I posted to the users list last week regarding Squid 3.2.3 breaking
Negotiate NTLM authentication. My original report was slightly
inaccurate - it looks like the regression was introduced between 3.1.22
and 3.2.0.1.
I've been investigating this today using Squid 3.2.3 and found that the
problem is that when Auth::Negotiate::Config::fixHeader() is called,
authenticateProgram is unset. However, in
Auth::Negotiate::Config::decode() is is correctly set.
There appear to be two instances of the Auth::Negotiate::Config object:
- One instance is instantiated at the top of
src/auth/negotiate/auth_negotiate.cc as negotiateConfig and this does
_not_ have authenticateProgram set. This is the instance for which
fixHeader() is called.
- One instance is instantiated elsewhere and has authenticateProgram
set. This is the instance for which decode() is called.
Unfortunately, comparing the code between 3.1.20 (which works correctly)
and 3.2.3 (which is broken), I can't see where authenticateProgram
should be set in the negotiateConfig instance. In fact, I don't
understand why there are two instances of this object in the first place?
--
- Steve Hill
Technical Director
Opendium Limited http://www.opendium.com
Direct contacts:
Instant messager: xmpp:[email protected]
Email: [email protected]
Phone: sip:[email protected]
Sales / enquiries contacts:
Email: [email protected]
Phone: +44-844-9791439 / sip:[email protected]
Support contacts:
Email: [email protected]
Phone: +44-844-4844916 / sip:[email protected]
