mozconfig option "--disable-negotiateauth" causes link problem with functions in nsIAuthModule and nsHttpNegotiateAuth after bug 1502774
Categories
(Core :: Networking, defect, P5)
Tracking
()
People
(Reporter: aceman, Assigned: u677686)
References
Details
(Whiteboard: [necko-triaged])
Attachments
(2 files)
5.86 KB,
patch
|
Details | Diff | Splinter Review | |
48 bytes,
text/x-phabricator-request
|
Details | Review |
Comment 2•7 years ago
|
||
Updated•7 years ago
|
Comment 4•7 years ago
|
||
Comment 6•7 years ago
|
||
Comment 7•7 years ago
|
||
Comment 9•7 years ago
|
||
Updated•7 years ago
|
Comment 10•7 years ago
|
||
Updated•7 years ago
|
Updated•7 years ago
|
![]() |
Assignee | |
Comment 11•4 years ago
|
||
I have the same problem with firefox 84.0.2 (building from source).
It seems that aside from the missing macro, /extensions/auth
is always included in a couple of places:
https://searchfox.org/mozilla-central/source/netwerk/build/moz.build#24
https://searchfox.org/mozilla-central/source/netwerk/protocol/http/moz.build#176
Note: nsIAuthModule::CreateInstance is also used by NTLM: https://searchfox.org/mozilla-central/source/netwerk/protocol/http/nsHttpNTLMAuth.cpp#191,201,227
the auth module is returning the appropriate NTLM module: https://searchfox.org/mozilla-central/source/extensions/auth/nsIAuthModule.cpp#31,34,47
It looks like sys-ntlm/nsAuthSSPI is part of extensions/auth while the internal implementation is using https://searchfox.org/mozilla-central/source/security/manager/ssl/nsNTLMAuthModule.h#12 (even though it's flagged as less secure: https://searchfox.org/mozilla-central/source/netwerk/protocol/http/nsHttpNTLMAuth.cpp#224).
I've added a patch based on this (with NTLM disabled) but I'd like some input on what to do with NTLM.
![]() |
Assignee | |
Comment 12•4 years ago
|
||
Comment 13•4 years ago
|
||
Kershaw, can you help here or do you know who can?
Comment 14•4 years ago
|
||
(In reply to Horst from comment #11)
I have the same problem with firefox 84.0.2 (building from source).
It seems that aside from the missing macro,
/extensions/auth
is always included in a couple of places:https://searchfox.org/mozilla-central/source/netwerk/build/moz.build#24
https://searchfox.org/mozilla-central/source/netwerk/protocol/http/moz.build#176Note: nsIAuthModule::CreateInstance is also used by NTLM: https://searchfox.org/mozilla-central/source/netwerk/protocol/http/nsHttpNTLMAuth.cpp#191,201,227
the auth module is returning the appropriate NTLM module: https://searchfox.org/mozilla-central/source/extensions/auth/nsIAuthModule.cpp#31,34,47
It looks like sys-ntlm/nsAuthSSPI is part of extensions/auth while the internal implementation is using https://searchfox.org/mozilla-central/source/security/manager/ssl/nsNTLMAuthModule.h#12 (even though it's flagged as less secure: https://searchfox.org/mozilla-central/source/netwerk/protocol/http/nsHttpNTLMAuth.cpp#224).I've added a patch based on this (with NTLM disabled) but I'd like some input on what to do with NTLM.
I guess we can only disable NTLM if --disable-negotiateauth
is defined. Returning null in nsHttpNTLMAuth::GetOrCreate() would be better.
![]() |
Assignee | |
Comment 15•4 years ago
|
||
Updated•4 years ago
|
Comment 16•4 years ago
|
||
I was looking for possibly unused configure option, and stumbled upon this one being busted. It's been busted for 3 years, this bug has been opened for 3 years, and has had a reviewed patch ready to land for 9 months. Do we want to fix this, or should we just remove the option?
Comment 17•4 years ago
|
||
I think we can just land the patch. I do not know if anyone would use the config option.
I do not have a strong opinion about this one.
Comment 18•4 years ago
|
||
Comment 19•4 years ago
|
||
bugherder |
Updated•4 years ago
|
Description
•