summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorKai Blin <kai@samba.org>2008-03-19 23:32:38 +0100
committerKai Blin <kai@samba.org>2008-03-19 23:49:43 +0100
commitb6ab1c4061f6d7c715aa8b9a038dff5ab9016f6a (patch)
tree6136062fa2bf0a2a6f9e5a2d1e6c22f2d2983dcb
parentbb1b4403b4078f0b1c2a0c45acfc6bf8a60a7abc (diff)
downloadsamba-b6ab1c4061f6d7c715aa8b9a038dff5ab9016f6a.tar.gz
samba-b6ab1c4061f6d7c715aa8b9a038dff5ab9016f6a.tar.bz2
samba-b6ab1c4061f6d7c715aa8b9a038dff5ab9016f6a.zip
ntlm_auth: Improve compliance to the Squid helper protocol
This fixes bug #4235. Patch from Pawel Worach <pawel.worach@gmail.com> with some linebreaks added by me. Also fix one BH message that the original patch didn't fix. (This used to be commit 098380760d20bad2a45c3b12ab2a5e4d2b856175)
-rw-r--r--source3/utils/ntlm_auth.c75
1 files changed, 44 insertions, 31 deletions
diff --git a/source3/utils/ntlm_auth.c b/source3/utils/ntlm_auth.c
index df2bf9753b..e313d62d02 100644
--- a/source3/utils/ntlm_auth.c
+++ b/source3/utils/ntlm_auth.c
@@ -717,7 +717,7 @@ static void manage_squid_ntlmssp_request(struct ntlm_auth_state *state,
if (strlen(buf) < 2) {
DEBUG(1, ("NTLMSSP query [%s] invalid", buf));
- x_fprintf(x_stdout, "BH\n");
+ x_fprintf(x_stdout, "BH NTLMSSP query invalid\n");
return;
}
@@ -744,7 +744,7 @@ static void manage_squid_ntlmssp_request(struct ntlm_auth_state *state,
if (opt_password == NULL) {
DEBUG(1, ("Out of memory\n"));
- x_fprintf(x_stdout, "BH\n");
+ x_fprintf(x_stdout, "BH Out of memory\n");
data_blob_free(&request);
return;
}
@@ -786,7 +786,7 @@ static void manage_squid_ntlmssp_request(struct ntlm_auth_state *state,
return;
} else {
DEBUG(1, ("NTLMSSP query [%s] invalid", buf));
- x_fprintf(x_stdout, "BH\n");
+ x_fprintf(x_stdout, "BH NTLMSSP query invalid\n");
return;
}
@@ -853,7 +853,7 @@ static void manage_client_ntlmssp_request(struct ntlm_auth_state *state,
if (strlen(buf) < 2) {
DEBUG(1, ("NTLMSSP query [%s] invalid", buf));
- x_fprintf(x_stdout, "BH\n");
+ x_fprintf(x_stdout, "BH NTLMSSP query invalid\n");
return;
}
@@ -879,7 +879,7 @@ static void manage_client_ntlmssp_request(struct ntlm_auth_state *state,
if (opt_password == NULL) {
DEBUG(1, ("Out of memory\n"));
- x_fprintf(x_stdout, "BH\n");
+ x_fprintf(x_stdout, "BH Out of memory\n");
data_blob_free(&request);
return;
}
@@ -945,7 +945,7 @@ static void manage_client_ntlmssp_request(struct ntlm_auth_state *state,
return;
} else {
DEBUG(1, ("NTLMSSP query [%s] invalid", buf));
- x_fprintf(x_stdout, "BH\n");
+ x_fprintf(x_stdout, "BH NTLMSSP query invalid\n");
return;
}
@@ -1087,7 +1087,7 @@ static void offer_gss_spnego_mechs(void) {
if (len == -1) {
DEBUG(1, ("Could not write SPNEGO data blob\n"));
- x_fprintf(x_stdout, "BH\n");
+ x_fprintf(x_stdout, "BH Could not write SPNEGO data blob\n");
return;
}
@@ -1119,7 +1119,7 @@ static void manage_gss_spnego_request(struct ntlm_auth_state *state,
if (strlen(buf) < 2) {
DEBUG(1, ("SPENGO query [%s] invalid", buf));
- x_fprintf(x_stdout, "BH\n");
+ x_fprintf(x_stdout, "BH SPENGO query invalid\n");
return;
}
@@ -1130,7 +1130,7 @@ static void manage_gss_spnego_request(struct ntlm_auth_state *state,
;
} else {
DEBUG(1, ("SPENGO query [%s] invalid", buf));
- x_fprintf(x_stdout, "BH\n");
+ x_fprintf(x_stdout, "BH SPENGO query invalid\n");
return;
}
@@ -1147,7 +1147,7 @@ static void manage_gss_spnego_request(struct ntlm_auth_state *state,
if (strlen(buf) <= 3) {
DEBUG(1, ("GSS-SPNEGO query [%s] invalid\n", buf));
- x_fprintf(x_stdout, "BH\n");
+ x_fprintf(x_stdout, "BH GSS-SPNEGO query invalid\n");
return;
}
@@ -1157,7 +1157,7 @@ static void manage_gss_spnego_request(struct ntlm_auth_state *state,
if (len == -1) {
DEBUG(1, ("GSS-SPNEGO query [%s] invalid", buf));
- x_fprintf(x_stdout, "BH\n");
+ x_fprintf(x_stdout, "BH GSS-SPNEGO query invalid\n");
return;
}
@@ -1169,7 +1169,8 @@ static void manage_gss_spnego_request(struct ntlm_auth_state *state,
if ( (request.negTokenInit.mechTypes == NULL) ||
(request.negTokenInit.mechTypes[0] == NULL) ) {
DEBUG(1, ("Client did not offer any mechanism"));
- x_fprintf(x_stdout, "BH\n");
+ x_fprintf(x_stdout, "BH Client did not offer any "
+ "mechanism\n");
return;
}
@@ -1177,15 +1178,18 @@ static void manage_gss_spnego_request(struct ntlm_auth_state *state,
if (strcmp(request.negTokenInit.mechTypes[0], OID_NTLMSSP) == 0) {
if ( request.negTokenInit.mechToken.data == NULL ) {
- DEBUG(1, ("Client did not provide NTLMSSP data\n"));
- x_fprintf(x_stdout, "BH\n");
+ DEBUG(1, ("Client did not provide NTLMSSP data\n"));
+ x_fprintf(x_stdout, "BH Client did not provide "
+ "NTLMSSP data\n");
return;
}
if ( ntlmssp_state != NULL ) {
DEBUG(1, ("Client wants a new NTLMSSP challenge, but "
"already got one\n"));
- x_fprintf(x_stdout, "BH\n");
+ x_fprintf(x_stdout, "BH Client wants a new "
+ "NTLMSSP challenge, but "
+ "already got one\n");
ntlmssp_end(&ntlmssp_state);
return;
}
@@ -1219,7 +1223,8 @@ static void manage_gss_spnego_request(struct ntlm_auth_state *state,
if ( request.negTokenInit.mechToken.data == NULL ) {
DEBUG(1, ("Client did not provide Kerberos data\n"));
- x_fprintf(x_stdout, "BH\n");
+ x_fprintf(x_stdout, "BH Client did not provide "
+ "Kerberos data\n");
return;
}
@@ -1245,7 +1250,9 @@ static void manage_gss_spnego_request(struct ntlm_auth_state *state,
if (domain == NULL) {
DEBUG(1, ("Did not get a valid principal "
"from ads_verify_ticket\n"));
- x_fprintf(x_stdout, "BH\n");
+ x_fprintf(x_stdout, "BH Did not get a "
+ "valid principal from "
+ "ads_verify_ticket\n");
return;
}
@@ -1268,13 +1275,15 @@ static void manage_gss_spnego_request(struct ntlm_auth_state *state,
is the only one we support that sends this stuff */
DEBUG(1, ("Got a negTokenTarg for something non-NTLMSSP: %s\n",
request.negTokenTarg.supportedMech));
- x_fprintf(x_stdout, "BH\n");
+ x_fprintf(x_stdout, "BH Got a negTokenTarg for "
+ "something non-NTLMSSP\n");
return;
}
if (request.negTokenTarg.responseToken.data == NULL) {
DEBUG(1, ("Got a negTokenTarg without a responseToken!\n"));
- x_fprintf(x_stdout, "BH\n");
+ x_fprintf(x_stdout, "BH Got a negTokenTarg without a "
+ "responseToken!\n");
return;
}
@@ -1312,7 +1321,7 @@ static void manage_gss_spnego_request(struct ntlm_auth_state *state,
if (!reply_argument) {
DEBUG(1, ("Could not write SPNEGO data blob\n"));
- x_fprintf(x_stdout, "BH\n");
+ x_fprintf(x_stdout, "BH Could not write SPNEGO data blob\n");
return;
}
@@ -1324,7 +1333,7 @@ static void manage_gss_spnego_request(struct ntlm_auth_state *state,
if (len == -1) {
DEBUG(1, ("Could not write SPNEGO data blob\n"));
- x_fprintf(x_stdout, "BH\n");
+ x_fprintf(x_stdout, "BH Could not write SPNEGO data blob\n");
return;
}
@@ -1414,7 +1423,7 @@ static void manage_client_ntlmssp_targ(SPNEGO_DATA spnego)
if (client_ntlmssp_state == NULL) {
DEBUG(1, ("Got NTLMSSP tArg without a client state\n"));
- x_fprintf(x_stdout, "BH\n");
+ x_fprintf(x_stdout, "BH Got NTLMSSP tArg without a client state\n");
return;
}
@@ -1438,7 +1447,8 @@ static void manage_client_ntlmssp_targ(SPNEGO_DATA spnego)
DEBUG(1, ("Expected MORE_PROCESSING_REQUIRED from "
"ntlmssp_client_update, got: %s\n",
nt_errstr(status)));
- x_fprintf(x_stdout, "BH\n");
+ x_fprintf(x_stdout, "BH Expected MORE_PROCESSING_REQUIRED from "
+ "ntlmssp_client_update\n");
data_blob_free(&request);
ntlmssp_end(&client_ntlmssp_state);
return;
@@ -1556,7 +1566,8 @@ static void manage_client_krb5_targ(SPNEGO_DATA spnego)
switch (spnego.negTokenTarg.negResult) {
case SPNEGO_ACCEPT_INCOMPLETE:
DEBUG(1, ("Got a Kerberos negTokenTarg with ACCEPT_INCOMPLETE\n"));
- x_fprintf(x_stdout, "BH\n");
+ x_fprintf(x_stdout, "BH Got a Kerberos negTokenTarg with "
+ "ACCEPT_INCOMPLETE\n");
break;
case SPNEGO_ACCEPT_COMPLETED:
DEBUG(10, ("Accept completed\n"));
@@ -1588,7 +1599,7 @@ static void manage_gss_spnego_client_request(struct ntlm_auth_state *state,
if (strlen(buf) <= 3) {
DEBUG(1, ("SPNEGO query [%s] too short\n", buf));
- x_fprintf(x_stdout, "BH\n");
+ x_fprintf(x_stdout, "BH SPNEGO query too short\n");
return;
}
@@ -1602,7 +1613,7 @@ static void manage_gss_spnego_client_request(struct ntlm_auth_state *state,
if (opt_password == NULL) {
DEBUG(1, ("Out of memory\n"));
- x_fprintf(x_stdout, "BH\n");
+ x_fprintf(x_stdout, "BH Out of memory\n");
data_blob_free(&request);
return;
}
@@ -1616,7 +1627,7 @@ static void manage_gss_spnego_client_request(struct ntlm_auth_state *state,
(strncmp(buf, "AF ", 3) != 0) &&
(strncmp(buf, "NA ", 3) != 0) ) {
DEBUG(1, ("SPNEGO request [%s] invalid\n", buf));
- x_fprintf(x_stdout, "BH\n");
+ x_fprintf(x_stdout, "BH SPNEGO request invalid\n");
data_blob_free(&request);
return;
}
@@ -1629,7 +1640,7 @@ static void manage_gss_spnego_client_request(struct ntlm_auth_state *state,
if (len == -1) {
DEBUG(1, ("Could not read SPNEGO data for [%s]\n", buf));
- x_fprintf(x_stdout, "BH\n");
+ x_fprintf(x_stdout, "BH Could not read SPNEGO data\n");
return;
}
@@ -1658,7 +1669,7 @@ static void manage_gss_spnego_client_request(struct ntlm_auth_state *state,
}
DEBUG(1, ("Server offered no compatible mechanism\n"));
- x_fprintf(x_stdout, "BH\n");
+ x_fprintf(x_stdout, "BH Server offered no compatible mechanism\n");
return;
}
@@ -1680,7 +1691,9 @@ static void manage_gss_spnego_client_request(struct ntlm_auth_state *state,
DEBUG(1, ("Got a negTokenTarg with no mech and an "
"unknown negResult: %d\n",
spnego.negTokenTarg.negResult));
- x_fprintf(x_stdout, "BH\n");
+ x_fprintf(x_stdout, "BH Got a negTokenTarg with"
+ " no mech and an unknown "
+ "negResult\n");
}
ntlmssp_end(&client_ntlmssp_state);
@@ -1704,7 +1717,7 @@ static void manage_gss_spnego_client_request(struct ntlm_auth_state *state,
}
DEBUG(1, ("Got an SPNEGO token I could not handle [%s]!\n", buf));
- x_fprintf(x_stdout, "BH\n");
+ x_fprintf(x_stdout, "BH Got an SPNEGO token I could not handle\n");
return;
out: