From 015d5869d7e3daf81548e4d5d55209adfd4285bf Mon Sep 17 00:00:00 2001 From: Daniel Stenberg Date: Fri, 21 Sep 2007 11:05:31 +0000 Subject: Mark Davies fixed Negotiate authentication over proxy, and also introduced the --proxy-negotiate command line option to allow a user to explicitly select it. --- lib/http.c | 16 ++++++++++++++-- 1 file changed, 14 insertions(+), 2 deletions(-) (limited to 'lib/http.c') diff --git a/lib/http.c b/lib/http.c index 090aad3d2..67b2d3f55 100644 --- a/lib/http.c +++ b/lib/http.c @@ -424,6 +424,18 @@ Curl_http_output_auth(struct connectdata *conn, /* Send proxy authentication header if needed */ if (conn->bits.httpproxy && (conn->bits.tunnel_proxy == proxytunnel)) { +#ifdef HAVE_GSSAPI + if((authproxy->picked == CURLAUTH_GSSNEGOTIATE) && + data->state.negotiate.context && + !GSS_ERROR(data->state.negotiate.status)) { + auth="GSS-Negotiate"; + result = Curl_output_negotiate(conn, TRUE); + if (result) + return result; + authproxy->done = TRUE; + } + else +#endif #ifdef USE_NTLM if(authproxy->picked == CURLAUTH_NTLM) { auth="NTLM"; @@ -486,7 +498,7 @@ Curl_http_output_auth(struct connectdata *conn, data->state.negotiate.context && !GSS_ERROR(data->state.negotiate.status)) { auth="GSS-Negotiate"; - result = Curl_output_negotiate(conn); + result = Curl_output_negotiate(conn, FALSE); if (result) return result; authhost->done = TRUE; @@ -593,7 +605,7 @@ CURLcode Curl_http_input_auth(struct connectdata *conn, authp->avail |= CURLAUTH_GSSNEGOTIATE; if(authp->picked == CURLAUTH_GSSNEGOTIATE) { /* if exactly this is wanted, go */ - int neg = Curl_input_negotiate(conn, start); + int neg = Curl_input_negotiate(conn, (bool)(httpcode == 407), start); if (neg == 0) { data->reqdata.newurl = strdup(data->change.url); data->state.authproblem = (data->reqdata.newurl == NULL); -- cgit v1.2.3