[libsoup/mcatanzaro/#184: 1/3] negotiate: don't print warnings if response is HTTP 200




commit a024099b72a31f29b65293867a7029b95391ab93
Author: Michael Catanzaro <mcatanzaro redhat com>
Date:   Wed May 4 15:47:51 2022 -0500

    negotiate: don't print warnings if response is HTTP 200
    
    If the server sends a success status code, then whatevs, we good. If
    there's no WWW-Authenticate header, nothing more is required from us.
    We're done.
    
    If we get status code 200 and a WWW-Authenticate header that contains a
    value, then go ahead and continue to try to handle it. The preexisting
    code will print a warning if it's invalid, but treat is as success
    anyway. The preexisting comment explains why this is necessary.
    
    Fixes #184

 libsoup/auth/soup-auth-negotiate.c | 17 ++++++++++++++---
 1 file changed, 14 insertions(+), 3 deletions(-)
---
diff --git a/libsoup/auth/soup-auth-negotiate.c b/libsoup/auth/soup-auth-negotiate.c
index 8fd396f9..5f1c4a12 100644
--- a/libsoup/auth/soup-auth-negotiate.c
+++ b/libsoup/auth/soup-auth-negotiate.c
@@ -361,9 +361,20 @@ check_server_response (SoupMessage *msg, gpointer auth)
        auth_headers = soup_message_headers_get_one_common (soup_message_get_response_headers (msg),
                                                             SOUP_HEADER_WWW_AUTHENTICATE);
        if (!auth_headers || g_ascii_strncasecmp (auth_headers, "Negotiate ", 10) != 0) {
-               g_warning ("Failed to parse auth header");
+               if (soup_message_get_status (msg) == SOUP_STATUS_OK) {
+                       /* The server *may* supply final authentication data to
+                        * the client, but doesn't have to. We are not
+                        * authenticating the server, so just ignore missing
+                        * auth data. In practice, this is required for web
+                        * compat.
+                        */
+                       priv->is_authenticated = TRUE;
+                       return;
+               }
+
+               g_warning ("Server bug: missing or invalid WWW-Authenticate header: %s", auth_headers);
                conn->state = SOUP_NEGOTIATE_FAILED;
-               goto out;
+               return;
        }
 
        ret = soup_gss_client_step (conn, auth_headers + 10, &error_message);
@@ -393,7 +404,7 @@ check_server_response (SoupMessage *msg, gpointer auth)
        default:
                conn->state = SOUP_NEGOTIATE_FAILED;
        }
- out:
+
        g_clear_pointer (&error_message, g_free);
 }
 


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]