73 lines
2.6 KiB
Diff
73 lines
2.6 KiB
Diff
From 1d532c8ea8b5c4a15f16894afcd604155c016ceb Mon Sep 17 00:00:00 2001
|
|
From: Tomas Popela <tpopela@redhat.com>
|
|
Date: Wed, 14 Jun 2017 11:46:42 +0200
|
|
Subject: [PATCH 2/3] Can't access sites that request closing the connection
|
|
during 401
|
|
|
|
When a 401 message is received, a new token is generated and saved in
|
|
the SoupNegotiateConnectionState's respose header. Later when the connection is
|
|
closed (as requested by the server), the state is destroyed together with
|
|
the response header. When a new request is being created and we are asked for
|
|
the connection authorization, the newly created connection state doesn't have it
|
|
set. At this point if the connection state is newly created, generate a new token
|
|
together with the response header that will be returned as the connection
|
|
authorization.
|
|
|
|
Also modify how the warning from the soup_gss_build_response is printed
|
|
to differentiate if there was a failure during soup_gss_client_init or
|
|
soup_gss_client_step.
|
|
---
|
|
libsoup/soup-auth-negotiate.c | 29 +++++++++++++++++++++++++++--
|
|
1 file changed, 27 insertions(+), 2 deletions(-)
|
|
|
|
diff --git a/libsoup/soup-auth-negotiate.c b/libsoup/soup-auth-negotiate.c
|
|
index 78c56b83..811ee1c2 100644
|
|
--- a/libsoup/soup-auth-negotiate.c
|
|
+++ b/libsoup/soup-auth-negotiate.c
|
|
@@ -188,7 +188,29 @@ soup_auth_negotiate_get_connection_authorization (SoupConnectionAuth *auth,
|
|
SoupNegotiateConnectionState *conn = state;
|
|
char *header = NULL;
|
|
|
|
- if (conn->state == SOUP_NEGOTIATE_RECEIVED_CHALLENGE) {
|
|
+ if (conn->state == SOUP_NEGOTIATE_NEW) {
|
|
+ GError *err = NULL;
|
|
+
|
|
+ if (!check_auth_trusted_uri (auth, msg)) {
|
|
+ conn->state = SOUP_NEGOTIATE_FAILED;
|
|
+ return NULL;
|
|
+ }
|
|
+
|
|
+ if (!soup_gss_build_response (conn, SOUP_AUTH (auth), &err)) {
|
|
+ /* FIXME: report further upward via
|
|
+ * soup_message_get_error_message */
|
|
+ if (conn->initialized)
|
|
+ g_warning ("gssapi step failed: %s", err->message);
|
|
+ else
|
|
+ g_warning ("gssapi init failed: %s", err->message);
|
|
+ conn->state = SOUP_NEGOTIATE_FAILED;
|
|
+ g_clear_error (&err);
|
|
+
|
|
+ return NULL;
|
|
+ }
|
|
+ }
|
|
+
|
|
+ if (conn->response_header) {
|
|
header = conn->response_header;
|
|
conn->response_header = NULL;
|
|
conn->state = SOUP_NEGOTIATE_SENT_RESPONSE;
|
|
@@ -251,7 +273,10 @@ soup_auth_negotiate_update_connection (SoupConnectionAuth *auth, SoupMessage *ms
|
|
} else {
|
|
/* FIXME: report further upward via
|
|
* soup_message_get_error_message */
|
|
- g_warning ("gssapi step failed: %s", err->message);
|
|
+ if (conn->initialized)
|
|
+ g_warning ("gssapi step failed: %s", err->message);
|
|
+ else
|
|
+ g_warning ("gssapi init failed: %s", err->message);
|
|
success = FALSE;
|
|
}
|
|
} else if (!strncmp (header, "Negotiate ", 10)) {
|
|
--
|
|
2.13.0
|
|
|