Opened 12 years ago
Closed 11 years ago
#172 closed Bug / Defect (fixed)
NTLM auth does not work with SQUID proxy server
Reported by: | pmcenery | Owned by: | Gert Döring |
---|---|---|---|
Priority: | major | Milestone: | |
Component: | Networking | Version: | OpenVPN 2.3.0 (Community Ed) |
Severity: | Not set (select this one, unless your'e a OpenVPN developer) | Keywords: | NTLM SQUID |
Cc: |
Description
NTLM authentication fails with SQUID proxy server. In the password file, I have tried both DOMAIN\username, and username on its own, but both produce the same result.
Attached is a log of the failure. I have version 2.2.0, but 2.2.1 does not appear to have any changes listed for any NTLM functionality.
Happy to provide any assistance. I can probably set up a server to test against if anyone wants to look at this issue seriously...
Attachments (2)
Change History (6)
Changed 12 years ago by
comment:1 Changed 12 years ago by
If you have to use a SQUID proxy server with NTLM, then I'd recommend that you use a dedicated proxy client which is known to work - such as Cntlm (http://cntlm.sourceforge.net/).
comment:2 Changed 12 years ago by
Hi,
i also stumbled over this issue and found the bug:
The problem is located in the file proxy.c within "establish_http_proxy_passthru": To keep buffers small long base64-encoded NTLM-Strings are truncated.
But the truncating is done on a wrong place:
base 64 strings can be cut every 4 chars. the buffer is 128 bytes - including the terminating \0, so the usable data is only 127 bytes. And decoding a 127 char base64 string fails... this is why the ntlm authentication fails in certain cases (long strings)...
I've also attached a patch that resolves this issue.
bye,
chris
comment:3 Changed 11 years ago by
Owner: | set to Gert Döring |
---|---|
Status: | new → assigned |
Version: | 2.2.0 → 2.3.0 |
taking this. thanks for the patch, and sorry for stalling.
patch will go into 2.3.0 and master (-devel)
comment:4 Changed 11 years ago by
Resolution: | → fixed |
---|---|
Status: | assigned → closed |
fix committed to master and release/2.3
commit f8ac53b98ed2513f1d80363b6fd2351f1b4ae511 (master)
commit 55058d4f96dfec96e9f0cad7802a5eaaf9a3301f (release/2.3)
Log Output