From 098380760d20bad2a45c3b12ab2a5e4d2b856175 Mon Sep 17 00:00:00 2001 From: Kai Blin Date: Wed, 19 Mar 2008 23:32:38 +0100 Subject: [PATCH] ntlm_auth: Improve compliance to the Squid helper protocol This fixes bug #4235. Patch from Pawel Worach with some linebreaks added by me. Also fix one BH message that the original patch didn't fix. --- source/utils/ntlm_auth.c | 75 ++++++++++++++++++++++++++++-------------------- 1 file changed, 44 insertions(+), 31 deletions(-) diff --git a/source/utils/ntlm_auth.c b/source/utils/ntlm_auth.c index df2bf9753bb..e313d62d020 100644 --- a/source/utils/ntlm_auth.c +++ b/source/utils/ntlm_auth.c @@ -717,7 +717,7 @@ static void manage_squid_ntlmssp_request(struct ntlm_auth_state *state, if (strlen(buf) < 2) { DEBUG(1, ("NTLMSSP query [%s] invalid", buf)); - x_fprintf(x_stdout, "BH\n"); + x_fprintf(x_stdout, "BH NTLMSSP query invalid\n"); return; } @@ -744,7 +744,7 @@ static void manage_squid_ntlmssp_request(struct ntlm_auth_state *state, if (opt_password == NULL) { DEBUG(1, ("Out of memory\n")); - x_fprintf(x_stdout, "BH\n"); + x_fprintf(x_stdout, "BH Out of memory\n"); data_blob_free(&request); return; } @@ -786,7 +786,7 @@ static void manage_squid_ntlmssp_request(struct ntlm_auth_state *state, return; } else { DEBUG(1, ("NTLMSSP query [%s] invalid", buf)); - x_fprintf(x_stdout, "BH\n"); + x_fprintf(x_stdout, "BH NTLMSSP query invalid\n"); return; } @@ -853,7 +853,7 @@ static void manage_client_ntlmssp_request(struct ntlm_auth_state *state, if (strlen(buf) < 2) { DEBUG(1, ("NTLMSSP query [%s] invalid", buf)); - x_fprintf(x_stdout, "BH\n"); + x_fprintf(x_stdout, "BH NTLMSSP query invalid\n"); return; } @@ -879,7 +879,7 @@ static void manage_client_ntlmssp_request(struct ntlm_auth_state *state, if (opt_password == NULL) { DEBUG(1, ("Out of memory\n")); - x_fprintf(x_stdout, "BH\n"); + x_fprintf(x_stdout, "BH Out of memory\n"); data_blob_free(&request); return; } @@ -945,7 +945,7 @@ static void manage_client_ntlmssp_request(struct ntlm_auth_state *state, return; } else { DEBUG(1, ("NTLMSSP query [%s] invalid", buf)); - x_fprintf(x_stdout, "BH\n"); + x_fprintf(x_stdout, "BH NTLMSSP query invalid\n"); return; } @@ -1087,7 +1087,7 @@ static void offer_gss_spnego_mechs(void) { if (len == -1) { DEBUG(1, ("Could not write SPNEGO data blob\n")); - x_fprintf(x_stdout, "BH\n"); + x_fprintf(x_stdout, "BH Could not write SPNEGO data blob\n"); return; } @@ -1119,7 +1119,7 @@ static void manage_gss_spnego_request(struct ntlm_auth_state *state, if (strlen(buf) < 2) { DEBUG(1, ("SPENGO query [%s] invalid", buf)); - x_fprintf(x_stdout, "BH\n"); + x_fprintf(x_stdout, "BH SPENGO query invalid\n"); return; } @@ -1130,7 +1130,7 @@ static void manage_gss_spnego_request(struct ntlm_auth_state *state, ; } else { DEBUG(1, ("SPENGO query [%s] invalid", buf)); - x_fprintf(x_stdout, "BH\n"); + x_fprintf(x_stdout, "BH SPENGO query invalid\n"); return; } @@ -1147,7 +1147,7 @@ static void manage_gss_spnego_request(struct ntlm_auth_state *state, if (strlen(buf) <= 3) { DEBUG(1, ("GSS-SPNEGO query [%s] invalid\n", buf)); - x_fprintf(x_stdout, "BH\n"); + x_fprintf(x_stdout, "BH GSS-SPNEGO query invalid\n"); return; } @@ -1157,7 +1157,7 @@ static void manage_gss_spnego_request(struct ntlm_auth_state *state, if (len == -1) { DEBUG(1, ("GSS-SPNEGO query [%s] invalid", buf)); - x_fprintf(x_stdout, "BH\n"); + x_fprintf(x_stdout, "BH GSS-SPNEGO query invalid\n"); return; } @@ -1169,7 +1169,8 @@ static void manage_gss_spnego_request(struct ntlm_auth_state *state, if ( (request.negTokenInit.mechTypes == NULL) || (request.negTokenInit.mechTypes[0] == NULL) ) { DEBUG(1, ("Client did not offer any mechanism")); - x_fprintf(x_stdout, "BH\n"); + x_fprintf(x_stdout, "BH Client did not offer any " + "mechanism\n"); return; } @@ -1177,15 +1178,18 @@ static void manage_gss_spnego_request(struct ntlm_auth_state *state, if (strcmp(request.negTokenInit.mechTypes[0], OID_NTLMSSP) == 0) { if ( request.negTokenInit.mechToken.data == NULL ) { - DEBUG(1, ("Client did not provide NTLMSSP data\n")); - x_fprintf(x_stdout, "BH\n"); + DEBUG(1, ("Client did not provide NTLMSSP data\n")); + x_fprintf(x_stdout, "BH Client did not provide " + "NTLMSSP data\n"); return; } if ( ntlmssp_state != NULL ) { DEBUG(1, ("Client wants a new NTLMSSP challenge, but " "already got one\n")); - x_fprintf(x_stdout, "BH\n"); + x_fprintf(x_stdout, "BH Client wants a new " + "NTLMSSP challenge, but " + "already got one\n"); ntlmssp_end(&ntlmssp_state); return; } @@ -1219,7 +1223,8 @@ static void manage_gss_spnego_request(struct ntlm_auth_state *state, if ( request.negTokenInit.mechToken.data == NULL ) { DEBUG(1, ("Client did not provide Kerberos data\n")); - x_fprintf(x_stdout, "BH\n"); + x_fprintf(x_stdout, "BH Client did not provide " + "Kerberos data\n"); return; } @@ -1245,7 +1250,9 @@ static void manage_gss_spnego_request(struct ntlm_auth_state *state, if (domain == NULL) { DEBUG(1, ("Did not get a valid principal " "from ads_verify_ticket\n")); - x_fprintf(x_stdout, "BH\n"); + x_fprintf(x_stdout, "BH Did not get a " + "valid principal from " + "ads_verify_ticket\n"); return; } @@ -1268,13 +1275,15 @@ static void manage_gss_spnego_request(struct ntlm_auth_state *state, is the only one we support that sends this stuff */ DEBUG(1, ("Got a negTokenTarg for something non-NTLMSSP: %s\n", request.negTokenTarg.supportedMech)); - x_fprintf(x_stdout, "BH\n"); + x_fprintf(x_stdout, "BH Got a negTokenTarg for " + "something non-NTLMSSP\n"); return; } if (request.negTokenTarg.responseToken.data == NULL) { DEBUG(1, ("Got a negTokenTarg without a responseToken!\n")); - x_fprintf(x_stdout, "BH\n"); + x_fprintf(x_stdout, "BH Got a negTokenTarg without a " + "responseToken!\n"); return; } @@ -1312,7 +1321,7 @@ static void manage_gss_spnego_request(struct ntlm_auth_state *state, if (!reply_argument) { DEBUG(1, ("Could not write SPNEGO data blob\n")); - x_fprintf(x_stdout, "BH\n"); + x_fprintf(x_stdout, "BH Could not write SPNEGO data blob\n"); return; } @@ -1324,7 +1333,7 @@ static void manage_gss_spnego_request(struct ntlm_auth_state *state, if (len == -1) { DEBUG(1, ("Could not write SPNEGO data blob\n")); - x_fprintf(x_stdout, "BH\n"); + x_fprintf(x_stdout, "BH Could not write SPNEGO data blob\n"); return; } @@ -1414,7 +1423,7 @@ static void manage_client_ntlmssp_targ(SPNEGO_DATA spnego) if (client_ntlmssp_state == NULL) { DEBUG(1, ("Got NTLMSSP tArg without a client state\n")); - x_fprintf(x_stdout, "BH\n"); + x_fprintf(x_stdout, "BH Got NTLMSSP tArg without a client state\n"); return; } @@ -1438,7 +1447,8 @@ static void manage_client_ntlmssp_targ(SPNEGO_DATA spnego) DEBUG(1, ("Expected MORE_PROCESSING_REQUIRED from " "ntlmssp_client_update, got: %s\n", nt_errstr(status))); - x_fprintf(x_stdout, "BH\n"); + x_fprintf(x_stdout, "BH Expected MORE_PROCESSING_REQUIRED from " + "ntlmssp_client_update\n"); data_blob_free(&request); ntlmssp_end(&client_ntlmssp_state); return; @@ -1556,7 +1566,8 @@ static void manage_client_krb5_targ(SPNEGO_DATA spnego) switch (spnego.negTokenTarg.negResult) { case SPNEGO_ACCEPT_INCOMPLETE: DEBUG(1, ("Got a Kerberos negTokenTarg with ACCEPT_INCOMPLETE\n")); - x_fprintf(x_stdout, "BH\n"); + x_fprintf(x_stdout, "BH Got a Kerberos negTokenTarg with " + "ACCEPT_INCOMPLETE\n"); break; case SPNEGO_ACCEPT_COMPLETED: DEBUG(10, ("Accept completed\n")); @@ -1588,7 +1599,7 @@ static void manage_gss_spnego_client_request(struct ntlm_auth_state *state, if (strlen(buf) <= 3) { DEBUG(1, ("SPNEGO query [%s] too short\n", buf)); - x_fprintf(x_stdout, "BH\n"); + x_fprintf(x_stdout, "BH SPNEGO query too short\n"); return; } @@ -1602,7 +1613,7 @@ static void manage_gss_spnego_client_request(struct ntlm_auth_state *state, if (opt_password == NULL) { DEBUG(1, ("Out of memory\n")); - x_fprintf(x_stdout, "BH\n"); + x_fprintf(x_stdout, "BH Out of memory\n"); data_blob_free(&request); return; } @@ -1616,7 +1627,7 @@ static void manage_gss_spnego_client_request(struct ntlm_auth_state *state, (strncmp(buf, "AF ", 3) != 0) && (strncmp(buf, "NA ", 3) != 0) ) { DEBUG(1, ("SPNEGO request [%s] invalid\n", buf)); - x_fprintf(x_stdout, "BH\n"); + x_fprintf(x_stdout, "BH SPNEGO request invalid\n"); data_blob_free(&request); return; } @@ -1629,7 +1640,7 @@ static void manage_gss_spnego_client_request(struct ntlm_auth_state *state, if (len == -1) { DEBUG(1, ("Could not read SPNEGO data for [%s]\n", buf)); - x_fprintf(x_stdout, "BH\n"); + x_fprintf(x_stdout, "BH Could not read SPNEGO data\n"); return; } @@ -1658,7 +1669,7 @@ static void manage_gss_spnego_client_request(struct ntlm_auth_state *state, } DEBUG(1, ("Server offered no compatible mechanism\n")); - x_fprintf(x_stdout, "BH\n"); + x_fprintf(x_stdout, "BH Server offered no compatible mechanism\n"); return; } @@ -1680,7 +1691,9 @@ static void manage_gss_spnego_client_request(struct ntlm_auth_state *state, DEBUG(1, ("Got a negTokenTarg with no mech and an " "unknown negResult: %d\n", spnego.negTokenTarg.negResult)); - x_fprintf(x_stdout, "BH\n"); + x_fprintf(x_stdout, "BH Got a negTokenTarg with" + " no mech and an unknown " + "negResult\n"); } ntlmssp_end(&client_ntlmssp_state); @@ -1704,7 +1717,7 @@ static void manage_gss_spnego_client_request(struct ntlm_auth_state *state, } DEBUG(1, ("Got an SPNEGO token I could not handle [%s]!\n", buf)); - x_fprintf(x_stdout, "BH\n"); + x_fprintf(x_stdout, "BH Got an SPNEGO token I could not handle\n"); return; out: -- 2.11.4.GIT