cURL
Haxx ad
libcurl

curl's project page on SourceForge.net

Sponsors:
Haxx

cURL > Mailing List > Monthly Index > Single Mail

curl-tracker Archives

[curl:bugs] #1253 NTLM authentication fails when password contains special characters (british pound symbol £)

From: Dan Fandrich <dfandrich_at_users.sf.net>
Date: Fri, 28 Jun 2013 16:23:27 +0000

I'm not aware of anyone working on this issue, and most of the core curl developers don't have Windows, so it's unlikely this will be completely solved any time soon without someone submitting a patch. It's listed as a KNOWN_BUG so it won't be forgotten.

---
** [bugs:#1253] NTLM authentication fails when password contains special characters (british pound symbol £)**
**Status:** open
**Created:** Thu Jun 27, 2013 01:36 PM UTC by Paul McNally
**Last Updated:** Fri Jun 28, 2013 01:37 PM UTC
**Owner:** nobody
NTLM authentication is failing when authentication contains special characters, namely the british pound symbol (£).

I have tried this using the CLI and via php_curl using CURLAUTH_NTLM. I have also tried raw URL encoding the username and password and replacing the special character directly with it's unicode equivalent. All instances fail returning:

NTLM handshake failure (internal error) (I think this is NTLMSTATE_TYPE1?)

I have changed the password to be one WITHOUT a special character and the cURL process works fine. If someone could look into this we would greatly appreciate it.

Thanks.

Curl -V output:

curl 7.26.0 (x86_64-pc-linux-gnu) libcurl/7.26.0 OpenSSL/1.0.1e zlib/1.2.7 libidn/1.25 libssh2/1.4.2 librtmp/2.3
Protocols: dict file ftp ftps gopher http https imap imaps ldap pop3 pop3s rtmp rtsp scp sftp smtp smtps telnet tftp 
Features: Debug GSS-Negotiate IDN IPv6 Largefile NTLM NTLM_WB SSL libz TLS-SRP 

------------------------------------

cURL query:

curl --verbose --insecure --ntlm --location -u someuser:p£ssword https://10.0.0.17/EWS/Exchange.asmx




* About to connect() to 10.0.0.17 port 443 (#0)
*   Trying 10.0.0.17...
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed

  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0* connected
* Connected to 10.0.0.17 (10.0.0.17) port 443 (#0)
* successfully set certificate verify locations:
*   CAfile: none
  CApath: /etc/ssl/certs
* SSLv3, TLS handshake, Client hello (1):
} [data not shown]
* SSLv3, TLS handshake, Server hello (2):
{ [data not shown]
* SSLv3, TLS handshake, CERT (11):
{ [data not shown]
* SSLv3, TLS handshake, Server finished (14):
{ [data not shown]
* SSLv3, TLS handshake, Client key exchange (16):
} [data not shown]
* SSLv3, TLS change cipher, Client hello (1):
} [data not shown]
* SSLv3, TLS handshake, Finished (20):
} [data not shown]
* SSLv3, TLS change cipher, Client hello (1):
{ [data not shown]
* SSLv3, TLS handshake, Finished (20):
{ [data not shown]
* SSL connection using AES128-SHA
* Server certificate:
* 	 subject: CN=2008Exc07
* 	 start date: 2010-09-19 23:27:30 GMT
* 	 expire date: 2011-09-19 23:27:30 GMT
* 	 common name: 2008Exc07 (does not match '10.0.0.17')
* 	 issuer: CN=2008Exc07
* 	 SSL certificate verify result: unable to get local issuer certificate (20), continuing anyway.
* Server auth using NTLM with user 'student1'
> GET /EWS/Exchange.asmx HTTP/1.1
> Authorization: NTLM TlRMTVNTUAABAAAABoIIAAAAAAAAAAAAAAAAAAAAAAA=
> User-Agent: curl/7.26.0
> Host: 10.0.0.17
> Accept: */*
> 
* additional stuff not fine transfer.c:1037: 0 0
* HTTP 1.1 or later with persistent connection, pipelining supported
< HTTP/1.1 401 Unauthorized
< Server: Microsoft-IIS/7.0
< WWW-Authenticate: NTLM TlRMTVNTUAACAAAABwAHADgAAAAGgokCfSShwrqyuAEAAAAAAAAAALgAuAA/AAAABgByFwAAAA8yMDA4REVWAgAOADIAMAAwADgARABFAFYAAQASADIAMAAwADgARQBYAEMAMAA3AAQAIAAyADAAMAA4AGQAZQB2AC4AaQBuAHQAZQByAG4AYQBsAAMANAAyADAAMAA4AEUAeABjADAANwAuADIAMAAwADgAZABlAHYALgBpAG4AdABlAHIAbgBhAGwABQAgADIAMAAwADgAZABlAHYALgBpAG4AdABlAHIAbgBhAGwABwAIABYL07Qqc84BAAAAAA==
< WWW-Authenticate: Negotiate
< X-Powered-By: ASP.NET
< Date: Thu, 27 Jun 2013 11:37:29 GMT
< Content-Length: 0
< 

  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0
* Connection #0 to host 10.0.0.17 left intact
* Issue another request to this URL: 'https://10.0.0.17/EWS/Exchange.asmx'
* Re-using existing connection! (#0) with host (nil)
* Connected to (nil) (10.0.0.17) port 443 (#0)
* Server auth using NTLM with user 'student1'
> GET /EWS/Exchange.asmx HTTP/1.1
> Authorization: NTLM TlRMTVNTUAADAAAAGAAYAEAAAAAYABgAWAAAAAAAAABwAAAACAAIAHAAAAAGAAYAeAAAAAAAAAAAAAAABoKJApDuoAji4B0VAAAAAAAAAAAAAAAAAAAAAK0XpK1S3100KAJO6S1e8rYJ8LVkWEP5Q3N0dWRlbnQxZGViaWFu
> User-Agent: curl/7.26.0
> Host: 10.0.0.17
> Accept: */*
> 
* additional stuff not fine transfer.c:1037: 0 0
* HTTP 1.1 or later with persistent connection, pipelining supported
< HTTP/1.1 401 Unauthorized
< Server: Microsoft-IIS/7.0
< WWW-Authenticate: Negotiate
* NTLM handshake failure (internal error)
* Authentication problem. Ignoring this.
< WWW-Authenticate: NTLM
< X-Powered-By: ASP.NET
< Date: Thu, 27 Jun 2013 11:37:29 GMT
< Content-Length: 0
< 

  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0
* Connection #0 to host (nil) left intact
* Closing connection #0
* SSLv3, TLS alert, Client hello (1):
} [data not shown]

---
Sent from sourceforge.net because curl-tracker@cool.haxx.se is subscribed to https://sourceforge.net/p/curl/bugs/
To unsubscribe from further messages, a project admin can change settings at https://sourceforge.net/p/curl/admin/bugs/options.  Or, if this is a mailing list, you can unsubscribe from the mailing list.
Received on 2013-06-28

These mail archives are generated by hypermail.

donate! Page updated May 06, 2013.
web site info

File upload with ASP.NET