View | Details | Raw Unified | Return to bug 32183
Collapse All | Expand All

(-)squid_ldap_ntlm_auth (-8 / +19 lines)
 Lines 505-517    Link Here 
505
505
506
	return tt, challenge
506
	return tt, challenge
507
507
508
# YR TlRMTVNTUAABAAAAB7IIogUABQAsAAAABAAEACgAAAAFASgKAAAAD1RFU1RTUVVJRJ==
508
def ntlmType(data):
509
def ntlmTypeOne(data):
510
509
511
	if options.debug:
510
	if options.debug:
512
		debug("NTLM Type 1 Message: ")
511
		debug("Checking NTLM Type: ")
513
512
514
	data = data.replace("YR ", "", 1)
513
	if data.startswith("YR "):
514
		data = data.replace("YR ", "", 1)
515
	elif data.startswith("KK "):
516
		data = data.replace("KK ", "", 1)
517
515
	signature = ""
518
	signature = ""
516
	type = ""
519
	type = ""
517
	flags = ""
520
	flags = ""
 Lines 530-538    Link Here 
530
	except:
533
	except:
531
		pass
534
		pass
532
535
533
	if signature.startswith("NTLMSSP") and type == 1:
536
	if signature.startswith("NTLMSSP") and type:
534
		return True
537
		return type
535
	return False
538
	return 0
536
539
537
# tests
540
# tests
538
541
 Lines 627-637    Link Here 
627
630
628
		if data:
631
		if data:
629
			if data.startswith("YR "): 
632
			if data.startswith("YR "): 
630
				if ntlmTypeOne(data):
633
				ntype = ntlmType(data)
634
				if ntype == 1:
631
					try:
635
					try:
632
						answer, challenge = createNtlmTypeTwo()
636
						answer, challenge = createNtlmTypeTwo()
633
					except Exception, e:
637
					except Exception, e:
634
						answer = "BH failed to createNtlmTypeTwo(): %s" % e
638
						answer = "BH failed to createNtlmTypeTwo(): %s" % e
639
				# office 2013 workaround
640
				elif ntype == 3:
641
					try:
642
						data = data.replace("YR ", "", 1)
643
						answer = verifyNtlmTypeThree(data, challenge)
644
					except Exception, e:
645
						answer = "BH failed to verifyNtlmTypeThree(): %s" % e
635
				else:
646
				else:
636
					if options.debug:
647
					if options.debug:
637
						debug("negotiate kerberos authentication" + data)
648
						debug("negotiate kerberos authentication" + data)

Return to bug 32183