From f17d4b1ec09b2bca82b456a56fa96f101c597cae Mon Sep 17 00:00:00 2001
From: "sayrer%gmail.com"
 <sayrer%gmail.com@18797224-902f-48f8-a5cc-f745e15eee43>
Date: Mon, 21 Dec 2009 19:00:49 +0000
Subject: [PATCH] Bug 535193 -  DNS resolution in MakeSN of nsAuthSSPI causing
 issues for proxy servers that support NTLM auth. r=bz, a=dveditz

git-svn-id: svn://10.0.0.236/trunk@259259 18797224-902f-48f8-a5cc-f745e15eee43
---
 mozilla/extensions/auth/nsAuthSSPI.cpp | 21 ++++++++++++++++++---
 1 file changed, 18 insertions(+), 3 deletions(-)

diff --git a/mozilla/extensions/auth/nsAuthSSPI.cpp b/mozilla/extensions/auth/nsAuthSSPI.cpp
index 6a6de9250d0..2fe0a07ed75 100644
--- a/mozilla/extensions/auth/nsAuthSSPI.cpp
+++ b/mozilla/extensions/auth/nsAuthSSPI.cpp
@@ -246,9 +246,24 @@ nsAuthSSPI::Init(const char *serviceName,
     SEC_CHAR *package;
 
     package = (SEC_CHAR *) pTypeName[(int)mPackage];
-    rv = MakeSN(serviceName, mServiceName);
-    if (NS_FAILED(rv))
-        return rv;
+
+    if (mPackage == PACKAGE_TYPE_NTLM) {
+        // (bug 535193) For NTLM, just use the uri host, do not do canonical host lookups.
+        // The incoming serviceName is in the format: "protocol@hostname", SSPI expects
+        // "<service class>/<hostname>", so swap the '@' for a '/'.
+        mServiceName.Assign(serviceName);
+        PRInt32 index = mServiceName.FindChar('@');
+        if (index == kNotFound)
+            return NS_ERROR_UNEXPECTED;
+        mServiceName.Replace(index, 1, '/');
+    }
+    else {
+        // Kerberos requires the canonical host, MakeSN takes care of this through a
+        // DNS lookup.
+        rv = MakeSN(serviceName, mServiceName);
+        if (NS_FAILED(rv))
+            return rv;
+    }
 
     mServiceFlags = serviceFlags;