Hello,

I'm having some trouble with CURL. I'm trying to use a web service to get a customer's name and address but it fails to send my post data when I use NTLM proxy authentication.

$xmlToSend = 
"<?xml version=\"1.0\" ?> <soapenv:Envelope xmlns:soapenv=\"http://schemas.xmlsoap.org/soap/envelope/\" xmlns:dat=\"$this->service\"> <soapenv:Header /> <soapenv:Body> <dat:CustomerDataRequest> <dat:SystemAuthentication> <dat:username>$this->user</dat:username> <dat:password>$this->pass</dat:password> </dat:SystemAuthentication> <dat:ReferenceNumber>$this->queryReference</dat:ReferenceNumber> </dat:CustomerDataRequest> </soapenv:Body> </soapenv:Envelope>
";


            $ch = curl_init($this->service . ".php");
            curl_setopt($ch, CURLOPT_HEADER, false);
            curl_setopt($ch, CURLOPT_PROXY, $this->proxyServer);
            curl_setopt($ch, CURLOPT_PROXYPORT, 8080);
            curl_setopt($ch, CURLOPT_PROXYUSERPWD, $this->proxyUPD);
            curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
            curl_setopt($ch, CURLOPT_PROXYAUTH, CURLAUTH_NTLM);
            curl_setopt($ch, CURLOPT_HTTPHEADER, Array ('Content-type: text/xml'));
            curl_setopt($ch, CURLOPT_POST, true);
            curl_setopt($ch, CURLOPT_POSTFIELDS, $xmlToSend);
            curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);

Now the issue appears to be with line 24: curl_setopt($ch, CURLOPT_PROXYAUTH, CURLAUTH_NTLM);

If I comment this out, everything works fine but it sends the proxyUPD string to the proxy server in plain text (bad)

If I leave it in, it authenticates on the proxy server using NTLM with the password encrypted (good) but the $xmlToSend is dropped by the proxy server on the way through to the target so the web service errors telling me that I did not send any XML.

Has anyone else come accross similar issues here? This is a problem for me because we are upgrading our proxy server and the new one does not support plain text authentication.

I'm not sure if this is maybe a bug in CURL or just that I'm missing something fundamental about the whole proxy concept??

Cheers
Ben

Hi,

Try by setting two separated cURL requests that share the same connection. There is a comment in PHP docs that can be helpful:

NTLM authorization is connect-based, not request-based. If the connection is not kept alive and re-used, cURL can never complete the request.

So try:

$ch = curl_init($this->service . ".php");

# authentication
curl_setopt($ch, CURLOPT_HEADER, false);
curl_setopt($ch, CURLOPT_PROXY, $this->proxyServer);
curl_setopt($ch, CURLOPT_PROXYPORT, 8080);
curl_setopt($ch, CURLOPT_PROXYUSERPWD, $this->proxyUPD);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_PROXYAUTH, CURLAUTH_NTLM);
curl_exec($ch);

# sending XML body
curl_setopt($ch, CURLOPT_HEADER, false);
curl_setopt($ch, CURLOPT_HTTPHEADER, array('Content-type: text/xml'));
curl_setopt($ch, CURLOPT_POST, true);
curl_setopt($ch, CURLOPT_POSTFIELDS, $xmlToSend);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
$response = curl_exec($ch);

By doing this the server should keep the connection alive. You can test it by using a shell with:

nc -l localhost 8080

The output in my test looks like this:

GET HTTP://run_ntlm.php/ HTTP/1.1
Proxy-Authorization: NTLM TlRMTVNTUAABAAAABoIIAAAAAAAAAAAAAAAAAAAAAAA=
Host: run_ntlm.php
Accept: */*
Proxy-Connection: Keep-Alive

And it stops because there is no proxy here. Maybe it can help you.

Hello Cereal,

Thanks for your reply. Unfortunately splitting this into 2 curl_execs has not resolved the issue :(

I shall investigate further!