#11 Passwords containing ':' are not parsed correctly

open
None
5
2006-01-26
2005-11-08
Anonymous
No

When a user's password contains a ':" character, it is not correctly
parsed when read from the browser. This (inline) patch should
correct that.

--- ntlm_auth.py.orig 2005-11-08 17:20:44.000000000 -0500
+++ ntlm_auth.py 2005-11-08 17:21:50.000000000 -0500
@@ -358,7 +358,13 @@
b64 = string.split(i)[1]
cred = base64.decodestring(b64)
user = string.split(cred, ':')[0]
- password = string.split(cred, ':')[1]
+ password_parts = string.split(cred, ':')
+ j = len(password_parts)
+ for k in range(1,j):
+ if password == "":
+ password = password_parts[k]
+ else:
+ password = password + ':' + password_parts[k]

return user, password

Discussion

  • Frediano Ziglio

    Frediano Ziglio - 2005-12-01

    Logged In: YES
    user_id=75766

    Perhaps a simpler solution would be

    password = string.split(cred, ':', 1)[1];

    or

    password = cred.split(':',1)[1];

    (I don't know python very well...)

    freddy77

     
  • Darryl Dixon

    Darryl Dixon - 2006-01-26
    • assigned_to: nobody --> esrever_otua
     
  • Darryl Dixon

    Darryl Dixon - 2006-01-26

    Logged In: YES
    user_id=567623

    This problem is caused by a bug in the assumptions made in
    the way config.py parses server.cfg. Thanks for bringing it
    to my attention, it will be fixed in the next release, which
    will probably be 0.9.9.8 (I know, theer's been a long hiatus
    between releases; I've had a new baby that's been chewing up
    all my time :)

    D

     
  • Nobody/Anonymous

    Logged In: NO

    when the password contains "#", ntlmaps 0.9.9.0.1 doesn't work.

     

Log in to post a comment.