Scott, For sure it was great if we could include NTLM authentication in HTTP API. Most likely I did not understand you correctly but I thought that you did not like the idea of adding NTLM authentication to HTTP API at all. Therefore I asked for the best way of adding parameter "peNTLM" without breaking any compatibility. So far the patch seems to work for at least 3 users and I am wating for the final feedback of two more users. The patch supports NTLM v1, NTLM v1 + NTLM2 and NTLM v2. It does not (yet) support signing and sealing of messages. Maybe it is possible to add that in the future. I would gladly add parameter peNTLM to http_getAuth() if you agreed to adopt the patch. Feel free to read document [1]http://www.tools400.de/Downloads/Freeware/Tools/FAQ/wsdl2rpg/FAQ_HTT PAPI_and_NTLM_v1.5.pdf to get an overview of the patch. Attached you find the list of changes of HTTP API and the source code of HTTPAPIR4. Search for "NTLM:" to see the changes. Let me know if you need further information to make your decision. Regards, Thomas. ftpapi-bounces@xxxxxxxxxxxxxxxxxxxxxx schrieb am 24.10.2012 05:25:34: > Von: sk@xxxxxxxxxxxxxxxx > An: ftpapi@xxxxxxxxxxxxxxxxxxxxxx, > Datum: 24.10.2012 05:42 > Betreff: Re: How to get back "NTLM authentication required" from > http_getauth()? > Gesendet von: ftpapi-bounces@xxxxxxxxxxxxxxxxxxxxxx > > Hi Thomas, > > I don't understand why you want the peNTLM parameter to be > "unofficial"? Why not make it a part of the base HTTPAPI distribution > so that it will always be there and available to everyone who wants to > use NTLM authentication? > > -SK > > > On 10/23/2012 2:34 PM, Thomas Raddatz wrote: > > Hi Scott, > > > > For now users of the NTLM patch either have to know that the server > > requires NTLM authentication or they have to assume it, in case > > http_getAuth() returns "0" and "false" for "peBasic" and "peDigest". > > > > Since that is somewhat ugly I need a good idea how to extend the > > official HTTP API to get that information. > > > > Of course I could add an unofficial parameter "peNTLM" to > > http_getAuth() but I am concerned about that you might also add a > > parameter (conflicting with peNTLM) some time. > > > > Adding a new procedure to the export list is not a good idea as well, > > because it would conflict with every extension that you add in the > > future. > > > > Do you have a good idea how to solve the problem? > > > > Regards, > > > > Thomas. > > ----------------------------------------------------------------------- > > This is the FTPAPI mailing list. To unsubscribe, please go to: > > [2]http://www.scottklement.com/mailman/listinfo/ftpapi > > ----------------------------------------------------------------------- > > > > ----------------------------------------------------------------------- > This is the FTPAPI mailing list. To unsubscribe, please go to: > [3]http://www.scottklement.com/mailman/listinfo/ftpapi > ----------------------------------------------------------------------- -- IMPORTANT NOTICE: This email is confidential, may be legally privileged, and is for the intended recipient only. Access, disclosure, copying, distribution, or reliance on any of it by anyone else is prohibited and may be a criminal offence. Please delete if obtained in error and email confirmation to the sender. References 1. http://www.tools400.de/Downloads/Freeware/Tools/FAQ/wsdl2rpg/FAQ_HTTPAPI_and_NTLM_v1.5.pdf 2. http://www.scottklement.com/mailman/listinfo/ftpapi 3. http://www.scottklement.com/mailman/listinfo/ftpapi
Changes to HTTPAPI 1.25beta2 to add NTLM authentication
=======================================================
QRPGLESRC:
----------
HTTPAPI_H
1) Added authentication type 'HTTP_AUTH_NTLM'.
2) Added compiler condition HAVE_NTLM.
HTTPAPIR4
1) Added prototype NTLM_H to include the NTLM authentication
procedures.
2) Added parameter 'peResetAuth' to 'interpret_auth', because
'interpret_auth' is being called twice for NTLM authentication.
3) Added 'wwSaveProc' and 'wwFile' to do_oper() in order to
save the actual "receive document" procedure when receiving
the 401 error page for NTLM authentication.
5) Added call to procedure NTLM_produceAuthenticationHeader() to
do_oper() to produce the "Authorization" HTTP header for NTLM
authentication.
6) Added call to procedure NTLM_mustReceiveAuthErrorPage() to
do_oper() to determine whether or not to receive the 401 error
page when using NTLM authentication. We must receive the error
page because we have to use a persistent connection for NTLM. If
we do not receive the error page we will get it later with the
regular data.
7) Changed call to RecvChunk() and RecvDoc() in do_oper() to use
'wwSaveProc' and 'wwFile' to receive the 401 error page.
8) Added call to NTLM_isAuthenticationRequired() to http_getAuth()
because there is no REALM for NTLM authentication. Otherwise
http_getAuth() ends with a "Server did not ask for authentication
error".
9) Added call to NTLM_getRealm() to http_getAuth() to get the server
realm for NTLM authentication.
10) Added call to NTLM_setAuthentication() to procedure http_setauth()
to pass the username and password to the NTLM login module.
11) Added parameter 'peResetAuth' to interpret_auth() to reset the
authentication values when interpret_auth() is called for the
first time.
12) Added call to NTLM_resetAuthentication() to interpret_auth() to
reset the NTLM login module when interpret_auth() is called for
the first time.
13) Added call to NTLM_interpretAuthenticationHeader() to
interpret_auth() to let the NTLM login module parse the HTTP
headers for NTLM authentication.
14) Added call to NTLM_negotiateAuthentication() to http_persist_req()
to negotiate the NTLM parameters with the server when NTLM
authentication is requested.
15) Added field 'wwResetAuth' to parse_resp_chain() to make
interpret_auth() reset the authentication values when it is called
for the first time.
HTTPUTILR4
1) Changed http_dwrite() to append NTLM version information to the
debug log.
ENCRYPTR4 (RPGLE)
1) New module providing data encryption and digest services.
(Uses MD4C4 for MD4 digest. Provides RC4, MD4, DES, MD5Digest and
MD5Hmac services.)
NTLMR4 (RPGLE)
1) New module providing NTLM authentication services.
MD4C4 (C)
1) New module. C implementation of the MD4 digest service of
RSA Data Security, Inc.
MD4R4 (RPGLE)
1) New module. RPGLE implementation of the MD4 digest service of
RSA Data Security, Inc.
MD4_H (RPGLE)
1) Prototypes of MD4C4 and MD4R4.
NTLM_H (RPGLE)
1) Public prototypes of the NTLM authentication extension.
NTLM_P (RPGLE)
1) Private prototypes of the NTLM authentication extension.
QCLSRC:
-------
INSTALL
1) Changed to create the new modules.
2) Changed to add the new modules to binding directory QTEMP/HTTPAPIR4.
Thomas Raddatz, 16.4.2012.
Attachment:
HTTPAPIR4.MBR
Description: Binary data
----------------------------------------------------------------------- This is the FTPAPI mailing list. To unsubscribe, please go to: http://www.scottklement.com/mailman/listinfo/ftpapi -----------------------------------------------------------------------