Hi Marcel,

Thank you for the pointer, but it seems not to be correctly implement.

I have attached a capture from IE vs. a capture from curl. IE works and curl fails. I did some minor modification to /lib/vauth/ntlm.c to ignore target_info_len after which it worked.


#if defined(USE_NTRESPONSES) && defined(USE_NTLM_V2)
if(ntlm->target_info_len) {
unsigned char ntbuffer[0x18];
unsigned char entropy[8];
unsigned char ntlmv2hash[0x18];


#if defined(USE_NTRESPONSES) && defined(USE_NTLM_V2)
if( 1 == 1 ) {
unsigned char ntbuffer[0x18];
unsigned char entropy[8];
unsigned char ntlmv2hash[0x18];


Now I don’t know what is the reason for this check in the code and why it makes it work.

Does anybody know ? Can it be fixed (assuming it is wrong as is ) ?

Thank you
Markus




From: Marcel Raad
Sent: Saturday, November 10, 2018 9:54 PM
To: libcurl development ; curl-***@cool.haxx.se
Cc: Markus Moeller
Subject: RE: NTLMV2 authentication;

Hi Markus,



(sorry, my Outlook can only reply properly to plain text mails)



support for NTLMv2 was added in version 7.36.0:

https://github.com/curl/curl/commit/86724581b6c02d160b52f817550cfdfc9c93af62



Marcel



From: curl-library <curl-library-***@cool.haxx.se> On Behalf Of Markus Moeller via curl-library
Sent: Samstag, 10. November 2018 16:04
To: curl-***@cool.haxx.se; curl-***@cool.haxx.se
Cc: Markus Moeller <***@moeller.plus.com>
Subject: NTLMV2 authentication;



Hi,



I am trying to find out if curl support NTLMv2 auth and NTLM2SessionResponse (like HTTPClient

https://hc.apache.org/httpcomponents-client-ga/ntlm.html ) for Web and proxy auth. From what I read this is not (yet ? ) the case, but more Active Directory Administrators starting to disable the weaker auth methods i.e. I think it will be needed.



Can someone confirm the status please ?



Thank you

Markus