cURL
Haxx ad
libcurl

curl's project page on SourceForge.net

Sponsors:
Haxx

cURL > Mailing List > Monthly Index > Single Mail

curl-tracker Archives

[curl:bugs] #1253 NTLM authentication fails when password contains special characters (british pound symbol £)

From: Paul McNally <ptmcnally_at_users.sf.net>
Date: Fri, 28 Jun 2013 13:37:19 +0000

I don't think so. The workarounds provided, compiling cURL with UNICODE and using schannel/winssl backend are for windows. All our servers use Debian linux.

---
** [bugs:#1253] NTLM authentication fails when password contains special characters (british pound symbol £)**
**Status:** open
**Created:** Thu Jun 27, 2013 01:36 PM UTC by Paul McNally
**Last Updated:** Thu Jun 27, 2013 07:51 PM UTC
**Owner:** nobody
NTLM authentication is failing when authentication contains special characters, namely the british pound symbol (£).

I have tried this using the CLI and via php_curl using CURLAUTH_NTLM. I have also tried raw URL encoding the username and password and replacing the special character directly with it's unicode equivalent. All instances fail returning:

NTLM handshake failure (internal error) (I think this is NTLMSTATE_TYPE1?)

I have changed the password to be one WITHOUT a special character and the cURL process works fine. If someone could look into this we would greatly appreciate it.

Thanks.

Curl -V output:

curl 7.26.0 (x86_64-pc-linux-gnu) libcurl/7.26.0 OpenSSL/1.0.1e zlib/1.2.7 libidn/1.25 libssh2/1.4.2 librtmp/2.3
Protocols: dict file ftp ftps gopher http https imap imaps ldap pop3 pop3s rtmp rtsp scp sftp smtp smtps telnet tftp 
Features: Debug GSS-Negotiate IDN IPv6 Largefile NTLM NTLM_WB SSL libz TLS-SRP 

------------------------------------

cURL query:

curl --verbose --insecure --ntlm --location -u someuser:p£ssword https://10.0.0.17/EWS/Exchange.asmx




* About to connect() to 10.0.0.17 port 443 (#0)
*   Trying 10.0.0.17...
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed

  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0* connected
* Connected to 10.0.0.17 (10.0.0.17) port 443 (#0)
* successfully set certificate verify locations:
*   CAfile: none
  CApath: /etc/ssl/certs
* SSLv3, TLS handshake, Client hello (1):
} [data not shown]
* SSLv3, TLS handshake, Server hello (2):
{ [data not shown]
* SSLv3, TLS handshake, CERT (11):
{ [data not shown]
* SSLv3, TLS handshake, Server finished (14):
{ [data not shown]
* SSLv3, TLS handshake, Client key exchange (16):
} [data not shown]
* SSLv3, TLS change cipher, Client hello (1):
} [data not shown]
* SSLv3, TLS handshake, Finished (20):
} [data not shown]
* SSLv3, TLS change cipher, Client hello (1):
{ [data not shown]
* SSLv3, TLS handshake, Finished (20):
{ [data not shown]
* SSL connection using AES128-SHA
* Server certificate:
* 	 subject: CN=2008Exc07
* 	 start date: 2010-09-19 23:27:30 GMT
* 	 expire date: 2011-09-19 23:27:30 GMT
* 	 common name: 2008Exc07 (does not match '10.0.0.17')
* 	 issuer: CN=2008Exc07
* 	 SSL certificate verify result: unable to get local issuer certificate (20), continuing anyway.
* Server auth using NTLM with user 'student1'
> GET /EWS/Exchange.asmx HTTP/1.1
> Authorization: NTLM TlRMTVNTUAABAAAABoIIAAAAAAAAAAAAAAAAAAAAAAA=
> User-Agent: curl/7.26.0
> Host: 10.0.0.17
> Accept: */*
> 
* additional stuff not fine transfer.c:1037: 0 0
* HTTP 1.1 or later with persistent connection, pipelining supported
< HTTP/1.1 401 Unauthorized
< Server: Microsoft-IIS/7.0
< WWW-Authenticate: NTLM TlRMTVNTUAACAAAABwAHADgAAAAGgokCfSShwrqyuAEAAAAAAAAAALgAuAA/AAAABgByFwAAAA8yMDA4REVWAgAOADIAMAAwADgARABFAFYAAQASADIAMAAwADgARQBYAEMAMAA3AAQAIAAyADAAMAA4AGQAZQB2AC4AaQBuAHQAZQByAG4AYQBsAAMANAAyADAAMAA4AEUAeABjADAANwAuADIAMAAwADgAZABlAHYALgBpAG4AdABlAHIAbgBhAGwABQAgADIAMAAwADgAZABlAHYALgBpAG4AdABlAHIAbgBhAGwABwAIABYL07Qqc84BAAAAAA==
< WWW-Authenticate: Negotiate
< X-Powered-By: ASP.NET
< Date: Thu, 27 Jun 2013 11:37:29 GMT
< Content-Length: 0
< 

  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0
* Connection #0 to host 10.0.0.17 left intact
* Issue another request to this URL: 'https://10.0.0.17/EWS/Exchange.asmx'
* Re-using existing connection! (#0) with host (nil)
* Connected to (nil) (10.0.0.17) port 443 (#0)
* Server auth using NTLM with user 'student1'
> GET /EWS/Exchange.asmx HTTP/1.1
> Authorization: NTLM TlRMTVNTUAADAAAAGAAYAEAAAAAYABgAWAAAAAAAAABwAAAACAAIAHAAAAAGAAYAeAAAAAAAAAAAAAAABoKJApDuoAji4B0VAAAAAAAAAAAAAAAAAAAAAK0XpK1S3100KAJO6S1e8rYJ8LVkWEP5Q3N0dWRlbnQxZGViaWFu
> User-Agent: curl/7.26.0
> Host: 10.0.0.17
> Accept: */*
> 
* additional stuff not fine transfer.c:1037: 0 0
* HTTP 1.1 or later with persistent connection, pipelining supported
< HTTP/1.1 401 Unauthorized
< Server: Microsoft-IIS/7.0
< WWW-Authenticate: Negotiate
* NTLM handshake failure (internal error)
* Authentication problem. Ignoring this.
< WWW-Authenticate: NTLM
< X-Powered-By: ASP.NET
< Date: Thu, 27 Jun 2013 11:37:29 GMT
< Content-Length: 0
< 

  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0
* Connection #0 to host (nil) left intact
* Closing connection #0
* SSLv3, TLS alert, Client hello (1):
} [data not shown]

---
Sent from sourceforge.net because curl-tracker@cool.haxx.se is subscribed to https://sourceforge.net/p/curl/bugs/
To unsubscribe from further messages, a project admin can change settings at https://sourceforge.net/p/curl/admin/bugs/options.  Or, if this is a mailing list, you can unsubscribe from the mailing list.
Received on 2013-06-28

These mail archives are generated by hypermail.

donate! Page updated May 06, 2013.
web site info

File upload with ASP.NET