| blob | 21e66d9a2a7a332bc622820854620da492764878 |
1 --- src/ne_auth.c 2010-10-14 17:00:53.000000000 +0200
2 +++ src/ne_auth.c 2011-02-03 10:31:22.000000000 +0100
3 @@ -367,7 +367,7 @@
4 static int get_credentials(auth_session *sess, ne_buffer **errmsg, int attempt,
5 struct auth_challenge *chall, char *pwbuf)
6 {
7 - if (chall->handler->creds(chall->handler->userdata, sess->realm,
8 + if (chall->handler->creds(chall->handler->userdata, chall->protocol->name, sess->realm,
9 chall->handler->attempt++, sess->username, pwbuf) == 0) {
10 return 0;
11 } else {
12 @@ -385,15 +385,19 @@
13 {
14 char *tmp, password[NE_ABUFSIZ];
16 +#if 0 /* Workaround - IIS sends challenge without realm. */
17 +
18 /* Verify challenge... must have a realm */
19 if (parms->realm == NULL) {
20 challenge_error(errmsg, _("missing realm in Basic challenge"));
21 return -1;
22 }
23 +#endif
25 clean_session(sess);
27 - sess->realm = ne_strdup(parms->realm);
28 + if (parms->realm != NULL)
29 + sess->realm = ne_strdup(parms->realm);
31 if (get_credentials(sess, errmsg, attempt, parms, password)) {
32 /* Failed to get credentials */
33 @@ -610,10 +614,12 @@
34 return NULL;
35 }
37 -static int continue_sspi(auth_session *sess, int ntlm, const char *hdr)
38 +static int continue_sspi(auth_session *sess, int ntlm, const char *hdr,
39 + int attempt, struct auth_challenge *parms, ne_buffer **errmsg)
40 {
41 int status;
42 char *response = NULL;
43 + char password[NE_ABUFSIZ];
45 NE_DEBUG(NE_DBG_HTTPAUTH, "auth: SSPI challenge.\n");
47 @@ -630,8 +636,17 @@
48 return status;
49 }
50 }
51 -
52 - status = ne_sspi_authenticate(sess->sspi_context, hdr, &response);
53 +
54 + /* Authentification needs more than one http request.
55 + * As long as authentification in progress use the existing credentials.
56 + * Otherwise get new credentials.*/
57 + if (!hdr)
58 + if (get_credentials(sess, errmsg, attempt, parms, password)) {
59 + /* Failed to get credentials */
60 + return -1;
61 + }
62 +
63 + status = ne_sspi_authenticate(sess->sspi_context, hdr, &response, sess->username, password);
64 if (status) {
65 return status;
66 }
67 @@ -651,7 +666,7 @@
68 {
69 int ntlm = ne_strcasecmp(parms->protocol->name, "NTLM") == 0;
71 - return continue_sspi(sess, ntlm, parms->opaque);
72 + return continue_sspi(sess, ntlm, parms->opaque, attempt, parms, errmsg);
73 }
75 static int verify_sspi(struct auth_request *req, auth_session *sess,
76 @@ -674,7 +689,7 @@
77 return NE_OK;
78 }
80 - return continue_sspi(sess, ntlm, ptr);
81 + return continue_sspi(sess, ntlm, ptr, 0, NULL, NULL);
82 }
84 #endif
85 --- src/ne_auth.h 2009-09-01 22:13:12.000000000 +0200
86 +++ src/ne_auth.h 2011-02-03 10:26:20.000000000 +0100
87 @@ -47,8 +47,8 @@
88 * Hint: if you just wish to attempt authentication just once (even if
89 * the user gets the username/password wrong), have the callback
90 * function use 'attempt' value as the function return value. */
91 -typedef int (*ne_auth_creds)(void *userdata, const char *realm, int attempt,
92 - char *username, char *password);
93 +typedef int (*ne_auth_creds)(void *userdata, const char * auth_protocol,
94 + const char *realm, int attempt, char *username, char *password);
96 /* Set callbacks to provide credentials for server and proxy
97 * authentication, using the default set of authentication protocols.
98 --- src/ne_defs.h 2010-01-11 23:57:34.000000000 +0100
99 +++ src/ne_defs.h 2011-02-03 10:26:20.000000000 +0100
100 @@ -41,7 +41,7 @@
101 #endif
103 /* define ssize_t for Win32 */
104 -#if defined(WIN32) && !defined(ssize_t)
105 +#if defined(WIN32) && !defined(ssize_t) && !defined(__MINGW32__)
106 #define ssize_t int
107 #endif
109 --- src/ne_locks.c 2007-02-05 11:09:27.000000000 +0100
110 +++ src/ne_locks.c 2011-02-03 10:26:21.000000000 +0100
111 @@ -579,6 +579,23 @@
112 const char *token = ne_get_response_header(ctx->req, "Lock-Token");
113 /* at the root element; retrieve the Lock-Token header,
114 * and bail if it wasn't given. */
115 +#ifdef IIS_LOCK_BUG_WORKAROUND
116 + /* MS IIS violates RFC 2518/4918. It does not send a Lock-Token response
117 + header upon successful creation of a new lock. As a workaround, we
118 + will try to pick the lock token from the response body (although
119 + this is not 100% safe in case of multiple activelocks). */
120 + if (token == NULL)
121 + NE_DEBUG(NE_DBG_LOCKS,
122 + "Ignoring missing LOCK response Lock-Token header\n");
123 +
124 + if (token != NULL) {
125 + if (token[0] == '<') token++;
126 + ctx->token = ne_strdup(token);
127 + ne_shave(ctx->token, ">");
128 + NE_DEBUG(NE_DBG_LOCKS, "lk_startelm: Finding token %s\n",
129 + ctx->token);
130 + }
131 +#else
132 if (token == NULL) {
133 ne_xml_set_error(ctx->parser,
134 _("LOCK response missing Lock-Token header"));
135 @@ -590,12 +607,28 @@
136 ne_shave(ctx->token, ">");
137 NE_DEBUG(NE_DBG_LOCKS, "lk_startelm: Finding token %s\n",
138 ctx->token);
139 +#endif
140 }
142 /* TODO: only accept 'prop' as root for LOCK response */
143 if (!can_accept(parent, id))
144 return NE_XML_DECLINE;
146 +#ifdef IIS_LOCK_BUG_WORKAROUND
147 + if (id == ELM_activelock && ctx->found) {
148 + /* Found another activelock... */
149 + const char *token = ne_get_response_header(ctx->req, "Lock-Token");
150 + if (token == NULL) {
151 + /* Response contains more than one activelock and no Lock-Token
152 + * response header. We are doomed. No safe workaround for IIS
153 + * lock bug possible. */
154 + ne_xml_set_error(ctx->parser,
155 + _("LOCK response missing Lock-Token header and more than one activelock"));
156 + return NE_XML_ABORT;
157 + }
158 + }
159 +#endif
160 +
161 if (id == ELM_activelock && !ctx->found) {
162 /* a new activelock */
163 ne_lock_free(&ctx->active);
164 @@ -621,7 +654,12 @@
165 return -1;
167 if (state == ELM_activelock) {
168 +#ifdef IIS_LOCK_BUG_WORKAROUND
169 + if (ctx->active.token) {
170 + ctx->token = ne_strdup(ctx->active.token);
171 +#else
172 if (ctx->active.token && strcmp(ctx->active.token, ctx->token) == 0) {
173 +#endif
174 ctx->found = 1;
175 }
176 }
177 --- src/ne_locks.h 2006-01-02 12:43:19.000000000 +0100
178 +++ src/ne_locks.h 2011-02-03 10:26:21.000000000 +0100
179 @@ -22,6 +22,10 @@
180 #ifndef NE_LOCKS_H
181 #define NE_LOCKS_H
183 +# if defined __GNUC__
184 +# pragma GCC system_header
185 +# endif
186 +
187 #include "ne_request.h" /* for ne_session + ne_request */
188 #include "ne_uri.h" /* for ne_uri */
190 --- src/ne_sspi.c 2007-08-10 17:26:08.000000000 +0200
191 +++ src/ne_sspi.c 2011-02-03 10:26:21.000000000 +0100
192 @@ -206,6 +206,45 @@
193 }
195 /*
196 + * Simplification wrapper arround AcquireCredentialsHandle as most of
197 + * the parameters do not change.
198 + */
199 +static int acquireCredentialsHandleForUsername(CredHandle * credentials, char *package, const char *username, const char *password)
200 +{
201 + SECURITY_STATUS status;
202 + TimeStamp timestamp;
203 +
204 + const char *domain = "";
205 +
206 + int rc, rcISC;
207 + SecPkgInfo *secPackInfo;
208 + SEC_WINNT_AUTH_IDENTITY *nameAndPwd = NULL;
209 + int bytesReceived = 0, bytesSent = 0;
210 +
211 + nameAndPwd = (SEC_WINNT_AUTH_IDENTITY *) malloc( sizeof(SEC_WINNT_AUTH_IDENTITY) );
212 + memset( nameAndPwd, '\0', sizeof (*nameAndPwd) );
213 + nameAndPwd->Domain = (unsigned char *) _strdup( domain? domain: "" );
214 + nameAndPwd->DomainLength = domain? strlen( domain ): 0;
215 + nameAndPwd->User = (unsigned char *) _strdup( username? username: "" );
216 + nameAndPwd->UserLength = username? strlen( username ): 0;
217 + nameAndPwd->Password = (unsigned char *) _strdup( password? password: "" );
218 + nameAndPwd->PasswordLength = password? strlen( password ): 0;
219 + nameAndPwd->Flags = SEC_WINNT_AUTH_IDENTITY_ANSI;
220 +
221 + status = pSFT->AcquireCredentialsHandle( NULL, package, SECPKG_CRED_OUTBOUND,
222 + NULL, nameAndPwd, NULL, NULL, credentials, ×tamp );
223 +
224 + if (status != SEC_E_OK) {
225 + NE_DEBUG(NE_DBG_HTTPAUTH,
226 + "sspi: AcquireCredentialsHandle [fail] [%x].\n", status);
227 + return -1;
228 + }
229 +
230 + return 0;
231 +}
232 +
233 +
234 +/*
235 * Wrapper arround initializeSecurityContext. Supplies several
236 * default parameters as well as logging in case of errors.
237 */
238 @@ -483,7 +522,7 @@
239 * Processes received authentication tokens as well as supplies the
240 * response token.
241 */
242 -int ne_sspi_authenticate(void *context, const char *base64Token, char **responseToken)
243 +int ne_sspi_authenticate(void *context, const char *base64Token, char **responseToken, const char* username, const char* password)
244 {
245 SecBufferDesc outBufferDesc;
246 SecBuffer outBuffer;
247 @@ -561,13 +600,22 @@
248 /* Reset any existing context since we are starting over */
249 resetContext(sspiContext);
251 - if (acquireCredentialsHandle
252 - (&sspiContext->credentials, sspiContext->mechanism) != SEC_E_OK) {
253 - freeBuffer(&outBufferDesc);
254 - NE_DEBUG(NE_DBG_HTTPAUTH,
255 - "sspi: acquireCredentialsHandle failed.\n");
256 - return -1;
257 - }
258 + if (strlen(username) != 0) {
259 + if (acquireCredentialsHandleForUsername
260 + (&sspiContext->credentials, sspiContext->mechanism, username, password) != SEC_E_OK) {
261 + freeBuffer(&outBufferDesc);
262 + NE_DEBUG(NE_DBG_HTTPAUTH, "sspi: acquireCredentialsHandleForUsername failed.\n");
263 + return -1;
264 + }
265 + } else {
266 + if (acquireCredentialsHandle
267 + (&sspiContext->credentials, sspiContext->mechanism) != SEC_E_OK) {
268 + freeBuffer(&outBufferDesc);
269 + NE_DEBUG(NE_DBG_HTTPAUTH, "sspi: acquireCredentialsHandle failed.\n");
270 + return -1;
271 + }
272 + }
273 +
275 securityStatus =
276 initializeSecurityContext(&sspiContext->credentials, NULL,
277 --- src/ne_sspi.h 2006-02-12 13:05:14.000000000 +0100
278 +++ src/ne_sspi.h 2011-02-03 10:26:21.000000000 +0100
279 @@ -41,7 +41,7 @@
280 int ne_sspi_clear_context(void *context);
282 int ne_sspi_authenticate(void *context, const char *base64Token,
283 - char **responseToken);
284 + char **responseToken, const char* username, const char* password);
286 #endif /* HAVE_SSPI */
288 --- src/ne_uri.c 2007-12-05 12:04:47.000000000 +0100
289 +++ src/ne_uri.c 2011-02-03 10:26:21.000000000 +0100
290 @@ -42,7 +42,7 @@
291 #include "ne_alloc.h"
292 #include "ne_uri.h"
294 -/* URI ABNF from RFC 3986: */
295 +/* URI ABNF from RFC 3986: (TKR: SharePoint is contradictory to this RFC. So I fix it here. )*/
297 #define PS (0x0001) /* "+" */
298 #define PC (0x0002) /* "%" */
299 @@ -67,6 +67,9 @@
301 #define OT (0x4000) /* others */
303 +/* TKR new symbol */
304 +#define WS (0x8000) /* Whitespaces ( Space, Tab ) */
305 +
306 #define URI_ALPHA (AL)
307 #define URI_DIGIT (DG)
309 @@ -83,20 +86,21 @@
310 /* pchar = unreserved / pct-encoded / sub-delims / ":" / "@" */
311 #define URI_PCHAR (URI_UNRESERVED | PC | URI_SUBDELIM | CL | AT)
312 /* invented: segchar = pchar / "/" */
313 -#define URI_SEGCHAR (URI_PCHAR | FS)
314 +/* (TKR) WS added */
315 +#define URI_SEGCHAR (URI_PCHAR | FS | WS)
316 /* query = *( pchar / "/" / "?" ) */
317 #define URI_QUERY (URI_PCHAR | FS | QU)
318 /* fragment == query */
319 #define URI_FRAGMENT URI_QUERY
321 /* any characters which should be path-escaped: */
322 -#define URI_ESCAPE ((URI_GENDELIM & ~(FS)) | URI_SUBDELIM | OT | PC)
323 +#define URI_ESCAPE ((URI_GENDELIM & ~(FS)) | URI_SUBDELIM | OT | WS | PC)
325 static const unsigned int uri_chars[256] = {
326 /* 0xXX x0 x2 x4 x6 x8 xA xC xE */
327 -/* 0x */ OT, OT, OT, OT, OT, OT, OT, OT, OT, OT, OT, OT, OT, OT, OT, OT,
328 +/* 0x */ OT, OT, OT, OT, OT, OT, OT, OT, OT, WS, OT, OT, OT, OT, OT, OT,
329 /* 1x */ OT, OT, OT, OT, OT, OT, OT, OT, OT, OT, OT, OT, OT, OT, OT, OT,
330 -/* 2x */ OT, SD, OT, GD, SD, PC, SD, SD, SD, SD, SD, PS, SD, DS, DT, FS,
331 +/* 2x */ WS, SD, OT, GD, SD, PC, SD, SD, SD, SD, SD, PS, SD, DS, DT, FS,
332 /* 3x */ DG, DG, DG, DG, DG, DG, DG, DG, DG, DG, CL, SD, OT, SD, OT, QU,
333 /* 4x */ AT, AL, AL, AL, AL, AL, AL, AL, AL, AL, AL, AL, AL, AL, AL, AL,
334 /* 5x */ AL, AL, AL, AL, AL, AL, AL, AL, AL, AL, AL, GD, OT, GD, OT, US,
335 --- src/ne_utils.c 2006-03-07 10:36:43.000000000 +0100
336 +++ src/ne_utils.c 2011-02-03 10:26:21.000000000 +0100
337 @@ -118,6 +118,9 @@
338 #ifdef HAVE_GNUTLS
339 ", GNU TLS " LIBGNUTLS_VERSION
340 #endif /* HAVE_GNUTLS */
341 +#ifdef HAVE_SSPI
342 + ", SSPI"
343 +#endif /* HAVE_SSPI */
344 "."
345 ;
347 @@ -137,7 +140,7 @@
348 switch (feature) {
349 #if defined(NE_HAVE_SSL) || defined(NE_HAVE_ZLIB) || defined(NE_HAVE_IPV6) \
350 || defined(NE_HAVE_SOCKS) || defined(NE_HAVE_LFS) \
351 - || defined(NE_HAVE_TS_SSL) || defined(NE_HAVE_I18N)
352 + || defined(NE_HAVE_TS_SSL) || defined(NE_HAVE_I18N) || defined(HAVE_SSPI)
353 #ifdef NE_HAVE_SSL
354 case NE_FEATURE_SSL:
355 #endif
356 @@ -159,6 +162,9 @@
357 #ifdef NE_HAVE_I18N
358 case NE_FEATURE_I18N:
359 #endif
360 +#ifdef HAVE_SSPI
361 + case NE_FEATURE_SSPI:
362 +#endif
363 return 1;
364 #endif /* NE_HAVE_* */
365 default:
366 --- src/ne_utils.h 2007-07-16 08:54:57.000000000 +0200
367 +++ src/ne_utils.h 2011-02-03 10:26:21.000000000 +0100
368 @@ -54,6 +54,7 @@
369 #define NE_FEATURE_SOCKS (5) /* SOCKSv5 support */
370 #define NE_FEATURE_TS_SSL (6) /* Thread-safe SSL/TLS support */
371 #define NE_FEATURE_I18N (7) /* i18n error message support */
372 +#define NE_FEATURE_SSPI (8) /* NTLM/Negotiate authentication protocol via SSPI */
374 /* Returns non-zero if library is built with support for the given
375 * NE_FEATURE_* feature code 'code'. */