|
 |
c260e0 |
From 2ac0f436a3ed216d3fc634592d302c6b8efe25d0 Mon Sep 17 00:00:00 2001
|
|
|
c260e0 |
From: Frank Meier <frank.meier@ergon.ch>
|
|
|
c260e0 |
Date: Fri, 22 Aug 2014 14:54:41 +0200
|
|
|
c260e0 |
Subject: [PATCH] NTLM: ignore CURLOPT_FORBID_REUSE during NTLM HTTP auth
|
|
|
c260e0 |
|
|
|
c260e0 |
Problem: if CURLOPT_FORBID_REUSE is set, requests using NTLM failed
|
|
|
c260e0 |
since NTLM requires multiple requests that re-use the same connection
|
|
|
c260e0 |
for the authentication to work
|
|
|
c260e0 |
|
|
|
c260e0 |
Solution: Ignore the forbid reuse flag in case the NTLM authentication
|
|
|
c260e0 |
handshake is in progress, according to the NTLM state flag.
|
|
|
c260e0 |
|
|
|
c260e0 |
Fixed known bug #77.
|
|
|
c260e0 |
|
|
|
c260e0 |
Upstream-commit: 63a0bd4270decef04e64fbe497b42f2c9e26c62b
|
|
|
c260e0 |
Signed-off-by: Kamil Dudka <kdudka@redhat.com>
|
|
|
c260e0 |
---
|
|
|
c260e0 |
docs/KNOWN_BUGS | 4 ----
|
|
|
c260e0 |
lib/url.c | 7 +++++--
|
|
|
c260e0 |
2 files changed, 5 insertions(+), 6 deletions(-)
|
|
|
c260e0 |
|
|
|
c260e0 |
diff --git a/docs/KNOWN_BUGS b/docs/KNOWN_BUGS
|
|
|
c260e0 |
index d363827..170987e 100644
|
|
|
c260e0 |
--- a/docs/KNOWN_BUGS
|
|
|
c260e0 |
+++ b/docs/KNOWN_BUGS
|
|
|
c260e0 |
@@ -18,10 +18,6 @@ may have been fixed since this was written!
|
|
|
c260e0 |
any file at all. Like when using FTP.
|
|
|
c260e0 |
http://curl.haxx.se/bug/view.cgi?id=3438362
|
|
|
c260e0 |
|
|
|
c260e0 |
-77. CURLOPT_FORBID_REUSE on a handle prevents NTLM from working since it
|
|
|
c260e0 |
- "abuses" the underlying connection re-use system and if connections are
|
|
|
c260e0 |
- forced to close they break the NTLM support.
|
|
|
c260e0 |
-
|
|
|
c260e0 |
76. The SOCKET type in Win64 is 64 bits large (and thus so is curl_socket_t on
|
|
|
c260e0 |
that platform), and long is only 32 bits. It makes it impossible for
|
|
|
c260e0 |
curl_easy_getinfo() to return a socket properly with the CURLINFO_LASTSOCKET
|
|
|
c260e0 |
diff --git a/lib/url.c b/lib/url.c
|
|
|
c260e0 |
index de8e153..5fcef89 100644
|
|
|
c260e0 |
--- a/lib/url.c
|
|
|
c260e0 |
+++ b/lib/url.c
|
|
|
c260e0 |
@@ -5252,7 +5252,8 @@ CURLcode Curl_done(struct connectdata **connp,
|
|
|
c260e0 |
}
|
|
|
c260e0 |
|
|
|
c260e0 |
/* if data->set.reuse_forbid is TRUE, it means the libcurl client has
|
|
|
c260e0 |
- forced us to close this no matter what we think.
|
|
|
c260e0 |
+ forced us to close this connection. This is ignored for requests taking
|
|
|
c260e0 |
+ place in a NTLM authentication handshake
|
|
|
c260e0 |
|
|
|
c260e0 |
if conn->bits.close is TRUE, it means that the connection should be
|
|
|
c260e0 |
closed in spite of all our efforts to be nice, due to protocol
|
|
|
c260e0 |
@@ -5267,7 +5268,9 @@ CURLcode Curl_done(struct connectdata **connp,
|
|
|
c260e0 |
connection_id == -1 here means that the connection has not been added
|
|
|
c260e0 |
to the connection cache (OOM) and thus we must disconnect it here.
|
|
|
c260e0 |
*/
|
|
|
c260e0 |
- if(data->set.reuse_forbid || conn->bits.close || premature ||
|
|
|
c260e0 |
+ if((data->set.reuse_forbid && !(conn->ntlm.state == NTLMSTATE_TYPE2 ||
|
|
|
c260e0 |
+ conn->proxyntlm.state == NTLMSTATE_TYPE2))
|
|
|
c260e0 |
+ || conn->bits.close || premature ||
|
|
|
c260e0 |
(-1 == conn->connection_id)) {
|
|
|
c260e0 |
CURLcode res2 = Curl_disconnect(conn, premature); /* close connection */
|
|
|
c260e0 |
|
|
|
c260e0 |
--
|
|
|
c260e0 |
2.1.0
|
|
|
c260e0 |
|