From 2ff30d067c19aea79cd82e0a45e313cf3bb07285 Mon Sep 17 00:00:00 2001
From: Daniel Stenberg <daniel@haxx.se>
Date: Thu, 22 Apr 2004 20:07:41 +0000
Subject: - David Byron found and fixed a small bug with the --fail and
 authentication   stuff added a few weeks ago.  Turns out that if you specify
 --proxy-ntlm and   communicate with a proxy that requires basic
 authentication, the proxy   properly returns a 407, but the failure detection
 code doesn't realize it   should give up, so curl returns with exit code 0.
 Test case 162 verifies   this.

---
 lib/http.c     | 37 +++++++++++++++++++++++++++++++------
 lib/transfer.c |  1 +
 lib/urldata.h  |  1 +
 3 files changed, 33 insertions(+), 6 deletions(-)

(limited to 'lib')

diff --git a/lib/http.c b/lib/http.c
index b2f919f67..0922b9eda 100644
--- a/lib/http.c
+++ b/lib/http.c
@@ -396,8 +396,13 @@ CURLcode Curl_http_auth(struct connectdata *conn,
     if(data->state.authwant == CURLAUTH_GSSNEGOTIATE) {
       /* if exactly this is wanted, go */
       int neg = Curl_input_negotiate(conn, start);
-      if (neg == 0)
+      if (neg == 0) {
         conn->newurl = strdup(data->change.url);
+        data->state.authproblem = (conn->newurl == NULL);
+      else {
+        infof(data, "Authentication problem. Ignoring this.\n");
+        data->state.authproblem = TRUE;
+      }
     }
     else
       if(data->state.authwant & CURLAUTH_GSSNEGOTIATE)
@@ -414,10 +419,14 @@ CURLcode Curl_http_auth(struct connectdata *conn,
         CURLntlm ntlm =
           Curl_input_ntlm(conn, (bool)(httpcode == 407), start);
                   
-        if(CURLNTLM_BAD != ntlm)
+        if(CURLNTLM_BAD != ntlm) {
           conn->newurl = strdup(data->change.url); /* clone string */
-        else
+          data->state.authproblem = (conn->newurl == NULL);
+        }
+        else {
           infof(data, "Authentication problem. Ignoring this.\n");
+          data->state.authproblem = TRUE;
+        }
       }
       else
         if(data->state.authwant & CURLAUTH_NTLM)
@@ -431,12 +440,16 @@ CURLcode Curl_http_auth(struct connectdata *conn,
           /* Digest authentication is activated */
           CURLdigest dig = Curl_input_digest(conn, start);
           
-          if(CURLDIGEST_FINE == dig)
+          if(CURLDIGEST_FINE == dig) {
             /* We act on it. Store our new url, which happens to be
                the same one we already use! */
             conn->newurl = strdup(data->change.url); /* clone string */
-          else
+            data->state.authproblem = (conn->newurl == NULL);
+          }
+          else {
             infof(data, "Authentication problem. Ignoring this.\n");
+            data->state.authproblem = TRUE;
+          }
         }
         else
           if(data->state.authwant & CURLAUTH_DIGEST) {
@@ -458,9 +471,17 @@ CURLcode Curl_http_auth(struct connectdata *conn,
              valid. */
           data->state.authavail = CURLAUTH_NONE;
           infof(data, "Authentication problem. Ignoring this.\n");
+          data->state.authproblem = TRUE;
         }
         else if(data->state.authwant & CURLAUTH_BASIC) {
           data->state.authavail |= CURLAUTH_BASIC;
+        } else {
+            /*
+            ** We asked for something besides basic but got
+            ** Basic anyway.  This is no good.
+            */
+            infof(data, "Server expects Basic auth, but we're doing something else.\n");
+            data->state.authproblem = TRUE;
         }
       }
   return CURLE_OK;
@@ -531,13 +552,17 @@ int Curl_http_should_fail(struct connectdata *conn)
   */
 #if 0 /* set to 1 when debugging this functionality */
   infof(data,"%s: authstage = %d\n",__FUNCTION__,data->state.authstage);
+  infof(data,"%s: authwant = 0x%08x\n",__FUNCTION__,data->state.authwant);
+  infof(data,"%s: authavail = 0x%08x\n",__FUNCTION__,data->state.authavail);
   infof(data,"%s: httpcode = %d\n",__FUNCTION__,k->httpcode);
   infof(data,"%s: authdone = %d\n",__FUNCTION__,data->state.authdone);
+  infof(data,"%s: newurl = %s\n",__FUNCTION__,conn->newurl ? conn->newurl : "(null)");
+  infof(data,"%s: authproblem = %d\n",__FUNCTION__,data->state.authproblem);
 #endif
 
   if (data->state.authstage &&
       (data->state.authstage == k->httpcode))
-    return data->state.authdone;
+    return (data->state.authdone || data->state.authproblem);
 
   /*
   ** Either we're not authenticating, or we're supposed to
diff --git a/lib/transfer.c b/lib/transfer.c
index 2d0b4aa33..1151e05b6 100644
--- a/lib/transfer.c
+++ b/lib/transfer.c
@@ -1499,6 +1499,7 @@ CURLcode Curl_pretransfer(struct SessionHandle *data)
   /* set preferred authentication, default to basic */
 
   data->state.authstage = 0; /* initialize authentication later */
+  data->state.authproblem = FALSE;
 
   /* If there was a list of cookie files to read and we haven't done it before,
      do it now! */
diff --git a/lib/urldata.h b/lib/urldata.h
index 55070ccbf..7642cb9a1 100644
--- a/lib/urldata.h
+++ b/lib/urldata.h
@@ -725,6 +725,7 @@ struct UrlState {
                      depending on authstage) */
   long authavail; /* what the server reports */
 
+  bool authproblem; /* TRUE if there's some problem authenticating */
   bool authdone; /* TRUE when the auth phase is done and ready
                     to do the *actual* request */
 #ifdef USE_ARES
-- 
cgit v1.2.3