diff options
author | Steve Holme <steve_holme@hotmail.com> | 2019-05-18 17:30:16 +0100 |
---|---|---|
committer | Steve Holme <steve_holme@hotmail.com> | 2019-05-18 19:01:11 +0100 |
commit | 7ca7f82ba7c936cc01651e28b2ad92400ad4f7cc (patch) | |
tree | 2f941da7b412ec484bf285a57f153dad5176c58c | |
parent | 2697d633630477de3b0d9ead2dea599f3b79af75 (diff) | |
download | curl-7ca7f82ba7c936cc01651e28b2ad92400ad4f7cc.tar.gz |
http_ntlm_wb: Handle auth for only a single request
Currently when the server responds with 401 on NTLM authenticated
connection (re-used) we consider it to have failed. However this is
legitimate and may happen when for example IIS is set configured to
'authPersistSingleRequest' or when the request goes thru a proxy (with
'via' header).
Implemented by imploying an additional state once a connection is
re-used to indicate that if we receive 401 we need to restart
authentication.
Missed in fe6049f0.
-rw-r--r-- | lib/curl_ntlm_wb.c | 14 |
1 files changed, 11 insertions, 3 deletions
diff --git a/lib/curl_ntlm_wb.c b/lib/curl_ntlm_wb.c index fa0ad95fb..80266e2a4 100644 --- a/lib/curl_ntlm_wb.c +++ b/lib/curl_ntlm_wb.c @@ -356,7 +356,11 @@ CURLcode Curl_input_ntlm_wb(struct connectdata *conn, *state = NTLMSTATE_TYPE2; /* We got a type-2 message */ } else { - if(*state == NTLMSTATE_TYPE3) { + if(*state == NTLMSTATE_LAST) { + infof(conn->data, "NTLM auth restarted\n"); + Curl_http_auth_cleanup_ntlm_wb(conn); + } + else if(*state == NTLMSTATE_TYPE3) { infof(conn->data, "NTLM handshake rejected\n"); Curl_http_auth_cleanup_ntlm_wb(conn); *state = NTLMSTATE_NONE; @@ -445,6 +449,7 @@ CURLcode Curl_output_ntlm_wb(struct connectdata *conn, return CURLE_OUT_OF_MEMORY; conn->response_header = NULL; break; + case NTLMSTATE_TYPE2: input = aprintf("TT %s\n", conn->challenge_header); if(!input) @@ -466,11 +471,14 @@ CURLcode Curl_output_ntlm_wb(struct connectdata *conn, if(!*allocuserpwd) return CURLE_OUT_OF_MEMORY; break; + case NTLMSTATE_TYPE3: /* connection is already authenticated, * don't send a header in future requests */ - free(*allocuserpwd); - *allocuserpwd = NULL; + *state = NTLMSTATE_LAST; + /* FALLTHROUGH */ + case NTLMSTATE_LAST: + Curl_safefree(*allocuserpwd); authp->done = TRUE; break; } |