On Thu, Mar 13, 2014 at 05:17:26PM -0500, Kevin Pauli wrote:
> Hi, I am observing some odd behavior.  If I invoke curl like this:
>
> curl --url http://example.com --data "my data" --ntlm --user username:password
>
> Then I am not seeing "my data" in the content of the request.  Wireshark
> confirms the empty request.  

I can confirm this, and it does seem a bit odd, but it does appear to be
intentional; test 176 confirms this. If NTLM is truly required then the
server will ignore the initial POST and respond with an NTLM handshake,
so this 0-byte post will be ignored. But, if the server doesn't actually
require authentication, then the server will act on this 0 byte post
and could perform some undesired action. What probably should happen
is something similar to what happens if --anyauth is used in place of
--ntlm; curl sends a Expect: 100-continue instead of a 0 byte request
(like test 155).

> However, if I remove the --ntlm and --user
> parameters, like so:
>
> curl --url http://example.com --data "my data"
>
> Then I do see "my data" in the content.

This is like test 97.

> I have tried many, many combinations of things like --negotiate, and -X POST
> and such, but these two examples I've given above are the simplest ones that
> demonstrate the problem.
>
> I am using curl-7.3.3.0-win64-ssl-sspi on Windows 7.

>>> Dan
-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-users
FAQ: http://curl.haxx.se/docs/faq.html
Etiquette: http://curl.haxx.se/mail/etiquette.html
Received on 2014-03-14