---------------------
PatchSet 2362 
Date: 2001/05/20 22:24:48
Author: rbcollins
Branch: auth_rewrite
Tag: (none) 
Log:
disable pipelining when NTLM is enabled -to prevent authentication race

Members: 
	src/auth/basic/helpers/multi-domain-NTLM/README.txt:1.1.2.1->1.1.2.2 
	src/auth/basic/helpers/multi-domain-NTLM/smb_auth.pl:1.1.2.2->1.1.2.3 
	src/auth/ntlm/auth_ntlm.c:1.1.2.40->1.1.2.41 

Index: squid/src/auth/basic/helpers/multi-domain-NTLM/README.txt
===================================================================
RCS file: /cvsroot/squid-sf//squid/src/auth/basic/helpers/multi-domain-NTLM/Attic/README.txt,v
retrieving revision 1.1.2.1
retrieving revision 1.1.2.2
diff -u -r1.1.2.1 -r1.1.2.2
--- squid/src/auth/basic/helpers/multi-domain-NTLM/README.txt	7 Jan 2001 14:52:25 -0000	1.1.2.1
+++ squid/src/auth/basic/helpers/multi-domain-NTLM/README.txt	20 May 2001 22:24:48 -0000	1.1.2.2
@@ -1,5 +1,5 @@
 
-From: "Chemolli Francesco (USI)" <ChemolliF@GruppoCredit.it>
+From: "Francesco Chemolli" <kinkie@kame.usr.dsi.unimi.it>
 Subject: Multiple NT domains authenticator
 Date: Fri, 7 Jul 2000 15:37:32 +0200 
 
Index: squid/src/auth/basic/helpers/multi-domain-NTLM/smb_auth.pl
===================================================================
RCS file: /cvsroot/squid-sf//squid/src/auth/basic/helpers/multi-domain-NTLM/Attic/smb_auth.pl,v
retrieving revision 1.1.2.2
retrieving revision 1.1.2.3
diff -u -r1.1.2.2 -r1.1.2.3
--- squid/src/auth/basic/helpers/multi-domain-NTLM/smb_auth.pl	9 Apr 2001 13:36:13 -0000	1.1.2.2
+++ squid/src/auth/basic/helpers/multi-domain-NTLM/smb_auth.pl	20 May 2001 22:24:48 -0000	1.1.2.3
@@ -1,7 +1,8 @@
 #!/usr/bin/perl
+# $Id$
 
 #if you define this, debugging output will be printed to STDERR.
-$debug=1;
+#$debug=1;
 
 #to force using some DC for some domains, fill in this hash.
 #the key is a regexp matched against the domain name
@@ -14,7 +15,7 @@
 
 #define this if you wish to use a WINS server. If undefined, broadcast
 # will be attempted.
-$wins_server="winsservername";
+#$wins_server="winsservername";
 
 # Some servers (at least mine) really really want to be called by address.
 # If this variable is defined, we'll ask nmblookup to do a reverse DNS on the
Index: squid/src/auth/ntlm/auth_ntlm.c
===================================================================
RCS file: /cvsroot/squid-sf//squid/src/auth/ntlm/auth_ntlm.c,v
retrieving revision 1.1.2.40
retrieving revision 1.1.2.41
diff -u -r1.1.2.40 -r1.1.2.41
--- squid/src/auth/ntlm/auth_ntlm.c	10 Mar 2001 00:40:10 -0000	1.1.2.40
+++ squid/src/auth/ntlm/auth_ntlm.c	20 May 2001 22:24:48 -0000	1.1.2.41
@@ -180,6 +180,16 @@
     } else {
 	debug(28, 0) ("unrecognised ntlm auth scheme parameter '%s'\n", param_str);
     }
+    /* disable client side request pipelining. There is a race with NTLM when the client
+     * sends a second request on an NTLM connection before the authenticate challenge is
+     * sent. 
+     * With this patch, the client may fail to authenticate, but squid's state will be 
+     * preserved.
+     * Caveats: this should be a post-parse test, but that can wait for the modular 
+     * parser to be integrated.
+     */
+    if (ntlmConfig->authenticate)
+	Config.onoff.pipeline_prefetch=0;
 }