php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #62195 NTLM authentication of current user on different host fails
Submitted: 2012-05-31 10:15 UTC Modified: 2014-04-25 09:37 UTC
From: a dot schilder at gmx dot de Assigned:
Status: Not a bug Package: cURL related
PHP Version: 5.4.3 OS: Windows Server 2008R2
Private report: No CVE-ID: None
View Add Comment Developer Edit
Welcome! If you don't have a Git account, you can't do anything here.
You can add a comment by following this link or if you reported this bug, you can edit this bug over here.
(description)
Block user comment
Status: Assign to:
Package:
Bug Type:
Summary:
From: a dot schilder at gmx dot de
New email:
PHP Version: OS:

 

 [2012-05-31 10:15 UTC] a dot schilder at gmx dot de
Description:
------------
A request with NTML authentication using the current, authenticated user (CURLOPT_USERPWD ":") doesn't work, when doing a request to another host in the same domain. Settings the same credentials directly for CURLOPT_USERPWD works as expected.

Test script:
---------------
Script on "server1.domainXYZ", user already authenicated.
Curl requests to "server1.domainXYZ" and "server2.domainXYZ".


Version 1 (Server 1, explicitly setting the credentials of the current user):
...
curl_setopt($ch, CURLOPT_URL, 'http://server1.domainXYZ/file.php');
curl_setopt($ch, CURLOPT_HEADER, 0);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_HTTPAUTH, CURLAUTH_NTLM);
curl_setopt($ch, CURLOPT_USERPWD, "domainXYZ\\userX:passwordY");
...


Version 2 (Server 1, using current user):
...
curl_setopt($ch, CURLOPT_URL, 'http://server1.domainXYZ/file.php');
curl_setopt($ch, CURLOPT_HEADER, 0);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_HTTPAUTH, CURLAUTH_NTLM);
curl_setopt($ch, CURLOPT_USERPWD, ":");
...


Version 3 (Server 2, explicitly setting the credentials of the current user):
...
curl_setopt($ch, CURLOPT_URL, 'http://server2.domainXYZ/file.php');
curl_setopt($ch, CURLOPT_HEADER, 0);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_HTTPAUTH, CURLAUTH_NTLM);
curl_setopt($ch, CURLOPT_USERPWD, "domainXYZ\\userX:passwordY");
...


Version 4 (Server 2, using current user):
...
curl_setopt($ch, CURLOPT_URL, 'http://server2.domainXYZ/file.php');
curl_setopt($ch, CURLOPT_HEADER, 0);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_HTTPAUTH, CURLAUTH_NTLM);
curl_setopt($ch, CURLOPT_USERPWD, ":");
...

Expected result:
----------------
Version 1: works
Version 2: works
Version 3: works
Version 4: works

Actual result:
--------------
Version 1: works
Version 2: works
Version 3: works
Version 4: doesn't work

In Version 1-3 the user name is correctly sent and logged in the IIS logs ("cs-username").

In Version 4, the user name in the IIS logs is empty ("-"), so no user name is sent by cURL.

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2012-06-11 13:22 UTC] a dot schilder at gmx dot de
-Summary: NTML authentication of current user on different host fails +Summary: NTLM authentication of current user on different host fails
 [2012-06-11 13:22 UTC] a dot schilder at gmx dot de
Typo in summary corrected
 [2014-04-25 09:37 UTC] mike@php.net
-Status: Open +Status: Not a bug
 [2014-04-25 09:37 UTC] mike@php.net
man curl_easy_setopt says:

"libcurl will only send this user and password information to hosts using the initial host name (unless CURLOPT_UNRESTRICTED_AUTH is set)"

Did you try CURLOPT_UNRESTRICTED_AUTH?
 [2018-07-06 15:14 UTC] alexanderlutsky at gmail dot com
Still experiencing this in PHP 7.1.7, cURL version 7.54.1
When I explicitly specify my own username and password (which are the same for both source and destination servers) under CURLOPT_USERPWD it works perfectly, but with just ":" - authentication fails, error 401

The code is as follows:
...
function file_get_contents_curl($url) {
	$curl = curl_init();
	curl_setopt($curl, CURLOPT_URL, $url);
	curl_setopt($curl, CURLOPT_RETURNTRANSFER, 1);
	curl_setopt($curl, CURLOPT_HTTPAUTH, CURLAUTH_NTLM);
	curl_setopt($curl, CURLOPT_UNRESTRICTED_AUTH, TRUE);
	curl_setopt($curl, CURLOPT_USERPWD, ":");
	$data = curl_exec($curl);
	curl_close($curl);
	return $data;
}
...
Can you please advise?
 
PHP Copyright © 2001-2019 The PHP Group
All rights reserved.
Last updated: Sun Nov 17 07:01:34 2019 UTC