cURL

curl's project page on SourceForge.net

Sponsors:
Haxx

cURL > Mailing List > Monthly Index > Single Mail

curl-tracker Archives

[curl:bugs] #1363 Negotiate with SSPI not working

From: Marcel Raad <marcelraad_at_users.sf.net>
Date: Thu, 24 Jul 2014 07:41:48 +0000

Both the timeout because of a4cece3d47cf092da00cf9910e87bb60b9eff533 and the Negotiate memory leak only occur when using multi_socket_action, not when using the easy API or curl_multi_perform. I have never tried to use multi_socket_action from plain C, I'll try to create a minimal working example without asynchronous C++ libraries and hope there won't be any stack overflow...

---
** [bugs:#1363] Negotiate with SSPI not working**
**Status:** pending-needsinfo
**Created:** Wed Apr 23, 2014 10:45 AM UTC by Marcel Raad
**Last Updated:** Wed Jul 23, 2014 03:19 PM UTC
**Owner:** Daniel Stenberg
I'm using libcurl 7.35.0 built with SSPI (the relevant code has not changed in the current git version). I'm trying to authenticate to a Microsoft Threat Management Gateway 2010 SP2 proxy server via Negotiate. This fails and I see the following sequence of events in http_negotiate_sspi.c:
1. Curl_input_negotiate is called and creates a new credential handle and context handle (line 160f), but doesn't pass them to InitializeSecurityContext as the input token is not set (line 211).
2. Curl_output_negotiate is called, which frees the context and credential handles in Curl_cleanup_negotiate.
3. Curl_input_negotiate is called again, this time creating an input token (line 176). The call to InitializeSecurityContext fails with SEC_E_INVALID_HANDLE as neg_ctx->credentials and neg_ctx->context are NULL.
If I skip the call to Curl_cleanup_negotiate in Curl_output_negotiate (line 271), the authentication is successful.
---
Sent from sourceforge.net because curl-tracker@cool.haxx.se is subscribed to https://sourceforge.net/p/curl/bugs/
To unsubscribe from further messages, a project admin can change settings at https://sourceforge.net/p/curl/admin/bugs/options.  Or, if this is a mailing list, you can unsubscribe from the mailing list.
Received on 2014-07-24

These mail archives are generated by hypermail.

donate! Page updated March 21, 2014.
web site info

File upload with ASP.NET