sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-08-08 13:49:29 +03:00
Code Activity

ntlm_auth: Improve compliance to the Squid helper protocol

Browse Source 
This fixes bug #4235.

Patch from Pawel Worach <pawel.worach@gmail.com> with some linebreaks
added by me.

Also fix one BH message that the original patch didn't fix.
This commit is contained in:
Kai Blin
2008-03-19 23:32:38 +01:00
parent 03a980d8f6
commit 098380760d
1 changed files with 44 additions and 31 deletions
Download Patch File Download Diff File Expand all files Collapse all files

75
source/utils/ntlm_auth.c
View File

@ -717,7 +717,7 @@ static void manage_squid_ntlmssp_request(struct ntlm_auth_state *state,
if (strlen(buf) < 2) {
DEBUG(1, ("NTLMSSP query [%s] invalid", buf));
x_fprintf(x_stdout, "BH\n");
x_fprintf(x_stdout, "BH NTLMSSP query invalid\n");
return;
}
@ -744,7 +744,7 @@ static void manage_squid_ntlmssp_request(struct ntlm_auth_state *state,
if (opt_password == NULL) {
DEBUG(1, ("Out of memory\n"));
x_fprintf(x_stdout, "BH\n");
x_fprintf(x_stdout, "BH Out of memory\n");
data_blob_free(&request);
return;
}
@ -786,7 +786,7 @@ static void manage_squid_ntlmssp_request(struct ntlm_auth_state *state,
return;
} else {
DEBUG(1, ("NTLMSSP query [%s] invalid", buf));
x_fprintf(x_stdout, "BH\n");
x_fprintf(x_stdout, "BH NTLMSSP query invalid\n");
return;
}
@ -853,7 +853,7 @@ static void manage_client_ntlmssp_request(struct ntlm_auth_state *state,
if (strlen(buf) < 2) {
DEBUG(1, ("NTLMSSP query [%s] invalid", buf));
x_fprintf(x_stdout, "BH\n");
x_fprintf(x_stdout, "BH NTLMSSP query invalid\n");
return;
}
@ -879,7 +879,7 @@ static void manage_client_ntlmssp_request(struct ntlm_auth_state *state,
if (opt_password == NULL) {
DEBUG(1, ("Out of memory\n"));
x_fprintf(x_stdout, "BH\n");
x_fprintf(x_stdout, "BH Out of memory\n");
data_blob_free(&request);
return;
}
@ -945,7 +945,7 @@ static void manage_client_ntlmssp_request(struct ntlm_auth_state *state,
return;
} else {
DEBUG(1, ("NTLMSSP query [%s] invalid", buf));
x_fprintf(x_stdout, "BH\n");
x_fprintf(x_stdout, "BH NTLMSSP query invalid\n");
return;
}
@ -1087,7 +1087,7 @@ static void offer_gss_spnego_mechs(void) {
if (len == -1) {
DEBUG(1, ("Could not write SPNEGO data blob\n"));
x_fprintf(x_stdout, "BH\n");
x_fprintf(x_stdout, "BH Could not write SPNEGO data blob\n");
return;
}
@ -1119,7 +1119,7 @@ static void manage_gss_spnego_request(struct ntlm_auth_state *state,
if (strlen(buf) < 2) {
DEBUG(1, ("SPENGO query [%s] invalid", buf));
x_fprintf(x_stdout, "BH\n");
x_fprintf(x_stdout, "BH SPENGO query invalid\n");
return;
}
@ -1130,7 +1130,7 @@ static void manage_gss_spnego_request(struct ntlm_auth_state *state,
;
} else {
DEBUG(1, ("SPENGO query [%s] invalid", buf));
x_fprintf(x_stdout, "BH\n");
x_fprintf(x_stdout, "BH SPENGO query invalid\n");
return;
}
@ -1147,7 +1147,7 @@ static void manage_gss_spnego_request(struct ntlm_auth_state *state,
if (strlen(buf) <= 3) {
DEBUG(1, ("GSS-SPNEGO query [%s] invalid\n", buf));
x_fprintf(x_stdout, "BH\n");
x_fprintf(x_stdout, "BH GSS-SPNEGO query invalid\n");
return;
}
@ -1157,7 +1157,7 @@ static void manage_gss_spnego_request(struct ntlm_auth_state *state,
if (len == -1) {
DEBUG(1, ("GSS-SPNEGO query [%s] invalid", buf));
x_fprintf(x_stdout, "BH\n");
x_fprintf(x_stdout, "BH GSS-SPNEGO query invalid\n");
return;
}
@ -1169,7 +1169,8 @@ static void manage_gss_spnego_request(struct ntlm_auth_state *state,
if ( (request.negTokenInit.mechTypes == NULL) ||
(request.negTokenInit.mechTypes[0] == NULL) ) {
DEBUG(1, ("Client did not offer any mechanism"));
x_fprintf(x_stdout, "BH\n");
x_fprintf(x_stdout, "BH Client did not offer any "
"mechanism\n");
return;
}
@ -1177,15 +1178,18 @@ static void manage_gss_spnego_request(struct ntlm_auth_state *state,
if (strcmp(request.negTokenInit.mechTypes[0], OID_NTLMSSP) == 0) {
if ( request.negTokenInit.mechToken.data == NULL ) {
DEBUG(1, ("Client did not provide NTLMSSP data\n"));
x_fprintf(x_stdout, "BH\n");
DEBUG(1, ("Client did not provide NTLMSSP data\n"));
x_fprintf(x_stdout, "BH Client did not provide "
"NTLMSSP data\n");
return;
}
if ( ntlmssp_state != NULL ) {
DEBUG(1, ("Client wants a new NTLMSSP challenge, but "
"already got one\n"));
x_fprintf(x_stdout, "BH\n");
x_fprintf(x_stdout, "BH Client wants a new "
"NTLMSSP challenge, but "
"already got one\n");
ntlmssp_end(&ntlmssp_state);
return;
}
@ -1219,7 +1223,8 @@ static void manage_gss_spnego_request(struct ntlm_auth_state *state,
if ( request.negTokenInit.mechToken.data == NULL ) {
DEBUG(1, ("Client did not provide Kerberos data\n"));
x_fprintf(x_stdout, "BH\n");
x_fprintf(x_stdout, "BH Client did not provide "
"Kerberos data\n");
return;
}
@ -1245,7 +1250,9 @@ static void manage_gss_spnego_request(struct ntlm_auth_state *state,
if (domain == NULL) {
DEBUG(1, ("Did not get a valid principal "
"from ads_verify_ticket\n"));
x_fprintf(x_stdout, "BH\n");
x_fprintf(x_stdout, "BH Did not get a "
"valid principal from "
"ads_verify_ticket\n");
return;
}
@ -1268,13 +1275,15 @@ static void manage_gss_spnego_request(struct ntlm_auth_state *state,
is the only one we support that sends this stuff */
DEBUG(1, ("Got a negTokenTarg for something non-NTLMSSP: %s\n",
request.negTokenTarg.supportedMech));
x_fprintf(x_stdout, "BH\n");
x_fprintf(x_stdout, "BH Got a negTokenTarg for "
"something non-NTLMSSP\n");
return;
}
if (request.negTokenTarg.responseToken.data == NULL) {
DEBUG(1, ("Got a negTokenTarg without a responseToken!\n"));
x_fprintf(x_stdout, "BH\n");
x_fprintf(x_stdout, "BH Got a negTokenTarg without a "
"responseToken!\n");
return;
}
@ -1312,7 +1321,7 @@ static void manage_gss_spnego_request(struct ntlm_auth_state *state,
if (!reply_argument) {
DEBUG(1, ("Could not write SPNEGO data blob\n"));
x_fprintf(x_stdout, "BH\n");
x_fprintf(x_stdout, "BH Could not write SPNEGO data blob\n");
return;
}
@ -1324,7 +1333,7 @@ static void manage_gss_spnego_request(struct ntlm_auth_state *state,
if (len == -1) {
DEBUG(1, ("Could not write SPNEGO data blob\n"));
x_fprintf(x_stdout, "BH\n");
x_fprintf(x_stdout, "BH Could not write SPNEGO data blob\n");
return;
}
@ -1414,7 +1423,7 @@ static void manage_client_ntlmssp_targ(SPNEGO_DATA spnego)
if (client_ntlmssp_state == NULL) {
DEBUG(1, ("Got NTLMSSP tArg without a client state\n"));
x_fprintf(x_stdout, "BH\n");
x_fprintf(x_stdout, "BH Got NTLMSSP tArg without a client state\n");
return;
}
@ -1438,7 +1447,8 @@ static void manage_client_ntlmssp_targ(SPNEGO_DATA spnego)
DEBUG(1, ("Expected MORE_PROCESSING_REQUIRED from "
"ntlmssp_client_update, got: %s\n",
nt_errstr(status)));
x_fprintf(x_stdout, "BH\n");
x_fprintf(x_stdout, "BH Expected MORE_PROCESSING_REQUIRED from "
"ntlmssp_client_update\n");
data_blob_free(&request);
ntlmssp_end(&client_ntlmssp_state);
return;
@ -1556,7 +1566,8 @@ static void manage_client_krb5_targ(SPNEGO_DATA spnego)
switch (spnego.negTokenTarg.negResult) {
case SPNEGO_ACCEPT_INCOMPLETE:
DEBUG(1, ("Got a Kerberos negTokenTarg with ACCEPT_INCOMPLETE\n"));
x_fprintf(x_stdout, "BH\n");
x_fprintf(x_stdout, "BH Got a Kerberos negTokenTarg with "
"ACCEPT_INCOMPLETE\n");
break;
case SPNEGO_ACCEPT_COMPLETED:
DEBUG(10, ("Accept completed\n"));
@ -1588,7 +1599,7 @@ static void manage_gss_spnego_client_request(struct ntlm_auth_state *state,
if (strlen(buf) <= 3) {
DEBUG(1, ("SPNEGO query [%s] too short\n", buf));
x_fprintf(x_stdout, "BH\n");
x_fprintf(x_stdout, "BH SPNEGO query too short\n");
return;
}
@ -1602,7 +1613,7 @@ static void manage_gss_spnego_client_request(struct ntlm_auth_state *state,
if (opt_password == NULL) {
DEBUG(1, ("Out of memory\n"));
x_fprintf(x_stdout, "BH\n");
x_fprintf(x_stdout, "BH Out of memory\n");
data_blob_free(&request);
return;
}
@ -1616,7 +1627,7 @@ static void manage_gss_spnego_client_request(struct ntlm_auth_state *state,
(strncmp(buf, "AF ", 3) != 0) &&
(strncmp(buf, "NA ", 3) != 0) ) {
DEBUG(1, ("SPNEGO request [%s] invalid\n", buf));
x_fprintf(x_stdout, "BH\n");
x_fprintf(x_stdout, "BH SPNEGO request invalid\n");
data_blob_free(&request);
return;
}
@ -1629,7 +1640,7 @@ static void manage_gss_spnego_client_request(struct ntlm_auth_state *state,
if (len == -1) {
DEBUG(1, ("Could not read SPNEGO data for [%s]\n", buf));
x_fprintf(x_stdout, "BH\n");
x_fprintf(x_stdout, "BH Could not read SPNEGO data\n");
return;
}
@ -1658,7 +1669,7 @@ static void manage_gss_spnego_client_request(struct ntlm_auth_state *state,
}
DEBUG(1, ("Server offered no compatible mechanism\n"));
x_fprintf(x_stdout, "BH\n");
x_fprintf(x_stdout, "BH Server offered no compatible mechanism\n");
return;
}
@ -1680,7 +1691,9 @@ static void manage_gss_spnego_client_request(struct ntlm_auth_state *state,
DEBUG(1, ("Got a negTokenTarg with no mech and an "
"unknown negResult: %d\n",
spnego.negTokenTarg.negResult));
x_fprintf(x_stdout, "BH\n");
x_fprintf(x_stdout, "BH Got a negTokenTarg with"
" no mech and an unknown "
"negResult\n");
}
ntlmssp_end(&client_ntlmssp_state);
@ -1704,7 +1717,7 @@ static void manage_gss_spnego_client_request(struct ntlm_auth_state *state,
}
DEBUG(1, ("Got an SPNEGO token I could not handle [%s]!\n", buf));
x_fprintf(x_stdout, "BH\n");
x_fprintf(x_stdout, "BH Got an SPNEGO token I could not handle\n");
return;
out: