[squid-users] problem with ntlm_smb_lm_auth helper
Amos Jeffries
squid3 at treenet.co.nz
Wed Sep 16 09:40:15 UTC 2015
On 16/09/2015 9:05 p.m., Emmanuel Garette wrote:
> Le 07/09/2015 18:40, Amos Jeffries a écrit :
>> On 8/09/2015 1:17 a.m., Emmanuel Garette wrote:
>>>
>>> Seems to be ok for me. Thanks for your fast reply.
>>>
>>> Need I open a bug in bugzilla ?
>>>
>> No need. I think this may be one of the existing ones about this helper.
>> Thanks for the feedback it should be applied to the current versions
>> shortly.
>
> Hi,
>
> Today I found a new problem. All work fine with computer join into
> windows domain. Not for computer user CNTLM (not in the domain).
>
> In debug mode I can see this error:
>
>> ntlm_smb_lm_auth.cc(307): pid=4668 :NT response: insane data (pkt-sz:
> 108, fetch len: 0, offset: 108)
>
> If I understand, there is no NT password.
>
> In older code, there was this line:
>
>> tmp = ntlm_fetch_string ((char *) auth, auth_length, &auth->ntresponse);
>> if (tmp.str != NULL && tmp.l != 0) {
>
> The NT password was check only if len was different to 0.
>
> In this part of your patch:
>> /* still fetch the NT response and check validity against empty
> password */
>> {
>> const strhdr * str = &auth->ntresponse;
>> int16_t len = le16toh(str->len);
>> int32_t offset = le32toh(str->offset);
>> if (len != ENCODED_PASS_LEN || offset + len > auth_length ||
> offset == 0) {
>
> if I replace last line with:
>
>> if ((len != 0 && len != ENCODED_PASS_LEN) || offset + len >
> auth_length || offset == 0) {
>
> Everything works well.
By that do you mean it rejects with "Empty NT password supplied for
user" ? or that it accepts the login?
Amos
More information about the squid-users
mailing list