cURL / Mailing Lists / curl-users / Single Mail

curl-users

[ curl-Bugs-806328 ] NTLM authentication fails after a redirect

From: SourceForge.net <noreply_at_sourceforge.net>
Date: Sun, 14 Sep 2003 22:51:20 -0700

Bugs item #806328, was opened at 2003-09-14 22:51
Message generated for change (Tracker Item Submitted) made by Item Submitter
You can respond by visiting:
https://sourceforge.net/tracker/?func=detail&atid=100976&aid=806328&group_id=976

Category: None
Group: bad behaviour
Status: Open
Resolution: None
Priority: 5
Submitted By: Nobody/Anonymous (nobody)
Assigned to: Nobody/Anonymous (nobody)
Summary: NTLM authentication fails after a redirect

Initial Comment:
VERSION:

curl 7.10.7 (sparc-sun-solaris2.6) libcurl/7.10.7

OpenSSL/0.9.6e zlib/1.1.4

Features: SSL libz NTLM

COMMAND:

curl -L --anyauth -u bob:1234 http://site.org/a

If an HTTP response redirects curl to a page that

requires NTLM (or Negotiate) authentication then curl

repeatedly trys the 2nd URL (without doing the

authentication) until it exceeds it maximum redirect

count.

TRACE:

"page1" returns an HTTP 302 redirection

to "page2". "page2" requires NTLM authentication.

The "-L" curl option tells it to follow redirects.

% curl -L --anyauth -u bob:1234 http://site1.org/page1

> GET /page1 HTTP/1.1

< HTTP/1.1 302 Moved Temporarily

< Date: Mon, 15 Sep 2003 04:48:20 GMT

< Server: Apache/1.2.4

< Location: http://site2.org/page2

< Content-Type: text/html

< X-Pad: avoid browser bug

> GET /page2 HTTP/1.1

< HTTP/1.1 401 Access Denied

< Server: Microsoft-IIS/5.0

< Date: Mon, 15 Sep 2003 04:48:24 GMT

< WWW-Authenticate: Negotiate

< WWW-Authenticate: NTLM

< Connection: close

> GET /page2 HTTP/1.1

< HTTP/1.1 401 Access Denied

< Server: Microsoft-IIS/5.0

< Date: Mon, 15 Sep 2003 04:48:24 GMT

< WWW-Authenticate: Negotiate

< WWW-Authenticate: NTLM

< Connection: close

...<repeats the last request/response pair about 50

times>...

After the initial redirect response, curl does the

following:

1) opens a TCP/IP connection

2) sends "GET /page2 HTTP/1.1" (with Host, Pragma &

Accept headers only)

3) receives "HTTP/1.1 401" (with WWW-Authenticate

etc as above)

4) closes the TCP/IP connection

5) goto step 1) and try again (repeatedly), without

changing any headers (ie without doing the NTLM auth.)

If curl is given the 2nd URL directly (instead of via a

redirect) it does the NTLM authentication properly!

% curl -L --anyauth -u bob:1234 http://site2.org/page2

----------------------------------------------------------------------

You can respond by visiting:
https://sourceforge.net/tracker/?func=detail&atid=100976&aid=806328&group_id=976

-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
Received on 2003-09-15

This message: [ Message body ]
Next message: Andreas Rieke: "Re: Persistent connection problem"
Previous message: Daniel Stenberg: "Re: SELECT MULTIPLE in HTML form"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]