From f7c66081721ac54f68457f07994487f416db383f Mon Sep 17 00:00:00 2001
From: Kamil Dudka <kdudka@redhat.com>
Date: Mon, 6 May 2019 14:16:35 +0200
Subject: [PATCH] spnego_gssapi: fix return code on gss_init_sec_context()
failure
Fixes #3726
Closes #3849
Upstream-commit: f65845c1eccc02385cdfb22bf2e521e670f7b295
Signed-off-by: Kamil Dudka <kdudka@redhat.com>
---
lib/vauth/spnego_gssapi.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/lib/vauth/spnego_gssapi.c b/lib/vauth/spnego_gssapi.c
index 7c4bd4b59..de8bde2ba 100644
--- a/lib/vauth/spnego_gssapi.c
+++ b/lib/vauth/spnego_gssapi.c
@@ -170,7 +170,7 @@ CURLcode Curl_auth_decode_spnego_message(struct Curl_easy *data,
Curl_gss_log_error(data, "gss_init_sec_context() failed: ",
major_status, minor_status);
- return CURLE_OUT_OF_MEMORY;
+ return CURLE_LOGIN_DENIED;
}
if(!output_token.value || !output_token.length) {
--
2.20.1
From ce0dbcf6f028c84adf4ff3704c04a09d4450a596 Mon Sep 17 00:00:00 2001
From: Kamil Dudka <kdudka@redhat.com>
Date: Mon, 6 May 2019 14:32:00 +0200
Subject: [PATCH] http_negotiate: do not treat failure of
gss_init_sec_context() as fatal
Fixes #3726
Closes #3849
Upstream-commit: f4603708af08f454bca8b74095d0af40a4516512
Signed-off-by: Kamil Dudka <kdudka@redhat.com>
---
lib/http_negotiate.c | 8 +++++++-
1 file changed, 7 insertions(+), 1 deletion(-)
diff --git a/lib/http_negotiate.c b/lib/http_negotiate.c
index 9415236fb..201c3a785 100644
--- a/lib/http_negotiate.c
+++ b/lib/http_negotiate.c
@@ -143,7 +143,13 @@ CURLcode Curl_output_negotiate(struct connectdata *conn, bool proxy)
}
if(!neg_ctx->context) {
result = Curl_input_negotiate(conn, proxy, "Negotiate");
- if(result)
+ if(result == CURLE_LOGIN_DENIED) {
+ /* negotiate auth failed, let's continue unauthenticated to stay
+ * compatible with the behavior before curl-7_64_0-158-g6c6035532 */
+ conn->data->state.authproblem = TRUE;
+ return CURLE_OK;
+ }
+ else if(result)
return result;
}
--
2.20.1