From d850d8eeefd035925cca584a136b4b646de93b2a Mon Sep 17 00:00:00 2001
From: Amos Jeffries <squid3@treenet.co.nz>
Date: Sat, 22 Sep 2012 23:31:12 +1200
Subject: [PATCH] Update NTLM and Negotiate TT result code handlers to use
 token=

---
 src/HelperReply.cc                | 4 ++++
 src/auth/negotiate/UserRequest.cc | 6 +++---
 src/auth/ntlm/UserRequest.cc      | 4 ++--
 3 files changed, 9 insertions(+), 5 deletions(-)

diff --git a/src/HelperReply.cc b/src/HelperReply.cc
index 24a67646d2..cfd7015627 100644
--- a/src/HelperReply.cc
+++ b/src/HelperReply.cc
@@ -34,6 +34,10 @@ HelperReply::HelperReply(const char *buf, size_t len, bool urlQuoting) :
             // NTLM challenge token
             result = HelperReply::TT;
             p+=2;
+            // followed by an auth token
+            char *token = strwordtok(NULL, &p);
+            authToken.init();
+            authToken.append(token, strlen(token));
         } else if (!strncmp(p,"AF ",3)) {
             // NTLM/Negotate OK response
             result = HelperReply::OK;
diff --git a/src/auth/negotiate/UserRequest.cc b/src/auth/negotiate/UserRequest.cc
index 24ae06081e..530fc90836 100644
--- a/src/auth/negotiate/UserRequest.cc
+++ b/src/auth/negotiate/UserRequest.cc
@@ -281,13 +281,13 @@ Auth::Negotiate::UserRequest::HandleReply(void *data, const HelperReply &reply)
         safe_free(lm_request->server_blob);
         lm_request->request->flags.must_keepalive = 1;
         if (lm_request->request->flags.proxy_keepalive) {
-            lm_request->server_blob = xstrdup(blob);
+            lm_request->server_blob = xstrdup(reply.authToken.content());
             auth_user_request->user()->credentials(Auth::Handshake);
             auth_user_request->denyMessage("Authentication in progress");
-            debugs(29, 4, HERE << "Need to challenge the client with a server blob '" << blob << "'");
+            debugs(29, 4, HERE << "Need to challenge the client with a server token: '" << reply.authToken << "'");
         } else {
             auth_user_request->user()->credentials(Auth::Failed);
-            auth_user_request->denyMessage("NTLM authentication requires a persistent connection");
+            auth_user_request->denyMessage("Negotiate authentication requires a persistent connection");
         }
         break;
 
diff --git a/src/auth/ntlm/UserRequest.cc b/src/auth/ntlm/UserRequest.cc
index e613207b12..8e93846082 100644
--- a/src/auth/ntlm/UserRequest.cc
+++ b/src/auth/ntlm/UserRequest.cc
@@ -265,10 +265,10 @@ Auth::Ntlm::UserRequest::HandleReply(void *data, const HelperReply &reply)
         safe_free(lm_request->server_blob);
         lm_request->request->flags.must_keepalive = 1;
         if (lm_request->request->flags.proxy_keepalive) {
-            lm_request->server_blob = xstrdup(blob);
+            lm_request->server_blob = xstrdup(reply.authToken.content());
             auth_user_request->user()->credentials(Auth::Handshake);
             auth_user_request->denyMessage("Authentication in progress");
-            debugs(29, 4, HERE << "Need to challenge the client with a server blob '" << blob << "'");
+            debugs(29, 4, HERE << "Need to challenge the client with a server token: '" << reply.authToken << "'");
         } else {
             auth_user_request->user()->credentials(Auth::Failed);
             auth_user_request->denyMessage("NTLM authentication requires a persistent connection");
-- 
2.47.3