--------------------- PatchSet 7167 Date: 2005/11/06 22:16:01 Author: hno Branch: negotiate-2_5 Tag: (none) Log: Handle crashing helpers more gracefully Members: src/auth/negotiate/auth_negotiate.c:1.1.2.8->1.1.2.9 src/auth/ntlm/auth_ntlm.c:1.18.2.14.2.9->1.18.2.14.2.10 Index: squid/src/auth/negotiate/auth_negotiate.c =================================================================== RCS file: /cvsroot/squid-sf//squid/src/auth/negotiate/auth_negotiate.c,v retrieving revision 1.1.2.8 retrieving revision 1.1.2.9 diff -u -r1.1.2.8 -r1.1.2.9 --- squid/src/auth/negotiate/auth_negotiate.c 4 Nov 2005 22:51:11 -0000 1.1.2.8 +++ squid/src/auth/negotiate/auth_negotiate.c 6 Nov 2005 22:16:01 -0000 1.1.2.9 @@ -1,6 +1,6 @@ /* - * $Id: auth_negotiate.c,v 1.1.2.8 2005/11/04 22:51:11 hno Exp $ + * $Id: auth_negotiate.c,v 1.1.2.9 2005/11/06 22:16:01 hno Exp $ * * DEBUG: section 29 Negotiate Authenticator * AUTHOR: Robert Collins @@ -421,7 +421,7 @@ auth_user_t *auth_user; negotiate_user_t *negotiate_user; negotiate_request_t *negotiate_request; - char *blob, *arg = NULL; + char *blob, *arg; debug(29, 9) ("authenticateNegotiateHandleReply: Helper: '%p' {%s}\n", srv, reply ? reply : ""); valid = cbdataValid(r->data); if (!valid) { @@ -431,11 +431,8 @@ return; } if (!reply) { - /* - * TODO: this occurs when a helper crashes. We should clean - * up that helpers resources and queued requests. - */ - fatal("authenticateNegotiateHandleReply: called with no result string\n"); + debug(29, 1) ("AuthenticateNegotiateHandleReply: Helper '%p' crashed!.\n", srv); + reply = (char *)"BH Internal error"; } auth_user_request = r->auth_user_request; @@ -457,14 +454,16 @@ else assert(negotiate_request->authserver == srv); + /* seperate out the useful data */ blob = strchr(reply, ' '); if (blob) { blob++; arg = strchr(blob + 1, ' '); + } else { + arg = NULL; } - /* seperate out the useful data */ - if (strncasecmp(reply, "TT ", 3) == 0 && blob != NULL) { + if (strncasecmp(reply, "TT ", 3) == 0) { /* we have been given a blob to send to the client */ if (arg) *arg++ = '\0'; @@ -681,12 +680,12 @@ /* get header */ proxy_auth = httpHeaderGetStr(&request->header, type); - if (strncasecmp("Negotiate ", proxy_auth, 10) != 0) { - fatal("Incorrect scheme in auth header\n"); - /* TODO: more fault tolerance.. reset the auth scheme here */ - } - blob = proxy_auth + 10; - while (xisspace(*blob)) /*trim leading spaces */ + blob = proxy_auth; + while (xisspace(*blob) && *blob) + blob++; + while (!xisspace(*blob) && *blob) + blob++; + while (xisspace(*blob) && *blob) blob++; switch (negotiate_request->auth_state) { Index: squid/src/auth/ntlm/auth_ntlm.c =================================================================== RCS file: /cvsroot/squid-sf//squid/src/auth/ntlm/auth_ntlm.c,v retrieving revision 1.18.2.14.2.9 retrieving revision 1.18.2.14.2.10 diff -u -r1.18.2.14.2.9 -r1.18.2.14.2.10 --- squid/src/auth/ntlm/auth_ntlm.c 4 Nov 2005 23:22:00 -0000 1.18.2.14.2.9 +++ squid/src/auth/ntlm/auth_ntlm.c 6 Nov 2005 22:16:02 -0000 1.18.2.14.2.10 @@ -407,11 +407,8 @@ return; } if (!reply) { - /* - * TODO: this occurs when a helper crashes. We should clean - * up that helpers resources and queued requests. - */ - fatal("authenticateNTLMHandleReply: called with no result string\n"); + debug(29, 1) ("AuthenticateNTLMHandleReply: Helper '%p' crashed!.\n", srv); + reply = (char *)"BH Internal error"; } auth_user_request = r->auth_user_request; @@ -439,7 +436,7 @@ blob++; } - if (strncasecmp(reply, "TT ", 3) == 0 && blob != NULL) { + if (strncasecmp(reply, "TT ", 3) == 0) { /* we have been given a blob to send to the client */ safe_free(ntlm_request->server_blob); ntlm_request->server_blob = xstrdup(blob); @@ -447,7 +444,7 @@ safe_free(auth_user_request->message); auth_user_request->message = xstrdup("Authenication in progress"); debug(29, 4) ("authenticateNTLMHandleReply: Need to challenge the client with a server blob '%s'\n", blob); - } else if (strncasecmp(reply, "AF ", 3) == 0 && blob != NULL) { + } else if (strncasecmp(reply, "AF ", 3) == 0) { /* we're finished, release the helper */ safe_free(ntlm_user->username); ntlm_user->username = xstrdup(blob); @@ -456,7 +453,7 @@ debug(29, 4) ("authenticateNTLMHandleReply: Successfully validated user via NTLM. Username '%s'\n", blob); authenticateNTLMReleaseServer(ntlm_request); ntlm_request->auth_state = AUTHENTICATE_STATE_FINISHED; - } else if (strncasecmp(reply, "NA ", 3) == 0 && blob != NULL) { + } else if (strncasecmp(reply, "NA ", 3) == 0) { safe_free(auth_user_request->message); auth_user_request->message = xstrdup(blob); ntlm_request->auth_state = AUTHENTICATE_STATE_FAILED; @@ -468,7 +465,7 @@ * Authenticate NTLM start. * If after a KK deny the user's request w/ 407 and mark the helper as * Needing YR. */ - auth_user_request->message = xstrdup(reply); + auth_user_request->message = xstrdup(blob); ntlm_request->auth_state = AUTHENTICATE_STATE_FAILED; safe_free(ntlm_request->server_blob); authenticateNTLMReleaseServer(ntlm_request); @@ -650,12 +647,12 @@ /* get header */ proxy_auth = httpHeaderGetStr(&request->header, type); - if (strncasecmp("NTLM ", proxy_auth, 5) != 0) { - fatal("Incorrect scheme in auth header\n"); - /* TODO: more fault tolerance.. reset the auth scheme here */ - } - blob = proxy_auth + 5; - while (xisspace(*blob)) /*trim leading spaces */ + blob = proxy_auth; + while (xisspace(*blob) && *blob) + blob++; + while (!xisspace(*blob) && *blob) + blob++; + while (xisspace(*blob) && *blob) blob++; switch (ntlm_request->auth_state) {