--------------------- PatchSet 1246 Date: 2001/01/10 07:52:43 Author: rbcollins Branch: auth_digest Tag: (none) Log: debug levels set appropriately Members: src/auth/digest/auth_digest.c:1.1.2.16->1.1.2.17 Index: squid/src/auth/digest/auth_digest.c =================================================================== RCS file: /cvsroot/squid-sf//squid/src/auth/digest/auth_digest.c,v retrieving revision 1.1.2.16 retrieving revision 1.1.2.17 diff -u -r1.1.2.16 -r1.1.2.17 --- squid/src/auth/digest/auth_digest.c 10 Jan 2001 07:24:15 -0000 1.1.2.16 +++ squid/src/auth/digest/auth_digest.c 10 Jan 2001 07:52:43 -0000 1.1.2.17 @@ -179,7 +179,7 @@ /* the cache's link */ authDigestNonceLink(newnonce); newnonce->flags.incache=1; - debug(29,6)("authenticateDigestNonceNew: created nonce %0p at %d\n", newnonce, newnonce->noncedata.creationtime); + debug(29,5)("authenticateDigestNonceNew: created nonce %0p at %d\n", newnonce, newnonce->noncedata.creationtime); return newnonce; } @@ -265,7 +265,7 @@ authDigestNonceUnlink(nonce); } } - debug(29,6) ("authenticateDigestNonceCacheCleanup: Finished cleaning the nonce cache.\n"); + debug(29,3) ("authenticateDigestNonceCacheCleanup: Finished cleaning the nonce cache.\n"); eventAdd("Digest none cache maintenance",authenticateDigestNonceCacheCleanup, NULL, digestConfig->nonceGCInterval,1); } @@ -313,13 +313,13 @@ digest_nonce_h *nonce=NULL; if (nonceb64==NULL) return NULL; - debug(29,6)("authDigestNonceFindNonce:looking for nonceb64 '%s' in the nonce cache.\n",nonceb64); + debug(29,9)("authDigestNonceFindNonce:looking for nonceb64 '%s' in the nonce cache.\n",nonceb64); if ((nonce = hash_lookup(digest_nonce_cache, nonceb64))) while ((strcmp(nonce->nonceb64,nonceb64)) && (nonce->next)) nonce=nonce->next; if ((nonce == NULL) || (strcmp(nonce->nonceb64,nonceb64))) return NULL; - debug(29,6)("authDigestNonceFindNonce: Found nonce '%d'\n",nonce); + debug(29,9)("authDigestNonceFindNonce: Found nonce '%d'\n",nonce); return nonce; } @@ -333,14 +333,14 @@ intnc=atoi(nc); if (intnc != nonce->nc+1) { - debug (29,6)("authDigestNonceIsValid: Nonce count doesn't match\n"); + debug (29,4)("authDigestNonceIsValid: Nonce count doesn't match\n"); nonce->flags.valid=0; return 0; } /* has it already been invalidated ? */ if (!nonce->flags.valid) { - debug (29,6)("authDigestNonceIsValid: Nonce already invalidated\n"); + debug (29,4)("authDigestNonceIsValid: Nonce already invalidated\n"); return 0; } /* seems ok */ @@ -356,19 +356,19 @@ /* has it's max duration expired? */ if (nonce->noncedata.creationtime + digestConfig->noncemaxduration < current_time.tv_sec) { - debug (29,6)("authDigestNonceIsStale: Nonce is too old. %d %d %d\n", nonce->noncedata.creationtime,digestConfig->noncemaxduration , current_time.tv_sec); + debug (29,4)("authDigestNonceIsStale: Nonce is too old. %d %d %d\n", nonce->noncedata.creationtime,digestConfig->noncemaxduration , current_time.tv_sec); nonce->flags.valid=0; return -1; } if (nonce->nc>99999998) { - debug (29,6)("authDigestNonceIsStale: Nonce count overflow\n"); + debug (29,4)("authDigestNonceIsStale: Nonce count overflow\n"); nonce->flags.valid=0; return -1; } if (nonce->nc>digestConfig->noncemaxuses) { - debug (29,6)("authDigestNoncelastRequest: Nonce count over user limit\n"); + debug (29,4)("authDigestNoncelastRequest: Nonce count over user limit\n"); nonce->flags.valid=0; return -1; } @@ -384,12 +384,12 @@ return -1; if (nonce->nc==99999997) { - debug (29,6)("authDigestNoncelastRequest: Nonce count about to overflow\n"); + debug (29,4)("authDigestNoncelastRequest: Nonce count about to overflow\n"); return -1; } if (nonce->nc==digestConfig->noncemaxuses-1) { - debug (29,6)("authDigestNoncelastRequest: Nonce count about to hit user limit\n"); + debug (29,4)("authDigestNoncelastRequest: Nonce count about to hit user limit\n"); return -1; } /* and other tests are possible. */ @@ -651,6 +651,7 @@ /* this isn't a nonce we issued */ /* TODO: record breaks in authentication at the request level * This is probably best done with support changes at the auth_rewrite level -RBC + * and can wait for auth_rewrite V2. */ auth_user->flags.credentials_ok=3; return; @@ -663,7 +664,7 @@ digest_request->nc, digest_request->cnonce, digest_request->qop, RequestMethodStr[request->method], digest_request->uri, HA2, Response); - debug(29,1)("\nResponse = '%s'\n" + debug(29,9)("\nResponse = '%s'\n" "squid is = '%s'\n" , digest_request->response,Response); if (strcasecmp(digest_request->response,Response)) @@ -728,7 +729,7 @@ if ((digestConfig->authenticate) && authDigestNonceLastRequest(digest_request->nonce)) { digest_request->flags.authinfo_sent=1; - debug(29, 5) ("authDigestAddHead: Sending type:%d header: 'nextnonce=\"%s\"",type,authenticateDigestNonceNonceb64(digest_request->nonce)); + debug(29, 9) ("authDigestAddHead: Sending type:%d header: 'nextnonce=\"%s\"",type,authenticateDigestNonceNonceb64(digest_request->nonce)); httpHeaderPutStrf(&rep->header, type, "nextnonce=\"%s\"",authenticateDigestNonceNonceb64(digest_request->nonce)); } @@ -755,7 +756,7 @@ if ((digestConfig->authenticate) && authDigestNonceLastRequest(digest_request->nonce)) { - debug(29, 5) ("authDigestAddTrailer: Sending type:%d header: 'nextnonce=\"%s\"",type, authenticateDigestNonceNonceb64(digest_request->nonce)); + debug(29, 9) ("authDigestAddTrailer: Sending type:%d header: 'nextnonce=\"%s\"",type, authenticateDigestNonceNonceb64(digest_request->nonce)); httpTrailerPutStrf(&rep->header, type, "nextnonce=\"%s\"",authenticateDigestNonceNonceb64(digest_request->nonce)); } @@ -774,7 +775,7 @@ stale=authDigestNonceIsStale(digest_request->nonce); } if (digestConfig->authenticate){ - debug(29, 5) ("authenticateFixHeader: Sending type:%d header: 'Digest realm=\"%s\", nonce=\"%s\", qop=\"%s\", stale=%s\n",type,digestConfig->digestAuthRealm,authenticateDigestNonceNonceb64(nonce),QOP_AUTH, stale ? "true" : "false"); + debug(29, 9) ("authenticateFixHeader: Sending type:%d header: 'Digest realm=\"%s\", nonce=\"%s\", qop=\"%s\", stale=%s\n",type,digestConfig->digestAuthRealm,authenticateDigestNonceNonceb64(nonce),QOP_AUTH, stale ? "true" : "false"); /* in the future, for WWW auth we may want to support the domain entry */ httpHeaderPutStrf(&rep->header, type, "Digest realm=\"%s\", nonce=\"%s\", qop=\"%s\", stale=%s",digestConfig->digestAuthRealm,authenticateDigestNonceNonceb64(nonce),QOP_AUTH, stale ? "true" : "false"); } @@ -784,7 +785,7 @@ authenticateDigestUserFree(auth_user_t *auth_user) { digest_user_h * digest_user = auth_user->scheme_data; dlink_node *link,*tmplink; - debug(29,6) ("authenticateDigestFreeUser: Clearing Digest scheme data\n"); + debug(29,9) ("authenticateDigestFreeUser: Clearing Digest scheme data\n"); if (!digest_user) return; safe_free(digest_user->username); @@ -813,7 +814,7 @@ digest_user_h *digest_user; int valid; char *t = NULL; - debug(29, 5) ("authenticateDigestHandleReply: {%s}\n", reply ? reply : ""); + debug(29, 9) ("authenticateDigestHandleReply: {%s}\n", reply ? reply : ""); if (reply) { if ((t = strchr(reply, ' '))) *t = '\0'; @@ -833,9 +834,9 @@ digest_user->HA1created=1; } valid = cbdataValid(r->data); - cbdataUnlock(r->data); if (valid) r->handler(r->data, NULL); + cbdataUnlock(r->data); authenticateStateFree(r); } @@ -981,7 +982,7 @@ dlink_node *node; /* log the username */ - debug(29,6)("authBasicDecodeAuth: Creating new user for logging '%s'\n",username); + debug(29,9)("authBasicDecodeAuth: Creating new user for logging '%s'\n",username); /* new auth_user */ auth_user=authenticateAuthUserNew("digest"); /* new scheme data */ @@ -1019,7 +1020,7 @@ auth_user_t * auth_user; dlink_node *node; - debug(29,5)("authenticateDigestDecodeAuth: beginning\n"); + debug(29,9)("authenticateDigestDecodeAuth: beginning\n"); assert(auth_user_request != NULL); #if 0 @@ -1051,7 +1052,7 @@ /* quote mark */ p++; username=xstrndup(p,strchr(p,'"')+1-p); - debug(29,6)("authDigestDecodeAuth: Found Username '%s'\n",username); + debug(29,9)("authDigestDecodeAuth: Found Username '%s'\n",username); } else if (!strncmp(item, "realm", ilen)) { @@ -1061,7 +1062,7 @@ /* quote mark */ p++; digest_request->realm=xstrndup(p,strchr(p,'"')+1-p); - debug(29,6)("authDigestDecodeAuth: Found realm '%s'\n",digest_request->realm); + debug(29,9)("authDigestDecodeAuth: Found realm '%s'\n",digest_request->realm); } else if (!strncmp(item, "qop", ilen)) { @@ -1071,7 +1072,7 @@ /* quote mark */ p++; digest_request->qop=xstrndup(p,strchr(p,'"')+1-p); - debug(29,6)("authDigestDecodeAuth: Found qop '%s'\n",digest_request->qop); + debug(29,9)("authDigestDecodeAuth: Found qop '%s'\n",digest_request->qop); } else if (!strncmp(item, "algorithm", ilen)) { @@ -1081,7 +1082,7 @@ /* quote mark */ p++; digest_request->algorithm=xstrndup(p,strchr(p,'"')+1-p); - debug(29,6)("authDigestDecodeAuth: Found algorithm '%s'\n",digest_request->algorithm); + debug(29,9)("authDigestDecodeAuth: Found algorithm '%s'\n",digest_request->algorithm); } else if (!strncmp(item, "uri", ilen)) { @@ -1091,7 +1092,7 @@ /* quote mark */ p++; digest_request->uri=xstrndup(p,strchr(p,'"')+1-p); - debug(29,6)("authDigestDecodeAuth: Found uri '%s'\n",digest_request->uri); + debug(29,9)("authDigestDecodeAuth: Found uri '%s'\n",digest_request->uri); } else if (!strncmp(item, "nonce", ilen)) { @@ -1101,7 +1102,7 @@ /* quote mark */ p++; digest_request->nonceb64=xstrndup(p,strchr(p,'"')+1-p); - debug(29,6)("authDigestDecodeAuth: Found nonce '%s'\n",digest_request->nonceb64); + debug(29,9)("authDigestDecodeAuth: Found nonce '%s'\n",digest_request->nonceb64); } else if (!strncmp(item, "nc", ilen)) { @@ -1109,7 +1110,7 @@ while (xisspace(*p)) p++; xstrncpy(digest_request->nc,p,9); - debug(29,6)("authDigestDecodeAuth: Found noncecount '%s'\n",digest_request->nc); + debug(29,9)("authDigestDecodeAuth: Found noncecount '%s'\n",digest_request->nc); } else if (!strncmp(item, "cnonce", ilen)) { @@ -1119,7 +1120,7 @@ /* quote mark */ p++; digest_request->cnonce=xstrndup(p,strchr(p,'"')+1-p); - debug(29,6)("authDigestDecodeAuth: Found cnonce '%s'\n",digest_request->cnonce); + debug(29,9)("authDigestDecodeAuth: Found cnonce '%s'\n",digest_request->cnonce); } else if (!strncmp(item, "response", ilen)) { @@ -1129,7 +1130,7 @@ /* quote mark */ p++; digest_request->response=xstrndup(p,strchr(p,'"')+1-p); - debug(29,6)("authDigestDecodeAuth: Found response '%s'\n",digest_request->response); + debug(29,9)("authDigestDecodeAuth: Found response '%s'\n",digest_request->response); } } stringClean(&temp); @@ -1145,7 +1146,7 @@ /* first the NONCE count */ if (digest_request->cnonce && strlen(digest_request->nc)!=8) { - debug (29,6)("authenticateDigestDecode: nonce count length invalid\n"); + debug (29,4)("authenticateDigestDecode: nonce count length invalid\n"); authDigestLogUsername(auth_user_request, username); /* we don't need the scheme specific data anymore*/ @@ -1159,7 +1160,7 @@ if ((nonce==NULL) || !(authDigestNonceIsValid(nonce, digest_request->nc))) { /* we couldn't find a matching nonce! */ - debug (29,6)("authenticateDigestDecode: Unexpected or invalid nonce recieved\n"); + debug (29,4)("authenticateDigestDecode: Unexpected or invalid nonce recieved\n"); authDigestLogUsername(auth_user_request, username); /* we don't need the scheme specific data anymore*/ @@ -1176,7 +1177,7 @@ if (digest_request->qop && strcmp(digest_request->qop, QOP_AUTH)) { /* we recieved a qop option we didn't send */ - debug (29,6)("authenticateDigestDecode: Invalid qop option recieved\n"); + debug (29,4)("authenticateDigestDecode: Invalid qop option recieved\n"); authDigestLogUsername(auth_user_request, username); /* we don't need the scheme specific data anymore*/ @@ -1191,7 +1192,7 @@ if (!digest_request->response || strlen(digest_request->response)!=32) { - debug (29,6)("authenticateDigestDecode: Response length invalid\n"); + debug (29,4)("authenticateDigestDecode: Response length invalid\n"); authDigestLogUsername(auth_user_request, username); /* we don't need the scheme specific data anymore*/ @@ -1203,7 +1204,7 @@ /* do we have a username ? */ if (!username || username[0]=='\0') { - debug (29,6)("authenticateDigestDecode: Empty or not present username\n"); + debug (29,4)("authenticateDigestDecode: Empty or not present username\n"); authDigestLogUsername(auth_user_request, username); /* we don't need the scheme specific data anymore*/ @@ -1216,7 +1217,7 @@ if ((digest_request->qop && !digest_request->cnonce) || (!digest_request->qop && digest_request->cnonce)) { - debug (29,6)("authenticateDigestDecode: qop without cnonce, or vice versa!\n"); + debug (29,4)("authenticateDigestDecode: qop without cnonce, or vice versa!\n"); authDigestLogUsername(auth_user_request, username); /* we don't need the scheme specific data anymore*/ @@ -1230,7 +1231,7 @@ && strcmp(digest_request->algorithm,"MD5") && strcmp(digest_request->algorithm,"MD5-sess")) { - debug (29,6)("authenticateDigestDecode: invalid algorithm specified!\n"); + debug (29,4)("authenticateDigestDecode: invalid algorithm specified!\n"); authDigestLogUsername(auth_user_request, username); /* we don't need the scheme specific data anymore*/ @@ -1249,7 +1250,7 @@ if ((auth_user=authDigestUserFindUsername(username))== NULL) { /* the user doesn't exist in the username cache yet */ - debug(29,6)("authDigestDecodeAuth: Creating new digest user '%s'\n",username); + debug(29,9)("authDigestDecodeAuth: Creating new digest user '%s'\n",username); /* new auth_user */ auth_user=authenticateAuthUserNew("digest"); /* new scheme user data */ @@ -1262,7 +1263,6 @@ auth_user->auth_type=AUTH_DIGEST; /* this auth_user struct is the one to get added to the username cache */ /* store user in hash's */ - debug(29,4)("authenticateDigestAuthenticateuser: user '%s' is not in the user cache\n", digest_user->username); authenticateUserNameCacheAdd(auth_user); /* * Add the digest to the user so we can tell if a hacking or spoofing attack @@ -1273,7 +1273,7 @@ } else { - debug(29,6)("authDigestDecodeAuth: Found user '%s' in the user cache as '%d'\n",username,auth_user); + debug(29,9)("authDigestDecodeAuth: Found user '%s' in the user cache as '%d'\n",username,auth_user); digest_user=auth_user->scheme_data; xfree(username); } @@ -1285,7 +1285,7 @@ node=dlinkNodeNew(); dlinkAdd(auth_user_request, node, &auth_user->requests); - debug(29,2)("username = '%s'\nrealm = '%s'\nqop = '%s'\nalgorithm = '%s'\nuri = '%s'\nnonce = '%s'\nnc = '%s'\ncnonce = '%s'\nresponse = '%s'\ndigestnonce = '%d'\n", + debug(29,9)("username = '%s'\nrealm = '%s'\nqop = '%s'\nalgorithm = '%s'\nuri = '%s'\nnonce = '%s'\nnc = '%s'\ncnonce = '%s'\nresponse = '%s'\ndigestnonce = '%d'\n", digest_user->username, digest_request->realm, digest_request->qop, digest_request->algorithm, digest_request->uri, digest_request->nonceb64, @@ -1309,7 +1309,7 @@ assert(auth_user_request->scheme_data != NULL); digest_request = auth_user_request->scheme_data; digest_user = auth_user_request->auth_user->scheme_data; - debug(29, 5) ("authenticateStart: '\"%s\":\"%s\"'\n", digest_user->username, + debug(29, 9) ("authenticateStart: '\"%s\":\"%s\"'\n", digest_user->username, digest_request->realm); if (digestConfig->authenticate == NULL) { handler(data, NULL);