Re: re ntlm memory race

From: Robert Collins <robert.collins@dont-contact.us>
Date: Sat, 13 Jan 2001 16:37:26 +1100

Ok,

The authenticate.c file contains a framework which the rest of squid interfaces with. This drives the modular code - pushing it data
and retrieving the results. For flexability the modules have private data storage 'scheme data' for both request-related data and
user-related data. (i.e.for digest, the H(A1) is a user level piece of data, where as a particular nonce/response combination is
only valid for one request.)

There is a global cache that the authentication frame work uses to store the user records (auth_user_t ). The framework cleans this
up and maintains it. (I've broken that line in digest temporarily while I was chasing a memory bug - I'll be fixing that soon).

NTLM has a cache of challenge-response pairs used to shortcut the NTLM protocol (if a challenge & authenticate pair are found in the
cache, we've authenticated that user already - no need to go to the helper).
The NTLM cache will grow somewhat by the time a user expires, and I intend to put in place a removal mechanism when we get the
helper that issues a particular challenge to get a new challenge, to also clean those challenges out across the user cache, but that
will be somewhat expensive (in time or cpu) so I've just lived with it for now.

Digest has a cache of nonces. (we send a nonce out with no way to tell who or where the user will actually come in from - and we
don't know the username at that point. When a user uses that nonce we link it to the user to help prevent spoofing)

Basic has no private caches.

Rob

----- Original Message -----
From: "Henrik Nordstrom" <hno@hem.passagen.se>
To: "Robert Collins" <rbtcollins@hotmail.com>
Cc: <squid-dev@squid-cache.org>
Sent: Saturday, January 13, 2001 1:18 PM
Subject: Re: re ntlm memory race

> Never mind. Found the remove I didn't find before. Looks OK even if it
> is a bit confusing with all the different levels of authentication
> caches..
>
> /Henrik
>
>
> Robert Collins wrote:
> >
> > Hi Henrik,
> > my home ISP's SMTP server is down at the moment (and they use SMTP
> > interception !grrr. Anyway This is the only way I can respond till they fix
> > it. Please reply direct to this mail account. Also please don't forward this
> > to the list (I don't want this accounts email address visible for spambots
> > to pick up)
> >
> > what line number is the hash you are referring to occuring on?
> > ===
> >
> > I stumbled across a hash in auth/ntlm/auth_ntlm.c which looks rather
> > dangerous. There you build a indirect hash from ntlmhash to auth_user,
> > but there is no deletes from the hash table.
> >
> > Isn't those auth_user structures garbage collected in authenticate.c? Or
> > is this another set of auth_user structures which never gets
> > deallocated?
> >
> > (why I was looking is because I am rewriting hash.c sligthly in
> > compactsentry to save a pointer to the key)
> >
> > /Henrik
> >
> > _________________________________________________________________________
> > Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com.
>
>
Received on Fri Jan 12 2001 - 22:25:54 MST

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:13:17 MST