[squid-users] problem with ntlm_smb_lm_auth helper

Emmanuel Garette egarette at cadoles.com
Wed Sep 16 09:13:14 UTC 2015 

Le 16/09/2015 11:05, Emmanuel Garette a écrit :
> Le 07/09/2015 18:40, Amos Jeffries a écrit :
>> On 8/09/2015 1:17 a.m., Emmanuel Garette wrote:
>>> Seems to be ok for me. Thanks for your fast reply.
>>>
>>> Need I open a bug in bugzilla ?
>>>
>> No need. I think this may be one of the existing ones about this helper.
>> Thanks for the feedback it should be applied to the current versions
>> shortly.
> Hi,
>
> Today I found a new problem. All work fine with computer join into
> windows domain. Not for computer user CNTLM (not in the domain).
>
> In debug mode I can see this error:
>
>> ntlm_smb_lm_auth.cc(307): pid=4668 :NT response: insane data (pkt-sz:
> 108, fetch len: 0, offset: 108)
>
> If I understand, there is no NT password.

I forgot the trace:

YR TlRMTVNTUAABAAAABrIAAAkACQAmAAAABgAGACAAAABTQ1JJQkVET01QRURBR08=
KK
TlRMTVNTUAADAAAAGAAYAFQAAAAAAAAAbAAAAAkACQBAAAAABQAFAEkAAAAGAAYATgAAAAAAAABsAAAAgoJBAERPTVBFREFHT0FETUlOU0NSSUJFXRkbGCsAILbqhuHyAIWo6XZwbXFCW0p5

Regards,
>
> In older code, there was this line:
>
>> tmp = ntlm_fetch_string ((char *) auth, auth_length, &auth->ntresponse);
>> if (tmp.str != NULL && tmp.l != 0) {
> The NT password was check only if len was different to 0.
>
> In this part of your patch:
>> /* still fetch the NT response and check validity against empty
> password */
>>      {
>>          const strhdr * str = &auth->ntresponse;
>>          int16_t len = le16toh(str->len);
>>          int32_t offset = le32toh(str->offset);
>>          if (len != ENCODED_PASS_LEN || offset + len > auth_length ||
> offset == 0) {
>
> if I replace last line with:
>
>> if ((len != 0 && len != ENCODED_PASS_LEN) || offset + len >
> auth_length || offset == 0) {
>
> Everything works well.
>
> Regards,
>> Amos
>> _______________________________________________
>> squid-users mailing list
>> squid-users at lists.squid-cache.org
>> http://lists.squid-cache.org/listinfo/squid-users
> _______________________________________________
> squid-users mailing list
> squid-users at lists.squid-cache.org
> http://lists.squid-cache.org/listinfo/squid-users

More information about the squid-users mailing list