/* gssweb_get_post_data() -- Gets the token and nonce from the request
* data.
*/
-static int gssweb_get_post_data(request_rec *r, int *nonce, gss_buffer_desc *input_token)
+static int gssweb_get_post_data(request_rec *r, unsigned int *nonce, gss_buffer_desc *input_token)
{
const char *data;
apr_off_t datalen;
}
type = apr_table_get(r->headers_in, "Content-Type");
- if(strcasecmp(type, DEFAULT_ENCTYPE) != 0) {
+ if(strncasecmp(type, DEFAULT_ENCTYPE, strlen(DEFAULT_ENCTYPE)) != 0) {
gss_log(APLOG_MARK, APLOG_ERR, 0, r, "gssweb_get_post_data: Unexpected content type, declining.");
return DECLINED;
}
return OK;
}
+ c_type = apr_table_get(r->headers_in, "Content-Type");
+ c_len = apr_table_get(r->headers_in, "Content-Length");
+ /* clear content-length and MD5 checksum */
+ apr_table_unset(r->headers_out, "Content-Length");
+ apr_table_unset(r->headers_out, "Content-MD5");
+ gss_log(APLOG_MARK, APLOG_DEBUG, 0, r, "gssweb_authenticate_filter: Received Content-Type: %s, Content-Length: %d", c_type, c_len);
+
/* If this is the first call for a response, send opening JSON block */
if (GSS_FILT_NEW == conn_ctx->filter_stat) {
gss_log(APLOG_MARK, APLOG_DEBUG, 0, r, "gssweb_authenticate_filter: First filter call for response");
return HTTP_INTERNAL_SERVER_ERROR;
}
- c_type = apr_table_get(r->headers_in, "Content-Type");
- c_len = apr_table_get(r->headers_in, "Content-Length");
snprintf((char *)data, 1024, "\",\n\"content-type\": \"%s\",\n\"content-length\": \"%s\"\n}\n}", c_type, c_len);
gss_log(APLOG_MARK, APLOG_DEBUG, 0, r, "gssweb_authenticate_filter: Sending (%d bytes) %s", strlen(data), data);
/* Read the token and nonce from the POST */
if (0 != gssweb_get_post_data(r, &nonce, &input_token)) {
- gss_log(APLOG_MARK, APLOG_ERR, 0, r, "gssweb_authenticate_user: Unable to read nonce or input token from GSSWeb input");
- gss_delete_sec_context(&minor_status, &conn_ctx->context, GSS_C_NO_BUFFER);
- conn_ctx->context = GSS_C_NO_CONTEXT;
- conn_ctx->state = GSS_CTX_FAILED;
- if (0 != conn_ctx->output_token.length)
- gss_release_buffer(&minor_status, &(conn_ctx->output_token));
- conn_ctx->output_token.length = 0;
- ret = HTTP_UNAUTHORIZED;
+ /* If we get spurious msg on an established session, say OK again */
+ if (GSS_CTX_ESTABLISHED == conn_ctx->state)
+ ret = OK;
+ /* ...otherwise, if we are in progress, return HTTP_UNAUTHORIZED */
+ if (GSS_CTX_IN_PROGRESS == conn_ctx->state)
+ ret = HTTP_UNAUTHORIZED;
+ /* If this would start a new session, free the context and return DECLINED */
+ else {
+ gss_cleanup_conn_ctx(conn_ctx);
+ ret = DECLINED;
+ }
goto end;
}
gss_log(APLOG_MARK, APLOG_DEBUG, 0, r, "gssweb_authenticate_user: GSSWeb nonce value = %u.", nonce);
"%s", get_gss_error(r, major_status, minor_status,
"gssweb_authenticate_user: Failed to establish authentication"));
conn_ctx->state = GSS_CTX_FAILED;
+ goto end;
}
/* If there was no token returned, clear token from context and exit */
release_output_token = 0;
/* If we aren't done yet, go around again */
- gss_log(APLOG_MARK, APLOG_DEBUG, 0, r, "gssweb_authenticate_user: Accept sec context complete, continue needed");
if (major_status & GSS_S_CONTINUE_NEEDED) {
+ gss_log(APLOG_MARK, APLOG_DEBUG, 0, r, "gssweb_authenticate_user: Accept sec context complete, continue needed");
conn_ctx->state = GSS_CTX_IN_PROGRESS;
ret = HTTP_UNAUTHORIZED;
goto end;