cURL / Mailing Lists / curl-users / Single Mail

curl-users

Re: Using Curl against SharePoint 2010, authentication fails, NTLM vs. GSS?

From: Dan Fandrich <dan_at_coneharvesters.com>
Date: Wed, 6 Apr 2011 14:27:06 -0700

On Wed, Apr 06, 2011 at 04:20:45PM -0400, Derek Atkins wrote:
> Here is the run and output of the ascii trace:
>
> mock-chroot> ./curl --version
> curl 7.21.3 (x86_64-unknown-linux-gnu) libcurl/7.19.7 NSS/3.12.6.2 zlib/1.2.3 libidn/1.9 libssh2/1.2.4
> Protocols: tftp ftp telnet dict ldap ldaps http file https ftps scp sftp
> Features: GSS-Negotiate IDN IPv6 Largefile NTLM SSL libz
> mock-chroot> ./curl --trace-ascii /tmp/sharepoint2010.ascii --ntlm -D /tmp/sharepoint2010 -u administrator --retry 1 -L http://172.16.64.20/
> Enter host password for user 'administrator':
> mock-chroot> cat /tmp/sharepoint2010.ascii
> == Info: About to connect() to 172.16.64.20 port 80 (#0)
> == Info: Trying 172.16.64.20... == Info: connected
> == Info: Connected to 172.16.64.20 (172.16.64.20) port 80 (#0)
> == Info: Initializing NSS with certpath: /etc/pki/nssdb
> == Info: Server auth using NTLM with user 'administrator'
> => Send header, 233 bytes (0xe9)
> 0000: GET / HTTP/1.1
> 0010: Authorization: NTLM ...
> 0052: User-Agent: curl/7.21.3 (x86_64-unknown-linux-gnu) libcurl/7.19.
> 0092: 7 NSS/3.12.6.2 zlib/1.2.3 libidn/1.9 libssh2/1.2.4
> 00c6: Host: 172.16.64.20
> 00da: Accept: */*
> 00e7:
> <= Recv header, 27 bytes (0x1b)
> 0000: HTTP/1.1 401 Unauthorized
> <= Recv header, 27 bytes (0x1b)
> 0000: Server: Microsoft-IIS/7.5
> <= Recv header, 53 bytes (0x35)
> 0000: SPRequestGuid: 5e26dd22-2e57-4b63-bd1f-e0467c35b5d3
> <= Recv header, 325 bytes (0x145)
> 0000: WWW-Authenticate: NTLM ...
> ... <cut>
> 0140: A==
> == Info: gss_init_sec_context() failed: : Cannot determine realm for numeric hos
> t address<= Recv header, 29 bytes (0x1d)
> 0000: WWW-Authenticate: Negotiate
> <= Recv header, 23 bytes (0x17)
> 0000: X-Powered-By: ASP.NET
> <= Recv header, 46 bytes (0x2e)
> 0000: MicrosoftSharePointTeamServices: 14.0.0.4762
> <= Recv header, 37 bytes (0x25)
> 0000: Date: Wed, 06 Apr 2011 20:13:19 GMT
> <= Recv header, 19 bytes (0x13)
> 0000: Content-Length: 0
> <= Recv header, 2 bytes (0x2)
> 0000:
> == Info: Connection #0 to host 172.16.64.20 left intact
> == Info: Closing connection #0

I took a quick look at the code, and it looks like cases where an
authentication method has an error during initialization, such as this one,
are treated as though the authentication has been attempted and has failed.
Curl_http_input_auth() should really be changed to skip an authentication
method when there's an error initializing it.

>>> Dan
-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-users
FAQ: http://curl.haxx.se/docs/faq.html
Etiquette: http://curl.haxx.se/mail/etiquette.html
Received on 2011-04-06