Passwords containing ':' are not parsed correctly
Brought to you by:
jpmcc
When a user's password contains a ':" character, it is not correctly
parsed when read from the browser. This (inline) patch should
correct that.
--- ntlm_auth.py.orig 2005-11-08 17:20:44.000000000 -0500
+++ ntlm_auth.py 2005-11-08 17:21:50.000000000 -0500
@@ -358,7 +358,13 @@
b64 = string.split(i)[1]
cred = base64.decodestring(b64)
user = string.split(cred, ':')[0]
- password = string.split(cred, ':')[1]
+ password_parts = string.split(cred, ':')
+ j = len(password_parts)
+ for k in range(1,j):
+ if password == "":
+ password = password_parts[k]
+ else:
+ password = password + ':' + password_parts[k]
return user, password
Logged In: YES
user_id=75766
Perhaps a simpler solution would be
password = string.split(cred, ':', 1)[1];
or
password = cred.split(':',1)[1];
(I don't know python very well...)
freddy77
Logged In: YES
user_id=567623
This problem is caused by a bug in the assumptions made in
the way config.py parses server.cfg. Thanks for bringing it
to my attention, it will be fixed in the next release, which
will probably be 0.9.9.8 (I know, theer's been a long hiatus
between releases; I've had a new baby that's been chewing up
all my time :)
D
Logged In: NO
when the password contains "#", ntlmaps 0.9.9.0.1 doesn't work.