curl-library
NTLM proxy authentication with CURLOPT_READDATA seems broken.
Date: Mon, 03 Dec 2007 17:48:49 +0000
I am using curl 7.17.0.
If I use CURLOPT_COPYPOSTFIELDS to send 376 bytes via a squid proxy
using NTLM all works well.
However using the callback mechanism (CURLOPT_READDATA) curl sends the
376 byte to the server while it is trying to request the NTLM negotation
parameters, even though curl has set the Content-Length to zero.
Curl sends a zero byte post simply to receive the authentication
challenge for later, so it gets half of it right, but unfortunatly ends
up sending the post data too.
I have not yet been able to determine the location of the problem in
code as yet. I have however "fixed up" a variable in my callback
function using a debugger and setting it to zero at the right time to
persuade curl to not send the data during the challenge aquisition stage.
So it goes like this:
CONNECTION 1 (this first conenction is ok):
curl tries to post
recieves 407
selects ntlm for target of next connection
disconnect
CONNECTION 2:
POST http://192.168.100.204/Discovery/HTTPsvc/IISXferWanServer.DLL HTTP/1.1
Proxy-Authorization: NTLM TlRMTVNTUAABAAAABoIIAAAAAAAAAAAAAAAAAAAAAAA=
User-Agent: HttpXferwan 10.3.2 (20071123)
Host: 192.168.100.204
Pragma: no-cache
Accept: */*
Proxy-Connection: Keep-Alive
Content-Type: application/octet-stream
Content-Length: 0
R...........x.......................C91EDFC9-225FDA11-BBDAFE29-FB40000F.................................................0.000000........................................................11EEEAFE-BA40-443E-AAB0-C8FC1BBEC0BC................................?....
c..M.'O`.....k.....)....v..U..*....*.u.....:s.j....iO...A.|7"...DA..P......T
9;.K..3.o...M......m.p..
.5].x..l.......i.
HTTP/1.0 407 Proxy Authentication Required
Server: squid/2.6.STABLE14
Date: Mon, 03 Dec 2007 17:18:25 GMT
Content-Type: text/html
Content-Length: 1450
Expires: Mon, 03 Dec 2007 17:18:25 GMT
X-Squid-Error: ERR_CACHE_ACCESS_DENIED 0
Proxy-Authenticate: NTLM
TlRMTVNTUAACAAAACgAKACgAAACCgkEAuWt2f36wc6AAAAAAAAAAAENFTlRFTk5JQUw=
X-Cache: MISS from vm-fruitbat.centennial.co.uk
X-Cache-Lookup: NONE from vm-fruitbat.centennial.co.uk:3128
Via: 1.0 vm-fruitbat.centennial.co.uk:3128 (squid/2.6.STABLE14)
Proxy-Connection: keep-alive
<..html error snipped..>
Squid then gets confused and thinks that the binary post data is an http
request since there should be no binary content in the stream at that
point. The last request (with the authentication credentials proper)
then fails.
Received on 2007-12-03