Commit 2eb02480 authored by Daniel Stenberg's avatar Daniel Stenberg
Browse files

Revert "HTTP: don't abort connections with pending Negotiate authentication" 

This reverts commit 5dc68dd6.

Bug: https://github.com/bagder/curl/issues/223
Reported-by: Michael Osipov
parent f7011252

lib/http.c

+30 −82
Original line number Diff line number Diff line
@@ -345,82 +345,6 @@ static bool pickoneauth(struct auth *pick) 
  return picked;

}



/* whether to complete request (for authentication) in current connection */

static bool complete_request(struct connectdata *conn,

                             curl_off_t remaining_bytes)

{

#if defined(USE_NTLM) || defined(USE_SPNEGO)

  struct SessionHandle *data = conn->data;

  bool have_ntlm_or_negotiate = FALSE;

  bool auth_started = FALSE;



  /* don't reset connection when we're in NTLM or Negotiate authentication;

   * those authenticate the connection - creating a new connection breaks the

   * authentication.

   */



#if defined(USE_NTLM)

  /* proxy NTLM authentication */

  if((data->state.authproxy.picked == CURLAUTH_NTLM) ||

      (data->state.authproxy.picked == CURLAUTH_NTLM_WB)) {

    have_ntlm_or_negotiate = TRUE;

    auth_started = auth_started

                 || (conn->proxyntlm.state != NTLMSTATE_NONE);

  }



  /* normal NTLM authentication */

  if((data->state.authhost.picked == CURLAUTH_NTLM) ||

      (data->state.authhost.picked == CURLAUTH_NTLM_WB)) {

    have_ntlm_or_negotiate = TRUE;

    auth_started = auth_started

                 || (conn->ntlm.state != NTLMSTATE_NONE);

  }

#endif



#if defined(USE_SPNEGO)

  /* proxy Negotiate authentication */

  if(data->state.authproxy.picked == CURLAUTH_NEGOTIATE) {

    have_ntlm_or_negotiate = TRUE;

    auth_started = auth_started

                 || (data->state.proxyneg.state != GSS_AUTHNONE);

  }



  /* normal Negotiate authentication */

  if(data->state.authhost.picked == CURLAUTH_NEGOTIATE) {

    have_ntlm_or_negotiate = TRUE;

    auth_started = auth_started

                 || (data->state.negotiate.state != GSS_AUTHNONE);

  }

#endif



  if(have_ntlm_or_negotiate) {

    if(remaining_bytes < 2000 || auth_started) {

      /* NTLM/Negotiation has started *OR* there is just a little (<2K)

       * data left to send, keep on sending.

       */



      /* rewind data when completely done sending! */

      if(!conn->bits.authneg) {

        conn->bits.rewindaftersend = TRUE;

        infof(data, "Rewind stream after send\n");

      }



      return TRUE;

    }



    infof(data, "NTLM/Negotiate send, close instead of sending %"

          CURL_FORMAT_CURL_OFF_T " bytes\n",

          remaining_bytes);

  }

#else

  /* unused parameters: */

  (void)conn;

  (void)remaining_bytes;

#endif



  return FALSE;

}



/*

 * Curl_http_perhapsrewind()

 *
@@ -499,12 +423,36 @@ static CURLcode http_perhapsrewind(struct connectdata *conn) 
  conn->bits.rewindaftersend = FALSE; /* default */



  if((expectsend == -1) || (expectsend > bytessent)) {

#if defined(USE_NTLM)

    /* There is still data left to send */

    if((data->state.authproxy.picked == CURLAUTH_NTLM) ||

       (data->state.authhost.picked == CURLAUTH_NTLM) ||

       (data->state.authproxy.picked == CURLAUTH_NTLM_WB) ||

       (data->state.authhost.picked == CURLAUTH_NTLM_WB)) {

      if(((expectsend - bytessent) < 2000) ||

         (conn->ntlm.state != NTLMSTATE_NONE) ||

         (conn->proxyntlm.state != NTLMSTATE_NONE)) {

        /* The NTLM-negotiation has started *OR* there is just a little (<2K)

           data left to send, keep on sending. */



        /* rewind data when completely done sending! */

        if(!conn->bits.authneg) {

          conn->bits.rewindaftersend = TRUE;

          infof(data, "Rewind stream after send\n");

        }



        return CURLE_OK;

      }



      if(conn->bits.close)

        /* this is already marked to get closed */

        return CURLE_OK;



    if(complete_request(conn, (curl_off_t)(expectsend - bytessent)))

      return CURLE_OK;

      infof(data, "NTLM send, close instead of sending %"

            CURL_FORMAT_CURL_OFF_T " bytes\n",

            (curl_off_t)(expectsend - bytessent));

    }

#endif



    /* This is not NTLM or many bytes left to send: close */

    connclose(conn, "Mid-auth HTTP and much data left to send");
@@ -515,7 +463,7 @@ static CURLcode http_perhapsrewind(struct connectdata *conn) 
  }



  if(bytessent)

    /* we rewind now at once since we already sent something */

    /* we rewind now at once since if we already sent something */

    return Curl_readrewind(conn);



  return CURLE_OK;