X-Git-Url: http://www.project-moonshot.org/gitweb/?p=moonshot-firefox.git;a=blobdiff_plain;f=nsHttpMoonshot.cpp;h=a09a0cee71b1f4dfa6ba6a4c8027e172861ffe2b;hp=f377fb793e47424ea06ea62bd3446b0e92823441;hb=856fcd5469ff45d0640bcf25a725986c249b4bc2;hpb=c526e7660c6fe87820aed5dfa798a22efd4071be diff --git a/nsHttpMoonshot.cpp b/nsHttpMoonshot.cpp index f377fb7..a09a0ce 100644 --- a/nsHttpMoonshot.cpp +++ b/nsHttpMoonshot.cpp @@ -35,6 +35,7 @@ #define FORCE_PR_LOG 1 #include +#include "nsAutoRef.h" #include "nsCOMPtr.h" #include "nsIHttpChannel.h" #include "nsIServiceManager.h" @@ -69,6 +70,14 @@ #endif #endif +NS_SPECIALIZE_TEMPLATE +class nsAutoRefTraits : public nsPointerRefTraits +{ +public: + static void Release(nsMoonshotSessionState *ptr) { ptr->Release(); } + static void AddRef(nsMoonshotSessionState *ptr) { ptr->AddRef(); } +}; + static gss_OID_desc gss_krb5_mech_oid_desc = {9, (void *)"\x2a\x86\x48\x86\xf7\x12\x01\x02\x02"}; @@ -164,22 +173,10 @@ nsHttpMoonshot::ChallengeReceived(nsIHttpChannel *httpChannel, PRBool *identityInvalid) { nsMoonshotSessionState *session = (nsMoonshotSessionState *) *sessionState; - - // - // Use this opportunity to instantiate the session object - // that gets used later when we generate the credentials. - // - if (!session) { - session = new nsMoonshotSessionState(); - if (!session) - return(NS_ERROR_OUT_OF_MEMORY); - NS_ADDREF(*sessionState = session); - *identityInvalid = PR_TRUE; - LOG(("nsHttpMoonshot::A new session context established\n")); - } else { - LOG(("nsHttpMoonshot::Still using context from previous request\n")); - *identityInvalid = PR_FALSE; - } + if (session==NULL) + session = (nsMoonshotSessionState *) *continuationState; + *identityInvalid = + ((session==NULL) || (session->gss_state == GSS_CTX_EMPTY)) ? PR_TRUE : PR_FALSE; return NS_OK; } @@ -279,9 +276,9 @@ nsHttpMoonshot::GenerateCredentials_1_9_2(nsIHttpChannel *httpChannel, gss_buffer_desc output_token = GSS_C_EMPTY_BUFFER; gss_buffer_t in_token_ptr = GSS_C_NO_BUFFER; gss_name_t server; - nsMoonshotSessionState *session = (nsMoonshotSessionState *) *sessionState; - gss_cred_id_t cred = GSS_C_NO_CREDENTIAL; - + nsCountedRef session(static_cast(*sessionState)); + if (!session) + session = static_cast(*continuationState); nsCOMPtr uri; nsresult rv; @@ -340,6 +337,16 @@ nsHttpMoonshot::GenerateCredentials_1_9_2(nsIHttpChannel *httpChannel, return NS_ERROR_FAILURE; } + // Create session state if none added yet. + if (!session) { + session = new nsMoonshotSessionState(); + if (!session) + return(NS_ERROR_OUT_OF_MEMORY); + LOG(("nsHttpMoonshot::A new session context established\n")); + } else { + LOG(("nsHttpMoonshot::Still using context from previous request\n")); + } + // // If the "Negotiate:" header had some data associated with it, // that data should be used as the input to this call. This may @@ -408,14 +415,21 @@ nsHttpMoonshot::GenerateCredentials_1_9_2(nsIHttpChannel *httpChannel, //} } - /* HACK */ + if (session->gss_cred == GSS_C_NO_CREDENTIAL) { OM_uint32 maj_stat, min_stat; gss_buffer_desc tmp_token; gss_name_t gss_username = GSS_C_NO_NAME; gss_OID_set_desc mechs, *mechsp = GSS_C_NO_OID_SET; + const char *p, *u; + + u = strdup(NS_LossyConvertUTF16toASCII(username).get()); + p = strdup(NS_LossyConvertUTF16toASCII(password).get()); - tmp_token.value = (void *) "steve@local"; + LOG(("Acquiring credentials for user '%s' using password '%s'\n", + u, p)); + + tmp_token.value = (void *) u; tmp_token.length = strlen((const char *)tmp_token.value); maj_stat = gss_import_name(&min_stat, &tmp_token, GSS_C_NT_USER_NAME, @@ -431,21 +445,24 @@ nsHttpMoonshot::GenerateCredentials_1_9_2(nsIHttpChannel *httpChannel, mechs.count = 1; mechsp = &mechs; - tmp_token.value = (void *)"testing"; - tmp_token.length = strlen((const char*)tmp_token.value); + tmp_token.value = (void *) p; + tmp_token.length = strlen(p);//strlen((const char*)tmp_token.value); maj_stat = gss_acquire_cred_with_password(&min_stat, gss_username, &tmp_token, 0, mechsp, GSS_C_INITIATE, - &cred, NULL, NULL); + &session->gss_cred, NULL, NULL); if (GSS_ERROR(maj_stat)) { LogGssError(maj_stat, min_stat, "gss_acquire_cred_with_password()"); session->Reset(); return NS_ERROR_FAILURE; } + + LOG(("Acquired credential for user '%s' using password '%s'\n", + u, p)); } major_status = gss_init_sec_context(&minor_status, - cred, + session->gss_cred, &session->gss_ctx, server, GetOID(), @@ -461,7 +478,7 @@ nsHttpMoonshot::GenerateCredentials_1_9_2(nsIHttpChannel *httpChannel, if (GSS_ERROR(major_status)) { LogGssError(major_status, minor_status, "gss_init_sec_context() failed"); (void) gss_release_name(&minor_status, &server); - gss_release_cred(&minor_status, &cred); +// gss_release_cred(&minor_status, &cred); session->Reset(); if (input_token.length > 0 && input_token.value != NULL) (void) gss_release_buffer(&minor_status, &input_token); @@ -475,6 +492,13 @@ nsHttpMoonshot::GenerateCredentials_1_9_2(nsIHttpChannel *httpChannel, // TEST // session->Reset(); session->gss_state = GSS_CTX_ESTABLISHED; + if (*sessionState != session) + { + NS_ADDREF(*sessionState = session); + // clean up continuation state + if (*continuationState) + NS_RELEASE(*continuationState); + } LOG(("GSS Auth done")); } else if (major_status == GSS_S_CONTINUE_NEEDED) { // @@ -487,6 +511,11 @@ nsHttpMoonshot::GenerateCredentials_1_9_2(nsIHttpChannel *httpChannel, // // TEST session->gss_state = GSS_CTX_IN_PROGRESS; + if (*continuationState != session) + { + // Assert continuationState==NULL + NS_ADDREF(*continuationState = session); + } LOG(("GSS Auth continuing")); } @@ -497,7 +526,7 @@ nsHttpMoonshot::GenerateCredentials_1_9_2(nsIHttpChannel *httpChannel, if (output_token.length == 0) { LOG(("No GSS output token to send, exiting")); (void) gss_release_name(&minor_status, &server); - gss_release_cred(&minor_status, &cred); +// gss_release_cred(&minor_status, &cred); return NS_ERROR_FAILURE; } @@ -512,19 +541,19 @@ nsHttpMoonshot::GenerateCredentials_1_9_2(nsIHttpChannel *httpChannel, if (!encoded_token) { (void) gss_release_buffer(&minor_status, &output_token); (void) gss_release_name(&minor_status, &server); - gss_release_cred(&minor_status, &cred); +// gss_release_cred(&minor_status, &cred); return NS_ERROR_OUT_OF_MEMORY; } LOG(("Sending a token of length %d\n", output_token.length)); // allocate a buffer sizeof("Negotiate" + " " + b64output_token + "\0") - *creds = (char *) malloc (strlen(NEGOTIATE_AUTH) + 1 + strlen(encoded_token) + 1); + *creds = (char *) PR_Malloc (strlen(NEGOTIATE_AUTH) + 1 + strlen(encoded_token) + 1); if (!(*creds)) { PR_Free(encoded_token); (void) gss_release_buffer(&minor_status, &output_token); (void) gss_release_name(&minor_status, &server); - gss_release_cred(&minor_status, &cred); +// gss_release_cred(&minor_status, &cred); return NS_ERROR_OUT_OF_MEMORY; } @@ -533,7 +562,7 @@ nsHttpMoonshot::GenerateCredentials_1_9_2(nsIHttpChannel *httpChannel, (void) gss_release_buffer(&minor_status, &output_token); (void) gss_release_name(&minor_status, &server); - gss_release_cred(&minor_status, &cred); +// gss_release_cred(&minor_status, &cred); LOG(("returning the call"));