Mike Papper
2001-Oct-11 20:34 UTC
NTLM HTTP Authentication - distinguishing between win9x and NT and 2000
Hello, I am trying to get the mod_ntlm Apache module running. I have been playing with the code and find that I cannot distinguish between a IE browser running on win98 and one running on Windows 2000. My Apache server is running on red hat 7.1 x86. The code does the following to distinguish: if ((strcmp(ntlmssp->host,"")==0) && (strcmp(ntlmssp->domain,"")==0)) I.e., it looks for a blank domain and machine name (host). The problem is that it is blank for win98 but is not blank for win NT but IS blank for win 2000. However, it appears that the info sent from the browser (for win 2000) should be processed in the same way as for windows NT. The question then becomes: is there a way to determine (from the auth string sent from the browser) what kind of machine it is/ whether to treat the structure like a win98 or a winNT struct? Here is the code that is executed dependent on if it thinks the data came from a win9x or NT client: ----------------- if (win9x==0) { ntlm_encode_msg2(ntlm_connection->nonce, &msg); challenge = uuencode_binary(r->pool, (unsigned char *) &msg, sizeof(msg)); } else { ntlm_encode_msg2_win9x(ntlm_connection->nonce, &msg_win9x,crec->ntlm_domain); challenge = uuencode_binary(r->pool, (unsigned char *) &msg_win9x, NTLM_MSG2_WIN9X_FIXED_SIZE+strlen(crec->ntlm_domain)); } -------------------- Possibly looking at the length of these structs or something - the nonce member?? would detmine this. Note: a seg fault occurs if we use the wrong one. Also: ----- Note: curiously, only the very first time I used this with my browser running on win 2000, it DID send the host and domain - and the authentication worked. But every other time after that (even after restarting IE), the browser did not send the domain/host info. Is there a way to force IE to send that info? If anyone has any ideas, can you send email to: mike@digitalpipe.net as I am not quite on the list yet (will be soon). -- Mike Papper Digital Pipe mike@digitalpipe.net 650-627-5100 ext. 5211