neon mixes up proxy and target host when using SSPI on Windows

Joe Orton joe at manyfish.co.uk
Fri Sep 2 04:11:14 EDT 2011


On Thu, Aug 25, 2011 at 11:47:29AM +0200, 1983-01-06 at gmx.net wrote:
> It canonicalizes the hostname of the target server instead of the 
> proxy server. The SPN is incorrect and it falls back to SPNEGO with 
> NTLM.

Hi, sorry for the slow reply, I've been on vacation...

Yes, that looks like a bug in the SSPI code, which needs to replicate 
the logic used for GSSAPI to determine the hostname.  Are you able to 
try patches?  Something like this should work, but I'm not on Win32 so 
can't test:

Index: src/ne_auth.c
===================================================================
--- src/ne_auth.c	(revision 1851)
+++ src/ne_auth.c	(working copy)
@@ -1,6 +1,6 @@
 /* 
    HTTP Authentication routines
-   Copyright (C) 1999-2009, Joe Orton <joe at manyfish.co.uk>
+   Copyright (C) 1999-2011, Joe Orton <joe at manyfish.co.uk>
 
    This library is free software; you can redistribute it and/or
    modify it under the terms of the GNU Library General Public
@@ -181,6 +181,7 @@
     /* This is used for SSPI (Negotiate/NTLM) auth */
     char *sspi_token;
     void *sspi_context;
+    char *sspi_host;
 #endif
 #ifdef HAVE_NTLM
      /* This is used for NTLM auth */
@@ -631,7 +632,7 @@
 
         ne_fill_server_uri(sess->sess, &uri);
 
-        status = ne_sspi_create_context(&sess->sspi_context, uri.host, ntlm);
+        status = ne_sspi_create_context(&sess->sspi_context, ahs->sspi_host, ntlm);
 
         ne_uri_free(&uri);
 
@@ -1652,7 +1653,22 @@
         ne_uri_free(&uri);
     }
 #endif
+#ifdef HAVE_SSPI
+    if ((protomask & (NE_AUTH_NTLM|NE_AUTH_GSSAPI)) && !ahs->sspi_host) {
+        ne_uri uri = {0};
+        
+        if (isproxy)
+            ne_fill_proxy_uri(sess, &uri);
+        else
+            ne_fill_server_uri(sess, &uri);
 
+        ahs->sspi_host = uri.host;
+        uri.host = NULL;
+
+        ne_uri_free(&uri);
+    }
+#endif        
+
     /* Find the end of the handler list, and add a new one. */
     hdl = &ahs->handlers;
     while (*hdl)





More information about the neon mailing list