Ping again. On Jun 12, 2014, at 14:07, Wang Weijun <weijun.w...@oracle.com> wrote:
> Hi All > > Please review the code change at > > http://cr.openjdk.java.net/~weijun/7150092/webrev.00/ > > The problem is that in NTLM, the server might prompt for a domain name (in > Type 2 message), and the client can also provide one. Before this fix, if the > two are different, the client chooses the one from the server. After this > fix, the client will always uses its own even if it's empty. This is > confirmed by looking at the behavior of IE/Firefox/Chrome. The server sent > domain name was designed to be used to create the NTLMv2 response but it's > now obsoleted by alist. Chrome/Firefox simply ignore it, so will Java. (IE > does use it if there is no alist) > > There are some other small changes: > > Client.java > ----------- > > 96-108: No one sends hostname and domain in the Type 1 message, so they are > removed. Everyone adds a 0x4 flag which means Request Target. > > Removed old 137-139: That's the major change. > > 159: I used to detect whether there is an alist by looking at the length. > This is not accurate if the domain is very long. The correct way is to look > at the flag (0x800000 means alist is there) > > Server.java > ----------- > > 98: Adds a flag 0x10000 which means the target name (line 99) written into > the message is a domain > > 135: Always uses the client provided domain to search for password. This is > also a part of the major change. > > NTLMClient.java > --------------- > > If user has not responded to NameCallback and/or RealmCallback, it means they > accept the default value. > > NTLMServer.java > --------------- > > ntdomain could be empty or null, the 2-arg constructor of RealmCallback could > fail in this case. Use 1-arg constructor. > > NTLMAuthentication.java > ----------------------- > > According to my observation of IE/Firefox/Chrome, when user does not type in > a domain name in the password prompting dialog, the domain sent to server is > an empty string, and the host name is always full name. Update Java to be the > same. > > NTLMTest.java > ------------- > > Update the test to reflect code changes. > > Thanks > Max >
