| Dart Home | PowerTCP Emulation for ActiveX | Custom Development | Reply | PowerTCP Emulation / Telnet for ActiveX Topics | Forums |
| Author | Forum: PowerTCP Emulation / Telnet for ActiveX Topic: Command Event |
| support@securenetterm.com support@securenetterm.com From: Katy, TX USA Posts: 11 Member Since: 06/04/03 |
posted August 10, 2003 12:58 PM I am trying to use the PowerVT interface and must handle the telnet negotiation in my code to support advanced authentication options. As a test, I selected the Microsoft NTLM authention to check my telnet negotiation handler. Everything works fine except for my logic to handle a suboption received from the host. My trace indicates I receive a VARIANT pointer in the Command Event callback, and its type is VT_VARIANT | VT_BYREF. I then access the variant pvarVal member which points to a variant of type VT_ARRAY | VT_UI1. So I extract the safearray, but alas I always get two bytes regardless of what was sent by the host. The two bytes are correct, but where is the rest of the data? So, by chance I dump the contents of the suboption variant received, and I can see all the data sent by the host contained within the trace. And it is correct. This would lead me to believe that the rgsabound[0].cElements is not being set correctly. Is there some option I am not setting? I am using the PowerVT interface in a MFC C++ environment. |
Tony Priest From: Utica, NY USA Posts: 8466 Member Since: 04/11/00 |
posted August 10, 2003 8:34 PM What data are you expecting? Are you sure it's not coming in the Receive event? |
| support@securenetterm.com support@securenetterm.com From: Katy, TX USA Posts: 11 Member Since: 06/04/03 |
posted August 10, 2003 10:14 PM I am expecting the normal NTLM suboption data from the host, per NTLM authentication specification. And if its coming in on the receive event, you have a BIG bug in your telnet handler. But no, its not. In fact, as I indicated in my post, I can see it within the VARIANT that was received within the command event. I just can't get it out. |
| Tony Priest From: Utica, NY USA Posts: 8466 Member Since: 04/11/00 |
posted August 11, 2003 9:01 AM Do you have VB? If so please try in VB and see if you get all the data. If you do, it means that there is something going on with your data conversion. If you don't have VB, we can attempt to figure this out, but you will need to have support and you will need to provide us with the account data needed to connect to the server you are using. |
| support@securenetterm.com support@securenetterm.com From: Katy, TX USA Posts: 11 Member Since: 06/04/03 |
posted August 11, 2003 9:37 AM I was simply reporting a BIG bug in your telnet control, within the command event. I have no desire to fund the correction of your mistakes, so we will just go with the Mabry control. It works! I will also report this to David Harry and express my dismay with the support. And, you can check this out on any Microsoft telnet server. NTLM is quite common and is turned on by default on all Microsoft telnet servers. |
Alex Gladshtein From: Rome, NY USA Posts: 131 Member Since: 12/27/00 |
posted August 11, 2003 12:19 PM Hello, Thanks for taking the time to provide us with feedback. Our Telnet implementation does not support NTLM Authentication. I have listed your comments as a feature request, but you are the only person that has requested this. We have found that the Microsoft Telnet server isn't widely used, and those of our customers who do use it, don't use NTLM. If there is a greater demand for NTLM support we will certainly consider adding it to the product. Also, have you considered using SSL over Telnet, as that is something we have been looking at? Best Regards, Alex Gladshtein Dart Communications |
| support@securenetterm.com support@securenetterm.com From: Katy, TX USA Posts: 11 Member Since: 06/04/03 |
posted August 11, 2003 12:51 PM Alex, I am not asking, nor do I expect the control to handle NTLM. But the documentation states the pTelnet->AutoOption can be set to false, and my application can receive and process all telnet messages using the Command event. And thats what I am doing. And everything is working, except for the fact the data contained within the Variant * received in the Command event has a problem. All the data is there, as a safearray (at least thats what its states it is), but the array has only two elements. In fact, if I dump the variant, I can see all the data. It would appear to me to be a problem with the telnet control setting the array parms correctly. And this has nothing really to do with NTLM, I have the same problem on any type of authentication that sends suboption data greater than two bytes in length. |
| Alex Gladshtein From: Rome, NY USA Posts: 131 Member Since: 12/27/00 |
posted August 11, 2003 1:45 PM I apologize for the misunderstanding. We do not have any known bugs with the Command implementation or AutoOption, but the huge majority of our users are in VB and ASP. If this is a bug, it may only manifest itself in C++, although that is very unusual. If you can send your code to support@dart.com and a reference to this topic, someone will see what is occuring in C++. Thanks, Alex Gladshtein |
| support@securenetterm.com support@securenetterm.com From: Katy, TX USA Posts: 11 Member Since: 06/04/03 |
posted August 11, 2003 2:07 PM If VB works ok, how about posting a section of some code (that works) that extracts the data from the SubOption variant received in the command event. I looked at all the samples and nothing even comes close. |
| Alex Gladshtein From: Rome, NY USA Posts: 131 Member Since: 12/27/00 |
posted August 12, 2003 8:39 AM Hello, If you look in the help file under the Command Event, the Example code demonstrates usage for handling manual commands and negotiation. Let us know if that helps. Thanks, Alex |
| support@securenetterm.com support@securenetterm.com From: Katy, TX USA Posts: 11 Member Since: 06/04/03 |
posted August 12, 2003 9:03 AM No, none of the examples show the use of the suboption variant. I sent my code yesterday, and have had several people look at the code, and all agree that its ok. Everything points to the fact that the data is in fact within the suboption variant, and it is correct, but the number of elements is always set to two. The suboptions encrypt and authentication are the only two common ones that contain data. However its very simple to check. Just connect to a Microsoft telnet server. One of the very first suboptions it sends is authentication, which is a three byte suboption. The other common ones are Kerberos and SRP In reply to your question yesterday, I do plan on adding SSL support. In fact, thats the next thing on our list, testing the TELOPT_START_TLS option. |
| Alex Gladshtein From: Rome, NY USA Posts: 131 Member Since: 12/27/00 |
posted August 12, 2003 9:14 AM Hello, Someone is looking at the code you sent. Which servers will you be targeting that support TELOPT_START_TLS? Also, do you see any scenarios that call for implicit SSL connection such as SSL proxies? Thanks, Alex |
| support@securenetterm.com support@securenetterm.com From: Katy, TX USA Posts: 11 Member Since: 06/04/03 |
posted August 12, 2003 9:55 AM At the current time, most of our clients are using the SRP telnet server from Stanford which supports Kerberos and SRP telnet authentication as well as Kerberos, SRP and certificate based TLS. We have not received any requests for implicit TLS. We currently support all of this in our current SecureNetTerm product, which we are now rewriting in C++ and trying to use as much third party support (such as Dart) as possible. As you probably know, we recently released SecureFTP, which offers SSL/SSH support, does use your SSL product. Having as many common subsystems between the two products is a desired goal. Our current SecureNetTerm product uses own own TLS and SSH, via the OpenSSL library. As a side note to your comment about NTLM usage; we have a major OEM client in Europe that has implemented several large projects, based in the thousands of uses, that use NTLM authentication. So from a pure number of users count, NTLM probably is the most commonly used telnet based authentication scheme used by our customers. The second would be Kerberos, which is popular at many of our government installations. |
| Alex Gladshtein From: Rome, NY USA Posts: 131 Member Since: 12/27/00 |
posted August 12, 2003 10:02 AM Thanks for the feedback. Is the NTLM you are implementing from Microsoft's API or are you using another library? In the past we haven't been happy with Microsoft's API. We will have to make sure to get that server into our lab for testing. Thanks, Alex |
| support@securenetterm.com support@securenetterm.com From: Katy, TX USA Posts: 11 Member Since: 06/04/03 |
posted August 12, 2003 10:15 AM Yes, its pure Microsoft. Its been in use in our NetTerm product for around four years, and in our SecureNetTerm product for a couple of years. However very few of our clients use the Microsoft telnet server. Most use the Seattle Labs server (which I believe has been acquired by another company). In fact, our major client in Europe was the one that "convinced" Seattle Labs and ourselves to implement NTLM. |
| Reply | PowerTCP Emulation / Telnet for ActiveX Topics | Forums |
This site is powered by
PowerTCP WebServer for ActiveX
|