Revert "HTTP: don't abort connections with pending Negotiate authentication"

This reverts commit 5dc68dd6092a789bb5e0a67a1c1356ba87fdcbc6.

Bug: https://github.com/bagder/curl/issues/223
Reported-by: Michael Osipov

1 files changed, 30 insertions, 82 deletions

diff --git a/lib/http.c b/lib/http.c
index efd6b524b..4c1cfc549 100644
--- a/lib/http.c
+++ b/lib/http.c
@@ -345,82 +345,6 @@ static bool pickoneauth(struct auth *pick)
   return picked;
 }
 
-/* whether to complete request (for authentication) in current connection */
-static bool complete_request(struct connectdata *conn,
-                             curl_off_t remaining_bytes)
-{
-#if defined(USE_NTLM) || defined(USE_SPNEGO)
-  struct SessionHandle *data = conn->data;
-  bool have_ntlm_or_negotiate = FALSE;
-  bool auth_started = FALSE;
-
-  /* don't reset connection when we're in NTLM or Negotiate authentication;
-   * those authenticate the connection - creating a new connection breaks the
-   * authentication.
-   */
-
-#if defined(USE_NTLM)
-  /* proxy NTLM authentication */
-  if((data->state.authproxy.picked == CURLAUTH_NTLM) ||
-      (data->state.authproxy.picked == CURLAUTH_NTLM_WB)) {
-    have_ntlm_or_negotiate = TRUE;
-    auth_started = auth_started
-                 || (conn->proxyntlm.state != NTLMSTATE_NONE);
-  }
-
-  /* normal NTLM authentication */
-  if((data->state.authhost.picked == CURLAUTH_NTLM) ||
-      (data->state.authhost.picked == CURLAUTH_NTLM_WB)) {
-    have_ntlm_or_negotiate = TRUE;
-    auth_started = auth_started
-                 || (conn->ntlm.state != NTLMSTATE_NONE);
-  }
-#endif
-
-#if defined(USE_SPNEGO)
-  /* proxy Negotiate authentication */
-  if(data->state.authproxy.picked == CURLAUTH_NEGOTIATE) {
-    have_ntlm_or_negotiate = TRUE;
-    auth_started = auth_started
-                 || (data->state.proxyneg.state != GSS_AUTHNONE);
-  }
-
-  /* normal Negotiate authentication */
-  if(data->state.authhost.picked == CURLAUTH_NEGOTIATE) {
-    have_ntlm_or_negotiate = TRUE;
-    auth_started = auth_started
-                 || (data->state.negotiate.state != GSS_AUTHNONE);
-  }
-#endif
-
-  if(have_ntlm_or_negotiate) {
-    if(remaining_bytes < 2000 || auth_started) {
-      /* NTLM/Negotiation has started *OR* there is just a little (<2K)
-       * data left to send, keep on sending.
-       */
-
-      /* rewind data when completely done sending! */
-      if(!conn->bits.authneg) {
-        conn->bits.rewindaftersend = TRUE;
-        infof(data, "Rewind stream after send\n");
-      }
-
-      return TRUE;
-    }
-
-    infof(data, "NTLM/Negotiate send, close instead of sending %"
-          CURL_FORMAT_CURL_OFF_T " bytes\n",
-          remaining_bytes);
-  }
-#else
-  /* unused parameters: */
-  (void)conn;
-  (void)remaining_bytes;
-#endif
-
-  return FALSE;
-}
-
 /*
  * Curl_http_perhapsrewind()
  *
@@ -499,12 +423,36 @@ static CURLcode http_perhapsrewind(struct connectdata *conn)
   conn->bits.rewindaftersend = FALSE; /* default */
 
   if((expectsend == -1) || (expectsend > bytessent)) {
-    if(conn->bits.close)
-      /* this is already marked to get closed */
-      return CURLE_OK;
+#if defined(USE_NTLM)
+    /* There is still data left to send */
+    if((data->state.authproxy.picked == CURLAUTH_NTLM) ||
+       (data->state.authhost.picked == CURLAUTH_NTLM) ||
+       (data->state.authproxy.picked == CURLAUTH_NTLM_WB) ||
+       (data->state.authhost.picked == CURLAUTH_NTLM_WB)) {
+      if(((expectsend - bytessent) < 2000) ||
+         (conn->ntlm.state != NTLMSTATE_NONE) ||
+         (conn->proxyntlm.state != NTLMSTATE_NONE)) {
+        /* The NTLM-negotiation has started *OR* there is just a little (<2K)
+           data left to send, keep on sending. */
+
+        /* rewind data when completely done sending! */
+        if(!conn->bits.authneg) {
+          conn->bits.rewindaftersend = TRUE;
+          infof(data, "Rewind stream after send\n");
+        }
+
+        return CURLE_OK;
+      }
 
-    if(complete_request(conn, (curl_off_t)(expectsend - bytessent)))
-      return CURLE_OK;
+      if(conn->bits.close)
+        /* this is already marked to get closed */
+        return CURLE_OK;
+
+      infof(data, "NTLM send, close instead of sending %"
+            CURL_FORMAT_CURL_OFF_T " bytes\n",
+            (curl_off_t)(expectsend - bytessent));
+    }
+#endif
 
     /* This is not NTLM or many bytes left to send: close */
     connclose(conn, "Mid-auth HTTP and much data left to send");
@@ -515,7 +463,7 @@ static CURLcode http_perhapsrewind(struct connectdata *conn)
   }
 
   if(bytessent)
-    /* we rewind now at once since we already sent something */
+    /* we rewind now at once since if we already sent something */
     return Curl_readrewind(conn);
 
   return CURLE_OK;