Sami Krank <[EMAIL PROTECTED]> writes: > Last two days I have been learning and debugging NTLM on the latest > version of wget from cvs (1.10-alpha2+cvs-dev). Mainly I have > debugged on linux, but noticed same problems occurs on win32 > too. During testing I found four bugs, that needs to be fixed. > > On previous threads I noticed that you had problem to find test > server for NTLM-testing. If you need, I can provide IIS-6.0 server > for testing NTLM. Just let me know, so I will set it up.
Please do -- I'd be interested to try it out. > 1:NTLM Domain is not written right > in http-ntlm.c line ~420 [...] I've now installed this fix. > 2: NTLM auth stops to early. > in http.c there is variable auth_tried_already and test > > if (auth_tried_already || !(user && passwd)) ... Current usage of auth_tried_already is too naive for NTLM. After getting the NTLM type 1 message we should probably *not* set it. > 3: NTLM type-3 message might be invalid, because server sends 401 and > > WWW-Authenticate: NTLM > > if response header. My testserver is Microsoft-IIS/6.0. This should be tested further. > 4: Error on response header handling > Microsoft-IIS/6.0 sends actually 2 WWW-Authenticate rows in header I think this is easily fixed. Wget's header code can iterate over a header -- it is already done for Set-Cookie. I'm not sure what Wget should do in the general case if it receives several WWW-Authenticate headers.
