aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorIsaac Boukris <iboukris@gmail.com>2015-08-04 02:20:23 +0300
committerDaniel Stenberg <daniel@haxx.se>2015-08-06 14:39:26 +0200
commitfe6049f04bf7eb0481ba030c0e78aae5cfd0209f (patch)
tree8c75db4dcffa1a1fe4e207c47d6a58282cec7a5f
parent7f11259eb70c39edfaf3c454c1b7ba13a2dc6c2a (diff)
NTLM: handle auth for only a single request
Currently when the server responds with 401 on NTLM authenticated connection (re-used) we consider it to have failed. However this is legitimate and may happen when for example IIS is set configured to 'authPersistSingleRequest' or when the request goes thru a proxy (with 'via' header). Implemented by imploying an additional state once a connection is re-used to indicate that if we receive 401 we need to restart authentication. Closes #363
-rw-r--r--lib/curl_ntlm.c9
1 files changed, 8 insertions, 1 deletions
diff --git a/lib/curl_ntlm.c b/lib/curl_ntlm.c
index 1f3bdccdf..f9ddf506d 100644
--- a/lib/curl_ntlm.c
+++ b/lib/curl_ntlm.c
@@ -84,7 +84,11 @@ CURLcode Curl_input_ntlm(struct connectdata *conn,
ntlm->state = NTLMSTATE_TYPE2; /* We got a type-2 message */
}
else {
- if(ntlm->state == NTLMSTATE_TYPE3) {
+ if(ntlm->state == NTLMSTATE_LAST) {
+ infof(conn->data, "NTLM auth restarted\n");
+ Curl_http_ntlm_cleanup(conn);
+ }
+ else if(ntlm->state == NTLMSTATE_TYPE3) {
infof(conn->data, "NTLM handshake rejected\n");
Curl_http_ntlm_cleanup(conn);
ntlm->state = NTLMSTATE_NONE;
@@ -211,6 +215,9 @@ CURLcode Curl_output_ntlm(struct connectdata *conn, bool proxy)
case NTLMSTATE_TYPE3:
/* connection is already authenticated,
* don't send a header in future requests */
+ ntlm->state = NTLMSTATE_LAST;
+
+ case NTLMSTATE_LAST:
Curl_safefree(*allocuserpwd);
authp->done = TRUE;
break;