HTTP-NTLM: fail auth on connection close instead of looping

Bug: https://github.com/bagder/curl/issues/256

diff --git a/lib/http.c b/lib/http.c
index ef55364eeacc5a67d0f03aa6905c8bb67935b2ec..8e422f0bf25809c55b83798a7154b024ebbe036e 100644 (file)
--- a/lib/http.c
+++ b/lib/http.c
@@ -3087,6 +3087,19 @@ CURLcode Curl_http_readwrite_headers(struct SessionHandle *data,
         }
       }
 
+      /* At this point we have some idea about the fate of the connection.
+         If we are closing the connection it may result auth failure. */
+#if defined(USE_NTLM)
+      if(conn->bits.close &&
+         (((data->req.httpcode == 401) &&
+           (conn->ntlm.state == NTLMSTATE_TYPE2)) ||
+          ((data->req.httpcode == 407) &&
+           (conn->proxyntlm.state == NTLMSTATE_TYPE2)))) {
+        infof(data, "Connection closure while negotiating auth (HTTP 1.0?)\n");
+        data->state.authproblem = TRUE;
+      }
+#endif
+
       /*
        * When all the headers have been parsed, see if we should give
        * up and return an error.

diff --git a/tests/data/test159 b/tests/data/test159
index c4ad91549e5c26864874fa21e45df0a595171fbc..5a062176e65e5b57f5fb7f7dc827f29653de72c6 100644 (file)
--- a/tests/data/test159
+++ b/tests/data/test159
@@ -21,34 +21,20 @@ Server: Microsoft-IIS/5.0
 Content-Type: text/html; charset=iso-8859-1\r
 Content-Length: 34\r
 WWW-Authenticate: NTLM TlRMTVNTUAACAAAAAgACADAAAAAGgoEAc51AYVDgyNcAAAAAAAAAAG4AbgAyAAAAQ0MCAAQAQwBDAAEAEgBFAEwASQBTAEEAQgBFAFQASAAEABgAYwBjAC4AaQBjAGUAZABlAHYALgBuAHUAAwAsAGUAbABpAHMAYQBiAGUAdABoAC4AYwBjAC4AaQBjAGUAZABlAHYALgBuAHUAAAAAAA==\r
+Connection: close\r
 \r
 This is not the real page either!
 </data1001>
 
-# This is supposed to be returned when the server gets the second
-# Authorization: NTLM line passed-in from the client
-<data1002>
-HTTP/1.1 200 Things are fine in server land swsclose\r
-Server: Microsoft-IIS/5.0\r
-Content-Type: text/html; charset=iso-8859-1\r
-Content-Length: 32\r
-\r
-Finally, this is the real page!
-</data1002>
-
 <datacheck>
 HTTP/1.1 401 Now gimme that second request of crap\r
 Server: Microsoft-IIS/5.0\r
 Content-Type: text/html; charset=iso-8859-1\r
 Content-Length: 34\r
 WWW-Authenticate: NTLM TlRMTVNTUAACAAAAAgACADAAAAAGgoEAc51AYVDgyNcAAAAAAAAAAG4AbgAyAAAAQ0MCAAQAQwBDAAEAEgBFAEwASQBTAEEAQgBFAFQASAAEABgAYwBjAC4AaQBjAGUAZABlAHYALgBuAHUAAwAsAGUAbABpAHMAYQBiAGUAdABoAC4AYwBjAC4AaQBjAGUAZABlAHYALgBuAHUAAAAAAA==\r
+Connection: close\r
 \r
-HTTP/1.1 200 Things are fine in server land swsclose\r
-Server: Microsoft-IIS/5.0\r
-Content-Type: text/html; charset=iso-8859-1\r
-Content-Length: 32\r
-\r
-Finally, this is the real page!
+This is not the real page either!
 </datacheck>
 
 </reply>
@@ -64,7 +50,7 @@ debug
 http
 </server>
  <name>
-HTTP with NTLM authorization when talking HTTP/1.0
+HTTP with NTLM authorization when talking HTTP/1.0 (known to fail)
  </name>
  <setenv>
 # we force our own host name, in order to make the test machine independent
@@ -92,12 +78,6 @@ Authorization: NTLM TlRMTVNTUAABAAAABoIIAAAAAAAAAAAAAAAAAAAAAAA=
 User-Agent: curl/7.10.6-pre1 (i686-pc-linux-gnu) libcurl/7.10.6-pre1 OpenSSL/0.9.7a ipv6 zlib/1.1.3\r
 Accept: */*\r
 \r
-GET /159 HTTP/1.0\r
-Host: %HOSTIP:%HTTPPORT\r
-Authorization: NTLM TlRMTVNTUAADAAAAGAAYAEAAAACeAJ4AWAAAAAAAAAD2AAAACAAIAPYAAAAIAAgA/gAAAAAAAAAAAAAABoKBAL9LNW5+nkyHZRmyFaL/LJ4xMjM0MjIzNGUCyhgQ9hw6eWAT13EbDa0BAQAAAAAAAACAPtXesZ0BMTIzNDIyMzQAAAAAAgAEAEMAQwABABIARQBMAEkAUwBBAEIARQBUAEgABAAYAGMAYwAuAGkAYwBlAGQAZQB2AC4AbgB1AAMALABlAGwAaQBzAGEAYgBlAHQAaAAuAGMAYwAuAGkAYwBlAGQAZQB2AC4AbgB1AAAAAAAAAAAAdGVzdHVzZXJjdXJsaG9zdA==\r
-User-Agent: curl/7.10.6-pre1 (i686-pc-linux-gnu) libcurl/7.10.6-pre1 OpenSSL/0.9.7a ipv6 zlib/1.1.3\r
-Accept: */*\r
-\r
 </protocol>
 </verify>
 </testcase>