[Mono-dev] patch for Mono.Security.Protocol.Ntlm (revisited)

[Sebastien Pouliot]

On Mon, 2007-08-13 at 23:25 +0900, Atsushi Eno wrote:
> Hi,
> 
> Couple of months ago I posted a patch for NTLM authentication
> which seemed outdated.
> http://lists.ximian.com/pipermail/mono-devel-list/2007-March/022918.html

The patch doesn't include the new files you're adding

+./Mono.Security.Protocol.Ntlm/NtlmTargetInformation.cs
+./Mono.Security.Protocol.Ntlm/NtlmVersion.cs

> Now I'm revisiting this patch, with some NUnit test breakage fixes
> (mentioned in the earlier post).
> 
> As for TDS testing, today I have been trying to test this NTLM auth
> with our SqlClient, but I couldn't get it working fine with our
> (unpatched) code. Should current code work fine?

It did at one time... but I don't think we have tests to cover this.

> Part of my code looks like below. I tried with MSDE 2000 (2005
> Express too, but I heard that it won't work fine either way).
> I guess I have no problem with this (it worked under .NET 1.x/2.0).

Things that depends on version, like
+			Version v = Environment.OSVersion.Version;
probably won't work under Linux, MacOS X or Solaris (unless MS code
doesn't interpret the values ?).

> ----
>   string connStr = "Data Source=PC;Initial
> Catalog=enotest0002;Integrated Security=True;Pooling=False";
>   SqlConnection conn = new SqlConnection (connStr);
>   SqlCommand cmd = new SqlCommand ("select * from Table2", conn);
>   SqlDataAdapter adapter = new SqlDataAdapter (cmd);
>   DataSet ds = new DataSet ();
>   adapter.Fill (ds);
> ----
> 
> Any suggestions to verify NTLM stuff would be appreciated.

NTLM is also used for web stuff, so it should be tested with HTTP too.
Doing a successful "GET /" on a IIS server, configured for "integrated
security", should do the trick.

Finally, before committing, we must be sure we're not breaking API
compatibility with earlier releases of Mono.Security.dll.

-- 
Sebastien Pouliot  <sebastien at ximian.com>
Blog: http://pages.infinit.net/ctech/