cURL / Mailing Lists / curl-library / Single Mail

curl-library

Re: A strange problem with NTLM authentication

From: Daniel Stenberg <daniel_at_haxx.se>
Date: Fri, 24 Feb 2006 10:34:27 +0100 (CET)

On Fri, 24 Feb 2006, Michele Bini wrote:

>>> - Second, firefox passes NTLM flags 0x07 0x82 0x08 0x00, which should be
>>> NTLMFLAG_NEGOTIATE_UNICODE, NTLMFLAG_REQUEST_TARGET,
>>> NTLMFLAG_NEGOTIATE_NTLM_KEY, NTLMFLAG_NEGOTIATE_ALWAYS_SIGN,
>>> NTLMFLAG_NEGOTIATE_NTLM2_KEY.
>>
>> Wow. Only the NTLMFLAG_NEGOTIATE_NTLM_KEY is in common with what curl
>> sends...
>
> I did notice it, too :) Also I tried to set curl flags to these values but
> it didn't work either. I think because then the server tries to negotiate an
> ntlm2 key and curl, as far as I know, doesn't support it.

Correct. I didn't think it was necessary to add that so I gladly avoided it
when I wrote that code.

> I think I'll look at firefox NTLM code then and try and figure what to port
> to NTLM2 authentication to curl (BTW, are the licenses compatible or have I
> to rewrite it?).

They are "compatible" enough for you to use the sources combined. But they are
not compatible enough for me to use any Firefox code within libcurl, since
Firefox is MPL/GPL/LGPL and applications that (already) use libcurl don't want
to be affected by either one of these licenses' implications.

Still, since Firefox and libcurl are two entirely different beasts it isn't
totally unlikely that the Firefox code would mostly serve as inspiration and
docs for a rewrite for libcurl anyway.

This seems to be the NTLM code from the Mozilla project:

http://lxr.mozilla.org/mozilla/source/security/manager/ssl/src/nsNTLMAuthModule.cpp

> Does this have any chance to succeed or am I looking in the wrong direction?

Since you have a server and a working Firefox against that server, I'd say you
have a suitable setup for writing the libcurl adjustments to do this.

Of course you will also need patience and a couple of cups of coffee to
succeed.

Just let me know what I can do to help.

-- 
  Commercial curl and libcurl Technical Support: http://haxx.se/curl.html
Received on 2006-02-24