[Mono-dev] patch for (and question about) Mono.Security.Protocol.Ntlm

Atsushi Eno atsushi at ximian.com
Tue Mar 27 04:20:22 EDT 2007


Hi, thanks for the hint :)  Yes, looks like Mono.Data.Tds uses it.
I'll try it when I set up sql server environment.

Atsushi Eno

Daniel Morgan wrote:
> You could always test with System.Data.SqlClient using
> INTEGRATED SECURITY=SSPI provided that you connect to
> SQL Server 2000 or 2005 on a real Windows NT/2000/2003
> Domain and that SQL Server accepts mix-mode
> authentication.
> 
> --- Atsushi Eno <atsushi at ximian.com> wrote:
> 
>> Hi,
>>
>> During WCF hacking I found that
>> Mono.Security.Protocol.Ntlm looks
>> based on somewhat old analysis.
>>
>> Currently the code does not look "version" aware.
>> According to
>> http://davenport.sourceforge.net/ntlm.html , there
>> seems three
>> ntlm versions and the message layout is diffrent for
>> each version.
>> And WCF SSPI negotiation seems based on version3,
>> which is not
>> what current code supports.
>>
>> So I have created a patch to add support for every
>> version of NTLM.
>> It is not a small, but the purpose is to handle
>> "optional" fields
>> denoted in the document above.
>>
>> This patch however breaks some NUnit tests. But as
>> long as I see
>> the test buffers, they do not seem conformant to the
>> document
>> above... how were those test buffers created?
>>
>> (Also, existing message type1 looks based on version
>> 2, while
>> message type2 and message type3 do not look so, but
>> I'm not sure.
>> They hence resulted in weird default version
>> mismatch in my patch...)
>>
> 
> 
>  
> ____________________________________________________________________________________
> Sucker-punch spam with award-winning protection. 
> Try the free Yahoo! Mail Beta.
> http://advision.webevents.yahoo.com/mailbeta/features_spam.html
> 




More information about the Mono-devel-list mailing list