Thanks to Serassio Guido for noticing issues in our Squid NTLMSSP

implementation.  We were not resetting the NTLMSSP state for new
negotiate packets.

Andrew Bartlett
(This used to be commit e0a026c9b561893e5534923b18ca748e6177090e)

1 files changed, 9 insertions, 4 deletions

diff --git a/source3/utils/ntlm_auth.c b/source3/utils/ntlm_auth.c
index 4461f163dd..b2450ffd0c 100644
--- a/source3/utils/ntlm_auth.c
+++ b/source3/utils/ntlm_auth.c
@@ -340,18 +340,23 @@ static void manage_squid_ntlmssp_request(enum stdio_helper_mode stdio_helper_mod
 		return;
 	}
 
-	if (strlen(buf) > 3) {
-		request = base64_decode_data_blob(buf + 3);
-	} else if (strcmp(buf, "YR") == 0) {
-		request = data_blob(NULL, 0);
+	if (strncmp(buf, "YR", 2) == 0) {
 		if (ntlmssp_state)
 			ntlmssp_end(&ntlmssp_state);
+	} else if (strncmp(buf, "KK", 2) == 0) {
+		
 	} else {
 		DEBUG(1, ("NTLMSSP query [%s] invalid", buf));
 		x_fprintf(x_stdout, "BH\n");
 		return;
 	}
 
+	if (strlen(buf) > 3) {
+		request = base64_decode_data_blob(buf + 3);
+	} else {
+		request = data_blob(NULL, 0);
+	}
+
 	if (!ntlmssp_state) {
 		ntlmssp_server_start(&ntlmssp_state);
 		ntlmssp_state->check_password = winbind_pw_check;