---------------------
PatchSet 5923 
Date: 2003/09/08 20:22:16
Author: serassio
Branch: nt-2_5
Tag: (none) 
Log:
Native Win32 NTLM helper: added command line switch for NTLM packet level debugging, code cleanup

Members: 
	helpers/ntlm_auth/NTLMSSP-WIN32/ntlm.h:1.1.4.4->1.1.4.5 
	helpers/ntlm_auth/NTLMSSP-WIN32/ntlm_auth.c:1.1.4.6->1.1.4.7 
	include/sspwin32.h:1.1.4.1->1.1.4.2 
	lib/sspwin32.c:1.1.4.3->1.1.4.4 

Index: squid/helpers/ntlm_auth/NTLMSSP-WIN32/ntlm.h
===================================================================
RCS file: /cvsroot/squid-sf//squid/helpers/ntlm_auth/NTLMSSP-WIN32/Attic/ntlm.h,v
retrieving revision 1.1.4.4
retrieving revision 1.1.4.5
diff -u -r1.1.4.4 -r1.1.4.5
--- squid/helpers/ntlm_auth/NTLMSSP-WIN32/ntlm.h	7 Sep 2003 17:17:35 -0000	1.1.4.4
+++ squid/helpers/ntlm_auth/NTLMSSP-WIN32/ntlm.h	8 Sep 2003 20:22:16 -0000	1.1.4.5
@@ -44,7 +44,7 @@
 #include <stdio.h>
 #include <unistd.h>
 static char *__foo;
-extern char debug_enabled;
+extern int debug_enabled;
 #define debug(X...) if (debug_enabled) { \
                     fprintf(stderr,"ntlm-auth[%d](%s:%d): ", getpid(), \
                     ((__foo=strrchr(__FILE__,'/'))==NULL?__FILE__:__foo+1),\
@@ -54,7 +54,7 @@
 #define debug(X...)		/* */
 #endif /* DEBUG */
 #else /* __GNUC__ */
-extern char debug_enabled;
+extern int debug_enabled;
 static void
 debug(char *format,...) 
 {
Index: squid/helpers/ntlm_auth/NTLMSSP-WIN32/ntlm_auth.c
===================================================================
RCS file: /cvsroot/squid-sf//squid/helpers/ntlm_auth/NTLMSSP-WIN32/Attic/ntlm_auth.c,v
retrieving revision 1.1.4.6
retrieving revision 1.1.4.7
diff -u -r1.1.4.6 -r1.1.4.7
--- squid/helpers/ntlm_auth/NTLMSSP-WIN32/ntlm_auth.c	7 Sep 2003 17:17:35 -0000	1.1.4.6
+++ squid/helpers/ntlm_auth/NTLMSSP-WIN32/ntlm_auth.c	8 Sep 2003 20:22:16 -0000	1.1.4.7
@@ -50,18 +50,14 @@
 
 #define FAKE_NEGOTIATE 1
 
-#ifdef DEBUG
-char error_messages_buffer[BUFFER_SIZE];
-#endif
-
-char load_balance = 0, protocol_pedantic = 0;
 #ifdef NTLM_FAIL_OPEN
-char last_ditch_enabled = 0;
+int last_ditch_enabled = 0;
 #endif
 
-char debug_enabled=0;
-static int have_challenge;
+int debug_enabled = 0;
+int NTLM_packet_debug_enabled = 0;
 
+static int have_challenge;
 
 char * NTAllowedGroup;
 char * NTDisAllowedGroup;
@@ -117,12 +113,14 @@
 #endif
 }
 
+
 /*
  * options:
- * -v enables debugging statements if DEBUG was defined at build-time.
+ * -d enable debugging.
+ * -v enable verbose NTLM packet debugging.
  * -l if specified, changes behavior on failures to last-ditch.
- * -a can specify a Windows Local Group name allowed to authenticate.
- * -d can specify a Windows Local Group name not allowed to authenticate.
+ * -A can specify a Windows Local Group name allowed to authenticate.
+ * -D can specify a Windows Local Group name not allowed to authenticate.
  * domain\controller ...
  */
 char *my_program_name = NULL;
@@ -132,11 +130,12 @@
 {
     fprintf(stderr,
 #ifdef NTLM_FAIL_OPEN
-	"Usage: %s [-d] [-A|D LocalUserGroup] [-l] [-h]\n"
+	"Usage: %s [-d] [-v] [-A|D LocalUserGroup] [-l] [-h]\n"
 #else
-	"Usage: %s [-d] [-A|D LocalUserGroup] [-h]\n"
+	"Usage: %s [-d] [-v] [-A|D LocalUserGroup] [-h]\n"
 #endif
 	" -d    enable debugging.\n"
+        " -v    enable verbose NTLM packet debugging.\n"
 #ifdef NTLM_FAIL_OPEN
 	" -l if specified, changes behavior on failures to last-ditch\n"
 #endif
@@ -154,9 +153,9 @@
 
     opterr =0;
 #ifdef NTLM_FAIL_OPEN
-    while (-1 != (opt = getopt(argc, argv, "hdlA:D:"))) {
+    while (-1 != (opt = getopt(argc, argv, "hdvlA:D:"))) {
 #else
-    while (-1 != (opt = getopt(argc, argv, "hdA:D:"))) {
+    while (-1 != (opt = getopt(argc, argv, "hdvA:D:"))) {
 #endif
 	switch (opt) {
 	case 'A':
@@ -175,7 +174,10 @@
 	    break;
 #endif
 	case 'd':
-	    debug_enabled=1;
+	    debug_enabled = 1;
+	    break;
+	case 'v':
+	    NTLM_packet_debug_enabled = 1;
 	    break;
 	case 'h':
 	    usage();
@@ -193,6 +195,7 @@
 	exit(1);
 }
 
+
 const char *
 obtain_challenge(ntlm_negotiate * nego, int nego_length)
 {
@@ -237,12 +240,11 @@
 	oversized = 1;
 	goto try_again;
     }
-    if (strlen(buf) > 3) {
+    if ((strlen(buf) > 3) && NTLM_packet_debug_enabled) {
         decoded = base64_decode(buf + 3);
         strncpy(helper_command, buf, 2);
-        debug("Got '%s'\n", helper_command);
+        debug("Got '%s' from Squid with data:\n", helper_command);
         hex_dump(decoded, ((strlen(buf) - 3) * 3) / 4);
-        debug("from Squid\n");
     } else
         debug("Got '%s' from Squid\n", buf);
 #if FAKE_NEGOTIATE
@@ -278,11 +280,13 @@
 #endif
             if ((c = (char *) obtain_challenge((ntlm_negotiate *) decoded, plen)) != NULL )
             {
-                decoded = base64_decode(c);
-	        debug("sending 'TT'\n");
-                hex_dump(decoded, (strlen(c) * 3) / 4);
-                debug("to squid\n"); 
-                printf("TT %s\n",c);
+                if (NTLM_packet_debug_enabled) {
+                    decoded = base64_decode(c);
+	            debug("sending 'TT' with data:\n");
+                    hex_dump(decoded, (strlen(c) * 3) / 4);
+                    printf("TT %s\n",c);
+                } else
+               	    SEND2("TT %s", c);
                 have_challenge = 1;
             } else
                 helperfail("can't obtain challenge");
@@ -384,8 +388,6 @@
 
     debug("%s build " __DATE__ ", " __TIME__ " starting up...\n", my_program_name);
     
-    srand( (unsigned)time( NULL ) );
-
     if (LoadSecurityDll(SSP_NTLM) == NULL) {
 	fprintf(stderr, "FATAL, can't initialize SSPI, exiting.\n");
 	exit(1);
Index: squid/include/sspwin32.h
===================================================================
RCS file: /cvsroot/squid-sf//squid/include/sspwin32.h,v
retrieving revision 1.1.4.1
retrieving revision 1.1.4.2
diff -u -r1.1.4.1 -r1.1.4.2
--- squid/include/sspwin32.h	16 Jul 2002 12:46:50 -0000	1.1.4.1
+++ squid/include/sspwin32.h	8 Sep 2003 20:22:16 -0000	1.1.4.2
@@ -38,8 +38,11 @@
 
 HMODULE LoadSecurityDll(int);
 void UnloadSecurityDll(void);
-BOOL WINAPI SSPLogonUser(PTSTR, PTSTR, PTSTR);
+BOOL WINAPI SSP_LogonUser(PTSTR, PTSTR, PTSTR);
+BOOL WINAPI SSP_ValidateCredentials(PVOID, int);
+const char * WINAPI SSP_MakeChallenge(PVOID, int);
 
 extern SECURITY_STATUS ss;
+extern BOOL Use_Unicode;
 
 #endif /* LIBSSPWIN32_H_ */
Index: squid/lib/sspwin32.c
===================================================================
RCS file: /cvsroot/squid-sf//squid/lib/sspwin32.c,v
retrieving revision 1.1.4.3
retrieving revision 1.1.4.4
diff -u -r1.1.4.3 -r1.1.4.4
--- squid/lib/sspwin32.c	7 Sep 2003 17:18:41 -0000	1.1.4.3
+++ squid/lib/sspwin32.c	8 Sep 2003 20:22:16 -0000	1.1.4.4
@@ -431,7 +431,6 @@
     ntlm_challenge * challenge;
     const char * encoded = NULL;    
 
-
     if (NTLM_asServer.fHaveCtxtHandle)
 	_DeleteSecurityContext(&NTLM_asServer.hctxt);
     if (NTLM_asServer.fHaveCredHandle)
@@ -486,24 +485,3 @@
 
     return fResult;
 }
-
-
-BOOL WINAPI SSP_VerifyChallenge(void)
-{
-    BOOL           fResult    = FALSE;
-    FILETIME       SysTime;
-    ULARGE_INTEGER Now;
-    
-    GetSystemTimeAsFileTime(&SysTime);
-    memcpy(&Now, &SysTime, sizeof(Now));
-    if ((Now.QuadPart >= (unsigned) NTLM_asServer.hctxtLifeTime.QuadPart ) &&
-        (Now.QuadPart >= (unsigned) NTLM_asServer.hcredLifeTime.QuadPart))
-        fResult = TRUE;
-
-    fprintf(stderr,"hctxtLifeTime: %LLu\n",(unsigned) NTLM_asServer.hctxtLifeTime.QuadPart);
-    fprintf(stderr,"hcredLifeTime: %LLu\n",(unsigned) NTLM_asServer.hcredLifeTime.QuadPart);
-    fprintf(stderr,"SystemTime: %LLu\n",Now.QuadPart);
-
-
-    return fResult;
-}