You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
setup a user with more than 127 groups, the script checks different groups recursively until it reaches 127, then, when evaluating the 128th, the assert fails:
# python PyAuthenNTLM2/ntlm_client.py -u sevetest -p XXX -d yyyy.ch -g g_HIN_Proxyusers -a ldap://xxxx/DC=yyyy,DC=ch
Using Active Directory (LDAP) to verify credentials.
User sevetest\spital-biel.ch was authenticated.
Traceback (most recent call last):
File "PyAuthenNTLM2/ntlm_client.py", line 333, in <module>
res = proxy.check_membership(member, config['group'])
File "/usr/local/lib/python2.7/dist-packages/PyAuthenNTLM2/ntlm_ad_proxy.py", line 269, in check_membership
if self.check_membership(None,groups,x, tabs+1):
File "/usr/local/lib/python2.7/dist-packages/PyAuthenNTLM2/ntlm_ad_proxy.py", line 269, in check_membership
if self.check_membership(None,groups,x, tabs+1):
File "/usr/local/lib/python2.7/dist-packages/PyAuthenNTLM2/ntlm_ad_proxy.py", line 269, in check_membership
if self.check_membership(None,groups,x, tabs+1):
File "/usr/local/lib/python2.7/dist-packages/PyAuthenNTLM2/ntlm_ad_proxy.py", line 251, in check_membership
resp = self.proto.parse_search_resp(msg)
File "/usr/local/lib/python2.7/dist-packages/PyAuthenNTLM2/ntlm_ad_proxy.py", line 181, in parse_search_resp
messageID, data = parseint(data, True)
File "/usr/local/lib/python2.7/dist-packages/PyAuthenNTLM2/asn1.py", line 130, in parseint
assert (ord(payload[0]) & 0x80) == 0x00
AssertionError
I have tested with different users and it stops by different group names, but always in the 127th. Users with less than 127 groups work fine and users that were not working, work again as soon as the group membership goes below 127. Z.B, user tttt was not working, but now that I have removed some groups, it does:
# python PyAuthenNTLM2/ntlm_client.py -u tttt -p XXX -d yyyy.ch -g g_HIN_Proxyusers -a ldap://xxxx/DC=yyyy,DC=ch
Using Active Directory (LDAP) to verify credentials.
User tttt\yyyy.ch was authenticated.
User tttt belongs to at least one group.
I have tried modifying asn1.py to see what is happening and it seems that the parsing code fails to decode the message: the message ID for the 128th group is not 128 as expected (0x80) but 4294967168 (0xFFFFFF80).
The text was updated successfully, but these errors were encountered:
setup a user with more than 127 groups, the script checks different groups recursively until it reaches 127, then, when evaluating the 128th, the assert fails:
I have tested with different users and it stops by different group names, but always in the 127th. Users with less than 127 groups work fine and users that were not working, work again as soon as the group membership goes below 127. Z.B, user tttt was not working, but now that I have removed some groups, it does:
I have tried modifying asn1.py to see what is happening and it seems that the parsing code fails to decode the message: the message ID for the 128th group is not 128 as expected (0x80) but 4294967168 (0xFFFFFF80).
The text was updated successfully, but these errors were encountered: