[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: HTTPAPI - Disable NTLM Support

Victor,
Sorry about the troubles. I have had a fix for this error for awhile now, however, it seems that I forgot to put it on my web site.
I've now uploaded version 1.32 that has a fix for this error. Can you try it and see if it solves the problem for you? 

Thanks!



On 4/18/2016 12:50 PM, victor.j.l.parafina@xxxxxxxxxxxxx wrote:

Hi Scott,

I am trying to perform a negative test in my interface by entering an invalid username and password. Previously, my interface is able to handle this scenario using HTTPAPI v1.24. I upgraded the HTTPAPI version to v1.31 and now I am having an error in module NTLMR4. Here is the error that I got:

Length or start position is out of range for the string operation.
Unmonitored exception at line 7535

In line:

token = %subst(tokens: start+1: offs-start);

Here are the values in each variable:

TOKENS = Basic realm=login
START = 12
OFFS = 2049

I noticed that one major difference between the versions is the NTLM authentication. Thus, I am trying to disable it to skip going into this line.

Thanks,

Victor

-----Original Message-----
From: ftpapi-bounces@xxxxxxxxxxxxxxxxxxxxxx [mailto:ftpapi-bounces@xxxxxxxxxxxxxxxxxxxxxx] On Behalf Of Scott Klement
Sent: Wednesday, April 13, 2016 1:45 AM
To: HTTPAPI and FTPAPI Projects <ftpapi@xxxxxxxxxxxxxxxxxxxxxx>
Subject: Re: HTTPAPI - Disable NTLM Support

Victor,

We never intended for you to disable this manually...   The INSTALL
program automatically enables/disables based on whether you are running
V5R3 or newer.   In fact, that is the only reason there is an option to
disable it at all -- because it won't work on releases older than V5R3.
Otherwise we would never have given a disable option.

Can you explain why you want to disable it?  If you don't need NTLM, just don't use it...

-SK



On 4/12/2016 2:47 AM, victor.j.l.parafina@xxxxxxxxxxxxx wrote:

     Hi,


     I am trying to disable NTLM Support during the installation of HTTPAPI
     1.31; however after completing the installation, it seems that the tool
     still supports NTLM authentication. What I have done is before creating
     the Install program, I manually updated the following lines in
     CONFIG_H:


     From:

     D/define NTLM_SUPPORT


     To:

     D/undefine NTLM_SUPPORT


     Once done, I continued with the installation setting the following
     items:


     Question

                                                              Value

     Would you like to build the sample programs?

                                                              N

     Would you like to build HTTPAPI with SSL support?

                                                              Y

     Would you like to build eXpat from source code?

                                                              N

     Would you like to compile support for eXpat into HTTPAPI?

                                                              N


     After the installation, I checked the same file and has the NTLM
     Support option set as defined. I performed a debug and the program
     still goes on to the code in which the option NTLM support is defined.
     Please see example below:


       /if defined(NTLM_SUPPORT)

      c                   callp     AuthPlugin_resetAuthentication()

       /endif


     Are there any steps that I have missed in undefining NTLM support?





-----------------------------------------------------------------------
This is the FTPAPI mailing list.  To unsubscribe, please go to:
http://www.scottklement.com/mailman/listinfo/ftpapi
-----------------------------------------------------------------------