From 01826e0c98dab3e546d7e974bc8bfc2a2b29df12 Mon Sep 17 00:00:00 2001 From: Rob Shearman Date: Tue, 27 Nov 2007 14:19:50 +0000 Subject: [PATCH] wininet: Don't clear the auth data for Basic authentication in HTTP_InsertAuthorizationForHeader. It isn't tracked per connection, unlike NTLM authentication, and so the server will return a 401 error and try to get us to authenticate again. However, this doesn't work as the authentication information is assumed by the code to be valid for the whole connection. --- dlls/wininet/http.c | 13 +++++++++---- 1 file changed, 9 insertions(+), 4 deletions(-) diff --git a/dlls/wininet/http.c b/dlls/wininet/http.c index 5f27bd2d68b..68458832caa 100644 --- a/dlls/wininet/http.c +++ b/dlls/wininet/http.c @@ -1193,6 +1193,7 @@ static BOOL HTTP_InsertAuthorizationForHeader( LPWININETHTTPREQW lpwhr, struct H if (pAuthInfo && pAuthInfo->auth_data_len) { static const WCHAR wszSpace[] = {' ',0}; + static const WCHAR wszBasic[] = {'B','a','s','i','c',0}; unsigned int len; /* scheme + space + base64 encoded data (3/2/1 bytes data -> 4 bytes of characters) */ @@ -1208,10 +1209,14 @@ static BOOL HTTP_InsertAuthorizationForHeader( LPWININETHTTPREQW lpwhr, struct H authorization+strlenW(authorization)); /* clear the data as it isn't valid now that it has been sent to the - * server */ - HeapFree(GetProcessHeap(), 0, pAuthInfo->auth_data); - pAuthInfo->auth_data = NULL; - pAuthInfo->auth_data_len = 0; + * server, unless it's Basic authentication which doesn't do + * connection tracking */ + if (strcmpiW(pAuthInfo->scheme, wszBasic)) + { + HeapFree(GetProcessHeap(), 0, pAuthInfo->auth_data); + pAuthInfo->auth_data = NULL; + pAuthInfo->auth_data_len = 0; + } } TRACE("Inserting authorization: %s\n", debugstr_w(authorization));