It shouldn't do this. From a post to the list by Andrew Bartlett: I noticed doing some work in master that the current rfc1738_unescape() has: while ((p=strchr(p,'+'))) *p = ' '; As far as I can see, this was merged incorrectly from Samba4 when the string util code was brought back in common in Nov last year. The Samba3 code is deliberately missing this loop, with this loop move to SWAT specificity. Anyway, the long and the short of it is that ntlm_auth uses rfc1738_unescape(), and when Squid calls the plaintext ntlm_auth helpers, it does not replace space characters with +, so this merge (I suspect) breaks squid. I'm importing a full rfc1738 decode and encode implementation from squid, but a patch to 3.4 may wish to just remove those lines.
Created attachment 4907 [details] git-am format patch for 3.4.4.
3.2.x is not affected by this. Jeremy.
Re-assigning to Karolin for inclusion in 3.4.4. Jeremy.
is 3.3.x affected?
No, 3.3.x is not affected as it looks like the bad code was added in the 3.4 -> Samba4 merge. Jeremy.
Getting some reviewers so this can get pushed for 3.4.4. Jeremy.
Comment on attachment 4907 [details] git-am format patch for 3.4.4. Andrew can you ack that one...
I'm happy to ack that this puts things back how they were before the dud merge.
Pushed to v3-4-test. Closing out bug report. Thanks!