5 files changed, 14 insertions, 8 deletions

diff --git a/plumbing/transport/common.go b/plumbing/transport/common.go
index 3fcdef2..d3cfe21 100644
--- a/plumbing/transport/common.go
+++ b/plumbing/transport/common.go
@@ -27,7 +27,8 @@ import (
 var (
 	ErrRepositoryNotFound     = errors.New("repository not found")
 	ErrEmptyRemoteRepository  = errors.New("remote repository is empty")
-	ErrAuthorizationRequired  = errors.New("authorization required")
+	ErrAuthenticationRequired = errors.New("authentication required")
+	ErrAuthorizationFailed	  = errors.New("authorization failed")
 	ErrEmptyUploadPackRequest = errors.New("empty git-upload-pack given")
 	ErrInvalidAuthMethod      = errors.New("invalid auth method")
 	ErrAlreadyConnected       = errors.New("session already established")
diff --git a/plumbing/transport/http/common.go b/plumbing/transport/http/common.go
index baad12e..930e8eb 100644
--- a/plumbing/transport/http/common.go
+++ b/plumbing/transport/http/common.go
@@ -132,7 +132,9 @@ func NewErr(r *http.Response) error {
 
 	switch r.StatusCode {
 	case http.StatusUnauthorized:
-		return transport.ErrAuthorizationRequired
+		return transport.ErrAuthenticationRequired
+	case http.StatusForbidden:
+		return transport.ErrAuthorizationFailed
 	case http.StatusNotFound:
 		return transport.ErrRepositoryNotFound
 	}
diff --git a/plumbing/transport/http/common_test.go b/plumbing/transport/http/common_test.go
index 1fd0dd5..d1f36d3 100644
--- a/plumbing/transport/http/common_test.go
+++ b/plumbing/transport/http/common_test.go
@@ -51,7 +51,11 @@ func (s *ClientSuite) TestNewErrOK(c *C) {
 }
 
 func (s *ClientSuite) TestNewErrUnauthorized(c *C) {
-	s.testNewHTTPError(c, http.StatusUnauthorized, "authorization required")
+	s.testNewHTTPError(c, http.StatusUnauthorized, "authentication required")
+}
+
+func (s *ClientSuite) TestNewErrForbidden(c *C) {
+	s.testNewHTTPError(c, http.StatusForbidden, "authorization failed")
 }
 
 func (s *ClientSuite) TestNewErrNotFound(c *C) {
diff --git a/plumbing/transport/http/upload_pack.go b/plumbing/transport/http/upload_pack.go
index fd1787c..8f73789 100644
--- a/plumbing/transport/http/upload_pack.go
+++ b/plumbing/transport/http/upload_pack.go
@@ -59,10 +59,9 @@ func (s *upSession) AdvertisedReferences() (*packp.AdvRefs, error) {
 		return nil, err
 	}
 
-	defer res.Body.Close()
-
-	if res.StatusCode == http.StatusUnauthorized {
-		return nil, transport.ErrAuthorizationRequired
+	if err := NewErr(res); err != nil {
+		_ = res.Body.Close()
+		return nil, err
 	}
 
 	ar := packp.NewAdvRefs()
diff --git a/plumbing/transport/http/upload_pack_test.go b/plumbing/transport/http/upload_pack_test.go
index a793efb..57d5f46 100644
--- a/plumbing/transport/http/upload_pack_test.go
+++ b/plumbing/transport/http/upload_pack_test.go
@@ -38,7 +38,7 @@ func (s *UploadPackSuite) TestAdvertisedReferencesNotExists(c *C) {
 	r, err := s.Client.NewUploadPackSession(s.NonExistentEndpoint, s.EmptyAuth)
 	c.Assert(err, IsNil)
 	info, err := r.AdvertisedReferences()
-	c.Assert(err, Equals, transport.ErrAuthorizationRequired)
+	c.Assert(err, Equals, transport.ErrAuthenticationRequired)
 	c.Assert(info, IsNil)
 }