[jira] [Updated] (HTTPCLIENT-1383) NTLM authentication can enter in infinite loop
[ https://issues.apache.org/jira/browse/HTTPCLIENT-1383?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Ricardo Pereira updated HTTPCLIENT-1383: Attachment: HTTPCLIENT-1383_patch_tests_non_unicode Attached a patch (for trunk) with some changes to the NTLM tests: - Adds a new test which enters in infinite loop (uses a non unicode NTLM challenge message); - Minor changes to use the same response handler (that sends only challenge messages). NTLM authentication can enter in infinite loop -- Key: HTTPCLIENT-1383 URL: https://issues.apache.org/jira/browse/HTTPCLIENT-1383 Project: HttpComponents HttpClient Issue Type: Bug Components: HttpAuth Affects Versions: Snapshot Reporter: Ricardo Pereira Fix For: 4.2.6, 4.3 Beta3 Attachments: ClientNtlmProxyAuthentication.java, HTTPCLIENT-1383_patch_tests, HTTPCLIENT-1383_patch_tests_non_unicode, wire.log If the NTLM proxy sends, always, a challenge message the authentication enters in infinite loop. This happened with an user account that got suspended because of too many failed authentication attempts, after that the server started to send, always, the (same) challenge message causing an infinite loop with the HttpClient. -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators For more information on JIRA, see: http://www.atlassian.com/software/jira - To unsubscribe, e-mail: dev-unsubscr...@hc.apache.org For additional commands, e-mail: dev-h...@hc.apache.org
[jira] [Updated] (HTTPCLIENT-1383) NTLM authentication can enter in infinite loop
[ https://issues.apache.org/jira/browse/HTTPCLIENT-1383?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Ricardo Pereira updated HTTPCLIENT-1383: Attachment: HTTPCLIENT-1383_patch_tests Attached a patch (for trunk) with some changes to the NTLM tests: - Adds a new test which enters in infinite loop (the difference is that the first answer is already a challenge message); - Adds a new response handler that answers only with challenge messages. NTLM authentication can enter in infinite loop -- Key: HTTPCLIENT-1383 URL: https://issues.apache.org/jira/browse/HTTPCLIENT-1383 Project: HttpComponents HttpClient Issue Type: Bug Components: HttpAuth Affects Versions: Snapshot Reporter: Ricardo Pereira Fix For: 4.2.6, 4.3 Beta3 Attachments: ClientNtlmProxyAuthentication.java, HTTPCLIENT-1383_patch_tests, wire.log If the NTLM proxy sends, always, a challenge message the authentication enters in infinite loop. This happened with an user account that got suspended because of too many failed authentication attempts, after that the server started to send, always, the (same) challenge message causing an infinite loop with the HttpClient. -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators For more information on JIRA, see: http://www.atlassian.com/software/jira - To unsubscribe, e-mail: dev-unsubscr...@hc.apache.org For additional commands, e-mail: dev-h...@hc.apache.org
[jira] [Updated] (HTTPCLIENT-1383) NTLM authentication can enter in infinite loop
[ https://issues.apache.org/jira/browse/HTTPCLIENT-1383?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Ricardo Pereira updated HTTPCLIENT-1383: Attachment: wire.log ClientNtlmProxyAuthentication.java Attached the wire log and the code used to produce it (client/server heavily based on HttpClient/HttpCore examples). The example allows one authentication attempt, after that it returns always the challenge message (it stops after 8 requests). Tested with latest httpclient/httpcore trunk (revision 1500032). NTLM authentication can enter in infinite loop -- Key: HTTPCLIENT-1383 URL: https://issues.apache.org/jira/browse/HTTPCLIENT-1383 Project: HttpComponents HttpClient Issue Type: Bug Components: HttpAuth Affects Versions: Snapshot Reporter: Ricardo Pereira Attachments: ClientNtlmProxyAuthentication.java, wire.log If the NTLM proxy sends, always, a challenge message the authentication enters in infinite loop. This happened with an user account that got suspended because of too many failed authentication attempts, after that the server started to send, always, the (same) challenge message causing an infinite loop with the HttpClient. -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators For more information on JIRA, see: http://www.atlassian.com/software/jira - To unsubscribe, e-mail: dev-unsubscr...@hc.apache.org For additional commands, e-mail: dev-h...@hc.apache.org
[jira] [Updated] (HTTPCLIENT-1383) NTLM authentication can enter in infinite loop
[ https://issues.apache.org/jira/browse/HTTPCLIENT-1383?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Oleg Kalnichevski updated HTTPCLIENT-1383: -- Fix Version/s: 4.3 Beta3 Ricardo, do you happen to know if 4.2.x branch is also affected? Oleg NTLM authentication can enter in infinite loop -- Key: HTTPCLIENT-1383 URL: https://issues.apache.org/jira/browse/HTTPCLIENT-1383 Project: HttpComponents HttpClient Issue Type: Bug Components: HttpAuth Affects Versions: Snapshot Reporter: Ricardo Pereira Fix For: 4.3 Beta3 Attachments: ClientNtlmProxyAuthentication.java, wire.log If the NTLM proxy sends, always, a challenge message the authentication enters in infinite loop. This happened with an user account that got suspended because of too many failed authentication attempts, after that the server started to send, always, the (same) challenge message causing an infinite loop with the HttpClient. -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators For more information on JIRA, see: http://www.atlassian.com/software/jira - To unsubscribe, e-mail: dev-unsubscr...@hc.apache.org For additional commands, e-mail: dev-h...@hc.apache.org