Re: Bugzilla #610 and NTLM in Squid 2.5

From: Serassio Guido <guido.serassio@dont-contact.us>
Date: Mon, 12 May 2003 09:48:12 +0200

Hi,

Il 01.18 12/05/2003 Andrew Bartlett ha scritto:

>On Mon, 2003-05-12 at 00:04, Serassio Guido wrote:
> > Hi,
> >
> > I have made some testing about bug #610 and LM/NTLM support.
>
> > diff -u -p -r1.1.2.6 wb_ntlm_auth.c
> > --- helpers/ntlm_auth/winbind/wb_ntlm_auth.c 12 Feb 2003 03:21:01
> > -0000 1.1.2.6
> > +++ helpers/ntlm_auth/winbind/wb_ntlm_auth.c 11 May 2003 12:44:09 -0000
> > @@ -230,6 +230,10 @@ do_authenticate(ntlm_authenticate * auth
> > memcpy(request.data.auth_crap.nt_resp, nthash.str, 24);
> > request.data.auth_crap.nt_resp_len = 24;
> > break;
> > + case 60:
> > + memcpy(request.data.auth_crap.nt_resp, nthash.str, 60);
> > + request.data.auth_crap.nt_resp_len = 60;
> > + break;
> > default:
> > debug("nthash len = %d\n", nthash.l);
> > authfail(domain, user, "Broken NT hash response");
> >
> > I don't know if the 24 value is correct or should be 60, or if both value
> > should be present.
>
>This patch is *compleatly* bogus. The NT response may be any size,
>depending on the length of your server and domain names sent in the
>NTLMSSP request. I think squid might cheat a bit in it's NTLMSSP, but
>the principle remains. Any length, up to the size of the struct you are
>sending to winbind, should be permitted.

OK, this means a bug in wb_ntlmauth: now it expects only 24 bytes.

>However, if you are getting more then 24 bytes for an NTLM response
>(check with ethereal), then squid's NTLMSSP parsing is broken.

Robert, Henrik ?

Regards

Guido

-
========================================================
Guido Serassio
Acme Consulting S.r.l.
Via Gorizia, 69 10136 - Torino - ITALY
Tel. : +39.011.3249426 Fax. : +39.011.3293665
Email: guido.serassio@acmeconsulting.it
WWW: http://www.acmeconsulting.it/
Received on Mon May 12 2003 - 01:48:18 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:19:55 MST