How to identify if waffle is working with NTLMv1 or NTLMv2

Dec 8, 2010 at 2:20 AM

Is there a way to identify (or a class in waffle which deals with) if waffle is dealing with a NTLMv1 or  NTLMv2 type message?

Dec 8, 2010 at 2:06 PM

Short answer is no, but with just a bit of work it should be possible and quite useful. I created a feature request.

NTLM messages (those tickets after NTLM in the HTTP headers) start with NTLMSSP (0x4e544c4d53535000), followed by the NTLM message type. This type is not the NTLM version, but the step in the protocol. The type is followed by flags, in some combinations they indicate a client that wants to do NTLMv2 and a server agreeing to do that.

In Java, there's a class waffle.util.NtlmMessage that wraps an NTLM message. Subsequently waffle.util.AuthorizationHeader uses this class. Maybe you could read the protocol, extend NtlmMessage and add some code that would identify which version of NTLM the ticket is, then trace which protocol used in the filters (debug mode) - NTLMv1, NTLMv2, Kerberos, something else.



Dec 9, 2010 at 11:31 PM

Is it possible for me to do this change and submit to waffle?

Dec 9, 2010 at 11:43 PM

Of course. There's a section in the doc on contributing and setting up a dev environment. Upload patches to (you can see some people who have contributed). If you do a good job with a patch or two you get actual commit access.

Dec 9, 2010 at 11:47 PM

Okay thanks. I will try to do a good job ;)