mirror of
https://github.com/moparisthebest/curl
synced 2024-11-16 14:35:03 -05:00
Don't abort Negotiate auth when the server has a response for us
It's wrong to assume that we can send a single SPNEGO packet which will complete the authentication. It's a *negotiation* — the clue is in the name. So make sure we handle responses from the server. Curl_input_negotiate() will already handle bailing out if it thinks the state is GSS_S_COMPLETE (or SEC_E_OK on Windows) and the server keeps talking to us, so we should avoid endless loops that way.
This commit is contained in:
parent
f78ae415d2
commit
6bc76194e8
@ -775,13 +775,8 @@ CURLcode Curl_http_input_auth(struct connectdata *conn, bool proxy,
|
|||||||
authp->avail |= CURLAUTH_GSSNEGOTIATE;
|
authp->avail |= CURLAUTH_GSSNEGOTIATE;
|
||||||
|
|
||||||
if(authp->picked == CURLAUTH_GSSNEGOTIATE) {
|
if(authp->picked == CURLAUTH_GSSNEGOTIATE) {
|
||||||
if(data->state.negotiate.state == GSS_AUTHSENT) {
|
if(data->state.negotiate.state == GSS_AUTHSENT ||
|
||||||
/* if we sent GSS authentication in the outgoing request and we get
|
data->state.negotiate.state == GSS_AUTHNONE) {
|
||||||
this back, we're in trouble */
|
|
||||||
infof(data, "Authentication problem. Ignoring this.\n");
|
|
||||||
data->state.authproblem = TRUE;
|
|
||||||
}
|
|
||||||
else if(data->state.negotiate.state == GSS_AUTHNONE) {
|
|
||||||
neg = Curl_input_negotiate(conn, proxy, auth);
|
neg = Curl_input_negotiate(conn, proxy, auth);
|
||||||
if(neg == 0) {
|
if(neg == 0) {
|
||||||
DEBUGASSERT(!data->req.newurl);
|
DEBUGASSERT(!data->req.newurl);
|
||||||
|
Loading…
Reference in New Issue
Block a user