hc-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Karl Wright (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HTTPCLIENT-1624) NTLMresp in type3message is being generated wrong when using NEGOTIATE_NTLM2_KEY
Date Thu, 26 Feb 2015 21:58:05 GMT

    [ https://issues.apache.org/jira/browse/HTTPCLIENT-1624?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14339256#comment-14339256
] 

Karl Wright commented on HTTPCLIENT-1624:
-----------------------------------------

Jason,

Here is the code in question:

{code}
                if (((type2Flags & FLAG_TARGETINFO_PRESENT) != 0) &&
                    targetInformation != null && target != null) {
                    // NTLMv2
                    ntResp = gen.getNTLMv2Response();
                    lmResp = gen.getLMv2Response();
                    if ((type2Flags & FLAG_REQUEST_LAN_MANAGER_KEY) != 0) {
                        userSessionKey = gen.getLanManagerSessionKey();
                    } else {
                        userSessionKey = gen.getNTLMv2UserSessionKey();
                    }
                } else {
                    // NTLMv1
                    if ((type2Flags & FLAG_REQUEST_NTLM2_SESSION) != 0) {
                        // NTLM2 session stuff is requested
                        ntResp = gen.getNTLM2SessionResponse();
                        lmResp = gen.getLM2SessionResponse();
                        if ((type2Flags & FLAG_REQUEST_LAN_MANAGER_KEY) != 0) {
                            userSessionKey = gen.getLanManagerSessionKey();
                        } else {
                            userSessionKey = gen.getNTLM2SessionResponseUserSessionKey();
                        }
                    } else {
                        ntResp = gen.getNTLMResponse();
                        lmResp = gen.getLMResponse();
                        if ((type2Flags & FLAG_REQUEST_LAN_MANAGER_KEY) != 0) {
                            userSessionKey = gen.getLanManagerSessionKey();
                        } else {
                            userSessionKey = gen.getNTLMUserSessionKey();
                        }
                    }
                }
{code}

Notice that the reason that NTLM 2 Session Response is not generated is because another flag
overrides that behavior.  This we determined was needed by experimentation; the Davenport
document is not specific enough in this regard.

If you have other information, please share it with us.

> NTLMresp in type3message is being generated wrong when using NEGOTIATE_NTLM2_KEY
> --------------------------------------------------------------------------------
>
>                 Key: HTTPCLIENT-1624
>                 URL: https://issues.apache.org/jira/browse/HTTPCLIENT-1624
>             Project: HttpComponents HttpClient
>          Issue Type: Bug
>          Components: HttpAuth
>    Affects Versions: 4.3.6, 4.4 Final
>         Environment: Running from a linux box, connecting to a windows 7 machine.
>            Reporter: Jason Forand
>
> When connecting to a windows host using NTLM authentication, if the windows host passes
back the 
> NEGOTIATE_UNICODE
> REQUEST_TARGET
> NEGOTIATE_SIGN
> NEGOTIATE_SEAL
> NEGOTITATE_LAN_MANAGER_KEY
> NEGOTIATE_NTLM
> NEGOTIATE_ALWAYS_SIGN
> TARGET_TYPE_DOMAIN
> NEGOTIATE_NTLM2_KEY
> NEGOTIATE_TARGET_INFO
> UNKNOWN_4
> NEGOTIATE_128
> NEGOTIATE_KEY_EXCHANGE
> NEGOTIATE_56
> flags, (in this case the offending flag is NEGOTIATE_NTLM2_KEY) the type3 message is
generating an ntresp using 
> http://davenport.sourceforge.net/ntlm.html#theNtlmv2Response when it should be generating
according to http://davenport.sourceforge.net/ntlm.html#theNtlm2SessionResponse 



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@hc.apache.org
For additional commands, e-mail: dev-help@hc.apache.org


Mime
View raw message