diff options
author | Alex Graveley <alex@ximian.com> | 2001-08-25 01:47:30 +0000 |
---|---|---|
committer | Alex Graveley <orph@src.gnome.org> | 2001-08-25 01:47:30 +0000 |
commit | 73f2d754dbea79dc5ae21a5e046e415bbd29390c (patch) | |
tree | 5fc75aa52d771bf7316ec047ae78e1ba462e87e0 | |
parent | 31cd3abc7c53d5e021942d79ea633b51eed4335f (diff) | |
download | libsoup-73f2d754dbea79dc5ae21a5e046e415bbd29390c.tar.gz |
Always regenerate req->priv->req_header.
2001-08-24 Alex Graveley <alex@ximian.com>
* src/soup-core/soup-queue.c (soup_queue_connect_cb): Always
regenerate req->priv->req_header.
* src/soup-core/soup-ntlm.c (soup_ntlm_lanmanager_hash): pass 15
byte buffer to work around array bounds read by setup_schedule.
* src/soup-core/soup-message.c (authorize_handler): No need to
free msg->priv->req_header as it is generated on each request now.
(soup_message_set_request_header): Ditto.
* src/soup-core/soup-auth.c (ntlm_auth): Only return
auth->response one time. Subsequent calls return NULL.
* src/soup-core/soup-queue.c (soup_encode_http_auth): Check for
NULL auth response.
-rw-r--r-- | ChangeLog | 18 | ||||
-rw-r--r-- | libsoup/soup-auth.c | 74 | ||||
-rw-r--r-- | libsoup/soup-message.c | 10 | ||||
-rw-r--r-- | libsoup/soup-ntlm.c | 4 | ||||
-rw-r--r-- | libsoup/soup-queue.c | 30 |
5 files changed, 76 insertions, 60 deletions
@@ -1,3 +1,21 @@ +2001-08-24 Alex Graveley <alex@ximian.com> + + * src/soup-core/soup-queue.c (soup_queue_connect_cb): Always + regenerate req->priv->req_header. + + * src/soup-core/soup-ntlm.c (soup_ntlm_lanmanager_hash): pass 15 + byte buffer to work around array bounds read by setup_schedule. + + * src/soup-core/soup-message.c (authorize_handler): No need to + free msg->priv->req_header as it is generated on each request now. + (soup_message_set_request_header): Ditto. + + * src/soup-core/soup-auth.c (ntlm_auth): Only return + auth->response one time. Subsequent calls return NULL. + + * src/soup-core/soup-queue.c (soup_encode_http_auth): Check for + NULL auth response. + 2001-08-23 Alex Graveley <alex@ximian.com> * src/soup-core/soup-auth.c (ntlm_new): Fix under-allocation. diff --git a/libsoup/soup-auth.c b/libsoup/soup-auth.c index b3050afc..13a1f6f9 100644 --- a/libsoup/soup-auth.c +++ b/libsoup/soup-auth.c @@ -480,7 +480,6 @@ soup_auth_new_digest (void) typedef struct { SoupAuth auth; - gchar *request; gchar *response; } SoupAuthNTLM; @@ -490,14 +489,43 @@ ntlm_compare_func (SoupAuth *a, SoupAuth *b) return TRUE; } +/* + * SoupAuthNTLMs are one time use. Just return the response, and set our + * reference to NULL so future requests do not include this header. + */ static gchar * ntlm_auth (SoupAuth *sa, SoupMessage *msg) { SoupAuthNTLM *auth = (SoupAuthNTLM *) sa; + gchar *ret; + + ret = auth->response; + auth->response = NULL; - return auth->response ? auth->response : auth->request; + return ret; } +static inline gchar * +ntlm_get_authmech_token (const SoupUri *uri, gchar *key) +{ + gchar *idx; + gint len; + + if (!uri->authmech) return NULL; + + idx = strstr (uri->authmech, key); + if (idx) { + idx += strlen (key); + + len = strcspn (idx, ",; "); + if (len) + return g_strndup (idx, len); + else + return g_strdup (idx); + } + + return NULL; +} /* * FIXME: Because NTLM is a two step process, we parse the host and domain out @@ -510,39 +538,15 @@ ntlm_parse (SoupAuth *sa, const char *header) { SoupAuthNTLM *auth = (SoupAuthNTLM *) sa; const SoupUri *uri = soup_context_get_uri (auth->auth.context); - gchar *idx, *host = NULL, *domain = NULL; + gchar *host, *domain; - /* - idx = strchr (uri->host, '.'); - if (idx) - host = g_strndup (uri->host, idx - uri->host); - else - host = g_strdup (uri->host); - - if (uri->authmech) { - idx = strstr (uri->authmech, "domain="); - if (idx) { - gint len; - - idx += sizeof ("domain=") - 1; - - len = strcspn (idx, ",; "); - if (len) - domain = g_strndup (idx, len); - else - domain = g_strdup (idx); - } - } - - soup_debug_print_uri (uri); - */ - - host = "FAKEHOST"; - domain = "FAKEDOMAIN"; + host = ntlm_get_authmech_token (uri, "host="); + domain = ntlm_get_authmech_token (uri, "domain="); if (strlen (header) < sizeof ("NTLM")) - auth->request = soup_ntlm_request (host, - domain ? domain : "UNKNOWN"); + auth->response = + soup_ntlm_request (host ? host : "UNKNOWN", + domain ? domain : "UNKNOWN"); else { gchar lm_hash [21], nt_hash [21]; @@ -554,14 +558,12 @@ ntlm_parse (SoupAuth *sa, const char *header) uri->user, (gchar *) &lm_hash, (gchar *) &nt_hash, - host, + host ? host : "UNKNOWN", domain ? domain : "UNKNOWN"); } - /* g_free (host); g_free (domain); - */ } static void @@ -569,7 +571,6 @@ ntlm_free (SoupAuth *sa) { SoupAuthNTLM *auth = (SoupAuthNTLM *) sa; - g_free (auth->request); g_free (auth->response); g_free (auth); } @@ -589,6 +590,7 @@ ntlm_new (void) return (SoupAuth *) auth; } + /* * Generic Authentication Interface */ diff --git a/libsoup/soup-message.c b/libsoup/soup-message.c index 3a14ab1b..ffbe2706 100644 --- a/libsoup/soup-message.c +++ b/libsoup/soup-message.c @@ -44,11 +44,6 @@ authorize_handler (SoupMessage *msg, gboolean proxy) ctx->auth = auth; - if (msg->priv->req_header) { - g_string_free (msg->priv->req_header, TRUE); - msg->priv->req_header = NULL; - } - soup_message_queue (msg, msg->priv->callback, msg->priv->user_data); return SOUP_ERROR_NONE; @@ -368,11 +363,6 @@ soup_message_set_request_header (SoupMessage *req, g_return_if_fail (req != NULL); g_return_if_fail (name != NULL || name [0] != '\0'); - if (req->priv->req_header) { - g_string_free (req->priv->req_header, TRUE); - req->priv->req_header = NULL; - } - soup_message_set_header (&req->request_headers, name, value); } diff --git a/libsoup/soup-ntlm.c b/libsoup/soup-ntlm.c index 19797451..43a67dcc 100644 --- a/libsoup/soup-ntlm.c +++ b/libsoup/soup-ntlm.c @@ -65,14 +65,14 @@ static void calc_response (const guchar *key, void soup_ntlm_lanmanager_hash (const char *password, char hash[21]) { - guchar lm_password [14]; + guchar lm_password [15]; DES_KS ks; int i; for (i = 0; i < 14 && password [i]; i++) lm_password [i] = toupper ((unsigned char) password [i]); - for (; i < 14; i++) + for (; i < 15; i++) lm_password [i] = '\0'; memcpy (hash, LM_PASSWORD_MAGIC, 21); diff --git a/libsoup/soup-queue.c b/libsoup/soup-queue.c index 6d79fb84..f2279536 100644 --- a/libsoup/soup-queue.c +++ b/libsoup/soup-queue.c @@ -220,21 +220,23 @@ static void soup_encode_http_auth (SoupMessage *msg, GString *header, gboolean proxy_auth) { SoupContext *ctx; + char *token; ctx = proxy_auth ? soup_get_proxy () : msg->context; if (ctx->auth) { - char *token; - token = soup_auth_authorize (ctx->auth, msg); - - g_string_sprintfa ( - header, - "%s: %s\r\n", - proxy_auth ? "Proxy-Authorization" : "Authorization", - token); - - g_free (token); + if (token) { + g_string_sprintfa ( + header, + "%s: %s\r\n", + proxy_auth ? + "Proxy-Authorization" : + "Authorization", + token); + + g_free (token); + } } } @@ -433,8 +435,12 @@ soup_queue_connect_cb (SoupContext *ctx, return; } - if (!req->priv->req_header) - req->priv->req_header = soup_get_request_header (req); + if (req->priv->req_header) { + g_string_free (req->priv->req_header, TRUE); + req->priv->req_header = NULL; + } + + req->priv->req_header = soup_get_request_header (req); channel = soup_connection_get_iochannel (conn); |