--------------------- PatchSet 5930 Date: 2003/09/13 14:39:23 Author: serassio Branch: nt-2_5 Tag: (none) Log: This patch allow full NTLM negotiation and disable totally NTLM challenge reuse. Members: acconfig.h:1.13.6.5->1.13.6.6 configure.in:1.42.2.5.4.43->1.42.2.5.4.44 port/win32/include/autoconf.h:1.1.2.31->1.1.2.32 src/auth/ntlm/auth_ntlm.c:1.18.2.1.4.3->1.18.2.1.4.4 Index: squid/acconfig.h =================================================================== RCS file: /cvsroot/squid-sf//squid/Attic/acconfig.h,v retrieving revision 1.13.6.5 retrieving revision 1.13.6.6 diff -u -r1.13.6.5 -r1.13.6.6 --- squid/acconfig.h 3 Jul 2002 18:28:57 -0000 1.13.6.5 +++ squid/acconfig.h 13 Sep 2003 14:39:23 -0000 1.13.6.6 @@ -23,7 +23,7 @@ #ifndef __CONFIGURE_H__ #define __CONFIGURE_H__ @TOP@ -/* $Id: acconfig.h,v 1.13.6.5 2002/07/03 18:28:57 serassio Exp $ */ +/* $Id: acconfig.h,v 1.13.6.6 2003/09/13 14:39:23 serassio Exp $ */ /* * configure command line used to configure Squid @@ -151,6 +151,9 @@ /* Define if NTLM is allowed to fail gracefully when a helper has problems */ #undef NTLM_FAIL_OPEN +/* Define if NTLM is allowed to pass NEGOTIATE packet to helpers */ +#undef NTLM_TRUE_NEGOTIATE + /* * Define Windows NT & Windows 2000 run service mode */ Index: squid/configure.in =================================================================== RCS file: /cvsroot/squid-sf//squid/configure.in,v retrieving revision 1.42.2.5.4.43 retrieving revision 1.42.2.5.4.44 diff -u -r1.42.2.5.4.43 -r1.42.2.5.4.44 --- squid/configure.in 8 Sep 2003 11:15:25 -0000 1.42.2.5.4.43 +++ squid/configure.in 13 Sep 2003 14:39:23 -0000 1.42.2.5.4.44 @@ -3,7 +3,7 @@ dnl dnl Duane Wessels, wessels@nlanr.net, February 1996 (autoconf v2.9) dnl -dnl $Id: configure.in,v 1.42.2.5.4.43 2003/09/08 11:15:25 serassio Exp $ +dnl $Id: configure.in,v 1.42.2.5.4.44 2003/09/13 14:39:23 serassio Exp $ dnl dnl dnl @@ -11,7 +11,7 @@ AC_CONFIG_AUX_DIR(cfgaux) AM_INIT_AUTOMAKE(squid, 2.5.STABLE3-NT-CVS) AM_CONFIG_HEADER(include/autoconf.h) -AC_REVISION($Revision: 1.42.2.5.4.43 $)dnl +AC_REVISION($Revision: 1.42.2.5.4.44 $)dnl AC_PREFIX_DEFAULT(/usr/local/squid) AM_MAINTAINER_MODE @@ -59,6 +59,7 @@ mingw|mingw32) AM_CONDITIONAL(ENABLE_MINGW32SPECIFIC, true) AC_PATH_PROG(WIN32_PSAPI, psapi.dll, none) + AC_DEFINE(NTLM_TRUE_NEGOTIATE) CFLAGS="$CFLAGS -mthreads" if test "$ac_cv_path_WIN32_PSAPI" = "none"; then echo "PSAPI.DLL is recommended to run Squid on Windows NT Platform" Index: squid/port/win32/include/autoconf.h =================================================================== RCS file: /cvsroot/squid-sf//squid/port/win32/include/Attic/autoconf.h,v retrieving revision 1.1.2.31 retrieving revision 1.1.2.32 diff -u -r1.1.2.31 -r1.1.2.32 --- squid/port/win32/include/autoconf.h 1 Jun 2003 16:07:35 -0000 1.1.2.31 +++ squid/port/win32/include/autoconf.h 13 Sep 2003 14:39:24 -0000 1.1.2.32 @@ -22,7 +22,7 @@ * */ -/* $Id: autoconf.h,v 1.1.2.31 2003/06/01 16:07:35 serassio Exp $ */ +/* $Id: autoconf.h,v 1.1.2.32 2003/09/13 14:39:24 serassio Exp $ */ /* * configure command line used to configure Squid @@ -155,6 +155,10 @@ /* Define if NTLM is allowed to fail gracefully when a helper has problems */ #undef NTLM_FAIL_OPEN +/* Define if NTLM is allowed to pass NEGOTIATE packet to helpers */ +#undef NTLM_TRUE_NEGOTIATE +#define NTLM_TRUE_NEGOTIATE 1 + /* * Define Windows NT & Windows 2000 run service mode */ Index: squid/src/auth/ntlm/auth_ntlm.c =================================================================== RCS file: /cvsroot/squid-sf//squid/src/auth/ntlm/auth_ntlm.c,v retrieving revision 1.18.2.1.4.3 retrieving revision 1.18.2.1.4.4 diff -u -r1.18.2.1.4.3 -r1.18.2.1.4.4 --- squid/src/auth/ntlm/auth_ntlm.c 5 Feb 2003 10:38:09 -0000 1.18.2.1.4.3 +++ squid/src/auth/ntlm/auth_ntlm.c 13 Sep 2003 14:39:24 -0000 1.18.2.1.4.4 @@ -647,7 +647,11 @@ debug(29, 5) ("authenticateNTLMChangeChallenge_p: first use\n"); return 0; } +#if NTLM_TRUE_NEGOTIATE + { +#else if (helperstate->challengeuses > ntlmConfig->challengeuses) { +#endif debug(29, 4) ("authenticateNTLMChangeChallenge_p: Challenge uses (%d) exceeded max uses (%d)\n", helperstate->challengeuses, ntlmConfig->challengeuses); return 1; } @@ -746,7 +750,11 @@ helperStatefulSubmit(ntlmauthenticators, NULL, authenticateNTLMHandleplaceholder, r, NULL); } else { /* Server with invalid challenge */ +#if NTLM_TRUE_NEGOTIATE + snprintf(buf, 8192, "YR %s\n", sent_string); +#else snprintf(buf, 8192, "YR\n"); +#endif helperStatefulSubmit(ntlmauthenticators, buf, authenticateNTLMHandleReply, r, ntlm_request->authserver); } } else {