--------------------- PatchSet 1630 Date: 2001/02/22 08:03:22 Author: kinkie Branch: ntlm Tag: (none) Log: Indentified. Removed old cruft error-detection code (new version is table and much more reliable). Members: src/auth/ntlm/helpers/NTLMSSP/ntlm_auth.c:1.1.4.10->1.1.4.11 Index: squid/src/auth/ntlm/helpers/NTLMSSP/ntlm_auth.c =================================================================== RCS file: /cvsroot/squid-sf//squid/src/auth/ntlm/helpers/NTLMSSP/Attic/ntlm_auth.c,v retrieving revision 1.1.4.10 retrieving revision 1.1.4.11 diff -u -r1.1.4.10 -r1.1.4.11 --- squid/src/auth/ntlm/helpers/NTLMSSP/ntlm_auth.c 13 Feb 2001 15:09:45 -0000 1.1.4.10 +++ squid/src/auth/ntlm/helpers/NTLMSSP/ntlm_auth.c 22 Feb 2001 08:03:22 -0000 1.1.4.11 @@ -126,17 +126,7 @@ void usage() { - fprintf(stderr, - "%s usage:\n" - "%s [-b] [-f] domain\\controller [domain\\controller ...]\n" - "-b, if specified, enables load-balancing among controllers\n" - "-f, if specified, enables failover among controllers\n" - "-l, if specified, changes behavior on domain controller failyures to" - "\tlast-ditch\n\n" - "You MUST specify at least one Domain Controller.\n" - "You can use either \\ or / as separator between the domain name \n" - "\tand the controller name\n", - my_program_name, my_program_name); + fprintf(stderr, "%s usage:\n%s [-b] [-f] domain\\controller [domain\\controller ...]\n-b, if specified, enables load-balancing among controllers\n-f, if specified, enables failover among controllers\n-l, if specified, changes behavior on domain controller failyures to\tlast-ditch\n\nYou MUST specify at least one Domain Controller.\nYou can use either \\ or / as separator between the domain name \n\tand the controller name\n", my_program_name, my_program_name); } @@ -225,7 +215,7 @@ debug("obtain_challenge: getting new challenge\n"); for (j = 0; j < numcontrollers; j++) { if (current_dc->status == DC_OK) { - debug("getting challenge from %s\%s\n", current_dc->domain, current_dc->controller); + debug("getting challenge from %s%s\n", current_dc->domain, current_dc->controller); ch = make_challenge(current_dc->domain, current_dc->controller); if (ch) return ch; /* All went OK, returning */ @@ -296,85 +286,8 @@ /* notreached */ case NTLM_AUTHENTICATE: /* check against the DC */ - plen = strlen(buf) * 3 / 4; /* we only need it here. Optimization */ + plen = strlen(buf) * 3 / 4; /* we only need it here. Optimization */ cred = ntlm_check_auth((ntlm_authenticate *) decoded, plen); -#ifdef OLDCRUFT - if (cred == NULL) { - int errorclass, errorcode; -#ifdef DEBUG - SMB_Get_Error_Msg(SMB_Get_Last_SMB_Err(), error_messages_buffer, BUFFER_SIZE); - debug("Authentication failure. SMB error: %d: %s\n. Class=%d, Code=%d\n", - SMB_Get_Last_SMB_Err(), error_messages_buffer, - SMB_Get_Last_SMB_Err() & 0xff, SMB_Get_Last_SMB_Err() >> 16); - RFCNB_Get_Error_Msg(RFCNB_Get_Last_Error(), error_messages_buffer, BUFFER_SIZE); - debug("RFCNB error status: code=%d (%s)\n", RFCNB_Get_Last_Error(), error_messages_buffer); -#endif - /* This is kind of a special case, which happens when the - * client sends credentials in a domain which is not trusted - * by the domain we're using when authenticating. Unfortunately, - * it can't currently be accommodated in the current framework so - * I'll leave it hanging here, waiting for the general framework - * to be expanded to better accommodate the generale case. */ - errorclass = SMB_Get_Last_SMB_Err() & 0xff; - errorcode = SMB_Get_Last_SMB_Err() >> 16; - if (errorclass == 1 && errorcode == 5) { - SEND("NA Wrong password or untrusted domain"); - return; - } - switch (ntlm_errno) { - case NTLM_LOGON_ERROR: - SEND("NA authentication failure"); - /* I must have been drugged when I wrote the following two lines */ - /* dc_disconnect(); - * current_dc = current_dc->next; */ - return; - case NTLM_SERVER_ERROR: - send_bh_or_ld("BH Domain Controller Error", (ntlm_authenticate *) decoded, plen); - /* SEND("BH Domain Controller Error"); */ - /* we don't really need to disconnect NOW. - * Besides, we asked squid to force a reconnect. This way, if we - * have authentications in flight, we might even succeed. - */ - /* dc_disconnect(); */ - - SMB_Get_Error_Msg(SMB_Get_Last_Error(), smb_error_buffer, 1000); - debug("Last error was: %s, RFC errno=%d\n", smb_error_buffer, RFCNB_Get_Last_Errno()); - if (failover_enabled) - current_dc = current_dc->next; - return; - case NTLM_PROTOCOL_ERROR: - send_bh_or_ld("BH Domain Controller communication error", (ntlm_authenticate *) decoded, plen); - /* SEND("BH Domain Controller communication error"); */ - /* dc_disconnect(); */ - if (failover_enabled) - current_dc = current_dc->next; - return; - case NTLM_NOT_CONNECTED: - send_bh_or_ld("BH Domain Controller (or network) died on us", (ntlm_authenticate *) decoded, plen); - /* SEND("BH Domain Controller (or network) died on us"); */ - /* dc_disconnect(); */ - if (failover_enabled) - current_dc = current_dc->next; - return; - case NTLM_BAD_PROTOCOL: - send_bh_or_ld("BH Domain controller failure", (ntlm_authenticate *) decoded, plen); - /* SEND("BH Domain controller failure"); */ - /* dc_disconnect(); *//* maybe we're overreacting? */ - SMB_Get_Error_Msg(SMB_Get_Last_Error(), smb_error_buffer, 1000); - debug("Last error was: %s. RFCNB errno=%d\n", smb_error_buffer, RFCNB_Get_Last_Errno()); - if (failover_enabled) - current_dc = current_dc->next; - return; - default: - send_bh_or_ld("BH Unhandled error while talking to Domain Controller", (ntlm_authenticate *) decoded, plen); - /* SEND("BH Unhandled error while talking to Domain Controller"); */ - /* dc_disconnect(); *//* maybe we're overreacting? */ - if (failover_enabled) - current_dc = current_dc->next; - return; - } - } -#else /* OLDCRUFT */ if (cred == NULL) { int smblib_err, smb_errorclass, smb_errorcode, nb_error; /* there was an error. We have two errno's to look at. @@ -385,8 +298,7 @@ smb_errorclass = SMBlib_Error_Class(SMB_Get_Last_SMB_Err()); smb_errorcode = SMBlib_Error_Code(SMB_Get_Last_SMB_Err()); nb_error = RFCNB_Get_Last_Error(); - debug("No creds. SMBlib error %d, SMB error class %d, " - "SMB error code %d, NB error %d\n", smblib_err, smb_errorclass, smb_errorcode, nb_error); + debug("No creds. SMBlib error %d, SMB error class %d, SMB error code %d, NB error %d\n", smblib_err, smb_errorclass, smb_errorcode, nb_error); /* Should I use smblib_err? Actually it seems I can do as well * without it.. */ if (nb_error != 0) { /* netbios-level error */ @@ -447,7 +359,6 @@ return; } } -#endif /* OLDCRUFT */ lc(cred); /* let's lowercase them for our convenience */ SEND2("AF %s", cred); return; @@ -486,7 +397,7 @@ debug("ntlm_auth build " __DATE__ ", " __TIME__ " starting up...\n"); #ifdef DEBUG - debug("changing dir to /tmp"); + debug("changing dir to /tmp\n"); chdir("/tmp"); #endif