On Wed, 2004-07-14 at 03:51, Serassio Guido wrote:
> Hi,
>
> At 11.55 13/07/2004, Henrik Nordstrom wrote:
>
> >On Tue, 13 Jul 2004, Andrew Bartlett wrote:
> >
> > > While I've been trying to code up the 'Negotiate' (SPNEGO) support for
> > > Squid, I have seen a lot of:
> > >
> > > ntlm_request->authchallenge = xstrndup(reply, NTLM_CHALLENGE_SZ
> > > + 5);
> >
> >As robert already said, there is no reason xstrdup should not be used
> >here, and I also suspect many of these copies should go away completely
> >when we get rid of the challenge/response cache.
> >
> > > These worry me - not only are these packets not fixed size, Squid has no
> > > way of knowing what they should be!
> >
> >Correct. Squid has no business trying to guess the properties of the
> >exchanged blobs.
>
> This explains now some strange problems with NTLM negotiate using native
> Windows NTLM authenticator that I cannot understand before.
>
> I can confirm that NTLM negotiate fails with "long" domain and machine names:
>
> I have just rebuild Squid with NTLM_CHALLENGE_SZ set to 400 instead of 300,
> and now al works !
Patch to fix this attached. (Seems to work for me).
This is a nasty bug - I'm not about to tell the Squid team how to run
your releases, but I really hope this can be in a stable release soon.
(Because for the poor admin, it's going to be the last thing they will
think of...)
Andrew Bartlett
-- Andrew Bartlett abartlet@samba.org Authentication Developer, Samba Team http://samba.org Student Network Administrator, Hawker College abartlet@hawkerc.net
This archive was generated by hypermail pre-2.1.9 : Sat Jul 31 2004 - 12:00:03 MDT