Hi Amos,
So in this case the Samba ntlm_auth helper would need to escape the
output. Does the Samba team know ? I use
ntlm_auth -V
Version 3.6.12-59.13.1-3108-SUSE-SL12.3-x86_64
Markus
"Amos Jeffries" wrote in message news:52B8F0F8.603_at_treenet.co.nz...
On 24/12/2013 6:59 a.m., Markus Moeller wrote:
> Hi Amos,
>
> Which helper has to do which rfc1738_(un)escape ?
The helper which is generating the response needs to encode. The helepr
which is consuming the response from Squid needs to un-encode.
> I am running the
> negotiate wrapper with NTLM and Kerberos. When I authenticate with NTLM
> I see the following in the log
>
> 2013/12/23 17:45:48| negotiate_wrapper: received type 3 NTLM token
> 2013/12/23 17:45:48| negotiate_wrapper: Return 'AF = WIN2003R2\mm
> '
>
> But my external helper does not get the \. Does the wrapper need to
> escape the return value ( I would have thought the wrapper just forwards
> waht is gets from the real auth helper) ?
Yes, I expect the same. The helper being run by the wrapper should be
doing that encode/decode work.
>
> kerberos_ldap_group.cc(329): pid=16122 :2013/12/23 17:45:58|
> kerberos_ldap_group: MM: Got User: WIN2003R2mm
Squid-3.4 is hitting a bug in the word tokenizer where it decodes
\-escaped characters outside of quoted strings.
You could perhapse workaround this by doing the old->new helper response
format conversion in the worker.
Amos
Received on Tue Dec 24 2013 - 12:20:06 MST
This archive was generated by hypermail 2.2.0 : Tue Dec 24 2013 - 12:00:05 MST