[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[GNUnet-SVN] [gnurl] 24/153: auth: only ever pick CURLAUTH_BEARER if we
From: |
gnunet |
Subject: |
[GNUnet-SVN] [gnurl] 24/153: auth: only ever pick CURLAUTH_BEARER if we *have* a Bearer token |
Date: |
Tue, 11 Sep 2018 12:51:35 +0200 |
This is an automated email from the git hooks/post-receive script.
ng0 pushed a commit to branch master
in repository gnurl.
commit df57b439f4cfd594bde29055e7258607056985dc
Author: Johannes Schindelin <address@hidden>
AuthorDate: Tue Jul 17 14:52:53 2018 +0200
auth: only ever pick CURLAUTH_BEARER if we *have* a Bearer token
The Bearer authentication was added to cURL 7.61.0, but there is a
problem: if CURLAUTH_ANY is selected, and the server supports multiple
authentication methods including the Bearer method, we strongly prefer
that latter method (only CURLAUTH_NEGOTIATE beats it), and if the Bearer
authentication fails, we will never even try to attempt any other
method.
This is particularly unfortunate when we already know that we do not
have any Bearer token to work with.
Such a scenario happens e.g. when using Git to push to Visual Studio
Team Services (which supports Basic and Bearer authentication among
other methods) and specifying the Personal Access Token directly in the
URL (this aproach is frequently taken by automated builds).
Let's make sure that we have a Bearer token to work with before we
select the Bearer authentication among the available authentication
methods.
Signed-off-by: Johannes Schindelin <address@hidden>
Closes #2754
---
lib/http.c | 13 +++++++++----
1 file changed, 9 insertions(+), 4 deletions(-)
diff --git a/lib/http.c b/lib/http.c
index 9bbf59b79..34565590f 100644
--- a/lib/http.c
+++ b/lib/http.c
@@ -342,11 +342,11 @@ static CURLcode http_output_bearer(struct connectdata
*conn)
*
* return TRUE if one was picked
*/
-static bool pickoneauth(struct auth *pick)
+static bool pickoneauth(struct auth *pick, unsigned long mask)
{
bool picked;
/* only deal with authentication we want */
- unsigned long avail = pick->avail & pick->want;
+ unsigned long avail = pick->avail & pick->want & mask;
picked = TRUE;
/* The order of these checks is highly relevant, as this will be the order
@@ -508,6 +508,10 @@ CURLcode Curl_http_auth_act(struct connectdata *conn)
bool pickhost = FALSE;
bool pickproxy = FALSE;
CURLcode result = CURLE_OK;
+ unsigned long authmask = ~0ul;
+
+ if(!conn->oauth_bearer)
+ authmask &= (unsigned long)~CURLAUTH_BEARER;
if(100 <= data->req.httpcode && 199 >= data->req.httpcode)
/* this is a transient response code, ignore */
@@ -519,14 +523,15 @@ CURLcode Curl_http_auth_act(struct connectdata *conn)
if(conn->bits.user_passwd &&
((data->req.httpcode == 401) ||
(conn->bits.authneg && data->req.httpcode < 300))) {
- pickhost = pickoneauth(&data->state.authhost);
+ pickhost = pickoneauth(&data->state.authhost, authmask);
if(!pickhost)
data->state.authproblem = TRUE;
}
if(conn->bits.proxy_user_passwd &&
((data->req.httpcode == 407) ||
(conn->bits.authneg && data->req.httpcode < 300))) {
- pickproxy = pickoneauth(&data->state.authproxy);
+ pickproxy = pickoneauth(&data->state.authproxy,
+ authmask & ~CURLAUTH_BEARER);
if(!pickproxy)
data->state.authproblem = TRUE;
}
--
To stop receiving notification emails like this one, please contact
address@hidden
- [GNUnet-SVN] [gnurl] 58/153: cmake: bumped minimum version to 3.4, (continued)
- [GNUnet-SVN] [gnurl] 58/153: cmake: bumped minimum version to 3.4, gnunet, 2018/09/11
- [GNUnet-SVN] [gnurl] 26/153: system_win32: fix version checking, gnunet, 2018/09/11
- [GNUnet-SVN] [gnurl] 56/153: travis: build darwinssl on macos 10.12, gnunet, 2018/09/11
- [GNUnet-SVN] [gnurl] 25/153: auth: pick Bearer authentication whenever a token is available, gnunet, 2018/09/11
- [GNUnet-SVN] [gnurl] 45/153: retry: return error if rewind was necessary but didn't happen, gnunet, 2018/09/11
- [GNUnet-SVN] [gnurl] 53/153: hostip: fix unused variable warning, gnunet, 2018/09/11
- [GNUnet-SVN] [gnurl] 47/153: HTTP: Don't attempt to needlessly decompress redirect body, gnunet, 2018/09/11
- [GNUnet-SVN] [gnurl] 23/153: test320: treat curl320.out file as binary, gnunet, 2018/09/11
- [GNUnet-SVN] [gnurl] 44/153: http2: clear the drain counter in Curl_http2_done, gnunet, 2018/09/11
- [GNUnet-SVN] [gnurl] 01/153: examples/crawler.c: move #ifdef to column 0, gnunet, 2018/09/11
- [GNUnet-SVN] [gnurl] 24/153: auth: only ever pick CURLAUTH_BEARER if we *have* a Bearer token,
gnunet <=
- [GNUnet-SVN] [gnurl] 37/153: TODO: Support Authority Information Access certificate extension (AIA), gnunet, 2018/09/11
- [GNUnet-SVN] [gnurl] 35/153: test1157: test -H from empty file, gnunet, 2018/09/11
- [GNUnet-SVN] [gnurl] 39/153: test1157: follow-up to 35ecffb9, gnunet, 2018/09/11
- [GNUnet-SVN] [gnurl] 40/153: sws: handle EINTR when calling select(), gnunet, 2018/09/11
- [GNUnet-SVN] [gnurl] 05/153: ares: check for NULL in completed-callback, gnunet, 2018/09/11
- [GNUnet-SVN] [gnurl] 28/153: wolfSSL/CyaSSL: Fix memory leak in Curl_cyassl_random, gnunet, 2018/09/11
- [GNUnet-SVN] [gnurl] 43/153: smb: fix memory leak on early failure, gnunet, 2018/09/11
- [GNUnet-SVN] [gnurl] 16/153: RELEASE-NOTES: sync, gnunet, 2018/09/11
- [GNUnet-SVN] [gnurl] 13/153: darwinssl: add support for ALPN negotiation, gnunet, 2018/09/11
- [GNUnet-SVN] [gnurl] 34/153: curl: Fix segfault when -H @headerfile is empty, gnunet, 2018/09/11