916 – ntlm_auth squid_2_5_basic problem with passwords containing '+'

Bug 916 - ntlm_auth squid_2_5_basic problem with passwords containing '+'

Summary: ntlm_auth squid_2_5_basic problem with passwords containing '+'

Status:	CLOSED FIXED

Alias:	None

Product:	Samba 3.0
Classification:	Unclassified
Component:	ntlm_auth tool (show other bugs)
Version:	3.0.1
Hardware:	Other other

Importance:	P3 normal
Target Milestone:	none
Assignee:	Andrew Bartlett
QA Contact:

URL:
Keywords:

Depends on:
Blocks:

Reported:	2003-12-24 01:22 UTC by Michael Young
Modified:	2005-08-24 10:23 UTC (History)
CC List:	0 users

See Also:

Attachments
Don't replace + with ' ' for ntlm_auth (1.92 KB, patch) 2003-12-24 01:49 UTC, Andrew Bartlett	no flags	Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Michael Young 2003-12-24 01:22:01 UTC

I have discovered that ntlm_auth from samba 3.0 doesn't correctly
authenticate a password containing the '+' character when the squid-2.5-basic
helper protocol is used. I observed this when trying to authenticate from
squid-2.5-STABLE4, so I suspect this is a genuine error. I have traced the
problem to the rfc1738_unescape subroutine, which for some reason replaces
'+' with ' '. As far as I can tell from rfc1738, it is completely legal to
have an unescaped '+' sign in a password.

Comment 1 Andrew Bartlett 2003-12-24 01:49:42 UTC

Created attachment 339 [details]
Don't replace + with ' ' for ntlm_auth

This is the patch I propose for this, I need to test both SWAT and ntlm_auth
before I commit

Comment 2 Andrew Bartlett 2003-12-25 01:37:59 UTC

Patch applied.

Comment 3 Gerald (Jerry) Carter (dead mail address) 2005-08-24 10:23:47 UTC

sorry for the same, cleaning up the database to prevent unecessary reopens of bugs.