diff options
author | Isaac Boukris <iboukris@gmail.com> | 2015-05-31 23:21:15 +0200 |
---|---|---|
committer | Daniel Stenberg <daniel@haxx.se> | 2015-05-31 23:21:15 +0200 |
commit | 4bb815a32ed1fa20dec415b3b018ff18c014c19c (patch) | |
tree | 574abd71a450269816a17e55cbf4e1a9b080ad15 | |
parent | 4e7c3c12d32ad3e8d939dfd2fcd7fca84d42cd9c (diff) |
HTTP-NTLM: fail auth on connection close instead of looping
Bug: https://github.com/bagder/curl/issues/256
-rw-r--r-- | lib/http.c | 13 | ||||
-rw-r--r-- | tests/data/test159 | 28 |
2 files changed, 17 insertions, 24 deletions
diff --git a/lib/http.c b/lib/http.c index ef55364ee..8e422f0bf 100644 --- a/lib/http.c +++ b/lib/http.c @@ -3087,6 +3087,19 @@ CURLcode Curl_http_readwrite_headers(struct SessionHandle *data, } } + /* At this point we have some idea about the fate of the connection. + If we are closing the connection it may result auth failure. */ +#if defined(USE_NTLM) + if(conn->bits.close && + (((data->req.httpcode == 401) && + (conn->ntlm.state == NTLMSTATE_TYPE2)) || + ((data->req.httpcode == 407) && + (conn->proxyntlm.state == NTLMSTATE_TYPE2)))) { + infof(data, "Connection closure while negotiating auth (HTTP 1.0?)\n"); + data->state.authproblem = TRUE; + } +#endif + /* * When all the headers have been parsed, see if we should give * up and return an error. diff --git a/tests/data/test159 b/tests/data/test159 index c4ad91549..5a062176e 100644 --- a/tests/data/test159 +++ b/tests/data/test159 @@ -21,34 +21,20 @@ Server: Microsoft-IIS/5.0 Content-Type: text/html; charset=iso-8859-1
Content-Length: 34
WWW-Authenticate: NTLM TlRMTVNTUAACAAAAAgACADAAAAAGgoEAc51AYVDgyNcAAAAAAAAAAG4AbgAyAAAAQ0MCAAQAQwBDAAEAEgBFAEwASQBTAEEAQgBFAFQASAAEABgAYwBjAC4AaQBjAGUAZABlAHYALgBuAHUAAwAsAGUAbABpAHMAYQBiAGUAdABoAC4AYwBjAC4AaQBjAGUAZABlAHYALgBuAHUAAAAAAA==
+Connection: close
This is not the real page either! </data1001> -# This is supposed to be returned when the server gets the second -# Authorization: NTLM line passed-in from the client -<data1002> -HTTP/1.1 200 Things are fine in server land swsclose
-Server: Microsoft-IIS/5.0
-Content-Type: text/html; charset=iso-8859-1
-Content-Length: 32
-
-Finally, this is the real page! -</data1002> - <datacheck> HTTP/1.1 401 Now gimme that second request of crap
Server: Microsoft-IIS/5.0
Content-Type: text/html; charset=iso-8859-1
Content-Length: 34
WWW-Authenticate: NTLM TlRMTVNTUAACAAAAAgACADAAAAAGgoEAc51AYVDgyNcAAAAAAAAAAG4AbgAyAAAAQ0MCAAQAQwBDAAEAEgBFAEwASQBTAEEAQgBFAFQASAAEABgAYwBjAC4AaQBjAGUAZABlAHYALgBuAHUAAwAsAGUAbABpAHMAYQBiAGUAdABoAC4AYwBjAC4AaQBjAGUAZABlAHYALgBuAHUAAAAAAA==
+Connection: close
-HTTP/1.1 200 Things are fine in server land swsclose
-Server: Microsoft-IIS/5.0
-Content-Type: text/html; charset=iso-8859-1
-Content-Length: 32
-
-Finally, this is the real page! +This is not the real page either! </datacheck> </reply> @@ -64,7 +50,7 @@ debug http </server> <name> -HTTP with NTLM authorization when talking HTTP/1.0 +HTTP with NTLM authorization when talking HTTP/1.0 (known to fail) </name> <setenv> # we force our own host name, in order to make the test machine independent @@ -92,12 +78,6 @@ Authorization: NTLM TlRMTVNTUAABAAAABoIIAAAAAAAAAAAAAAAAAAAAAAA= User-Agent: curl/7.10.6-pre1 (i686-pc-linux-gnu) libcurl/7.10.6-pre1 OpenSSL/0.9.7a ipv6 zlib/1.1.3
Accept: */*
-GET /159 HTTP/1.0
-Host: %HOSTIP:%HTTPPORT
-Authorization: NTLM TlRMTVNTUAADAAAAGAAYAEAAAACeAJ4AWAAAAAAAAAD2AAAACAAIAPYAAAAIAAgA/gAAAAAAAAAAAAAABoKBAL9LNW5+nkyHZRmyFaL/LJ4xMjM0MjIzNGUCyhgQ9hw6eWAT13EbDa0BAQAAAAAAAACAPtXesZ0BMTIzNDIyMzQAAAAAAgAEAEMAQwABABIARQBMAEkAUwBBAEIARQBUAEgABAAYAGMAYwAuAGkAYwBlAGQAZQB2AC4AbgB1AAMALABlAGwAaQBzAGEAYgBlAHQAaAAuAGMAYwAuAGkAYwBlAGQAZQB2AC4AbgB1AAAAAAAAAAAAdGVzdHVzZXJjdXJsaG9zdA==
-User-Agent: curl/7.10.6-pre1 (i686-pc-linux-gnu) libcurl/7.10.6-pre1 OpenSSL/0.9.7a ipv6 zlib/1.1.3
-Accept: */*
-
</protocol> </verify> </testcase> |