|
Hi all,
I'm running squidguard 1.2 (without
patch) with squid 2.5-stable12 and samba 3. I was having many troubles with
the authentication ( ntlm_auth helper with basic and ntlm authentication module
) on the domain controller (windows nt domain). After some test i noticed
the error was due to squid passing the username, usually in the form
"domain\username", escaped as "domain%5cusername" ( a new feature added to squid
to be compliant with rfc1738 ). So squidguard, not doing
unescaping, didn't authenticate and filter appropriately. I tried to search
in the archive for the problem, but i couldn't find anything about. There is any
working patch around ? The quickest solution i found was to use the routine
"rfc1738_unescape" in the file squid-2.5.STABLE12/lib/rfc1738.c to add the
unescape feature to squidguard. I added only the unescape of the username, maybe
is necessary also for the url passed from squid ? I hadn't time to do any
test....
I know there are better solution, but i was in a
hurry :).
Thank you for any help and excuse my poor
english.
Here is the patch i applied:
---
y.tab.c.orig 2005-11-16
11:59:10.032930379 +0100
+++ y.tab.c 2005-11-16 11:48:47.785562633 +0100 @@ -202,6 +202,37 @@ int numSource = 0; +void rfc1738_unescape(char *); +void +rfc1738_unescape(char *s) +{ + char hexnum[3]; + int i, j; /* i is write, j is read */ + unsigned int x; + for (i = j = 0; s[j]; i++, j++) { + s[i] = s[j]; + if (s[i] != '%') + continue; + if (s[j + 1] == '%') { /* %% case */ + j++; + continue; + } + if (s[j + 1] && s[j + 2]) { + if (s[j + 1] == '0' && s[j + 2] == '0') { /* %00 case */ + j += 2; + continue; + } + hexnum[0] = s[j + 1]; + hexnum[1] = s[j + 2]; + hexnum[2] = '\0'; + if (1 == sscanf(hexnum, "%x", &x)) { + s[i] = (char) (0x0ff & x); + j += 2; + } + } + } + s[i] = '\0'; +} /* Enabling traces. */ @@ -2361,6 +2392,7 @@ if(*ident == '\0') founduser = 0; else + rfc1738_unescape(ident); if(defined(s->userDb, ident, (char **) &userquota) == 1){ founduser = 1; unblockeduser = 1; |
