From 9c613ade7a7157d51db227e9070e8de555ae3053 Mon Sep 17 00:00:00 2001 From: Steve Holme Date: Sun, 26 Oct 2014 14:26:39 +0000 Subject: [PATCH] sspi: Only call CompleteAuthToken() when complete is needed Don't call CompleteAuthToken() after InitializeSecurityContext() has returned SEC_I_CONTINUE_NEEDED as this return code only indicates the function should be called again after receiving a response back from the server. This only affected the Digest and NTLM authentication code. --- lib/curl_ntlm_msgs.c | 6 +++--- lib/curl_sasl_sspi.c | 6 +++--- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/lib/curl_ntlm_msgs.c b/lib/curl_ntlm_msgs.c index 1edefd7a292b19..f0c502d2acd62a 100644 --- a/lib/curl_ntlm_msgs.c +++ b/lib/curl_ntlm_msgs.c @@ -497,10 +497,10 @@ CURLcode Curl_ntlm_create_type1_message(const char *userp, ntlm->context, &type_1_desc, &attrs, &tsDummy); - if(status == SEC_I_COMPLETE_AND_CONTINUE || - status == SEC_I_CONTINUE_NEEDED) + if(status == SEC_I_COMPLETE_NEEDED || + status == SEC_I_COMPLETE_AND_CONTINUE) s_pSecFn->CompleteAuthToken(ntlm->context, &type_1_desc); - else if(status != SEC_E_OK) + else if(status != SEC_E_OK && status != SEC_I_CONTINUE_NEEDED) return CURLE_RECV_ERROR; size = type_1_buf.cbBuffer; diff --git a/lib/curl_sasl_sspi.c b/lib/curl_sasl_sspi.c index 3875b9bb74ab77..cdd8b29cf9f7d1 100644 --- a/lib/curl_sasl_sspi.c +++ b/lib/curl_sasl_sspi.c @@ -232,10 +232,10 @@ CURLcode Curl_sasl_create_digest_md5_message(struct SessionHandle *data, &chlg_desc, 0, &ctx, &resp_desc, &attrs, &tsDummy); - if(status == SEC_I_COMPLETE_AND_CONTINUE || - status == SEC_I_CONTINUE_NEEDED) + if(status == SEC_I_COMPLETE_NEEDED || + status == SEC_I_COMPLETE_AND_CONTINUE) s_pSecFn->CompleteAuthToken(&handle, &resp_desc); - else if(status != SEC_E_OK) { + else if(status != SEC_E_OK && status != SEC_I_CONTINUE_NEEDED) { s_pSecFn->FreeCredentialsHandle(&handle); Curl_sspi_free_identity(&identity); Curl_safefree(spn);