(merge from 3.0)

Thanks to Serassio Guido for noticing issues in our Squid NTLMSSP
implementation.  We were not resetting the NTLMSSP state for new
negotiate packets.

Andrew Bartlett

diff --git a/source/utils/ntlm_auth.c b/source/utils/ntlm_auth.c
index 5b1b83d032d798a9e05023579d39dac2bb9cda59..132134fd9d9e1258aa2d48edee3a5cba1bdca37f 100644 (file)
--- a/source/utils/ntlm_auth.c
+++ b/source/utils/ntlm_auth.c
@@ -340,18 +340,23 @@ static void manage_squid_ntlmssp_request(enum stdio_helper_mode stdio_helper_mod
                return;
        }
 
-       if (strlen(buf) > 3) {
-               request = base64_decode_data_blob(buf + 3);
-       } else if (strcmp(buf, "YR") == 0) {
-               request = data_blob(NULL, 0);
+       if (strncmp(buf, "YR", 2) == 0) {
                if (ntlmssp_state)
                        ntlmssp_end(&ntlmssp_state);
+       } else if (strncmp(buf, "KK", 2) == 0) {
+               
        } else {
                DEBUG(1, ("NTLMSSP query [%s] invalid", buf));
                x_fprintf(x_stdout, "BH\n");
                return;
        }
 
+       if (strlen(buf) > 3) {
+               request = base64_decode_data_blob(buf + 3);
+       } else {
+               request = data_blob(NULL, 0);
+       }
+
        if (!ntlmssp_state) {
                ntlmssp_server_start(&ntlmssp_state);
                ntlmssp_state->check_password = winbind_pw_check;