Commit fe6049f0 authored by Isaac Boukris's avatar Isaac Boukris Committed by Daniel Stenberg
Browse files

NTLM: handle auth for only a single request 

Currently when the server responds with 401 on NTLM authenticated
connection (re-used) we consider it to have failed.  However this is
legitimate and may happen when for example IIS is set configured to
'authPersistSingleRequest' or when the request goes thru a proxy (with
'via' header).

Implemented by imploying an additional state once a connection is
re-used to indicate that if we receive 401 we need to restart
authentication.

Closes #363
parent 7f11259e

lib/curl_ntlm.c

+8 −1
Original line number Diff line number Diff line
@@ -84,7 +84,11 @@ CURLcode Curl_input_ntlm(struct connectdata *conn, 
      ntlm->state = NTLMSTATE_TYPE2; /* We got a type-2 message */

    }

    else {

      if(ntlm->state == NTLMSTATE_TYPE3) {

      if(ntlm->state == NTLMSTATE_LAST) {

        infof(conn->data, "NTLM auth restarted\n");

        Curl_http_ntlm_cleanup(conn);

      }

      else if(ntlm->state == NTLMSTATE_TYPE3) {

        infof(conn->data, "NTLM handshake rejected\n");

        Curl_http_ntlm_cleanup(conn);

        ntlm->state = NTLMSTATE_NONE;
@@ -211,6 +215,9 @@ CURLcode Curl_output_ntlm(struct connectdata *conn, bool proxy) 
  case NTLMSTATE_TYPE3:

    /* connection is already authenticated,

     * don't send a header in future requests */

    ntlm->state = NTLMSTATE_LAST;



  case NTLMSTATE_LAST:

    Curl_safefree(*allocuserpwd);

    authp->done = TRUE;

    break;