[squid-users] problem with ntlm_smb_lm_auth helper

Emmanuel Garette egarette at cadoles.com
Wed Sep 16 09:05:32 UTC 2015


Le 07/09/2015 18:40, Amos Jeffries a écrit :
> On 8/09/2015 1:17 a.m., Emmanuel Garette wrote:
>>
>> Seems to be ok for me. Thanks for your fast reply.
>>
>> Need I open a bug in bugzilla ?
>>
> No need. I think this may be one of the existing ones about this helper.
> Thanks for the feedback it should be applied to the current versions
> shortly.

Hi,

Today I found a new problem. All work fine with computer join into
windows domain. Not for computer user CNTLM (not in the domain).

In debug mode I can see this error:

> ntlm_smb_lm_auth.cc(307): pid=4668 :NT response: insane data (pkt-sz:
108, fetch len: 0, offset: 108)

If I understand, there is no NT password.

In older code, there was this line:

> tmp = ntlm_fetch_string ((char *) auth, auth_length, &auth->ntresponse);
> if (tmp.str != NULL && tmp.l != 0) {

The NT password was check only if len was different to 0.

In this part of your patch:
> /* still fetch the NT response and check validity against empty
password */
>      {
>          const strhdr * str = &auth->ntresponse;
>          int16_t len = le16toh(str->len);
>          int32_t offset = le32toh(str->offset);
>          if (len != ENCODED_PASS_LEN || offset + len > auth_length ||
offset == 0) {

if I replace last line with:

> if ((len != 0 && len != ENCODED_PASS_LEN) || offset + len >
auth_length || offset == 0) {

Everything works well.

Regards,
>
> Amos
> _______________________________________________
> squid-users mailing list
> squid-users at lists.squid-cache.org
> http://lists.squid-cache.org/listinfo/squid-users



More information about the squid-users mailing list