cURL / Mailing Lists / curl-library / Single Mail

curl-library

RE: State of NTLM test cases on Windows

From: Daniel Stenberg <daniel_at_haxx.se>
Date: Sun, 7 Apr 2013 15:03:03 +0200 (CEST)

On Sun, 7 Apr 2013, Steve Holme wrote:

> If you're using SSPI have you tried building curl on Windows without SSPI so
> it would then use the built in routines and I would then expect those NTLM
> test cases to succeed?

Yes, me too. And there's even several different ways to get NTLM support
without SSPI...

> Given that someone could compile curl under Windows without SSPI would it be
> better to switch on test server "feature" rather than switching test cases
> dependent on the OS?

Right. We probably need to make the tests able to run differently depending on
the specific provider of a feature so that we can't treat "NTLM" ability by
libcurl generically, but rather handle NTLM-SSPI separate from
NTLM-external-cryptolib.

> The draw back then, like you have already mentioned it we end up duplicating
> the NTLM tests, so we would have two or three test150's, for example, one
> for each possibly NTLM message variation.

I think the drawback is even more drastic. The current tests that involve NTLM
also overrides the local get-hostname function to make sure that the tests
repeat properly (since the host name is included as input in the hashing done
for NTLM auth). With SSPI as provider of NTLM functionality we can't do this
and thus we'll have to restrict the auth header comparisons much more since
they will vary more between different machines.

It could possibly mean that we'd need a conditional <strippart> tag when we
compare headers, so that when using SSPI we can strip out (larger) parts of
the headers when comparing.

-- 
  / daniel.haxx.se
-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette:  http://curl.haxx.se/mail/etiquette.html
Received on 2013-04-07