cURL / Mailing Lists / curl-users / Single Mail

curl-users

Re: Different behaviour of file upload with NTLM/Negotiate proxy authentication

From: Markus Moeller <huaraz_at_moeller.plus.com>
Date: Tue, 6 Nov 2012 23:50:56 -0000

"Daniel Stenberg" <daniel_at_haxx.se> wrote in message
news:alpine.DEB.2.00.1211050018130.16668_at_tvnag.unkk.fr...
> On Sun, 4 Nov 2012, Markus Moeller wrote:
>
>> The problem I have is that my proxy is configured in a way that it only
>> challenges the client when it POSTS a word document. So it means when
>> the first POST request is made the uploaded file needs to be included.
>
> Aha. This zero content-length POST request is because curl knows that the
> first NTLM request will get another 401 so it makes no point in passing
> along any data then.
>
> This is a tiny shortcut and yes it does cause problems at times, like for
> your case here. You can probably get around it by asking for --anyauth or
> similar as then curl won't try that shortcut.
>

Unfortunateley that does not work. When I use --anyauth alone curl tries
BASIC auth and the proxy return auth required as only NTLM and Negotiate are
supported. After tht curl gives up.

> /opt/curl-7.28/bin/curl -v -A "| MSIE |" -U "DOMAIN\user" --anyauth --form
> file_upload=@/tmp/dummy.docx --form do=test --form
> subdo=file_upload --form http_submit="Start HTTP upload"
> http://www.csm-testcenter.org/test
Enter proxy password for user 'DOMAIN\user':
* About to connect() to proxy proxy.domain.com port 8080 (#0)
* Trying 192.168.1.200...
* connected
* Connected to proxy.domain.com (192.168.1.200) port 8080 (#0)
* Proxy auth using Basic with user 'DOMAIN\user'
> POST http://www.csm-testcenter.org/test HTTP/1.1
> Proxy-Authorization: Basic REJHXG1vZWxtYTpMaXNib24wMCQ=
> User-Agent: | MSIE |
> Host: www.csm-testcenter.org
> Accept: */*
> Proxy-Connection: Keep-Alive
> Content-Length: 20347
> Expect: 100-continue
> Content-Type: multipart/form-data;
> boundary=----------------------------38feba6b55a7
>
< HTTP/1.1 100 Continue
< HTTP/1.1 407 authenticationrequired
< Content-Type: text/html
< Cache-Control: no-cache
< Content-Length: 3407
< Proxy-Connection: Keep-Alive
< Proxy-Authenticate: Negotiate
< Proxy-Authenticate: NTLM
* HTTP error before end of send, stop sending
<
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<!-- FileName: index.html
     Language: [en]
-->

</html>
* Closing connection #0

If I use --amyauth and --proxy-ntlm I see it starts with NTLM but again with
Content Length 0 and the NTLM handshake later seem not to finish.

> /opt/curl-7.28/bin/curl -v -A "| MSIE |" -U
> "DOMAIN\user" --anyauth --proxy-ntlm --form
> file_upload=@/tmp/dummy.docx --form do=test --form
> subdo=file_upload --form http_submit="Start HTTP upload"
> http://www.csm-testcenter.org/test
Enter proxy password for user 'DOMAIN\user':
* About to connect() to proxy proxy.domain.com port 8080 (#0)
* Trying 192.168.1.200...
* connected
* Connected to proxy.domain.com (192.168.1.200) port 8080 (#0)
* Proxy auth using NTLM with user 'DOMAIN\user'
> POST http://www.csm-testcenter.org/test HTTP/1.1
> Proxy-Authorization: NTLM TlRMTVNTUAABAAAABoIIAAAAAAAAAAAAAAAAAAAAAAA=
> User-Agent: | MSIE |
> Host: www.csm-testcenter.org
> Accept: */*
> Proxy-Connection: Keep-Alive
> Content-Length: 0
>
< HTTP/1.1 200 OK
< Via: 1.1 192.168.1.200 (McAfee Web Gateway 7.1.6.1.1.12884)
< Date: Tue, 06 Nov 2012 10:53:06 GMT
< Server: Apache
< X-Cache: MISS from 192.168.1.200
< Content-Type: text/html
< Proxy-Connection: Keep-Alive
< Transfer-Encoding: chunked
<
* Ignoring the response-body
* Connection #0 to host proxy.domain.com left intact
* Issue another request to this URL: 'http://www.csm-testcenter.org/test'
* Re-using existing connection! (#0) with host proxy.domain.com
* Connected to proxy.domain.com (192.168.1.200) port 8080 (#0)
> POST http://www.csm-testcenter.org/test HTTP/1.1
> Proxy-Authorization: NTLM TlRMTVNTUAABAAAABoIIAAAAAAAAAAAAAAAAAAAAAAA=
> User-Agent: | MSIE |
> Host: www.csm-testcenter.org
> Accept: */*
> Proxy-Connection: Keep-Alive
> Content-Length: 20347
> Expect: 100-continue
> Content-Type: multipart/form-data;
> boundary=----------------------------9c99890e9335
>
< HTTP/1.1 100 Continue
< HTTP/1.1 407 authenticationrequired
< Content-Type: text/html
< Cache-Control: no-cache
< Content-Length: 3407
< Proxy-Connection: Keep-Alive
< Proxy-Authenticate: NTLM
TlRMTVNTUAACAAAAAAAAAAAAAAAGgokA40RjqCPWnDoAAAAAAAAAAAAAAAAAAAAA
* HTTP error before end of send, stop sending
<
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>

</html>

</html>
* Closing connection #0

> --
>
> / daniel.haxx.se
> -------------------------------------------------------------------
> List admin: http://cool.haxx.se/list/listinfo/curl-users
> FAQ: http://curl.haxx.se/docs/faq.html
> Etiquette: http://curl.haxx.se/mail/etiquette.html
>

Markus

-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-users
FAQ: http://curl.haxx.se/docs/faq.html
Etiquette: http://curl.haxx.se/mail/etiquette.html
Received on 2012-11-07