#define FORCE_PR_LOG 1
#include <stdlib.h>
+#include "nsAutoRef.h"
#include "nsCOMPtr.h"
#include "nsIHttpChannel.h"
#include "nsIServiceManager.h"
#endif
#endif
+NS_SPECIALIZE_TEMPLATE
+class nsAutoRefTraits<nsMoonshotSessionState> : public nsPointerRefTraits<nsMoonshotSessionState>
+{
+public:
+ static void Release(nsMoonshotSessionState *ptr) { ptr->Release(); }
+ static void AddRef(nsMoonshotSessionState *ptr) { ptr->AddRef(); }
+};
+
static gss_OID_desc gss_krb5_mech_oid_desc =
{9, (void *)"\x2a\x86\x48\x86\xf7\x12\x01\x02\x02"};
PRBool *identityInvalid)
{
nsMoonshotSessionState *session = (nsMoonshotSessionState *) *sessionState;
-
- //
- // Use this opportunity to instantiate the session object
- // that gets used later when we generate the credentials.
- //
- if (!session) {
- session = new nsMoonshotSessionState();
- if (!session)
- return(NS_ERROR_OUT_OF_MEMORY);
- NS_ADDREF(*sessionState = session);
- *identityInvalid = PR_TRUE;
- LOG(("nsHttpMoonshot::A new session context established\n"));
- } else {
- LOG(("nsHttpMoonshot::Still using context from previous request\n"));
- *identityInvalid = PR_FALSE;
- }
+ if (session==NULL)
+ session = (nsMoonshotSessionState *) *continuationState;
+ *identityInvalid =
+ ((session==NULL) || (session->gss_state == GSS_CTX_EMPTY)) ? PR_TRUE : PR_FALSE;
return NS_OK;
}
gss_buffer_desc output_token = GSS_C_EMPTY_BUFFER;
gss_buffer_t in_token_ptr = GSS_C_NO_BUFFER;
gss_name_t server;
- nsMoonshotSessionState *session = (nsMoonshotSessionState *) *sessionState;
- gss_cred_id_t cred = GSS_C_NO_CREDENTIAL;
-
+ nsCountedRef<nsMoonshotSessionState> session(static_cast<nsMoonshotSessionState *>(*sessionState));
+ if (!session)
+ session = static_cast<nsMoonshotSessionState *>(*continuationState);
nsCOMPtr<nsIURI> uri;
nsresult rv;
return NS_ERROR_FAILURE;
}
+ // Create session state if none added yet.
+ if (!session) {
+ session = new nsMoonshotSessionState();
+ if (!session)
+ return(NS_ERROR_OUT_OF_MEMORY);
+ LOG(("nsHttpMoonshot::A new session context established\n"));
+ } else {
+ LOG(("nsHttpMoonshot::Still using context from previous request\n"));
+ }
+
//
// If the "Negotiate:" header had some data associated with it,
// that data should be used as the input to this call. This may
//}
}
- /* HACK */
+ if (session->gss_cred == GSS_C_NO_CREDENTIAL)
{
OM_uint32 maj_stat, min_stat;
gss_buffer_desc tmp_token;
gss_name_t gss_username = GSS_C_NO_NAME;
gss_OID_set_desc mechs, *mechsp = GSS_C_NO_OID_SET;
+ const char *p, *u;
+
+ u = strdup(NS_LossyConvertUTF16toASCII(username).get());
+ p = strdup(NS_LossyConvertUTF16toASCII(password).get());
- tmp_token.value = (void *) "steve@local";
+ LOG(("Acquiring credentials for user '%s' using password '%s'\n",
+ u, p));
+
+ tmp_token.value = (void *) u;
tmp_token.length = strlen((const char *)tmp_token.value);
maj_stat = gss_import_name(&min_stat, &tmp_token,
GSS_C_NT_USER_NAME,
mechs.count = 1;
mechsp = &mechs;
- tmp_token.value = (void *)"testing";
- tmp_token.length = strlen((const char*)tmp_token.value);
+ tmp_token.value = (void *) p;
+ tmp_token.length = strlen(p);//strlen((const char*)tmp_token.value);
maj_stat = gss_acquire_cred_with_password(&min_stat,
gss_username, &tmp_token, 0,
mechsp, GSS_C_INITIATE,
- &cred, NULL, NULL);
+ &session->gss_cred, NULL, NULL);
if (GSS_ERROR(maj_stat)) {
LogGssError(maj_stat, min_stat, "gss_acquire_cred_with_password()");
session->Reset();
return NS_ERROR_FAILURE;
}
+
+ LOG(("Acquired credential for user '%s' using password '%s'\n",
+ u, p));
}
major_status = gss_init_sec_context(&minor_status,
- cred,
+ session->gss_cred,
&session->gss_ctx,
server,
GetOID(),
if (GSS_ERROR(major_status)) {
LogGssError(major_status, minor_status, "gss_init_sec_context() failed");
(void) gss_release_name(&minor_status, &server);
- gss_release_cred(&minor_status, &cred);
+// gss_release_cred(&minor_status, &cred);
session->Reset();
if (input_token.length > 0 && input_token.value != NULL)
(void) gss_release_buffer(&minor_status, &input_token);
// TEST
// session->Reset();
session->gss_state = GSS_CTX_ESTABLISHED;
+ if (*sessionState != session)
+ {
+ NS_ADDREF(*sessionState = session);
+ // clean up continuation state
+ if (*continuationState)
+ NS_RELEASE(*continuationState);
+ }
LOG(("GSS Auth done"));
} else if (major_status == GSS_S_CONTINUE_NEEDED) {
//
//
// TEST
session->gss_state = GSS_CTX_IN_PROGRESS;
+ if (*continuationState != session)
+ {
+ // Assert continuationState==NULL
+ NS_ADDREF(*continuationState = session);
+ }
LOG(("GSS Auth continuing"));
}
if (output_token.length == 0) {
LOG(("No GSS output token to send, exiting"));
(void) gss_release_name(&minor_status, &server);
- gss_release_cred(&minor_status, &cred);
+// gss_release_cred(&minor_status, &cred);
return NS_ERROR_FAILURE;
}
if (!encoded_token) {
(void) gss_release_buffer(&minor_status, &output_token);
(void) gss_release_name(&minor_status, &server);
- gss_release_cred(&minor_status, &cred);
+// gss_release_cred(&minor_status, &cred);
return NS_ERROR_OUT_OF_MEMORY;
}
LOG(("Sending a token of length %d\n", output_token.length));
// allocate a buffer sizeof("Negotiate" + " " + b64output_token + "\0")
- *creds = (char *) malloc (strlen(NEGOTIATE_AUTH) + 1 + strlen(encoded_token) + 1);
+ *creds = (char *) PR_Malloc (strlen(NEGOTIATE_AUTH) + 1 + strlen(encoded_token) + 1);
if (!(*creds)) {
PR_Free(encoded_token);
(void) gss_release_buffer(&minor_status, &output_token);
(void) gss_release_name(&minor_status, &server);
- gss_release_cred(&minor_status, &cred);
+// gss_release_cred(&minor_status, &cred);
return NS_ERROR_OUT_OF_MEMORY;
}
(void) gss_release_buffer(&minor_status, &output_token);
(void) gss_release_name(&minor_status, &server);
- gss_release_cred(&minor_status, &cred);
+// gss_release_cred(&minor_status, &cred);
LOG(("returning the call"));