--- /dev/null
+Index: squid/helpers/ntlm_auth/fakeauth/fakeauth_auth.c
+diff -c squid/helpers/ntlm_auth/fakeauth/fakeauth_auth.c:1.3.2.1 squid/helpers/ntlm_auth/fakeauth/fakeauth_auth.c:1.3.2.7
+*** squid/helpers/ntlm_auth/fakeauth/fakeauth_auth.c:1.3.2.1 Fri Aug 20 02:09:58 2004
+--- squid/helpers/ntlm_auth/fakeauth/fakeauth_auth.c Fri Jan 7 14:12:27 2005
+***************
+*** 38,47 ****
+ #if HAVE_PWD_H
+ #include <pwd.h>
+ #endif
+!
+!
+! #define ERR "ERR\n"
+! #define OK "OK\n"
+
+ #if 0
+ #define NTLM_STATIC_CHALLENGE "deadbeef"
+--- 38,46 ----
+ #if HAVE_PWD_H
+ #include <pwd.h>
+ #endif
+! #if HAVE_ASSERT_H
+! #include <assert.h>
+! #endif
+
+ #if 0
+ #define NTLM_STATIC_CHALLENGE "deadbeef"
+***************
+*** 55,61 ****
+ static void
+ lc(char *string)
+ {
+! char *p = string, c;
+ while ((c = *p)) {
+ *p = tolower(c);
+ p++;
+--- 54,61 ----
+ static void
+ lc(char *string)
+ {
+! char *p = string;
+! char c;
+ while ((c = *p)) {
+ *p = tolower(c);
+ p++;
+***************
+*** 65,71 ****
+
+ /*
+ * Generates a challenge request. The randomness of the 8 byte
+! * challenge strings can be guarenteed to be poor at best.
+ */
+ void
+ ntlmMakeChallenge(struct ntlm_challenge *chal)
+--- 65,71 ----
+
+ /*
+ * Generates a challenge request. The randomness of the 8 byte
+! * challenge strings can be guaranteed to be poor at best.
+ */
+ void
+ ntlmMakeChallenge(struct ntlm_challenge *chal)
+***************
+*** 89,95 ****
+ if (authenticate_ntlm_domain != NULL)
+ while (authenticate_ntlm_domain[i++]);
+
+-
+ chal->target.offset = WSWAP(48);
+ chal->target.maxlen = SSWAP(i);
+ chal->target.len = chal->target.maxlen;
+--- 89,94 ----
+***************
+*** 110,116 ****
+ }
+
+ /*
+! * Check the vailidity of a request header. Return -1 on error.
+ */
+ int
+ ntlmCheckHeader(ntlmhdr * hdr, int type)
+--- 109,115 ----
+ }
+
+ /*
+! * Check the validity of a request header. Return -1 on error.
+ */
+ int
+ ntlmCheckHeader(ntlmhdr * hdr, int type)
+***************
+*** 127,135 ****
+ return 0;
+
+ if (WSWAP(hdr->type) != type) {
+! /* don't report this error - it's ok as we do a if() around this function */
+! // fprintf(stderr, "ntlmCheckHeader: type is %d, wanted %d\n",
+! // WSWAP(hdr->type), type);
+ return (-1);
+ }
+ return (0);
+--- 126,133 ----
+ return 0;
+
+ if (WSWAP(hdr->type) != type) {
+! /* don't report this error - it's ok as we do a if() around this function */
+! /* fprintf(stderr, "ntlmCheckHeader: type is %d, wanted %d\n", WSWAP(hdr->type), type); */
+ return (-1);
+ }
+ return (0);
+***************
+*** 142,150 ****
+ ntlmGetString(ntlmhdr * hdr, strhdr * str, int flags)
+ {
+ static char buf[512];
+! u_short *s, c;
+! char *d, *sc;
+! int l, o;
+
+ l = SSWAP(str->len);
+ o = WSWAP(str->offset);
+--- 140,151 ----
+ ntlmGetString(ntlmhdr * hdr, strhdr * str, int flags)
+ {
+ static char buf[512];
+! u_short *s;
+! u_short c;
+! char *d;
+! char *sc;
+! int l;
+! int o;
+
+ l = SSWAP(str->len);
+ o = WSWAP(str->offset);
+***************
+*** 195,256 ****
+ int
+ ntlmDecodeAuth(struct ntlm_authenticate *auth, char *buf, size_t size)
+ {
+! char *p, *origbuf;
+ int s;
+
+! if (!buf) {
+ return 1;
+- }
+ origbuf = buf;
+! if (ntlmCheckHeader(&auth->hdr, NTLM_AUTHENTICATE)) {
+
+- fprintf(stderr, "ntlmDecodeAuth: header check fails\n");
+- return -1;
+- }
+- /* only on when you need to debug
+- * fprintf(stderr,"ntlmDecodeAuth: size of %d\n", size);
+- * fprintf(stderr,"ntlmDecodeAuth: flg %08x\n", auth->flags);
+- * fprintf(stderr,"ntlmDecodeAuth: usr o(%d) l(%d)\n", auth->user.offset, auth->user.len);
+- */
+ if ((p = ntlmGetString(&auth->hdr, &auth->domain, 2)) == NULL)
+ p = authenticate_ntlm_domain;
+! // fprintf(stderr,"ntlmDecodeAuth: Domain '%s'.\n",p);
+ if ((s = strlen(p) + 1) >= size)
+ return 1;
+ strcpy(buf, p);
+! // fprintf(stdout,"ntlmDecodeAuth: Domain '%s'.\n",buf);
+
+ size -= s;
+ buf += (s - 1);
+ *buf++ = '\\'; /* Using \ is more consistent with MS-proxy */
+
+ p = ntlmGetString(&auth->hdr, &auth->user, 2);
+ if ((s = strlen(p) + 1) >= size)
+ return 1;
+ while (*p)
+! *buf++ = (*p++); //tolower
+
+ *buf++ = '\0';
+ size -= s;
+! // fprintf(stderr, "ntlmDecodeAuth: user: %s%s\n",origbuf, p);
+!
+
+ return 0;
+ }
+
+
+ int
+! main()
+ {
+ char buf[256];
+! char user[256], *p, *cleartext;
+ struct ntlm_challenge chal;
+ int len;
+ char *data = NULL;
+
+ setbuf(stdout, NULL);
+ while (fgets(buf, 256, stdin) != NULL) {
+! user[0] = '\0'; /*no usercode */
+
+ if ((p = strchr(buf, '\n')) != NULL)
+ *p = '\0'; /* strip \n */
+--- 196,265 ----
+ int
+ ntlmDecodeAuth(struct ntlm_authenticate *auth, char *buf, size_t size)
+ {
+! char *p;
+! char *origbuf;
+ int s;
+
+! if (!buf)
+ return 1;
+ origbuf = buf;
+! assert (0 == ntlmCheckHeader(&auth->hdr, NTLM_AUTHENTICATE));
+!
+! #if DEBUG_FAKEAUTH
+! fprintf(stderr,"ntlmDecodeAuth: size of %d\n", size);
+! fprintf(stderr,"ntlmDecodeAuth: flg %08x\n", auth->flags);
+! fprintf(stderr,"ntlmDecodeAuth: usr o(%d) l(%d)\n", auth->user.offset,
+! auth->user.len);
+! #endif
+
+ if ((p = ntlmGetString(&auth->hdr, &auth->domain, 2)) == NULL)
+ p = authenticate_ntlm_domain;
+! #if DEBUG_FAKEAUTH
+! fprintf(stderr,"ntlmDecodeAuth: Domain '%s'.\n",p);
+! #endif
+ if ((s = strlen(p) + 1) >= size)
+ return 1;
+ strcpy(buf, p);
+! #if DEBUG_FAKEAUTH
+! fprintf(stdout,"ntlmDecodeAuth: Domain '%s'.\n",buf);
+! #endif
+
+ size -= s;
+ buf += (s - 1);
+ *buf++ = '\\'; /* Using \ is more consistent with MS-proxy */
+
+ p = ntlmGetString(&auth->hdr, &auth->user, 2);
++ if (NULL == p)
++ return 1;
+ if ((s = strlen(p) + 1) >= size)
+ return 1;
+ while (*p)
+! *buf++ = (*p++); /* tolower */
+
+ *buf++ = '\0';
+ size -= s;
+! #if DEBUG_FAKEAUTH
+! fprintf(stderr, "ntlmDecodeAuth: user: %s%s\n",origbuf, p);
+! #endif
+
+ return 0;
+ }
+
+
+ int
+! main(int argc, char *argv[])
+ {
+ char buf[256];
+! char user[256];
+! char *p;
+! char *cleartext = NULL;
+ struct ntlm_challenge chal;
+ int len;
+ char *data = NULL;
+
+ setbuf(stdout, NULL);
+ while (fgets(buf, 256, stdin) != NULL) {
+! memset(user, '\0', sizeof(user)); /* no usercode */
+
+ if ((p = strchr(buf, '\n')) != NULL)
+ *p = '\0'; /* strip \n */
+***************
+*** 270,280 ****
+ printf("AF %s\n", user);
+ } else {
+ lc(user);
+! printf("NA invalid credentials%s\n", user);
+ }
+ } else {
+ lc(user);
+! printf("BH wrong packet type!%s\n", user);
+ }
+ }
+ #endif
+--- 279,289 ----
+ printf("AF %s\n", user);
+ } else {
+ lc(user);
+! printf("NA invalid credentials, user=%s\n", user);
+ }
+ } else {
+ lc(user);
+! printf("BH wrong packet type! user=%s\n", user);
+ }
+ }
+ #endif
+***************
+*** 291,300 ****
+ SSWAP(chal.target.maxlen);
+ data = (char *) base64_encode_bin((char *) &chal, len);
+ printf("CH %s\n", data);
+! } else if (!ntlmCheckHeader
+! ((struct ntlmhdr *) cleartext, NTLM_AUTHENTICATE)) {
+! if (!ntlmDecodeAuth
+! ((struct ntlm_authenticate *) cleartext, user, 256)) {
+ lc(user);
+ printf("OK %s\n", user);
+ } else {
+--- 300,307 ----
+ SSWAP(chal.target.maxlen);
+ data = (char *) base64_encode_bin((char *) &chal, len);
+ printf("CH %s\n", data);
+! } else if (!ntlmCheckHeader ((struct ntlmhdr *) cleartext, NTLM_AUTHENTICATE)) {
+! if (!ntlmDecodeAuth ((struct ntlm_authenticate *) cleartext, user, 256)) {
+ lc(user);
+ printf("OK %s\n", user);
+ } else {
+***************
+*** 307,312 ****
+--- 314,321 ----
+ }
+ }
+ #endif /*v2 */
++ free(cleartext);
++ cleartext = NULL;
+ }
+ exit(0);
+ }