From 4bb815a32ed1fa20dec415b3b018ff18c014c19c Mon Sep 17 00:00:00 2001 From: Isaac Boukris Date: Sun, 31 May 2015 23:21:15 +0200 Subject: HTTP-NTLM: fail auth on connection close instead of looping Bug: https://github.com/bagder/curl/issues/256 --- lib/http.c | 13 +++++++++++++ tests/data/test159 | 28 ++++------------------------ 2 files changed, 17 insertions(+), 24 deletions(-) diff --git a/lib/http.c b/lib/http.c index ef55364ee..8e422f0bf 100644 --- a/lib/http.c +++ b/lib/http.c @@ -3087,6 +3087,19 @@ CURLcode Curl_http_readwrite_headers(struct SessionHandle *data, } } + /* At this point we have some idea about the fate of the connection. + If we are closing the connection it may result auth failure. */ +#if defined(USE_NTLM) + if(conn->bits.close && + (((data->req.httpcode == 401) && + (conn->ntlm.state == NTLMSTATE_TYPE2)) || + ((data->req.httpcode == 407) && + (conn->proxyntlm.state == NTLMSTATE_TYPE2)))) { + infof(data, "Connection closure while negotiating auth (HTTP 1.0?)\n"); + data->state.authproblem = TRUE; + } +#endif + /* * When all the headers have been parsed, see if we should give * up and return an error. diff --git a/tests/data/test159 b/tests/data/test159 index c4ad91549..5a062176e 100644 --- a/tests/data/test159 +++ b/tests/data/test159 @@ -21,34 +21,20 @@ Server: Microsoft-IIS/5.0 Content-Type: text/html; charset=iso-8859-1 Content-Length: 34 WWW-Authenticate: NTLM TlRMTVNTUAACAAAAAgACADAAAAAGgoEAc51AYVDgyNcAAAAAAAAAAG4AbgAyAAAAQ0MCAAQAQwBDAAEAEgBFAEwASQBTAEEAQgBFAFQASAAEABgAYwBjAC4AaQBjAGUAZABlAHYALgBuAHUAAwAsAGUAbABpAHMAYQBiAGUAdABoAC4AYwBjAC4AaQBjAGUAZABlAHYALgBuAHUAAAAAAA== +Connection: close This is not the real page either! -# This is supposed to be returned when the server gets the second -# Authorization: NTLM line passed-in from the client - -HTTP/1.1 200 Things are fine in server land swsclose -Server: Microsoft-IIS/5.0 -Content-Type: text/html; charset=iso-8859-1 -Content-Length: 32 - -Finally, this is the real page! - - HTTP/1.1 401 Now gimme that second request of crap Server: Microsoft-IIS/5.0 Content-Type: text/html; charset=iso-8859-1 Content-Length: 34 WWW-Authenticate: NTLM TlRMTVNTUAACAAAAAgACADAAAAAGgoEAc51AYVDgyNcAAAAAAAAAAG4AbgAyAAAAQ0MCAAQAQwBDAAEAEgBFAEwASQBTAEEAQgBFAFQASAAEABgAYwBjAC4AaQBjAGUAZABlAHYALgBuAHUAAwAsAGUAbABpAHMAYQBiAGUAdABoAC4AYwBjAC4AaQBjAGUAZABlAHYALgBuAHUAAAAAAA== +Connection: close -HTTP/1.1 200 Things are fine in server land swsclose -Server: Microsoft-IIS/5.0 -Content-Type: text/html; charset=iso-8859-1 -Content-Length: 32 - -Finally, this is the real page! +This is not the real page either! @@ -64,7 +50,7 @@ debug http -HTTP with NTLM authorization when talking HTTP/1.0 +HTTP with NTLM authorization when talking HTTP/1.0 (known to fail) # we force our own host name, in order to make the test machine independent @@ -92,12 +78,6 @@ Authorization: NTLM TlRMTVNTUAABAAAABoIIAAAAAAAAAAAAAAAAAAAAAAA= User-Agent: curl/7.10.6-pre1 (i686-pc-linux-gnu) libcurl/7.10.6-pre1 OpenSSL/0.9.7a ipv6 zlib/1.1.3 Accept: */* -GET /159 HTTP/1.0 -Host: %HOSTIP:%HTTPPORT -Authorization: NTLM TlRMTVNTUAADAAAAGAAYAEAAAACeAJ4AWAAAAAAAAAD2AAAACAAIAPYAAAAIAAgA/gAAAAAAAAAAAAAABoKBAL9LNW5+nkyHZRmyFaL/LJ4xMjM0MjIzNGUCyhgQ9hw6eWAT13EbDa0BAQAAAAAAAACAPtXesZ0BMTIzNDIyMzQAAAAAAgAEAEMAQwABABIARQBMAEkAUwBBAEIARQBUAEgABAAYAGMAYwAuAGkAYwBlAGQAZQB2AC4AbgB1AAMALABlAGwAaQBzAGEAYgBlAHQAaAAuAGMAYwAuAGkAYwBlAGQAZQB2AC4AbgB1AAAAAAAAAAAAdGVzdHVzZXJjdXJsaG9zdA== -User-Agent: curl/7.10.6-pre1 (i686-pc-linux-gnu) libcurl/7.10.6-pre1 OpenSSL/0.9.7a ipv6 zlib/1.1.3 -Accept: */* - -- cgit v1.2.3