diff options
| author | Dan Winship <danw@gnome.org> | 2015-03-05 12:22:22 -0500 |
|---|---|---|
| committer | Dan Winship <danw@gnome.org> | 2015-03-05 12:22:22 -0500 |
| commit | 78e74de238479c2cc316cf6f888c53ddd087b51b (patch) | |
| tree | 40ef974c95400b9c17ac66d99db0887827d9c7d5 | |
| parent | 5af4e2c80e09ac1cbcec484dcc9c42563baecd2c (diff) | |
| download | libsoup-78e74de238479c2cc316cf6f888c53ddd087b51b.tar.gz | |
soup-auth-ntlm: always close connection after NTLM failure
SoupAuthNTLM can't recover from receiving a 401 on a previously
authenticated connection. It was assuming that any such 401 would
result in the connection being closed, but that's apparently sometimes
not the case. Force it to get closed anyway in those cases.
https://bugzilla.redhat.com/show_bug.cgi?id=1196765
https://bugzilla.gnome.org/show_bug.cgi?id=735197
| -rw-r--r-- | libsoup/soup-auth-ntlm.c | 11 | ||||
| -rw-r--r-- | tests/ntlm-test.c | 8 |
2 files changed, 11 insertions, 8 deletions
diff --git a/libsoup/soup-auth-ntlm.c b/libsoup/soup-auth-ntlm.c index ddb6b2ed..926fd4a8 100644 --- a/libsoup/soup-auth-ntlm.c +++ b/libsoup/soup-auth-ntlm.c @@ -303,12 +303,15 @@ soup_auth_ntlm_update_connection (SoupConnectionAuth *auth, SoupMessage *msg, if (conn->state > SOUP_NTLM_SENT_REQUEST) { if (priv->password_state == SOUP_NTLM_PASSWORD_ACCEPTED) { /* We know our password is correct, so a 401 - * means "permission denied". Since the conn - * state is now FAILED, the auth is no longer - * is_ready() for this message, so this will - * cause a "retrying" authenticate signal. + * means "permission denied". The code can't deal + * with re-authenticating correctly, so make sure + * we don't try. */ conn->state = SOUP_NTLM_FAILED; + if (soup_message_is_keepalive (msg)) { + soup_message_headers_append (msg->response_headers, + "Connection", "close"); + } return TRUE; } diff --git a/tests/ntlm-test.c b/tests/ntlm-test.c index a0e02ab4..11d40c3a 100644 --- a/tests/ntlm-test.c +++ b/tests/ntlm-test.c @@ -456,12 +456,12 @@ do_ntlm_round (SoupURI *base_uri, gboolean use_ntlm, SOUP_STATUS_UNAUTHORIZED); /* 8. Server accepts Basic or NTLM from either user. - * Alice-via-NTLM is still authenticated at this point from #6, - * and Bob-via-NTLM is authenticated from #7, so neither - * of them will do anything. + * NTLM users will try NTLM without getting a prompt (their + * previous NTLM connections will have been closed by the 401 + * from /basic). Non-NTLM users will be prompted for either. */ do_message (session, base_uri, "/either", - !use_ntlm, FALSE, + !use_ntlm, use_ntlm, !use_ntlm, !use_ntlm && user != NULL, user != NULL ? SOUP_STATUS_OK : SOUP_STATUS_UNAUTHORIZED); |