diff options
| author | Øystein Heskestad <[email protected]> | 2023-01-31 13:25:13 +0100 |
|---|---|---|
| committer | Mårten Nordheim <[email protected]> | 2023-10-02 07:13:45 +0000 |
| commit | c73ee7353a22005890839afebb920a3c242b1f57 (patch) | |
| tree | 2416641a93888e83b70f2d932574356560ac5bb3 /src/network/socket/qhttpsocketengine.cpp | |
| parent | ccda3362464bfaff999b739aa81925c7b51075a9 (diff) | |
Fix not emitting proxyAuthenticationRequired signal for NTLM
During NTLM http proxy authentication QHttpSocketEngine did
not emit the proxyAuthenticationRequired signal during
handling of HTTP 407 responses. As a consequence, the proxy
server was spammed with connection requests that never
worked.
Fixes: QTBUG-109718
Pick-to: 6.6 6.5
Change-Id: Icf0ccf58e3f2690d210652713155a303026ed3b1
Reviewed-by: Mårten Nordheim <[email protected]>
Diffstat (limited to 'src/network/socket/qhttpsocketengine.cpp')
| -rw-r--r-- | src/network/socket/qhttpsocketengine.cpp | 36 |
1 files changed, 24 insertions, 12 deletions
diff --git a/src/network/socket/qhttpsocketengine.cpp b/src/network/socket/qhttpsocketengine.cpp index 6f93685d2a7..ba24460066b 100644 --- a/src/network/socket/qhttpsocketengine.cpp +++ b/src/network/socket/qhttpsocketengine.cpp @@ -556,15 +556,6 @@ void QHttpSocketEngine::slotSocketReadNotification() d->authenticator.detach(); priv = QAuthenticatorPrivate::getPrivate(d->authenticator); - if (d->credentialsSent && priv->phase != QAuthenticatorPrivate::Phase2) { - // Remember that (e.g.) NTLM is two-phase, so only reset when the authentication is not currently in progress. - //407 response again means the provided username/password were invalid. - d->authenticator = QAuthenticator(); //this is needed otherwise parseHttpResponse won't set the state, and then signal isn't emitted. - d->authenticator.detach(); - priv = QAuthenticatorPrivate::getPrivate(d->authenticator); - priv->hasFailed = true; - } - priv->parseHttpResponse(d->reply->header(), true, d->proxy.hostName()); if (priv->phase == QAuthenticatorPrivate::Invalid) { @@ -576,6 +567,29 @@ void QHttpSocketEngine::slotSocketReadNotification() return; } + if (priv->phase == QAuthenticatorPrivate::Done + || (priv->phase == QAuthenticatorPrivate::Start + && (priv->method == QAuthenticatorPrivate::Ntlm + || priv->method == QAuthenticatorPrivate::Negotiate))) { + if (priv->phase == QAuthenticatorPrivate::Start) + priv->phase = QAuthenticatorPrivate::Phase1; + bool credentialsWasSent = d->credentialsSent; + if (d->credentialsSent) { + // Remember that (e.g.) NTLM is two-phase, so only reset when the authentication is + // not currently in progress. 407 response again means the provided + // username/password were invalid. + d->authenticator.detach(); + priv = QAuthenticatorPrivate::getPrivate(d->authenticator); + priv->hasFailed = true; + d->credentialsSent = false; + priv->phase = QAuthenticatorPrivate::Done; + } + if ((priv->method != QAuthenticatorPrivate::Ntlm + && priv->method != QAuthenticatorPrivate::Negotiate) + || credentialsWasSent) + proxyAuthenticationRequired(d->proxy, &d->authenticator); + } + bool willClose; QByteArray proxyConnectionHeader = d->reply->headerField("Proxy-Connection"); // Although most proxies use the unofficial Proxy-Connection header, the Connection header @@ -603,10 +617,8 @@ void QHttpSocketEngine::slotSocketReadNotification() d->reply = new QHttpNetworkReply(QUrl(), this); } - if (priv->phase == QAuthenticatorPrivate::Done) - proxyAuthenticationRequired(d->proxy, &d->authenticator); - // priv->phase will get reset to QAuthenticatorPrivate::Start if the authenticator got modified in the signal above. if (priv->phase == QAuthenticatorPrivate::Done) { + d->authenticator = QAuthenticator(); setError(QAbstractSocket::ProxyAuthenticationRequiredError, tr("Authentication required")); d->socket->disconnectFromHost(); } else { |