diff options
Diffstat (limited to 'external/neon/neon.patch')
| -rw-r--r-- | external/neon/neon.patch | 311 |
1 files changed, 311 insertions, 0 deletions
diff --git a/external/neon/neon.patch b/external/neon/neon.patch new file mode 100644 index 000000000..fe106eaa1 --- /dev/null +++ b/external/neon/neon.patch @@ -0,0 +1,311 @@ +--- src/ne_auth.c 2010-10-14 17:00:53.000000000 +0200 ++++ src/ne_auth.c 2011-02-03 10:31:22.000000000 +0100 +@@ -367,7 +367,7 @@ + static int get_credentials(auth_session *sess, ne_buffer **errmsg, int attempt, + struct auth_challenge *chall, char *pwbuf) + { +- if (chall->handler->creds(chall->handler->userdata, sess->realm, ++ if (chall->handler->creds(chall->handler->userdata, chall->protocol->name, sess->realm, + chall->handler->attempt++, sess->username, pwbuf) == 0) { + return 0; + } else { +@@ -385,15 +385,19 @@ + { + char *tmp, password[NE_ABUFSIZ]; + ++#if 0 /* Workaround - IIS sends challenge without realm. */ ++ + /* Verify challenge... must have a realm */ + if (parms->realm == NULL) { + challenge_error(errmsg, _("missing realm in Basic challenge")); + return -1; + } ++#endif + + clean_session(sess); + +- sess->realm = ne_strdup(parms->realm); ++ if (parms->realm != NULL) ++ sess->realm = ne_strdup(parms->realm); + + if (get_credentials(sess, errmsg, attempt, parms, password)) { + /* Failed to get credentials */ +@@ -610,10 +614,12 @@ + return NULL; + } + +-static int continue_sspi(auth_session *sess, int ntlm, const char *hdr) ++static int continue_sspi(auth_session *sess, int ntlm, const char *hdr, ++ int attempt, struct auth_challenge *parms, ne_buffer **errmsg) + { + int status; + char *response = NULL; ++ char password[NE_ABUFSIZ]; + + NE_DEBUG(NE_DBG_HTTPAUTH, "auth: SSPI challenge.\n"); + +@@ -630,8 +636,17 @@ + return status; + } + } +- +- status = ne_sspi_authenticate(sess->sspi_context, hdr, &response); ++ ++ /* Authentification needs more than one http request. ++ * As long as authentification in progress use the existing credentials. ++ * Otherwise get new credentials.*/ ++ if (!hdr) ++ if (get_credentials(sess, errmsg, attempt, parms, password)) { ++ /* Failed to get credentials */ ++ return -1; ++ } ++ ++ status = ne_sspi_authenticate(sess->sspi_context, hdr, &response, sess->username, password); + if (status) { + return status; + } +@@ -651,7 +666,7 @@ + { + int ntlm = ne_strcasecmp(parms->protocol->name, "NTLM") == 0; + +- return continue_sspi(sess, ntlm, parms->opaque); ++ return continue_sspi(sess, ntlm, parms->opaque, attempt, parms, errmsg); + } + + static int verify_sspi(struct auth_request *req, auth_session *sess, +@@ -674,7 +689,7 @@ + return NE_OK; + } + +- return continue_sspi(sess, ntlm, ptr); ++ return continue_sspi(sess, ntlm, ptr, 0, NULL, NULL); + } + + #endif +--- src/ne_auth.h 2009-09-01 22:13:12.000000000 +0200 ++++ src/ne_auth.h 2011-02-03 10:26:20.000000000 +0100 +@@ -47,8 +47,8 @@ + * Hint: if you just wish to attempt authentication just once (even if + * the user gets the username/password wrong), have the callback + * function use 'attempt' value as the function return value. */ +-typedef int (*ne_auth_creds)(void *userdata, const char *realm, int attempt, +- char *username, char *password); ++typedef int (*ne_auth_creds)(void *userdata, const char * auth_protocol, ++ const char *realm, int attempt, char *username, char *password); + + /* Set callbacks to provide credentials for server and proxy + * authentication, using the default set of authentication protocols. +--- src/ne_locks.c 2007-02-05 11:09:27.000000000 +0100 ++++ src/ne_locks.c 2011-02-03 10:26:21.000000000 +0100 +@@ -579,6 +579,23 @@ + const char *token = ne_get_response_header(ctx->req, "Lock-Token"); + /* at the root element; retrieve the Lock-Token header, + * and bail if it wasn't given. */ ++#ifdef IIS_LOCK_BUG_WORKAROUND ++ /* MS IIS violates RFC 2518/4918. It does not send a Lock-Token response ++ header upon successful creation of a new lock. As a workaround, we ++ will try to pick the lock token from the response body (although ++ this is not 100% safe in case of multiple activelocks). */ ++ if (token == NULL) ++ NE_DEBUG(NE_DBG_LOCKS, ++ "Ignoring missing LOCK response Lock-Token header\n"); ++ ++ if (token != NULL) { ++ if (token[0] == '<') token++; ++ ctx->token = ne_strdup(token); ++ ne_shave(ctx->token, ">"); ++ NE_DEBUG(NE_DBG_LOCKS, "lk_startelm: Finding token %s\n", ++ ctx->token); ++ } ++#else + if (token == NULL) { + ne_xml_set_error(ctx->parser, + _("LOCK response missing Lock-Token header")); +@@ -590,12 +607,28 @@ + ne_shave(ctx->token, ">"); + NE_DEBUG(NE_DBG_LOCKS, "lk_startelm: Finding token %s\n", + ctx->token); ++#endif + } + + /* TODO: only accept 'prop' as root for LOCK response */ + if (!can_accept(parent, id)) + return NE_XML_DECLINE; + ++#ifdef IIS_LOCK_BUG_WORKAROUND ++ if (id == ELM_activelock && ctx->found) { ++ /* Found another activelock... */ ++ const char *token = ne_get_response_header(ctx->req, "Lock-Token"); ++ if (token == NULL) { ++ /* Response contains more than one activelock and no Lock-Token ++ * response header. We are doomed. No safe workaround for IIS ++ * lock bug possible. */ ++ ne_xml_set_error(ctx->parser, ++ _("LOCK response missing Lock-Token header and more than one activelock")); ++ return NE_XML_ABORT; ++ } ++ } ++#endif ++ + if (id == ELM_activelock && !ctx->found) { + /* a new activelock */ + ne_lock_free(&ctx->active); +@@ -621,7 +654,12 @@ + return -1; + + if (state == ELM_activelock) { ++#ifdef IIS_LOCK_BUG_WORKAROUND ++ if (ctx->active.token) { ++ ctx->token = ne_strdup(ctx->active.token); ++#else + if (ctx->active.token && strcmp(ctx->active.token, ctx->token) == 0) { ++#endif + ctx->found = 1; + } + } +--- src/ne_sspi.c 2007-08-10 17:26:08.000000000 +0200 ++++ src/ne_sspi.c 2011-02-03 10:26:21.000000000 +0100 +@@ -206,6 +206,45 @@ + } + + /* ++ * Simplification wrapper arround AcquireCredentialsHandle as most of ++ * the parameters do not change. ++ */ ++static int acquireCredentialsHandleForUsername(CredHandle * credentials, char *package, const char *username, const char *password) ++{ ++ SECURITY_STATUS status; ++ TimeStamp timestamp; ++ ++ const char *domain = ""; ++ ++ int rc, rcISC; ++ SecPkgInfo *secPackInfo; ++ SEC_WINNT_AUTH_IDENTITY *nameAndPwd = NULL; ++ int bytesReceived = 0, bytesSent = 0; ++ ++ nameAndPwd = (SEC_WINNT_AUTH_IDENTITY *) malloc( sizeof(SEC_WINNT_AUTH_IDENTITY) ); ++ memset( nameAndPwd, '\0', sizeof (*nameAndPwd) ); ++ nameAndPwd->Domain = (unsigned char *) _strdup( domain? domain: "" ); ++ nameAndPwd->DomainLength = domain? strlen( domain ): 0; ++ nameAndPwd->User = (unsigned char *) _strdup( username? username: "" ); ++ nameAndPwd->UserLength = username? strlen( username ): 0; ++ nameAndPwd->Password = (unsigned char *) _strdup( password? password: "" ); ++ nameAndPwd->PasswordLength = password? strlen( password ): 0; ++ nameAndPwd->Flags = SEC_WINNT_AUTH_IDENTITY_ANSI; ++ ++ status = pSFT->AcquireCredentialsHandle( NULL, package, SECPKG_CRED_OUTBOUND, ++ NULL, nameAndPwd, NULL, NULL, credentials, ×tamp ); ++ ++ if (status != SEC_E_OK) { ++ NE_DEBUG(NE_DBG_HTTPAUTH, ++ "sspi: AcquireCredentialsHandle [fail] [%x].\n", status); ++ return -1; ++ } ++ ++ return 0; ++} ++ ++ ++/* + * Wrapper arround initializeSecurityContext. Supplies several + * default parameters as well as logging in case of errors. + */ +@@ -483,7 +522,7 @@ + * Processes received authentication tokens as well as supplies the + * response token. + */ +-int ne_sspi_authenticate(void *context, const char *base64Token, char **responseToken) ++int ne_sspi_authenticate(void *context, const char *base64Token, char **responseToken, const char* username, const char* password) + { + SecBufferDesc outBufferDesc; + SecBuffer outBuffer; +@@ -561,13 +600,22 @@ + /* Reset any existing context since we are starting over */ + resetContext(sspiContext); + +- if (acquireCredentialsHandle +- (&sspiContext->credentials, sspiContext->mechanism) != SEC_E_OK) { +- freeBuffer(&outBufferDesc); +- NE_DEBUG(NE_DBG_HTTPAUTH, +- "sspi: acquireCredentialsHandle failed.\n"); +- return -1; +- } ++ if (strlen(username) != 0) { ++ if (acquireCredentialsHandleForUsername ++ (&sspiContext->credentials, sspiContext->mechanism, username, password) != SEC_E_OK) { ++ freeBuffer(&outBufferDesc); ++ NE_DEBUG(NE_DBG_HTTPAUTH, "sspi: acquireCredentialsHandleForUsername failed.\n"); ++ return -1; ++ } ++ } else { ++ if (acquireCredentialsHandle ++ (&sspiContext->credentials, sspiContext->mechanism) != SEC_E_OK) { ++ freeBuffer(&outBufferDesc); ++ NE_DEBUG(NE_DBG_HTTPAUTH, "sspi: acquireCredentialsHandle failed.\n"); ++ return -1; ++ } ++ } ++ + + securityStatus = + initializeSecurityContext(&sspiContext->credentials, NULL, +--- src/ne_sspi.h 2006-02-12 13:05:14.000000000 +0100 ++++ src/ne_sspi.h 2011-02-03 10:26:21.000000000 +0100 +@@ -41,7 +41,7 @@ + int ne_sspi_clear_context(void *context); + + int ne_sspi_authenticate(void *context, const char *base64Token, +- char **responseToken); ++ char **responseToken, const char* username, const char* password); + + #endif /* HAVE_SSPI */ + +--- src/ne_openssl.c ++++ src/ne_openssl.c +@@ -43,6 +43,13 @@ + #endif + #endif + ++#ifdef _WIN32 ++#define X509_NAME WIN32_X509_NAME ++#include <windows.h> ++#include <wincrypt.h> ++#undef X509_NAME ++#endif ++ + #include "ne_ssl.h" + #include "ne_string.h" + #include "ne_session.h" +@@ -798,6 +805,31 @@ + X509_STORE_load_locations(store, NE_SSL_CA_BUNDLE, NULL); + #else + X509_STORE_set_default_paths(store); ++#ifdef _WIN32 ++ { ++ HCERTSTORE hStore; ++ PCCERT_CONTEXT pContext = NULL; ++ X509 *x509; ++ ++ hStore = CertOpenSystemStore(0, "ROOT"); ++ if (hStore) ++ { ++ while (pContext = CertEnumCertificatesInStore(hStore, pContext)) ++ { ++ x509 = d2i_X509(NULL, &pContext->pbCertEncoded, pContext->cbCertEncoded); ++ if (x509) ++ { ++ X509_STORE_add_cert(store, x509); ++ X509_free(x509); ++ } ++ } ++ } ++ ++ CertFreeCertificateContext(pContext); ++ CertCloseStore(hStore, 0); ++ } ++#endif ++ + #endif + } + |