hc-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Oleg Kalnichevski <ol...@apache.org>
Subject Re: [jira] [Updated] (HTTPCLIENT-1381) NullPointerException during NTLM authentication using null workstation/domain
Date Sun, 07 Jul 2013 11:01:26 GMT
On Sun, 2013-07-07 at 03:42 -0700, Karl Wright wrote:
> It is unlikely that messages are improperly encoded in ntlm handling
> since they were compared directly in wireshark against modern Microsoft
> products. So I would hesitate to include anything like that in a commit.
> 
> Karl
> 

Hi Karl

Those messages are used by test cases specifically to test the ability
of HttpClient to handle malformed and out of sequence NTLM messages. I
see no risk here. This in no way impacts productive code.

Oleg

> Sent from my Windows Phone
> From: Ricardo Pereira (JIRA)
> Sent: 7/6/2013 9:51 PM
> To: dev@hc.apache.org
> Subject: [jira] [Updated] (HTTPCLIENT-1381) NullPointerException during
> NTLM authentication using null workstation/domain
> 
>      [ https://issues.apache.org/jira/browse/HTTPCLIENT-1381?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
> ]
> 
> Ricardo Pereira updated HTTPCLIENT-1381:
> ----------------------------------------
> 
>     Attachment: HTTPCLIENT-1381_patch_tests
> 
> Attached a patch (for trunk) with some changes to the NTLM tests:
>  - Adds a new (failing) test which uses NTLMv2 challenge message;
>  - Minor changes to use the same response handler;
>  - Renames some classes/methods (adds "Message" to "Type2" and adds
> the version);
>  - Changes the NTLMv1 challenge message since it was not correctly
> Base64 encoded (didn't affect the tests, though).
> 
> > NullPointerException during NTLM authentication using null workstation/domain
> > -----------------------------------------------------------------------------
> >
> >                 Key: HTTPCLIENT-1381
> >                 URL: https://issues.apache.org/jira/browse/HTTPCLIENT-1381
> >             Project: HttpComponents HttpClient
> >          Issue Type: Bug
> >          Components: HttpAuth
> >    Affects Versions: Snapshot
> >            Reporter: Ricardo Pereira
> >             Fix For: 4.2.6, 4.3 Beta3
> >
> >         Attachments: ClientNtlmProxyAuthentication.java, HTTPCLIENT-1381_patch_tests,
wire.log
> >
> >
> > Using NTCredentials with null workstation or null domain leads to a NullPointerException
during the NTLM authentication.
> > The workaround is to use an empty String for both the workstation and domain.
> > Exception stack trace of an attempt to authenticate with null workstation:
> > Exception in thread "main" java.lang.NullPointerException
> > 	at org.apache.http.impl.auth.NTLMEngineImpl.stripDotSuffix(NTLMEngineImpl.java:186)
> > 	at org.apache.http.impl.auth.NTLMEngineImpl.convertHost(NTLMEngineImpl.java:194)
> > 	at org.apache.http.impl.auth.NTLMEngineImpl.access$14(NTLMEngineImpl.java:193)
> > 	at org.apache.http.impl.auth.NTLMEngineImpl$Type1Message.<init>(NTLMEngineImpl.java:970)
> > 	at org.apache.http.impl.auth.NTLMEngineImpl.getType1Message(NTLMEngineImpl.java:139)
> > 	at org.apache.http.impl.auth.NTLMEngineImpl.generateType1Msg(NTLMEngineImpl.java:1608)
> > 	at org.apache.http.impl.auth.NTLMScheme.authenticate(NTLMScheme.java:129)
> > 	at org.apache.http.impl.auth.AuthSchemeBase.authenticate(AuthSchemeBase.java:136)
> > 	at org.apache.http.impl.auth.HttpAuthenticator.doAuth(HttpAuthenticator.java:239)
> > 	at org.apache.http.impl.auth.HttpAuthenticator.generateAuthResponse(HttpAuthenticator.java:202)
> > 	at org.apache.http.impl.execchain.MainClientExec.execute(MainClientExec.java:251)
> > 	at org.apache.http.impl.execchain.ProtocolExec.execute(ProtocolExec.java:176)
> > 	at org.apache.http.impl.execchain.RetryExec.execute(RetryExec.java:77)
> > 	at org.apache.http.impl.execchain.RedirectExec.execute(RedirectExec.java:101)
> > 	at org.apache.http.impl.client.InternalHttpClient.doExecute(InternalHttpClient.java:184)
> > 	at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:115)
> > 	at ClientNtlmProxyAuthentication.main(ClientNtlmProxyAuthentication.java:70)
> 
> --
> This message is automatically generated by JIRA.
> If you think it was sent incorrectly, please contact your JIRA administrators
> For more information on JIRA, see: http://www.atlassian.com/software/jira
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: dev-unsubscribe@hc.apache.org
> For additional commands, e-mail: dev-help@hc.apache.org
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: dev-unsubscribe@hc.apache.org
> For additional commands, e-mail: dev-help@hc.apache.org
> 



---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@hc.apache.org
For additional commands, e-mail: dev-help@hc.apache.org


Mime
View raw message