[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: [Bug-wget] Solution for wget, IIS, and NTLM "500 error" and a questi
|
From: |
ohaya |
|
Subject: |
RE: [Bug-wget] Solution for wget, IIS, and NTLM "500 error" and a question. |
|
Date: |
Thu, 14 Oct 2010 19:49:12 -0400 |
---- Tony Lewis <address@hidden> wrote:
> address@hidden wrote:
>
> > So, it seems like the problem is that wget may be doing only NTLM?
>
> The current version of wget only supports NTLM authentication. Specifically,
> it sends the following flags to the server:
> NEGOTIATE_OEM (0x00000002)
> NEGOTIATE_NTLM_KEY (0x00000200)
>
> > Does anyone know if wget (latest version) is able to support NTLMV2 (vs.
> > NTLM)?
>
> A year ago, I dug into NTLM authentication and rewrote http-ntlm.c so that it
> sends (and supports) the following flags:
> NEGOTIATE_UNICODE (0x00000001)
> NEGOTIATE_OEM (0x00000002)
> NEGOTIATE_NTLM_KEY (0x00000200)
> NEGOTIATE_NTLM2_KEY (0x00080000)
>
> My code works with the servers in my work environment. However, I don't have
> access to a environment where I can tweak the settings in the Active
> Directory Controller and on the ISS machine so I was not able to thoroughly
> test wget against the various combinations of settings. Given that, Micah
> (who was maintainer at the time) wasn't willing to deploy my changes; a
> decision, with which I agree.
>
> Jim, if you have an environment in which you can facilitate testing with all
> the combinations of settings, we can test my code and then submit it to
> Giuseppe Scrivano (the current maintainer) for inclusion in a future release.
>
> By the way, I think we only need to test against all combinations of settings
> in a live environment once. If we capture all the exchanges between wget and
> the server then we can develop wget tests for all futures testing.
>
> For anyone who is interested, I have attached my versions of http-ntlm.c and
> http-ntlm.h, which were last tested against a development version of 1.12. I
> also had to patch http.c because at some point in time the code got reordered
> in a way that completely broke NTLM authentication. I know that this code
> will need some tweaking; in particular the bit to make TOUPPER work on both
> 1.11.4 and 1.12 is no longer needed.
>
> Tony
Hi,
I have multiple environments with both Win2K and Win2K3 ADs and various Win2K
and Win2K3 servers as domain members, etc., and I have control of all of them,
plus Linux machines of various flavors, so I think I can help a little with
that. I can put sniffers, etc. on as needed also. It would be a good
"learning" opportunity for me also :)...
The caveats that I'd have are that you would need to provide the test cases
that you want covered (e.g., what settings in GPOs, Local Policy, etc.), and,
also, I recently had some surgery, so, personally some limitations on my
"sitting" time.
FYI, I'm on the East coast (near DC).
Jim
- [Bug-wget] Solution for wget, IIS, and NTLM "500 error" and a question., ohaya, 2010/10/14
- Re: [Bug-wget] Solution for wget, IIS, and NTLM "500 error" and a question., Micah Cowan, 2010/10/14
- RE: [Bug-wget] Solution for wget, IIS, and NTLM "500 error" and a question., Tony Lewis, 2010/10/14
- RE: [Bug-wget] Solution for wget, IIS, and NTLM "500 error" and a question.,
ohaya <=