From 378af08c99299683eb728fd8f9d3d3ab05f73ec0 Mon Sep 17 00:00:00 2001 From: Daniel Stenberg Date: Wed, 12 Feb 2014 14:15:42 +0100 Subject: [PATCH] ConnectionExists: reusing possible HTTP+NTLM connections better Make sure that the special NTLM magic we do is for HTTP+NTLM only since that's where the authenticated connection is a weird non-standard paradigm. Regression brought in 8ae35102c (curl 7.35.0) Bug: http://curl.haxx.se/mail/lib-2014-02/0100.html Reported-by: Dan Fandrich --- lib/url.c | 36 ++++++++++++++++++------------------ 1 file changed, 18 insertions(+), 18 deletions(-) diff --git a/lib/url.c b/lib/url.c index 5020a2bdf5..085b3a2f91 100644 --- a/lib/url.c +++ b/lib/url.c @@ -2903,8 +2903,9 @@ ConnectionExists(struct SessionHandle *data, struct connectdata *check; struct connectdata *chosen = 0; bool canPipeline = IsPipeliningPossible(data, needle); - bool wantNTLM = (data->state.authhost.want & CURLAUTH_NTLM) || - (data->state.authhost.want & CURLAUTH_NTLM_WB) ? TRUE : FALSE; + bool wantNTLMhttp = ((data->state.authhost.want & CURLAUTH_NTLM) || + (data->state.authhost.want & CURLAUTH_NTLM_WB)) && + (needle->handler->protocol & CURLPROTO_HTTP) ? TRUE : FALSE; struct connectbundle *bundle; *force_reuse = FALSE; @@ -3059,16 +3060,15 @@ ConnectionExists(struct SessionHandle *data, continue; } - if((needle->handler->protocol & CURLPROTO_FTP) || - ((needle->handler->protocol & CURLPROTO_HTTP) && wantNTLM)) { - /* This is FTP or HTTP+NTLM, verify that we're using the same name - and password as well */ - if(!strequal(needle->user, check->user) || - !strequal(needle->passwd, check->passwd)) { - /* one of them was different */ - continue; - } - credentialsMatch = TRUE; + if((needle->handler->protocol & CURLPROTO_FTP) || wantNTLMhttp) { + /* This is FTP or HTTP+NTLM, verify that we're using the same name + and password as well */ + if(!strequal(needle->user, check->user) || + !strequal(needle->passwd, check->passwd)) { + /* one of them was different */ + continue; + } + credentialsMatch = TRUE; } if(!needle->bits.httpproxy || needle->handler->flags&PROTOPT_SSL || @@ -3120,12 +3120,12 @@ ConnectionExists(struct SessionHandle *data, } if(match) { - /* If we are looking for an NTLM connection, check if this is already - authenticating with the right credentials. If not, keep looking so - that we can reuse NTLM connections if possible. (Especially we - must not reuse the same connection if partway through - a handshake!) */ - if(wantNTLM) { + /* If we are looking for an HTTP+NTLM connection, check if this is + already authenticating with the right credentials. If not, keep + looking so that we can reuse NTLM connections if + possible. (Especially we must not reuse the same connection if + partway through a handshake!) */ + if(wantNTLMhttp) { if(credentialsMatch && check->ntlm.state != NTLMSTATE_NONE) { chosen = check;