wininet: Don't clear the auth data for Basic authentication in HTTP_InsertAuthorizationForHeader.

It isn't tracked per connection, unlike NTLM authentication, and so the server will return a 401 error and try to get us to authenticate again. However, this doesn't work as the authentication information is assumed by the code to be valid for the whole connection.

wininet: Don't clear the auth data for Basic authentication in HTTP_InsertAuthorizationForHeader.
01826e0c · Rob Shearman · Alexandre Julliard · 41713097 · 01826e0c
Commit 01826e0c authored Nov 27, 2007 by Rob Shearman Committed by Alexandre Julliard Nov 27, 2007
Hide whitespace changes
Inline Side-by-side

Showing with 9 additions and 4 deletions

http.c dlls/wininet/http.c +9 -4

No files found.
--- a/dlls/wininet/http.c
+++ b/dlls/wininet/http.c
@@ -1193,6 +1193,7 @@ static BOOL HTTP_InsertAuthorizationForHeader( LPWININETHTTPREQW lpwhr, struct H
    if (pAuthInfo && pAuthInfo->auth_data_len)
    {
        static const WCHAR wszSpace[] = {' ',0};
+        static const WCHAR wszBasic[] = {'B','a','s','i','c',0};
        unsigned int len;

        /* scheme + space + base64 encoded data (3/2/1 bytes data -> 4 bytes of characters) */
@@ -1208,10 +1209,14 @@ static BOOL HTTP_InsertAuthorizationForHeader( LPWININETHTTPREQW lpwhr, struct H
                          authorization+strlenW(authorization));

        /* clear the data as it isn't valid now that it has been sent to the
-         * server */
-        HeapFree(GetProcessHeap(), 0, pAuthInfo->auth_data);
-        pAuthInfo->auth_data = NULL;
-        pAuthInfo->auth_data_len = 0;
+         * server, unless it's Basic authentication which doesn't do
+         * connection tracking */
+        if (strcmpiW(pAuthInfo->scheme, wszBasic))
+        {
+            HeapFree(GetProcessHeap(), 0, pAuthInfo->auth_data);
+            pAuthInfo->auth_data = NULL;
+            pAuthInfo->auth_data_len = 0;
+        }
    }

    TRACE("Inserting authorization: %s\n", debugstr_w(authorization));