1 From 6abfb512ed22c2de891a4398616d81a2a0690b5a Mon Sep 17 00:00:00 2001
2 From: Daniel Stenberg <daniel@haxx.se>
3 Date: Sat, 18 Apr 2015 23:50:16 +0200
4 Subject: [PATCH] http_done: close Negotiate connections when done
6 When doing HTTP requests Negotiate authenticated, the entire connnection
7 may become authenticated and not just the specific HTTP request which is
8 otherwise how HTTP works, as Negotiate can basically use NTLM under the
9 hood. curl was not adhering to this fact but would assume that such
10 requests would also be authenticated per request.
14 Bug: http://curl.haxx.se/docs/adv_20150422B.html
15 Reported-by: Isaac Boukris
17 lib/http.c | 8 +++++++-
18 1 file changed, 7 insertions(+), 1 deletion(-)
22 @@ -1493,8 +1493,14 @@ CURLcode Curl_http_done(struct connectda
25 if(data->state.proxyneg.state == GSS_AUTHSENT ||
26 - data->state.negotiate.state == GSS_AUTHSENT)
27 + data->state.negotiate.state == GSS_AUTHSENT) {
28 + /* add forbid re-use if http-code != 401 as a WA
29 + * only needed for 401 that failed handling
30 + * otherwie state will be RECV with current code */
31 + if((data->req.httpcode != 401) && (data->req.httpcode != 407))
32 + connclose(conn, "Negotiate transfer completed");
33 Curl_cleanup_negotiate(data);
37 /* set the proper values (possibly modified on POST) */