mirror of
https://github.com/moparisthebest/curl
synced 2025-01-07 20:08:07 -05:00
ntlm: Fixed HTTP proxy authentication when using Windows SSPI
Removed ISC_REQ_* flags from calls to InitializeSecurityContext to fix bug in NTLM handshake for HTTP proxy authentication. NTLM handshake for HTTP proxy authentication failed with error SEC_E_INVALID_TOKEN from InitializeSecurityContext for certain proxy servers on generating the NTLM Type-3 message. The flag ISC_REQ_CONFIDENTIALITY seems to cause the problem according to the observations and suggestions made in a bug report for the QT project (https://bugreports.qt-project.org/browse/QTBUG-17322). Removing all the flags solved the problem. Bug: http://curl.haxx.se/mail/lib-2014-08/0273.html Reported-by: Ulrich Telle Assisted-by: Steve Holme, Daniel Stenberg
This commit is contained in:
parent
006b61eb0b
commit
8ee182288a
@ -476,10 +476,7 @@ CURLcode Curl_ntlm_create_type1_message(const char *userp,
|
|||||||
/* Generate our type-1 message */
|
/* Generate our type-1 message */
|
||||||
status = s_pSecFn->InitializeSecurityContext(&ntlm->handle, NULL,
|
status = s_pSecFn->InitializeSecurityContext(&ntlm->handle, NULL,
|
||||||
(TCHAR *) TEXT(""),
|
(TCHAR *) TEXT(""),
|
||||||
ISC_REQ_CONFIDENTIALITY |
|
0, 0, SECURITY_NETWORK_DREP,
|
||||||
ISC_REQ_REPLAY_DETECT |
|
|
||||||
ISC_REQ_CONNECTION,
|
|
||||||
0, SECURITY_NETWORK_DREP,
|
|
||||||
NULL, 0,
|
NULL, 0,
|
||||||
&ntlm->c_handle, &type_1_desc,
|
&ntlm->c_handle, &type_1_desc,
|
||||||
&attrs, &tsDummy);
|
&attrs, &tsDummy);
|
||||||
@ -641,7 +638,6 @@ CURLcode Curl_ntlm_create_type3_message(struct SessionHandle *data,
|
|||||||
|
|
||||||
(void)passwdp;
|
(void)passwdp;
|
||||||
(void)userp;
|
(void)userp;
|
||||||
(void)data;
|
|
||||||
|
|
||||||
/* Setup the type-2 "input" security buffer */
|
/* Setup the type-2 "input" security buffer */
|
||||||
type_2_desc.ulVersion = SECBUFFER_VERSION;
|
type_2_desc.ulVersion = SECBUFFER_VERSION;
|
||||||
@ -663,16 +659,17 @@ CURLcode Curl_ntlm_create_type3_message(struct SessionHandle *data,
|
|||||||
status = s_pSecFn->InitializeSecurityContext(&ntlm->handle,
|
status = s_pSecFn->InitializeSecurityContext(&ntlm->handle,
|
||||||
&ntlm->c_handle,
|
&ntlm->c_handle,
|
||||||
(TCHAR *) TEXT(""),
|
(TCHAR *) TEXT(""),
|
||||||
ISC_REQ_CONFIDENTIALITY |
|
0, 0, SECURITY_NETWORK_DREP,
|
||||||
ISC_REQ_REPLAY_DETECT |
|
|
||||||
ISC_REQ_CONNECTION,
|
|
||||||
0, SECURITY_NETWORK_DREP,
|
|
||||||
&type_2_desc,
|
&type_2_desc,
|
||||||
0, &ntlm->c_handle,
|
0, &ntlm->c_handle,
|
||||||
&type_3_desc,
|
&type_3_desc,
|
||||||
&attrs, &tsDummy);
|
&attrs, &tsDummy);
|
||||||
if(status != SEC_E_OK)
|
if(status != SEC_E_OK) {
|
||||||
|
infof(data, "NTLM handshake failure (type-3 message): Status=%x\n",
|
||||||
|
status);
|
||||||
|
|
||||||
return CURLE_RECV_ERROR;
|
return CURLE_RECV_ERROR;
|
||||||
|
}
|
||||||
|
|
||||||
size = type_3_buf.cbBuffer;
|
size = type_3_buf.cbBuffer;
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user