Bug 487872 - nsAuthSSPI patch. r=wtc, sr=bz.
authorJim Mathies <jmathies@mozilla.com>
Wed, 04 Nov 2009 16:12:24 -0600
changeset 34544 a6b2decfc62b29eba5dfbfcf7cf3fe8f207728a8
parent 34543 c0d760c5165c9235322fe5d2788448c3710a0d51
child 34545 2fa27d8cd3d20fbad807a7f9fc4a9b2728d8b8f4
push idunknown
push userunknown
push dateunknown
reviewerswtc, bz
bugs487872
milestone1.9.3a1pre
Bug 487872 - nsAuthSSPI patch. r=wtc, sr=bz.
extensions/auth/nsAuthSSPI.cpp
netwerk/protocol/http/src/nsHttpNTLMAuth.cpp
--- a/extensions/auth/nsAuthSSPI.cpp
+++ b/extensions/auth/nsAuthSSPI.cpp
@@ -228,37 +228,35 @@ nsAuthSSPI::Init(const char *serviceName
 {
     LOG(("  nsAuthSSPI::Init\n"));
 
     // we don't expect to be passed any user credentials
     NS_ASSERTION(!domain && !username && !password, "unexpected credentials");
 
     // if we're configured for SPNEGO (Negotiate) or Kerberos, then it's critical 
     // that the caller supply a service name to be used.
-    if (mPackage != PACKAGE_TYPE_NTLM)
-        NS_ENSURE_TRUE(serviceName && *serviceName, NS_ERROR_INVALID_ARG);
+    // For NTLM, the service principal name can no longer be null. (Bug 487872)
+    NS_ENSURE_TRUE(serviceName && *serviceName, NS_ERROR_INVALID_ARG);
 
     nsresult rv;
 
     // XXX lazy initialization like this assumes that we are single threaded
     if (!sspi) {
         rv = InitSSPI();
         if (NS_FAILED(rv))
             return rv;
     }
     SEC_WCHAR *package;
 
     package = (SEC_WCHAR *) pTypeName[(int)mPackage];
-    if (mPackage != PACKAGE_TYPE_NTLM)
-    {
-        rv = MakeSN(serviceName, mServiceName);
-        if (NS_FAILED(rv))
-            return rv;
-        mServiceFlags = serviceFlags;
-    }
+    rv = MakeSN(serviceName, mServiceName);
+    if (NS_FAILED(rv))
+        return rv;
+
+    mServiceFlags = serviceFlags;
 
     SECURITY_STATUS rc;
 
     PSecPkgInfoW pinfo;
     rc = (sspi->QuerySecurityPackageInfoW)(package, &pinfo);
     if (rc != SEC_E_OK) {
         LOG(("%s package not found\n", package));
         return NS_ERROR_UNEXPECTED;
@@ -333,21 +331,17 @@ nsAuthSSPI::GetNextToken(const void *inT
     ob.BufferType = SECBUFFER_TOKEN;
     ob.cbBuffer = mMaxTokenLen;
     ob.pvBuffer = nsMemory::Alloc(ob.cbBuffer);
     if (!ob.pvBuffer)
         return NS_ERROR_OUT_OF_MEMORY;
     memset(ob.pvBuffer, 0, ob.cbBuffer);
 
     NS_ConvertUTF8toUTF16 wSN(mServiceName);
-    SEC_WCHAR *sn;
-    if (mPackage == PACKAGE_TYPE_NTLM)
-        sn = NULL;
-    else
-        sn = (SEC_WCHAR *) wSN.get();
+    SEC_WCHAR *sn = (SEC_WCHAR *) wSN.get();
 
     rc = (sspi->InitializeSecurityContextW)(&mCred,
                                             ctxIn,
                                             sn,
                                             ctxReq,
                                             0,
                                             SECURITY_NATIVE_DREP,
                                             inToken ? &ibd : NULL,
--- a/netwerk/protocol/http/src/nsHttpNTLMAuth.cpp
+++ b/netwerk/protocol/http/src/nsHttpNTLMAuth.cpp
@@ -299,18 +299,29 @@ nsHttpNTLMAuth::GenerateCredentials(nsIH
     nsCOMPtr<nsIAuthModule> module = do_QueryInterface(*continuationState, &rv);
     NS_ENSURE_SUCCESS(rv, rv);
 
     void *inBuf, *outBuf;
     PRUint32 inBufLen, outBufLen;
 
     // initial challenge
     if (PL_strcasecmp(challenge, "NTLM") == 0) {
+        // NTLM service name format is 'HTTP@host' for both http and https
+        nsCOMPtr<nsIURI> uri;
+        rv = httpChannel->GetURI(getter_AddRefs(uri));
+        if (NS_FAILED(rv))
+            return rv;
+        nsCAutoString serviceName, host;
+        rv = uri->GetAsciiHost(host);
+        if (NS_FAILED(rv))
+            return rv;
+        serviceName.AppendLiteral("HTTP@");
+        serviceName.Append(host);
         // initialize auth module
-        rv = module->Init(nsnull, nsIAuthModule::REQ_DEFAULT, domain, user, pass);
+        rv = module->Init(serviceName.get(), nsIAuthModule::REQ_DEFAULT, domain, user, pass);
         if (NS_FAILED(rv))
             return rv;
 
         inBufLen = 0;
         inBuf = nsnull;
     }
     else {
         // decode challenge; skip past "NTLM " to the start of the base64