From dd1ba7633e1020e1ec95144a31cde2cf65ba5a0a Mon Sep 17 00:00:00 2001 From: Daniel Stenberg Date: Mon, 22 Mar 2004 13:50:30 +0000 Subject: [PATCH] Enabled 'NT responses' in the NTLM type-3 message. --- CHANGES | 24 ++++++++++++++++++++++++ TODO-RELEASE | 4 ---- lib/http_ntlm.c | 2 +- tests/data/test67 | 2 +- tests/data/test68 | 2 +- tests/data/test69 | 2 +- tests/data/test81 | 2 +- tests/data/test89 | 4 ++-- tests/data/test90 | 4 ++-- tests/data/test91 | 2 +- 10 files changed, 34 insertions(+), 14 deletions(-) diff --git a/CHANGES b/CHANGES index 97c791b8f..2273f5ea5 100644 --- a/CHANGES +++ b/CHANGES @@ -6,6 +6,30 @@ Changelog +Daniel (22 March 2004) +- Enabled "NT responses" in the NTLM authentication. Doing this simply means + that we provide an extra chunk of data in each "type-3 message". The only + reason for doing this is that it seems that using only the "Lanmanager hash" + (as we've been doing until now) doesn't support passwords longer than 14 + characters and it turns out there are users out there who want to use + libcurl and NTLM with such passwords! ;-) Seven NTLM-related test cases were + updated accordingly. Mentioned as issue 29 in TODO-RELEASE, bug report + #915609 + +- Moved the generated libcurl version info to a new header file, named + curl/curlver.h. Now interested parties can include ONLY version info, should + anyone want that (and it seems at least some windows resource files would). + Mentioned as issue 27 in TODO-RELEASE. + +Daniel (21 March 2004) +- Fixed the root Makefile to use tabs for the netware target. Günter Knauf + pointed this out. + +- Marty Kuhrt's VMS cleanup + +- Thomas Schwinge made buildconf recognize ACLOCAL_FLAGS to invoke aclocal + with particular pre-determined options. + Version 7.11.1 (19 March 2004) Daniel (18 March 2004) diff --git a/TODO-RELEASE b/TODO-RELEASE index 1782183fe..bfc9a22a2 100644 --- a/TODO-RELEASE +++ b/TODO-RELEASE @@ -27,10 +27,6 @@ To get fixed in 7.11.2 (planned release May/June 2004) 28. Optimize the way libcurl uses CWD on each new request over a persistent connection (on FTP) even if it doesn't have to. -29. Define USE_NTRESPONSES in the NTLM code to work properly with >14 letter - passwords against IIS servers. Requires test cases to be updated - accordingly. #915609 - 30. Digest re-negotiation is not supported, we wrongly assume a new 401 response to signify an authenticaion error. We need to detect the difference between a 401 due to a bad Digest authorization header and a diff --git a/lib/http_ntlm.c b/lib/http_ntlm.c index e1ede7696..005260858 100644 --- a/lib/http_ntlm.c +++ b/lib/http_ntlm.c @@ -77,7 +77,7 @@ #endif /* Define this to make the type-3 message include the NT response message */ -#undef USE_NTRESPONSES +#define USE_NTRESPONSES 1 /* (*) = A "security buffer" is a triplet consisting of two shorts and one diff --git a/tests/data/test67 b/tests/data/test67 index 0542ab314..16ea8d841 100644 --- a/tests/data/test67 +++ b/tests/data/test67 @@ -72,7 +72,7 @@ Pragma: no-cache Accept: */* GET /67 HTTP/1.1 -Authorization: NTLM TlRMTVNTUAADAAAAGAAYAEgAAAAAAAAAYAAAAAAAAABAAAAACAAIAEAAAAAAAAAASAAAAAAAAABgAAAAAYIAAHRlc3R1c2VyWmRDApEJkUyGOPS3DjvASModEeW/N/FB +Authorization: NTLM TlRMTVNTUAADAAAAGAAYAEgAAAAYABgAYAAAAAAAAABAAAAACAAIAEAAAAAAAAAASAAAAAAAAAB4AAAAAYIAAHRlc3R1c2VyWmRDApEJkUyGOPS3DjvASModEeW/N/FBqYVyF4y6/y/7F6qmEQ7lXjXFF3tH1145 User-Agent: curl/7.10.6-pre1 (i686-pc-linux-gnu) libcurl/7.10.6-pre1 OpenSSL/0.9.7a ipv6 zlib/1.1.3 Host: 127.0.0.1:8999 Pragma: no-cache diff --git a/tests/data/test68 b/tests/data/test68 index 639d4f2aa..98787788a 100644 --- a/tests/data/test68 +++ b/tests/data/test68 @@ -74,7 +74,7 @@ Pragma: no-cache Accept: */* GET /68 HTTP/1.1 -Authorization: NTLM TlRMTVNTUAADAAAAGAAYAEgAAAAAAAAAYAAAAAAAAABAAAAACAAIAEAAAAAAAAAASAAAAAAAAABgAAAAAYIAAHRlc3R1c2VyWmRDApEJkUyGOPS3DjvASModEeW/N/FB +Authorization: NTLM TlRMTVNTUAADAAAAGAAYAEgAAAAYABgAYAAAAAAAAABAAAAACAAIAEAAAAAAAAAASAAAAAAAAAB4AAAAAYIAAHRlc3R1c2VyWmRDApEJkUyGOPS3DjvASModEeW/N/FBqYVyF4y6/y/7F6qmEQ7lXjXFF3tH1145 User-Agent: curl/7.10.6-pre1 (i686-pc-linux-gnu) libcurl/7.10.6-pre1 OpenSSL/0.9.7a ipv6 zlib/1.1.3 Host: 127.0.0.1:8999 Pragma: no-cache diff --git a/tests/data/test69 b/tests/data/test69 index 0cc1e0c9d..e628f72ca 100644 --- a/tests/data/test69 +++ b/tests/data/test69 @@ -93,7 +93,7 @@ Pragma: no-cache Accept: */* GET /69 HTTP/1.1 -Authorization: NTLM TlRMTVNTUAADAAAAGAAYAEgAAAAAAAAAYAAAAAAAAABAAAAACAAIAEAAAAAAAAAASAAAAAAAAABgAAAAAYIAAHRlc3R1c2VyWmRDApEJkUyGOPS3DjvASModEeW/N/FB +Authorization: NTLM TlRMTVNTUAADAAAAGAAYAEgAAAAYABgAYAAAAAAAAABAAAAACAAIAEAAAAAAAAAASAAAAAAAAAB4AAAAAYIAAHRlc3R1c2VyWmRDApEJkUyGOPS3DjvASModEeW/N/FBqYVyF4y6/y/7F6qmEQ7lXjXFF3tH1145 User-Agent: curl/7.10.6-pre1 (i686-pc-linux-gnu) libcurl/7.10.6-pre1 OpenSSL/0.9.7a ipv6 zlib/1.1.3 Host: 127.0.0.1:8999 Pragma: no-cache diff --git a/tests/data/test81 b/tests/data/test81 index 4627e0f34..8e12bfa29 100644 --- a/tests/data/test81 +++ b/tests/data/test81 @@ -70,7 +70,7 @@ Pragma: no-cache Accept: */* GET http://127.0.0.1:8999/81 HTTP/1.1 -Proxy-Authorization: NTLM TlRMTVNTUAADAAAAGAAYAEgAAAAAAAAAYAAAAAAAAABAAAAACAAIAEAAAAAAAAAASAAAAAAAAABgAAAAAYIAAHRlc3R1c2VyWmRDApEJkUyGOPS3DjvASModEeW/N/FB +Proxy-Authorization: NTLM TlRMTVNTUAADAAAAGAAYAEgAAAAYABgAYAAAAAAAAABAAAAACAAIAEAAAAAAAAAASAAAAAAAAAB4AAAAAYIAAHRlc3R1c2VyWmRDApEJkUyGOPS3DjvASModEeW/N/FBqYVyF4y6/y/7F6qmEQ7lXjXFF3tH1145 User-Agent: curl/7.10.6-pre1 (i686-pc-linux-gnu) libcurl/7.10.6-pre1 OpenSSL/0.9.7a ipv6 zlib/1.1.3 Host: 127.0.0.1:8999 Pragma: no-cache diff --git a/tests/data/test89 b/tests/data/test89 index b737107c1..543e01d75 100644 --- a/tests/data/test89 +++ b/tests/data/test89 @@ -104,7 +104,7 @@ Pragma: no-cache Accept: */* GET /89 HTTP/1.1 -Authorization: NTLM TlRMTVNTUAADAAAAGAAYAEgAAAAAAAAAYAAAAAAAAABAAAAACAAIAEAAAAAAAAAASAAAAAAAAABgAAAAAYIAAHRlc3R1c2VyWmRDApEJkUyGOPS3DjvASModEeW/N/FB +Authorization: NTLM TlRMTVNTUAADAAAAGAAYAEgAAAAYABgAYAAAAAAAAABAAAAACAAIAEAAAAAAAAAASAAAAAAAAAB4AAAAAYIAAHRlc3R1c2VyWmRDApEJkUyGOPS3DjvASModEeW/N/FBqYVyF4y6/y/7F6qmEQ7lXjXFF3tH1145 User-Agent: curl/7.10.6-pre1 (i686-pc-linux-gnu) libcurl/7.10.6-pre1 OpenSSL/0.9.7a ipv6 zlib/1.1.3 Host: 127.0.0.1:8999 Pragma: no-cache @@ -118,7 +118,7 @@ Pragma: no-cache Accept: */* GET /you/890010 HTTP/1.1 -Authorization: NTLM TlRMTVNTUAADAAAAGAAYAEgAAAAAAAAAYAAAAAAAAABAAAAACAAIAEAAAAAAAAAASAAAAAAAAABgAAAAAYIAAHRlc3R1c2VyWmRDApEJkUyGOPS3DjvASModEeW/N/FB +Authorization: NTLM TlRMTVNTUAADAAAAGAAYAEgAAAAYABgAYAAAAAAAAABAAAAACAAIAEAAAAAAAAAASAAAAAAAAAB4AAAAAYIAAHRlc3R1c2VyWmRDApEJkUyGOPS3DjvASModEeW/N/FBqYVyF4y6/y/7F6qmEQ7lXjXFF3tH1145 User-Agent: curl/7.10.8-pre1 (i686-pc-linux-gnu) libcurl/7.10.8-pre1 OpenSSL/0.9.7a ipv6 zlib/1.1.3 GSS Host: 127.0.0.1:8999 Pragma: no-cache diff --git a/tests/data/test90 b/tests/data/test90 index 0c6976af0..4afb8af5a 100644 --- a/tests/data/test90 +++ b/tests/data/test90 @@ -143,7 +143,7 @@ Pragma: no-cache Accept: */* GET /90 HTTP/1.1 -Authorization: NTLM TlRMTVNTUAADAAAAGAAYAEgAAAAAAAAAYAAAAAAAAABAAAAACAAIAEAAAAAAAAAASAAAAAAAAABgAAAAAYIAAHRlc3R1c2VyWmRDApEJkUyGOPS3DjvASModEeW/N/FB +Authorization: NTLM TlRMTVNTUAADAAAAGAAYAEgAAAAYABgAYAAAAAAAAABAAAAACAAIAEAAAAAAAAAASAAAAAAAAAB4AAAAAYIAAHRlc3R1c2VyWmRDApEJkUyGOPS3DjvASModEeW/N/FBqYVyF4y6/y/7F6qmEQ7lXjXFF3tH1145 User-Agent: curl/7.10.6-pre1 (i686-pc-linux-gnu) libcurl/7.10.6-pre1 OpenSSL/0.9.7a ipv6 zlib/1.1.3 Host: 127.0.0.1:8999 Pragma: no-cache @@ -162,7 +162,7 @@ Pragma: no-cache Accept: */* GET /you/900010 HTTP/1.1 -Authorization: NTLM TlRMTVNTUAADAAAAGAAYAEgAAAAAAAAAYAAAAAAAAABAAAAACAAIAEAAAAAAAAAASAAAAAAAAABgAAAAAYIAAHRlc3R1c2VyWmRDApEJkUyGOPS3DjvASModEeW/N/FB +Authorization: NTLM TlRMTVNTUAADAAAAGAAYAEgAAAAYABgAYAAAAAAAAABAAAAACAAIAEAAAAAAAAAASAAAAAAAAAB4AAAAAYIAAHRlc3R1c2VyWmRDApEJkUyGOPS3DjvASModEeW/N/FBqYVyF4y6/y/7F6qmEQ7lXjXFF3tH1145 User-Agent: curl/7.10.8-pre1 (i686-pc-linux-gnu) libcurl/7.10.8-pre1 OpenSSL/0.9.7a ipv6 zlib/1.1.3 GSS Host: 127.0.0.1:8999 Pragma: no-cache diff --git a/tests/data/test91 b/tests/data/test91 index 84eaa9e14..da2f3ad53 100644 --- a/tests/data/test91 +++ b/tests/data/test91 @@ -94,7 +94,7 @@ Pragma: no-cache Accept: */* GET /91 HTTP/1.1 -Authorization: NTLM TlRMTVNTUAADAAAAGAAYAE4AAAAAAAAAZgAAAAgACABAAAAABgAGAEgAAAAAAAAATgAAAAAAAABmAAAAAYIAAG15ZG9tYWlubXlzZWxmwjImlHmYemDYVmFrmRFoVn3jfoYDE+7Q +Authorization: NTLM TlRMTVNTUAADAAAAGAAYAE4AAAAYABgAZgAAAAgACABAAAAABgAGAEgAAAAAAAAATgAAAAAAAAB+AAAAAYIAAG15ZG9tYWlubXlzZWxmwjImlHmYemDYVmFrmRFoVn3jfoYDE+7QLmWXF7FJDlDNWSItJ+RylXJGAJdepH4C User-Agent: curl/7.10.6-pre1 (i686-pc-linux-gnu) libcurl/7.10.6-pre1 OpenSSL/0.9.7a ipv6 zlib/1.1.3 Host: 127.0.0.1:8999 Pragma: no-cache