cURL / Mailing Lists / curl-library / Single Mail

curl-library

RE: Authentication

From: Xiuping Hu <xhu_at_aventail.com>
Date: Wed, 11 Feb 2004 10:07:56 -0800

> -----Original Message-----
> From: Daniel Stenberg [mailto:daniel-curl_at_haxx.se]
> Sent: Wednesday, February 11, 2004 4:47 AM
> To: libcurl development
> Subject: RE: Authentication
>
> On Mon, 9 Feb 2004, Xiuping Hu wrote:
>
> > Sorry, one more check:
> >
> > 140 else {
> > 141 if((ntlm->state >= NTLMSTATE_TYPE1) ||
> > ((conn->allocptr.userpwd) &&
> > strstr(conn->allocptr.userpwd,"Authorization:")))
> > 142 return CURLNTLM_BAD;
> > 143
> > 144 ntlm->state = NTLMSTATE_TYPE1; /* we should sent away a
> type-1
> > */
> > 145 }
>
> Sorry, but your flood of mails confuse me, and this check unfortunately
> doesn't make my brain much clearer!
>
> Can you please answer these questions:
>
> 1. Why isn't ntlm->state already at state NTLMSTATE_TYPE1 when the
> autorization header is set?
[Xiuping Hu] This is the case if you provide a wrong credential through
proxy to backend.
        1, c --> p --> s GET ... with credential forwarded
        2. p <-- s 401 Unauthorized
                      WWW-Authenticate: NTLM
        3. p --> s GET ..
                     Authorization: NTLM <base64-encoded Type1 message>
        4. p <-- s 401 Access Denied..
                     WWW-Authenticate: NTLM..
        5. p --> s GET ..
                     Authorization: NTLM <base64-encoded Type1 message>
      4 <--> 5 endless loop.
>
> 2. How do you expect your fix to work with proxies? We store the
> autorization
> header in a different variable and it has different context...
[Xiuping Hu] This fix stops endless looping in this scenarios, and give the
backend the chance to fall back to directly send the auth page to client.
But one thing I can not fix at this time, that is once client receive the
auth page directly from backend, and enter his/her credential, proxy still
have no way to get it, and continue using the proxy credential, so
eventually it fails. How can we fix this issue?

BTW, what you mean store the authorization header in a different variable
and it has different context? Could you please explain?

>
> I very much want this problem fixed, but I want it done the proper way!

[Xiuping Hu] Absolutely, I am very new to curl, so Could you please point me
some directions, I could work the right way?

Thanks,

Xiuping
>
> --
> Daniel Stenberg -- http://curl.haxx.se/ -- http://daniel.haxx.se/
> [[ Do not send mails to this email address. They won't reach me. ]]
Received on 2004-02-11