From bf614e0e8a231b820160ebca2bc13afeee44c683 Mon Sep 17 00:00:00 2001

From: Isaac Boukris <iboukris@gmail.com>

Date: Fri, 27 Jan 2017 00:42:28 +0200

Subject: [PATCH 1/3] authneg: clear auth.multi flag at http_done

This flag is meant for the current request based on authentication

state, once the request is done we can clear the flag.

Also change auth.multi to auth.multipass for better readability.

Fixes https://github.com/curl/curl/issues/1095

Closes https://github.com/curl/curl/pull/1326

Signed-off-by: Isaac Boukris <iboukris@gmail.com>

Reported-by: Michael Kaufmann

Upstream-commit: 5278462c32a70cd972a8cc824a38f164151d6c6d

Signed-off-by: Kamil Dudka <kdudka@redhat.com>

---

 lib/http.c    | 11 ++++++++---

 lib/urldata.h |  4 ++--

 2 files changed, 10 insertions(+), 5 deletions(-)

diff --git a/lib/http.c b/lib/http.c

index db37cf9..9419bff 100644

--- a/lib/http.c

+++ b/lib/http.c

@@ -585,10 +585,10 @@ output_auth_headers(struct connectdata *conn,

           proxy?"Proxy":"Server", auth,

           proxy?(conn->proxyuser?conn->proxyuser:""):

                 (conn->user?conn->user:""));

-    authstatus->multi = (!authstatus->done) ? TRUE : FALSE;

+    authstatus->multipass = (!authstatus->done) ? TRUE : FALSE;

   }

   else

-    authstatus->multi = FALSE;

+    authstatus->multipass = FALSE;

   return CURLE_OK;

 }

@@ -1402,6 +1402,11 @@ CURLcode Curl_http_done(struct connectdata *conn,

   struct SessionHandle *data = conn->data;

   struct HTTP *http =data->state.proto.http;

+  /* Clear multipass flag. If authentication isn't done yet, then it will get

+   * a chance to be set back to true when we output the next auth header */

+  data->state.authhost.multipass = FALSE;

+  data->state.authproxy.multipass = FALSE;

+

   Curl_unencode_cleanup(conn);

 #ifdef USE_HTTP_NEGOTIATE

@@ -1738,7 +1743,7 @@ CURLcode Curl_http(struct connectdata *conn, bool *done)

   if(result)

     return result;

-  if((data->state.authhost.multi || data->state.authproxy.multi) &&

+  if((data->state.authhost.multipass || data->state.authproxy.multipass) &&

      (httpreq != HTTPREQ_GET) &&

      (httpreq != HTTPREQ_HEAD)) {

     /* Auth is required and we are not authenticated yet. Make a PUT or POST

diff --git a/lib/urldata.h b/lib/urldata.h

index 3e6ace5..7e0c30d 100644

--- a/lib/urldata.h

+++ b/lib/urldata.h

@@ -1143,8 +1143,8 @@ struct auth {

                           this resource */

   bool done;  /* TRUE when the auth phase is done and ready to do the *actual*

                  request */

-  bool multi; /* TRUE if this is not yet authenticated but within the auth

-                 multipass negotiation */

+  bool multipass; /* TRUE if this is not yet authenticated but within the

+                     auth multipass negotiation */

   bool iestyle; /* TRUE if digest should be done IE-style or FALSE if it should

                    be RFC compliant */

 };

-- 

2.13.6

From 8fe4533bc8de3664f8b664fa5ab78739b5ea3d87 Mon Sep 17 00:00:00 2001

From: Michael Kaufmann <mail@michael-kaufmann.ch>

Date: Sat, 11 Mar 2017 18:22:30 +0100

Subject: [PATCH 2/3] curl_easy_reset: Also reset the authentication state

Follow-up to 5278462

See https://github.com/curl/curl/issues/1095

Upstream-commit: 0afbcfd800c45e766e225e4ce273b128ee6a8c25

Signed-off-by: Kamil Dudka <kdudka@redhat.com>

---

 lib/easy.c | 4 ++++

 1 file changed, 4 insertions(+)

diff --git a/lib/easy.c b/lib/easy.c

index 13801b2..0e9ba18 100644

--- a/lib/easy.c

+++ b/lib/easy.c

@@ -670,6 +670,10 @@ void curl_easy_reset(CURL *curl)

   data->progress.flags |= PGRS_HIDE;

   data->state.current_speed = -1; /* init to negative == impossible */

+

+  /* zero out authentication data: */

+  memset(&data->state.authhost, 0, sizeof(struct auth));

+  memset(&data->state.authproxy, 0, sizeof(struct auth));

 }

 /*

-- 

2.13.6

From db75a5b82f0b4b24a838fb91e9d3352d4c4c05f2 Mon Sep 17 00:00:00 2001

From: Michael Kaufmann <mail@michael-kaufmann.ch>

Date: Sat, 11 Mar 2017 20:06:56 +0100

Subject: [PATCH 3/3] tests: fix the authretry tests

Do not call curl_easy_reset() between the requests, because the

auth state must be preserved for these tests.

Follow-up to 0afbcfd

Upstream-commit: 8d105209933e27293cfc4f224614cea57ddd8372

Signed-off-by: Kamil Dudka <kdudka@redhat.com>

---

 tests/libtest/libauthretry.c | 5 -----

 1 file changed, 5 deletions(-)

diff --git a/tests/libtest/libauthretry.c b/tests/libtest/libauthretry.c

index 9576132..6342252 100644

--- a/tests/libtest/libauthretry.c

+++ b/tests/libtest/libauthretry.c

@@ -111,12 +111,10 @@ int test(char *url)

   res = send_wrong_password(curl, url, 100, main_auth_scheme);

   if (res != CURLE_OK)

       goto test_cleanup;

-  curl_easy_reset(curl);

   res = send_right_password(curl, url, 200, fallback_auth_scheme);

   if (res != CURLE_OK)

       goto test_cleanup;

-  curl_easy_reset(curl);

   curl_easy_cleanup(curl);

@@ -131,17 +129,14 @@ int test(char *url)

   res = send_wrong_password(curl, url, 300, main_auth_scheme);

   if (res != CURLE_OK)

       goto test_cleanup;

-  curl_easy_reset(curl);

   res = send_wrong_password(curl, url, 400, fallback_auth_scheme);

   if (res != CURLE_OK)

       goto test_cleanup;

-  curl_easy_reset(curl);

   res = send_right_password(curl, url, 500, fallback_auth_scheme);

   if (res != CURLE_OK)

       goto test_cleanup;

-  curl_easy_reset(curl);

 test_cleanup:

-- 

2.13.6