--------------------- PatchSet 1446 Date: 2001/01/30 17:14:07 Author: kinkie Branch: auth_rewrite Tag: (none) Log: Handled case when the client sent credentials for a domain which was not trusted by the domain we are authenticating against. Before, it would cause 'BH' responses, now it is a 'NA' matter. Members: src/auth/ntlm/helpers/NTLMSSP/ntlm_auth.c:1.1.2.5->1.1.2.6 Index: squid/src/auth/ntlm/helpers/NTLMSSP/ntlm_auth.c =================================================================== RCS file: /cvsroot/squid-sf//squid/src/auth/ntlm/helpers/NTLMSSP/Attic/ntlm_auth.c,v retrieving revision 1.1.2.5 retrieving revision 1.1.2.6 diff -u -r1.1.2.5 -r1.1.2.6 --- squid/src/auth/ntlm/helpers/NTLMSSP/ntlm_auth.c 30 Jan 2001 11:01:07 -0000 1.1.2.5 +++ squid/src/auth/ntlm/helpers/NTLMSSP/ntlm_auth.c 30 Jan 2001 17:14:07 -0000 1.1.2.6 @@ -21,23 +21,19 @@ #include "util.h" /* these are part of rfcnb-priv.h and smblib-priv.h */ -extern int RFCNB_errno; extern int SMB_Get_Error_Msg (int msg, char *msgbuf, int len); extern int SMB_Get_Last_Error (); +extern int SMB_Get_Last_SMB_Err(); + #define BUFFER_SIZE 10240 #if HAVE_STDLIB_H #include #endif - - #if HAVE_GETOPT_H #include #endif - - - #ifdef HAVE_STRING_H #include #endif @@ -45,6 +41,10 @@ #include #endif +#ifdef DEBUG +char error_messages_buffer[BUFFER_SIZE]; +#endif + char load_balance = 0, failover_enabled = 0, protocol_pedantic = 0, last_ditch_enabled = 0; dc *controllers = NULL; @@ -312,6 +312,27 @@ cred = ntlm_check_auth ((ntlm_authenticate *) decoded, plen); if (cred == NULL) { + int errorclass, errorcode; +#ifdef DEBUG + SMB_Get_Error_Msg(SMB_Get_Last_SMB_Err(), + error_messages_buffer,BUFFER_SIZE); + debug("Authentication failure. SMB error: %d: %s\n. Class=%d, " + "Code=%d\n", + SMB_Get_Last_SMB_Err(), error_messages_buffer, + SMB_Get_Last_SMB_Err() & 0xff, SMB_Get_Last_SMB_Err() >>16); +#endif + /* This is kind of a special case, which happens when the + client sends credentials in a domain which is not trusted + by the domain we're using when authenticating. Unfortunately, + it can't currently be accommodated in the current framework so + I'll leave it hanging here, waiting for the general framework + to be expanded to better accommodate the generale case. */ + errorclass=SMB_Get_Last_SMB_Err() & 0xff; + errorcode=SMB_Get_Last_SMB_Err() >>16; + if (errorclass==1 && errorcode==5) { + SEND("NA Untrusted domain"); + return; + } switch (ntlm_errno) { case NTLM_LOGON_ERROR: @@ -330,7 +351,8 @@ /* dc_disconnect(); */ SMB_Get_Error_Msg (SMB_Get_Last_Error (), smb_error_buffer, 1000); - debug ("Last error was: %s, RFC errno=%d\n", smb_error_buffer, RFCNB_errno); + debug ("Last error was: %s, RFC errno=%d\n", smb_error_buffer, + RFCNB_Get_Last_Errno()); if (failover_enabled) current_dc = current_dc->next; return; @@ -353,7 +375,8 @@ /* SEND("BH Domain controller failure"); */ /* dc_disconnect(); *//* maybe we're overreacting? */ SMB_Get_Error_Msg (SMB_Get_Last_Error (), smb_error_buffer, 1000); - debug ("Last error was: %s. RFCNB errno=%d\n", smb_error_buffer, RFCNB_errno); + debug ("Last error was: %s. RFCNB errno=%d\n", smb_error_buffer, + RFCNB_Get_Last_Errno()); if (failover_enabled) current_dc = current_dc->next; return;