The Samba-Bugzilla – Attachment 13942 Details for
Bug 10959
ntlm_auth doesn't work with accounts with spaces
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
Patch adds new squid helper format syntax and username encoding.
samba-ntlm-auth.patch (text/plain), 2.36 KB, created by
Pavel
on 2018-02-06 10:33:31 UTC
(
hide
)
Description:
Patch adds new squid helper format syntax and username encoding.
Filename:
MIME Type:
Creator:
Pavel
Created:
2018-02-06 10:33:31 UTC
Size:
2.36 KB
patch
obsolete
>--- a/source3/utils/ntlm_auth.c 2018-02-02 17:10:25.884991051 +0300 >+++ b/source3/utils/ntlm_auth.c 2018-02-05 10:15:19.727353118 +0300 >@@ -172,6 +172,7 @@ > static int use_cached_creds; > static int offline_logon; > static int opt_allow_mschapv2; >+static int use_kv_format; > > static const char *require_membership_of; > static const char *require_membership_of_sid; >@@ -1561,9 +1562,17 @@ > reply_arg = nt_errstr(nt_status); > DEBUG(1, ("GENSEC failed to retrieve the session info: %s\n", nt_errstr(nt_status))); > } else { >- >- reply_code = "AF"; >- reply_arg = talloc_strdup(state->gensec_state, session_info->unix_info->unix_name); >+ // The interface for all helpers has been extended to support arbitrary lists of key=value pairs, with the syntax key=value. >+ // For responses, the safe way is to either URL-escape, or to enclose the value in double_quotes ("); >+ if (use_kv_format) { >+ reply_code = "OK"; // AF is deprecated by OK >+ char* username = rfc1738_escape(NULL, session_info->unix_info->unix_name); >+ reply_arg = talloc_asprintf(state->gensec_state, "user=%s", username); >+ talloc_free(username); >+ } else { >+ reply_code = "AF"; >+ reply_arg = talloc_strdup(state->gensec_state, session_info->unix_info->unix_name); >+ } > if (reply_arg == NULL) { > reply_code = "BH out of memory"; > reply_arg = nt_errstr(NT_STATUS_NO_MEMORY); >@@ -2252,7 +2261,8 @@ > OPT_PAM_WINBIND_CONF, > OPT_TARGET_SERVICE, > OPT_TARGET_HOSTNAME, >- OPT_OFFLINE_LOGON >+ OPT_OFFLINE_LOGON, >+ OPT_USE_KV_FORMAT > }; > > int main(int argc, const char **argv) >@@ -2300,6 +2310,7 @@ > { "pam-winbind-conf", 0, POPT_ARG_STRING, &opt_pam_winbind_conf, OPT_PAM_WINBIND_CONF, "Require that request must set WBFLAG_PAM_CONTACT_TRUSTDOM when krb5 auth is required" }, > { "target-service", 0, POPT_ARG_STRING, &opt_target_service, OPT_TARGET_SERVICE, "Target service (eg http)" }, > { "target-hostname", 0, POPT_ARG_STRING, &opt_target_hostname, OPT_TARGET_HOSTNAME, "Target hostname" }, >+ { "use-kv-format", 0, POPT_ARG_NONE, &use_kv_format, OPT_USE_KV_FORMAT, "Use key-value format on reply"}, > POPT_COMMON_CONFIGFILE > POPT_COMMON_VERSION > POPT_COMMON_OPTION
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=13942">View the attachment on a separate page</a>.</b>
View Attachment As Raw
Actions:
View
Attachments on
bug 10959
: 13942