From 6ab5ec5b4af1dd1363eaebd2e55ea727727fa680 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=C3=98ystein=20Heskestad?= Date: Tue, 31 Jan 2023 13:25:13 +0100 Subject: Fix not emitting proxyAuthenticationRequired signal for NTLM MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit During NTLM http proxy authentication QHttpSocketEngine did not emit the proxyAuthenticationRequired signal during handling of HTTP 407 responses. As a consequence, the proxy server was spammed with connection requests that never worked. Fixes: QTBUG-109718 Pick-to: 6.5 Change-Id: Icf0ccf58e3f2690d210652713155a303026ed3b1 Reviewed-by: MÃ¥rten Nordheim (cherry picked from commit c73ee7353a22005890839afebb920a3c242b1f57) Reviewed-by: Qt Cherry-pick Bot --- src/network/socket/qhttpsocketengine.cpp | 36 +++++++++++++++++++++----------- 1 file changed, 24 insertions(+), 12 deletions(-) (limited to 'src/network/socket/qhttpsocketengine.cpp') diff --git a/src/network/socket/qhttpsocketengine.cpp b/src/network/socket/qhttpsocketengine.cpp index 6f93685d2a7..ba24460066b 100644 --- a/src/network/socket/qhttpsocketengine.cpp +++ b/src/network/socket/qhttpsocketengine.cpp @@ -556,15 +556,6 @@ void QHttpSocketEngine::slotSocketReadNotification() d->authenticator.detach(); priv = QAuthenticatorPrivate::getPrivate(d->authenticator); - if (d->credentialsSent && priv->phase != QAuthenticatorPrivate::Phase2) { - // Remember that (e.g.) NTLM is two-phase, so only reset when the authentication is not currently in progress. - //407 response again means the provided username/password were invalid. - d->authenticator = QAuthenticator(); //this is needed otherwise parseHttpResponse won't set the state, and then signal isn't emitted. - d->authenticator.detach(); - priv = QAuthenticatorPrivate::getPrivate(d->authenticator); - priv->hasFailed = true; - } - priv->parseHttpResponse(d->reply->header(), true, d->proxy.hostName()); if (priv->phase == QAuthenticatorPrivate::Invalid) { @@ -576,6 +567,29 @@ void QHttpSocketEngine::slotSocketReadNotification() return; } + if (priv->phase == QAuthenticatorPrivate::Done + || (priv->phase == QAuthenticatorPrivate::Start + && (priv->method == QAuthenticatorPrivate::Ntlm + || priv->method == QAuthenticatorPrivate::Negotiate))) { + if (priv->phase == QAuthenticatorPrivate::Start) + priv->phase = QAuthenticatorPrivate::Phase1; + bool credentialsWasSent = d->credentialsSent; + if (d->credentialsSent) { + // Remember that (e.g.) NTLM is two-phase, so only reset when the authentication is + // not currently in progress. 407 response again means the provided + // username/password were invalid. + d->authenticator.detach(); + priv = QAuthenticatorPrivate::getPrivate(d->authenticator); + priv->hasFailed = true; + d->credentialsSent = false; + priv->phase = QAuthenticatorPrivate::Done; + } + if ((priv->method != QAuthenticatorPrivate::Ntlm + && priv->method != QAuthenticatorPrivate::Negotiate) + || credentialsWasSent) + proxyAuthenticationRequired(d->proxy, &d->authenticator); + } + bool willClose; QByteArray proxyConnectionHeader = d->reply->headerField("Proxy-Connection"); // Although most proxies use the unofficial Proxy-Connection header, the Connection header @@ -603,10 +617,8 @@ void QHttpSocketEngine::slotSocketReadNotification() d->reply = new QHttpNetworkReply(QUrl(), this); } - if (priv->phase == QAuthenticatorPrivate::Done) - proxyAuthenticationRequired(d->proxy, &d->authenticator); - // priv->phase will get reset to QAuthenticatorPrivate::Start if the authenticator got modified in the signal above. if (priv->phase == QAuthenticatorPrivate::Done) { + d->authenticator = QAuthenticator(); setError(QAbstractSocket::ProxyAuthenticationRequiredError, tr("Authentication required")); d->socket->disconnectFromHost(); } else { -- cgit v1.2.3