ne_auth.c: Add handling of 2xx responses in SSPI code.
(Danil Shopyrin <danil visualsvn.com>)
git-svn-id: http://svn.webdav.org/repos/projects/neon/branches/0.29.x@1821 61a7d7f5-40b7-0310-9c16-bb0ea8cb1845
| -rw-r--r-- | src/ne_auth.c | 54 |
1 files changed, 43 insertions, 11 deletions
diff --git a/src/ne_auth.c b/src/ne_auth.c index 2038953..32f2698 100644 --- a/src/ne_auth.c +++ b/src/ne_auth.c @@ -610,11 +610,8 @@ static char *request_sspi(auth_session *sess, struct auth_request *request) return NULL; } -static int sspi_challenge(auth_session *sess, int attempt, - struct auth_challenge *parms, - ne_buffer **errmsg) +static int continue_sspi(auth_session *sess, int ntlm, const char *hdr) { - int ntlm = ne_strcasecmp(parms->protocol->name, "NTLM") == 0; int status; char *response = NULL; @@ -634,17 +631,52 @@ static int sspi_challenge(auth_session *sess, int attempt, } } - status = ne_sspi_authenticate(sess->sspi_context, parms->opaque, &response); + status = ne_sspi_authenticate(sess->sspi_context, hdr, &response); if (status) { return status; } - - sess->sspi_token = response; - - NE_DEBUG(NE_DBG_HTTPAUTH, "auth: SSPI challenge [%s]\n", sess->sspi_token); - + + if (response && *response) { + sess->sspi_token = response; + + NE_DEBUG(NE_DBG_HTTPAUTH, "auth: SSPI challenge [%s]\n", sess->sspi_token); + } + return 0; } + +static int sspi_challenge(auth_session *sess, int attempt, + struct auth_challenge *parms, + ne_buffer **errmsg) +{ + int ntlm = ne_strcasecmp(parms->protocol->name, "NTLM") == 0; + + return continue_sspi(sess, ntlm, parms->opaque); +} + +static int verify_sspi(struct auth_request *req, auth_session *sess, + const char *hdr) +{ + int ntlm = ne_strncasecmp(hdr, "NTLM ", 5) == 0; + char *ptr = strchr(hdr, ' '); + + if (!ptr) { + ne_set_error(sess->sess, _("SSPI response verification failed: " + "invalid response header token")); + return NE_ERROR; + } + + while(*ptr == ' ') + ptr++; + + if (*ptr == '\0') { + NE_DEBUG(NE_DBG_HTTPAUTH, "auth: No token in SSPI response!\n"); + return NE_OK; + } + + return continue_sspi(sess, ntlm, ptr); +} + #endif /* Parse the "domain" challenge parameter and set the domains array up @@ -1200,7 +1232,7 @@ static const struct auth_protocol protocols[] = { sspi_challenge, request_sspi, NULL, AUTH_FLAG_OPAQUE_PARAM|AUTH_FLAG_VERIFY_NON40x|AUTH_FLAG_CONN_AUTH }, { NE_AUTH_GSSAPI, 30, "Negotiate", - sspi_challenge, request_sspi, NULL, + sspi_challenge, request_sspi, verify_sspi, AUTH_FLAG_OPAQUE_PARAM|AUTH_FLAG_VERIFY_NON40x|AUTH_FLAG_CONN_AUTH }, #endif #ifdef HAVE_NTLM |