FW: mod_auth_ntlm_winbind

Dmitry Andrianov dimas at dataart.com
Mon Mar 12 13:42:56 GMT 2007 

Dear list,

Andrew Bartlett suggested me to email this list instead of sending
patches to him directly. 

So this is what I'm doing :=)

 

Regards,

Dmitry Andrianov

 

From: Dmitry Andrianov 
Sent: Saturday, March 03, 2007 2:58 PM
To: 'lmuelle at samba.org'; 'abartlet at samba.org'
Subject: mod_auth_ntlm_winbind

 

Hello.

First of all, sorry if I'm contacting wrong persons - I took your emails
from list of committers  to mod_auth_ntlm_winbind SVN repository.

 

I started playing with subject yesterday and think I found couple of
small things which should be fixed. I have attached the patch - please
take a look at it.

Basically there are three really small changes:

1.       Typo in the README saying you should use -with-httpd although
real option is -with-apache

2.       There is some support in the code for 'BH' helper response
(helper busted) but this check only happens at very end while check that
there some arguments after the initial two letter code is at the
beginning. On my system I do not have Kerberos and ntlm_auth with
--helper-protocol=gss-spnego replies with BH<CR> only - no following
space, no extra text. As result, mod_auth_ntlm_winbind error message is
somewhat misleading instead of expected "helper busted" and it takes
some time to dig through the code to understand what happened. So I
reorganized order of checks a little to make sure it understands even
argument-less BH

3.       Data what is sent to helper was logged only for Apache 2
(APACHE2 ) and not for 1.x, so I reordered that stuff a little too

 

Also, I have noticed one strange thing - when attempting plaintext auth
(basic) mod_auth_ntlm_winbind sends login&password to helper as-is. At
the same time, the helper (at least as of Samba 3.0.24) expect
parameters to be URL-encoded. While it is ok for alphanumeric, I wonder
how this thing should work if login has spaces or password has sign?

 

Regards,

Dmitry Andrianov

-------------- next part --------------
A non-text attachment was scrubbed...
Name: mod.patch.1
Type: application/octet-stream
Size: 5441 bytes
Desc: mod.patch.1
Url : http://lists.samba.org/archive/samba-technical/attachments/20070312/eee057e8/mod.patch.obj

More information about the samba-technical mailing list