diff options
| author | David Woodhouse <David.Woodhouse@intel.com> | 2014-07-11 10:59:37 +0100 |
|---|---|---|
| committer | Daniel Stenberg <daniel@haxx.se> | 2014-07-16 17:26:08 +0200 |
| commit | 6bc76194e8c56a7a06dc6bd2ba99e112321d49e3 (patch) | |
| tree | 9e6ed59d862d359e10c99e7554217966c39bc313 /lib | |
| parent | f78ae415d24b9bd89d6c121c556e411fdb21c6aa (diff) | |
Don't abort Negotiate auth when the server has a response for us
It's wrong to assume that we can send a single SPNEGO packet which will
complete the authentication. It's a *negotiation* — the clue is in the
name. So make sure we handle responses from the server.
Curl_input_negotiate() will already handle bailing out if it thinks the
state is GSS_S_COMPLETE (or SEC_E_OK on Windows) and the server keeps
talking to us, so we should avoid endless loops that way.
Diffstat (limited to 'lib')
| -rw-r--r-- | lib/http.c | 9 |
1 files changed, 2 insertions, 7 deletions
diff --git a/lib/http.c b/lib/http.c index 91060567e..504bcb62e 100644 --- a/lib/http.c +++ b/lib/http.c @@ -775,13 +775,8 @@ CURLcode Curl_http_input_auth(struct connectdata *conn, bool proxy, authp->avail |= CURLAUTH_GSSNEGOTIATE; if(authp->picked == CURLAUTH_GSSNEGOTIATE) { - if(data->state.negotiate.state == GSS_AUTHSENT) { - /* if we sent GSS authentication in the outgoing request and we get - this back, we're in trouble */ - infof(data, "Authentication problem. Ignoring this.\n"); - data->state.authproblem = TRUE; - } - else if(data->state.negotiate.state == GSS_AUTHNONE) { + if(data->state.negotiate.state == GSS_AUTHSENT || + data->state.negotiate.state == GSS_AUTHNONE) { neg = Curl_input_negotiate(conn, proxy, auth); if(neg == 0) { DEBUGASSERT(!data->req.newurl); |