cURL / Mailing Lists / curl-users / Single Mail

curl-users

Re: Different behaviour of file upload with NTLM/Negotiate proxy authentication

From: Markus Moeller <huaraz_at_moeller.plus.com>
Date: Sun, 4 Nov 2012 20:54:31 -0000

"Daniel Stenberg" <daniel_at_haxx.se> wrote in message news:alpine.DEB.2.00.1211041815040.16668_at_tvnag.unkk.fr...
> On Sun, 4 Nov 2012, Markus Moeller wrote:
>
>> I am testing file uploads with Negotiate and NTLM proxy authentication. And
>> it looks like the behaviour is different for NTLM compared to Negotiate.
>> When I use NTLM the Authorisation header is added but not the POST data, so
>> I get a wrong result.
>
> Really? NTLM does a multi request authentication "handshake" and you see that.
>
>> Can anybody confirm this ? Any idea where the bug is with NTLM ?
>
> I'm not aware of any particular bug in our NTLM support. You need to be much
> more specific.
>

The problem I have is that my proxy is configured in a way that it only challenges the client when it POSTS a word document. So it means when the first POST request is made the uploaded file needs to be included.

What I see is that a Content Length of 0 is send together with the Authorisation on which the proxy returns OK as no word document is posted.

> /opt/curl-7.28/bin/curl -v -A "| MSIE |" -U "DOMAIN\user" --proxy-ntlm --form file_upload=@/tmp/test.docx --form do=test --form subdo=file_upload --form http_submit="Start HTTP upload" http://www.csm-testcenter.org/test
  Enter proxy password for user 'DOMAIN\user':
  * About to connect() to proxy proxy.domain.com port 8080 (#0)
  * Trying 192.168.1.200...
  * connected
  * Connected to proxy.domain.com (192.168.1.200) port 8080 (#0)
  * Proxy auth using NTLM with user 'DOMAIN\user'
> POST http://www.csm-testcenter.org/test HTTP/1.1
> Proxy-Authorization: NTLM TlRMTVNTUAABAAAABoIIAAAAAAAAAAAAAAAAAAAAAAA=
> User-Agent: | MSIE |
> Host: www.csm-testcenter.org
> Accept: */*
> Proxy-Connection: Keep-Alive
> Content-Length: 0

  < HTTP/1.1 200 OK
  < Via: 1.1 192.168.1.200 (PROXY)
  < Date: Sun, 04 Nov 2012 13:22:53 GMT
  < Server: Apache
  < X-Cache: MISS from 192.168.1.200
  < Content-Type: text/html
  < Proxy-Connection: Keep-Alive
  < Transfer-Encoding: chunked
  <

When I use negotiate curl sends all data and no Authorisation header and get correctly challeged with 407 as the POST contains a word doc (Content length > 0 and a Content type oof multipart/form-data.

> /opt/curl-7.28/bin/curl -v -A "| MSIE |" -U dd:dd --proxy-negotiate --form file_upload=@/tmp/test.docx --form do=test --form subdo=file_upload --form http_submit="Start HTTP upload" http://www.csm-testcenter.org/test
  * About to connect() to proxy proxy.domain.com port 8080 (#0)
  * Trying 192.168.1.200...
  * connected
  * Connected to proxy.domain.com (192.168.1.200) port 8080 (#0)
> POST http://www.csm-testcenter.org/test HTTP/1.1
> User-Agent: | MSIE |
> Host: www.csm-testcenter.org
> Accept: */*
> Proxy-Connection: Keep-Alive
> Content-Length: 515
> Expect: 100-continue
> Content-Type: multipart/form-data;
> boundary=----------------------------2f4caf3f7cd8
>

  < HTTP/1.1 100 Continue
  < HTTP/1.1 407 authenticationrequired
  < Content-Type: text/html
  < Cache-Control: no-cache
  < Content-Length: 3407
  < Proxy-Connection: Keep-Alive
  < Proxy-Authenticate: Negotiate
  < Proxy-Authenticate: NTLM
  * HTTP error before end of send, stop sending
  <
  * Closing connection #0
  * Issue another request to this URL: 'http://www.csm-testcenter.org/test'
  * About to connect() to proxy proxy.domain.com port 8080 (#0)
  * Trying 192.168.1.200...
  * connected
  * Connected to proxy.domain.com (192.168.1.200) port 8080 (#0)
  * Proxy auth using GSS-Negotiate with user 'dd'
> POST http://www.csm-testcenter.org/test HTTP/1.1
> Proxy-Authorization: Negotiate YIICFAYJKoZIhvcSAQICAQBuggIDMIIB/......=
> User-Agent: | MSIE |
> Host: www.csm-testcenter.org
> Accept: */*
> Proxy-Connection: Keep-Alive
> Content-Length: 515
> Expect: 100-continue
> Content-Type: multipart/form-data;
> boundary=----------------------------8995e2e39e1f
>
  < HTTP/1.1 100 Continue
  < HTTP/1.1 200 OK
  < Via: 1.1 192.168.1.200 (PROXY)
  < Date: Sun, 04 Nov 2012 13:21:28 GMT
  < Server: Apache
  < Content-Type: text/html
  < Proxy-Connection: Keep-Alive
  < Transfer-Encoding: chunked

Is that clearer ?

Thank you
Markus

> --
>
> / daniel.haxx.se
> -------------------------------------------------------------------
> List admin: http://cool.haxx.se/list/listinfo/curl-users
> FAQ: http://curl.haxx.se/docs/faq.html
> Etiquette: http://curl.haxx.se/mail/etiquette.html
>

-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-users
FAQ: http://curl.haxx.se/docs/faq.html
Etiquette: http://curl.haxx.se/mail/etiquette.html
Received on 2012-11-04

This message: [ Message body ]
Next message: Daniel Stenberg: "Re: Different behaviour of file upload with NTLM/Negotiate proxy authentication"
Previous message: Daniel Stenberg: "Re: Different behaviour of file upload with NTLM/Negotiate proxy authentication"
In reply to: Daniel Stenberg: "Re: Different behaviour of file upload with NTLM/Negotiate proxy authentication"
Next in thread: Daniel Stenberg: "Re: Different behaviour of file upload with NTLM/Negotiate proxy authentication"
Reply: Daniel Stenberg: "Re: Different behaviour of file upload with NTLM/Negotiate proxy authentication"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]