Skip to content

G
git2
Commit e761df5c by Edward Thomson
Options

gssapi: dispose after completion for retry 

Disposal pattern; dispose on completion, allowing us to retry
authentication, which may happen on web servers that close
connection-based authenticated sessions (NTLM/SPNEGO) unexpectedly.
parent 89d1fc2a
Showing with 19 additions and 13 deletions
src/transports/auth_negotiate.c
...@@ -75,6 +75,22 @@ static int negotiate_set_challenge( ...@@ -75,6 +75,22 @@ static int negotiate_set_challenge(
return 0; return 0;
} }
static void negotiate_context_dispose(http_auth_negotiate_context *ctx)
{
OM_uint32 status_minor;
if (ctx->gss_context != GSS_C_NO_CONTEXT) {
gss_delete_sec_context(
&status_minor, &ctx->gss_context, GSS_C_NO_BUFFER);
ctx->gss_context = GSS_C_NO_CONTEXT;
}
git_buf_dispose(&ctx->target);
git__free(ctx->challenge);
ctx->challenge = NULL;
}
static int negotiate_next_token( static int negotiate_next_token(
git_buf *buf, git_buf *buf,
git_http_auth_context *c, git_http_auth_context *c,
...@@ -128,9 +144,7 @@ static int negotiate_next_token( ...@@ -128,9 +144,7 @@ static int negotiate_next_token(
input_token.length = input_buf.size; input_token.length = input_buf.size;
input_token_ptr = &input_token; input_token_ptr = &input_token;
} else if (ctx->gss_context != GSS_C_NO_CONTEXT) { } else if (ctx->gss_context != GSS_C_NO_CONTEXT) {
/* If we're given a half-built security context, delete it so auth can continue. */ negotiate_context_dispose(ctx);
gss_delete_sec_context(&status_minor, &ctx->gss_context, GSS_C_NO_BUFFER);
ctx->gss_context = GSS_C_NO_CONTEXT;
} }
mech = &negotiate_oid_spnego; mech = &negotiate_oid_spnego;
...@@ -158,6 +172,7 @@ static int negotiate_next_token( ...@@ -158,6 +172,7 @@ static int negotiate_next_token(
/* This message merely told us auth was complete; we do not respond. */ /* This message merely told us auth was complete; we do not respond. */
if (status_major == GSS_S_COMPLETE) { if (status_major == GSS_S_COMPLETE) {
negotiate_context_dispose(ctx);
ctx->complete = 1; ctx->complete = 1;
goto done; goto done;
} }
...@@ -193,17 +208,8 @@ static int negotiate_is_complete(git_http_auth_context *c) ...@@ -193,17 +208,8 @@ static int negotiate_is_complete(git_http_auth_context *c)
static void negotiate_context_free(git_http_auth_context *c) static void negotiate_context_free(git_http_auth_context *c)
{ {
http_auth_negotiate_context *ctx = (http_auth_negotiate_context *)c; http_auth_negotiate_context *ctx = (http_auth_negotiate_context *)c;
OM_uint32 status_minor;
if (ctx->gss_context != GSS_C_NO_CONTEXT) { negotiate_context_dispose(ctx);
gss_delete_sec_context(
&status_minor, &ctx->gss_context, GSS_C_NO_BUFFER);
ctx->gss_context = GSS_C_NO_CONTEXT;
}
git_buf_dispose(&ctx->target);
git__free(ctx->challenge);
ctx->configured = 0; ctx->configured = 0;
ctx->complete = 0; ctx->complete = 0;
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment