Re: NTLM and pop-up windows

From: <michele.de-martin@dont-contact.us>
Date: Mon, 12 May 2003 11:26:51 +0200

Here I am.

The only file I changed is "src/auth/ntlm/auth_ntlm.c" where I altered "YR"
to pass the "NEGOTIATE" data to helper: here is the patch.

--- squid-2.5.STABLE2-20030401/src/auth/ntlm/auth_ntlm.c 2003-02-05
00:17:26.000000000 +0100
+++ squid-2.5.STABLE2-20030401-ntmulti/src/auth/ntlm/auth_ntlm.c
2003-05-07 16:05:25.000000000 +0200
@@ -746,7 +746,7 @@
                helperStatefulSubmit(ntlmauthenticators, NULL,
authenticateNTLMHandleplaceholder, r, NULL);
            } else {
                /* Server with invalid challenge */
- snprintf(buf, 8192, "YR\n");
+ snprintf(buf, 8192, "YR %s\n", sent_string);
                helperStatefulSubmit(ntlmauthenticators, buf,
authenticateNTLMHandleReply, r, ntlm_request->authserver);
            }
        } else {

If I understand well, this change shouldn't affect "wb_ntlmauth".

Here is the cache.log portion with "debug_options ALL,1 29,9 84,9".
It is a first access to "www.google.com" which ended well. A following hit
to the refresh button in IE caused the pop-up to appear.

(See attached file: google.log.gz)

Thanks
Michele

                                                                                                                            
                      Robert Collins
                      <robertc@squid-ca To: Michele De Martin/Electrolux IT Solutions/Italy/Electrolux
                      che.org> Group@Electrolux
                                               cc: squid-dev@squid-cache.org
                      05/10/2003 11:23 Subject: Re: NTLM and pop-up windows
                      AM
                                                                                                                            
                                                                                                                            

On Thu, 2003-05-08 at 03:35, michele.de-martin@electrolux.it wrote:
> Hi again,
>
> I 'm here for that strange behaviour squid has with too few ntlm
> authenticators.
> Looking into the attached log you can see a sequence like this:
>
> S->H YR (request 1)
> H->S TT (request 1)
> S->H YR (request 2)
> H->S TT (request 2)

Ok, on line 722 of auth_ntlm.c , the following logic occurs:

* find a potential helper.
* if it's challenge needs changing, mark it as such.
* Grab another server.

Now, when challenge_reuses is 0, the challenge will be changed after
each request. So, that means that the helper won't be reused until after
the reply to the current outstanding request is received and the starve
flag flipped off.

So: I can't see how this would happen in the 2.5 HEAD code.

Can you
* confirm that you have an unaltered squid showing this behaviour
* generate a cache.log with debug_options ALL,1 29,9 84,9 showing this
problem?

Cheers,
Rob 

--
GPG key available at: <http://users.bigpond.net.au/robertc/keys.txt>.
(See attached file: signature.asc)

Received on Mon May 12 2003 - 03:27:50 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:19:55 MST