Don't abort Negotiate auth when the server has a response for us

It's wrong to assume that we can send a single SPNEGO packet which will complete the authentication. It's a *negotiation* — the clue is in the name. So make sure we handle responses from the server. Curl_input_negotiate() will already handle bailing out if it thinks the state is GSS_S_COMPLETE (or SEC_E_OK on Windows) and the server keeps talking to us, so we should avoid endless loops that way.
author: David Woodhouse <David.Woodhouse@intel.com> 2014-07-11 10:59:37 +0100
committer: Daniel Stenberg <daniel@haxx.se> 2014-07-16 17:26:08 +0200
commit: 6bc76194e8c56a7a06dc6bd2ba99e112321d49e3 (patch)
tree: 9e6ed59d862d359e10c99e7554217966c39bc313
parent: f78ae415d24b9bd89d6c121c556e411fdb21c6aa (diff)
1 files changed, 2 insertions, 7 deletions
diff --git a/lib/http.c b/lib/http.c
index 91060567e..504bcb62e 100644
--- a/lib/http.c
+++ b/lib/http.c
@@ -775,13 +775,8 @@ CURLcode Curl_http_input_auth(struct connectdata *conn, bool proxy,
       authp->avail |= CURLAUTH_GSSNEGOTIATE;
 
       if(authp->picked == CURLAUTH_GSSNEGOTIATE) {
-        if(data->state.negotiate.state == GSS_AUTHSENT) {
-          /* if we sent GSS authentication in the outgoing request and we get
-             this back, we're in trouble */
-          infof(data, "Authentication problem. Ignoring this.\n");
-          data->state.authproblem = TRUE;
-        }
-        else if(data->state.negotiate.state == GSS_AUTHNONE) {
+        if(data->state.negotiate.state == GSS_AUTHSENT ||
+           data->state.negotiate.state == GSS_AUTHNONE) {
           neg = Curl_input_negotiate(conn, proxy, auth);
           if(neg == 0) {
             DEBUGASSERT(!data->req.newurl);
author	David Woodhouse <David.Woodhouse@intel.com>	2014-07-11 10:59:37 +0100
committer	Daniel Stenberg <daniel@haxx.se>	2014-07-16 17:26:08 +0200
commit	6bc76194e8c56a7a06dc6bd2ba99e112321d49e3 (patch)
tree	9e6ed59d862d359e10c99e7554217966c39bc313
parent	f78ae415d24b9bd89d6c121c556e411fdb21c6aa (diff)