- Constantine Sapuntzakis filed bug report #2042440

(http://curl.haxx.se/bug/view.cgi?id=2042440) with a patch. He identified a
  problem when using NTLM over a proxy but the end-point does Basic, and then
  libcurl would do wrong when the host sent "Connection: close" as the proxy's
  NTLM state was erroneously cleared.

CHANGES

@@ -6,6 +6,14 @@
 
                                   Changelog
 
+
+Daniel Stenberg (11 Aug 2008)
+- Constantine Sapuntzakis filed bug report #2042440
+  (http://curl.haxx.se/bug/view.cgi?id=2042440) with a patch. He identified a
+  problem when using NTLM over a proxy but the end-point does Basic, and then
+  libcurl would do wrong when the host sent "Connection: close" as the proxy's
+  NTLM state was erroneously cleared.
+
 Yang Tse (11 Aug 2008)
 - Added missing signed and unsigned curl_off_t integer constant suffixes for
   internal and external use. CURL_SUFFIX_CURL_OFF_T, CURL_SUFFIX_CURL_OFF_TU.

RELEASE-NOTES

@@ -49,6 +49,7 @@ This release includes the following bugfixes:
  o HTTP PUT with -C - sent bad Content-Range: header
  o HTTP PUT or POST with redirect could lead to hang
  o re-use of connections with failed SSL connects in the multi interface
+ o NTLM over proxy state was wrongly cleared when host connection was closed
 
 This release includes the following known bugs:
 
@@ -69,7 +70,8 @@ advice from friends like these:
  Rob Crittenden, Dengminwen, Christopher Palow, Hans-Jurgen May,
  Phil Pellouchoud, Eduard Bloch, John Lightsey, Stephen Collyer, Tor Arntsen,
  Rolland Dudemaine, Phil Blundell, Scott Barrett, Andreas Schuldei,
- Peter Lamberg, David Bau, Pramod Sharma, Yehoshua Hershberg
+ Peter Lamberg, David Bau, Pramod Sharma, Yehoshua Hershberg,
+ Constantine Sapuntzakis
 
 
         Thanks! (and sorry if I forgot to mention someone)

lib/url.c

@@ -2179,23 +2179,32 @@ CURLcode Curl_disconnect(struct connectdata *conn)
   Curl_expire(data, 0); /* shut off timers */
   Curl_hostcache_prune(data); /* kill old DNS cache entries */
 
-  if((conn->ntlm.state != NTLMSTATE_NONE) ||
+  {
-     (conn->proxyntlm.state != NTLMSTATE_NONE)) {
+    int has_host_ntlm = (conn->ntlm.state != NTLMSTATE_NONE);
+    int has_proxy_ntlm = (conn->proxyntlm.state != NTLMSTATE_NONE);
+
     /* Authentication data is a mix of connection-related and sessionhandle-
        related stuff. NTLM is connection-related so when we close the shop
        we shall forget. */
+
+    if (has_host_ntlm) {
       data->state.authhost.done = FALSE;
       data->state.authhost.picked =
 	data->state.authhost.want;
+    }
 
+    if (has_proxy_ntlm) {
       data->state.authproxy.done = FALSE;
       data->state.authproxy.picked =
 	data->state.authproxy.want;
+    }
 
+    if (has_host_ntlm || has_proxy_ntlm) {
       data->state.authproblem = FALSE;
 
       Curl_ntlm_cleanup(conn);
     }
+  }
 
   if(conn->handler->disconnect)
     /* This is set if protocol-specific cleanups should be made */