diff options
author | Isaac Boukris <iboukris@gmail.com> | 2015-08-04 02:20:23 +0300 |
---|---|---|
committer | Daniel Stenberg <daniel@haxx.se> | 2015-08-06 14:39:26 +0200 |
commit | fe6049f04bf7eb0481ba030c0e78aae5cfd0209f (patch) | |
tree | 8c75db4dcffa1a1fe4e207c47d6a58282cec7a5f | |
parent | 7f11259eb70c39edfaf3c454c1b7ba13a2dc6c2a (diff) |
NTLM: handle auth for only a single request
Currently when the server responds with 401 on NTLM authenticated
connection (re-used) we consider it to have failed. However this is
legitimate and may happen when for example IIS is set configured to
'authPersistSingleRequest' or when the request goes thru a proxy (with
'via' header).
Implemented by imploying an additional state once a connection is
re-used to indicate that if we receive 401 we need to restart
authentication.
Closes #363
-rw-r--r-- | lib/curl_ntlm.c | 9 |
1 files changed, 8 insertions, 1 deletions
diff --git a/lib/curl_ntlm.c b/lib/curl_ntlm.c index 1f3bdccdf..f9ddf506d 100644 --- a/lib/curl_ntlm.c +++ b/lib/curl_ntlm.c @@ -84,7 +84,11 @@ CURLcode Curl_input_ntlm(struct connectdata *conn, ntlm->state = NTLMSTATE_TYPE2; /* We got a type-2 message */ } else { - if(ntlm->state == NTLMSTATE_TYPE3) { + if(ntlm->state == NTLMSTATE_LAST) { + infof(conn->data, "NTLM auth restarted\n"); + Curl_http_ntlm_cleanup(conn); + } + else if(ntlm->state == NTLMSTATE_TYPE3) { infof(conn->data, "NTLM handshake rejected\n"); Curl_http_ntlm_cleanup(conn); ntlm->state = NTLMSTATE_NONE; @@ -211,6 +215,9 @@ CURLcode Curl_output_ntlm(struct connectdata *conn, bool proxy) case NTLMSTATE_TYPE3: /* connection is already authenticated, * don't send a header in future requests */ + ntlm->state = NTLMSTATE_LAST; + + case NTLMSTATE_LAST: Curl_safefree(*allocuserpwd); authp->done = TRUE; break; |