Hello list,
I've just ran into a small bug in NTLM authentication from HttpCli.
There is a possibility that the user enters the username as
domain\username.
In this case HttpCli will send the username and the domain as the
username, wich is not working (at least on IIS 6).
The code looks like this:
Result := NtlmGetMessage3('', Hostname, FUsername, FPassword,
FNTLMMsg2Info.Challenge);
where NtlmGetMessage3 is defined as:
function NtlmGetMessage3(const ADomain, AHost, AUser, APassword:
String; AChallenge: TArrayOf8Bytes): String;
This function will generate the last NTLM message containing the
authentication information.
The call, as you can see set the domain to empty string in all cases but
if the user supplies the usernames in the manner I've mentioned before
this is not correct.
A fast dirty fix which I made is:
DomPos := Pos('\', FUsername);
if DomPos<>0 then
begin
Dom := Copy(FUsername, 1, DomPos-1);
UName := Copy(FUsername, DomPos + 1, Length(FUsername)-DomPos);
end
else
begin
Dom := '';
UName := FUsername;
end;
Result := NtlmGetMessage3(Dom, Hostname, UName, FPassword,
FNTLMMsg2Info.Challenge);
I did this in the HTTP authentication part not in the proxy.
Can somebody confirm that in case of NTLM proxies, should work the same way?
Best regards,
Tibor Csonka
--
To unsubscribe or change your settings for TWSocket mailing list
please goto http://www.elists.org/mailman/listinfo/twsocket
Visit our website at http://www.overbyte.be
