curl-tracker Archives

[curl:bugs] #1363 Negotiate with SSPI not working

From: Marcel Raad <marcelraad_at_users.sf.net>
Date: Thu, 24 Jul 2014 17:03:32 +0000

Please find a patch for the memory leaks attached. This time with git commit and git format patch, I hope I got it right.

The other issue is getting very strange. The first CONNECT ever made by the application succeeds, subsequent CONNECTs (with new multi handles) always time out after receiving the 200 from the proxy. I have compiled curl with debug output both with revision a4cece3d47cf092da00cf9910e87bb60b9eff533 and without it, but the logs look almost the same. Should I open a new bug for that issue?

Attachment: 0001-SSPI-Negotiate-Fix-3-memory-leaks.patch (1.6 kB; application/octet-stream)

---
** [bugs:#1363] Negotiate with SSPI not working**
**Status:** pending-needsinfo
**Created:** Wed Apr 23, 2014 10:45 AM UTC by Marcel Raad
**Last Updated:** Thu Jul 24, 2014 07:41 AM UTC
**Owner:** Daniel Stenberg
I'm using libcurl 7.35.0 built with SSPI (the relevant code has not changed in the current git version). I'm trying to authenticate to a Microsoft Threat Management Gateway 2010 SP2 proxy server via Negotiate. This fails and I see the following sequence of events in http_negotiate_sspi.c:
1. Curl_input_negotiate is called and creates a new credential handle and context handle (line 160f), but doesn't pass them to InitializeSecurityContext as the input token is not set (line 211).
2. Curl_output_negotiate is called, which frees the context and credential handles in Curl_cleanup_negotiate.
3. Curl_input_negotiate is called again, this time creating an input token (line 176). The call to InitializeSecurityContext fails with SEC_E_INVALID_HANDLE as neg_ctx->credentials and neg_ctx->context are NULL.
If I skip the call to Curl_cleanup_negotiate in Curl_output_negotiate (line 271), the authentication is successful.
---
Sent from sourceforge.net because curl-tracker@cool.haxx.se is subscribed to https://sourceforge.net/p/curl/bugs/
To unsubscribe from further messages, a project admin can change settings at https://sourceforge.net/p/curl/admin/bugs/options.  Or, if this is a mailing list, you can unsubscribe from the mailing list.

Received on 2014-07-24

This message: [ Message body ]
Next message: Daniel Stenberg: "[curl:bugs] #1363 Negotiate with SSPI not working"
Previous message: Marcel Raad: "[curl:bugs] #1363 Negotiate with SSPI not working"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]

These mail archives are generated by hypermail.