ntlm_auth squid_2_5_basic password problem

Andrew Bartlett abartlet at samba.org
Wed Dec 24 03:31:08 GMT 2003

On Tue, 2003-12-23 at 04:40, M A Young wrote:
> I have discovered that ntlm_auth from samba 3.0 doesn't correctly
> authenticate a password with the '+' character in when the squid-2.5-basic
> helper protocol is used. I observed this when trying to authenticate from
> squid-2.5-STABLE4, so I suspect this is a genuine error. I have traced the
> problem to the rfc1738_unescape subroutine, which for some reason replaces
> '+' with ' '. As far as I can tell from rfc1738, it is completely legal to
> have an unescaped '+' sign in a password.

Hmm - this code was from SWAT originally - I'm quite happy to remove it,
but I need to find out why it thought there might be an unescaped + in
SWAT's input...

Make sure you assign me a bug in bugzilla, so I don't forget it.

Andrew Bartlett                                 abartlet at pcug.org.au
Manager, Authentication Subsystems, Samba Team  abartlet at samba.org
Student Network Administrator, Hawker College   abartlet at hawkerc.net
http://samba.org     http://build.samba.org     http://hawkerc.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba-technical/attachments/20031224/abc9014f/attachment.bin

More information about the samba-technical mailing list