From ec5fde24de5ddd1910730f0cbac5e77820b26eb9 Mon Sep 17 00:00:00 2001
From: Kamil Dudka <kdudka@redhat.com>
Date: Mon, 5 May 2014 14:49:30 +0200
Subject: http: avoid auth failure on a duplicated header

... 'WWW-Authenticate: Negotiate' received from server

Reported by: David Woodhouse
Bug: https://bugzilla.redhat.com/1093348
---
 RELEASE-NOTES | 2 ++
 lib/http.c    | 2 +-
 2 files changed, 3 insertions(+), 1 deletion(-)

diff --git a/RELEASE-NOTES b/RELEASE-NOTES
index f535d525c..1261fe41e 100644
--- a/RELEASE-NOTES
+++ b/RELEASE-NOTES
@@ -64,6 +64,7 @@ This release includes the following bugfixes:
  o curl_multi_cleanup: ignore SIGPIPE better [13]
  o schannel: don't use the connect-timeout during send [14]
  o mprintf: allow %.s with data not being zero terminated
+ o http: auth failure on duplicated 'WWW-Authenticate: Negotiate' header [15]
 
 This release includes the following known bugs:
 
@@ -96,3 +97,4 @@ References to bug reports and discussions on issues:
  [12] = http://curl.haxx.se/mail/lib-2014-04/0161.html
  [13] = http://thread.gmane.org/gmane.comp.version-control.git/238242
  [14] = http://curl.haxx.se/bug/view.cgi?id=1352
+ [15] = https://bugzilla.redhat.com/1093348
diff --git a/lib/http.c b/lib/http.c
index fb4334966..937d241a2 100644
--- a/lib/http.c
+++ b/lib/http.c
@@ -780,7 +780,7 @@ CURLcode Curl_http_input_auth(struct connectdata *conn, bool proxy,
           infof(data, "Authentication problem. Ignoring this.\n");
           data->state.authproblem = TRUE;
         }
-        else {
+        else if(data->state.negotiate.state == GSS_AUTHNONE) {
           neg = Curl_input_negotiate(conn, proxy, auth);
           if(neg == 0) {
             DEBUGASSERT(!data->req.newurl);
-- 
cgit v1.2.3