On Wed, 2004-07-14 at 03:51, Serassio Guido wrote: > Hi, > > At 11.55 13/07/2004, Henrik Nordstrom wrote: > > >On Tue, 13 Jul 2004, Andrew Bartlett wrote: > > > > > While I've been trying to code up the 'Negotiate' (SPNEGO) support for > > > Squid, I have seen a lot of: > > > > > > ntlm_request->authchallenge = xstrndup(reply, NTLM_CHALLENGE_SZ > > > + 5); > > > >As robert already said, there is no reason xstrdup should not be used > >here, and I also suspect many of these copies should go away completely > >when we get rid of the challenge/response cache. > > > > > These worry me - not only are these packets not fixed size, Squid has no > > > way of knowing what they should be! > > > >Correct. Squid has no business trying to guess the properties of the > >exchanged blobs. > > This explains now some strange problems with NTLM negotiate using native > Windows NTLM authenticator that I cannot understand before. > > I can confirm that NTLM negotiate fails with "long" domain and machine names: > > I have just rebuild Squid with NTLM_CHALLENGE_SZ set to 400 instead of 300, > and now al works !
Patch to fix this attached. (Seems to work for me). This is a nasty bug - I'm not about to tell the Squid team how to run your releases, but I really hope this can be in a stable release soon. (Because for the poor admin, it's going to be the last thing they will think of...) Andrew Bartlett -- Andrew Bartlett [EMAIL PROTECTED] Authentication Developer, Samba Team http://samba.org Student Network Administrator, Hawker College [EMAIL PROTECTED]
Only in squid-2.5.STABLE6ab: config.cache
Only in squid-2.5.STABLE6ab: config.log
Only in squid-2.5.STABLE6ab: config.status
Only in squid-2.5.STABLE6ab/contrib: Makefile
Only in squid-2.5.STABLE6ab/doc: Makefile
Only in squid-2.5.STABLE6ab/errors: Makefile
Only in squid-2.5.STABLE6ab/helpers/basic_auth/getpwnam: .deps
Only in squid-2.5.STABLE6ab/helpers/basic_auth/getpwnam: Makefile
Only in squid-2.5.STABLE6ab/helpers/basic_auth/LDAP: .deps
Only in squid-2.5.STABLE6ab/helpers/basic_auth/LDAP: Makefile
Only in squid-2.5.STABLE6ab/helpers/basic_auth: Makefile
Only in squid-2.5.STABLE6ab/helpers/basic_auth/MSNT: .deps
Only in squid-2.5.STABLE6ab/helpers/basic_auth/MSNT: Makefile
Only in squid-2.5.STABLE6ab/helpers/basic_auth/multi-domain-NTLM: Makefile
Only in squid-2.5.STABLE6ab/helpers/basic_auth/NCSA: .deps
Only in squid-2.5.STABLE6ab/helpers/basic_auth/NCSA: Makefile
Only in squid-2.5.STABLE6ab/helpers/basic_auth/PAM: .deps
Only in squid-2.5.STABLE6ab/helpers/basic_auth/PAM: Makefile
Only in squid-2.5.STABLE6ab/helpers/basic_auth/SASL: .deps
Only in squid-2.5.STABLE6ab/helpers/basic_auth/SASL: Makefile
Only in squid-2.5.STABLE6ab/helpers/basic_auth/SMB: .deps
Only in squid-2.5.STABLE6ab/helpers/basic_auth/SMB: Makefile
Only in squid-2.5.STABLE6ab/helpers/basic_auth/winbind: .deps
Only in squid-2.5.STABLE6ab/helpers/basic_auth/winbind: Makefile
Only in squid-2.5.STABLE6ab/helpers/basic_auth/YP: .deps
Only in squid-2.5.STABLE6ab/helpers/basic_auth/YP: Makefile
Only in squid-2.5.STABLE6ab/helpers/digest_auth: Makefile
Only in squid-2.5.STABLE6ab/helpers/digest_auth/password: .deps
Only in squid-2.5.STABLE6ab/helpers/digest_auth/password: Makefile
Only in squid-2.5.STABLE6ab/helpers/external_acl/ip_user: .deps
Only in squid-2.5.STABLE6ab/helpers/external_acl/ip_user: Makefile
Only in squid-2.5.STABLE6ab/helpers/external_acl/ldap_group: .deps
Only in squid-2.5.STABLE6ab/helpers/external_acl/ldap_group: Makefile
Only in squid-2.5.STABLE6ab/helpers/external_acl: Makefile
Only in squid-2.5.STABLE6ab/helpers/external_acl/unix_group: .deps
Only in squid-2.5.STABLE6ab/helpers/external_acl/unix_group: Makefile
Only in squid-2.5.STABLE6ab/helpers/external_acl/wbinfo_group: Makefile
Only in squid-2.5.STABLE6ab/helpers/external_acl/winbind_group: .deps
Only in squid-2.5.STABLE6ab/helpers/external_acl/winbind_group: Makefile
Only in squid-2.5.STABLE6ab/helpers: Makefile
Only in squid-2.5.STABLE6ab/helpers/ntlm_auth/fakeauth: .deps
Only in squid-2.5.STABLE6ab/helpers/ntlm_auth/fakeauth: Makefile
Only in squid-2.5.STABLE6ab/helpers/ntlm_auth: Makefile
Only in squid-2.5.STABLE6ab/helpers/ntlm_auth/no_check: Makefile
Only in squid-2.5.STABLE6ab/helpers/ntlm_auth/SMB: .deps
Only in squid-2.5.STABLE6ab/helpers/ntlm_auth/SMB: Makefile
Only in squid-2.5.STABLE6ab/helpers/ntlm_auth/SMB/smbval: .deps
Only in squid-2.5.STABLE6ab/helpers/ntlm_auth/SMB/smbval: Makefile
Only in squid-2.5.STABLE6ab/helpers/ntlm_auth/winbind: .deps
Only in squid-2.5.STABLE6ab/helpers/ntlm_auth/winbind: Makefile
Only in squid-2.5.STABLE6ab/icons: Makefile
Only in squid-2.5.STABLE6ab/include: autoconf.h
Only in squid-2.5.STABLE6ab/include: stamp-h
Only in squid-2.5.STABLE6ab/include: stamp-h1
Only in squid-2.5.STABLE6ab/lib: Array.o
Only in squid-2.5.STABLE6ab/lib: base64.o
Only in squid-2.5.STABLE6ab/lib: .deps
Only in squid-2.5.STABLE6ab/lib: getfullhostname.o
Only in squid-2.5.STABLE6ab/lib: hash.o
Only in squid-2.5.STABLE6ab/lib: heap.o
Only in squid-2.5.STABLE6ab/lib: html_quote.o
Only in squid-2.5.STABLE6ab/lib: iso3307.o
Only in squid-2.5.STABLE6ab/lib: libmiscutil.a
Only in squid-2.5.STABLE6ab/lib: libntlmauth.a
Only in squid-2.5.STABLE6ab/lib: Makefile
Only in squid-2.5.STABLE6ab/lib: md5.o
Only in squid-2.5.STABLE6ab/lib: ntlmauth.o
Only in squid-2.5.STABLE6ab/lib: radix.o
Only in squid-2.5.STABLE6ab/lib: rfc1035.o
Only in squid-2.5.STABLE6ab/lib: rfc1123.o
Only in squid-2.5.STABLE6ab/lib: rfc1738.o
Only in squid-2.5.STABLE6ab/lib: rfc2617.o
Only in squid-2.5.STABLE6ab/lib: safe_inet_addr.o
Only in squid-2.5.STABLE6ab/lib: splay.o
Only in squid-2.5.STABLE6ab/lib: Stack.o
Only in squid-2.5.STABLE6ab/lib: stub_memaccount.o
Only in squid-2.5.STABLE6ab/lib: util.o
Only in squid-2.5.STABLE6ab/lib: uudecode.o
Only in squid-2.5.STABLE6ab: Makefile
Only in squid-2.5.STABLE6ab/scripts: Makefile
Only in squid-2.5.STABLE6ab/scripts: RunAccel
Only in squid-2.5.STABLE6ab/scripts: RunCache
Only in squid-2.5.STABLE6ab/snmplib: asn1.o
Only in squid-2.5.STABLE6ab/snmplib: coexistance.o
Only in squid-2.5.STABLE6ab/snmplib: .deps
Only in squid-2.5.STABLE6ab/snmplib: libsnmp.a
Only in squid-2.5.STABLE6ab/snmplib: Makefile
Only in squid-2.5.STABLE6ab/snmplib: mib.o
Only in squid-2.5.STABLE6ab/snmplib: parse.o
Only in squid-2.5.STABLE6ab/snmplib: snmp_api_error.o
Only in squid-2.5.STABLE6ab/snmplib: snmp_api.o
Only in squid-2.5.STABLE6ab/snmplib: snmp_error.o
Only in squid-2.5.STABLE6ab/snmplib: snmplib_debug.o
Only in squid-2.5.STABLE6ab/snmplib: snmp_msg.o
Only in squid-2.5.STABLE6ab/snmplib: snmp_pdu.o
Only in squid-2.5.STABLE6ab/snmplib: snmp_vars.o
Only in squid-2.5.STABLE6ab/src: access_log.o
Only in squid-2.5.STABLE6ab/src: acl.o
Only in squid-2.5.STABLE6ab/src: asn.o
Only in squid-2.5.STABLE6ab/src/auth/basic: auth_basic.o
Only in squid-2.5.STABLE6ab/src/auth/basic: .dirstamp
Only in squid-2.5.STABLE6ab/src/auth/basic: Makefile
Only in squid-2.5.STABLE6ab/src/auth: .deps
Only in squid-2.5.STABLE6ab/src/auth/digest: auth_digest.o
Only in squid-2.5.STABLE6ab/src/auth/digest: .dirstamp
Only in squid-2.5.STABLE6ab/src/auth/digest: Makefile
Only in squid-2.5.STABLE6ab/src/auth: libbasic.a
Only in squid-2.5.STABLE6ab/src/auth: libdigest.a
Only in squid-2.5.STABLE6ab/src/auth: libntlm.a
Only in squid-2.5.STABLE6ab/src/auth: Makefile
diff -u -r squid-2.5.STABLE6/src/auth/ntlm/auth_ntlm.c squid-2.5.STABLE6ab/src/auth/ntlm/auth_ntlm.c
--- squid-2.5.STABLE6/src/auth/ntlm/auth_ntlm.c 2004-04-18 11:29:52.000000000 +1000
+++ squid-2.5.STABLE6ab/src/auth/ntlm/auth_ntlm.c 2004-07-20 12:48:54.000000000 +1000
@@ -505,13 +505,13 @@
helperstate = helperStatefulServerGetData(srv);
if (helperstate == NULL)
fatal("lost NTLM helper state! quitting\n");
- helperstate->challenge = xstrndup(reply, NTLM_CHALLENGE_SZ + 5);
+ helperstate->challenge = xstrdup(reply);
helperstate->renewed = squid_curtime;
/* and we satisfy the request that happended on the refresh boundary */
/* note this code is now in two places FIXME */
assert(ntlm_request->auth_state == AUTHENTICATE_STATE_NEGOTIATE);
ntlm_request->authserver = srv;
- ntlm_request->authchallenge = xstrndup(reply, NTLM_CHALLENGE_SZ + 5);
+ ntlm_request->authchallenge = xstrdup(reply);
helperstate->challengeuses = 1;
} else if (strncasecmp(reply, "AF ", 3) == 0) {
/* we're finished, release the helper */
@@ -521,7 +521,7 @@
assert(ntlm_user != NULL);
/* we only expect OK when finishing the handshake */
assert(ntlm_request->auth_state == AUTHENTICATE_STATE_RESPONSE);
- ntlm_user->username = xstrndup(reply, MAX_LOGIN_SZ);
+ ntlm_user->username = xstrdup(reply);
ntlm_request->authserver = NULL;
helperStatefulReleaseServer(srv);
#ifdef NTLM_FAIL_OPEN
@@ -541,7 +541,7 @@
assert(ntlm_user != NULL);
/* we only expect LD when finishing the handshake */
assert(ntlm_request->auth_state == AUTHENTICATE_STATE_RESPONSE);
- ntlm_user->username = xstrndup(reply, MAX_LOGIN_SZ);
+ ntlm_user->username = xstrdup(reply);
helperstate = helperStatefulServerGetData(ntlm_request->authserver);
/* BH code: mark helper as broken */
authenticateNTLMResetServer(ntlm_request);
@@ -739,7 +739,7 @@
/* increment the challenge uses */
helperstate->challengeuses++;
/* assign the challenge */
- ntlm_request->authchallenge = xstrndup(helperstate->challenge, NTLM_CHALLENGE_SZ + 5);
+ ntlm_request->authchallenge = xstrdup(helperstate->challenge);
handler(data, NULL);
}
@@ -942,7 +942,7 @@
/* we've recieved a negotiate request. pass to a helper */
debug(29, 9) ("authenticateNTLMAuthenticateUser: auth state ntlm none. %s\n", proxy_auth);
ntlm_request->auth_state = AUTHENTICATE_STATE_NEGOTIATE;
- ntlm_request->ntlmnegotiate = xstrndup(proxy_auth, NTLM_CHALLENGE_SZ + 5);
+ ntlm_request->ntlmnegotiate = xstrdup(proxy_auth);
conn->auth_type = AUTH_NTLM;
conn->auth_user_request = auth_user_request;
ntlm_request->conn = conn;
Only in squid-2.5.STABLE6ab/src/auth/ntlm: auth_ntlm.c~
Only in squid-2.5.STABLE6ab/src/auth/ntlm: auth_ntlm.o
Only in squid-2.5.STABLE6ab/src/auth/ntlm: .dirstamp
Only in squid-2.5.STABLE6ab/src/auth/ntlm: Makefile
Only in squid-2.5.STABLE6ab/src: authenticate.o
Only in squid-2.5.STABLE6ab/src: auth_modules.c
Only in squid-2.5.STABLE6ab/src: auth_modules.o
Only in squid-2.5.STABLE6ab/src: cache_cf.o
Only in squid-2.5.STABLE6ab/src: CacheDigest.o
Only in squid-2.5.STABLE6ab/src: cache_manager.o
Only in squid-2.5.STABLE6ab/src: cachemgr.cgi
Only in squid-2.5.STABLE6ab/src: cachemgr.o
Only in squid-2.5.STABLE6ab/src: carp.o
Only in squid-2.5.STABLE6ab/src: cbdata.o
Only in squid-2.5.STABLE6ab/src: cf.data
Only in squid-2.5.STABLE6ab/src: cf_gen
Only in squid-2.5.STABLE6ab/src: cf_gen_defines.h
Only in squid-2.5.STABLE6ab/src: cf_gen.o
Only in squid-2.5.STABLE6ab/src: cf_parser.h
Only in squid-2.5.STABLE6ab/src: client_db.o
Only in squid-2.5.STABLE6ab/src: client.o
Only in squid-2.5.STABLE6ab/src: client_side.o
Only in squid-2.5.STABLE6ab/src: comm.o
Only in squid-2.5.STABLE6ab/src: comm_select.o
Only in squid-2.5.STABLE6ab/src: debug.o
Only in squid-2.5.STABLE6ab/src: .deps
Only in squid-2.5.STABLE6ab/src: disk.o
Only in squid-2.5.STABLE6ab/src: dns_internal.o
Only in squid-2.5.STABLE6ab/src: errorpage.o
Only in squid-2.5.STABLE6ab/src: ETag.o
Only in squid-2.5.STABLE6ab/src: event.o
Only in squid-2.5.STABLE6ab/src: external_acl.o
Only in squid-2.5.STABLE6ab/src: fd.o
Only in squid-2.5.STABLE6ab/src: filemap.o
Only in squid-2.5.STABLE6ab/src: forward.o
Only in squid-2.5.STABLE6ab/src: fqdncache.o
Only in squid-2.5.STABLE6ab/src/fs/aufs: aiops.o
Only in squid-2.5.STABLE6ab/src/fs/aufs: async_io.o
Only in squid-2.5.STABLE6ab/src/fs/aufs: .dirstamp
Only in squid-2.5.STABLE6ab/src/fs/aufs: Makefile
Only in squid-2.5.STABLE6ab/src/fs/aufs: store_dir_aufs.o
Only in squid-2.5.STABLE6ab/src/fs/aufs: store_io_aufs.o
Only in squid-2.5.STABLE6ab/src/fs/coss: Makefile
Only in squid-2.5.STABLE6ab/src/fs: .deps
Only in squid-2.5.STABLE6ab/src/fs/diskd: .deps
Only in squid-2.5.STABLE6ab/src/fs/diskd: Makefile
Only in squid-2.5.STABLE6ab/src/fs: libaufs.a
Only in squid-2.5.STABLE6ab/src/fs: libnull.a
Only in squid-2.5.STABLE6ab/src/fs: libufs.a
Only in squid-2.5.STABLE6ab/src/fs: Makefile
Only in squid-2.5.STABLE6ab/src/fs/null: .dirstamp
Only in squid-2.5.STABLE6ab/src/fs/null: Makefile
Only in squid-2.5.STABLE6ab/src/fs/null: store_null.o
Only in squid-2.5.STABLE6ab/src/fs/ufs: .dirstamp
Only in squid-2.5.STABLE6ab/src/fs/ufs: Makefile
Only in squid-2.5.STABLE6ab/src/fs/ufs: store_dir_ufs.o
Only in squid-2.5.STABLE6ab/src/fs/ufs: store_io_ufs.o
Only in squid-2.5.STABLE6ab/src: ftp.o
Only in squid-2.5.STABLE6ab/src: globals.c
Only in squid-2.5.STABLE6ab/src: globals.o
Only in squid-2.5.STABLE6ab/src: gopher.o
Only in squid-2.5.STABLE6ab/src: helper.o
Only in squid-2.5.STABLE6ab/src: HttpBody.o
Only in squid-2.5.STABLE6ab/src: HttpHdrCc.o
Only in squid-2.5.STABLE6ab/src: HttpHdrContRange.o
Only in squid-2.5.STABLE6ab/src: HttpHdrRange.o
Only in squid-2.5.STABLE6ab/src: HttpHeader.o
Only in squid-2.5.STABLE6ab/src: HttpHeaderTools.o
Only in squid-2.5.STABLE6ab/src: HttpMsg.o
Only in squid-2.5.STABLE6ab/src: http.o
Only in squid-2.5.STABLE6ab/src: HttpReply.o
Only in squid-2.5.STABLE6ab/src: HttpRequest.o
Only in squid-2.5.STABLE6ab/src: HttpStatusLine.o
Only in squid-2.5.STABLE6ab/src: icmp.o
Only in squid-2.5.STABLE6ab/src: icp_v2.o
Only in squid-2.5.STABLE6ab/src: icp_v3.o
Only in squid-2.5.STABLE6ab/src: ident.o
Only in squid-2.5.STABLE6ab/src: internal.o
Only in squid-2.5.STABLE6ab/src: ipcache.o
Only in squid-2.5.STABLE6ab/src: ipc.o
Only in squid-2.5.STABLE6ab/src: logfile.o
Only in squid-2.5.STABLE6ab/src: main.o
Only in squid-2.5.STABLE6ab/src: Makefile
Only in squid-2.5.STABLE6ab/src: MemBuf.o
Only in squid-2.5.STABLE6ab/src: mem.o
Only in squid-2.5.STABLE6ab/src: MemPool.o
Only in squid-2.5.STABLE6ab/src: mime.o
Only in squid-2.5.STABLE6ab/src: multicast.o
Only in squid-2.5.STABLE6ab/src: neighbors.o
Only in squid-2.5.STABLE6ab/src: net_db.o
Only in squid-2.5.STABLE6ab/src: Packer.o
Only in squid-2.5.STABLE6ab/src: pconn.o
Only in squid-2.5.STABLE6ab/src: peer_digest.o
Only in squid-2.5.STABLE6ab/src: peer_select.o
Only in squid-2.5.STABLE6ab/src: redirect.o
Only in squid-2.5.STABLE6ab/src: referer.o
Only in squid-2.5.STABLE6ab/src: refresh.o
Only in squid-2.5.STABLE6ab/src/repl: .deps
Only in squid-2.5.STABLE6ab/src/repl/heap: Makefile
Only in squid-2.5.STABLE6ab/src/repl: liblru.a
Only in squid-2.5.STABLE6ab/src/repl/lru: .dirstamp
Only in squid-2.5.STABLE6ab/src/repl/lru: Makefile
Only in squid-2.5.STABLE6ab/src/repl/lru: store_repl_lru.o
Only in squid-2.5.STABLE6ab/src/repl: Makefile
Only in squid-2.5.STABLE6ab/src: repl_modules.c
Only in squid-2.5.STABLE6ab/src: repl_modules.o
Only in squid-2.5.STABLE6ab/src: send-announce.o
Only in squid-2.5.STABLE6ab/src: snmp_agent.o
Only in squid-2.5.STABLE6ab/src: snmp_core.o
Only in squid-2.5.STABLE6ab/src: squid
Only in squid-2.5.STABLE6ab/src: squidclient
Only in squid-2.5.STABLE6ab/src: squid.conf.default
Only in squid-2.5.STABLE6ab/src: ssl.o
Only in squid-2.5.STABLE6ab/src: StatHist.o
Only in squid-2.5.STABLE6ab/src: stat.o
Only in squid-2.5.STABLE6ab/src: stmem.o
Only in squid-2.5.STABLE6ab/src: store_client.o
Only in squid-2.5.STABLE6ab/src: store_digest.o
Only in squid-2.5.STABLE6ab/src: store_dir.o
Only in squid-2.5.STABLE6ab/src: store_io.o
Only in squid-2.5.STABLE6ab/src: store_key_md5.o
Only in squid-2.5.STABLE6ab/src: store_log.o
Only in squid-2.5.STABLE6ab/src: store_modules.c
Only in squid-2.5.STABLE6ab/src: store_modules.o
Only in squid-2.5.STABLE6ab/src: store.o
Only in squid-2.5.STABLE6ab/src: store_rebuild.o
Only in squid-2.5.STABLE6ab/src: store_swapin.o
Only in squid-2.5.STABLE6ab/src: store_swapmeta.o
Only in squid-2.5.STABLE6ab/src: store_swapout.o
Only in squid-2.5.STABLE6ab/src: string_arrays.c
Only in squid-2.5.STABLE6ab/src: string_arrays.o
Only in squid-2.5.STABLE6ab/src: String.o
Only in squid-2.5.STABLE6ab/src: tools.o
Only in squid-2.5.STABLE6ab/src: unlinkd
Only in squid-2.5.STABLE6ab/src: unlinkd-daemon.o
Only in squid-2.5.STABLE6ab/src: unlinkd.o
Only in squid-2.5.STABLE6ab/src: url.o
Only in squid-2.5.STABLE6ab/src: urn.o
Only in squid-2.5.STABLE6ab/src: useragent.o
Only in squid-2.5.STABLE6ab/src: wais.o
Only in squid-2.5.STABLE6ab/src: wccp.o
Only in squid-2.5.STABLE6ab/src: whois.o
signature.asc
Description: This is a digitally signed message part
