sspi: Only call CompleteAuthToken() when complete is needed

Don't call CompleteAuthToken() after InitializeSecurityContext() has returned SEC_I_CONTINUE_NEEDED as this return code only indicates the function should be called again after receiving a response back from the server. This only affected the Digest and NTLM authentication code.
2024-08-13 17:03:50 -04:00 · 2014-10-26 14:26:39 +00:00 · 2014-10-26 14:26:39 +00:00 · 9c613ade7a
commit 9c613ade7a
parent 382cee0a77
2 changed files with 6 additions and 6 deletions
--- a/lib/curl_ntlm_msgs.c
+++ b/lib/curl_ntlm_msgs.c
@ -497,10 +497,10 @@ CURLcode Curl_ntlm_create_type1_message(const char *userp,
                                               ntlm->context, &type_1_desc,
                                               &attrs, &tsDummy);

-  if(status == SEC_I_COMPLETE_AND_CONTINUE ||
-     status == SEC_I_CONTINUE_NEEDED)
+  if(status == SEC_I_COMPLETE_NEEDED ||
+     status == SEC_I_COMPLETE_AND_CONTINUE)
    s_pSecFn->CompleteAuthToken(ntlm->context, &type_1_desc);
-  else if(status != SEC_E_OK)
+  else if(status != SEC_E_OK && status != SEC_I_CONTINUE_NEEDED)
    return CURLE_RECV_ERROR;

  size = type_1_buf.cbBuffer;
--- a/lib/curl_sasl_sspi.c
+++ b/lib/curl_sasl_sspi.c
@ -232,10 +232,10 @@ CURLcode Curl_sasl_create_digest_md5_message(struct SessionHandle *data,
                                               &chlg_desc, 0, &ctx,
                                               &resp_desc, &attrs, &tsDummy);

-  if(status == SEC_I_COMPLETE_AND_CONTINUE ||
-     status == SEC_I_CONTINUE_NEEDED)
+  if(status == SEC_I_COMPLETE_NEEDED ||
+     status == SEC_I_COMPLETE_AND_CONTINUE)
    s_pSecFn->CompleteAuthToken(&handle, &resp_desc);
-  else if(status != SEC_E_OK) {
+  else if(status != SEC_E_OK && status != SEC_I_CONTINUE_NEEDED) {
    s_pSecFn->FreeCredentialsHandle(&handle);
    Curl_sspi_free_identity(&identity);
    Curl_safefree(spn);