--------------------- PatchSet 527 Date: 2000/08/11 13:57:49 Author: kinkie Branch: ntlm Tag: (none) Log: #ifdef-d out a lot of ntlmssp* code, it's not used anymore. Added a compile-time option to allow reusing over and over the same challenge. Members: ntlm_auth_modules/NTLMSSP/libntlmssp.c:1.1.2.7->1.1.2.8 Index: squid/ntlm_auth_modules/NTLMSSP/libntlmssp.c =================================================================== RCS file: /cvsroot/squid-sf//squid/ntlm_auth_modules/NTLMSSP/Attic/libntlmssp.c,v retrieving revision 1.1.2.7 retrieving revision 1.1.2.8 diff -u -r1.1.2.7 -r1.1.2.8 --- squid/ntlm_auth_modules/NTLMSSP/libntlmssp.c 10 Aug 2000 15:08:04 -0000 1.1.2.7 +++ squid/ntlm_auth_modules/NTLMSSP/libntlmssp.c 11 Aug 2000 13:57:49 -0000 1.1.2.8 @@ -40,6 +40,39 @@ #define lstring_zero(s) s.str=NULL; s.l=-1; +#ifdef DEBUG +void debug_dump_ntlmssp_flags(u_int32_t flags) { + fprintf(stderr,"flags: %s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s\n", + (flags&NEGOTIATE_UNICODE?"Unicode ":""), + (flags&NEGOTIATE_ASCII?"ASCII ":""), + (flags&NEGOTIATE_REQUEST_TARGET?"ReqTgt ":""), + (flags&NEGOTIATE_REQUEST_SIGN?"ReqSign ":""), + (flags&NEGOTIATE_REQUEST_SEAL?"ReqSeal ":""), + (flags&NEGOTIATE_DATAGRAM_STYLE?"Dgram ":""), + (flags&NEGOTIATE_USE_LM?"UseLM ":""), + (flags&NEGOTIATE_USE_NETWARE?"UseNW ":""), + (flags&NEGOTIATE_USE_NTLM?"UseNTLM ":""), + (flags&NEGOTIATE_DOMAIN_SUPPLIED?"HaveDomain ":""), + (flags&NEGOTIATE_WORKSTATION_SUPPLIED?"HaveWKS ":""), + (flags&NEGOTIATE_THIS_IS_LOCAL_CALL?"LocalCall ":""), + (flags&NEGOTIATE_ALWAYS_SIGN?"AlwaysSign ":""), + (flags&CHALLENGE_TARGET_IS_DOMAIN?"Tgt_is_domain":""), + (flags&CHALLENGE_TARGET_IS_SERVER?"Tgt_is_server ":""), + (flags&CHALLENGE_TARGET_IS_SHARE?"Tgt_is_share ":""), + (flags&REQUEST_INIT_RESPONSE?"Req_init_response ":""), + (flags&REQUEST_ACCEPT_RESPONSE?"Req_accept_response ":""), + (flags&REQUEST_NON_NT_SESSION_KEY?"Req_nonnt_sesskey ":"") + ); +} +#else +#define debug_dump_ntlmssp_flags(X) /* empty */ +#endif /* DEBUG */ + +#if OLD +/* This code is not used anymore. It's left in as a reference to other + * Free Software products that might want to use NTLMSSP-based authentication. + */ + /* instantiates an empty ntlmssp, with fields initalized to 0/NULL * it will be left to user's care to free it * Returns NULL in case of failure @@ -75,32 +108,11 @@ return rv; } -#ifdef debug + +#ifdef DEBUG void debug_dump_ntlmssp(ntlmssp *n) { fprintf(stderr,"Request type %d\n",n->type); - fprintf(stderr,"\tflags: %s%s%s%s%s%s%s%s%s%s%s%s%s\n", - (n->flags&NEGOTIATE_UNICODE?"Unicode ":""), - (n->flags&NEGOTIATE_ASCII?"ASCII ":""), - (n->flags&NEGOTIATE_REQUEST_TARGET?"ReqTgt ":""), - (n->flags&NEGOTIATE_REQUEST_SIGN?"ReqSign ":""), - (n->flags&NEGOTIATE_REQUEST_SEAL?"ReqSeal ":""), - (n->flags&NEGOTIATE_DATAGRAM_STYLE?"Dgram ":""), - (n->flags&NEGOTIATE_USE_LM?"UseLM ":""), - (n->flags&NEGOTIATE_USE_NETWARE?"UseNW ":""), - (n->flags&NEGOTIATE_USE_NTLM?"UseNTLM ":""), - (n->flags&NEGOTIATE_DOMAIN_SUPPLIED?"HaveDomain ":""), - (n->flags&NEGOTIATE_WORKSTATION_SUPPLIED?"HaveWKS ":""), - (n->flags&NEGOTIATE_THIS_IS_LOCAL_CALL?"LocalCall ":""), - (n->flags&NEGOTIATE_ALWAYS_SIGN?"AlwaysSign ":"") - ); - fprintf(stderr,"\textra flags: Target is %s%s%s, Sesskey %s%s%s\n", - (n->flags&CHALLENGE_TARGET_IS_DOMAIN?"domain ":""), - (n->flags&CHALLENGE_TARGET_IS_SERVER?"server ":""), - (n->flags&CHALLENGE_TARGET_IS_SHARE?"share ":""), - (n->flags&REQUEST_INIT_RESPONSE?"init ":""), - (n->flags&REQUEST_ACCEPT_RESPONSE?"accept ":""), - (n->flags&REQUEST_NON_NT_SESSION_KEY?"non_nt ":"") - ); + debug_dump_ntlmssp_flags(n->flags); if (n->domain.l>=0) fprintf(stderr,"\tdomain: '%s'\n",n->domain.str); /* what about unicode? */ if (n->workstation.l>=0) @@ -139,6 +151,8 @@ free(nt); } +#endif /* 0 */ + /* fetches a string from the authentication packet. * The lstring data-part points to inside the packet itself. * It's up to the user to memcpy() that if the value needs to @@ -155,7 +169,7 @@ l = SSWAP(str->len); o = WSWAP(str->offset); - debug("fetch_string(plength=%d,l=%d,o=%d)\n",length,l,o); + /* debug("fetch_string(plength=%d,l=%d,o=%d)\n",length,l,o); */ if (l < 0 || l > MAX_FIELD_LENGTH || o+l > length || o==0) { debug("ntlmssp: insane data (l: %d, o: %d)\n", l,o); @@ -168,6 +182,7 @@ return rv; } +#if OLD /* decodes a base64-encoded ntlm challenge. returns NULL upon failure, * it's up to the user to free it when needed. */ @@ -235,7 +250,7 @@ } return rv; } - +#endif /* Adds something to the payload. The caller must guarrantee that * there is enough space in the payload string to accommodate the @@ -271,13 +286,15 @@ "NT LANMAN 1.0", NULL}; - if (handle != NULL) -#if 1 /* one challenge - many connections */ - return; + if (handle != NULL) { +#ifdef REUSE_SAME_CHALLENGE + return 0; #else /* one challenge - one connection */ SMB_Discon(handle,0); #endif + } + debug("Connecting to server\n"); handle=SMB_Connect_Server(NULL,domain_controller,domain); if (handle==NULL) { /* couldn't connect */ @@ -317,14 +334,14 @@ REQUEST_NON_NT_SESSION_KEY | CHALLENGE_TARGET_IS_DOMAIN | NEGOTIATE_ALWAYS_SIGN | - NEGOTIATE_USE_NTLM | NEGOTIATE_USE_LM | + NEGOTIATE_USE_NTLM | + NEGOTIATE_USE_LM | NEGOTIATE_ASCII | 0 ); ch.context_low=0; /* check this out */ ch.context_high=0; memcpy(ch.challenge,challenge,8); - debug("flags :0x%x\n",ch.flags); encoded=base64_encode_bin((char *)&ch,48+pl); /* we should copy the string to release the static * in base64_encode_bin). */ @@ -387,8 +404,10 @@ rv=SMB_Logon_Server(handle,user,pass,domain,1); +#ifndef REUSE_SAME_CHALLENGE SMB_Discon(handle,0); handle=NULL; +#endif debug("\tresult is %d\n",rv);