mirror of
https://github.com/moparisthebest/curl
synced 2024-12-23 16:48:49 -05:00
NTLM: handle auth for only a single request
Currently when the server responds with 401 on NTLM authenticated connection (re-used) we consider it to have failed. However this is legitimate and may happen when for example IIS is set configured to 'authPersistSingleRequest' or when the request goes thru a proxy (with 'via' header). Implemented by imploying an additional state once a connection is re-used to indicate that if we receive 401 we need to restart authentication. Closes #363
This commit is contained in:
parent
7f11259eb7
commit
fe6049f04b
@ -84,7 +84,11 @@ CURLcode Curl_input_ntlm(struct connectdata *conn,
|
||||
ntlm->state = NTLMSTATE_TYPE2; /* We got a type-2 message */
|
||||
}
|
||||
else {
|
||||
if(ntlm->state == NTLMSTATE_TYPE3) {
|
||||
if(ntlm->state == NTLMSTATE_LAST) {
|
||||
infof(conn->data, "NTLM auth restarted\n");
|
||||
Curl_http_ntlm_cleanup(conn);
|
||||
}
|
||||
else if(ntlm->state == NTLMSTATE_TYPE3) {
|
||||
infof(conn->data, "NTLM handshake rejected\n");
|
||||
Curl_http_ntlm_cleanup(conn);
|
||||
ntlm->state = NTLMSTATE_NONE;
|
||||
@ -211,6 +215,9 @@ CURLcode Curl_output_ntlm(struct connectdata *conn, bool proxy)
|
||||
case NTLMSTATE_TYPE3:
|
||||
/* connection is already authenticated,
|
||||
* don't send a header in future requests */
|
||||
ntlm->state = NTLMSTATE_LAST;
|
||||
|
||||
case NTLMSTATE_LAST:
|
||||
Curl_safefree(*allocuserpwd);
|
||||
authp->done = TRUE;
|
||||
break;
|
||||
|
Loading…
Reference in New Issue
Block a user