Bug 953864

Summary: NTLM broken in Curl 7.19.7-35.el6.x86_64
Product: Red Hat Enterprise Linux 6 Reporter: Ruben Püttmann <ruben>
Component: curlAssignee: Kamil Dudka <kdudka>
Status: CLOSED DUPLICATE QA Contact: BaseOS QE Security Team <qe-baseos-security>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 6.4   
Target Milestone: rc   
Target Release: ---   
Hardware: x86_64   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2013-04-20 08:47:31 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Ruben Püttmann 2013-04-19 11:10:17 UTC 
Description of problem:

with the curl version distributed with 6.4 it is not possible to do an ntlm authentification. Upstream is fixed. See also:

http://stackoverflow.com/questions/4341368/curl-always-returns-401-with-ntlm
http://serverfault.com/questions/408421/ntlm-with-curl-returns-401 


Version-Release number of selected component (if applicable):

Curl 7.19.7-35.el6.x86_64 

How reproducible:


curl https://exchangserver/EWS/Exchange.asmx [^] -w %{http_code} --ntlm -u username --verbose --show-error

It will ask you for your password. On centos with curl 7.19.7-35.el6.x86_64 I got an 401 on my debian box with


ruben@work:[~] > curl -V
curl 7.26.0 (i486-pc-linux-gnu) libcurl/7.26.0 OpenSSL/1.0.1c zlib/1.2.7 libidn/1.25 libssh2/1.4.1 librtmp/2.3
Protocols: dict file ftp ftps gopher http https imap imaps ldap pop3 pop3s rtmp rtsp scp sftp smtp smtps telnet tftp
Features: Debug GSS-Negotiate IDN IPv6 Largefile NTLM NTLM_WB SSL libz TLS-SRP
ruben@work:[~] >

It works.
Comment 1 Kamil Dudka 2013-04-19 12:13:26 UTC 
(In reply to comment #0)
> Description of problem:
> 
> with the curl version distributed with 6.4 it is not possible to do an ntlm
> authentification.

Unlikely.  The support for NTLM was introduced in curl-7.19.7-16.el6 (bug #606819) and covered by regression tests.

> Upstream is fixed. See also:
> 
> http://stackoverflow.com/questions/4341368/curl-always-returns-401-with-ntlm
> http://serverfault.com/questions/408421/ntlm-with-curl-returns-401

Those builds use OpenSSL-powered NTLM authentication whereas we use NSS.

> How reproducible:
> 
> 
> curl https://exchangserver/EWS/Exchange.asmx [^] -w %{http_code} --ntlm -u
> username --verbose --show-error
> 
> It will ask you for your password. On centos with curl 7.19.7-35.el6.x86_64
> I got an 401 on my debian box with

Please provide a self-contained reproducer.
Comment 2 Ruben Püttmann 2013-04-19 13:33:48 UTC 
I will send you an E-mail with some additional Informations, including some non public stuff.
Comment 4 Ruben Püttmann 2013-04-19 15:35:23 UTC 
The Patch from: https://bugzilla.redhat.com/show_bug.cgi?id=799557
fixes teh problem here
Comment 5 Kamil Dudka 2013-04-20 08:47:31 UTC 
Thank you for confirming the fix!  I am closing this bug as duplicate...

*** This bug has been marked as a duplicate of bug 799557 ***