[squid-users] problem fakeauth_auth

From: Joao Alves Neto <alves_joao_at_hotmail.com>
Date: Mon, 27 Apr 2009 01:21:06 +0000

Hi there

We are facing a problem with squid/fakeauth_auth helper, after change in NTLM parameters of our stations(Require Message Integrity, Message Confidentiality, NTLMv2 Session Security, 128-bit Encryption).

I made some tests and realized that NTLMSSP Flags returned in NTLMSSP_CHALLENGE to station is wrong:

1 - Success Authentication (ntlm_auth)

    1 - HTTP/1.0 407 Proxy Authentication Required (text/html)

    2 - GET http:/// HTTP/1.1 , NTLMSSP_NEGOTIATE
     -Proxy-Authorization: NTLM Taldjfpoa\sdfalsdmflasdflafajsdfjajasldjJAJA\r\n - EXAMPLE
          - NTLMSSP
            NTLMSSP identifier: NTLMSSP
            NTLM Message Type: NTLMSSP_NEGOTIATE (0x00000001)
          -Flags: 0xa208b207 - estation send this flag

    3 - HTTP/1.0 407 Proxy Authentication Required , NTLMSSP_CHALLENGE (text/html)
     Proxy-Authenticate: NTLM TaljdflasjdfljasdlfjoqAJDFJQOWEURPOQWEURPQWEJKROQWEUFÇLAJSLFJASDLFJKQWEO........................
     NTLMSSP
        NTLMSSP identifier: NTLMSSP
        NTLM Message Type: NTLMSSP_CHALLENGE (0x00000002)
        .....
        Flags: 0xa2898205 - estation receive these flag from squid.
    
    4 - HTTP/1.1 , NTLMSSP_AUTH, User: Domain\User

2 - Unssucess Authentication (fakeauth_auth)

    1 - HTTP/1.0 407 Proxy Authentication Required (text/html)

    2 - GET http:/// HTTP/1.1 , NTLMSSP_NEGOTIATE
     -Proxy-Authorization: NTLM Taldjfpoa\sdfalsdmflasdflafajsdfjajasldjJAJA\r\n - EXAMPLE
          - NTLMSSP
            NTLMSSP identifier: NTLMSSP
            NTLM Message Type: NTLMSSP_NEGOTIATE (0x00000001)
          -Flags: 0xa208b207 - estation send this flag

    3 - HTTP/1.0 407 Proxy Authentication Required , NTLMSSP_CHALLENGE (text/html)
     Proxy-Authenticate: NTLM TaljdflasjdfljasdlfjoqAJDFJQOWEURPOQWEURPQWEJKROQWEUFÇLAJSLFJASDLFJKQWEO........................
     NTLMSSP
        NTLMSSP identifier: NTLMSSP
        NTLM Message Type: NTLMSSP_CHALLENGE (0x00000002)
        .....
        Flags: 0x00018205 - estation receive this flag from squid/fakeauth_auth.

    4 - Authetication Failed
    
    
    
    
As a test, I forced NTLMSSP_CHALLENGE FLAGS to be equal NTLMSSP_NEGOTIATE(0xa208b207) then it worked fine.

fakeauth_auth.c

void ntlmMakeChallenge(struct ntlm_challenge *chal, int32_t flags)
{
    static unsigned hash;
    int r;
    char *d;
    int i;

    debug("ntlmMakeChallenge: flg %08x\n", flags);

    memset(chal, 0, sizeof(*chal));
    memcpy(chal->hdr.signature, "NTLMSSP", 8);
    chal->flags = htole32(CHALLENGE_TARGET_IS_DOMAIN |
    NEGOTIATE_ALWAYS_SIGN |
    NEGOTIATE_USE_NTLM |
    NEGOTIATE_REQUEST_TARGET |
    (NEGOTIATE_UNICODE & flags ? NEGOTIATE_UNICODE : NEGOTIATE_ASCII)
    );
    // Testing purpose
    chal->flags = flags;

    chal->hdr.type = htole32(NTLM_CHALLENGE);
    chal->unknown[6] = htole16(0x003a);

    d = (char *) chal + 48;
    i = 0;

    if (authenticate_ntlm_domain != NULL)
    while (authenticate_ntlm_domain[i++]);

    chal->target.offset = htole32(48);
    chal->target.maxlen = htole16(i);
    chal->target.len = chal->target.maxlen;

    r = (int) rand();
    r = (hash ^ r) + r;

    for (i = 0; i < 8; i++) {
    chal->challenge[i] = r;
    r = (r>> 2) ^ r;
    }

    hash = r;
}

any idea?
_________________________________________________________________
Rediscover Hotmail®: Get e-mail storage that grows with you.
http://windowslive.com/RediscoverHotmail?ocid=TXT_TAGLM_WL_HM_Rediscover_Storage2_042009
Received on Mon Apr 27 2009 - 01:21:14 MDT

This archive was generated by hypermail 2.2.0 : Mon Apr 27 2009 - 12:00:02 MDT