From kde-devel  Tue Jun 07 16:24:03 2005
From: Hasso Tepper <hasso () kde ! org>
Date: Tue, 07 Jun 2005 16:24:03 +0000
To: kde-devel
Subject: Re: kio_http NTLM auth problem and possible patch.
Message-Id: <200506071924.03407.hasso () kde ! org>
X-MARC-Message: https://marc.info/?l=kde-devel&m=111816138008470

Simone Gotti wrote:
> Browsing a site on a customer intranet I noticed that I cannot access it via 
> NTLM with konqueror but it worked well with mozilla. I tcpdumped the HTTP 
> packets and noticed that the problem is that kio_http uses NTLMv2 while 
> mozilla uses NTLMv1 (maybe it doesn't support v2). The v2 auth isn't 
> recognized by the server and the auth fails.
> 
> The problem is that, as the TargetInfo field in the challenge string isn't 
> empty, KNTLM::getAuth tries to use, without succes, NTLMv2. 
> I read some docs but I didn't found a way to really check if NTLMv2 is 
> supported. Forcing kntlm to use NTLMv1 (brutally commenting  the NTLMv2 code 
> made it work).
> 
> I'm doing a patch for kio_http/kntlm but I'd like to do some questions on how 
> the whole thing can be implemented:
> 
> 1) bool KNTLM::getAuth( QByteArray &auth, const QByteArray &challenge, const 
> QString &user, 
>   const QString &password, const QString &domain, const QString &workstation, 
>   bool forceNTLM, bool forceNTLMv2 )
> 
> With the current API you cannot force NTLMv1 instead of NTLMv2 as the 
> "forceNTLM" flag means that it'll just use NTLMv1 or v2 and not simple LM or 
> LMv2.
> 
> A solution without api change will be to change the line:
> 
> if ( forceNTLMv2  || !targetInfo.isEmpty() /* may support NTLMv2 */ ) {
> 
> to
> 
> if ( forceNTLMv2  ) {

This hack solves issue for me reported as http://bugs.kde.org/show_bug.cgi?id=93454

Many thanks for finding cause of problem!

> When I finished my patch I'll post and commit it (if accepted), but I'd be 
> very happy to ear suggestions from people more experts than me on this side.

Would be happy to help with testing patch.


regards,

-- 
Hasso Tepper
KDE Estonian Team
 
>> Visit http://mail.kde.org/mailman/listinfo/kde-devel#unsub to unsubscribe <<