http_negotiate: improve handling of gss_init_sec_context() failures

If HTTPAUTH_GSSNEGOTIATE was used for a POST request and
gss_init_sec_context() failed, the POST request was sent
with empty body.  This commit also restores the original
behavior of `curl --fail --negotiate`, which was changed
by commit 6c6035532383e300c712e4c1cd9fdd749ed5cf59.

Add regression tests 2077 and 2078 to cover this.

Fixes #3992
Closes #4171

diff --git a/lib/http_negotiate.c b/lib/http_negotiate.c
index c8f40644492fedf1e1919b88ccbe8ed0a2fc6822..fe15dcefbc6ed7aee3b1c7985b3a400aefe975d3 100644 (file)
--- a/lib/http_negotiate.c
+++ b/lib/http_negotiate.c
@@ -151,7 +151,7 @@ CURLcode Curl_output_negotiate(struct connectdata *conn, bool proxy)
       if(result == CURLE_LOGIN_DENIED) {
         /* negotiate auth failed, let's continue unauthenticated to stay
          * compatible with the behavior before curl-7_64_0-158-g6c6035532 */
-        conn->data->state.authproblem = TRUE;
+        authp->done = TRUE;
         return CURLE_OK;
       }
       else if(result)

diff --git a/tests/data/Makefile.inc b/tests/data/Makefile.inc
index 693e53d7c9d4b85ed7eba52eb68b49b76271c2a7..3ed4a03e47c03bd8abe00ec2ed7646e5dc555df2 100644 (file)
--- a/tests/data/Makefile.inc
+++ b/tests/data/Makefile.inc
@@ -199,7 +199,8 @@ test2040 test2041 test2042 test2043 test2044 test2045 test2046 test2047 \
 test2048 test2049 test2050 test2051 test2052 test2053 test2054 test2055 \
 test2056 test2057 test2058 test2059 test2060 test2061 test2062 test2063 \
 test2064 test2065 test2066 test2067 test2068 test2069 \
-         test2071 test2072 test2073 test2074 test2075 test2076 \
+         test2071 test2072 test2073 test2074 test2075 test2076 test2077 \
+test2078 \
 test2080 \
 test2100 \
 \

diff --git a/tests/data/test2077 b/tests/data/test2077
new file mode 100644 (file)
index 0000000..0c600f5
--- /dev/null
+++ b/tests/data/test2077
@@ -0,0 +1,42 @@
+<testcase>
+<info>
+<keywords>
+HTTP
+HTTP GET
+GSS-API
+</keywords>
+</info>
+
+# Server-side
+<reply>
+<data>
+HTTP/1.1 200 OK swsclose\r
+Content-Length: 23\r
+\r
+This IS the real page!
+</data>
+</reply>
+
+# Client-side
+<client>
+<server>
+http
+</server>
+<features>
+GSS-API
+</features>
+<name>
+curl --fail --negotiate to unauthenticated service fails
+</name>
+<command>
+http://%HOSTIP:%HTTPPORT/2077 -u : --fail --negotiate
+</command>
+</client>
+
+# Verify data after the test has been "shot"
+<verify>
+<errorcode>
+0
+</errorcode>
+</verify>
+</testcase>

diff --git a/tests/data/test2078 b/tests/data/test2078
new file mode 100644 (file)
index 0000000..99bc2db
--- /dev/null
+++ b/tests/data/test2078
@@ -0,0 +1,54 @@
+<testcase>
+<info>
+<keywords>
+HTTP
+HTTP GET
+GSS-API
+</keywords>
+</info>
+
+# Server-side
+<reply>
+<data>
+HTTP/1.1 200 OK swsclose\r
+Content-Length: 23\r
+\r
+This IS the real page!
+</data>
+</reply>
+
+# Client-side
+<client>
+<server>
+http
+</server>
+<features>
+GSS-API
+</features>
+<name>
+curl --negotiate should not send empty POST request only
+</name>
+<command>
+http://%HOSTIP:%HTTPPORT/2078 -u : --negotiate --data name=value
+</command>
+</client>
+
+# Verify data after the test has been "shot"
+<verify>
+<errorcode>
+0
+</errorcode>
+<strip>
+^User-Agent:.*
+</strip>
+<protocol nonewline="yes">
+POST /2078 HTTP/1.1\r
+Host: 127.0.0.1:8990\r
+Accept: */*\r
+Content-Length: 10\r
+Content-Type: application/x-www-form-urlencoded\r
+\r
+name=value
+</protocol>
+</verify>
+</testcase>