curl-library
Re: A strange problem with NTLM authentication
Date: Fri, 24 Feb 2006 00:45:49 +0100 (CET)
On Thu, 23 Feb 2006, Michele Bini wrote:
> I have a problem with NTLM authentication which is beyond my (quite limited)
> experience with the protocol.
The hard part about NTLM is that there doesn't seem to be many people with
much experience in it. I certainly don't, and I've written the code we have.
> IIS replies with a 500 error (internal server error)
Wow. That does sound like some kind of server problem you exploit by doing
this with curl.
> Even more strange, firefox indeed *can* authenticate using the same
> domain\user and password as curl.
That's indeed interesting, but also challanging since then we know it can be
done and we can even get the source for it.
> Puzzled I looked at the differences between firefox and curl packet dumps
> and I found two differences in the initial Authorization: NTLM HTTP header
>
> - First, firefox sets to 0 the domain offset and host offsets, while curl
> sets both of them to 32.
This you can easily modify and test if it makes any difference. These offsets
are offset in bytes to where the host and domain names are stored, but we have
no length on either one so they both point to index 32 but there's no actual
name there.
> - Second, firefox passes NTLM flags 0x07 0x82 0x08 0x00, which should be
> NTLMFLAG_NEGOTIATE_UNICODE, NTLMFLAG_REQUEST_TARGET,
> NTLMFLAG_NEGOTIATE_NTLM_KEY, NTLMFLAG_NEGOTIATE_ALWAYS_SIGN,
> NTLMFLAG_NEGOTIATE_NTLM2_KEY.
Wow. Only the NTLMFLAG_NEGOTIATE_NTLM_KEY is in common with what curl sends...
> I'd say that NTLMFLAG_NEGOTIATE_UNICODE is ininfluent here (domain, username
> and password are plain ascii), the other flags, well, I don't know enough of
> the protocol to tell if they are the cause of the problem or not.
Me neither unfortunately, and I have no access to any server (nor time) to try
out experiements with options like that. Besides, I _think_ the server is
expected to listen to the clients request and when we don't request unicode we
should be able to remain using ascii... But then again, it responds with an
"internal error" which indeed is weird. Perhaps also the NTLM2 option Firefox
uses makes a difference, as it is a separate way to encrypt stuff (afaik).
And this is the document I used when I wrote the NTLM code:
http://curl.haxx.se/rfc/ntlm.html
-- Commercial curl and libcurl Technical Support: http://haxx.se/curl.htmlReceived on 2006-02-24