cURL
Haxx ad
libcurl
Mailing Lists

curl's project page on SourceForge.net

Sponsors:
Haxx

cURL > Mailing List > Monthly Index > Single Mail

curl-tracker mailing list Archives

[ curl-Bugs-3085981 ] NTLM proxy w/authentication + POST problem

From: SourceForge.net <noreply_at_sourceforge.net>
Date: Tue, 12 Oct 2010 15:40:23 +0000

Bugs item #3085981, was opened at 2010-10-12 08:40
Message generated for change (Tracker Item Submitted) made by cklenetsky
You can respond by visiting:
https://sourceforge.net/tracker/?func=detail&atid=100976&aid=3085981&group_id=976

Please note that this message will contain a full copy of the comment thread,
including the initial issue submission, for this request,
not just the latest update.
Category: None
Group: None
Status: Open
Resolution: None
Priority: 5
Private: No
Submitted By: Carey Klenetsky (cklenetsky)
Assigned to: Nobody/Anonymous (nobody)
Summary: NTLM proxy w/authentication + POST problem

Initial Comment:
If you configure curl to use NTLM proxy authentication, but the proxy doesn't require authentication, an HTTP POST will not include the parameters.

The problem seems to come from the fact that curl expects to be in an auth. negotiation state, but the proxy happily forwards on the POST. You can see this with the curl app by sending this command and tracing the network traffic:

curl -x proxy-machine:proxy-port --proxy-ntlm -U user:password -d "abc=123&def=456" server.to.hit

In the case where authentication is on and supported the traffic looks like this (port 8080 is the traffic from curl to the proxy, and 80 from the proxy to the server):

interface: \Device\NPF_{4BD3F68E-3CDB-4B9A-BE85-65F2F79561AC} (172.20.2.0/255.
5.255.0)
filter: (ip or ip6) and ( port 80 or port 8080 )
####
T 172.20.2.147:3097 -> 172.20.2.10:8080 [AP]
  POST http://www.sfbaymagic.com HTTP/1.1..Proxy-Authorization: NTLM TlRMTVNT
  UAABAAAABoIIAAAAAAAAAAAAAAAAAAAAAAA=..User-Agent: curl/7.16.3 (i686-pc-cygw
  in) libcurl/7.16.3 OpenSSL/0.9.8i zlib/1.2.3 libssh2/0.15-CVS..Host: www.sf
  baymagic.com..Pragma: no-cache..Accept: */*..Proxy-Connection: Keep-Alive..
  Content-Length: 0..Content-Type: application/x-www-form-urlencoded....
#
T 172.20.2.10:8080 -> 172.20.2.147:3097 [AP]
  HTTP/1.1 407 Proxy Authentication Required ( Access is denied. )..Via: 1.1
   LIMAX32VM..Proxy-Authenticate: NTLM TlRMTVNTUAACAAAABgAGADgAAAAGgokC8OxY+v
  LP1QUAAAAAAAAAAJ4AngA+AAAABQLODgAAAA9DQVJFWTICAAwAQwBBAFIARQBZADIAAQASAEwAS
  QBNAEEAWAAzADIAVgBNAAQAHABjAGEAcgBlAHkAMgAuAGMAbQAuAHQAZQBzAHQAAwAwAGwAaQBt
  AGEAeAAzADIAdgBtAC4AYwBhAHIAZQB5ADIALgBjAG0ALgB0AGUAcwB0AAUAHABjAGEAcgBlAHk
  AMgAuAGMAbQAuAHQAZQBzAHQAAAAAAA==..Connection: Keep-Alive..Proxy-Connection
  : Keep-Alive..Pragma: no-cache..Cache-Control: no-cache..Content-Type: text
  /html..Content-Length: 0 ....
#
T 172.20.2.147:3097 -> 172.20.2.10:8080 [AP]
  POST http://www.sfbaymagic.com HTTP/1.1..Proxy-Authorization: NTLM TlRMTVNT
  UAADAAAAGAAYAEAAAAAYABgAWAAAAAYABgBwAAAACgAKAHYAAAAMAAwAgAAAAAAAAAAAAAAABoK
  JApXaqUAU77gpAAAAAAAAAAAAAAAAAAAAAHCJaYtBbyluhLKj/9c+0cQEP98HcHxUoWNhcmV5Mm
  NrbGVuZXRza3llbmcxMi1kYzc2MDA=..User-Agent: curl/7.16.3 (i686-pc-cygwin) li
  bcurl/7.16.3 OpenSSL/0.9.8i zlib/1.2.3 libssh2/0.15-CVS..Host: www.sfbaymag
  ic.com..Pragma: no-cache..Accept: */*..Proxy-Connection: Keep-Alive..Conten
  t-Length: 15..Content-Type: application/x-www-form-urlencoded....abc=123&de
  f=456
#####
T 172.20.2.10:8636 -> 168.75.111.31:80 [AP]
  POST / HTTP/1.1..Via: 1.1 LIMAX32VM..Content-Length: 15..Content-Type: appl
  ication/x-www-form-urlencoded..User-Agent: curl/7.16.3 (i686-pc-cygwin) lib
  curl/7.16.3 OpenSSL/0.9.8i zlib/1.2.3 libssh2/0.15-CVS..Host: www.sfbaymagi
  c.com..Pragma: no-cache..Accept: */*..Connection: Keep-Alive....abc=123&def
  =456
##

If the proxy does not require authentication the traffic looks like this instead:

filter: (ip or ip6) and ( port 80 or port 8080 )
####
T 172.20.2.147:3107 -> 172.20.2.10:8080 [AP]
  POST http://www.sfbaymagic.com HTTP/1.1..Proxy-Authorization: NTLM TlRMTVNT
  UAABAAAABoIIAAAAAAAAAAAAAAAAAAAAAAA=..User-Agent: curl/7.16.3 (i686-pc-cygw
  in) libcurl/7.16.3 OpenSSL/0.9.8i zlib/1.2.3 libssh2/0.15-CVS..Host: www.sf
  baymagic.com..Pragma: no-cache..Accept: */*..Proxy-Connection: Keep-Alive..
  Content-Length: 0..Content-Type: application/x-www-form-urlencoded....
####
T 172.20.2.10:8643 -> 168.75.111.31:80 [AP]
  POST / HTTP/1.1..Via: 1.1 LIMAX32VM..Content-Length: 0..Content-Type: appli
  cation/x-www-form-urlencoded..User-Agent: curl/7.16.3 (i686-pc-cygwin) libc
  url/7.16.3 OpenSSL/0.9.8i zlib/1.2.3 libssh2/0.15-CVS..Host: www.sfbaymagic
  .com..Pragma: no-cache..Accept: */*..Connection: Keep-Alive....
##

Notice that the POST parameter are not part of the communication.

Even though the version of curl in the trace is 7.16.3 I've tried with 7.21.1 as well and the issue still remains.

----------------------------------------------------------------------

You can respond by visiting:
https://sourceforge.net/tracker/?func=detail&atid=100976&aid=3085981&group_id=976
Received on 2010-10-12

These mail archives are generated by hypermail.

donate! Page updated November 12, 2010.
web site info

File upload with ASP.NET