[libsoup/gnome-3-24] Authentication should success in some cases when gss_init_sec_context() returns error
- From: Tomas Popela <tpopela src gnome org>
- To: commits-list gnome org
- Cc:
- Subject: [libsoup/gnome-3-24] Authentication should success in some cases when gss_init_sec_context() returns error
- Date: Fri, 29 Sep 2017 09:23:52 +0000 (UTC)
commit 2134915dcd4ba577591ca8e9c5d572a9c6be572b
Author: Tomas Popela <tpopela redhat com>
Date: Mon Jun 19 18:08:16 2017 +0200
Authentication should success in some cases when gss_init_sec_context() returns error
Unfortunately, so many programs (curl, Firefox) ignore the return token that is
included in the response, so it is possible that there are servers that send
back broken stuff. Try to behave in the right way (pass the token to
gss_init_sec_context()), show a warning, but don't fail if the server returned
200.
There is an internal Red Hat site that triggers the described situation
and the "Invalid token was supplied: Unknown error" is being printed to
the console.
libsoup/soup-auth-negotiate.c | 23 +++++++++++++++++++----
1 files changed, 19 insertions(+), 4 deletions(-)
---
diff --git a/libsoup/soup-auth-negotiate.c b/libsoup/soup-auth-negotiate.c
index 811ee1c..5a49119 100644
--- a/libsoup/soup-auth-negotiate.c
+++ b/libsoup/soup-auth-negotiate.c
@@ -362,13 +362,28 @@ check_server_response (SoupMessage *msg, gpointer auth)
ret = soup_gss_client_step (conn, auth_headers + 10, &err);
- priv->is_authenticated = ret == AUTH_GSS_COMPLETE;
-
- if (ret == AUTH_GSS_CONTINUE) {
+ switch (ret) {
+ case AUTH_GSS_COMPLETE:
+ priv->is_authenticated = TRUE;
+ break;
+ case AUTH_GSS_CONTINUE:
conn->state = SOUP_NEGOTIATE_RECEIVED_CHALLENGE;
- } else if (ret == AUTH_GSS_ERROR) {
+ break;
+ case AUTH_GSS_ERROR:
if (err)
g_warning ("%s", err->message);
+ /* Unfortunately, so many programs (curl, Firefox, ..) ignore
+ * the return token that is included in the response, so it is
+ * possible that there are servers that send back broken stuff.
+ * Try to behave in the right way (pass the token to
+ * gss_init_sec_context()), show a warning, but don't fail
+ * if the server returned 200. */
+ if (msg->status_code == SOUP_STATUS_OK)
+ priv->is_authenticated = TRUE;
+ else
+ conn->state = SOUP_NEGOTIATE_FAILED;
+ break;
+ default:
conn->state = SOUP_NEGOTIATE_FAILED;
}
out:
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]