Bug 916 - ntlm_auth squid_2_5_basic problem with passwords containing '+'
Summary: ntlm_auth squid_2_5_basic problem with passwords containing '+'
Alias: None
Product: Samba 3.0
Classification: Unclassified
Component: ntlm_auth tool (show other bugs)
Version: 3.0.1
Hardware: Other other
: P3 normal
Target Milestone: none
Assignee: Andrew Bartlett
QA Contact:
Depends on:
Reported: 2003-12-24 01:22 UTC by Michael Young
Modified: 2005-08-24 10:23 UTC (History)
0 users

See Also:

Don't replace + with ' ' for ntlm_auth (1.92 KB, patch)
2003-12-24 01:49 UTC, Andrew Bartlett
no flags Details

Note You need to log in before you can comment on or make changes to this bug.
Description Michael Young 2003-12-24 01:22:01 UTC
I have discovered that ntlm_auth from samba 3.0 doesn't correctly
authenticate a password containing the '+' character when the squid-2.5-basic
helper protocol is used. I observed this when trying to authenticate from
squid-2.5-STABLE4, so I suspect this is a genuine error. I have traced the
problem to the rfc1738_unescape subroutine, which for some reason replaces
'+' with ' '. As far as I can tell from rfc1738, it is completely legal to
have an unescaped '+' sign in a password.
Comment 1 Andrew Bartlett 2003-12-24 01:49:42 UTC
Created attachment 339 [details]
Don't replace + with ' ' for ntlm_auth

This is the patch I propose for this, I need to test both SWAT and ntlm_auth
before I commit
Comment 2 Andrew Bartlett 2003-12-25 01:37:59 UTC
Patch applied.
Comment 3 Gerald (Jerry) Carter (dead mail address) 2005-08-24 10:23:47 UTC
sorry for the same, cleaning up the database to prevent unecessary reopens of bugs.