diff options
author | Michael Stahl <michael.stahl@allotropia.de> | 2022-10-10 15:01:08 +0200 |
---|---|---|
committer | Michael Stahl <michael.stahl@allotropia.de> | 2022-10-10 15:01:08 +0200 |
commit | ecf5156e53878fb19d8921af64a54a8b4e6ddf4c (patch) | |
tree | 4589906c808013276bedfb38a370309c598048d0 | |
parent | aa69f260a0c62581861cba642caa148e200044bc (diff) |
Revert "ucb: webdav-curl: try fallback authentication on 403 error"
cib-6.4-11
This reverts commit cc77bc0e5273c6cf404851624ce5b127cdd839f4.
-rw-r--r-- | ucb/source/ucp/webdav-curl/CurlSession.cxx | 58 |
1 files changed, 20 insertions, 38 deletions
diff --git a/ucb/source/ucp/webdav-curl/CurlSession.cxx b/ucb/source/ucp/webdav-curl/CurlSession.cxx index 5b2479fb1f88..cc0a2368784f 100644 --- a/ucb/source/ucp/webdav-curl/CurlSession.cxx +++ b/ucb/source/ucp/webdav-curl/CurlSession.cxx @@ -1380,38 +1380,29 @@ auto CurlProcessor::ProcessRequest( ProcessHeaders(headers.HeaderFields.back().first)); // X-MSDAVEXT_Error see [MS-WEBDAVE] 2.2.3.1.9 auto const it(headerMap.find("x-msdavext_error")); - if (it == headerMap.end() || !it->second.startsWith("917656;")) - { - break; - } if (cookies.isEmpty() // retry only once - could be expired... - && rSession.m_URI.GetScheme() == "https") // only encrypted + && rSession.m_URI.GetScheme() == "https" // only encrypted + && it != headerMap.end() + && it->second.startsWith("917656;")) { - cookies - = TryImportCookies(rSession.m_xContext, rSession.m_URI.GetHost()); + cookies = TryImportCookies(rSession.m_xContext, rSession.m_URI.GetHost()); if (!cookies.isEmpty()) { - CURLcode rc = curl_easy_setopt(rSession.m_pCurl.get(), - CURLOPT_COOKIEFILE, ""); + CURLcode rc = curl_easy_setopt(rSession.m_pCurl.get(), CURLOPT_COOKIEFILE, ""); assert(rc == CURLE_OK); - rc = curl_easy_setopt(rSession.m_pCurl.get(), CURLOPT_COOKIE, - cookies.getStr()); + rc = curl_easy_setopt(rSession.m_pCurl.get(), CURLOPT_COOKIE, cookies.getStr()); assert(rc == CURLE_OK); (void)rc; isRetry = true; - SAL_INFO("ucb.ucp.webdav.curl", "FedAuth cookie set"); - break; // try cookie once } } - SAL_INFO("ucb.ucp.webdav.curl", "403 fallback authentication hack"); + break; } - [[fallthrough]]; // SP, no cookie, or cookie failed: try NTLM case SC_UNAUTHORIZED: case SC_PROXY_AUTHENTICATION_REQUIRED: { - auto& rnAuthRequests(statusCode != SC_PROXY_AUTHENTICATION_REQUIRED - ? nAuthRequests - : nAuthRequestsProxy); + auto& rnAuthRequests(statusCode == SC_UNAUTHORIZED ? nAuthRequests + : nAuthRequestsProxy); if (rnAuthRequests == 10) { SAL_INFO("ucb.ucp.webdav.curl", "aborting authentication after " @@ -1419,30 +1410,22 @@ auto CurlProcessor::ProcessRequest( } else if (pEnv && pEnv->m_xAuthListener) { - ::std::optional<OUString> const oRealm( - ExtractRealm(headers, statusCode != SC_PROXY_AUTHENTICATION_REQUIRED - ? "WWW-Authenticate" - : "Proxy-Authenticate")); + ::std::optional<OUString> const oRealm(ExtractRealm( + headers, statusCode == SC_UNAUTHORIZED ? "WWW-Authenticate" + : "Proxy-Authenticate")); ::std::optional<Auth>& roAuth( - statusCode != SC_PROXY_AUTHENTICATION_REQUIRED ? oAuth - : oAuthProxy); + statusCode == SC_UNAUTHORIZED ? oAuth : oAuthProxy); OUString userName(roAuth ? roAuth->UserName : OUString()); OUString passWord(roAuth ? roAuth->PassWord : OUString()); long authAvail(0); - auto const rc - = curl_easy_getinfo(rSession.m_pCurl.get(), - statusCode != SC_PROXY_AUTHENTICATION_REQUIRED - ? CURLINFO_HTTPAUTH_AVAIL - : CURLINFO_PROXYAUTH_AVAIL, - &authAvail); + auto const rc = curl_easy_getinfo(rSession.m_pCurl.get(), + statusCode == SC_UNAUTHORIZED + ? CURLINFO_HTTPAUTH_AVAIL + : CURLINFO_PROXYAUTH_AVAIL, + &authAvail); assert(rc == CURLE_OK); (void)rc; - if (statusCode == SC_FORBIDDEN) - { // SharePoint hack: try NTLM auth - assert(authAvail == 0); - authAvail |= CURLAUTH_NTLM | CURLAUTH_NEGOTIATE; - } // only allow SystemCredentials once - the // PasswordContainer may have stored it in the // Config (TrySystemCredentialsFirst or @@ -1461,9 +1444,8 @@ auto CurlProcessor::ProcessRequest( auto const ret = pEnv->m_xAuthListener->authenticate( oRealm ? *oRealm : "", - statusCode != SC_PROXY_AUTHENTICATION_REQUIRED - ? rSession.m_URI.GetHost() - : rSession.m_Proxy.aName, + statusCode == SC_UNAUTHORIZED ? rSession.m_URI.GetHost() + : rSession.m_Proxy.aName, userName, passWord, isSystemCredSupported); if (ret == 0) |