From 6c6035532383e300c712e4c1cd9fdd749ed5cf59 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Dominik=20H=C3=B6lzl?= <dominik.hoelzl@fabasoft.at>
Date: Mon, 10 Sep 2018 09:18:01 +0200
Subject: Negotiate: fix for HTTP POST with Negotiate

* Adjusted unit tests 2056, 2057
* do not generally close connections with CURLAUTH_NEGOTIATE after every request
* moved negotiatedata from UrlState to connectdata
* Added stream rewind logic for CURLAUTH_NEGOTIATE
* introduced negotiatedata::GSS_AUTHDONE and negotiatedata::GSS_AUTHSUCC
* Consider authproblem state for CURLAUTH_NEGOTIATE
* Consider reuse_forbid for CURLAUTH_NEGOTIATE
* moved and adjusted negotiate authentication state handling from
  output_auth_headers into Curl_output_negotiate
* Curl_output_negotiate: ensure auth done is always set
* Curl_output_negotiate: Set auth done also if result code is
  GSS_S_CONTINUE_NEEDED/SEC_I_CONTINUE_NEEDED as this result code may
  also indicate the last challenge request (only works with disabled
  Expect: 100-continue and CURLOPT_KEEP_SENDING_ON_ERROR -> 1)
* Consider "Persistent-Auth" header, detect if not present;
  Reset/Cleanup negotiate after authentication if no persistent
  authentication
* apply changes introduced with #2546 for negotiate rewind logic

Fixes #1261
Closes #1975
---
 tests/data/test2056 | 22 +---------------------
 tests/data/test2057 | 24 ++----------------------
 2 files changed, 3 insertions(+), 43 deletions(-)

(limited to 'tests/data')

diff --git a/tests/data/test2056 b/tests/data/test2056
index f00e21204..5d2584eec 100644
--- a/tests/data/test2056
+++ b/tests/data/test2056
@@ -8,17 +8,7 @@ HTTP Negotiate auth (stub krb5)
 </info>
 # Server-side
 <reply>
-<!-- First request, expect 401 Negotiate -->
-<data>
-HTTP/1.1 401 Authorization Required
-Server: Microsoft-IIS/7.0
-Content-Type: text/html; charset=iso-8859-1
-WWW-Authenticate: Negotiate
-Content-Length: 13
-
-Not yet sir!
-</data>
-<!-- Second request, expect success in one shot -->
+<!-- First request, expect success in one shot -->
 <data1>
 HTTP/1.1 200 Things are fine in server land
 Server: Microsoft-IIS/7.0
@@ -29,12 +19,6 @@ Content-Length: 15
 Nice auth sir!
 </data1>
 <datacheck>
-HTTP/1.1 401 Authorization Required
-Server: Microsoft-IIS/7.0
-Content-Type: text/html; charset=iso-8859-1
-WWW-Authenticate: Negotiate
-Content-Length: 13
-
 HTTP/1.1 200 Things are fine in server land
 Server: Microsoft-IIS/7.0
 Content-Type: text/html; charset=iso-8859-1
@@ -73,10 +57,6 @@ CURL_STUB_GSS_CREDS="KRB5_Alice"
 ^User-Agent:.*
 </strip>
 <protocol>
-GET /2056 HTTP/1.1
-Host: %HOSTIP:%HTTPPORT
-Accept: */*
-
 GET /2056 HTTP/1.1
 Host: %HOSTIP:%HTTPPORT
 Authorization: Negotiate IktSQjVfQWxpY2UiOkhUVFBAMTI3LjAuMC4xOjE6QUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQQ==
diff --git a/tests/data/test2057 b/tests/data/test2057
index 562505168..92d7824c1 100644
--- a/tests/data/test2057
+++ b/tests/data/test2057
@@ -8,17 +8,7 @@ HTTP Negotiate auth (stub ntlm)
 </info>
 # Server-side
 <reply>
-<!-- First request, expect 401 Negotiate -->
-<data>
-HTTP/1.1 401 Authorization Required
-Server: Microsoft-IIS/7.0
-Content-Type: text/html; charset=iso-8859-1
-WWW-Authenticate: Negotiate
-Content-Length: 13
-
-Not yet sir!
-</data>
-<!-- Second request, expect 401 (ntlm challenge) -->
+<!-- First request, expect 401 (ntlm challenge) -->
 <data1>
 HTTP/1.1 401 Authorization Required
 Server: Microsoft-IIS/7.0
@@ -28,7 +18,7 @@ Content-Length: 19
 
 Still not yet sir!
 </data1>
-<!-- Third request, expect success  -->
+<!-- Second request, expect success  -->
 <data2>
 HTTP/1.1 200 Things are fine in server land
 Server: Microsoft-IIS/7.0
@@ -39,12 +29,6 @@ Content-Length: 15
 Nice auth sir!
 </data2>
 <datacheck>
-HTTP/1.1 401 Authorization Required
-Server: Microsoft-IIS/7.0
-Content-Type: text/html; charset=iso-8859-1
-WWW-Authenticate: Negotiate
-Content-Length: 13
-
 HTTP/1.1 401 Authorization Required
 Server: Microsoft-IIS/7.0
 Content-Type: text/html; charset=iso-8859-1
@@ -89,10 +73,6 @@ CURL_STUB_GSS_CREDS="NTLM_Alice"
 ^User-Agent:.*
 </strip>
 <protocol>
-GET /2057 HTTP/1.1
-Host: %HOSTIP:%HTTPPORT
-Accept: */*
-
 GET /2057 HTTP/1.1
 Host: %HOSTIP:%HTTPPORT
 Authorization: Negotiate Ik5UTE1fQWxpY2UiOkhUVFBAMTI3LjAuMC4xOjI6QUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQQ==
-- 
cgit v1.2.3