cURL / Mailing Lists / curl-library / Single Mail

curl-library

Re: Problem with NTLM proxy authentication

From: Ulrich Telle <Ulrich.Telle_at_gmx.de>
Date: Fri, 05 Sep 2014 14:27:05 +0200

Steve,

I'd like to add some more information.

I manually checked the NTLM Type-2 message received from the proxy
server - one case where the call to InitializeSecurityContext failed,and one
where it was successful.

In fact, I didn't see a signficant difference in the Type-2 messages. Both
started with the zero-terminated string NTLMSSP, followed by the type-2
indicator. Then followed by 8 zero-bytes. Then the same flags in both cases:

35 82 89 E0 ==> long int: E0898235

This corresponds to the following flags set:

#define NTLMSSP_NEGOTIATE_UNICODE 0x00000001
#define NTLMSSP_REQUEST_TARGET 0x00000004
#define NTLMSSP_NEGOTIATE_SIGN 0x00000010
#define NTLMSSP_NEGOTIATE_SEAL 0x00000020
#define NTLMSSP_NEGOTIATE_NTLM 0x00000200
#define NTLMSSP_NEGOTIATE_ALWAYS_SIGN 0x00008000
#define NTLMSSP_TARGET_TYPE_DOMAIN 0x00010000
#define NTLMSSP_NEGOTIATE_NTLM2 0x00080000
#define NTLMSSP_NEGOTIATE_TARGET_INFO 0x00800000
#define NTLMSSP_NEGOTIATE_128 0x20000000
#define NTLMSSP_NEGOTIATE_KEY_EXCHANGE 0x40000000
#define NTLMSSP_NEGOTIATE_56 0x80000000

Then an 8-byte challenge (different, of course), followed by 16 zero-bytes.

The description of the function InitializeSecurityContext lists for return code

SEC_E_INVALID_TOKEN

the message:

"The error is due to a malformed input token, such as a token corrupted in
transit, a token of incorrect size, or a token passed into the wrong security
package. Passing a token to the wrong package can happen if the client and
server did not negotiate the proper security package."

I don't believe that the challenge token was corrupted in transit. So maybe
not the proper security package was negotiated.

I'm not an expert for NTLM or Windows security. So I'm still at a loss, what
causes the observed authentication problems.

Regards,

Ulrich

-- 
E-Mail privat:  Ulrich.Telle_at_gmx.de
World Wide Web: http://www.telle-online.de
-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette:  http://curl.haxx.se/mail/etiquette.html
Received on 2014-09-05