Hi!
Last two days I have been learning and debugging NTLM on the latest
version of wget from cvs (1.10-alpha2+cvs-dev). Mainly I have debugged
on linux, but noticed same problems occurs on win32 too. During testing
I found four bugs, that needs to be fixed.
On previous threads I noticed that you had problem to find test server
for NTLM-testing. If you need, I can provide IIS-6.0 server for testing
NTLM. Just let me know, so I will set it up.
1:NTLM Domain is not written right
in http-ntlm.c line ~420
usr = strchr(user, '\\');
if (!usr) usr = strchr(user, '/');
if (usr) {
domain = usr; // Sets pointer to '\' or '/'. Should be: domain = user;
domlen = usr - domain;
usr++;
}
2: NTLM auth stops to early.
in http.c there is variable auth_tried_already and test
if (auth_tried_already || !(user && passwd)) ...
Now when trying, wget tries first basic auth and gets back
WWW-Authenticate: NTLM
in response header. wget send first phase of authentication fine on next
request and gets result 401 and
WWW-Authenticate: NTLM TlRMT...
in response header. Now wget should send next request with NTLM type-3
message, which contains final authentication information. I made an
dirty-hack-hack-fix to get ahead on testing. Then I found next problem.
3: NTLM type-3 message might be invalid, because server sends 401 and
WWW-Authenticate: NTLM
if response header. My testserver is Microsoft-IIS/6.0.
4: Error on response header handling
Microsoft-IIS/6.0 sends actually 2 WWW-Authenticate rows in header
...
WWW-Authenticate: Negotiate
WWW-Authenticate: NTLM
...
This causes that authentication scheme is never recognized.
resp_header_strdup (resp, "WWW-Authenticate")
gives returns first 'WWW-Authenticate'-value and it is 'Negotiate'.
Problem do not occur on all IIS-server.
I'm newbie on taking part in open source projects, so hope these
descriptions of the problems was clear enough.
Thanks before
Sami
