commit: r1797 - neon/trunk/src

joe at manyfish.co.uk joe at manyfish.co.uk
Wed Apr 21 16:30:47 EDT 2010


Author: joe
Date: Wed Apr 21 20:30:46 2010
New Revision: 1797

Modified:
   neon/trunk/src/ne_auth.c

Log:
* src/ne_auth.c: Add handling of 2xx responses in SSPI code.
(Danil Shopyrin <danil visualsvn.com>)


Modified: neon/trunk/src/ne_auth.c
==============================================================================
--- neon/trunk/src/ne_auth.c	(original)
+++ neon/trunk/src/ne_auth.c	Wed Apr 21 20:30:46 2010
@@ -610,11 +610,8 @@
         return NULL;
 }
 
-static int sspi_challenge(auth_session *sess, int attempt,
-                          struct auth_challenge *parms,
-                          ne_buffer **errmsg) 
+static int continue_sspi(auth_session *sess, int ntlm, const char *hdr)
 {
-    int ntlm = ne_strcasecmp(parms->protocol->name, "NTLM") == 0;
     int status;
     char *response = NULL;
     
@@ -634,17 +631,52 @@
         }
     }
     
-    status = ne_sspi_authenticate(sess->sspi_context, parms->opaque, &response);
+    status = ne_sspi_authenticate(sess->sspi_context, hdr, &response);
     if (status) {
         return status;
     }
-    
-    sess->sspi_token = response;
-    
-    NE_DEBUG(NE_DBG_HTTPAUTH, "auth: SSPI challenge [%s]\n", sess->sspi_token);
-    
+
+    if (response && *response) {
+        sess->sspi_token = response;
+        
+        NE_DEBUG(NE_DBG_HTTPAUTH, "auth: SSPI challenge [%s]\n", sess->sspi_token);
+    }
+
     return 0;
 }
+
+static int sspi_challenge(auth_session *sess, int attempt,
+                          struct auth_challenge *parms,
+                          ne_buffer **errmsg) 
+{
+    int ntlm = ne_strcasecmp(parms->protocol->name, "NTLM") == 0;
+
+    return continue_sspi(sess, ntlm, parms->opaque);
+}
+
+static int verify_sspi(struct auth_request *req, auth_session *sess,
+                       const char *hdr)
+{
+    int ntlm = ne_strncasecmp(hdr, "NTLM ", 5) == 0;
+    char *ptr = strchr(hdr, ' ');
+
+    if (!ptr) {
+        ne_set_error(sess->sess, _("SSPI response verification failed: "
+                                   "invalid response header token"));
+        return NE_ERROR;
+    }
+
+    while(*ptr == ' ')
+        ptr++;
+
+    if (*ptr == '\0') {
+        NE_DEBUG(NE_DBG_HTTPAUTH, "auth: No token in SSPI response!\n");
+        return NE_OK;
+    }
+
+    return continue_sspi(sess, ntlm, ptr);
+}
+
 #endif
 
 /* Parse the "domain" challenge parameter and set the domains array up
@@ -1200,7 +1232,7 @@
       sspi_challenge, request_sspi, NULL,
       AUTH_FLAG_OPAQUE_PARAM|AUTH_FLAG_VERIFY_NON40x|AUTH_FLAG_CONN_AUTH },
     { NE_AUTH_GSSAPI, 30, "Negotiate",
-      sspi_challenge, request_sspi, NULL,
+      sspi_challenge, request_sspi, verify_sspi,
       AUTH_FLAG_OPAQUE_PARAM|AUTH_FLAG_VERIFY_NON40x|AUTH_FLAG_CONN_AUTH },
 #endif
 #ifdef HAVE_NTLM



More information about the neon-commits mailing list