NTLM: handle auth for only a single request Currently when the server responds with 401 on NTLM authenticated connection (re-used) we consider it to have failed. However this is legitimate and may happen when for example IIS is set configured to 'authPersistSingleRequest' or when the request goes thru a proxy (with 'via' header). Implemented by imploying an additional state once a connection is re-used to indicate that if we receive 401 we need to restart authentication. Closes #363

commit: fe6049f04bf7eb0481ba030c0e78aae5cfd0209f [log] [tgz]
author: Isaac Boukris <iboukris@gmail.com> Tue Aug 04 02:20:23 2015 +0300
committer: Daniel Stenberg <daniel@haxx.se> Thu Aug 06 14:39:26 2015 +0200
tree: 8c75db4dcffa1a1fe4e207c47d6a58282cec7a5f
parent: 7f11259eb70c39edfaf3c454c1b7ba13a2dc6c2a [diff]
diff --git a/lib/curl_ntlm.c b/lib/curl_ntlm.c
index 1f3bdcc..f9ddf50 100644
--- a/lib/curl_ntlm.c
+++ b/lib/curl_ntlm.c

@@ -84,7 +84,11 @@
       ntlm->state = NTLMSTATE_TYPE2; /* We got a type-2 message */
     }
     else {
-      if(ntlm->state == NTLMSTATE_TYPE3) {
+      if(ntlm->state == NTLMSTATE_LAST) {
+        infof(conn->data, "NTLM auth restarted\n");
+        Curl_http_ntlm_cleanup(conn);
+      }
+      else if(ntlm->state == NTLMSTATE_TYPE3) {
         infof(conn->data, "NTLM handshake rejected\n");
         Curl_http_ntlm_cleanup(conn);
         ntlm->state = NTLMSTATE_NONE;
@@ -211,6 +215,9 @@
   case NTLMSTATE_TYPE3:
     /* connection is already authenticated,
      * don't send a header in future requests */
+    ntlm->state = NTLMSTATE_LAST;
+
+  case NTLMSTATE_LAST:
     Curl_safefree(*allocuserpwd);
     authp->done = TRUE;
     break;
commit	fe6049f04bf7eb0481ba030c0e78aae5cfd0209f	[log] [tgz]
author	Isaac Boukris <iboukris@gmail.com>	Tue Aug 04 02:20:23 2015 +0300
committer	Daniel Stenberg <daniel@haxx.se>	Thu Aug 06 14:39:26 2015 +0200
tree	8c75db4dcffa1a1fe4e207c47d6a58282cec7a5f
parent	7f11259eb70c39edfaf3c454c1b7ba13a2dc6c2a [diff]