From 1d532c8ea8b5c4a15f16894afcd604155c016ceb Mon Sep 17 00:00:00 2001 From: Tomas Popela Date: Wed, 14 Jun 2017 11:46:42 +0200 Subject: [PATCH 2/3] Can't access sites that request closing the connection during 401 When a 401 message is received, a new token is generated and saved in the SoupNegotiateConnectionState's respose header. Later when the connection is closed (as requested by the server), the state is destroyed together with the response header. When a new request is being created and we are asked for the connection authorization, the newly created connection state doesn't have it set. At this point if the connection state is newly created, generate a new token together with the response header that will be returned as the connection authorization. Also modify how the warning from the soup_gss_build_response is printed to differentiate if there was a failure during soup_gss_client_init or soup_gss_client_step. --- libsoup/soup-auth-negotiate.c | 29 +++++++++++++++++++++++++++-- 1 file changed, 27 insertions(+), 2 deletions(-) diff --git a/libsoup/soup-auth-negotiate.c b/libsoup/soup-auth-negotiate.c index 78c56b83..811ee1c2 100644 --- a/libsoup/soup-auth-negotiate.c +++ b/libsoup/soup-auth-negotiate.c @@ -188,7 +188,29 @@ soup_auth_negotiate_get_connection_authorization (SoupConnectionAuth *auth, SoupNegotiateConnectionState *conn = state; char *header = NULL; - if (conn->state == SOUP_NEGOTIATE_RECEIVED_CHALLENGE) { + if (conn->state == SOUP_NEGOTIATE_NEW) { + GError *err = NULL; + + if (!check_auth_trusted_uri (auth, msg)) { + conn->state = SOUP_NEGOTIATE_FAILED; + return NULL; + } + + if (!soup_gss_build_response (conn, SOUP_AUTH (auth), &err)) { + /* FIXME: report further upward via + * soup_message_get_error_message */ + if (conn->initialized) + g_warning ("gssapi step failed: %s", err->message); + else + g_warning ("gssapi init failed: %s", err->message); + conn->state = SOUP_NEGOTIATE_FAILED; + g_clear_error (&err); + + return NULL; + } + } + + if (conn->response_header) { header = conn->response_header; conn->response_header = NULL; conn->state = SOUP_NEGOTIATE_SENT_RESPONSE; @@ -251,7 +273,10 @@ soup_auth_negotiate_update_connection (SoupConnectionAuth *auth, SoupMessage *ms } else { /* FIXME: report further upward via * soup_message_get_error_message */ - g_warning ("gssapi step failed: %s", err->message); + if (conn->initialized) + g_warning ("gssapi step failed: %s", err->message); + else + g_warning ("gssapi init failed: %s", err->message); success = FALSE; } } else if (!strncmp (header, "Negotiate ", 10)) { -- 2.13.0