| 1918 | } |
| 1919 | |
| 1920 | static int handle_curl_result(struct slot_results *results) |
| 1921 | { |
| 1922 | normalize_curl_result(&results->curl_result, results->http_code, |
| 1923 | curl_errorstr, sizeof(curl_errorstr)); |
| 1924 | |
| 1925 | if (results->curl_result == CURLE_OK) { |
| 1926 | credential_approve(the_repository, &http_auth); |
| 1927 | credential_approve(the_repository, &proxy_auth); |
| 1928 | credential_approve(the_repository, &cert_auth); |
| 1929 | return HTTP_OK; |
| 1930 | } else if (results->curl_result == CURLE_SSL_CERTPROBLEM) { |
| 1931 | /* |
| 1932 | * We can't tell from here whether it's a bad path, bad |
| 1933 | * certificate, bad password, or something else wrong |
| 1934 | * with the certificate. So we reject the credential to |
| 1935 | * avoid caching or saving a bad password. |
| 1936 | */ |
| 1937 | credential_reject(the_repository, &cert_auth); |
| 1938 | return HTTP_NOAUTH; |
| 1939 | } else if (results->curl_result == CURLE_SSL_PINNEDPUBKEYNOTMATCH) { |
| 1940 | return HTTP_NOMATCHPUBLICKEY; |
| 1941 | } else if (missing_target(results)) |
| 1942 | return HTTP_MISSING_TARGET; |
| 1943 | else if (results->http_code == 401) { |
| 1944 | if ((http_auth.username && http_auth.password) ||\ |
| 1945 | (http_auth.authtype && http_auth.credential)) { |
| 1946 | if (http_auth.multistage) { |
| 1947 | credential_clear_secrets(&http_auth); |
| 1948 | return HTTP_REAUTH; |
| 1949 | } |
| 1950 | credential_reject(the_repository, &http_auth); |
| 1951 | if (always_auth_proactively()) |
| 1952 | http_proactive_auth = PROACTIVE_AUTH_NONE; |
| 1953 | return HTTP_NOAUTH; |
| 1954 | } else { |
| 1955 | if (curl_empty_auth == -1 && |
| 1956 | !empty_auth_try_negotiate && |
| 1957 | (results->auth_avail & CURLAUTH_GSSNEGOTIATE)) { |
| 1958 | /* |
| 1959 | * In auto mode, give Negotiate a chance via |
| 1960 | * empty auth before stripping it. If it fails, |
| 1961 | * we will strip it on the next 401. |
| 1962 | */ |
| 1963 | empty_auth_try_negotiate = 1; |
| 1964 | } else { |
| 1965 | http_auth_methods &= ~CURLAUTH_GSSNEGOTIATE; |
| 1966 | } |
| 1967 | if (results->auth_avail) { |
| 1968 | http_auth_methods &= results->auth_avail; |
| 1969 | http_auth_methods_restricted = 1; |
| 1970 | } |
| 1971 | return HTTP_REAUTH; |
| 1972 | } |
| 1973 | } else if (results->http_code == 429) { |
| 1974 | trace2_data_intmax("http", the_repository, "http/429-retry-after", |
| 1975 | results->retry_after); |
| 1976 | return HTTP_RATE_LIMITED; |
| 1977 | } else { |
no test coverage detected