[
https://issues.apache.org/jira/browse/HTTPCLIENT-1488?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13943015#comment-13943015
]
Karl Wright edited comment on HTTPCLIENT-1488 at 3/21/14 12:46 PM:
-------------------------------------------------------------------
Hi Oleg,
That means that the Type 2 message from the fake NTLM code on squid is
malformed. Here's the code:
{code}
private static byte[] readSecurityBuffer(final byte[] src, final int index)
throws NTLMEngineException {
final int length = readUShort(src, index);
final int offset = readULong(src, index + 4);
if (src.length < offset + length) {
throw new NTLMEngineException(
"NTLM authentication - buffer too small for data item");
}
...
{code}
We *could* just ignore errors of this kind, but I think that would not
necessarily be the right thing to do.
was (Author: [email protected]):
Hi Oleg,
That means that the Type 2 message from the fake NTLM code on squid is
malformed. Here's the code:
>>>>>>
private static byte[] readSecurityBuffer(final byte[] src, final int index)
throws NTLMEngineException {
final int length = readUShort(src, index);
final int offset = readULong(src, index + 4);
if (src.length < offset + length) {
throw new NTLMEngineException(
"NTLM authentication - buffer too small for data item");
}
...
<<<<<<
We *could* just ignore errors of this kind, but I think that would not
necessarily be the right thing to do.
> Built-in NTLM engine fails to authenticate against Squids ntlm_fake_auth,
> JCIFS doesn't
> ---------------------------------------------------------------------------------------
>
> Key: HTTPCLIENT-1488
> URL: https://issues.apache.org/jira/browse/HTTPCLIENT-1488
> Project: HttpComponents HttpClient
> Issue Type: Bug
> Components: HttpClient
> Affects Versions: 4.3.3
> Environment: Squid 4.3.3
> JCIFS 1.3.17
> Reporter: Andreas Sewe
> Attachments: builtin.pcap.gz, builtin.txt, jcfis.pcap.gz, jcifs.txt
>
>
> I used the provided ClientProxyAuthentication example
> <https://hc.apache.org/httpcomponents-client-4.2.x/httpclient/examples/org/apache/http/examples/client/ClientProxyAuthentication.java>
> to authenticate with NTML against a local Squid instance, using its
> ntlm_fake_auth helper (only does the handshake, all credentials are
> considered valid).
> Unfortunately, this fails with the NTLM engine built into version 4.3.3 (also
> tested with 4.2.1: same result). Following the guidance of
> <http://hc.apache.org/httpcomponents-client-ga/ntlm.html>, I got it working
> with JCIFS. Is Squid not implementing NTLM as expected by HttpComponents?
> I added two Wireshark captures to show the differences in handshake behaviour
> between the built-in and JCIFS engines. Hope that helps.
--
This message was sent by Atlassian JIRA
(v6.2#6252)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
