From 6c6035532383e300c712e4c1cd9fdd749ed5cf59 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Dominik=20H=C3=B6lzl?= Date: Mon, 10 Sep 2018 09:18:01 +0200 Subject: Negotiate: fix for HTTP POST with Negotiate * Adjusted unit tests 2056, 2057 * do not generally close connections with CURLAUTH_NEGOTIATE after every request * moved negotiatedata from UrlState to connectdata * Added stream rewind logic for CURLAUTH_NEGOTIATE * introduced negotiatedata::GSS_AUTHDONE and negotiatedata::GSS_AUTHSUCC * Consider authproblem state for CURLAUTH_NEGOTIATE * Consider reuse_forbid for CURLAUTH_NEGOTIATE * moved and adjusted negotiate authentication state handling from output_auth_headers into Curl_output_negotiate * Curl_output_negotiate: ensure auth done is always set * Curl_output_negotiate: Set auth done also if result code is GSS_S_CONTINUE_NEEDED/SEC_I_CONTINUE_NEEDED as this result code may also indicate the last challenge request (only works with disabled Expect: 100-continue and CURLOPT_KEEP_SENDING_ON_ERROR -> 1) * Consider "Persistent-Auth" header, detect if not present; Reset/Cleanup negotiate after authentication if no persistent authentication * apply changes introduced with #2546 for negotiate rewind logic Fixes #1261 Closes #1975 --- lib/urldata.h | 18 ++++++++++++------ 1 file changed, 12 insertions(+), 6 deletions(-) (limited to 'lib/urldata.h') diff --git a/lib/urldata.h b/lib/urldata.h index e5596b87f..24187a4c4 100644 --- a/lib/urldata.h +++ b/lib/urldata.h @@ -358,7 +358,9 @@ struct ntlmdata { struct negotiatedata { /* When doing Negotiate (SPNEGO) auth, we first need to send a token and then validate the received one. */ - enum { GSS_AUTHNONE, GSS_AUTHRECV, GSS_AUTHSENT } state; + enum { + GSS_AUTHNONE, GSS_AUTHRECV, GSS_AUTHSENT, GSS_AUTHDONE, GSS_AUTHSUCC + } state; #ifdef HAVE_GSSAPI OM_uint32 status; gss_ctx_id_t context; @@ -380,6 +382,10 @@ struct negotiatedata { size_t output_token_length; #endif #endif + bool noauthpersist; + bool havenoauthpersist; + bool havenegdata; + bool havemultiplerequests; }; #endif @@ -977,6 +983,11 @@ struct connectdata { #endif #endif +#ifdef USE_SPNEGO + struct negotiatedata negotiate; /* state data for host Negotiate auth */ + struct negotiatedata proxyneg; /* state data for proxy Negotiate auth */ +#endif + /* data used for the asynch name resolve callback */ struct Curl_async async; @@ -1274,11 +1285,6 @@ struct UrlState { struct digestdata digest; /* state data for host Digest auth */ struct digestdata proxydigest; /* state data for proxy Digest auth */ -#ifdef USE_SPNEGO - struct negotiatedata negotiate; /* state data for host Negotiate auth */ - struct negotiatedata proxyneg; /* state data for proxy Negotiate auth */ -#endif - struct auth authhost; /* auth details for host */ struct auth authproxy; /* auth details for proxy */ -- cgit v1.2.3