We recently installed AuthenNTLM where I work, and ran into the POST
problems described in the thread at
http://marc.theaimsgroup.com/?t=103177365400006&r=1&w=2
After looking through a couple of network traces I think I've found the
problem. It appears that after IE authenticates via NTLM, it sends type 1
messages for subsequent requests during a keepalive session. This is fine
and dandy unless you're sending a POST request - when it sends the type 1
message, it also sends a "Content-length: 0", and doesn't append the POST
data. Since the browser has successfully authenticated itself earlier in
the keepalive session, AuthenNTLM validates the request and a POST with no
accompanying POST data gets passed to the server.
Attached is a patch against the 0.21 release that fixes this behavior (in
our environment, at any rate). I know very little about NTLM
authentication and mod_perl coding, so the patch may not be entirely
correct.
--- /usr/local/perl/lib/site_perl/5.6.1/sun4-solaris/Apache/AuthenNTLM.pm Thu
Nov 7 17:29:15 2002
+++ ./AuthenNTLM.pm Tue Sep 3 11:03:04 2002
@@ -502,21 +502,9 @@
$conn -> user($self->{mappedusername}) ;
# we accecpt the user because we are on the same connection
- $type = $self -> get_msg ($r);
- print STDERR "[$$] AuthenNTLM: OK because same connection pid = $$,
connection = $$conn cuser = " .
- $conn -> user . ' ip = ' . $conn -> remote_ip . 'hash
= ' . $self -> {usernthash} . "\n" if ($debug) ;
-
-
- # IE (5.5, 6.0, probably others) can send a type 1 message
- # after authenticating on the same connection. This is a
- # problem for POST messages, because IE also sends a
- # "Content-length: 0" with no POST data.
- if (! $self -> {ntlm} || (defined ($type) && $type == 3) )
- {
- return OK ;
- }
- # Else fall through to the authentication below.
-
+ print STDERR "[$$] AuthenNTLM: OK because same connection pid = $$,
+connection = $$conn cuser = " .
+ $conn -> user . ' ip = ' . $conn -> remote_ip . "\n"
+if ($debug) ;
+ return OK ;
}
}
