---------------------
PatchSet 6062 
Date: 2003/11/30 11:44:38
Author: serassio
Branch: nt-2_5
Tag: (none) 
Log:
Fixed NTLM local authentication problem

Members: 
	helpers/ntlm_auth/NTLMSSP-WIN32/libntlmssp.c:1.1.4.6->1.1.4.7 
	helpers/ntlm_auth/NTLMSSP-WIN32/ntlm_auth.c:1.1.4.13->1.1.4.14 
	include/sspwin32.h:1.1.4.3->1.1.4.4 
	lib/sspwin32.c:1.1.4.6->1.1.4.7 

Index: squid/helpers/ntlm_auth/NTLMSSP-WIN32/libntlmssp.c
===================================================================
RCS file: /cvsroot/squid-sf//squid/helpers/ntlm_auth/NTLMSSP-WIN32/Attic/libntlmssp.c,v
retrieving revision 1.1.4.6
retrieving revision 1.1.4.7
diff -u -r1.1.4.6 -r1.1.4.7
--- squid/helpers/ntlm_auth/NTLMSSP-WIN32/libntlmssp.c	13 Sep 2003 16:28:06 -0000	1.1.4.6
+++ squid/helpers/ntlm_auth/NTLMSSP-WIN32/libntlmssp.c	30 Nov 2003 11:44:38 -0000	1.1.4.7
@@ -220,44 +220,45 @@
 
     lstring tmp;
 
-    tmp = ntlm_fetch_string((char *) auth, auth_length, &auth->domain);
+    if (!NTLM_LocalCall) {
 
-    if (tmp.str == NULL || tmp.l == 0) {
-	debug("No domain supplied. Returning no-auth\n");
-	ntlm_errno = NTLM_BAD_REQUEST;
-	return NULL;
-    }
-    if (Use_Unicode) {
-        /* copy unicode buffer */
-        WideCharToMultiByte(CP_ACP, 0, (LPCWSTR) tmp.str, tmp.l, domain, 256, NULL, NULL );
-        /* add null termination */
-        domain[tmp.l / sizeof(WCHAR)] = '\0';
-    } else {
-        memcpy(domain, tmp.str, tmp.l);
-        domain[tmp.l] = '\0';
-    }
-    tmp = ntlm_fetch_string((char *) auth, auth_length, &auth->user);
-    if (tmp.str == NULL || tmp.l == 0) {
-	debug("No username supplied. Returning no-auth\n");
-	ntlm_errno = NTLM_BAD_REQUEST;
-	return NULL;
-    }
-    if (Use_Unicode) {
-        /* copy unicode buffer */
-        WideCharToMultiByte(CP_ACP, 0, (LPCWSTR) tmp.str, tmp.l, user, 256, NULL, NULL );
-        /* add null termination */
-        user[tmp.l / sizeof(WCHAR)] = '\0';
-    } else {
-        memcpy(user, tmp.str, tmp.l);
-        user[tmp.l] = '\0';
-    }
+        tmp = ntlm_fetch_string((char *) auth, auth_length, &auth->domain);
+
+        if (tmp.str == NULL || tmp.l == 0) {
+	    debug("No domain supplied. Returning no-auth\n");
+	    ntlm_errno = NTLM_BAD_REQUEST;
+	    return NULL;
+        }
+        if (Use_Unicode) {
+            /* copy unicode buffer */
+            WideCharToMultiByte(CP_ACP, 0, (LPCWSTR) tmp.str, tmp.l, domain, 256, NULL, NULL );
+            /* add null termination */
+            domain[tmp.l / sizeof(WCHAR)] = '\0';
+        } else {
+            memcpy(domain, tmp.str, tmp.l);
+            domain[tmp.l] = '\0';
+        }
+        tmp = ntlm_fetch_string((char *) auth, auth_length, &auth->user);
+        if (tmp.str == NULL || tmp.l == 0) {
+	    debug("No username supplied. Returning no-auth\n");
+	    ntlm_errno = NTLM_BAD_REQUEST;
+	    return NULL;
+        }
+        if (Use_Unicode) {
+            /* copy unicode buffer */
+            WideCharToMultiByte(CP_ACP, 0, (LPCWSTR) tmp.str, tmp.l, user, 256, NULL, NULL );
+            /* add null termination */
+            user[tmp.l / sizeof(WCHAR)] = '\0';
+        } else {
+            memcpy(user, tmp.str, tmp.l);
+            user[tmp.l] = '\0';
+        }
+        debug("checking domain: '%s', user: '%s'\n", domain, user);
 
-    strcpy(credentials, domain);
-    strcat(credentials, "\\");
-    strcat(credentials, user);
+    } else
+        debug("checking local user\n");
 
-    debug("checking domain: '%s', user: '%s'\n", domain, user);
-    rv = SSP_ValidateCredentials(auth, auth_length);
+    rv = SSP_ValidateCredentials(auth, auth_length, credentials);
 
     debug("Login attempt had result %d\n", rv);
 
Index: squid/helpers/ntlm_auth/NTLMSSP-WIN32/ntlm_auth.c
===================================================================
RCS file: /cvsroot/squid-sf//squid/helpers/ntlm_auth/NTLMSSP-WIN32/Attic/ntlm_auth.c,v
retrieving revision 1.1.4.13
retrieving revision 1.1.4.14
diff -u -r1.1.4.13 -r1.1.4.14
--- squid/helpers/ntlm_auth/NTLMSSP-WIN32/ntlm_auth.c	29 Nov 2003 14:25:17 -0000	1.1.4.13
+++ squid/helpers/ntlm_auth/NTLMSSP-WIN32/ntlm_auth.c	30 Nov 2003 11:44:38 -0000	1.1.4.14
@@ -91,12 +91,7 @@
 void
 helperfail(const char *reason)
 {
-    int old_debug;
-
-    old_debug = debug_enabled;
-    debug_enabled = 1;
     SEND2("BH %s", reason);
-    debug_enabled = old_debug;
 }
 
 /*
@@ -273,6 +268,8 @@
                     decoded = base64_decode(c);
 	            debug("sending 'TT' to squid with data:\n");
                     hex_dump(decoded, (strlen(c) * 3) / 4);
+                    if (NTLM_LocalCall)
+                        debug("NTLM Local Call detected\n");
                 } else {
                	    SEND2("TT %s", c);
                 }
Index: squid/include/sspwin32.h
===================================================================
RCS file: /cvsroot/squid-sf//squid/include/sspwin32.h,v
retrieving revision 1.1.4.3
retrieving revision 1.1.4.4
diff -u -r1.1.4.3 -r1.1.4.4
--- squid/include/sspwin32.h	13 Sep 2003 10:44:31 -0000	1.1.4.3
+++ squid/include/sspwin32.h	30 Nov 2003 11:44:38 -0000	1.1.4.4
@@ -39,9 +39,9 @@
 HMODULE LoadSecurityDll(int);
 void UnloadSecurityDll(void);
 BOOL WINAPI SSP_LogonUser(PTSTR, PTSTR, PTSTR);
-BOOL WINAPI SSP_ValidateCredentials(PVOID, int);
+BOOL WINAPI SSP_ValidateCredentials(PVOID, int, char *);
 const char * WINAPI SSP_MakeChallenge(PVOID, int);
 
 extern BOOL Use_Unicode;
-
+extern BOOL NTLM_LocalCall;
 #endif /* LIBSSPWIN32_H_ */
Index: squid/lib/sspwin32.c
===================================================================
RCS file: /cvsroot/squid-sf//squid/lib/sspwin32.c,v
retrieving revision 1.1.4.6
retrieving revision 1.1.4.7
diff -u -r1.1.4.6 -r1.1.4.7
--- squid/lib/sspwin32.c	14 Sep 2003 10:27:56 -0000	1.1.4.6
+++ squid/lib/sspwin32.c	30 Nov 2003 11:44:38 -0000	1.1.4.7
@@ -40,6 +40,7 @@
 static AUTH_SEQ NTLM_asServer = {0};
 
 BOOL Use_Unicode = FALSE;
+BOOL NTLM_LocalCall = FALSE;
 
 /* Function pointers */
 ACCEPT_SECURITY_CONTEXT_FN _AcceptSecurityContext = NULL;
@@ -50,7 +51,11 @@
 FREE_CREDENTIALS_HANDLE_FN _FreeCredentialsHandle = NULL;
 INITIALIZE_SECURITY_CONTEXT_FN _InitializeSecurityContext = NULL;
 QUERY_SECURITY_PACKAGE_INFO_FN _QuerySecurityPackageInfo = NULL;
-
+#ifdef UNICODE
+QUERY_CONTEXT_ATTRIBUTES_FN_W _QueryContextAttributes = NULL;
+#else
+QUERY_CONTEXT_ATTRIBUTES_FN_A _QueryContextAttributes = NULL;
+#endif
 
 void UnloadSecurityDll(void)
 {
@@ -73,6 +78,7 @@
     _FreeCredentialsHandle      = NULL;
     _InitializeSecurityContext  = NULL;
     _QuerySecurityPackageInfo   = NULL;
+    _QueryContextAttributes     = NULL;
 
     hModule = NULL;
 }
@@ -180,6 +186,18 @@
 	hModule = NULL;
     }
 
+#ifdef UNICODE
+    _QueryContextAttributes = (QUERY_CONTEXT_ATTRIBUTES_FN_W) 
+	GetProcAddress(hModule, "QueryContextAttributesW");
+#else
+    _QueryContextAttributes = (QUERY_CONTEXT_ATTRIBUTES_FN_A)
+	GetProcAddress(hModule, "QueryContextAttributesA");
+#endif
+    if (!_QueryContextAttributes) {
+	UnloadSecurityDll();
+	hModule = NULL;
+    }
+
     /* Get max token size */
     _QuerySecurityPackageInfo(_T("NTLM"), &pSPI);
     cbMaxToken = pSPI->cbMaxToken;
@@ -263,7 +281,7 @@
 
 
 BOOL GenServerContext(PAUTH_SEQ pAS, PVOID pIn, DWORD cbIn, PVOID pOut, 
-		      PDWORD pcbOut, PBOOL pfDone)
+		      PDWORD pcbOut, PBOOL pfDone, char * credentials)
 {
 /*
  *   Routine Description:
@@ -282,6 +300,7 @@
     SecBufferDesc   sbdIn;
     SecBuffer       sbIn;
     ULONG           fContextAttr;
+    SecPkgContext_Names namebuffer;
 
     if (!pAS->fInitialized)  {
 	SecurityStatus = _AcquireCredentialsHandle(NULL, _T("NTLM"), 
@@ -321,6 +340,14 @@
 	if (SecurityStatus < 0)
 	    return FALSE;
     }
+
+    if (credentials != NULL) {
+        SecurityStatus = _QueryContextAttributes(&pAS->hctxt, SECPKG_ATTR_NAMES, &namebuffer);
+        if (SecurityStatus < 0)
+	    return FALSE;
+        strcpy(credentials, namebuffer.sUserName);
+    }
+
     *pcbOut = sbOut.cbBuffer;
     if (!pAS->fInitialized)
 	pAS->fInitialized = TRUE;
@@ -368,7 +395,7 @@
 	cbIn = cbOut;
 	cbOut = cbMaxToken;
 	if (!GenServerContext(&asServer, pClientBuf, cbIn, pServerBuf, &cbOut, 
-	    &fDone))
+	    &fDone, NULL))
 	    break;
 /* Most likely failure: AcceptServerContext fails with SEC_E_LOGON_DENIED
  * in the case of bad szUser or szPassword.
@@ -387,7 +414,7 @@
 	cbIn = cbOut;
 	cbOut = cbMaxToken;
 	if (!GenServerContext(&asServer, pClientBuf, cbIn, pServerBuf, &cbOut, 
-	    &fDone))
+	    &fDone, NULL))
 	    break;
 	fResult = TRUE;
     } while(0);
@@ -420,6 +447,7 @@
     if (NTLM_asServer.fHaveCredHandle)
         _FreeCredentialsHandle(&NTLM_asServer.hcred);
 
+    NTLM_LocalCall = FALSE;
     Use_Unicode = FALSE;
     memcpy(pClientBuf, PNegotiateBuf, NegotiateLen);
     ZeroMemory(pServerBuf, cbMaxToken);
@@ -432,20 +460,21 @@
 	cbIn = NegotiateLen;
 	cbOut = cbMaxToken;
 	if (!GenServerContext(&NTLM_asServer, pClientBuf, cbIn, pServerBuf, &cbOut, 
-	    &fDone))
+	    &fDone, NULL))
 	    break;
 	fResult = pServerBuf;
     } while(0);
     if (fResult != NULL) {
         challenge = (ntlm_challenge *) fResult;
         Use_Unicode = NEGOTIATE_UNICODE & challenge->flags;
+        NTLM_LocalCall = NEGOTIATE_THIS_IS_LOCAL_CALL & challenge->flags;
         encoded = base64_encode_bin((char *) fResult, cbOut);
     }
     return encoded;
 }
 
 
-BOOL WINAPI SSP_ValidateCredentials(PVOID PAutenticateBuf, int AutenticateLen)
+BOOL WINAPI SSP_ValidateCredentials(PVOID PAutenticateBuf, int AutenticateLen, char * credentials)
 {
     BOOL        fDone      = FALSE;
     BOOL        fResult    = FALSE;
@@ -462,7 +491,7 @@
         cbIn = AutenticateLen;
 	cbOut = cbMaxToken;
 	if (!GenServerContext(&NTLM_asServer, pClientBuf, cbIn, pServerBuf, &cbOut, 
-	    &fDone))
+	    &fDone, credentials))
 	    break;
 	fResult = TRUE;
     } while(0);