mirror of
https://github.com/moparisthebest/curl
synced 2025-01-11 05:58:01 -05:00
NTLM: handle auth for only a single request
Currently when the server responds with 401 on NTLM authenticated connection (re-used) we consider it to have failed. However this is legitimate and may happen when for example IIS is set configured to 'authPersistSingleRequest' or when the request goes thru a proxy (with 'via' header). Implemented by imploying an additional state once a connection is re-used to indicate that if we receive 401 we need to restart authentication. Closes #363
This commit is contained in:
parent
7f11259eb7
commit
fe6049f04b
@ -84,7 +84,11 @@ CURLcode Curl_input_ntlm(struct connectdata *conn,
|
|||||||
ntlm->state = NTLMSTATE_TYPE2; /* We got a type-2 message */
|
ntlm->state = NTLMSTATE_TYPE2; /* We got a type-2 message */
|
||||||
}
|
}
|
||||||
else {
|
else {
|
||||||
if(ntlm->state == NTLMSTATE_TYPE3) {
|
if(ntlm->state == NTLMSTATE_LAST) {
|
||||||
|
infof(conn->data, "NTLM auth restarted\n");
|
||||||
|
Curl_http_ntlm_cleanup(conn);
|
||||||
|
}
|
||||||
|
else if(ntlm->state == NTLMSTATE_TYPE3) {
|
||||||
infof(conn->data, "NTLM handshake rejected\n");
|
infof(conn->data, "NTLM handshake rejected\n");
|
||||||
Curl_http_ntlm_cleanup(conn);
|
Curl_http_ntlm_cleanup(conn);
|
||||||
ntlm->state = NTLMSTATE_NONE;
|
ntlm->state = NTLMSTATE_NONE;
|
||||||
@ -211,6 +215,9 @@ CURLcode Curl_output_ntlm(struct connectdata *conn, bool proxy)
|
|||||||
case NTLMSTATE_TYPE3:
|
case NTLMSTATE_TYPE3:
|
||||||
/* connection is already authenticated,
|
/* connection is already authenticated,
|
||||||
* don't send a header in future requests */
|
* don't send a header in future requests */
|
||||||
|
ntlm->state = NTLMSTATE_LAST;
|
||||||
|
|
||||||
|
case NTLMSTATE_LAST:
|
||||||
Curl_safefree(*allocuserpwd);
|
Curl_safefree(*allocuserpwd);
|
||||||
authp->done = TRUE;
|
authp->done = TRUE;
|
||||||
break;
|
break;
|
||||||
|
Loading…
Reference in New Issue
Block a user