summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorStef Walter <stef@memberwebs.com>2006-05-19 15:57:35 +0000
committerStef Walter <stef@memberwebs.com>2006-05-19 15:57:35 +0000
commit41ecc7c08a82accbbd539e2dfd7abb5c496eda03 (patch)
tree55ea180541c9512590c82eb7a265df5c96111a45
parent9a69e4e83adb5d23a04a03fddfbef37f4850d0d0 (diff)
- Fix problem with NTLM not authenticating POST in IE properly
-rw-r--r--ChangeLog1
-rw-r--r--daemon/ntlm.c43
2 files changed, 13 insertions, 31 deletions
diff --git a/ChangeLog b/ChangeLog
index 9f5bfad..e2f456d 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,5 +1,6 @@
0.5.1
- Fix problem with NTLM connection caching
+ - Fix problem with NTLM not authenticating POST in IE properly
- Better log handling when things are fast and furious
0.5
diff --git a/daemon/ntlm.c b/daemon/ntlm.c
index 53d960d..bb08995 100644
--- a/daemon/ntlm.c
+++ b/daemon/ntlm.c
@@ -358,34 +358,11 @@ int ntlm_auth_ntlm(ha_request_t* rq, ntlm_context_t* ctx, void* key,
/*
* If we already have a connection to the domain controller
* then we're in trouble. Basically this is the second
- * type 1 message we've received over this connection.
- *
- * TODO: Eventually what we want to do here is wait for the
- * other authentication request to complete, or something
- * like that.
+ * type 1 message we've received over this connection. We allow
+ * the second message to authenticate.
*/
if(conn)
- {
- /*
- * In this case we also add the connection back into the
- * pending stack so that the correct request will complete
- * properly when it comes through.
- */
- r = putpending(ctx, key, conn);
- conn = NULL;
-
- if(r < 0)
- {
- RETURN(HA_CRITERROR);
- }
- else
- {
- ha_messagex(rq, LOG_ERR, "received out of order NTLM request from client");
- rq->resp_code = HA_SERVER_BADREQ;
- RETURN(HA_FALSE);
- }
- }
-
+ freeconnection(rq, conn);
/*
* Check how many connections we have to the domain controller
@@ -508,13 +485,16 @@ int ntlm_auth_ntlm(ha_request_t* rq, ntlm_context_t* ctx, void* key,
else
{
int r;
- rq->resp_detail = (const char*)ntlmssp.user;
- ha_messagex(rq, LOG_NOTICE, "validated ntlm user against server", ntlmssp.user);
+ char *user = strdup((char*)ntlmssp.user);
+
+ rq->resp_detail = user;
+ rq->resp_code = HA_SERVER_OK;
+ ha_messagex(rq, LOG_NOTICE, "validated ntlm user against server: %s", ntlmssp.user);
ha_lock(NULL);
/* We put this connection into the successful connections */
- r = hsh_set(ctx->established, key, strdup((char*)ntlmssp.user));
+ r = hsh_set(ctx->established, key, user);
ha_unlock(NULL);
@@ -745,8 +725,9 @@ int ntlm_process(ha_request_t* rq)
}
}
- /* The authorization header was not found */
- else
+ /* The authorization header was not found, try cache (only for GET) */
+ if(!header && rq->req_args[AUTH_ARG_METHOD] &&
+ strcmp(rq->req_args[AUTH_ARG_METHOD], "GET") == 0)
{
ha_lock(NULL);