[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[elpa] master 2dbfb38 19/32: url-http-ntlm: Prevent infinite loops
From: |
Thomas Fitzsimmons |
Subject: |
[elpa] master 2dbfb38 19/32: url-http-ntlm: Prevent infinite loops |
Date: |
Thu, 18 Feb 2016 03:28:26 +0000 |
branch: master
commit 2dbfb3824f361818e377e5b7541d5233063c4992
Author: Thomas Fitzsimmons <address@hidden>
Commit: Thomas Fitzsimmons <address@hidden>
url-http-ntlm: Prevent infinite loops
* url-http-ntlm.el (url-http-ntlm--loop-timer-counter): New
variable.
(url-http-ntlm--detect-loop): New function.
(url-ntlm-auth): Call url-http-ntlm--detect-loop before handling a
request or response.
---
packages/url-http-ntlm/url-http-ntlm.el | 36 +++++++++++++++++++++++++++++++
1 files changed, 36 insertions(+), 0 deletions(-)
diff --git a/packages/url-http-ntlm/url-http-ntlm.el
b/packages/url-http-ntlm/url-http-ntlm.el
index 362f2cc..ce649f8 100644
--- a/packages/url-http-ntlm/url-http-ntlm.el
+++ b/packages/url-http-ntlm/url-http-ntlm.el
@@ -67,8 +67,42 @@ Note that for any server, only one user and password is ever
stored.")
This is used to detect multiple calls.")
(make-variable-buffer-local 'url-http-ntlm--last-args)
+(defvar url-http-ntlm--loop-timer-counter nil
+ "A hash table used to detect NTLM negotiation errors.
+Keys are urls, entries are (START-TIME . COUNTER).")
+
;;; Private functions.
+(defun url-http-ntlm--detect-loop (url)
+ "Detect potential infinite loop when NTLM fails on URL."
+ (when (not url-http-ntlm--loop-timer-counter)
+ (setq url-http-ntlm--loop-timer-counter (make-hash-table :test 'equal)))
+ (let* ((url-string (url-recreate-url url))
+ (last-entry (gethash url-string url-http-ntlm--loop-timer-counter))
+ (start-time (car last-entry))
+ (counter (cdr last-entry)))
+ (if last-entry
+ (progn
+ (if (< (- (float-time) start-time) 10.0)
+ (if (< counter 20)
+ ;; Still within time window, so increment count.
+ (puthash url-string (cons start-time (1+ counter))
+ url-http-ntlm--loop-timer-counter)
+ ;; Error detected, so remove entry and clear.
+ (url-http-ntlm--authorisation url-string :clear)
+ (remhash url-string url-http-ntlm--loop-timer-counter)
+ (error
+ (format (concat "Access rate to %s is too high,"
+ " indicating an NTLM failure;"
+ " to debug, re-run with url-debug set to 1")
+ url-string)))
+ ;; Timeout expired, so reset counter.
+ (puthash url-string (cons (float-time) 0)
+ url-http-ntlm--loop-timer-counter)))
+ ;; New access, so initialize counter to 0.
+ (puthash url-string (cons (float-time) 0)
+ url-http-ntlm--loop-timer-counter))))
+
(defun url-http-ntlm--ensure-keepalive ()
"Report an error if `url-http-attempt-keepalives' is not set."
(cl-assert url-http-attempt-keepalives
@@ -200,6 +234,7 @@ the server's last response. These are used by
(cl-case stage
;; NTLM Type 1 message: the request
(:request
+ (url-http-ntlm--detect-loop user-url)
(cl-destructuring-bind (&optional server user hash)
(url-http-ntlm--authorisation url)
(when server
@@ -207,6 +242,7 @@ the server's last response. These are used by
(ntlm-build-auth-request user server)))))
;; NTLM Type 3 message: the response
(:response
+ (url-http-ntlm--detect-loop user-url)
(let ((challenge (url-http-ntlm--get-challenge)))
(cl-destructuring-bind (server user hash)
(url-http-ntlm--authorisation url)
- [elpa] master cec4982 08/32: url-http-ntlm.el: Update copyright owner and years, (continued)
- [elpa] master cec4982 08/32: url-http-ntlm.el: Update copyright owner and years, Thomas Fitzsimmons, 2016/02/17
- [elpa] master 2d39d5d 09/32: url-http-ntlm.el: Add maintainer header, Thomas Fitzsimmons, 2016/02/17
- [elpa] master 3033c48 10/32: url-http-ntlm.el: Update installation instructions, Thomas Fitzsimmons, 2016/02/17
- [elpa] master 19e93aa 11/32: url-http-ntlm.el: Update author's email address, Thomas Fitzsimmons, 2016/02/17
- [elpa] master 6fb3a70 12/32: url-http-ntlm: Use url-http-ntlm namespace consistently, Thomas Fitzsimmons, 2016/02/17
- [elpa] master 4128f4f 13/32: url-http-ntlm.el (url-ntlm-auth): Move defun near end of file, Thomas Fitzsimmons, 2016/02/17
- [elpa] master 55e7f42 14/32: url-http-ntlm.el (url-http-ntlm-last-args): Group defvar with others, Thomas Fitzsimmons, 2016/02/17
- [elpa] master d251ed3 15/32: url-http-ntlm: Use double dash naming convention for private symbols, Thomas Fitzsimmons, 2016/02/17
- [elpa] master 47e1c41 16/32: url-http-ntlm.el: Add comment headings, Thomas Fitzsimmons, 2016/02/17
- [elpa] master 8ce1ae7 17/32: url-http-ntlm: Port to cl-lib, Thomas Fitzsimmons, 2016/02/17
- [elpa] master 2dbfb38 19/32: url-http-ntlm: Prevent infinite loops,
Thomas Fitzsimmons <=
- [elpa] master 355e756 20/32: url-http-ntlm: Remove limit of one username and password per server, Thomas Fitzsimmons, 2016/02/17
- [elpa] master 0f6ba4d 21/32: url-http-ntlm: Declare url-http-extra-headers special, Thomas Fitzsimmons, 2016/02/17
- [elpa] master eba1c75 18/32: url-http-ntlm: Override url-http-parse-headers redirect handling, Thomas Fitzsimmons, 2016/02/17
- [elpa] master 904d3e6 22/32: url-http-ntlm: Autoload url-ntlm-auth and its registration, Thomas Fitzsimmons, 2016/02/17
- [elpa] master bc582f8 23/32: url-http-ntlm: Add auth-source support, Thomas Fitzsimmons, 2016/02/17
- [elpa] master 8892d9c 24/32: url-http-ntlm.el: Add home page header, Thomas Fitzsimmons, 2016/02/17
- [elpa] master e036b16 25/32: url-http-ntlm: Change spelling of authorization function, Thomas Fitzsimmons, 2016/02/17
- [elpa] master 5b6c59f 26/32: url-http-ntlm.el: Require ntlm 2.0.0, Thomas Fitzsimmons, 2016/02/17
- [elpa] master 35668bf 27/32: url-http-ntlm: Shorten first line of some docstrings, Thomas Fitzsimmons, 2016/02/17
- [elpa] master 8c06bd3 28/32: url-http-ntlm: Add `url-debug' debugging messages, Thomas Fitzsimmons, 2016/02/17