Hi,
At 11.55 13/07/2004, Henrik Nordstrom wrote:
>On Tue, 13 Jul 2004, Andrew Bartlett wrote:
>
> > While I've been trying to code up the 'Negotiate' (SPNEGO) support for
> > Squid, I have seen a lot of:
> >
> > ntlm_request->authchallenge = xstrndup(reply, NTLM_CHALLENGE_SZ
> > + 5);
>
>As robert already said, there is no reason xstrdup should not be used
>here, and I also suspect many of these copies should go away completely
>when we get rid of the challenge/response cache.
>
> > These worry me - not only are these packets not fixed size, Squid has no
> > way of knowing what they should be!
>
>Correct. Squid has no business trying to guess the properties of the
>exchanged blobs.
This explains now some strange problems with NTLM negotiate using native
Windows NTLM authenticator that I cannot understand before.
I can confirm that NTLM negotiate fails with "long" domain and machine names:
I have just rebuild Squid with NTLM_CHALLENGE_SZ set to 400 instead of 300,
and now al works !
Regards
Guido
>Regards
>Henrik
-
========================================================
Guido Serassio
Acme Consulting S.r.l. - Microsoft Certified Partner
Via Gorizia, 69 10136 - Torino - ITALY
Tel. : +39.011.3249426 Fax. : +39.011.3293665
Email: guido.serassio@acmeconsulting.it
WWW: http://www.acmeconsulting.it/
Received on Tue Jul 13 2004 - 11:52:58 MDT
This archive was generated by hypermail pre-2.1.9 : Sat Jul 31 2004 - 12:00:03 MDT