Commit 9c613ade authored by Steve Holme's avatar Steve Holme
Browse files

sspi: Only call CompleteAuthToken() when complete is needed 

Don't call CompleteAuthToken() after InitializeSecurityContext() has
returned SEC_I_CONTINUE_NEEDED as this return code only indicates the
function should be called again after receiving a response back from
the server.

This only affected the Digest and NTLM authentication code.
parent 382cee0a

lib/curl_ntlm_msgs.c

+3 −3
Original line number Diff line number Diff line
@@ -497,10 +497,10 @@ CURLcode Curl_ntlm_create_type1_message(const char *userp, 
                                               ntlm->context, &type_1_desc,

                                               &attrs, &tsDummy);



  if(status == SEC_I_COMPLETE_AND_CONTINUE ||

     status == SEC_I_CONTINUE_NEEDED)

  if(status == SEC_I_COMPLETE_NEEDED ||

     status == SEC_I_COMPLETE_AND_CONTINUE)

    s_pSecFn->CompleteAuthToken(ntlm->context, &type_1_desc);

  else if(status != SEC_E_OK)

  else if(status != SEC_E_OK && status != SEC_I_CONTINUE_NEEDED)

    return CURLE_RECV_ERROR;



  size = type_1_buf.cbBuffer;

lib/curl_sasl_sspi.c

+3 −3
Original line number Diff line number Diff line
@@ -232,10 +232,10 @@ CURLcode Curl_sasl_create_digest_md5_message(struct SessionHandle *data, 
                                               &chlg_desc, 0, &ctx,

                                               &resp_desc, &attrs, &tsDummy);



  if(status == SEC_I_COMPLETE_AND_CONTINUE ||

     status == SEC_I_CONTINUE_NEEDED)

  if(status == SEC_I_COMPLETE_NEEDED ||

     status == SEC_I_COMPLETE_AND_CONTINUE)

    s_pSecFn->CompleteAuthToken(&handle, &resp_desc);

  else if(status != SEC_E_OK) {

  else if(status != SEC_E_OK && status != SEC_I_CONTINUE_NEEDED) {

    s_pSecFn->FreeCredentialsHandle(&handle);

    Curl_sspi_free_identity(&identity);

    Curl_safefree(spn);