Hi
we are trying to use SVNKit to connect to an svn server (svn 1.7) using
NTLM-only authentication. As the users and the servers don't belong to
the same domain, we perpended the domain to the username using '\' as
separator. Nevertheless tcpdump showed, that no domain was transfered to
the server.
I've attached 2 patches that address this error(s):
0001-domain-must-be-determined-from-complete-username.patch
0002-carry-over-the-complete-username.patch
Afterwards the authentication worked with the SVNKit own NTLM
implementation, but switching to Windows native authentication via
-Dsvnkit.http.ntlm=jna still resulted in authentication errors.
Using native auth mechanism without calling auth providers first,
doesn't work at all for us. With this the client transmits the hostname
as username, receiving an authentication error and not trying again with
the provided username and password. I'm not quiet sure if this is the
right way to address this, but it works for our setup:
0003-native-auth-without-auth-provider-doesn-t-work.patch
I hope you could apply patch 0001 and 0002, and have another look at
0003.
Regard
Alexander
--
Dr. Alexander Dreweke, Software Engineer
Method Park Software AG, Wetterkreuz 19a, 91058 Erlangen, Deutschland
Tel.: +49 9131 97 206-443 alexander.drew...@methodpark.de
Fax: +49 9131 97 206-200 www.methodpark.de
Vorstand:
Prof. Dr. Bernd Hindel (Vorsitzender), Dr. Martin Geier, Dr. Erich Meier
Aufsichtsratvorsitzender: Klaus-Magnus Junginger
Sitz der Gesellschaft ist Erlangen
Registergericht Fürth, HRB 8609
>From 47240536c09eb9091e60a584432d99d2276745c6 Mon Sep 17 00:00:00 2001
From: Alexander Dreweke <alexander.drew...@methodpark.de>
Date: Thu, 31 Jan 2013 10:25:35 +0100
Subject: [PATCH 1/3] domain must be determined from complete username
---
.../io/dav/http/HTTPNTLMAuthentication.java | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/svnkit/src/main/java/org/tmatesoft/svn/core/internal/io/dav/http/HTTPNTLMAuthentication.java b/svnkit/src/main/java/org/tmatesoft/svn/core/internal/io/dav/http/HTTPNTLMAuthentication.java
index 9d0f223..08d114c 100644
--- a/svnkit/src/main/java/org/tmatesoft/svn/core/internal/io/dav/http/HTTPNTLMAuthentication.java
+++ b/svnkit/src/main/java/org/tmatesoft/svn/core/internal/io/dav/http/HTTPNTLMAuthentication.java
@@ -756,7 +756,7 @@ class HTTPNTLMAuthentication extends HTTPAuthentication {
}
public String getDomain() {
- String login = getUserName();
+ String login = super.getUserName();
String domain = null;
int slashInd = login != null ? login.indexOf('\\') : -1;
if (slashInd != -1) {
--
1.7.9.5
>From 3badb41456928bb4098f9b1a688c48bf323fefd3 Mon Sep 17 00:00:00 2001
From: Alexander Dreweke <alexander.drew...@methodpark.de>
Date: Thu, 31 Jan 2013 10:36:35 +0100
Subject: [PATCH 2/3] carry over the complete username
HTTPNTLMAuthentication overrides getUserName to only return the username
(stripping away the domain part), therefore we can't use getUserName,
but must directly access the member to get the complete username
---
.../internal/io/dav/http/HTTPAuthentication.java | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/svnkit/src/main/java/org/tmatesoft/svn/core/internal/io/dav/http/HTTPAuthentication.java b/svnkit/src/main/java/org/tmatesoft/svn/core/internal/io/dav/http/HTTPAuthentication.java
index 03f13a2..46025ec 100644
--- a/svnkit/src/main/java/org/tmatesoft/svn/core/internal/io/dav/http/HTTPAuthentication.java
+++ b/svnkit/src/main/java/org/tmatesoft/svn/core/internal/io/dav/http/HTTPAuthentication.java
@@ -259,7 +259,7 @@ abstract class HTTPAuthentication {
}
if (prevResponse != null) {
- auth.setUserName(prevResponse.getUserName());
+ auth.setUserName(prevResponse.myUserName);
auth.setPassword(prevResponse.getPassword());
}
--
1.7.9.5
>From cadfe5f792b9cb42338a0ed6ee472a7b59485b34 Mon Sep 17 00:00:00 2001
From: Alexander Dreweke <alexander.drew...@methodpark.de>
Date: Thu, 31 Jan 2013 11:02:49 +0100
Subject: [PATCH 3/3] native auth without auth provider doesn't work
---
.../core/internal/io/dav/http/HTTPConnection.java | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/svnkit/src/main/java/org/tmatesoft/svn/core/internal/io/dav/http/HTTPConnection.java b/svnkit/src/main/java/org/tmatesoft/svn/core/internal/io/dav/http/HTTPConnection.java
index c6f9d0b..4c87fbc 100644
--- a/svnkit/src/main/java/org/tmatesoft/svn/core/internal/io/dav/http/HTTPConnection.java
+++ b/svnkit/src/main/java/org/tmatesoft/svn/core/internal/io/dav/http/HTTPConnection.java
@@ -641,7 +641,7 @@ class HTTPConnection implements IHTTPConnection {
* and JNA is available, we should try a native auth mechanism first without calling
* auth providers.
*/
- continue;
+ // continue;
}
if (negoAuth != null && !negoAuth.needsLogin()) {
--
1.7.9.5
