While inspecting the Negotiate code, I noticed how the proxy auth was using

the same state struct as the host auth, so both could never be used at the
same time! I fixed it (without being able to check) to use two separate
structs to allow authentication using Negotiate on host and proxy
simultanouesly.

CHANGES

@@ -7,7 +7,18 @@
                                   Changelog
 
 
+Daniel S (21 Nov 2007)
+- While inspecting the Negotiate code, I noticed how the proxy auth was using
+  the same state struct as the host auth, so both could never be used at the
+  same time! I fixed it (without being able to check) to use two separate
+  structs to allow authentication using Negotiate on host and proxy
+  simultanouesly.
+
 Daniel S (20 Nov 2007)
+- Emil Romanus pointed out a bug that made an easy handle get the cookie
+  engine activated when set to use a share (even if the share doesn't share
+  cookies). I fixed it.
+
 - Fixed a very long-lasting mprintf() bug that occured when we did "%.*s%s",
   since the second %s would then wrongly used the numerical precision argument
   instead and crash.

RELEASE-NOTES

@@ -24,6 +24,8 @@ This release includes the following bugfixes:
  o variable wrapping when using debug callback and the HTTP request wasn't sent
    in one go
  o SSL connections with NSS done with the multi-interface
+ o setting a share no longer activates cookies
+ o Negotiate now works on auth and proxy simultanouesly
 
 This release includes the following known bugs:
 
@@ -42,6 +44,7 @@ This release would not have looked like this without help, code, reports and
 advice from friends like these:
 
  Dan Fandrich, Gisle Vanem, Toby Peterson, Yang Tse, Daniel Black,
- Robin Johnson, Michal Marek, Ates Goral, Andres Garcia, Rob Crittenden
+ Robin Johnson, Michal Marek, Ates Goral, Andres Garcia, Rob Crittenden,
+ Emil Romanus
  
         Thanks! (and sorry if I forgot to mention someone)

TODO-RELEASE

@@ -1,9 +1,6 @@
 To be addressed before 7.17.2 (planned release: December 2007)
 =============================
 
-106 - Share interface force-enable the cookie parser
-      http://curl.haxx.se/mail/lib-2007-11/0234.html
-
 107 - resolve the type= thing for FTP URLs over HTTP proxies
 
 108 - 

lib/http_negotiate.c

@@ -51,7 +51,8 @@
 static int
 get_gss_name(struct connectdata *conn, bool proxy, gss_name_t *server)
 {
-  struct negotiatedata *neg_ctx = &conn->data->state.negotiate;
+  struct negotiatedata *neg_ctx = proxy?&conn->data->state.proxyneg:
+    &conn->data->state.negotiate;
   OM_uint32 major_status, minor_status;
   gss_buffer_desc token = GSS_C_EMPTY_BUFFER;
   char name[2048];
@@ -98,12 +99,12 @@ log_gss_error(struct connectdata *conn, OM_uint32 error_status, char *prefix)
   snprintf(buf, sizeof(buf), "%s", prefix);
   len = strlen(buf);
   do {
-    maj_stat = gss_display_status (&min_stat,
+    maj_stat = gss_display_status(&min_stat,
-                                   error_status,
+                                  error_status,
-                                   GSS_C_MECH_CODE,
+                                  GSS_C_MECH_CODE,
-                                   GSS_C_NO_OID,
+                                  GSS_C_NO_OID,
-                                   &msg_ctx,
+                                  &msg_ctx,
-                                   &status_string);
+                                  &status_string);
       if(sizeof(buf) > len + status_string.length + 1) {
         snprintf(buf + len, sizeof(buf) - len,
                  ": %s", (char*) status_string.value);
@@ -118,7 +119,8 @@ log_gss_error(struct connectdata *conn, OM_uint32 error_status, char *prefix)
 int Curl_input_negotiate(struct connectdata *conn, bool proxy,
                          const char *header)
 {
-  struct negotiatedata *neg_ctx = &conn->data->state.negotiate;
+  struct negotiatedata *neg_ctx = proxy?&conn->data->state.proxyneg:
+    &conn->data->state.negotiate;
   OM_uint32 major_status, minor_status, minor_status2;
   gss_buffer_desc input_token = GSS_C_EMPTY_BUFFER;
   gss_buffer_desc output_token = GSS_C_EMPTY_BUFFER;
@@ -251,13 +253,14 @@ int Curl_input_negotiate(struct connectdata *conn, bool proxy,
 
 CURLcode Curl_output_negotiate(struct connectdata *conn, bool proxy)
 {
-  struct negotiatedata *neg_ctx = &conn->data->state.negotiate;
+  struct negotiatedata *neg_ctx = proxy?&conn->data->state.proxyneg:
+    &conn->data->state.negotiate;
   OM_uint32 minor_status;
   char *encoded = NULL;
   int len;
 
 #ifdef HAVE_SPNEGO /* Handle SPNEGO */
-  if(checkprefix("Negotiate",neg_ctx->protocol)) {
+  if(checkprefix("Negotiate", neg_ctx->protocol)) {
     ASN1_OBJECT *   object            = NULL;
     int             rc                = 1;
     unsigned char * spnegoToken       = NULL;
@@ -310,11 +313,9 @@ CURLcode Curl_output_negotiate(struct connectdata *conn, bool proxy)
   return (conn->allocptr.userpwd == NULL) ? CURLE_OUT_OF_MEMORY : CURLE_OK;
 }
 
-void Curl_cleanup_negotiate(struct SessionHandle *data)
+static void cleanup(struct negotiatedata *neg_ctx)
 {
   OM_uint32 minor_status;
-  struct negotiatedata *neg_ctx = &data->state.negotiate;
-
   if(neg_ctx->context != GSS_C_NO_CONTEXT)
     gss_delete_sec_context(&minor_status, &neg_ctx->context, GSS_C_NO_BUFFER);
 
@@ -327,6 +328,12 @@ void Curl_cleanup_negotiate(struct SessionHandle *data)
   memset(neg_ctx, 0, sizeof(*neg_ctx));
 }
 
+void Curl_cleanup_negotiate(struct SessionHandle *data)
+{
+  cleanup(&data->state.negotiate);
+  cleanup(&data->state.proxyneg);
+}
+
 
 #endif
 #endif

lib/urldata.h

@@ -1199,7 +1199,8 @@ struct UrlState {
   struct digestdata proxydigest; /* state data for proxy Digest auth */
 
 #ifdef HAVE_GSSAPI
-  struct negotiatedata negotiate; /* state data for Negotiate auth */
+  struct negotiatedata negotiate; /* state data for host Negotiate auth */
+  struct negotiatedata proxyneg; /* state data for proxy Negotiate auth */
 #endif
 
   struct auth authhost;  /* auth details for host */