1
0
mirror of https://github.com/moparisthebest/curl synced 2024-12-23 00:28:48 -05:00

http_negotiate_sspi: Fixed endless unauthorized loop in commit 6bc76194e8

If the server rejects our authentication attempt and curl hasn't
called CompleteAuthToken() then the status variable will be
SEC_I_CONTINUE_NEEDED and not SEC_E_OK.

As such the existing detection mechanism for determining whether or not
the authentication process has finished is not sufficient.

However, the WWW-Authenticate: Negotiate header line will not contain
any data when the server has exhausted the negotiation, so we can use
that coupled with the already allocated context pointer.
This commit is contained in:
Steve Holme 2014-08-06 00:12:53 +01:00
parent 524833e155
commit f8af8606a5

View File

@ -117,9 +117,14 @@ int Curl_input_negotiate(struct connectdata *conn, bool proxy,
len = strlen(header); len = strlen(header);
if(!len) { if(!len) {
/* first call in a new negotation, we have to acquire credentials, /* Is this the first call in a new negotiation? */
and allocate memory for the context */ if(neg_ctx->context) {
/* The server rejected our authentication and hasn't suppled any more
negotiation mechanisms */
return -1;
}
/* We have to acquire credentials and allocate memory for the context */
neg_ctx->credentials = malloc(sizeof(CredHandle)); neg_ctx->credentials = malloc(sizeof(CredHandle));
neg_ctx->context = malloc(sizeof(CtxtHandle)); neg_ctx->context = malloc(sizeof(CtxtHandle));