From 41ecc7c08a82accbbd539e2dfd7abb5c496eda03 Mon Sep 17 00:00:00 2001
From: Stef Walter <stef@memberwebs.com>
Date: Fri, 19 May 2006 15:57:35 +0000
Subject:   - Fix problem with NTLM not authenticating POST in IE properly

---
 ChangeLog     |  1 +
 daemon/ntlm.c | 43 ++++++++++++-------------------------------
 2 files changed, 13 insertions(+), 31 deletions(-)

diff --git a/ChangeLog b/ChangeLog
index 9f5bfad..e2f456d 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,5 +1,6 @@
 0.5.1
   - Fix problem with NTLM connection caching
+  - Fix problem with NTLM not authenticating POST in IE properly
   - Better log handling when things are fast and furious
 
 0.5
diff --git a/daemon/ntlm.c b/daemon/ntlm.c
index 53d960d..bb08995 100644
--- a/daemon/ntlm.c
+++ b/daemon/ntlm.c
@@ -358,34 +358,11 @@ int ntlm_auth_ntlm(ha_request_t* rq, ntlm_context_t* ctx, void* key,
             /*
              * If we already have a connection to the domain controller
              * then we're in trouble. Basically this is the second
-             * type 1 message we've received over this connection.
-             *
-             * TODO: Eventually what we want to do here is wait for the
-             * other authentication request to complete, or something
-             * like that.
+             * type 1 message we've received over this connection. We allow
+             * the second message to authenticate.
              */
             if(conn)
-            {
-                /*
-                 * In this case we also add the connection back into the
-                 * pending stack so that the correct request will complete
-                 * properly when it comes through.
-                 */
-                r = putpending(ctx, key, conn);
-                conn = NULL;
-
-                if(r < 0)
-                {
-                    RETURN(HA_CRITERROR);
-                }
-                else
-                {
-                    ha_messagex(rq, LOG_ERR, "received out of order NTLM request from client");
-                    rq->resp_code = HA_SERVER_BADREQ;
-                    RETURN(HA_FALSE);
-                }
-            }
-
+                freeconnection(rq, conn);
 
             /*
              * Check how many connections we have to the domain controller
@@ -508,13 +485,16 @@ int ntlm_auth_ntlm(ha_request_t* rq, ntlm_context_t* ctx, void* key,
             else
             {
                 int r;
-                rq->resp_detail = (const char*)ntlmssp.user;
-                ha_messagex(rq, LOG_NOTICE, "validated ntlm user against server", ntlmssp.user);
+                char *user = strdup((char*)ntlmssp.user);
+
+                rq->resp_detail = user;
+                rq->resp_code = HA_SERVER_OK;
+                ha_messagex(rq, LOG_NOTICE, "validated ntlm user against server: %s", ntlmssp.user);
 
                 ha_lock(NULL);
 
                     /* We put this connection into the successful connections */
-                    r = hsh_set(ctx->established, key, strdup((char*)ntlmssp.user));
+                    r = hsh_set(ctx->established, key, user);
 
                 ha_unlock(NULL);
 
@@ -745,8 +725,9 @@ int ntlm_process(ha_request_t* rq)
         }
     }
 
-    /* The authorization header was not found */
-    else
+    /* The authorization header was not found, try cache (only for GET) */
+    if(!header && rq->req_args[AUTH_ARG_METHOD] &&
+       strcmp(rq->req_args[AUTH_ARG_METHOD], "GET") == 0)
     {
         ha_lock(NULL);
 
-- 
cgit v1.2.3