From: hno <>
Date: Wed, 4 Jul 2007 06:55:31 +0000 (+0000)
Subject: Bug #2008: Work around clients trying to use NTLM or Negotiate without persistent... 
X-Git-Tag: SQUID_3_0_PRE7~171
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=63a05fa3d20a15ec5f91d8b127f25136982fa2c7;p=thirdparty%2Fsquid.git

Bug #2008: Work around clients trying to use NTLM or Negotiate without persistent connections

This patch forces a fallback on Basic/Digest if the client attempts
to use NTLM or Negotiate without having a persistent connection.
---

diff --git a/src/auth/ntlm/auth_ntlm.cc b/src/auth/ntlm/auth_ntlm.cc
index 86d403e587..6c899b83eb 100644
--- a/src/auth/ntlm/auth_ntlm.cc
+++ b/src/auth/ntlm/auth_ntlm.cc
@@ -1,6 +1,6 @@
 
 /*
- * $Id: auth_ntlm.cc,v 1.70 2007/05/29 13:31:46 amosjeffries Exp $
+ * $Id: auth_ntlm.cc,v 1.71 2007/07/04 00:55:31 hno Exp $
  *
  * DEBUG: section 29    NTLM Authenticator
  * AUTHOR: Robert Collins, Henrik Nordstrom, Francesco Chemolli
@@ -268,6 +268,10 @@ AuthNTLMConfig::fixHeader(AuthUserRequest *auth_user_request, HttpReply *rep, ht
     if (!authenticate)
         return;
 
+    /* Need keep-alive */
+    if (!request->flags.proxy_keepalive && request->flags.must_keepalive)
+	return;
+
     /* New request, no user details */
     if (auth_user_request == NULL) {
         debugs(29, 9, "AuthNTLMConfig::fixHeader: Sending type:" << type << " header: 'NTLM'");
@@ -383,7 +387,7 @@ authenticateNTLMHandleReply(void *data, void *lastserver, char *reply)
         safe_free(ntlm_request->server_blob);
         ntlm_request->server_blob = xstrdup(blob);
         ntlm_request->auth_state = AUTHENTICATE_STATE_IN_PROGRESS;
-        auth_user_request->denyMessage("Authenication in progress");
+        auth_user_request->denyMessage("Authentication in progress");
         debugs(29, 4, "authenticateNTLMHandleReply: Need to challenge the client with a server blob '" << blob << "'");
         result = S_HELPER_RESERVE;
     } else if (strncasecmp(reply, "AF ", 3) == 0) {
@@ -599,6 +603,13 @@ AuthNTLMUserRequest::authenticate(HttpRequest * request, ConnStateData::Pointer
         return;
     }
 
+    if (!request->flags.proxy_keepalive) {
+        debugs(29, 2, "AuthNTLMUserRequest::authenticate: attempt to perform authentication without a persistent connection!");
+        auth_state = AUTHENTICATE_STATE_FAILED;
+	request->flags.must_keepalive = 1;
+        return;
+    }
+
     if (waiting) {
         debugs(29, 1, "AuthNTLMUserRequest::authenticate: waiting for helper reply!");
         return;