Revert "ucb: webdav-curl: try fallback authentication on 403 error"cib-6.4-11

This reverts commit cc77bc0e5273c6cf404851624ce5b127cdd839f4.
author: Michael Stahl <michael.stahl@allotropia.de> 2022-10-10 15:01:08 +0200
committer: Michael Stahl <michael.stahl@allotropia.de> 2022-10-10 15:01:08 +0200
commit: ecf5156e53878fb19d8921af64a54a8b4e6ddf4c (patch)
tree: 4589906c808013276bedfb38a370309c598048d0
parent: aa69f260a0c62581861cba642caa148e200044bc (diff)
1 files changed, 20 insertions, 38 deletions
diff --git a/ucb/source/ucp/webdav-curl/CurlSession.cxx b/ucb/source/ucp/webdav-curl/CurlSession.cxx
index 5b2479fb1f88..cc0a2368784f 100644
--- a/ucb/source/ucp/webdav-curl/CurlSession.cxx
+++ b/ucb/source/ucp/webdav-curl/CurlSession.cxx
@@ -1380,38 +1380,29 @@ auto CurlProcessor::ProcessRequest(
                             ProcessHeaders(headers.HeaderFields.back().first));
                         // X-MSDAVEXT_Error see [MS-WEBDAVE] 2.2.3.1.9
                         auto const it(headerMap.find("x-msdavext_error"));
-                        if (it == headerMap.end() || !it->second.startsWith("917656;"))
-                        {
-                            break;
-                        }
                         if (cookies.isEmpty() // retry only once - could be expired...
-                            && rSession.m_URI.GetScheme() == "https") // only encrypted
+                            && rSession.m_URI.GetScheme() == "https" // only encrypted
+                            && it != headerMap.end()
+                            && it->second.startsWith("917656;"))
                         {
-                            cookies
-                                = TryImportCookies(rSession.m_xContext, rSession.m_URI.GetHost());
+                            cookies = TryImportCookies(rSession.m_xContext, rSession.m_URI.GetHost());
                             if (!cookies.isEmpty())
                             {
-                                CURLcode rc = curl_easy_setopt(rSession.m_pCurl.get(),
-                                                               CURLOPT_COOKIEFILE, "");
+                                CURLcode rc = curl_easy_setopt(rSession.m_pCurl.get(), CURLOPT_COOKIEFILE, "");
                                 assert(rc == CURLE_OK);
-                                rc = curl_easy_setopt(rSession.m_pCurl.get(), CURLOPT_COOKIE,
-                                                      cookies.getStr());
+                                rc = curl_easy_setopt(rSession.m_pCurl.get(), CURLOPT_COOKIE, cookies.getStr());
                                 assert(rc == CURLE_OK);
                                 (void)rc;
                                 isRetry = true;
-                                SAL_INFO("ucb.ucp.webdav.curl", "FedAuth cookie set");
-                                break; // try cookie once
                             }
                         }
-                        SAL_INFO("ucb.ucp.webdav.curl", "403 fallback authentication hack");
+                        break;
                     }
-                        [[fallthrough]]; // SP, no cookie, or cookie failed: try NTLM
                     case SC_UNAUTHORIZED:
                     case SC_PROXY_AUTHENTICATION_REQUIRED:
                     {
-                        auto& rnAuthRequests(statusCode != SC_PROXY_AUTHENTICATION_REQUIRED
-                                                 ? nAuthRequests
-                                                 : nAuthRequestsProxy);
+                        auto& rnAuthRequests(statusCode == SC_UNAUTHORIZED ? nAuthRequests
+                                                                           : nAuthRequestsProxy);
                         if (rnAuthRequests == 10)
                         {
                             SAL_INFO("ucb.ucp.webdav.curl", "aborting authentication after "
@@ -1419,30 +1410,22 @@ auto CurlProcessor::ProcessRequest(
                         }
                         else if (pEnv && pEnv->m_xAuthListener)
                         {
-                            ::std::optional<OUString> const oRealm(
-                                ExtractRealm(headers, statusCode != SC_PROXY_AUTHENTICATION_REQUIRED
-                                                          ? "WWW-Authenticate"
-                                                          : "Proxy-Authenticate"));
+                            ::std::optional<OUString> const oRealm(ExtractRealm(
+                                headers, statusCode == SC_UNAUTHORIZED ? "WWW-Authenticate"
+                                                                       : "Proxy-Authenticate"));
 
                             ::std::optional<Auth>& roAuth(
-                                statusCode != SC_PROXY_AUTHENTICATION_REQUIRED ? oAuth
-                                                                               : oAuthProxy);
+                                statusCode == SC_UNAUTHORIZED ? oAuth : oAuthProxy);
                             OUString userName(roAuth ? roAuth->UserName : OUString());
                             OUString passWord(roAuth ? roAuth->PassWord : OUString());
                             long authAvail(0);
-                            auto const rc
-                                = curl_easy_getinfo(rSession.m_pCurl.get(),
-                                                    statusCode != SC_PROXY_AUTHENTICATION_REQUIRED
-                                                        ? CURLINFO_HTTPAUTH_AVAIL
-                                                        : CURLINFO_PROXYAUTH_AVAIL,
-                                                    &authAvail);
+                            auto const rc = curl_easy_getinfo(rSession.m_pCurl.get(),
+                                                              statusCode == SC_UNAUTHORIZED
+                                                                  ? CURLINFO_HTTPAUTH_AVAIL
+                                                                  : CURLINFO_PROXYAUTH_AVAIL,
+                                                              &authAvail);
                             assert(rc == CURLE_OK);
                             (void)rc;
-                            if (statusCode == SC_FORBIDDEN)
-                            { // SharePoint hack: try NTLM auth
-                                assert(authAvail == 0);
-                                authAvail |= CURLAUTH_NTLM | CURLAUTH_NEGOTIATE;
-                            }
                             // only allow SystemCredentials once - the
                             // PasswordContainer may have stored it in the
                             // Config (TrySystemCredentialsFirst or
@@ -1461,9 +1444,8 @@ auto CurlProcessor::ProcessRequest(
 
                             auto const ret = pEnv->m_xAuthListener->authenticate(
                                 oRealm ? *oRealm : "",
-                                statusCode != SC_PROXY_AUTHENTICATION_REQUIRED
-                                    ? rSession.m_URI.GetHost()
-                                    : rSession.m_Proxy.aName,
+                                statusCode == SC_UNAUTHORIZED ? rSession.m_URI.GetHost()
+                                                              : rSession.m_Proxy.aName,
                                 userName, passWord, isSystemCredSupported);
 
                             if (ret == 0)
author	Michael Stahl <michael.stahl@allotropia.de>	2022-10-10 15:01:08 +0200
committer	Michael Stahl <michael.stahl@allotropia.de>	2022-10-10 15:01:08 +0200
commit	ecf5156e53878fb19d8921af64a54a8b4e6ddf4c (patch)
tree	4589906c808013276bedfb38a370309c598048d0
parent	aa69f260a0c62581861cba642caa148e200044bc (diff)