[Mono-dev] patch for (and question about) Mono.Security.Protocol.Ntlm
Daniel Morgan
monodanmorg at yahoo.com
Mon Mar 26 19:29:33 EDT 2007
You could always test with System.Data.SqlClient using
INTEGRATED SECURITY=SSPI provided that you connect to
SQL Server 2000 or 2005 on a real Windows NT/2000/2003
Domain and that SQL Server accepts mix-mode
authentication.
--- Atsushi Eno <atsushi at ximian.com> wrote:
> Hi,
>
> During WCF hacking I found that
> Mono.Security.Protocol.Ntlm looks
> based on somewhat old analysis.
>
> Currently the code does not look "version" aware.
> According to
> http://davenport.sourceforge.net/ntlm.html , there
> seems three
> ntlm versions and the message layout is diffrent for
> each version.
> And WCF SSPI negotiation seems based on version3,
> which is not
> what current code supports.
>
> So I have created a patch to add support for every
> version of NTLM.
> It is not a small, but the purpose is to handle
> "optional" fields
> denoted in the document above.
>
> This patch however breaks some NUnit tests. But as
> long as I see
> the test buffers, they do not seem conformant to the
> document
> above... how were those test buffers created?
>
> (Also, existing message type1 looks based on version
> 2, while
> message type2 and message type3 do not look so, but
> I'm not sure.
> They hence resulted in weird default version
> mismatch in my patch...)
>
____________________________________________________________________________________
Sucker-punch spam with award-winning protection.
Try the free Yahoo! Mail Beta.
http://advision.webevents.yahoo.com/mailbeta/features_spam.html
More information about the Mono-devel-list
mailing list