Hi Andrew,
At 13.51 21/07/2004, Andrew Bartlett wrote:
On Wed, 2004-07-14 at 03:51, Serassio Guido wrote:
> Hi,
>
> At 11.55 13/07/2004, Henrik Nordstrom wrote:
>
> >On Tue, 13 Jul 2004, Andrew Bartlett wrote:
> >
> > > While I've been trying to code up the 'Negotiate' (SPNEGO) support for
> > > Squid, I have seen a lot of:
> > >
> > > ntlm_request->authchallenge = xstrndup(reply, NTLM_CHALLENGE_SZ
> > > + 5);
> >
> >As robert already said, there is no reason xstrdup should not be used
> >here, and I also suspect many of these copies should go away completely
> >when we get rid of the challenge/response cache.
> >
> > > These worry me - not only are these packets not fixed size, Squid has no
> > > way of knowing what they should be!
> >
> >Correct. Squid has no business trying to guess the properties of the
> >exchanged blobs.
>
> This explains now some strange problems with NTLM negotiate using native
> Windows NTLM authenticator that I cannot understand before.
>
> I can confirm that NTLM negotiate fails with "long" domain and machine names:
>
> I have just rebuild Squid with NTLM_CHALLENGE_SZ set to 400 instead of 300,
> and now al works !
Patch to fix this attached. (Seems to work for me).
It works fine on Windows too.
I think that I will release STABLE6 binaries for Windows with this patch applied.
There is still this in auth_ntlm.c:
LOCAL_ARRAY(char, ntlmhash, NTLM_CHALLENGE_SZ * 2);
Regards
Guido
- ======================================================== Guido Serassio Acme Consulting S.r.l. - Microsoft Certified Partner Via Gorizia, 69 10136 - Torino - ITALY Tel. : +39.011.3249426 Fax. : +39.011.3293665 Email: [EMAIL PROTECTED] WWW: http://www.acmeconsulting.it/
