diff options
author | peter <peter@FreeBSD.org> | 2014-02-22 01:19:47 +0000 |
---|---|---|
committer | peter <peter@FreeBSD.org> | 2014-02-22 01:19:47 +0000 |
commit | 82dd8026220ee755d559cd8da9da2de16fc9348d (patch) | |
tree | 4208a813b452bc9bff3278b1d4031fe29b554c02 /contrib/serf/auth | |
parent | ac414654b33e4621cdb49e5b3020a09ad534e289 (diff) | |
download | FreeBSD-src-82dd8026220ee755d559cd8da9da2de16fc9348d.zip FreeBSD-src-82dd8026220ee755d559cd8da9da2de16fc9348d.tar.gz |
Update serf-1.3.0 -> 1.3.4 - fixes multiple issues (see the CHANGES file)
including an SSL issue that turned up in the cluster with svn-1.8.8.
Diffstat (limited to 'contrib/serf/auth')
-rw-r--r-- | contrib/serf/auth/auth.c | 35 | ||||
-rw-r--r-- | contrib/serf/auth/auth.h | 6 | ||||
-rw-r--r-- | contrib/serf/auth/auth_basic.c | 2 | ||||
-rw-r--r-- | contrib/serf/auth/auth_digest.c | 68 | ||||
-rw-r--r-- | contrib/serf/auth/auth_spnego.c | 161 | ||||
-rw-r--r-- | contrib/serf/auth/auth_spnego.h | 17 | ||||
-rw-r--r-- | contrib/serf/auth/auth_spnego_gss.c | 16 | ||||
-rw-r--r-- | contrib/serf/auth/auth_spnego_sspi.c | 7 |
8 files changed, 228 insertions, 84 deletions
diff --git a/contrib/serf/auth/auth.c b/contrib/serf/auth/auth.c index 6b7d395..6ba3ba5 100644 --- a/contrib/serf/auth/auth.c +++ b/contrib/serf/auth/auth.c @@ -23,7 +23,8 @@ #include <apr_lib.h> static apr_status_t -default_auth_response_handler(peer_t peer, +default_auth_response_handler(const serf__authn_scheme_t *scheme, + peer_t peer, int code, serf_connection_t *conn, serf_request_t *request, @@ -151,6 +152,17 @@ static int handle_auth_headers(int code, if (!auth_hdr) continue; + if (code == 401) { + authn_info = serf__get_authn_info_for_server(conn); + } else { + authn_info = &ctx->proxy_authn_info; + } + + if (authn_info->failed_authn_types & scheme->type) { + /* Skip this authn type since we already tried it before. */ + continue; + } + /* Found a matching scheme */ status = APR_SUCCESS; @@ -159,11 +171,6 @@ static int handle_auth_headers(int code, serf__log_skt(AUTH_VERBOSE, __FILE__, conn->skt, "... matched: %s\n", scheme->name); - if (code == 401) { - authn_info = serf__get_authn_info_for_server(conn); - } else { - authn_info = &ctx->proxy_authn_info; - } /* If this is the first time we use this scheme on this context and/or this connection, make sure to initialize the authentication handler first. */ @@ -198,6 +205,12 @@ static int handle_auth_headers(int code, */ serf__log_skt(AUTH_VERBOSE, __FILE__, conn->skt, "%s authentication failed.\n", scheme->name); + + /* Clear per-request auth_baton when switching to next auth scheme. */ + request->auth_baton = NULL; + + /* Remember failed auth types to skip in future. */ + authn_info->failed_authn_types |= scheme->type; } return status; @@ -221,7 +234,7 @@ static int store_header_in_dict(void *baton, char *auth_name, *c; /* We're only interested in xxxx-Authenticate headers. */ - if (strcmp(key, ab->header) != 0) + if (strcasecmp(key, ab->header) != 0) return 0; /* Extract the authentication scheme name. */ @@ -378,16 +391,16 @@ apr_status_t serf__handle_auth_response(int *consumed_response, authn_info = serf__get_authn_info_for_server(conn); if (authn_info->scheme) { validate_resp = authn_info->scheme->validate_response_func; - resp_status = validate_resp(HOST, sl.code, conn, request, response, - pool); + resp_status = validate_resp(authn_info->scheme, HOST, sl.code, + conn, request, response, pool); } /* Validate the response proxy authn headers. */ authn_info = &ctx->proxy_authn_info; if (!resp_status && authn_info->scheme) { validate_resp = authn_info->scheme->validate_response_func; - resp_status = validate_resp(PROXY, sl.code, conn, request, response, - pool); + resp_status = validate_resp(authn_info->scheme, PROXY, sl.code, + conn, request, response, pool); } if (resp_status) { diff --git a/contrib/serf/auth/auth.h b/contrib/serf/auth/auth.h index ea14115..7d04375 100644 --- a/contrib/serf/auth/auth.h +++ b/contrib/serf/auth/auth.h @@ -78,7 +78,8 @@ apr_status_t serf__setup_request_digest_auth(peer_t peer, const char *method, const char *uri, serf_bucket_t *hdrs_bkt); -apr_status_t serf__validate_response_digest_auth(peer_t peer, +apr_status_t serf__validate_response_digest_auth(const serf__authn_scheme_t *scheme, + peer_t peer, int code, serf_connection_t *conn, serf_request_t *request, @@ -108,7 +109,8 @@ apr_status_t serf__setup_request_spnego_auth(peer_t peer, const char *method, const char *uri, serf_bucket_t *hdrs_bkt); -apr_status_t serf__validate_response_spnego_auth(peer_t peer, +apr_status_t serf__validate_response_spnego_auth(const serf__authn_scheme_t *scheme, + peer_t peer, int code, serf_connection_t *conn, serf_request_t *request, diff --git a/contrib/serf/auth/auth_basic.c b/contrib/serf/auth/auth_basic.c index 53b5d95..dcee4a4 100644 --- a/contrib/serf/auth/auth_basic.c +++ b/contrib/serf/auth/auth_basic.c @@ -48,7 +48,7 @@ serf__handle_basic_auth(int code, apr_status_t status; apr_pool_t *cred_pool; char *username, *password, *realm_name; - const char *eq, *realm; + const char *eq, *realm = NULL; /* Can't do Basic authentication if there's no callback to get username & password. */ diff --git a/contrib/serf/auth/auth_digest.c b/contrib/serf/auth/auth_digest.c index 7403386..b2c7dec 100644 --- a/contrib/serf/auth/auth_digest.c +++ b/contrib/serf/auth/auth_digest.c @@ -96,8 +96,9 @@ random_cnonce(apr_pool_t *pool) return hex_encode((unsigned char*)buf, pool); } -static const char * -build_digest_ha1(const char *username, +static apr_status_t +build_digest_ha1(const char **out_ha1, + const char *username, const char *password, const char *realm_name, apr_pool_t *pool) @@ -113,12 +114,17 @@ build_digest_ha1(const char *username, realm_name, password); status = apr_md5(ha1, tmp, strlen(tmp)); + if (status) + return status; + + *out_ha1 = hex_encode(ha1, pool); - return hex_encode(ha1, pool); + return APR_SUCCESS; } -static const char * -build_digest_ha2(const char *uri, +static apr_status_t +build_digest_ha2(const char **out_ha2, + const char *uri, const char *method, const char *qop, apr_pool_t *pool) @@ -134,17 +140,21 @@ build_digest_ha2(const char *uri, method, uri); status = apr_md5(ha2, tmp, strlen(tmp)); + if (status) + return status; + + *out_ha2 = hex_encode(ha2, pool); - return hex_encode(ha2, pool); + return APR_SUCCESS; } else { /* TODO: auth-int isn't supported! */ + return APR_ENOTIMPL; } - - return NULL; } -static const char * -build_auth_header(digest_authn_info_t *digest_info, +static apr_status_t +build_auth_header(const char **out_header, + digest_authn_info_t *digest_info, const char *path, const char *method, apr_pool_t *pool) @@ -156,7 +166,9 @@ build_auth_header(digest_authn_info_t *digest_info, const char *response_hdr_hex; apr_status_t status; - ha2 = build_digest_ha2(path, method, digest_info->qop, pool); + status = build_digest_ha2(&ha2, path, method, digest_info->qop, pool); + if (status) + return status; hdr = apr_psprintf(pool, "Digest realm=\"%s\"," @@ -194,6 +206,9 @@ build_auth_header(digest_authn_info_t *digest_info, } status = apr_md5(response_hdr, response, strlen(response)); + if (status) + return status; + response_hdr_hex = hex_encode(response_hdr, pool); hdr = apr_psprintf(pool, "%s, response=\"%s\"", hdr, response_hdr_hex); @@ -207,7 +222,9 @@ build_auth_header(digest_authn_info_t *digest_info, digest_info->algorithm); } - return hdr; + *out_header = hdr; + + return APR_SUCCESS; } apr_status_t @@ -330,8 +347,8 @@ serf__handle_digest_auth(int code, digest_info->username = apr_pstrdup(digest_info->pool, username); digest_info->digest_nc++; - digest_info->ha1 = build_digest_ha1(username, password, digest_info->realm, - digest_info->pool); + status = build_digest_ha1(&digest_info->ha1, username, password, + digest_info->realm, digest_info->pool); apr_pool_destroy(cred_pool); @@ -339,7 +356,7 @@ serf__handle_digest_auth(int code, likes. */ serf_connection_set_max_outstanding_requests(conn, 0); - return APR_SUCCESS; + return status; } apr_status_t @@ -387,7 +404,7 @@ serf__setup_request_digest_auth(peer_t peer, serf_context_t *ctx = conn->ctx; serf__authn_info_t *authn_info; digest_authn_info_t *digest_info; - apr_status_t status = APR_SUCCESS; + apr_status_t status; if (peer == HOST) { authn_info = serf__get_authn_info_for_server(conn); @@ -421,8 +438,10 @@ serf__setup_request_digest_auth(peer_t peer, /* Build a new Authorization header. */ digest_info->header = (peer == HOST) ? "Authorization" : "Proxy-Authorization"; - value = build_auth_header(digest_info, path, method, - conn->pool); + status = build_auth_header(&value, digest_info, path, method, + conn->pool); + if (status) + return status; serf_bucket_headers_setn(hdrs_bkt, digest_info->header, value); @@ -431,14 +450,15 @@ serf__setup_request_digest_auth(peer_t peer, /* Store the uri of this request on the serf_request_t object, to make it available when validating the Authentication-Info header of the matching response. */ - request->auth_baton = path; + request->auth_baton = (void *)path; } - return status; + return APR_SUCCESS; } apr_status_t -serf__validate_response_digest_auth(peer_t peer, +serf__validate_response_digest_auth(const serf__authn_scheme_t *scheme, + peer_t peer, int code, serf_connection_t *conn, serf_request_t *request, @@ -453,6 +473,7 @@ serf__validate_response_digest_auth(peer_t peer, const char *nc_str = NULL; serf_bucket_t *hdrs; serf_context_t *ctx = conn->ctx; + apr_status_t status; hdrs = serf_bucket_response_get_headers(response); @@ -516,7 +537,10 @@ serf__validate_response_digest_auth(peer_t peer, } digest_info = authn_info->baton; - ha2 = build_digest_ha2(req_uri, "", qop, pool); + status = build_digest_ha2(&ha2, req_uri, "", qop, pool); + if (status) + return status; + tmp = apr_psprintf(pool, "%s:%s:%s:%s:%s:%s", digest_info->ha1, digest_info->nonce, nc_str, digest_info->cnonce, digest_info->qop, ha2); diff --git a/contrib/serf/auth/auth_spnego.c b/contrib/serf/auth/auth_spnego.c index 4d22ec1..c0ad27e 100644 --- a/contrib/serf/auth/auth_spnego.c +++ b/contrib/serf/auth/auth_spnego.c @@ -181,7 +181,8 @@ typedef struct claim to be. The session key can only be used with the HTTP service on the target host. */ static apr_status_t -gss_api_get_credentials(char *token, apr_size_t token_len, +gss_api_get_credentials(serf_connection_t *conn, + char *token, apr_size_t token_len, const char *hostname, const char **buf, apr_size_t *buf_len, gss_authn_info_t *gss_info) @@ -202,6 +203,7 @@ gss_api_get_credentials(char *token, apr_size_t token_len, /* Establish a security context to the server. */ status = serf__spnego_init_sec_context( + conn, gss_info->gss_ctx, KRB_HTTP_SERVICE, hostname, &input_buf, @@ -212,7 +214,11 @@ gss_api_get_credentials(char *token, apr_size_t token_len, switch(status) { case APR_SUCCESS: - gss_info->state = gss_api_auth_completed; + if (output_buf.length == 0) { + gss_info->state = gss_api_auth_completed; + } else { + gss_info->state = gss_api_auth_in_progress; + } break; case APR_EAGAIN: gss_info->state = gss_api_auth_in_progress; @@ -242,6 +248,7 @@ do_auth(peer_t peer, int code, gss_authn_info_t *gss_info, serf_connection_t *conn, + serf_request_t *request, const char *auth_hdr, apr_pool_t *pool) { @@ -306,6 +313,14 @@ do_auth(peer_t peer, break; } + if (request->auth_baton && !token) { + /* We provided token with this request, but server responded with empty + authentication header. This means server rejected our credentials. + XXX: Probably we need separate error code for this case like + SERF_ERROR_AUTHN_CREDS_REJECTED? */ + return SERF_ERROR_AUTHN_FAILED; + } + /* If the server didn't provide us with a token, start with a new initial step in the SPNEGO authentication. */ if (!token) { @@ -314,14 +329,16 @@ do_auth(peer_t peer, } if (peer == HOST) { - status = gss_api_get_credentials(token, token_len, + status = gss_api_get_credentials(conn, + token, token_len, conn->host_info.hostname, &tmp, &tmp_len, gss_info); } else { char *proxy_host; apr_getnameinfo(&proxy_host, conn->ctx->proxy_address, 0); - status = gss_api_get_credentials(token, token_len, proxy_host, + status = gss_api_get_credentials(conn, + token, token_len, proxy_host, &tmp, &tmp_len, gss_info); } @@ -357,24 +374,32 @@ serf__init_spnego_connection(const serf__authn_scheme_t *scheme, serf_connection_t *conn, apr_pool_t *pool) { - gss_authn_info_t *gss_info; - apr_status_t status; - - gss_info = apr_pcalloc(conn->pool, sizeof(*gss_info)); - gss_info->pool = conn->pool; - gss_info->state = gss_api_auth_not_started; - gss_info->pstate = pstate_init; - status = serf__spnego_create_sec_context(&gss_info->gss_ctx, scheme, - gss_info->pool, pool); - - if (status) { - return status; - } + serf_context_t *ctx = conn->ctx; + serf__authn_info_t *authn_info; + gss_authn_info_t *gss_info = NULL; + /* For proxy authentication, reuse the gss context for all connections. + For server authentication, create a new gss context per connection. */ if (code == 401) { - conn->authn_baton = gss_info; + authn_info = &conn->authn_info; } else { - conn->proxy_authn_baton = gss_info; + authn_info = &ctx->proxy_authn_info; + } + gss_info = authn_info->baton; + + if (!gss_info) { + apr_status_t status; + + gss_info = apr_pcalloc(conn->pool, sizeof(*gss_info)); + gss_info->pool = conn->pool; + gss_info->state = gss_api_auth_not_started; + gss_info->pstate = pstate_init; + status = serf__spnego_create_sec_context(&gss_info->gss_ctx, scheme, + gss_info->pool, pool); + if (status) { + return status; + } + authn_info->baton = gss_info; } /* Make serf send the initial requests one by one */ @@ -397,13 +422,15 @@ serf__handle_spnego_auth(int code, apr_pool_t *pool) { serf_connection_t *conn = request->conn; - gss_authn_info_t *gss_info = (code == 401) ? conn->authn_baton : - conn->proxy_authn_baton; + serf_context_t *ctx = conn->ctx; + gss_authn_info_t *gss_info = (code == 401) ? conn->authn_info.baton : + ctx->proxy_authn_info.baton; return do_auth(code == 401 ? HOST : PROXY, code, gss_info, request->conn, + request, auth_hdr, pool); } @@ -418,8 +445,9 @@ serf__setup_request_spnego_auth(peer_t peer, const char *uri, serf_bucket_t *hdrs_bkt) { - gss_authn_info_t *gss_info = (peer == HOST) ? conn->authn_baton : - conn->proxy_authn_baton; + serf_context_t *ctx = conn->ctx; + gss_authn_info_t *gss_info = (peer == HOST) ? conn->authn_info.baton : + ctx->proxy_authn_info.baton; /* If we have an ongoing authentication handshake, the handler of the previous response will have created the authn headers for this request @@ -431,6 +459,10 @@ serf__setup_request_spnego_auth(peer_t peer, serf_bucket_headers_setn(hdrs_bkt, gss_info->header, gss_info->value); + /* Remember that we're using this request for authentication + handshake. */ + request->auth_baton = (void*) TRUE; + /* We should send each token only once. */ gss_info->header = NULL; gss_info->value = NULL; @@ -469,6 +501,7 @@ serf__setup_request_spnego_auth(peer_t peer, code, gss_info, conn, + request, 0l, /* no response authn header */ conn->pool); if (status) @@ -476,6 +509,11 @@ serf__setup_request_spnego_auth(peer_t peer, serf_bucket_headers_setn(hdrs_bkt, gss_info->header, gss_info->value); + + /* Remember that we're using this request for authentication + handshake. */ + request->auth_baton = (void*) TRUE; + /* We should send each token only once. */ gss_info->header = NULL; gss_info->value = NULL; @@ -486,19 +524,70 @@ serf__setup_request_spnego_auth(peer_t peer, return APR_SUCCESS; } +/** + * Baton passed to the get_auth_header callback function. + */ +typedef struct { + const char *hdr_name; + const char *auth_name; + const char *hdr_value; + apr_pool_t *pool; +} get_auth_header_baton_t; + +static int +get_auth_header_cb(void *baton, + const char *key, + const char *header) +{ + get_auth_header_baton_t *b = baton; + + /* We're only interested in xxxx-Authenticate headers. */ + if (strcasecmp(key, b->hdr_name) != 0) + return 0; + + /* Check if header value starts with interesting auth name. */ + if (strncmp(header, b->auth_name, strlen(b->auth_name)) == 0) { + /* Save interesting header value and stop iteration. */ + b->hdr_value = apr_pstrdup(b->pool, header); + return 1; + } + + return 0; +} + +static const char * +get_auth_header(serf_bucket_t *hdrs, + const char *hdr_name, + const char *auth_name, + apr_pool_t *pool) +{ + get_auth_header_baton_t b; + + b.auth_name = hdr_name; + b.hdr_name = auth_name; + b.hdr_value = NULL; + b.pool = pool; + + serf_bucket_headers_do(hdrs, get_auth_header_cb, &b); + + return b.hdr_value; +} + /* Function is called when 2xx responses are received. Normally we don't * have to do anything, except for the first response after the * authentication handshake. This specific response includes authentication * data which should be validated by the client (mutual authentication). */ apr_status_t -serf__validate_response_spnego_auth(peer_t peer, +serf__validate_response_spnego_auth(const serf__authn_scheme_t *scheme, + peer_t peer, int code, serf_connection_t *conn, serf_request_t *request, serf_bucket_t *response, apr_pool_t *pool) { + serf_context_t *ctx = conn->ctx; gss_authn_info_t *gss_info; const char *auth_hdr_name; @@ -511,10 +600,10 @@ serf__validate_response_spnego_auth(peer_t peer, "Validate Negotiate response header.\n"); if (peer == HOST) { - gss_info = conn->authn_baton; + gss_info = conn->authn_info.baton; auth_hdr_name = "WWW-Authenticate"; } else { - gss_info = conn->proxy_authn_baton; + gss_info = ctx->proxy_authn_info.baton; auth_hdr_name = "Proxy-Authenticate"; } @@ -524,11 +613,23 @@ serf__validate_response_spnego_auth(peer_t peer, apr_status_t status; hdrs = serf_bucket_response_get_headers(response); - auth_hdr_val = serf_bucket_headers_get(hdrs, auth_hdr_name); + auth_hdr_val = get_auth_header(hdrs, auth_hdr_name, scheme->name, + pool); + + if (auth_hdr_val) { + status = do_auth(peer, code, gss_info, conn, request, auth_hdr_val, + pool); + if (status) { + return status; + } + } else { + /* No Authenticate headers, nothing to validate: authentication + completed.*/ + gss_info->state = gss_api_auth_completed; - status = do_auth(peer, code, gss_info, conn, auth_hdr_val, pool); - if (status) - return status; + serf__log_skt(AUTH_VERBOSE, __FILE__, conn->skt, + "SPNEGO handshake completed.\n"); + } } if (gss_info->state == gss_api_auth_completed) { diff --git a/contrib/serf/auth/auth_spnego.h b/contrib/serf/auth/auth_spnego.h index 5af3b09..8635629 100644 --- a/contrib/serf/auth/auth_spnego.h +++ b/contrib/serf/auth/auth_spnego.h @@ -88,14 +88,15 @@ serf__spnego_create_sec_context(serf__spnego_context_t **ctx_p, * Other returns values indicates error. */ apr_status_t -serf__spnego_init_sec_context(serf__spnego_context_t *ctx, - const char *service, - const char *hostname, - serf__spnego_buffer_t *input_buf, - serf__spnego_buffer_t *output_buf, - apr_pool_t *result_pool, - apr_pool_t *scratch_pool - ); +serf__spnego_init_sec_context(serf_connection_t *conn, + serf__spnego_context_t *ctx, + const char *service, + const char *hostname, + serf__spnego_buffer_t *input_buf, + serf__spnego_buffer_t *output_buf, + apr_pool_t *result_pool, + apr_pool_t *scratch_pool + ); /* * Reset a previously created security context so we can start with a new one. diff --git a/contrib/serf/auth/auth_spnego_gss.c b/contrib/serf/auth/auth_spnego_gss.c index aa3ebc6..0f33385 100644 --- a/contrib/serf/auth/auth_spnego_gss.c +++ b/contrib/serf/auth/auth_spnego_gss.c @@ -43,7 +43,7 @@ struct serf__spnego_context_t }; static void -log_error(int verbose_flag, const char *filename, +log_error(int verbose_flag, apr_socket_t *skt, serf__spnego_context_t *ctx, OM_uint32 err_maj_stat, OM_uint32 err_min_stat, @@ -70,7 +70,7 @@ log_error(int verbose_flag, const char *filename, &stat_buff); } - serf__log(verbose_flag, filename, + serf__log_skt(verbose_flag, __FILE__, skt, "%s (%x,%d): %s\n", msg, err_maj_stat, err_min_stat, stat_buff.value); } @@ -89,7 +89,7 @@ cleanup_ctx(void *data) gss_maj_stat = gss_delete_sec_context(&gss_min_stat, &ctx->gss_ctx, GSS_C_NO_BUFFER); if(GSS_ERROR(gss_maj_stat)) { - log_error(AUTH_VERBOSE, __FILE__, ctx, + log_error(AUTH_VERBOSE, NULL, ctx, gss_maj_stat, gss_min_stat, "Error cleaning up GSS security context"); return SERF_ERROR_AUTHN_FAILED; @@ -146,7 +146,8 @@ serf__spnego_reset_sec_context(serf__spnego_context_t *ctx) } apr_status_t -serf__spnego_init_sec_context(serf__spnego_context_t *ctx, +serf__spnego_init_sec_context(serf_connection_t *conn, + serf__spnego_context_t *ctx, const char *service, const char *hostname, serf__spnego_buffer_t *input_buf, @@ -166,12 +167,13 @@ serf__spnego_init_sec_context(serf__spnego_context_t *ctx, /* TODO: should be shared between multiple requests. */ bufdesc.value = apr_pstrcat(scratch_pool, service, "@", hostname, NULL); bufdesc.length = strlen(bufdesc.value); - serf__log(AUTH_VERBOSE, __FILE__, "Get principal for %s\n", bufdesc.value); + serf__log_skt(AUTH_VERBOSE, __FILE__, conn->skt, + "Get principal for %s\n", bufdesc.value); gss_maj_stat = gss_import_name (&gss_min_stat, &bufdesc, GSS_C_NT_HOSTBASED_SERVICE, &host_gss_name); if(GSS_ERROR(gss_maj_stat)) { - log_error(AUTH_VERBOSE, __FILE__, ctx, + log_error(AUTH_VERBOSE, conn->skt, ctx, gss_maj_stat, gss_min_stat, "Error converting principal name to GSS internal format "); return SERF_ERROR_AUTHN_FAILED; @@ -214,7 +216,7 @@ serf__spnego_init_sec_context(serf__spnego_context_t *ctx, case GSS_S_CONTINUE_NEEDED: return APR_EAGAIN; default: - log_error(AUTH_VERBOSE, __FILE__, ctx, + log_error(AUTH_VERBOSE, conn->skt, ctx, gss_maj_stat, gss_min_stat, "Error during Kerberos handshake"); return SERF_ERROR_AUTHN_FAILED; diff --git a/contrib/serf/auth/auth_spnego_sspi.c b/contrib/serf/auth/auth_spnego_sspi.c index ef13428..2f75f7a 100644 --- a/contrib/serf/auth/auth_spnego_sspi.c +++ b/contrib/serf/auth/auth_spnego_sspi.c @@ -192,7 +192,8 @@ serf__spnego_reset_sec_context(serf__spnego_context_t *ctx) } apr_status_t -serf__spnego_init_sec_context(serf__spnego_context_t *ctx, +serf__spnego_init_sec_context(serf_connection_t *conn, + serf__spnego_context_t *ctx, const char *service, const char *hostname, serf__spnego_buffer_t *input_buf, @@ -219,8 +220,8 @@ serf__spnego_init_sec_context(serf__spnego_context_t *ctx, ctx->target_name = apr_pstrcat(scratch_pool, service, "/", canonname, NULL); - serf__log(AUTH_VERBOSE, __FILE__, - "Using SPN '%s' for '%s'\n", ctx->target_name, hostname); + serf__log_skt(AUTH_VERBOSE, __FILE__, conn->skt, + "Using SPN '%s' for '%s'\n", ctx->target_name, hostname); } else if (ctx->authn_type == SERF_AUTHN_NTLM) { |