[libsoup] soup-auth-ntlm: always close connection after NTLM failure

From: Dan Winship <danw src gnome org>
To: commits-list gnome org
Cc:
Subject: [libsoup] soup-auth-ntlm: always close connection after NTLM failure
Date: Thu, 5 Mar 2015 17:24:24 +0000 (UTC)

commit 78e74de238479c2cc316cf6f888c53ddd087b51b
Author: Dan Winship <danw gnome org>
Date:   Thu Mar 5 12:22:22 2015 -0500

    soup-auth-ntlm: always close connection after NTLM failure
    
    SoupAuthNTLM can't recover from receiving a 401 on a previously
    authenticated connection. It was assuming that any such 401 would
    result in the connection being closed, but that's apparently sometimes
    not the case. Force it to get closed anyway in those cases.
    
    https://bugzilla.redhat.com/show_bug.cgi?id=1196765
    https://bugzilla.gnome.org/show_bug.cgi?id=735197

 libsoup/soup-auth-ntlm.c |   11 +++++++----
 tests/ntlm-test.c        |    8 ++++----
 2 files changed, 11 insertions(+), 8 deletions(-)
---
diff --git a/libsoup/soup-auth-ntlm.c b/libsoup/soup-auth-ntlm.c
index ddb6b2e..926fd4a 100644
--- a/libsoup/soup-auth-ntlm.c
+++ b/libsoup/soup-auth-ntlm.c
@@ -303,12 +303,15 @@ soup_auth_ntlm_update_connection (SoupConnectionAuth *auth, SoupMessage *msg,
        if (conn->state > SOUP_NTLM_SENT_REQUEST) {
                if (priv->password_state == SOUP_NTLM_PASSWORD_ACCEPTED) {
                        /* We know our password is correct, so a 401
-                        * means "permission denied". Since the conn
-                        * state is now FAILED, the auth is no longer
-                        * is_ready() for this message, so this will
-                        * cause a "retrying" authenticate signal.
+                        * means "permission denied". The code can't deal
+                        * with re-authenticating correctly, so make sure
+                        * we don't try.
                         */
                        conn->state = SOUP_NTLM_FAILED;
+                       if (soup_message_is_keepalive (msg)) {
+                               soup_message_headers_append (msg->response_headers,
+                                                            "Connection", "close");
+                       }
                        return TRUE;
                }
 
diff --git a/tests/ntlm-test.c b/tests/ntlm-test.c
index a0e02ab..11d40c3 100644
--- a/tests/ntlm-test.c
+++ b/tests/ntlm-test.c
@@ -456,12 +456,12 @@ do_ntlm_round (SoupURI *base_uri, gboolean use_ntlm,
                    SOUP_STATUS_UNAUTHORIZED);
 
        /* 8. Server accepts Basic or NTLM from either user.
-        * Alice-via-NTLM is still authenticated at this point from #6,
-        * and Bob-via-NTLM is authenticated from #7, so neither
-        * of them will do anything.
+        * NTLM users will try NTLM without getting a prompt (their
+        * previous NTLM connections will have been closed by the 401
+        * from /basic). Non-NTLM users will be prompted for either.
         */
        do_message (session, base_uri, "/either",
-                   !use_ntlm, FALSE,
+                   !use_ntlm, use_ntlm,
                    !use_ntlm, !use_ntlm && user != NULL,
                    user != NULL ? SOUP_STATUS_OK :
                    SOUP_STATUS_UNAUTHORIZED);

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]