aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorIsaac Boukris <iboukris@gmail.com>2015-05-31 23:21:15 +0200
committerDaniel Stenberg <daniel@haxx.se>2015-05-31 23:21:15 +0200
commit4bb815a32ed1fa20dec415b3b018ff18c014c19c (patch)
tree574abd71a450269816a17e55cbf4e1a9b080ad15
parent4e7c3c12d32ad3e8d939dfd2fcd7fca84d42cd9c (diff)
HTTP-NTLM: fail auth on connection close instead of looping
Bug: https://github.com/bagder/curl/issues/256
-rw-r--r--lib/http.c13
-rw-r--r--tests/data/test15928
2 files changed, 17 insertions, 24 deletions
diff --git a/lib/http.c b/lib/http.c
index ef55364ee..8e422f0bf 100644
--- a/lib/http.c
+++ b/lib/http.c
@@ -3087,6 +3087,19 @@ CURLcode Curl_http_readwrite_headers(struct SessionHandle *data,
}
}
+ /* At this point we have some idea about the fate of the connection.
+ If we are closing the connection it may result auth failure. */
+#if defined(USE_NTLM)
+ if(conn->bits.close &&
+ (((data->req.httpcode == 401) &&
+ (conn->ntlm.state == NTLMSTATE_TYPE2)) ||
+ ((data->req.httpcode == 407) &&
+ (conn->proxyntlm.state == NTLMSTATE_TYPE2)))) {
+ infof(data, "Connection closure while negotiating auth (HTTP 1.0?)\n");
+ data->state.authproblem = TRUE;
+ }
+#endif
+
/*
* When all the headers have been parsed, see if we should give
* up and return an error.
diff --git a/tests/data/test159 b/tests/data/test159
index c4ad91549..5a062176e 100644
--- a/tests/data/test159
+++ b/tests/data/test159
@@ -21,34 +21,20 @@ Server: Microsoft-IIS/5.0
Content-Type: text/html; charset=iso-8859-1
Content-Length: 34
WWW-Authenticate: NTLM TlRMTVNTUAACAAAAAgACADAAAAAGgoEAc51AYVDgyNcAAAAAAAAAAG4AbgAyAAAAQ0MCAAQAQwBDAAEAEgBFAEwASQBTAEEAQgBFAFQASAAEABgAYwBjAC4AaQBjAGUAZABlAHYALgBuAHUAAwAsAGUAbABpAHMAYQBiAGUAdABoAC4AYwBjAC4AaQBjAGUAZABlAHYALgBuAHUAAAAAAA==
+Connection: close
This is not the real page either!
</data1001>
-# This is supposed to be returned when the server gets the second
-# Authorization: NTLM line passed-in from the client
-<data1002>
-HTTP/1.1 200 Things are fine in server land swsclose
-Server: Microsoft-IIS/5.0
-Content-Type: text/html; charset=iso-8859-1
-Content-Length: 32
-
-Finally, this is the real page!
-</data1002>
-
<datacheck>
HTTP/1.1 401 Now gimme that second request of crap
Server: Microsoft-IIS/5.0
Content-Type: text/html; charset=iso-8859-1
Content-Length: 34
WWW-Authenticate: NTLM TlRMTVNTUAACAAAAAgACADAAAAAGgoEAc51AYVDgyNcAAAAAAAAAAG4AbgAyAAAAQ0MCAAQAQwBDAAEAEgBFAEwASQBTAEEAQgBFAFQASAAEABgAYwBjAC4AaQBjAGUAZABlAHYALgBuAHUAAwAsAGUAbABpAHMAYQBiAGUAdABoAC4AYwBjAC4AaQBjAGUAZABlAHYALgBuAHUAAAAAAA==
+Connection: close
-HTTP/1.1 200 Things are fine in server land swsclose
-Server: Microsoft-IIS/5.0
-Content-Type: text/html; charset=iso-8859-1
-Content-Length: 32
-
-Finally, this is the real page!
+This is not the real page either!
</datacheck>
</reply>
@@ -64,7 +50,7 @@ debug
http
</server>
<name>
-HTTP with NTLM authorization when talking HTTP/1.0
+HTTP with NTLM authorization when talking HTTP/1.0 (known to fail)
</name>
<setenv>
# we force our own host name, in order to make the test machine independent
@@ -92,12 +78,6 @@ Authorization: NTLM TlRMTVNTUAABAAAABoIIAAAAAAAAAAAAAAAAAAAAAAA=
User-Agent: curl/7.10.6-pre1 (i686-pc-linux-gnu) libcurl/7.10.6-pre1 OpenSSL/0.9.7a ipv6 zlib/1.1.3
Accept: */*
-GET /159 HTTP/1.0
-Host: %HOSTIP:%HTTPPORT
-Authorization: NTLM TlRMTVNTUAADAAAAGAAYAEAAAACeAJ4AWAAAAAAAAAD2AAAACAAIAPYAAAAIAAgA/gAAAAAAAAAAAAAABoKBAL9LNW5+nkyHZRmyFaL/LJ4xMjM0MjIzNGUCyhgQ9hw6eWAT13EbDa0BAQAAAAAAAACAPtXesZ0BMTIzNDIyMzQAAAAAAgAEAEMAQwABABIARQBMAEkAUwBBAEIARQBUAEgABAAYAGMAYwAuAGkAYwBlAGQAZQB2AC4AbgB1AAMALABlAGwAaQBzAGEAYgBlAHQAaAAuAGMAYwAuAGkAYwBlAGQAZQB2AC4AbgB1AAAAAAAAAAAAdGVzdHVzZXJjdXJsaG9zdA==
-User-Agent: curl/7.10.6-pre1 (i686-pc-linux-gnu) libcurl/7.10.6-pre1 OpenSSL/0.9.7a ipv6 zlib/1.1.3
-Accept: */*
-
</protocol>
</verify>
</testcase>