From 07ebaf837843124ee670e5b8c218b80b92e06e47 Mon Sep 17 00:00:00 2001 From: Elia Tufarolo Date: Tue, 13 Nov 2018 18:30:56 +0100 Subject: [PATCH] http_negotiate: do not close connection until negotiation is completed Fix HTTP POST using CURLAUTH_NEGOTIATE. Closes #3275 --- lib/http.c | 1 - lib/http_negotiate.c | 8 ++++++++ 2 files changed, 8 insertions(+), 1 deletion(-) diff --git a/lib/http.c b/lib/http.c index 46ac15a6e..afc919b09 100644 --- a/lib/http.c +++ b/lib/http.c @@ -610,7 +610,6 @@ output_auth_headers(struct connectdata *conn, result = Curl_output_negotiate(conn, proxy); if(result) return result; - authstatus->done = TRUE; negdata->state = GSS_AUTHSENT; } else diff --git a/lib/http_negotiate.c b/lib/http_negotiate.c index ddcd65b3b..444265d11 100644 --- a/lib/http_negotiate.c +++ b/lib/http_negotiate.c @@ -49,6 +49,7 @@ CURLcode Curl_input_negotiate(struct connectdata *conn, bool proxy, /* Point to the correct struct with this */ struct negotiatedata *neg_ctx; + struct auth *authp; if(proxy) { userp = conn->http_proxy.user; @@ -57,6 +58,7 @@ CURLcode Curl_input_negotiate(struct connectdata *conn, bool proxy, data->set.str[STRING_PROXY_SERVICE_NAME] : "HTTP"; host = conn->http_proxy.host.name; neg_ctx = &data->state.proxyneg; + authp = &conn->data->state.authproxy; } else { userp = conn->user; @@ -65,6 +67,7 @@ CURLcode Curl_input_negotiate(struct connectdata *conn, bool proxy, data->set.str[STRING_SERVICE_NAME] : "HTTP"; host = conn->host.name; neg_ctx = &data->state.negotiate; + authp = &conn->data->state.authhost; } /* Not set means empty */ @@ -95,6 +98,11 @@ CURLcode Curl_input_negotiate(struct connectdata *conn, bool proxy, if(result) Curl_auth_spnego_cleanup(neg_ctx); + else + /* If the status is different than 0 and we encountered no errors + it means we have to continue. 0 is the OK value for both GSSAPI + (GSS_S_COMPLETE) and SSPI (SEC_E_OK) */ + authp->done = !neg_ctx->status; return result; }