ntlm_auth squid_2_5_basic password problem
Christopher R. Hertel
crh at ubiqx.mn.org
Mon Dec 22 18:21:35 GMT 2003
On Mon, Dec 22, 2003 at 05:40:05PM +0000, M A Young wrote:
> I have discovered that ntlm_auth from samba 3.0 doesn't correctly
> authenticate a password with the '+' character in when the squid-2.5-basic
> helper protocol is used. I observed this when trying to authenticate from
> squid-2.5-STABLE4, so I suspect this is a genuine error. I have traced the
> problem to the rfc1738_unescape subroutine, which for some reason replaces
> '+' with ' '. As far as I can tell from rfc1738, it is completely legal to
> have an unescaped '+' sign in a password.
>
> Michael Young
There was a time, back in the early days of HTTP, when spaces were
replaced with plus signs in URI strings. This is still done in some cases
(apparently). I think that you are correct that this is no longer
standard practice (a quick look through RFC 2396, which updates 1738, does
not turn up anything about coverting spaces to plus signs). See:
http://www.ietf.org/rfc/rfc2396.txt
In 2396 the plus sign is listed as a reserved character, but is then added
to the allowed characters in several of the BNF right-hand-sides. The
password is generally encoded within the userinfo, and the plus sign is
permitted there:
userinfo = *( unreserved | escaped | ";" | ":" | "&" | "=" | "+" | "$" | "," )
...so it should not need to be escaped.
Sounds like the conversion between '+' and ' ' is a throw-back.
Chris -)-----
--
"Implementing CIFS - the Common Internet FileSystem" ISBN: 013047116X
Samba Team -- http://www.samba.org/ -)----- Christopher R. Hertel
jCIFS Team -- http://jcifs.samba.org/ -)----- ubiqx development, uninq.
ubiqx Team -- http://www.ubiqx.org/ -)----- crh at ubiqx.mn.org
OnLineBook -- http://ubiqx.org/cifs/ -)----- crh at ubiqx.org
More information about the samba-technical
mailing list