Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Don't allow SPNEGO NegTokenArg to start re-authentication. #338

Merged
merged 1 commit into from
Apr 7, 2016
Merged

Don't allow SPNEGO NegTokenArg to start re-authentication. #338

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
5 changes: 5 additions & 0 deletions CHANGELOG.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,3 +1,8 @@
1.8.2 (?/??/16)
================

* [#338](https://github.com/dblock/waffle/pull/338): Don't allow SPNEGO NegTokenArg to start re-authentication process [@AriSuutariST](https://github.com/AriSuutariST).

1.8.1 (2/10/16)
================

Expand Down
8 changes: 4 additions & 4 deletions Source/JNA/waffle-jna/src/main/java/waffle/util/AuthorizationHeader.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -132,16 +132,16 @@ public boolean isNtlmType1Message() {
/**
* Checks if is SP nego message.
*
* @return true, if is SP nego message
* @return true, if is SP nego message that contains NegTokenInit
*/
public boolean isSPNegoMessage() {
public boolean isSPNegTokenInitMessage() {

if (this.isNull()) {
return false;
}

final byte[] tokenBytes = this.getTokenBytes();
return SPNegoMessage.isSPNegoMessage(tokenBytes);
return SPNegoMessage.isNegTokenInit(tokenBytes);
}

/**
Expand All @@ -161,6 +161,6 @@ public boolean isNtlmType1PostAuthorizationHeader() {
return false;
}

return this.isNtlmType1Message() || this.isSPNegoMessage();
return this.isNtlmType1Message() || this.isSPNegTokenInitMessage();
}
}
27 changes: 12 additions & 15 deletions Source/JNA/waffle-jna/src/main/java/waffle/util/SPNegoMessage.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -27,14 +27,15 @@ public final class SPNegoMessage {
// are two token types, NegTokenInit and NegTokenArg.
// For details and specification, see
// http://msdn.microsoft.com/en-us/library/ms995330.aspx

/**
* Checks if is SP nego message.
* Checks if is neg token init.
*
* @param message
* the message
* @return true, if is SP nego message
* @return true, if is neg token init
*/
public static boolean isSPNegoMessage(final byte[] message) {
public static boolean isNegTokenInit(final byte[] message) {

// Message should always contains at least some kind of
// id byte and length. If it is too short, it
Expand All @@ -43,18 +44,6 @@ public static boolean isSPNegoMessage(final byte[] message) {
return false;
}

// Message is SPNEGO message if it is either NegTokenInit or NegTokenArg.
return SPNegoMessage.isNegTokenInit(message) || SPNegoMessage.isNegTokenArg(message);
}

/**
* Checks if is neg token init.
*
* @param message
* the message
* @return true, if is neg token init
*/
public static boolean isNegTokenInit(final byte[] message) {
// First byte should always be 0x60 (Application Constructed Object)
if (message[0] != 0x60) {
return false;
Expand Down Expand Up @@ -93,6 +82,14 @@ public static boolean isNegTokenInit(final byte[] message) {
* @return true, if is neg token arg
*/
public static boolean isNegTokenArg(final byte[] message) {

// Message should always contains at least some kind of
// id byte and length. If it is too short, it
// cannot be a SPNEGO message.
if (message == null || message.length < 2) {
return false;
}

// Check if this is NegTokenArg packet, it's id is 0xa1
if ((message[0] & 0xff) != 0xa1) {
return false;
Expand Down
13 changes: 0 additions & 13 deletions Source/JNA/waffle-jna/src/test/java/waffle/util/SPNegoMessageTests.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -42,19 +42,6 @@ public class SPNegoMessageTests {
/** The Constant badMessage. */
private static final byte[] badMessage = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 };

/**
* Test is sp nego message.
*/
@Test
public void testIsSPNegoMessage() {
Assert.assertFalse(SPNegoMessage.isSPNegoMessage(null));
Assert.assertTrue(SPNegoMessage.isSPNegoMessage(SPNegoMessageTests.negTokenInitOk));
Assert.assertFalse(SPNegoMessage.isSPNegoMessage(SPNegoMessageTests.negTokenInitTooShort));
Assert.assertTrue(SPNegoMessage.isSPNegoMessage(SPNegoMessageTests.negTokenArgOk));
Assert.assertFalse(SPNegoMessage.isSPNegoMessage(SPNegoMessageTests.negTokenArgTooShort));
Assert.assertFalse(SPNegoMessage.isSPNegoMessage(SPNegoMessageTests.badMessage));
}

/**
* Test is neg token init.
*/
Expand Down
9 changes: 5 additions & 4 deletions Source/JNA/waffle-tests/src/test/java/waffle/util/AuthorizationHeaderTests.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -94,16 +94,16 @@ public void testIsNtlmType1PostAuthorizationHeader() {
* Test is sp nego message.
*/
@Test
public void testIsSPNegoMessage() {
public void testIsSPNegTokenInitMessage() {
final SimpleHttpRequest request = new SimpleHttpRequest();
final AuthorizationHeader header = new AuthorizationHeader(request);
Assert.assertFalse(header.isSPNegoMessage());
Assert.assertFalse(header.isSPNegTokenInitMessage());
request.addHeader("Authorization", "");
Assert.assertFalse(header.isSPNegoMessage());
Assert.assertFalse(header.isSPNegTokenInitMessage());
request.addHeader(
"Authorization",
"Negotiate YHYGBisGAQUFAqBsMGqgMDAuBgorBgEEAYI3AgIKBgkqhkiC9xIBAgIGCSqGSIb3EgECAgYKKwYBBAGCNwICHqI2BDROVExNU1NQAAEAAACXsgjiAwADADEAAAAJAAkAKAAAAAYBsR0AAAAPR0xZQ0VSSU5FU0FE");
Assert.assertTrue(header.isSPNegoMessage());
Assert.assertTrue(header.isSPNegTokenInitMessage());
}

/**
Expand Down Expand Up @@ -141,6 +141,7 @@ public void testIsDigestAuthorizationHeaderFailure() {

final BDDSoftAssertions softly = new BDDSoftAssertions();
softly.thenThrownBy(new ThrowingCallable() {

@Override
public void call() throws Exception {
header.getTokenBytes();
Expand Down