diff options
-rw-r--r-- | ChangeLog | 1 | ||||
-rw-r--r-- | daemon/ntlm.c | 43 |
2 files changed, 13 insertions, 31 deletions
@@ -1,5 +1,6 @@ 0.5.1 - Fix problem with NTLM connection caching + - Fix problem with NTLM not authenticating POST in IE properly - Better log handling when things are fast and furious 0.5 diff --git a/daemon/ntlm.c b/daemon/ntlm.c index 53d960d..bb08995 100644 --- a/daemon/ntlm.c +++ b/daemon/ntlm.c @@ -358,34 +358,11 @@ int ntlm_auth_ntlm(ha_request_t* rq, ntlm_context_t* ctx, void* key, /* * If we already have a connection to the domain controller * then we're in trouble. Basically this is the second - * type 1 message we've received over this connection. - * - * TODO: Eventually what we want to do here is wait for the - * other authentication request to complete, or something - * like that. + * type 1 message we've received over this connection. We allow + * the second message to authenticate. */ if(conn) - { - /* - * In this case we also add the connection back into the - * pending stack so that the correct request will complete - * properly when it comes through. - */ - r = putpending(ctx, key, conn); - conn = NULL; - - if(r < 0) - { - RETURN(HA_CRITERROR); - } - else - { - ha_messagex(rq, LOG_ERR, "received out of order NTLM request from client"); - rq->resp_code = HA_SERVER_BADREQ; - RETURN(HA_FALSE); - } - } - + freeconnection(rq, conn); /* * Check how many connections we have to the domain controller @@ -508,13 +485,16 @@ int ntlm_auth_ntlm(ha_request_t* rq, ntlm_context_t* ctx, void* key, else { int r; - rq->resp_detail = (const char*)ntlmssp.user; - ha_messagex(rq, LOG_NOTICE, "validated ntlm user against server", ntlmssp.user); + char *user = strdup((char*)ntlmssp.user); + + rq->resp_detail = user; + rq->resp_code = HA_SERVER_OK; + ha_messagex(rq, LOG_NOTICE, "validated ntlm user against server: %s", ntlmssp.user); ha_lock(NULL); /* We put this connection into the successful connections */ - r = hsh_set(ctx->established, key, strdup((char*)ntlmssp.user)); + r = hsh_set(ctx->established, key, user); ha_unlock(NULL); @@ -745,8 +725,9 @@ int ntlm_process(ha_request_t* rq) } } - /* The authorization header was not found */ - else + /* The authorization header was not found, try cache (only for GET) */ + if(!header && rq->req_args[AUTH_ARG_METHOD] && + strcmp(rq->req_args[AUTH_ARG_METHOD], "GET") == 0) { ha_lock(NULL); |