| commit | 11c4b5cad4c5b23769e5553bd7c29b174788bb02 | |
| author | Stefan Becker <chemobejk@gmail.com> | |
| Fri, 15 Nov 2013 13:22:39 +0000 (15 15:22 +0200) | ||
| committer | Stefan Becker <chemobejk@gmail.com> | |
| Fri, 15 Nov 2013 13:22:39 +0000 (15 15:22 +0200) | ||
| tree | b3e18893350376b86cb8ea2d6e49c2b20d3f9dd8 | treesnapshot (tar.gz zip) |
| parent | 5e32b7136ecd8feca26c5d73479439db22310d64 | commitdiff |
http: fix endless loop when handshake is rejected
In a mixed Kerberos/NTLM setup with SSO disabled but a valid TGT, a
wrong password caused an endless loop. When the final handshake was
rejected the context was already marked "ready" from our side. When in
the next round a NULL token was passed down, then sip-sec-gssapi.c
drops the ready context and restarts the authentication handshake
instead of returning a failure.
We now set a flag on the HTTP request so that a failed final handshake
is recognized and the request is aborted correctly.
In a mixed Kerberos/NTLM setup with SSO disabled but a valid TGT, a
wrong password caused an endless loop. When the final handshake was
rejected the context was already marked "ready" from our side. When in
the next round a NULL token was passed down, then sip-sec-gssapi.c
drops the ready context and restarts the authentication handshake
instead of returning a failure.
We now set a flag on the HTTP request so that a failed final handshake
is recognized and the request is aborted correctly.
| src/core/sipe-http-request.c | diffblobblamehistory |