C NTLM Authorization via HTTP


 
Thread Tools Search this Thread
Top Forums Programming C NTLM Authorization via HTTP
# 1  
Old 06-16-2008
Question C NTLM Authorization via HTTP

Greetings,

I am writing a C socket application that needs NTLM authorization before it can post HTTP requests, and
I am having trouble with NTLM authorization messages.

:b: I've found the following urls extremely valuable for creating message functions:Furthermore, I've been able to validate my response functions by utilizing input values from the examples found in the above URL.

Even though I am using XP client and W2003 server, I expected that NTLMv1 authentication work, see Implementing CIFS: SMB

Using Network Monitor I observed the traffic of another client (MSXML2.ServerXMLHTTP). After decoding base64 NTLMAuthorization and WWWAuthenticate messages, I found that “Negotiate NTLM2 Key” (0x00080000) is set, which is why I am assuming the NTLM session response is utilized:
The NTLM Authentication Protocol and Security Support Provider

As I mentioned earlier, when I plug-in sample client_challange (nonce), and server_challange, username, password in my functions I get the same NTLM response
as the above section. However, :confused: when I utilize my own information, I end up with
“HTTP/1.1 401 Unauthorized” in response for my message3.

I am authenticating against TARGET_TYPE_SERVER, thus, we are dealing with server level validation rather than domain.

I just have not been able to nail down the right sequence of flags and responses. I would be greatful to any guidance in resolving my issue.

Thanks in advance
# 2  
Old 06-17-2008
Lightbulb Verified NTLMv1 and "NTLM Session Response"

I addressed my issue, and wanted to share my findings so that others can benefit.

My C code attempts to communicate with SqlServer 2005 EndPoint via Soap.
Thus, I needed to write a socket application that communicated on port 80 and handle the corresponding authentication. In my case the SqlServer 2005 Soap EndPoint utilizes NTLM.

Because I was dealing with so many components I was bound to have a bug some place.
I isolated my issue by changing from HTTP POST to SqlServer EndPoint, to HTTP GET to a “Hello World” ASP page. After validating that it worked properly, I then enabled NTLM authentication on that directory.

The webserver in question is Windows 2003 server, and I am using my workstation for running the client on a Windows XP professional. We are also dealing with default registry entries as outlined in The NTLM Authentication Protocol and Security Support Provider.
Meaning, the registry key LMCompatibilityLevel at HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\LSA\LMCompatibilityLevel is set to 0 and 2 for windows XP professional, and windows 2003 server, respectively.

As mentioned earlier, I was able to verify my function hashing values from examples found in above sources, however, I was unable to authenticate the application.
By utilizing Windows Network Monitor, I captured the traffic for a client that utilized MSXML2.ServerXMLHTTP and evaluated LM and NTLM response for message3.
Because both NTLM and LM responses were 24-bit (3 bytes), I was not sure if NTLMv1 or NTLMv2 was utilized. During my exploration, the evaluation of flags for message1, 2, and 3 were not very useful, because I was still unsure if NTLMv1 or NTLMv2 was being utilized.
I repeated the same experiment with FireFox, and found that only the first byte of LM was set while the remaining two bytes were zero. This lead me to conclusion that “NTLM2 Session Response” was utilized (The NTLM Authentication Protocol and Security Support Provider)
Once again, I utilized the challenge key from message2 (8 bytes key at offset 24), and the client challenge from message3 (8 bytes key set in beginning of LM response where the remaining 16 bytes are zeros) to test my own functions to insure the correct keys were being generated.

After I insured that I was able to mimic the request/response of FireFox, I turned to debugging my application, which addressed my original issue.

You may be interested to know that I was able to connect via NTLMv1 and “NTLM2 Session Response” by utilizing the following flags for my message1:
NEGOTIATE_UNICODE // 0x00000001
| NEGOTIATE_OEM // 0x00000002
| REQUEST_TARGET // 0x00000004
| NEGOTIATE_NTLM // 0x00000200
| NEGOTIATE_ALWAYS_SIGN // 0x00000010
| NEGOTIATE_NTLM2_KEY // 0x00080000 – ONLY for NLTM2 session response, otherwise remove this

Note that “NTLM2 Session Response” required the flag “NEGOTIATE_NTLM2_KEY”, and it was ommited for NTLMv1

Also, for message3 flags, I simply copied the flags that were returned by message2.

In conclusion, I have been able to connect with both NTLMv1 and “NTLM2 Session Response” to
a sample ASP page as well as SqlServer 2005 soap EndPoint that require NTLM authentication.

I hope this info will be helpful for someone else.
Best Regards,
Edvin Eshagh

Last edited by edvin; 06-19-2008 at 11:55 AM..
Login or Register to Ask a Question

Previous Thread | Next Thread

7 More Discussions You Might Find Interesting

1. Shell Programming and Scripting

awk script to find time difference between HTTP PUT and HTTP DELETE requests in access.log

Hi, I'm trying to write a script to determine the time gap between HTTP PUT and HTTP DELETE requests in the HTTP Servers access log. Normally client will do HTTP PUT to push content e.g. file_1.txt and 21 seconds later it will do HTTP DELETE, but sometimes the time varies causing some issues... (3 Replies)
Discussion started by: Juha
3 Replies

2. Web Development

HTTP Headers Reference: HTTP Status-Codes

Hypertext Transfer Protocol -- HTTP/1.1 for Reference - HTTP Headers 10 Status Code Definitions Each Status-Code is described below, including a description of which method(s) it can follow and any metainformation required in the response. (1 Reply)
Discussion started by: Neo
1 Replies

3. Shell Programming and Scripting

Configure Cyrus SASL NTLM Plugin with Postfix

Hello I hope somebody can help with this. I have a shell, that in case of failure, sends an email (relaying through an Exchange Server). This Exchange server only offers NTLM authentication. 250-AUTH NTLM This is the configuration I have: Postfix 2.1.1 as client. Cyrus-SASL... (1 Reply)
Discussion started by: viktor1985
1 Replies

4. UNIX for Dummies Questions & Answers

Configure Cyrus SASL NTLM Plugin with Postfix

Hello I hope somebody can help with this. I have a shell, that in case of failure, sends an email (relaying through an Exchange Server). This Exchange server only offers NTLM authentication. 250-AUTH NTLM This is the configuration I have: Postfix 2.1.1 as client. Cyrus-SASL... (1 Reply)
Discussion started by: viktor1985
1 Replies

5. Shell Programming and Scripting

sending http url through http socket programming..

hi am senthil am developing a software to send and receive SMS using HTTP connection first of all am forming a URL and sending that URL to a remote server using my Client Program i send that url through Socket(using Send() Function) if i send more than one URL one by one using the same... (4 Replies)
Discussion started by: senkerth
4 Replies

6. Programming

sending http url through http socket programming..

hi am senthil am developing a software to send and receive SMS using HTTP connection first of all am forming a URL and sending that URL to a remote server using my Client Program i send that url through Socket(using Send() Function) if i send more than one URL one by one using the same... (0 Replies)
Discussion started by: senkerth
0 Replies

7. HP-UX

SMTP and NTLM

Hi, I have a HP Unix from which I'm trying to connect to an email server through telnet and test sending emails using commands. Why am I doing that is not important. The email server is an Exchange server and it looks like that the only Authentication method it supports is NTLM. The host name... (0 Replies)
Discussion started by: gheibia
0 Replies
Login or Register to Ask a Question