Believed to alleviate the following symptoms:
1) NTLM auth method didn't use credentials collected
from ne_set_server_auth
--- src/ne_auth.c 2005-06-21 03:31:30.000000000 -0700
+++ src1/ne_auth.c 2005-07-22 09:00:37.529316800 -0700
@@ -1,7 +1,7 @@
/*
HTTP Authentication routines
Copyright (C) 1999-2005, Joe Orton
<[EMAIL PROTECTED]>
-
+
This library is free software; you can
redistribute it and/or
modify it under the terms of the GNU Library
General Public
License as published by the Free Software
Foundation; either
@@ -510,12 +510,14 @@
return ne_concat(mechanism, " ",
sess->sspi_token, "\r\n", NULL);
}
+
static int sspi_challenge(auth_session *sess, struct
auth_challenge *parms,
int ntlm)
{
int status;
char *response = NULL;
-
+ char password[NE_ABUFSIZ];
+
NE_DEBUG(NE_DBG_HTTPAUTH, "auth: SSPI
challenge.\n");
if (!sess->sspi_context) {
@@ -524,8 +526,18 @@
if (status) {
return status;
}
- }
-
+ if (!get_credentials(sess, password)) {
+ /* username is DOMAIN\USER, password is password */
+ /* process that into the security context */
+ ne_sspi_alt_creds(sess->sspi_context,
+ sess->username,
+ sess->realm,
+
sess->scheme,password);
+
+ }
+
+ }
+
status = ne_sspi_authenticate(sess->sspi_context,
parms->opaque, &response);
if (status) {
return status;
@@ -941,6 +953,7 @@
static int auth_challenge(auth_session *sess, const
char *value)
{
char *pnt, *key, *val, *hdr, sep;
+
struct auth_challenge *chall = NULL, *challenges
= NULL;
int success;
@@ -970,9 +983,21 @@
#ifdef HAVE_SSPI
else if (strcasecmp(key, "negotiate") ==
0) {
scheme = auth_scheme_sspi_negotiate;
+#if 0
+ if (get_credentials(sess, password)) {
+ /* Failed to get credentials */
+ return -1;
+ }
+#endif
} else if (strcasecmp(key, "ntlm") == 0)
{
scheme = auth_scheme_sspi_ntlm;
- }
+#if 0
+ if (get_credentials(sess, password)) {
+ /* Failed to get credentials */
+ return -1;
+ }
+#endif
+ }
#endif
#endif
else {
_______________________________________________
neon mailing list
[email protected]
http://mailman.webdav.org/mailman/listinfo/neon
