Authentication with NTLM proxy server

Szombathelyi György gyurco at freemail.hu
Wed Sep 27 11:41:20 BST 2006 

Krzysztof Lichota írta:
> Robert Gruber napisał(a):
>> Hello,
>>
>> recently I've upgraded my KDE from KDE-3.4 to 3.5.4 (compiled from source). 
>> After updating I wasn't able to browse website with konqueror any more. The 
>> proxy server rejected all of my requests. But I was still able to use firefox 
>> for browsing.
>>
>> Our proxy server uses NTLM for authentication.
>>
>> When I pulled some tcpdumps I realized two differences between firefox and 
>> konqueror:
>> 1) firefow always fills both, the NTLM response and the LanManager response, 
>> with the same key in the NTLMSSP_AUTH packet. konqueror only fills the NTLM 
>> response.
>> 2) konqueror doesn't send any flags in the NTLMSSP_AUTH packet. firefox does.
>>
>>
>>
>> So I change the kntlm.cpp file a bit:
>>
>> --- kntlm.cpp.orig      2006-09-26 13:05:06.000000000 +0200
>> +++ kntlm.cpp   2006-09-26 13:06:11.000000000 +0200
>> @@ -160,14 +160,14 @@ bool KNTLM::getAuth( QByteArray &auth, c
>>
>>      if ( KFromToLittleEndian(ch->flags) & Negotiate_NTLM ) {
>>        response = getNTLMResponse( password, ch->challengeData );
>> -      addBuf( rbuf, ((Auth*) rbuf.data())->ntResponse, response );
>>      } else {
>>        if ( !forceNTLM ) {
>>          response = getLMResponse( password, ch->challengeData );
>> -        addBuf( rbuf, ((Auth*) rbuf.data())->lmResponse, response );
>>        } else
>>          return false;
>>      }
>> +    addBuf( rbuf, ((Auth*) rbuf.data())->ntResponse, response );
>> +    addBuf( rbuf, ((Auth*) rbuf.data())->lmResponse, response );
>>  //  }
>>    if ( !dom.isEmpty() )
>>      addString( rbuf, ((Auth*) rbuf.data())->domain, dom, unicode );
>>
>>
Returning the same data for the LM and NTLM response? It's not good!!
I would write:
addBuf( rbuf, ((Auth*) rbuf.data())->ntResponse, getNTLMResponse( 
password, ch->challengeData ) );
addBuf( rbuf, ((Auth*) rbuf.data())->lmResponse, getLMResponse( 
password, ch->challengeData ));

and delete the whole if () above.

>> With this patch applied I'm now able to use konqueror to browse through the 
>> NTLM-proxy.
> 
> It would be great if it worked. It would fix bug 111982
> (https://bugs.kde.org/show_bug.cgi?id=111982) :)
> 
> 	Krzysztof Lichota
> 
>

More information about the kde-core-devel mailing list