From: Elmar Vonlanthen <Elmar.Vonlanthen@united-security-providers.ch>
Date: Thu, 24 Oct 2013 15:24:01 +0000 (-0600)
Subject: ntlm_fake_auth: pass DOMAIN data to Squid in original case
X-Git-Tag: SQUID_3_3_10~13
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=43508fbdb175fada4454ac5ac33aeb3e77165e82;p=thirdparty%2Fsquid.git

ntlm_fake_auth: pass DOMAIN data to Squid in original case

Lower-casing the domain field can cause base ACL match results if the
ACL is checking for case-sensitive or upper-case domain label.

The helper should be emitting the standard UPPER case domain and many
administrators will be expecting that when they write ACLs.
---

diff --git a/helpers/ntlm_auth/fake/ntlm_fake_auth.cc b/helpers/ntlm_auth/fake/ntlm_fake_auth.cc
index a7bf0732fb..c8ec4de987 100644
--- a/helpers/ntlm_auth/fake/ntlm_fake_auth.cc
+++ b/helpers/ntlm_auth/fake/ntlm_fake_auth.cc
@@ -224,7 +224,6 @@ main(int argc, char *argv[])
             } else if (ntlm_validate_packet(packet, NTLM_AUTHENTICATE) == NTLM_ERR_NONE) {
                 if (ntlm_unpack_auth((ntlm_authenticate *)packet, user, domain, decodedLen) == NTLM_ERR_NONE) {
                     lc(user);
-                    lc(domain);
                     if (strip_domain_enabled) {
                         SEND2("AF %s", user);
                     } else {
@@ -232,7 +231,6 @@ main(int argc, char *argv[])
                     }
                 } else {
                     lc(user);
-                    lc(domain);
                     SEND4("NA invalid credentials, user=%s%s%s", domain, (*domain?"\\":""), user);
                 }
             } else {