mirror of
https://github.com/curl/curl.git
synced 2026-04-20 03:01:14 +03:00
- David Byron found and fixed a small bug with the --fail and authentication
stuff added a few weeks ago. Turns out that if you specify --proxy-ntlm and communicate with a proxy that requires basic authentication, the proxy properly returns a 407, but the failure detection code doesn't realize it should give up, so curl returns with exit code 0. Test case 162 verifies this.
This commit is contained in:
Daniel Stenberg
parent
84406b3e2c
commit
2ff30d067c
6 changed files with 86 additions and 7 deletions
37
lib/http.c
37
lib/http.c
|
|
@ -396,8 +396,13 @@ CURLcode Curl_http_auth(struct connectdata *conn,
|
|||
if(data->state.authwant == CURLAUTH_GSSNEGOTIATE) {
|
||||
/* if exactly this is wanted, go */
|
||||
int neg = Curl_input_negotiate(conn, start);
|
||||
if (neg == 0)
|
||||
if (neg == 0) {
|
||||
conn->newurl = strdup(data->change.url);
|
||||
data->state.authproblem = (conn->newurl == NULL);
|
||||
else {
|
||||
infof(data, "Authentication problem. Ignoring this.\n");
|
||||
data->state.authproblem = TRUE;
|
||||
}
|
||||
}
|
||||
else
|
||||
if(data->state.authwant & CURLAUTH_GSSNEGOTIATE)
|
||||
|
|
@ -414,10 +419,14 @@ CURLcode Curl_http_auth(struct connectdata *conn,
|
|||
CURLntlm ntlm =
|
||||
Curl_input_ntlm(conn, (bool)(httpcode == 407), start);
|
||||
|
||||
if(CURLNTLM_BAD != ntlm)
|
||||
if(CURLNTLM_BAD != ntlm) {
|
||||
conn->newurl = strdup(data->change.url); /* clone string */
|
||||
else
|
||||
data->state.authproblem = (conn->newurl == NULL);
|
||||
}
|
||||
else {
|
||||
infof(data, "Authentication problem. Ignoring this.\n");
|
||||
data->state.authproblem = TRUE;
|
||||
}
|
||||
}
|
||||
else
|
||||
if(data->state.authwant & CURLAUTH_NTLM)
|
||||
|
|
@ -431,12 +440,16 @@ CURLcode Curl_http_auth(struct connectdata *conn,
|
|||
/* Digest authentication is activated */
|
||||
CURLdigest dig = Curl_input_digest(conn, start);
|
||||
|
||||
if(CURLDIGEST_FINE == dig)
|
||||
if(CURLDIGEST_FINE == dig) {
|
||||
/* We act on it. Store our new url, which happens to be
|
||||
the same one we already use! */
|
||||
conn->newurl = strdup(data->change.url); /* clone string */
|
||||
else
|
||||
data->state.authproblem = (conn->newurl == NULL);
|
||||
}
|
||||
else {
|
||||
infof(data, "Authentication problem. Ignoring this.\n");
|
||||
data->state.authproblem = TRUE;
|
||||
}
|
||||
}
|
||||
else
|
||||
if(data->state.authwant & CURLAUTH_DIGEST) {
|
||||
|
|
@ -458,9 +471,17 @@ CURLcode Curl_http_auth(struct connectdata *conn,
|
|||
valid. */
|
||||
data->state.authavail = CURLAUTH_NONE;
|
||||
infof(data, "Authentication problem. Ignoring this.\n");
|
||||
data->state.authproblem = TRUE;
|
||||
}
|
||||
else if(data->state.authwant & CURLAUTH_BASIC) {
|
||||
data->state.authavail |= CURLAUTH_BASIC;
|
||||
} else {
|
||||
/*
|
||||
** We asked for something besides basic but got
|
||||
** Basic anyway. This is no good.
|
||||
*/
|
||||
infof(data, "Server expects Basic auth, but we're doing something else.\n");
|
||||
data->state.authproblem = TRUE;
|
||||
}
|
||||
}
|
||||
return CURLE_OK;
|
||||
|
|
@ -531,13 +552,17 @@ int Curl_http_should_fail(struct connectdata *conn)
|
|||
*/
|
||||
#if 0 /* set to 1 when debugging this functionality */
|
||||
infof(data,"%s: authstage = %d\n",__FUNCTION__,data->state.authstage);
|
||||
infof(data,"%s: authwant = 0x%08x\n",__FUNCTION__,data->state.authwant);
|
||||
infof(data,"%s: authavail = 0x%08x\n",__FUNCTION__,data->state.authavail);
|
||||
infof(data,"%s: httpcode = %d\n",__FUNCTION__,k->httpcode);
|
||||
infof(data,"%s: authdone = %d\n",__FUNCTION__,data->state.authdone);
|
||||
infof(data,"%s: newurl = %s\n",__FUNCTION__,conn->newurl ? conn->newurl : "(null)");
|
||||
infof(data,"%s: authproblem = %d\n",__FUNCTION__,data->state.authproblem);
|
||||
#endif
|
||||
|
||||
if (data->state.authstage &&
|
||||
(data->state.authstage == k->httpcode))
|
||||
return data->state.authdone;
|
||||
return (data->state.authdone || data->state.authproblem);
|
||||
|
||||
/*
|
||||
** Either we're not authenticating, or we're supposed to
|
||||
|
|
|
|||
|
|
@ -1499,6 +1499,7 @@ CURLcode Curl_pretransfer(struct SessionHandle *data)
|
|||
/* set preferred authentication, default to basic */
|
||||
|
||||
data->state.authstage = 0; /* initialize authentication later */
|
||||
data->state.authproblem = FALSE;
|
||||
|
||||
/* If there was a list of cookie files to read and we haven't done it before,
|
||||
do it now! */
|
||||
|
|
|
|||
|
|
@ -725,6 +725,7 @@ struct UrlState {
|
|||
depending on authstage) */
|
||||
long authavail; /* what the server reports */
|
||||
|
||||
bool authproblem; /* TRUE if there's some problem authenticating */
|
||||
bool authdone; /* TRUE when the auth phase is done and ready
|
||||
to do the *actual* request */
|
||||
#ifdef USE_ARES
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue