[Mono-dev] patch for Mono.Security.Protocol.Ntlm (revisited)

Atsushi Eno atsushi at ximian.com
Tue Aug 14 21:49:40 EDT 2007


Hi,

Sebastien Pouliot wrote:
> On Mon, 2007-08-13 at 23:25 +0900, Atsushi Eno wrote:
>> Hi,
>>
>> Couple of months ago I posted a patch for NTLM authentication
>> which seemed outdated.
>> http://lists.ximian.com/pipermail/mono-devel-list/2007-March/022918.html
> 
> The patch doesn't include the new files you're adding
> 
> +./Mono.Security.Protocol.Ntlm/NtlmTargetInformation.cs
> +./Mono.Security.Protocol.Ntlm/NtlmVersion.cs

Oops, attached this time ;)

>> Now I'm revisiting this patch, with some NUnit test breakage fixes
>> (mentioned in the earlier post).
>>
>> As for TDS testing, today I have been trying to test this NTLM auth
>> with our SqlClient, but I couldn't get it working fine with our
>> (unpatched) code. Should current code work fine?
> 
> It did at one time... but I don't think we have tests to cover this.
> 
>> Part of my code looks like below. I tried with MSDE 2000 (2005
>> Express too, but I heard that it won't work fine either way).
>> I guess I have no problem with this (it worked under .NET 1.x/2.0).
> 
> Things that depends on version, like
> +			Version v = Environment.OSVersion.Version;
> probably won't work under Linux, MacOS X or Solaris (unless MS code
> doesn't interpret the values ?).

That's true. If it didn't work after successful testing, I'd change
it to have some mimic values.

>> Any suggestions to verify NTLM stuff would be appreciated.
> 
> NTLM is also used for web stuff, so it should be tested with HTTP too.
> Doing a successful "GET /" on a IIS server, configured for "integrated
> security", should do the trick.

Ok, I could test it on .NET with the code below:

	WebClient c = new WebClient ();
	c.Credentials = CredentialCache.DefaultCredentials;
	c.DownloadData (http_address);

(without credentials it causes HTTP 401.)

The client didn't work on Mono (because our DefaultCredntials is
empty). Is there a way to create ICredentials for Windows
authentication? (I guess it does not make sense on Linux.)

> Finally, before committing, we must be sure we're not breaking API
> compatibility with earlier releases of Mono.Security.dll.

I need some types, additional public/family constructors,
Some new properties in Message types and ChallengeResponse type,
and some enum values in NtlmFlags. They wouldn't break backward
compatibility.

The most weird part is that the default NtlmVersion differs between
those messages (v1 for Type2 and Type3, v2 for Type1). I don't like
it, but it is for compatibility.

Atsushi Eno
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: NtlmTargetInformation.cs
Url: http://lists.ximian.com/pipermail/mono-devel-list/attachments/20070815/76a4e526/attachment.pl 
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: NtlmVersion.cs
Url: http://lists.ximian.com/pipermail/mono-devel-list/attachments/20070815/76a4e526/attachment-0001.pl 


More information about the Mono-devel-list mailing list