Index: squid/helpers/ntlm_auth/fakeauth/fakeauth_auth.c
diff -c squid/helpers/ntlm_auth/fakeauth/fakeauth_auth.c:1.3.2.1 squid/helpers/ntlm_auth/fakeauth/fakeauth_auth.c:1.3.2.7
*** squid/helpers/ntlm_auth/fakeauth/fakeauth_auth.c:1.3.2.1	Fri Aug 20 02:09:58 2004
--- squid/helpers/ntlm_auth/fakeauth/fakeauth_auth.c	Fri Jan  7 14:12:27 2005
***************
*** 38,47 ****
  #if HAVE_PWD_H
  #include <pwd.h>
  #endif
! 
! 
! #define ERR    "ERR\n"
! #define OK     "OK\n"
  
  #if 0
  #define NTLM_STATIC_CHALLENGE "deadbeef"
--- 38,46 ----
  #if HAVE_PWD_H
  #include <pwd.h>
  #endif
! #if HAVE_ASSERT_H
! #include <assert.h>
! #endif
  
  #if 0
  #define NTLM_STATIC_CHALLENGE "deadbeef"
***************
*** 55,61 ****
  static void
  lc(char *string)
  {
!     char *p = string, c;
      while ((c = *p)) {
  	*p = tolower(c);
  	p++;
--- 54,61 ----
  static void
  lc(char *string)
  {
!     char *p = string;
!     char c;
      while ((c = *p)) {
  	*p = tolower(c);
  	p++;
***************
*** 65,71 ****
  
  /*
   * Generates a challenge request. The randomness of the 8 byte 
!  * challenge strings can be guarenteed to be poor at best.
   */
  void
  ntlmMakeChallenge(struct ntlm_challenge *chal)
--- 65,71 ----
  
  /*
   * Generates a challenge request. The randomness of the 8 byte 
!  * challenge strings can be guaranteed to be poor at best.
   */
  void
  ntlmMakeChallenge(struct ntlm_challenge *chal)
***************
*** 89,95 ****
      if (authenticate_ntlm_domain != NULL)
  	while (authenticate_ntlm_domain[i++]);
  
- 
      chal->target.offset = WSWAP(48);
      chal->target.maxlen = SSWAP(i);
      chal->target.len = chal->target.maxlen;
--- 89,94 ----
***************
*** 110,116 ****
  }
  
  /*
!  * Check the vailidity of a request header. Return -1 on error.
   */
  int
  ntlmCheckHeader(ntlmhdr * hdr, int type)
--- 109,115 ----
  }
  
  /*
!  * Check the validity of a request header. Return -1 on error.
   */
  int
  ntlmCheckHeader(ntlmhdr * hdr, int type)
***************
*** 127,135 ****
  	return 0;
  
      if (WSWAP(hdr->type) != type) {
! /* don't report this error - it's ok as we do a if() around this function */
! //      fprintf(stderr, "ntlmCheckHeader: type is %d, wanted %d\n",
! 	//          WSWAP(hdr->type), type);
  	return (-1);
      }
      return (0);
--- 126,133 ----
  	return 0;
  
      if (WSWAP(hdr->type) != type) {
! 	/* don't report this error - it's ok as we do a if() around this function */
! 	/* fprintf(stderr, "ntlmCheckHeader: type is %d, wanted %d\n", WSWAP(hdr->type), type); */
  	return (-1);
      }
      return (0);
***************
*** 142,150 ****
  ntlmGetString(ntlmhdr * hdr, strhdr * str, int flags)
  {
      static char buf[512];
!     u_short *s, c;
!     char *d, *sc;
!     int l, o;
  
      l = SSWAP(str->len);
      o = WSWAP(str->offset);
--- 140,151 ----
  ntlmGetString(ntlmhdr * hdr, strhdr * str, int flags)
  {
      static char buf[512];
!     u_short *s;
!     u_short c;
!     char *d;
!     char *sc;
!     int l;
!     int o;
  
      l = SSWAP(str->len);
      o = WSWAP(str->offset);
***************
*** 195,256 ****
  int
  ntlmDecodeAuth(struct ntlm_authenticate *auth, char *buf, size_t size)
  {
!     char *p, *origbuf;
      int s;
  
!     if (!buf) {
  	return 1;
-     }
      origbuf = buf;
!     if (ntlmCheckHeader(&auth->hdr, NTLM_AUTHENTICATE)) {
  
- 	fprintf(stderr, "ntlmDecodeAuth: header check fails\n");
- 	return -1;
-     }
- /* only on when you need to debug
-  * fprintf(stderr,"ntlmDecodeAuth: size of %d\n", size);
-  * fprintf(stderr,"ntlmDecodeAuth: flg %08x\n", auth->flags);
-  * fprintf(stderr,"ntlmDecodeAuth: usr o(%d) l(%d)\n", auth->user.offset, auth->user.len);
-  */
      if ((p = ntlmGetString(&auth->hdr, &auth->domain, 2)) == NULL)
  	p = authenticate_ntlm_domain;
! //      fprintf(stderr,"ntlmDecodeAuth: Domain '%s'.\n",p);
      if ((s = strlen(p) + 1) >= size)
  	return 1;
      strcpy(buf, p);
! //      fprintf(stdout,"ntlmDecodeAuth: Domain '%s'.\n",buf);
  
      size -= s;
      buf += (s - 1);
      *buf++ = '\\';		/* Using \ is more consistent with MS-proxy */
  
      p = ntlmGetString(&auth->hdr, &auth->user, 2);
      if ((s = strlen(p) + 1) >= size)
  	return 1;
      while (*p)
! 	*buf++ = (*p++);	//tolower
  
      *buf++ = '\0';
      size -= s;
! //      fprintf(stderr, "ntlmDecodeAuth: user: %s%s\n",origbuf, p);
! 
  
      return 0;
  }
  
  
  int
! main()
  {
      char buf[256];
!     char user[256], *p, *cleartext;
      struct ntlm_challenge chal;
      int len;
      char *data = NULL;
  
      setbuf(stdout, NULL);
      while (fgets(buf, 256, stdin) != NULL) {
! 	user[0] = '\0';		/*no usercode */
  
  	if ((p = strchr(buf, '\n')) != NULL)
  	    *p = '\0';		/* strip \n */
--- 196,265 ----
  int
  ntlmDecodeAuth(struct ntlm_authenticate *auth, char *buf, size_t size)
  {
!     char *p;
!     char *origbuf;
      int s;
  
!     if (!buf)
  	return 1;
      origbuf = buf;
!     assert (0 == ntlmCheckHeader(&auth->hdr, NTLM_AUTHENTICATE));
! 
! #if DEBUG_FAKEAUTH
!     fprintf(stderr,"ntlmDecodeAuth: size of %d\n", size);
!     fprintf(stderr,"ntlmDecodeAuth: flg %08x\n", auth->flags);
!     fprintf(stderr,"ntlmDecodeAuth: usr o(%d) l(%d)\n", auth->user.offset,
! 	auth->user.len);
! #endif
  
      if ((p = ntlmGetString(&auth->hdr, &auth->domain, 2)) == NULL)
  	p = authenticate_ntlm_domain;
! #if DEBUG_FAKEAUTH
!     fprintf(stderr,"ntlmDecodeAuth: Domain '%s'.\n",p);
! #endif
      if ((s = strlen(p) + 1) >= size)
  	return 1;
      strcpy(buf, p);
! #if DEBUG_FAKEAUTH
!     fprintf(stdout,"ntlmDecodeAuth: Domain '%s'.\n",buf);
! #endif
  
      size -= s;
      buf += (s - 1);
      *buf++ = '\\';		/* Using \ is more consistent with MS-proxy */
  
      p = ntlmGetString(&auth->hdr, &auth->user, 2);
+     if (NULL == p)
+ 	return 1;
      if ((s = strlen(p) + 1) >= size)
  	return 1;
      while (*p)
! 	*buf++ = (*p++);	/* tolower */
  
      *buf++ = '\0';
      size -= s;
! #if DEBUG_FAKEAUTH
!     fprintf(stderr, "ntlmDecodeAuth: user: %s%s\n",origbuf, p);
! #endif
  
      return 0;
  }
  
  
  int
! main(int argc, char *argv[])
  {
      char buf[256];
!     char user[256];
!     char *p;
!     char *cleartext = NULL;
      struct ntlm_challenge chal;
      int len;
      char *data = NULL;
  
      setbuf(stdout, NULL);
      while (fgets(buf, 256, stdin) != NULL) {
! 	memset(user, '\0', sizeof(user));	/* no usercode */
  
  	if ((p = strchr(buf, '\n')) != NULL)
  	    *p = '\0';		/* strip \n */
***************
*** 270,280 ****
  		    printf("AF %s\n", user);
  		} else {
  		    lc(user);
! 		    printf("NA invalid credentials%s\n", user);
  		}
  	    } else {
  		lc(user);
! 		printf("BH wrong packet type!%s\n", user);
  	    }
  	}
  #endif
--- 279,289 ----
  		    printf("AF %s\n", user);
  		} else {
  		    lc(user);
! 		    printf("NA invalid credentials, user=%s\n", user);
  		}
  	    } else {
  		lc(user);
! 		printf("BH wrong packet type! user=%s\n", user);
  	    }
  	}
  #endif
***************
*** 291,300 ****
  		    SSWAP(chal.target.maxlen);
  		data = (char *) base64_encode_bin((char *) &chal, len);
  		printf("CH %s\n", data);
! 	    } else if (!ntlmCheckHeader
! 		((struct ntlmhdr *) cleartext, NTLM_AUTHENTICATE)) {
! 		if (!ntlmDecodeAuth
! 		    ((struct ntlm_authenticate *) cleartext, user, 256)) {
  		    lc(user);
  		    printf("OK %s\n", user);
  		} else {
--- 300,307 ----
  		    SSWAP(chal.target.maxlen);
  		data = (char *) base64_encode_bin((char *) &chal, len);
  		printf("CH %s\n", data);
! 	    } else if (!ntlmCheckHeader ((struct ntlmhdr *) cleartext, NTLM_AUTHENTICATE)) {
! 		if (!ntlmDecodeAuth ((struct ntlm_authenticate *) cleartext, user, 256)) {
  		    lc(user);
  		    printf("OK %s\n", user);
  		} else {
***************
*** 307,312 ****
--- 314,321 ----
  	    }
  	}
  #endif /*v2 */
+ 	free(cleartext);
+ 	cleartext = NULL;
      }
      exit(0);
  }