2.5 authentication fixes

From: Robert Collins <robert.collins@dont-contact.us>
Date: Mon, 21 May 2001 08:42:23 +1000

Here's the last few months bugfixes from Francesco and I. Included are
some general code quality fixes and the like, and
* A fix for "cannot access sites that use authentication when NTLM is
enabled"
* A fix for a nasty race when IE sends two requests immediately on a
connection, and the first one contains an NTLM negotiate header. (AFAWCT
IE is broken). A longer term fix is in discussion now.

There are more things in the pipeline, but they aren't as clean yet, and
one in particular breaks the auth abstraction.

Changelog:
    * src/authenticate.c (authenticateValidateUser): Check for user
scheme data.
    Increase the debug level for "validated".
    (authenticateFixHeader): Add a hint for internal responses versus
proxied responses. Use it to prevent erroneous challenges when external
sites request authentication.
    * src/client_side.c (clientRedirectDone): Reference lock any auth
use when creating a new request.
    (clientBuildReplyHeader): Hint to authenticateFixHeader that this is
a proxied response.
    * src/errorpage.c (errorAppendEntry): Hint to authenticateFixHeader
that this is an internal response.
    * src/helper.c (helperStatefulSubmit): Handle broken allocators that
don't clear memory.
    Better descriptive comments.
    Remove an redundant cbdata check.
    * src/protos.h (authenticateFixHeader): New prototype.
    * src/auth/basic/helpers/multi-domain-NTLM/README.txt: Updated email
address.
    * src/auth/basic/helpers/multi-domain-NTLM/smb_auth.pl: Disable
debug mode for default.
    Replace actual machine names with samples.
    * src/auth/ntlm/auth_ntlm.c (authNTLMParse): Disable pipelining if
NTLM is configured to avoid race condition with IE misbehaving.

Rob

Received on Sun May 20 2001 - 16:44:03 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:14:01 MST