mirror of
https://github.com/rclone/rclone
synced 2024-12-27 19:43:48 +01:00
webdav: disable HTTP/2 for NTLM authentication (#2921)
As per Microsoft documentation, Windows authentication (NTLM/Kerberos/Negotiate) is not supported with HTTP/2. This patch disables transparent HTTP/2 support when the vendor setting is "sharepoint-ntlm". Otherwise connections to IIS/10.0 can fail with HTTP_1_1_REQUIRED. Co-authored-by: Georg Neugschwandtner <georg.neugschwandtner@gmx.net>
This commit is contained in:
parent
ac6bb222f9
commit
e5d5ae9ab7
@ -10,6 +10,7 @@ package webdav
|
||||
import (
|
||||
"bytes"
|
||||
"context"
|
||||
"crypto/tls"
|
||||
"encoding/xml"
|
||||
"fmt"
|
||||
"io"
|
||||
@ -337,8 +338,15 @@ func NewFs(ctx context.Context, name, root string, m configmap.Mapper) (fs.Fs, e
|
||||
|
||||
client := fshttp.NewClient(ctx)
|
||||
if opt.Vendor == "sharepoint-ntlm" {
|
||||
// Disable transparent HTTP/2 support as per https://golang.org/pkg/net/http/ ,
|
||||
// otherwise any connection to IIS 10.0 fails with 'stream error: stream ID 39; HTTP_1_1_REQUIRED'
|
||||
// https://docs.microsoft.com/en-us/iis/get-started/whats-new-in-iis-10/http2-on-iis says:
|
||||
// 'Windows authentication (NTLM/Kerberos/Negotiate) is not supported with HTTP/2.'
|
||||
t := fshttp.NewTransportCustom(ctx, func(t *http.Transport) {
|
||||
t.TLSNextProto = map[string]func(string, *tls.Conn) http.RoundTripper{}
|
||||
})
|
||||
// Add NTLM layer
|
||||
client.Transport = ntlmssp.Negotiator{RoundTripper: client.Transport}
|
||||
client.Transport = ntlmssp.Negotiator{RoundTripper: t}
|
||||
}
|
||||
f := &Fs{
|
||||
name: name,
|
||||
|
Loading…
Reference in New Issue
Block a user