Hi,
My name is Brian O'Neill and I'm from Minneapolis, MN and I work for a
large financial firm. My background is across the board with unix, nt,
and networking. My programming background (atleast the usable portion of
it) is C/C++, perl, Bource/Korn shell scripting, SQL, and a splattering
of Objective C. I've been using squid off and on for several years in
very elementary ways, but now in the process of setting up a pretty
advanced setup for authentication and access control. I am most
interested in dealing with external authentication/ACL apps especiall
NTLM based stuff, and very fast ways to parse ACL's of 200k+ domains.
Also, I'm including a patch for squid-2.5.STABLE1-20021105
helpers/external_acl/winbind_group/winbind_check_group.c. This patch
first fixes an issue with not checking membership in the last group in
which an NT user is a member of (and if they are a member of only one
group, it doesn't check it at all). Also, is a syntax change for using
wb_group. Current documentation states that for accessing NT groups with
spaces in the names, they need to be quoted. Quoting a group such as
"Foo Bar" gives an error on squid start up. This patch allows the use of
`Foo Bar` to properly be sent to wb_group, and the ACL check to
successfully match the user to group.
-------------------- patch -------------------------------
$ diff wb_check_group.c wb_check_group.c.orig
82,85d81
< case '`':
< quoted = !quoted;
< p++;
< break;
190c186
< for (i = 1; i <= response.data.num_entries; i++) {
---
> for (i = 0; i < response.data.num_entries; i++) {
-----------------------------------------------------------
In addition, I found that ntlm auth with winbind does not work if squid
is compiled with Sun's Workshop 5.0 (on Solaris 8 running in 64bit, but
not compiled 64bit). Everything compiles fine, but wb_ntlmauth fails to
successuflly authentication anyone. Also, debugging fails to work in
wb_ntlmauth if compiled in Sun's cc. I noticed this when trying to get
debugging to work, to find out why it wasn't working, and found the gcc
specifics in the debugging code. So, on a whim compiled with gcc 2.95.3,
and bingo, everything in ntlm authentication suddenly started working.
Also of note, samba was compiled with WS 5.0's cc.
Thanks,
Brian
--
btoneill@misplaced.net
****************************************************************************
UNIX is simple and coherent, but it takes a genius (or at any rate a
programmer) to understand and appreciate the simplicity." - Dennis Ritchie
****************************************************************************
Received on Tue Nov 12 2002 - 10:55:50 MST
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:18:42 MST