svn commit: lorikeet r74 - in trunk/mod_ntlm_winbind: .
abartlet at samba.org
abartlet at samba.org
Sat Sep 25 03:47:16 GMT 2004
Author: abartlet
Date: 2004-09-25 03:47:16 +0000 (Sat, 25 Sep 2004)
New Revision: 74
WebSVN: http://websvn.samba.org/websvn/changeset.php?rep=lorikeet&path=/trunk/mod_ntlm_winbind&rev=74&nolog=1
Log:
Finally, Negotiate support in mod_ntlm_winbind.
Tested with MSIE on WinXP, but without being joined to the domain, so
it actually did Raw NTLMSSP, but it calls it 'Negotiate' :-)
Andrew Bartlett
Modified:
trunk/mod_ntlm_winbind/mod_ntlm_winbind.c
Changeset:
Modified: trunk/mod_ntlm_winbind/mod_ntlm_winbind.c
===================================================================
--- trunk/mod_ntlm_winbind/mod_ntlm_winbind.c 2004-09-25 02:18:43 UTC (rev 73)
+++ trunk/mod_ntlm_winbind/mod_ntlm_winbind.c 2004-09-25 03:47:16 UTC (rev 74)
@@ -357,7 +357,8 @@
const char *message_type;
char *childarg;
char *newline;
- char argsbuffer[HUGE_STRING_LEN];
+ char args_to_helper[HUGE_STRING_LEN];
+ char args_from_helper[HUGE_STRING_LEN];
int bytes_written;
int bytes_read;
@@ -386,14 +387,14 @@
auth_helper->pool = pool;
auth_helper->helper_pid = 0;
- if (strcmp(auth_type, NEGOTIATE_AUTH_NAME) == 0) {
+ if (strcasecmp(auth_type, NEGOTIATE_AUTH_NAME) == 0) {
ap_register_cleanup(pool, auth_helper, cleanup_negotiate_ntlm_auth_helper,
ap_null_cleanup);
cld.argv0 = crec->negotiate_ntlm_auth_helper;
negotiate_ntlm_auth_helper = auth_helper;
- } else if (strcmp(auth_type, NTLM_AUTH_NAME) == 0) {
+ } else if (strcasecmp(auth_type, NTLM_AUTH_NAME) == 0) {
ap_register_cleanup(pool, auth_helper, cleanup_ntlm_auth_helper,
ap_null_cleanup);
@@ -444,41 +445,41 @@
}
/* Pipe to helper */
- snprintf(argsbuffer, HUGE_STRING_LEN, "%s %s\n", message_type, client_msg);
+ snprintf(args_to_helper, HUGE_STRING_LEN, "%s %s\n", message_type, client_msg);
- bytes_written = ap_bwrite(ntlm_auth_helper->out_to_helper, argsbuffer, strlen(argsbuffer));
- if (bytes_written < strlen(argsbuffer)) {
+ bytes_written = ap_bwrite(auth_helper->out_to_helper, args_to_helper, strlen(args_to_helper));
+ if (bytes_written < strlen(args_to_helper)) {
ap_log_rerror(APLOG_MARK, NTLM_DEBUG, r,
"failed to write NTLMSSP string to helper - wrote %d bytes", bytes_written);
- ap_destroy_pool(ntlm_auth_helper->pool);
+ ap_destroy_pool(auth_helper->pool);
ap_destroy_pool(connected_user_authenticated->pool);
return HTTP_INTERNAL_SERVER_ERROR;
}
- ap_bflush(ntlm_auth_helper->out_to_helper);
+ ap_bflush(auth_helper->out_to_helper);
- bytes_read = ap_bgets(argsbuffer, HUGE_STRING_LEN, ntlm_auth_helper->in_from_helper);
+ bytes_read = ap_bgets(args_from_helper, HUGE_STRING_LEN, auth_helper->in_from_helper);
if (bytes_read == 0) {
- ap_log_rerror(APLOG_MARK, NTLM_DEBUG, r,
+ ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, r,
"early EOF from helper");
- ap_destroy_pool(ntlm_auth_helper->pool);
+ ap_destroy_pool(auth_helper->pool);
ap_destroy_pool(connected_user_authenticated->pool);
return HTTP_INTERNAL_SERVER_ERROR;
} else if (bytes_read == -1) {
- ap_log_rerror(APLOG_MARK, NTLM_DEBUG, r,
+ ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, r,
"helper dies!");
- ap_destroy_pool(ntlm_auth_helper->pool);
+ ap_destroy_pool(auth_helper->pool);
ap_destroy_pool(connected_user_authenticated->pool);
return HTTP_INTERNAL_SERVER_ERROR;
} else if (bytes_read < 2) {
- ap_log_rerror(APLOG_MARK, NTLM_DEBUG, r,
+ ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, r,
"failed to read NTLMSSP string from helper - only got %d bytes", bytes_read);
- ap_destroy_pool(ntlm_auth_helper->pool);
+ ap_destroy_pool(auth_helper->pool);
ap_destroy_pool(connected_user_authenticated->pool);
return HTTP_INTERNAL_SERVER_ERROR;
}
- newline = strchr(argsbuffer, '\n');
+ newline = strchr(args_from_helper, '\n');
if (newline != NULL) {
*newline = '\0';
}
@@ -486,40 +487,40 @@
/* inspect message type */
- childarg = strchr(argsbuffer, ' ');
+ childarg = strchr(args_from_helper, ' ');
if (childarg == NULL) {
- ap_log_rerror(APLOG_MARK, NTLM_DEBUG, r,
+ ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, r,
"failed to parse response from helper");
- ap_destroy_pool(ntlm_auth_helper->pool);
+ ap_destroy_pool(auth_helper->pool);
ap_destroy_pool(connected_user_authenticated->pool);
- return HTTP_UNAUTHORIZED;
+ return HTTP_INTERNAL_SERVER_ERROR;
}
childarg++;
- if (strcmp(auth_type, NTLM_AUTH_NAME)) {
+ if (strcasecmp(auth_type, NTLM_AUTH_NAME) == 0) {
/* if TT, send to client */
- if (strncmp(argsbuffer, "TT ", 3) == 0) {
+ if (strncmp(args_from_helper, "TT ", 3) == 0) {
return send_auth_reply(r, auth_type, childarg);
}
/* if NA, not authenticated */
- if (strncmp(argsbuffer, "NA ", 3) == 0) {
+ if (strncmp(args_from_helper, "NA ", 3) == 0) {
ap_log_rerror(APLOG_MARK, NTLM_DEBUG, r,
"user not authenticated: %s", childarg);
return note_auth_failure(r, NULL);
}
/* if AF, record username */
- if (strncmp(argsbuffer, "AF ", 3) == 0) {
+ if (strncmp(args_from_helper, "AF ", 3) == 0) {
connected_user_authenticated->user = ap_pstrdup(connected_user_authenticated->pool,
childarg);
r->connection->user = connected_user_authenticated->user;
r->connection->ap_auth_type = ap_pstrdup(r->connection->pool, auth_type);
return OK;
}
- } else if (strcmp(auth_type, NEGOTIATE_AUTH_NAME)) {
+ } else if (strcasecmp(auth_type, NEGOTIATE_AUTH_NAME) == 0) {
/* The child's reply contains 3 parts:
- The code: TT, AF or NA
@@ -530,52 +531,54 @@
For NA it's the NT error code
*/
- char *childarg3 = strchr(argsbuffer, ' ');
+ char *childarg3 = strchr(childarg, ' ');
if (childarg3 == NULL) {
- ap_log_rerror(APLOG_MARK, NTLM_DEBUG, r,
+ ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, r,
"failed to parse response from helper");
- ap_destroy_pool(ntlm_auth_helper->pool);
+ ap_destroy_pool(auth_helper->pool);
ap_destroy_pool(connected_user_authenticated->pool);
- return HTTP_UNAUTHORIZED;
+ return HTTP_INTERNAL_SERVER_ERROR;
}
childarg3++;
/* if TT, send to client */
- if (strncmp(argsbuffer, "TT ", 3) == 0) {
+ if (strncmp(args_from_helper, "TT ", 3) == 0) {
return send_auth_reply(r, auth_type, childarg);
}
/* if NA, not authenticated */
- if (strncmp(argsbuffer, "NA ", 3) == 0) {
+ if (strncmp(args_from_helper, "NA ", 3) == 0) {
ap_log_rerror(APLOG_MARK, NTLM_DEBUG, r,
"user not authenticated: %s", childarg3);
return note_auth_failure(r, childarg);
}
/* if AF, record username */
- if (strncmp(argsbuffer, "AF ", 3) == 0) {
+ if (strncmp(args_from_helper, "AF ", 3) == 0) {
connected_user_authenticated->user = ap_pstrdup(connected_user_authenticated->pool,
childarg3);
r->connection->user = connected_user_authenticated->user;
connected_user_authenticated->auth_type = ap_pstrdup(r->connection->pool, auth_type);
r->connection->ap_auth_type = connected_user_authenticated->auth_type;
- /* Send last leg (possible mutual authentication token) */
- ap_table_setn(r->headers_out,
- r->proxyreq ? "Proxy-Authenticate" : "WWW-Authenticate",
- ap_psprintf(r->pool, "%s %s", auth_type, childarg));
-
+ if (!strcmp("*", childarg)) {
+ /* Send last leg (possible mutual authentication token) */
+ ap_table_setn(r->headers_out,
+ r->proxyreq ? "Proxy-Authenticate" : "WWW-Authenticate",
+ ap_psprintf(r->pool, "%s %s", auth_type, childarg));
+ }
return OK;
}
}
/* Helper failed */
- ap_log_rerror(APLOG_MARK, NTLM_DEBUG, r,
- "could not parse NTLM helper callback: %s", argsbuffer);
- ap_destroy_pool(ntlm_auth_helper->pool);
+ ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, r,
+ "could not parse %s helper callback: %s", auth_type, args_from_helper);
+
+ ap_destroy_pool(auth_helper->pool);
ap_destroy_pool(connected_user_authenticated->pool);
return HTTP_INTERNAL_SERVER_ERROR;
}
More information about the samba-cvs
mailing list