Hi Mauro (I'm guessing here - got this from the web page)
Here is a patch against 1.10.2 which fixes an issue I found when using
NTLM with Microsoft's Intermittent Information Server (IIS).
The issue is not with wget, but rather a bug in IIS. Nevertheless, here
is the fix and a description of the problem.
Essentially IIS has the ability to create "domains" for want of a better
description (I'm not an IIS expert by any means) within a single
instance of the IIS server.
Each of these domains (I understand) is more or less independent. The
bug manifests itself when a page within one domain links to a page
within another domain on the same IIS instance.
The web address of the server remains the same except the URI points to
some other directory under the server's root.
In this case, when the connection is first setup by wget, NTLM
authenticates correctly. Subsequent recursive gets also work fine
*until* a reference is made to another "domain".
When the cross domain reference occurs IIS issues another NTLM
challenge, as if the connection is not authenticated. Now, as you and I
know, NTLM is a connection authentication protocol, meaning you cannot
be connected unless you are authenticated. So IIS's other domains
already know the connection is authenticated because it *is* a
connection, nevertheless, they insist on re-authentication.
This patch addresses the issue by forcing a disconnect and retry when
this circumstance is detected (Actually, this always disconnects in this
rev. The detection bit needs more work).
That is to say, if an NTLM challenge occurs when the connection is
already active *and* NTLM authenticated, the connection is terminated
and restarted (thus invoking the challenge-response code) and ultimately
re-authenticating.
This work is the result of many hours of work and extensive network
debugging with the help of an Australian law enforcement agency.
--- wget-1.10.2.orig/src/http.c 2005-08-09 08:54:16.000000000 +1000
+++ wget-1.10.2/src/http.c 2006-11-21 12:25:22.000000000 +1100
@@ -1960,10 +1960,12 @@
hs->restval, &hs->rd_size, &hs->len, &hs->dltime,
flags);
+/*
if (hs->res >= 0)
CLOSE_FINISH (sock);
else
- CLOSE_INVALIDATE (sock);
+*/
+ CLOSE_INVALIDATE (sock);
{
/* Close or flush the file. We have to be careful to check for
Cheers
Phill.
P.S. the work was done last year and I'm finally cleaning up the loose ends.
Hope this helps.
Phill Bertolus
Technical Director
Web Wombat Pty. Ltd.
Ph: +61-3-9675-0900 (Switch)
Ph: +61-3-9675-0901 (Direct)
Mb: +61-4-1632-6853
Fx: +61-3-9675-0999
