--------------------- PatchSet 845 Date: 2000/11/16 15:49:59 Author: kinkie Branch: ntlm Tag: (none) Log: Implemented "Ignorance is Bliss" by removing some checks. Members: ntlm_auth_modules/fakeauth/fakeauth_auth.c:1.1.2.5->1.1.2.6 ntlm_auth_modules/fakeauth/ntlm.h:1.1.2.2->1.1.2.3 Index: squid/ntlm_auth_modules/fakeauth/fakeauth_auth.c =================================================================== RCS file: /cvsroot/squid-sf//squid/ntlm_auth_modules/fakeauth/Attic/fakeauth_auth.c,v retrieving revision 1.1.2.5 retrieving revision 1.1.2.6 diff -u -r1.1.2.5 -r1.1.2.6 --- squid/ntlm_auth_modules/fakeauth/fakeauth_auth.c 16 Nov 2000 11:51:53 -0000 1.1.2.5 +++ squid/ntlm_auth_modules/fakeauth/fakeauth_auth.c 16 Nov 2000 15:49:59 -0000 1.1.2.6 @@ -195,7 +195,11 @@ return 1; } origbuf = buf; +#ifdef IGNORANCE_IS_BLISS + if (ntlmCheckHeader(&auth->hdr, NTLM_ANY)) { +#else if (ntlmCheckHeader(&auth->hdr, NTLM_AUTHENTICATE)) { +#endif fprintf(stderr, "ntlmDecodeAuth: header check fails\n"); return -1; @@ -234,43 +238,45 @@ int main() { - char buf[256]; - char user[256], *p, *cleartext; - struct ntlm_challenge chal; - int len; - char *fmt = "UNKNOWN", *data = NULL; - - setbuf(stdout, NULL); - while (fgets(buf, 256, stdin) != NULL) { - user[0]='\0'; /*no usercode */ - - if ((p = strchr(buf, '\n')) != NULL) + char buf[256]; + char user[256], *p, *cleartext; + struct ntlm_challenge chal; + int len; + char *fmt = "UNKNOWN", *data = NULL; + + setbuf(stdout, NULL); + while (fgets(buf, 256, stdin) != NULL) { + user[0]='\0'; /*no usercode */ + + if ((p = strchr(buf, '\n')) != NULL) *p = '\0'; /* strip \n */ - if (strncasecmp(buf, "RESET", 5) == 0) { + if (strncasecmp(buf, "RESET", 5) == 0) { printf("RESET OK\n"); - } else { - cleartext = (char *) uudecode(buf); - if (ntlmDecodeAuth((struct ntlm_authenticate *) cleartext, user, - 256)) { - if (!ntlmCheckHeader((struct ntlmhdr *)cleartext, NTLM_NEGOTIATE)) { -// fprintf(stderr,"negotiate request\n"); - ntlmMakeChallenge(&chal); - fmt = "NTLM %s"; - len = sizeof(chal) - sizeof(chal.pad) + SSWAP(chal.target.maxlen); -// fprintf(stderr,"authenticateFixErrorHeader: len: %d\n", len); -// printf("%d\n",len); - data = (char *) base64_encode_bin((char *) &chal, len); - printf("CH %s\n", data); - }else { - lc(user); - printf("ERR %s\n", user); - } - } else { - lc(user); - printf("OK %s\n", user); - } - + } else { + cleartext = (char *) uudecode(buf); + if (ntlmDecodeAuth((struct ntlm_authenticate *) cleartext, user, + 256)) { +#ifdef IGNORANCE_IS_BLISS + if (!ntlmCheckHeader((struct ntlmhdr *)cleartext, NTLM_ANY)) { +#else + if (!ntlmCheckHeader((struct ntlmhdr *)cleartext, NTLM_NEGOTIATE)) { +#endif + ntlmMakeChallenge(&chal); + fmt = "NTLM %s"; + len = sizeof(chal) - sizeof(chal.pad) + SSWAP(chal.target.maxlen); + data = (char *) base64_encode_bin((char *) &chal, len); + printf("CH %s\n", data); + }else { + lc(user); + printf("ERR %s\n", user); + } + } else { + lc(user); + printf("OK %s\n", user); + } + + } } - } - exit(0); + exit(0); } + Index: squid/ntlm_auth_modules/fakeauth/ntlm.h =================================================================== RCS file: /cvsroot/squid-sf//squid/ntlm_auth_modules/fakeauth/Attic/ntlm.h,v retrieving revision 1.1.2.2 retrieving revision 1.1.2.3 diff -u -r1.1.2.2 -r1.1.2.3 --- squid/ntlm_auth_modules/fakeauth/ntlm.h 2 Aug 2000 14:23:35 -0000 1.1.2.2 +++ squid/ntlm_auth_modules/fakeauth/ntlm.h 16 Nov 2000 15:49:59 -0000 1.1.2.3 @@ -1,5 +1,5 @@ /* - * $Id: ntlm.h,v 1.1.2.2 2000/08/02 14:23:35 asd Exp $ + * $Id: ntlm.h,v 1.1.2.3 2000/11/16 15:49:59 kinkie Exp $ * * AUTHOR: Andy Doran * @@ -30,6 +30,10 @@ #ifndef _NTLM_H_ #define _NTLM_H_ +/* undefine this to have strict protocol adherence. You don't really need + * that though */ +#define IGNORANCE_IS_BLISS + #include /* All of this cruft is little endian */ @@ -45,6 +49,7 @@ #define NTLM_NEGOTIATE 1 #define NTLM_CHALLENGE 2 #define NTLM_AUTHENTICATE 3 +#define NTLM_ANY 0 /* Header proceeding each request */ typedef struct ntlmhdr {