Hi Arno, thankyou for your response. > I agree with you that OverbyteIcsNtlmMsgs.pas only supports Unicode > NTLM messages. However I recently implemented proxy support in TWSocket > and tested that stuff against Squid proxy, it did work with current > OverbyteIcsNtlmMsgs.pas fine. So at least that version of Squid I used > for testing must have supported Unicode.
I'm using IPCOP 1.4.21 (latest available). This is the configuration of squid: Squid Cache: Version 2.7.STABLE9 configure options: '--prefix=/usr' '--sysconfdir=/etc/squid' '--datadir=/usr/lib/squid' '--libexecdir=/usr/lib/squid' '--enable-storeio=null,aufs,coss,diskd,ufs' '--enable-removal-policies=heap,lru' '--enable-delay-pools' '--enable-follow-x-forwarded-for' '--enable-useragent-log' '--enable-referer-log' '--enable-arp-acl' '--enable-http-violations' '--enable-linux-netfilter' '--enable-ident-lookups' '--enable-auth=basic,ntlm' '--enable-ntlm-fail-open' Maybe you have tested a newer version (3.1?) I've checked the squid release note, here: http://www.squid-cache.org/Versions/v3/3.1/RELEASENOTES.html but I can't understand how to enable unicode inside ntlm auth. This is what they say about ntlm: auth_param ntlm, basic, digest BASIC, DIGEST: New parameter option utf8 on|off to permit helpers to selectively process UTF-8 characters even though HTTP accepts only ISO-8859-1. NTLM: The helper binary bundled with Squid under the name ntlm_auth has been renamed to accurately reflect its real behavior and to prevent confusion with the more useful Samba helper using the same name. Despite being used for NTLM, the helper does not in fact provide true NTLM function. What it does provide is SMB LanManager authentication through the NTLM interface without the need for a domain controller. Thus the new name is ntlm_smb_lm_auth. WARNING: due to the name clash with Samba helper, admin should be careful to only update their squid.conf if the Squid bundled binary is used and needed. If the Samba helper is in use, the squid.conf should not be altered. > > If this actually requires a fix there should be a solution that can > be used in all components not just a separate fix for the HTTP client > IMO. You're right: the fix should be applied also where necessary (OverbyteIcsNTLMSSP, OverbyteIcsPOP3Prot, OverbyteIcsPp3ProtOld, OverbyteIcsSMTPProt). Up to now I've never used these units, so I have not changed them. > Whether Unicode or OEM strings are used in the NTLM communication > should be an implementation detail hidden to the component user. > Your fix doesn't fix for instance the NtlmGetMessage2 result, > I wonder what the TNTLM_Msg2_Info result looks like with your proxy? > If I debug NtlmGetMessage2 function, I see: function NtlmGetMessage2(const AServerReply: String): TNTLM_Msg2_Info; AServerReply='TlRMTVNTUAACAAAACwALACgAAACCgkEATo49y/toC4kAAAAAAAAAAEUtV09SS1MuTEFO' NTLMReply='NTLMSSP'#0#2#0#0#0#$B#0#$B#0'('#0#0#0'‚‚A'#0'C'#8'Êlÿô”Ü'#0#0#0#0#0#0#0#0'E-WORKS.LAN' MsgInfo.Target='E-WORKS.LAN' MsgInfo.Challenge=(67, 8, 202, 108, 255, 244, 148, 220) Msg.TargetInfo.Offset=777210706 (it is right?) then the "loop through target information blocks" block is skipped. Do you see something strange? For now, I keep the patch. I hope that ipcop will upgrade squid soon. thankyou, bye Emanuele -- Ing. Emanuele Bizzarri Software Development Department e-works s.r.l. 41011 - Campogalliano - Modena - Italy tel. +39 059 2929081 int. 23 fax +39 059 2925035 e-mail: e.bizza...@e-works.it - http://www.e-works.it --------------------------------------------------------------------- La presente comunicazione, che potrebbe contenere informazioni riservate e/o protette da segreto professionale, è indirizzata esclusivamente ai destinatari della medesima qui indicati. Le opinioni, le conclusioni e le altre informazioni qui contenute, che non siano relative alla nostra attività caratteristica, devono essere considerate come non inviate né avvalorate da noi. Tutti i pareri e le informazioni qui contenuti sono soggetti ai termini ed alle condizioni previsti dagli accordi che regolano il nostro rapporto con il cliente. Nel caso in cui abbiate ricevuto per errore la presente comunicazione, vogliate cortesemente darcene immediata notizia, rispondendo a questo stesso indirizzo di e-mail, e poi procedere alla cancellazione di questo messaggio dal Vostro sistema. E' strettamente proibito e potrebbe essere fonte di violazione di legge qualsiasi uso, comunicazione, copia o diffusione dei contenuti di questa comunicazione da parte di chi la abbia ricevuta per errore o in violazione degli scopi della presente. --------------------------------------------------------------------- This communication, that may contain confidential and/or legally privileged information, is intended solely for the use of the intended addressees. Opinions, conclusions and other information contained in this message, that do not relate to the official business of this firm, shall be considered as not given or endorsed by it. Every opinion or advice contained in this communication is subject to the terms and conditions provided by the agreement governing the engagement with such a client. If you have received this communication in error, please notify us immediately by responding to this email and then delete it from your system. Any use, disclosure, copying or distribution of the contents of this communication by a not-intended recipient or in violation of the purposes of this communication is strictly prohibited and may be unlawful. -- To unsubscribe or change your settings for TWSocket mailing list please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be
