- Constantine Sapuntzakis filed bug report #2042440

  (http://curl.haxx.se/bug/view.cgi?id=2042440) with a patch. He identified a
  problem when using NTLM over a proxy but the end-point does Basic, and then
  libcurl would do wrong when the host sent "Connection: close" as the proxy's
  NTLM state was erroneously cleared.

3 files changed, 30 insertions, 11 deletions

diff --git a/CHANGES b/CHANGES
index 08533985e..41be4316a 100644
--- a/CHANGES
+++ b/CHANGES
@@ -6,6 +6,14 @@
 
                                   Changelog
 
+
+Daniel Stenberg (11 Aug 2008)
+- Constantine Sapuntzakis filed bug report #2042440
+  (http://curl.haxx.se/bug/view.cgi?id=2042440) with a patch. He identified a
+  problem when using NTLM over a proxy but the end-point does Basic, and then
+  libcurl would do wrong when the host sent "Connection: close" as the proxy's
+  NTLM state was erroneously cleared.
+
 Yang Tse (11 Aug 2008)
 - Added missing signed and unsigned curl_off_t integer constant suffixes for
   internal and external use. CURL_SUFFIX_CURL_OFF_T, CURL_SUFFIX_CURL_OFF_TU.
diff --git a/RELEASE-NOTES b/RELEASE-NOTES
index 5b1926453..d105b61ba 100644
--- a/RELEASE-NOTES
+++ b/RELEASE-NOTES
@@ -49,6 +49,7 @@ This release includes the following bugfixes:
  o HTTP PUT with -C - sent bad Content-Range: header
  o HTTP PUT or POST with redirect could lead to hang
  o re-use of connections with failed SSL connects in the multi interface
+ o NTLM over proxy state was wrongly cleared when host connection was closed
 
 This release includes the following known bugs:
 
@@ -69,7 +70,8 @@ advice from friends like these:
  Rob Crittenden, Dengminwen, Christopher Palow, Hans-Jurgen May,
  Phil Pellouchoud, Eduard Bloch, John Lightsey, Stephen Collyer, Tor Arntsen,
  Rolland Dudemaine, Phil Blundell, Scott Barrett, Andreas Schuldei,
- Peter Lamberg, David Bau, Pramod Sharma, Yehoshua Hershberg
+ Peter Lamberg, David Bau, Pramod Sharma, Yehoshua Hershberg,
+ Constantine Sapuntzakis
 
 
         Thanks! (and sorry if I forgot to mention someone)
diff --git a/lib/url.c b/lib/url.c
index c77850794..76603494d 100644
--- a/lib/url.c
+++ b/lib/url.c
@@ -2179,22 +2179,31 @@ CURLcode Curl_disconnect(struct connectdata *conn)
   Curl_expire(data, 0); /* shut off timers */
   Curl_hostcache_prune(data); /* kill old DNS cache entries */
 
-  if((conn->ntlm.state != NTLMSTATE_NONE) ||
-     (conn->proxyntlm.state != NTLMSTATE_NONE)) {
+  {
+    int has_host_ntlm = (conn->ntlm.state != NTLMSTATE_NONE);
+    int has_proxy_ntlm = (conn->proxyntlm.state != NTLMSTATE_NONE);
+
     /* Authentication data is a mix of connection-related and sessionhandle-
        related stuff. NTLM is connection-related so when we close the shop
        we shall forget. */
-    data->state.authhost.done = FALSE;
-    data->state.authhost.picked =
-      data->state.authhost.want;
 
-    data->state.authproxy.done = FALSE;
-    data->state.authproxy.picked =
-      data->state.authproxy.want;
+    if (has_host_ntlm) {
+      data->state.authhost.done = FALSE;
+      data->state.authhost.picked =
+	data->state.authhost.want;
+    }
+
+    if (has_proxy_ntlm) {
+      data->state.authproxy.done = FALSE;
+      data->state.authproxy.picked =
+	data->state.authproxy.want;
+    }
 
-    data->state.authproblem = FALSE;
+    if (has_host_ntlm || has_proxy_ntlm) {
+      data->state.authproblem = FALSE;
 
-    Curl_ntlm_cleanup(conn);
+      Curl_ntlm_cleanup(conn);
+    }
   }
 
   if(conn->handler->disconnect)