I posted to the users list last week regarding Squid 3.2.3 breaking
Negotiate NTLM authentication. My original report was slightly
inaccurate - it looks like the regression was introduced between 3.1.22
and 3.2.0.1.
I've been investigating this today using Squid 3.2.3 and found that the
problem is that when Auth::Negotiate::Config::fixHeader() is called,
authenticateProgram is unset. However, in
Auth::Negotiate::Config::decode() is is correctly set.
There appear to be two instances of the Auth::Negotiate::Config object:
- One instance is instantiated at the top of
src/auth/negotiate/auth_negotiate.cc as negotiateConfig and this does
_not_ have authenticateProgram set. This is the instance for which
fixHeader() is called.
- One instance is instantiated elsewhere and has authenticateProgram
set. This is the instance for which decode() is called.
Unfortunately, comparing the code between 3.1.20 (which works correctly)
and 3.2.3 (which is broken), I can't see where authenticateProgram
should be set in the negotiateConfig instance. In fact, I don't
understand why there are two instances of this object in the first place?
--
- Steve Hill
Technical Director
Opendium Limited http://www.opendium.com
Direct contacts:
Instant messager: xmpp:steve_at_opendium.com
Email: steve_at_opendium.com
Phone: sip:steve_at_opendium.com
Sales / enquiries contacts:
Email: sales_at_opendium.com
Phone: +44-844-9791439 / sip:sales_at_opendium.com
Support contacts:
Email: support_at_opendium.com
Phone: +44-844-4844916 / sip:support_at_opendium.com
Received on Mon Dec 10 2012 - 16:40:13 MST
This archive was generated by hypermail 2.2.0 : Mon Dec 10 2012 - 12:00:06 MST