RE: HTTPAPI - Disable NTLM Support

[<victor.j.l.parafina@xxxxxxxxxxxxx>]

Hi Scott,

I am trying to perform a negative test in my interface by entering an invalid username and password. Previously, my interface is able to handle this scenario using HTTPAPI v1.24. I upgraded the HTTPAPI version to v1.31 and now I am having an error in module NTLMR4. Here is the error that I got:

Length or start position is out of range for the string operation.
Unmonitored exception at line 7535

In line:

token = %subst(tokens: start+1: offs-start);

Here are the values in each variable:

TOKENS = Basic realm=login
START = 12
OFFS = 2049

I noticed that one major difference between the versions is the NTLM authentication. Thus, I am trying to disable it to skip going into this line.

Thanks,

Victor

-----Original Message-----
From: ftpapi-bounces@xxxxxxxxxxxxxxxxxxxxxx [mailto:ftpapi-bounces@xxxxxxxxxxxxxxxxxxxxxx] On Behalf Of Scott Klement
Sent: Wednesday, April 13, 2016 1:45 AM
To: HTTPAPI and FTPAPI Projects <ftpapi@xxxxxxxxxxxxxxxxxxxxxx>
Subject: Re: HTTPAPI - Disable NTLM Support

Victor,

We never intended for you to disable this manually...   The INSTALL
program automatically enables/disables based on whether you are running
V5R3 or newer.   In fact, that is the only reason there is an option to
disable it at all -- because it won't work on releases older than V5R3.
Otherwise we would never have given a disable option.

Can you explain why you want to disable it?  If you don't need NTLM, just don't use it...

-SK



On 4/12/2016 2:47 AM, victor.j.l.parafina@xxxxxxxxxxxxx wrote:
>     Hi,
>
>
>     I am trying to disable NTLM Support during the installation of HTTPAPI
>     1.31; however after completing the installation, it seems that the tool
>     still supports NTLM authentication. What I have done is before creating
>     the Install program, I manually updated the following lines in
>     CONFIG_H:
>
>
>     From:
>
>     D/define NTLM_SUPPORT
>
>
>     To:
>
>     D/undefine NTLM_SUPPORT
>
>
>     Once done, I continued with the installation setting the following
>     items:
>
>
>     Question
>
>                                                              Value
>
>     Would you like to build the sample programs?
>
>                                                              N
>
>     Would you like to build HTTPAPI with SSL support?
>
>                                                              Y
>
>     Would you like to build eXpat from source code?
>
>                                                              N
>
>     Would you like to compile support for eXpat into HTTPAPI?
>
>                                                              N
>
>
>     After the installation, I checked the same file and has the NTLM
>     Support option set as defined. I performed a debug and the program
>     still goes on to the code in which the option NTLM support is defined.
>     Please see example below:
>
>
>       /if defined(NTLM_SUPPORT)
>
>      c                   callp     AuthPlugin_resetAuthentication()
>
>       /endif
>
>
>     Are there any steps that I have missed in undefining NTLM support?
>
>
>     Thanks,
>
>     Victor
>
> __________________________________________________________________
>
>     This message is for the designated recipient only and may contain
>     privileged, proprietary, or otherwise confidential information. If you
>     have received it in error, please notify the sender immediately and
>     delete the original. Any other use of the e-mail by you is prohibited.
>     Where allowed by local law, electronic communications with Accenture
>     and its affiliates, including e-mail and instant messaging (including
>     content), may be scanned by our systems for the purposes of information
>     security and assessment of internal compliance with Accenture policy.
>     _______________________________________________________________________
>     _______________
>     www.accenture.com
>
>
>
> ----------------------------------------------------------------------
> - This is the FTPAPI mailing list.  To unsubscribe, please go to:
> http://www.scottklement.com/mailman/listinfo/ftpapi
> ----------------------------------------------------------------------
> -
>
>
> -----
> No virus found in this message.
> Checked by AVG - www.avg.com
> Version: 2016.0.7497 / Virus Database: 4545/12017 - Release Date:
> 04/12/16

-----------------------------------------------------------------------
This is the FTPAPI mailing list.  To unsubscribe, please go to:
http://www.scottklement.com/mailman/listinfo/ftpapi
-----------------------------------------------------------------------

________________________________

This message is for the designated recipient only and may contain privileged, proprietary, or otherwise confidential information. If you have received it in error, please notify the sender immediately and delete the original. Any other use of the e-mail by you is prohibited. Where allowed by local law, electronic communications with Accenture and its affiliates, including e-mail and instant messaging (including content), may be scanned by our systems for the purposes of information security and assessment of internal compliance with Accenture policy.
______________________________________________________________________________________

www.accenture.com
-----------------------------------------------------------------------
This is the FTPAPI mailing list.  To unsubscribe, please go to:
http://www.scottklement.com/mailman/listinfo/ftpapi
-----------------------------------------------------------------------