mirror of
https://github.com/curl/curl.git
synced 2024-12-27 06:59:43 +08:00
7975d10cf8
When using basic-auth, connections and proxy connections
can be re-used with different Authorization headers since
it does not authenticate the connection (like NTLM does).
For instance, the below command should re-use the proxy
connection, but it currently doesn't:
curl -v -U alice:a -x http://localhost:8181 http://localhost/
--next -U bob:b -x http://localhost:8181 http://localhost/
This is a regression since refactoring of ConnectionExists()
as part of: cb4e2be7c6
Fix the above by removing the username and password compare
when re-using proxy connection at proxy_info_matches().
However, this fix brings back another bug would make curl
to re-print the old proxy-authorization header of previous
proxy basic-auth connection because it wasn't cleared.
For instance, in the below command the second request should
fail if the proxy requires authentication, but would succeed
after the above fix (and before aforementioned commit):
curl -v -U alice:a -x http://localhost:8181 http://localhost/
--next -x http://localhost:8181 http://localhost/
Fix this by clearing conn->allocptr.proxyuserpwd after use
unconditionally, same as we do for conn->allocptr.userpwd.
Also fix test 540 to not expect digest auth header to be
resent when connection is reused.
Signed-off-by: Isaac Boukris <iboukris@gmail.com>
Closes https://github.com/curl/curl/pull/1350
111 lines
2.3 KiB
Plaintext
111 lines
2.3 KiB
Plaintext
<testcase>
|
|
<info>
|
|
<keywords>
|
|
HTTP
|
|
HTTP GET
|
|
HTTP proxy
|
|
HTTP proxy Digest auth
|
|
multi
|
|
</keywords>
|
|
</info>
|
|
|
|
# Server-side
|
|
<reply>
|
|
<servercmd>
|
|
connection-monitor
|
|
</servercmd>
|
|
|
|
# this is returned first since we get no proxy-auth
|
|
<data>
|
|
HTTP/1.1 407 Authorization Required to proxy me my dear
|
|
Proxy-Authenticate: Digest realm="weirdorealm", nonce="12345"
|
|
Content-Length: 33
|
|
|
|
And you should ignore this data.
|
|
</data>
|
|
|
|
# then this is returned when we get proxy-auth
|
|
<data1000>
|
|
HTTP/1.1 200 OK
|
|
Content-Length: 21
|
|
Server: no
|
|
|
|
Nice proxy auth sir!
|
|
</data1000>
|
|
|
|
<datacheck>
|
|
HTTP/1.1 407 Authorization Required to proxy me my dear
|
|
Proxy-Authenticate: Digest realm="weirdorealm", nonce="12345"
|
|
Content-Length: 33
|
|
|
|
HTTP/1.1 200 OK
|
|
Content-Length: 21
|
|
Server: no
|
|
|
|
Nice proxy auth sir!
|
|
HTTP/1.1 407 Authorization Required to proxy me my dear
|
|
Proxy-Authenticate: Digest realm="weirdorealm", nonce="12345"
|
|
Content-Length: 33
|
|
|
|
HTTP/1.1 200 OK
|
|
Content-Length: 21
|
|
Server: no
|
|
|
|
Nice proxy auth sir!
|
|
</datacheck>
|
|
</reply>
|
|
|
|
# Client-side
|
|
<client>
|
|
<server>
|
|
http
|
|
</server>
|
|
# tool is what to use instead of 'curl'
|
|
<tool>
|
|
lib540
|
|
</tool>
|
|
<features>
|
|
!SSPI
|
|
crypto
|
|
</features>
|
|
<name>
|
|
HTTP proxy auth Digest multi API re-using connection
|
|
</name>
|
|
<command>
|
|
http://test.remote.example.com/path/540 http://%HOSTIP:%HTTPPORT silly:person custom.set.host.name
|
|
</command>
|
|
</client>
|
|
|
|
# Verify data after the test has been "shot"
|
|
<verify>
|
|
<strip>
|
|
^User-Agent: curl/.*
|
|
</strip>
|
|
<protocol>
|
|
GET http://test.remote.example.com/path/540 HTTP/1.1
|
|
Host: custom.set.host.name
|
|
Accept: */*
|
|
Proxy-Connection: Keep-Alive
|
|
|
|
GET http://test.remote.example.com/path/540 HTTP/1.1
|
|
Host: custom.set.host.name
|
|
Proxy-Authorization: Digest username="silly", realm="weirdorealm", nonce="12345", uri="/path/540", response="ca507dcf189196b6a5374d3233042261"
|
|
Accept: */*
|
|
Proxy-Connection: Keep-Alive
|
|
|
|
GET http://test.remote.example.com/path/540 HTTP/1.1
|
|
Host: custom.set.host.name
|
|
Accept: */*
|
|
Proxy-Connection: Keep-Alive
|
|
|
|
GET http://test.remote.example.com/path/540 HTTP/1.1
|
|
Host: custom.set.host.name
|
|
Proxy-Authorization: Digest username="silly", realm="weirdorealm", nonce="12345", uri="/path/540", response="ca507dcf189196b6a5374d3233042261"
|
|
Accept: */*
|
|
Proxy-Connection: Keep-Alive
|
|
|
|
[DISCONNECT]
|
|
</protocol>
|
|
</verify>
|
|
</testcase>
|