Hi Amos,
So in this case the Samba ntlm_auth helper would need to escape the
output. Does the Samba team know ? I use
ntlm_auth -V
Version 3.6.12-59.13.1-3108-SUSE-SL12.3-x86_64
Markus
"Amos Jeffries" wrote in message news:52B8F0F8.603@xxxxxxxxxxxxx...
On 24/12/2013 6:59 a.m., Markus Moeller wrote:
Hi Amos,
Which helper has to do which rfc1738_(un)escape ?
The helper which is generating the response needs to encode. The helepr
which is consuming the response from Squid needs to un-encode.
I am running the
negotiate wrapper with NTLM and Kerberos. When I authenticate with NTLM
I see the following in the log
2013/12/23 17:45:48| negotiate_wrapper: received type 3 NTLM token
2013/12/23 17:45:48| negotiate_wrapper: Return 'AF = WIN2003R2\mm
'
But my external helper does not get the \. Does the wrapper need to
escape the return value ( I would have thought the wrapper just forwards
waht is gets from the real auth helper) ?
Yes, I expect the same. The helper being run by the wrapper should be
doing that encode/decode work.
kerberos_ldap_group.cc(329): pid=16122 :2013/12/23 17:45:58|
kerberos_ldap_group: MM: Got User: WIN2003R2mm
Squid-3.4 is hitting a bug in the word tokenizer where it decodes
\-escaped characters outside of quoted strings.
You could perhapse workaround this by doing the old->new helper response
format conversion in the worker.
Amos
