--------------------- PatchSet 903 Date: 2000/12/11 23:32:14 Author: rbcollins Branch: auth_rewrite Tag: (none) Log: moved the scheme data structs out of structs.h and into private headers. Members: src/acl.c:1.1.1.3.12.26.2.8->1.1.1.3.12.26.2.9 src/authenticate.c:1.1.1.3.12.17.2.9->1.1.1.3.12.17.2.10 src/enums.h:1.1.1.3.12.15->1.1.1.3.12.15.2.1 src/mem.c:1.1.1.3.12.9->1.1.1.3.12.9.2.1 src/protos.h:1.1.1.3.12.17.2.7->1.1.1.3.12.17.2.8 src/structs.h:1.1.1.3.4.1.2.26.2.10->1.1.1.3.4.1.2.26.2.11 src/typedefs.h:1.1.1.3.12.13.2.8->1.1.1.3.12.13.2.9 src/auth/basic/auth_basic.c:1.1.2.5->1.1.2.6 src/auth/basic/auth_basic.h:1.1->1.1.2.1 src/auth/ntlm/auth_ntlm.c:1.1.2.14->1.1.2.15 src/auth/ntlm/auth_ntlm.h:1.1.2.3->1.1.2.4 Index: squid/src/acl.c =================================================================== RCS file: /cvsroot/squid-sf//squid/src/acl.c,v retrieving revision 1.1.1.3.12.26.2.8 retrieving revision 1.1.1.3.12.26.2.9 diff -u -r1.1.1.3.12.26.2.8 -r1.1.1.3.12.26.2.9 --- squid/src/acl.c 10 Dec 2000 13:59:35 -0000 1.1.1.3.12.26.2.8 +++ squid/src/acl.c 11 Dec 2000 23:32:14 -0000 1.1.1.3.12.26.2.9 @@ -1,6 +1,6 @@ /* - * $Id: acl.c,v 1.1.1.3.12.26.2.8 2000/12/10 13:59:35 rbcollins Exp $ + * $Id: acl.c,v 1.1.1.3.12.26.2.9 2000/12/11 23:32:14 rbcollins Exp $ * * DEBUG: section 28 Access Control * AUTHOR: Duane Wessels @@ -1163,7 +1163,7 @@ */ static int aclMatchProxyAuth(void *data, http_hdr_type headertype, - acl_proxy_auth_user * auth_user, aclCheck_t * checklist, squid_acl acltype) + auth_user_t * auth_user, aclCheck_t * checklist, squid_acl acltype) { /* checklist is used to register user name when identified, nothing else */ const char * proxy_auth; @@ -1345,7 +1345,7 @@ static void aclLookupProxyAuthStart(aclCheck_t * checklist) { - acl_proxy_auth_user *auth_user; + auth_user_t *auth_user; assert(checklist->auth_user!=NULL); /* this is created for us */ auth_user = checklist->auth_user; @@ -1956,7 +1956,7 @@ aclLookupProxyAuthDone(void *data, char *result) { aclCheck_t *checklist = data; - acl_proxy_auth_user *auth_user; + auth_user_t *auth_user; checklist->state[ACL_PROXY_AUTH] = ACL_LOOKUP_DONE; if (result != NULL) fatal("AclLookupProxyAuthDone: Old code floating around somewhere.\nMake clean and if that doesn't work, report a bug\n"); Index: squid/src/authenticate.c =================================================================== RCS file: /cvsroot/squid-sf//squid/src/authenticate.c,v retrieving revision 1.1.1.3.12.17.2.9 retrieving revision 1.1.1.3.12.17.2.10 diff -u -r1.1.1.3.12.17.2.9 -r1.1.1.3.12.17.2.10 --- squid/src/authenticate.c 10 Dec 2000 00:56:51 -0000 1.1.1.3.12.17.2.9 +++ squid/src/authenticate.c 11 Dec 2000 23:32:14 -0000 1.1.1.3.12.17.2.10 @@ -1,6 +1,6 @@ /* - * $Id: authenticate.c,v 1.1.1.3.12.17.2.9 2000/12/10 00:56:51 rbcollins Exp $ + * $Id: authenticate.c,v 1.1.1.3.12.17.2.10 2000/12/11 23:32:14 rbcollins Exp $ * * DEBUG: section 29 Authenticator * AUTHOR: Duane Wessels @@ -41,7 +41,7 @@ #include "squid.h" static void -authenticateDecodeAuth(const char *proxy_auth, acl_proxy_auth_user * auth_user); +authenticateDecodeAuth(const char *proxy_auth, auth_user_t * auth_user); /* * @@ -52,7 +52,7 @@ /* Generic Functions */ void -authenticateDecodeAuth(const char *proxy_auth, acl_proxy_auth_user * auth_user) +authenticateDecodeAuth(const char *proxy_auth, auth_user_t * auth_user) { int i = 0; /* if (proxy_auth == NULL) @@ -79,7 +79,7 @@ /* clear any connection related authentication details */ void authenticateOnCloseConnection(ConnStateData *conn){ - acl_proxy_auth_user *auth_user; + auth_user_t *auth_user; assert(conn != NULL); if (conn->auth_user !=NULL) { auth_user = conn->auth_user; @@ -93,7 +93,7 @@ /* send the initial data to an authenticator module */ void -authenticateStart(acl_proxy_auth_user * auth_user, RH * handler, void *data) +authenticateStart(auth_user_t * auth_user, RH * handler, void *data) { assert(auth_user); assert(handler); @@ -110,7 +110,7 @@ */ int -authenticateValidateUser(acl_proxy_auth_user * auth_user) { +authenticateValidateUser(auth_user_t * auth_user) { debug(29,6) ("authenticateValidateUser: Validating Auth_user '%d'.\n",auth_user); if (auth_user == NULL) { debug(29,6) ("authenticateValidateUser: Auth_user was NULL!\n",auth_user); @@ -137,10 +137,10 @@ * Proxy Auth (or Auth) header. It may be a cached Auth User or a new * Unauthenticated structure. The structure is NOT locked here. */ -acl_proxy_auth_user * +auth_user_t * authenticateGetAuthUser(const char *proxy_auth) { - acl_proxy_auth_hash_pointer *proxy_auth_hash = NULL; - acl_proxy_auth_user *auth_user; + auth_user_hash_pointer *proxy_auth_hash = NULL; + auth_user_t *auth_user; /* see if we already know this user. Note that NTLM users will never be * found here: ntlm keys are not put in the hash table because the * negotiate phase is not unqiue. */ @@ -162,7 +162,7 @@ * authenticateUserAuthenticated: is this auth_user structure logged in ? */ int -authenticateUserAuthenticated(acl_proxy_auth_user *auth_user) { +authenticateUserAuthenticated(auth_user_t *auth_user) { assert(authenticateValidateUser(auth_user)); /* if they are in the hash they must be authenticated */ if (auth_user->usernamehash) return 1; @@ -175,8 +175,8 @@ * This is because cache hits destroy prior auth_user structs. * We could use a auth_user_handle approach I suppose... RC */ -acl_proxy_auth_user * -authenticateAuthenticateUser(acl_proxy_auth_user *auth_user, request_t *request, ConnStateData *conn, http_hdr_type type) { +auth_user_t * +authenticateAuthenticateUser(auth_user_t *auth_user, request_t *request, ConnStateData *conn, http_hdr_type type) { #if 0 const char * proxy_auth; #endif @@ -192,7 +192,7 @@ /* authenticateUserUsername: return a pointer to the username in the */ char * -authenticateUserUsername(acl_proxy_auth_user *auth_user) { +authenticateUserUsername(auth_user_t *auth_user) { assert (auth_user !=NULL); if (auth_user->auth_module>0) return authscheme_list[auth_user->auth_module-1].authUserUsername(auth_user); @@ -206,7 +206,7 @@ -2: authenticate broken in some fashion */ int -authenticateDirection(acl_proxy_auth_user *auth_user) { +authenticateDirection(auth_user_t *auth_user) { if (!auth_user) return -2; if (authenticateUserAuthenticated(auth_user)) return 0; if (auth_user->auth_module>0) @@ -260,7 +260,7 @@ /* auth_type_t auth_type=err->auth_type; auth_state_t auth_state=err->auth_state; char *authchallenge=err->authchallenge; -*/ acl_proxy_auth_user *auth_user=err->auth_user; +*/ auth_user_t *auth_user=err->auth_user; int type; switch (err->http_status) { case HTTP_PROXY_AUTHENTICATION_REQUIRED: @@ -356,14 +356,14 @@ } -void authenticateAuthUserLock(acl_proxy_auth_user *auth_user) +void authenticateAuthUserLock(auth_user_t *auth_user) { debug (29,6) ("authenticateAuthUserLock auth_user '%d'.\n",auth_user); assert(auth_user!=NULL); auth_user->references++; debug (29,6) ("authenticateAuthUserLock auth_user '%d' now at '%d'.\n",auth_user, auth_user->references); } -void authenticateAuthUserUnlock(acl_proxy_auth_user *auth_user) +void authenticateAuthUserUnlock(auth_user_t *auth_user) { debug (29,6) ("authenticateAuthUserUnlock auth_user '%d'.\n",auth_user); assert(auth_user!=NULL); @@ -381,7 +381,7 @@ } } } -int authenticateAuthUserInuse(acl_proxy_auth_user *auth_user) +int authenticateAuthUserInuse(auth_user_t *auth_user) /* returns 0 for not in use */ { assert(auth_user!=NULL); @@ -389,9 +389,9 @@ } void -authenticateAuthUserMerge(acl_proxy_auth_user *from, acl_proxy_auth_user *to) { +authenticateAuthUserMerge(auth_user_t *from, auth_user_t *to) { /* combine two authuser structs. Incomplete: it should merge in hash references - too */ + too and ask the module to merge in scheme data*/ debug (29,6) ("authenticateAuthUserMerge auth_user '%d' into auth_user '%d'.\n",from,to); to->references+=from->references; from->references=0; @@ -401,8 +401,8 @@ void authenticateFreeProxyAuthUser(void *data) { - acl_proxy_auth_user *u = data; - acl_proxy_auth_hash_pointer *proxy_auth_hash; + auth_user_t *u = data; + auth_user_hash_pointer *proxy_auth_hash; dlink_node *link, *tmplink; assert(data !=NULL); debug(29,6) ("authenticateFreeProxyAuthUser: Freeing auth_user '%d' with refcount '%d'.\n",u,u->references); @@ -481,13 +481,13 @@ * For big hashs we could consider stepping through the cache, 100/200 * entries at a time. Lets see how it flys first. */ - acl_proxy_auth_hash_pointer *usernamehash; - acl_proxy_auth_user *auth_user; + auth_user_hash_pointer *usernamehash; + auth_user_t *auth_user; char * username=NULL; debug(29,3) ("authenticateProxyUserCacheCleanup: Cleaning the user cache now\n"); debug(29,3) ("authenticateProxyUserCacheCleanup: Current time: %d\n", current_time.tv_sec); hash_first(proxy_auth_username_cache); - while ((usernamehash=((acl_proxy_auth_hash_pointer *)hash_next(proxy_auth_username_cache)))) { + while ((usernamehash=((auth_user_hash_pointer *)hash_next(proxy_auth_username_cache)))) { auth_user=usernamehash->auth_user; username=authenticateUserUsername(auth_user); @@ -527,12 +527,12 @@ void authenticateUserCacheRestart(){ - acl_proxy_auth_hash_pointer *usernamehash; - acl_proxy_auth_user *auth_user; + auth_user_hash_pointer *usernamehash; + auth_user_t *auth_user; char * username=NULL; debug(29,1) ("authenticateUserCacheRestart: Clearing config dependent cache data.\n"); hash_first(proxy_auth_username_cache); - while ((usernamehash=((acl_proxy_auth_hash_pointer *)hash_next(proxy_auth_username_cache)))) { + while ((usernamehash=((auth_user_hash_pointer *)hash_next(proxy_auth_username_cache)))) { auth_user=usernamehash->auth_user; username=authenticateUserUsername(auth_user); #if 0 @@ -556,8 +556,8 @@ } void -authenticateProxyAuthCacheAddLink(const char *key, acl_proxy_auth_user* auth_user){ - acl_proxy_auth_hash_pointer *proxy_auth_hash; +authenticateProxyAuthCacheAddLink(const char *key, auth_user_t *auth_user){ + auth_user_hash_pointer *proxy_auth_hash; proxy_auth_hash = memAllocate(MEM_ACL_PROXY_AUTH_HASH); proxy_auth_hash->key = xstrdup(key); @@ -590,10 +590,10 @@ /* UserNameCacheAdd: add a auth_user structure to the username cache */ void -authenticateUserNameCacheAdd(acl_proxy_auth_user *auth_user){ - acl_proxy_auth_hash_pointer *usernamehash; +authenticateUserNameCacheAdd(auth_user_t *auth_user){ + auth_user_hash_pointer *usernamehash; usernamehash = memAllocate(MEM_ACL_PROXY_AUTH_HASH); - usernamehash->key = auth_user->auth_data.basic_auth.username; + usernamehash->key = authenticateUserUsername(auth_user); usernamehash->auth_user = auth_user; hash_join(proxy_auth_username_cache, (hash_link *) usernamehash); auth_user->usernamehash = usernamehash; @@ -609,8 +609,7 @@ /* TODO: * ip_expire data should be in a struct of it's own - for code reuse */ int -authenticateCheckAuthUserIP(struct in_addr request_src_addr, -acl_proxy_auth_user * auth_user) +authenticateCheckAuthUserIP(struct in_addr request_src_addr, auth_user_t * auth_user) { char *username=NULL; if (request_src_addr.s_addr == auth_user->ipaddr.s_addr || auth_user->ip_expiretime+ Config.authenticateIpTTL <= squid_curtime) { Index: squid/src/enums.h =================================================================== RCS file: /cvsroot/squid-sf//squid/src/enums.h,v retrieving revision 1.1.1.3.12.15 retrieving revision 1.1.1.3.12.15.2.1 diff -u -r1.1.1.3.12.15 -r1.1.1.3.12.15.2.1 --- squid/src/enums.h 12 Nov 2000 21:22:21 -0000 1.1.1.3.12.15 +++ squid/src/enums.h 11 Dec 2000 23:32:14 -0000 1.1.1.3.12.15.2.1 @@ -1,6 +1,6 @@ /* - * $Id: enums.h,v 1.1.1.3.12.15 2000/11/12 21:22:21 rbcollins Exp $ + * $Id: enums.h,v 1.1.1.3.12.15.2.1 2000/12/11 23:32:14 rbcollins Exp $ * * * SQUID Internet Object Cache http://squid.nlanr.net/Squid/ @@ -554,8 +554,8 @@ MEM_ACL_LIST, MEM_ACL_NAME_LIST, MEM_ACL_PROXY_AUTH_DATA, - MEM_ACL_PROXY_AUTH_USER, - MEM_ACL_PROXY_AUTH_HASH, + MEM_AUTH_USER_T, + MEM_AUTH_USER_HASH, MEM_ACL_PROXY_AUTH_MATCH, MEM_ACL_TIME_DATA, MEM_CACHEMGR_PASSWD, Index: squid/src/mem.c =================================================================== RCS file: /cvsroot/squid-sf//squid/src/mem.c,v retrieving revision 1.1.1.3.12.9 retrieving revision 1.1.1.3.12.9.2.1 diff -u -r1.1.1.3.12.9 -r1.1.1.3.12.9.2.1 --- squid/src/mem.c 12 Nov 2000 21:22:21 -0000 1.1.1.3.12.9 +++ squid/src/mem.c 11 Dec 2000 23:32:14 -0000 1.1.1.3.12.9.2.1 @@ -1,6 +1,6 @@ /* - * $Id: mem.c,v 1.1.1.3.12.9 2000/11/12 21:22:21 rbcollins Exp $ + * $Id: mem.c,v 1.1.1.3.12.9.2.1 2000/12/11 23:32:14 rbcollins Exp $ * * DEBUG: section 13 High Level Memory Pool Management * AUTHOR: Harvest Derived @@ -204,12 +204,12 @@ memDataInit(MEM_ACL_LIST, "acl_list", sizeof(acl_list), 0); memDataInit(MEM_ACL_NAME_LIST, "acl_name_list", sizeof(acl_name_list), 0); memDataInit(MEM_ACL_TIME_DATA, "acl_time_data", sizeof(acl_time_data), 0); - memDataInit(MEM_ACL_PROXY_AUTH_USER, "acl_proxy_auth_user", - sizeof(acl_proxy_auth_user), 0); + memDataInit(MEM_AUTH_USER_T, "auth_user_t", + sizeof(auth_user_t), 0); memDataInit(MEM_ACL_PROXY_AUTH_DATA, "acl_proxy_auth_data", sizeof(acl_proxy_auth_data), 0); - memDataInit(MEM_ACL_PROXY_AUTH_HASH, "acl_proxy_auth_hash_pointer", - sizeof(acl_proxy_auth_hash_pointer),0); + memDataInit(MEM_AUTH_USER_HASH, "auth_user_hash_pointer", + sizeof(auth_user_hash_pointer),0); memDataInit(MEM_ACL_PROXY_AUTH_MATCH, "acl_proxy_auth_match_cache", sizeof(acl_proxy_auth_match_cache),0); memDataInit(MEM_CACHEMGR_PASSWD, "cachemgr_passwd", Index: squid/src/protos.h =================================================================== RCS file: /cvsroot/squid-sf//squid/src/protos.h,v retrieving revision 1.1.1.3.12.17.2.7 retrieving revision 1.1.1.3.12.17.2.8 diff -u -r1.1.1.3.12.17.2.7 -r1.1.1.3.12.17.2.8 --- squid/src/protos.h 4 Dec 2000 11:02:15 -0000 1.1.1.3.12.17.2.7 +++ squid/src/protos.h 11 Dec 2000 23:32:14 -0000 1.1.1.3.12.17.2.8 @@ -1,6 +1,6 @@ /* - * $Id: protos.h,v 1.1.1.3.12.17.2.7 2000/12/04 11:02:15 rbcollins Exp $ + * $Id: protos.h,v 1.1.1.3.12.17.2.8 2000/12/11 23:32:14 rbcollins Exp $ * * * SQUID Internet Object Cache http://squid.nlanr.net/Squid/ @@ -706,34 +706,30 @@ extern void authSchemeSetup(void); /* authenticate.c */ -extern void authenticateAuthUserMerge(acl_proxy_auth_user *, acl_proxy_auth_user *); -extern void authenticateStart(acl_proxy_auth_user *, RH *, void *); -#if 0 -extern void authenticateNTLMStart(acl_proxy_auth_user *, SRH * handler, void *); -extern void authenticateNTLMStart(acl_proxy_auth_user *, RH * handler, void *); -#endif +extern void authenticateAuthUserMerge(auth_user_t *, auth_user_t *); +extern void authenticateStart(auth_user_t *, RH *, void *); extern void authenticateInit(void); extern void authenticateShutdown(void); extern void authenticateFixErrorHeader(HttpReply * rep, ErrorState * err); -extern acl_proxy_auth_user *authenticateGetAuthUser(const char *proxy_auth); -extern acl_proxy_auth_user *authenticateAuthenticateUser(acl_proxy_auth_user *auth_user, request_t * request, ConnStateData *conn, http_hdr_type type); -extern void authenticateAuthUserUnlock(acl_proxy_auth_user *auth_user); -extern void authenticateAuthUserLock(acl_proxy_auth_user *auth_user); -extern int authenticateAuthUserInuse(acl_proxy_auth_user *auth_user); -extern int authenticateDirection(acl_proxy_auth_user *auth_user); +extern auth_user_t *authenticateGetAuthUser(const char *proxy_auth); +extern auth_user_t *authenticateAuthenticateUser(auth_user_t *auth_user, request_t * request, ConnStateData *conn, http_hdr_type type); +extern void authenticateAuthUserUnlock(auth_user_t *auth_user); +extern void authenticateAuthUserLock(auth_user_t *auth_user); +extern int authenticateAuthUserInuse(auth_user_t *auth_user); +extern int authenticateDirection(auth_user_t *auth_user); extern FREE authenticateFreeProxyAuthUser; extern void authenticateFreeProxyAuthUserACLResults(void *data); extern void authenticateProxyUserCacheCleanup(void *); extern void authenticateInitUserCache(); -extern void authenticateProxyAuthCacheAddLink(const char *key, acl_proxy_auth_user* auth_user); +extern void authenticateProxyAuthCacheAddLink(const char *key, auth_user_t * auth_user); extern int authenticateActiveSchemeCount(); extern int authenticateSchemeCount(); -extern void authenticateUserNameCacheAdd(acl_proxy_auth_user *auth_user); -extern int authenticateCheckAuthUserIP(struct in_addr request_src_addr, acl_proxy_auth_user * auth_user); -extern int authenticateUserAuthenticated(acl_proxy_auth_user *auth_user); +extern void authenticateUserNameCacheAdd(auth_user_t *auth_user); +extern int authenticateCheckAuthUserIP(struct in_addr request_src_addr, auth_user_t * auth_user); +extern int authenticateUserAuthenticated(auth_user_t *auth_user); extern void authenticateUserCacheRestart(); -extern char *authenticateUserUsername(acl_proxy_auth_user *auth_user); -extern int authenticateValidateUser(acl_proxy_auth_user * auth_user); +extern char *authenticateUserUsername(auth_user_t *auth_user); +extern int authenticateValidateUser(auth_user_t * auth_user); extern void authenticateOnCloseConnection(ConnStateData *conn); extern void authSchemeAdd(char *type, AUTHSSETUP * setup); Index: squid/src/structs.h =================================================================== RCS file: /cvsroot/squid-sf//squid/src/structs.h,v retrieving revision 1.1.1.3.4.1.2.26.2.10 retrieving revision 1.1.1.3.4.1.2.26.2.11 diff -u -r1.1.1.3.4.1.2.26.2.10 -r1.1.1.3.4.1.2.26.2.11 --- squid/src/structs.h 10 Dec 2000 13:59:35 -0000 1.1.1.3.4.1.2.26.2.10 +++ squid/src/structs.h 11 Dec 2000 23:32:14 -0000 1.1.1.3.4.1.2.26.2.11 @@ -1,6 +1,6 @@ /* - * $Id: structs.h,v 1.1.1.3.4.1.2.26.2.10 2000/12/10 13:59:35 rbcollins Exp $ + * $Id: structs.h,v 1.1.1.3.4.1.2.26.2.11 2000/12/11 23:32:14 rbcollins Exp $ * * * SQUID Internet Object Cache http://squid.nlanr.net/Squid/ @@ -72,40 +72,20 @@ void *acl_data; }; -struct _acl_proxy_auth_hash_pointer { +struct _auth_user_hash_pointer { /* first two items must be same as hash_link */ char *key; - acl_proxy_auth_hash_pointer *next; - acl_proxy_auth_user *auth_user; + auth_user_hash_pointer *next; + auth_user_t *auth_user; dlink_node link; /* other hash entries that point to the same auth_user */ }; -struct _acl_proxy_auth_user_basic_data { - char *username; - char *passwd; -}; - -struct _acl_proxy_auth_user_ntlm_data { - /* what username did this connection get? */ - char *username; - /* what negotiate string did the client use? */ - char *ntlmnegotiate; - /* what challenge did we give the client? */ - char *authchallenge; - /* what authenticate string did we get? */ - char *ntlmauthenticate; - /*we need to store the NTLM helper between requests*/ - helper_stateful_server * authhelper; - /* how far through the authentication process are we? */ - auth_state_t auth_state; -}; - -struct _acl_proxy_auth_user { +struct _auth_user_t { /* extra fields for proxy_auth */ - auth_type_t auth_type; /* this determines what struct we find in the union. */ + auth_type_t auth_type; /* this determines what scheme owns the user data. */ int auth_module; /* the index +1 in the authscheme_list to the authscheme entry */ - /* the we only have one username associated with a given auth_user struct */ - acl_proxy_auth_hash_pointer *usernamehash; + /* we only have one username associated with a given auth_user struct */ + auth_user_hash_pointer *usernamehash; /* we may have many proxy-authenticate strings that decode to the same user*/ dlink_list proxy_auth_list; dlink_list proxy_match_cache; @@ -119,11 +99,8 @@ struct in_addr ipaddr; /* IP addr this user authenticated from */ time_t ip_expiretime; size_t references; /* how many references are outstanding to this instance*/ - /* the union is to allow overloading the same struct for returning Digest/basic/NTLM authentication data in aclDecodeProxyAuth. */ - union _acl_proxy_auth_user_data { - acl_proxy_auth_user_basic_data basic_auth; - acl_proxy_auth_user_ntlm_data ntlm_auth; - } auth_data; + /* the auth scheme has it's own private data area */ + void *scheme_data; }; /* @@ -133,7 +110,7 @@ struct _authscheme_entry { char *typestr; // STFSPARSE *parsefunc; -// STFSRECONFIGURE *reconfigurefunc; +// AUTHSRECONFIGURE *reconfigurefunc; AUTHSACTIVE *Active; AUTHSAUTHUSER *authAuthenticate; AUTHSFIXERR *authFixErrorHeader; @@ -221,7 +198,7 @@ request_t *request; ConnStateData *conn; /* hack for ident and NTLM*/ char rfc931[USER_IDENT_SZ]; - acl_proxy_auth_user *auth_user; + auth_user_t *auth_user; acl_lookup_state state[ACL_ENUM_MAX]; #if SQUID_SNMP char *snmp_community; @@ -1012,7 +989,7 @@ auth_type_t auth_type; /* Is this connection based authentication ? if so * what type it is. */ /* note this is ONLY connection based because NTLM is against HTTP spec */ - acl_proxy_auth_user *auth_user; + auth_user_t *auth_user; clientHttpRequest *chr; struct sockaddr_in peer; struct sockaddr_in me; @@ -1543,7 +1520,7 @@ #if 0 char authuser[USER_IDENT_SZ]; /* from proxy auth only */ #endif - acl_proxy_auth_user *auth_user; + auth_user_t *auth_user; u_short port; String urlpath; char *canonical; @@ -1605,10 +1582,7 @@ err_type type; int page_id; http_status http_status; - acl_proxy_auth_user * auth_user; -/* auth_type_t auth_type; - auth_state_t auth_state; - char *authchallenge; */ + auth_user_t * auth_user; request_t *request; char *url; int xerrno; Index: squid/src/typedefs.h =================================================================== RCS file: /cvsroot/squid-sf//squid/src/typedefs.h,v retrieving revision 1.1.1.3.12.13.2.8 retrieving revision 1.1.1.3.12.13.2.9 diff -u -r1.1.1.3.12.13.2.8 -r1.1.1.3.12.13.2.9 --- squid/src/typedefs.h 4 Dec 2000 12:22:11 -0000 1.1.1.3.12.13.2.8 +++ squid/src/typedefs.h 11 Dec 2000 23:32:15 -0000 1.1.1.3.12.13.2.9 @@ -1,6 +1,6 @@ /* - * $Id: typedefs.h,v 1.1.1.3.12.13.2.8 2000/12/04 12:22:11 rbcollins Exp $ + * $Id: typedefs.h,v 1.1.1.3.12.13.2.9 2000/12/11 23:32:15 rbcollins Exp $ * * * SQUID Internet Object Cache http://squid.nlanr.net/Squid/ @@ -63,10 +63,8 @@ typedef struct _acl_name_list acl_name_list; typedef struct _acl_deny_info_list acl_deny_info_list; typedef struct _acl_proxy_auth acl_proxy_auth; -typedef struct _acl_proxy_auth_user acl_proxy_auth_user; -typedef struct _acl_proxy_auth_user_basic_data acl_proxy_auth_user_basic_data; -typedef struct _acl_proxy_auth_user_ntlm_data acl_proxy_auth_user_ntlm_data; -typedef struct _acl_proxy_auth_hash_pointer acl_proxy_auth_hash_pointer; +typedef struct _auth_user_t auth_user_t; +typedef struct _auth_user_hash_pointer auth_user_hash_pointer; typedef struct _acl_proxy_auth_match_cache acl_proxy_auth_match_cache; typedef struct _authscheme_entry authscheme_entry_t; typedef struct _acl_arp_data acl_arp_data; @@ -293,16 +291,16 @@ /* authenticate.c authenticate scheme routines typedefs */ typedef int AUTHSACTIVE(); -typedef acl_proxy_auth_user * AUTHSAUTHUSER(acl_proxy_auth_user *, request_t *, ConnStateData *, http_hdr_type); -typedef void AUTHSDECODE(acl_proxy_auth_user *, const char *); -typedef int AUTHSDIRECTION(acl_proxy_auth_user *); -typedef void AUTHSFIXERR(acl_proxy_auth_user *, HttpReply *, http_hdr_type, request_t *); -typedef void AUTHSFREE(acl_proxy_auth_user *); -typedef char *AUTHSUSERNAME(acl_proxy_auth_user *); +typedef auth_user_t * AUTHSAUTHUSER(auth_user_t *, request_t *, ConnStateData *, http_hdr_type); +typedef void AUTHSDECODE(auth_user_t *, const char *); +typedef int AUTHSDIRECTION(auth_user_t *); +typedef void AUTHSFIXERR(auth_user_t *, HttpReply *, http_hdr_type, request_t *); +typedef void AUTHSFREE(auth_user_t *); +typedef char *AUTHSUSERNAME(auth_user_t *); typedef void AUTHSONCLOSEC(ConnStateData *); typedef void AUTHSSETUP(authscheme_entry_t *); typedef void AUTHSSHUTDOWN(void); -typedef void AUTHSSTART(acl_proxy_auth_user * , RH * , void *); +typedef void AUTHSSTART(auth_user_t * , RH * , void *); typedef void AUTHSSTATS(StoreEntry *); /* append/vprintf's for Packer */ Index: squid/src/auth/basic/auth_basic.c =================================================================== RCS file: /cvsroot/squid-sf//squid/src/auth/basic/auth_basic.c,v retrieving revision 1.1.2.5 retrieving revision 1.1.2.6 diff -u -r1.1.2.5 -r1.1.2.6 --- squid/src/auth/basic/auth_basic.c 10 Dec 2000 00:56:51 -0000 1.1.2.5 +++ squid/src/auth/basic/auth_basic.c 11 Dec 2000 23:32:15 -0000 1.1.2.6 @@ -39,25 +39,7 @@ #include "squid.h" - -#if 0 -typedef struct { - void *data; - acl_proxy_auth_user *auth_user; -// SRH *handler; - RH *handler; -} authenticateStatefulStateData; -#endif -#if 0 -static void authenticateStatefulStateFree(authenticateStatefulStateData * r); -#endif - -/* Generic */ -typedef struct { - void *data; - acl_proxy_auth_user *auth_user; - RH *handler; -} authenticateStateData; +#include "auth_basic.h" static void authenticateStateFree(authenticateStateData * r) @@ -67,7 +49,6 @@ /* Basic Scheme */ -static void authenticateBasicStart(acl_proxy_auth_user *, RH *, void *); static HLPCB authenticateBasicHandleReply; static AUTHSACTIVE authenticateBasicActive; static AUTHSAUTHUSER authenticateBasicAuthenticateUser; @@ -83,6 +64,7 @@ static helper *basicauthenticators = NULL; static int authbasic_initialised = 0; +MemPool *basic_data_pool = NULL; /* * @@ -97,8 +79,11 @@ if (basicauthenticators) helperShutdown(basicauthenticators); authbasic_initialised = 0; + if (!shutting_down) + return; helperFree(basicauthenticators); basicauthenticators = NULL; + memPoolDestroy(basic_data_pool); } void @@ -119,6 +104,8 @@ authscheme->oncloseconnection=NULL; authscheme->decodeauth =authenticateBasicDecodeAuth; authscheme->donefunc = authBasicDone; + if (!basic_data_pool) + basic_data_pool = memPoolCreate("Basic Scheme User Data", sizeof(basic_data)); // ufs_state_pool = memPoolCreate("UFS IO State data", sizeof(ufsstate_t)); authbasic_initialised = 1; if (basicauthenticators == NULL) @@ -144,16 +131,18 @@ return 0; } +int authenticateBasiccmpUsername(basic_data * u1, basic_data *u2) +{ + return strcmp(u1->username,u2->username); +} + /* log a basic user in */ -static acl_proxy_auth_user * -authenticateBasicAuthenticateUser(acl_proxy_auth_user *auth_user, request_t *request, ConnStateData *conn, http_hdr_type type) { -#if 0 -authenticateBasicAuthenticateUser(acl_proxy_auth_user *data, const char * proxy_auth) { -#endif - acl_proxy_auth_hash_pointer *usernamehash, *proxy_auth_hash=NULL; +static auth_user_t * +authenticateBasicAuthenticateUser(auth_user_t *auth_user, request_t *request, ConnStateData *conn, http_hdr_type type) { + auth_user_hash_pointer *usernamehash, *proxy_auth_hash=NULL; + basic_data * basic_auth, *temp_auth; const char * proxy_auth; -// acl_proxy_auth_user *auth_user=data; /* if the password is not ok, do an identity */ if (auth_user->flags.credentials_ok!=1) return auth_user; @@ -161,15 +150,18 @@ /* get the header. */ proxy_auth = httpHeaderGetStr(&request->header, type); + assert(auth_user->scheme_data != NULL); + basic_auth = auth_user->scheme_data; + /* password was checked and did match */ debug(29, 4) ("authenticateBasicAuthenticateuser: user '%s' validated OK\n", - auth_user->auth_data.basic_auth.username); + basic_auth->username); /* see if this is an existing user with a different proxy_auth string */ if ((usernamehash = hash_lookup(proxy_auth_username_cache, - auth_user->auth_data.basic_auth.username))) { + basic_auth->username))) { while ((usernamehash->auth_user->auth_type != auth_user->auth_type) && (usernamehash->next) && - !strcmp(usernamehash->auth_user->auth_data.basic_auth.username,auth_user->auth_data.basic_auth.username) ) + !authenticateBasiccmpUsername(usernamehash->auth_user->scheme_data,basic_auth)) usernamehash=usernamehash->next; if (usernamehash->auth_user->auth_type==auth_user->auth_type) { /* @@ -178,14 +170,16 @@ assert(proxy_auth_hash == NULL); authenticateProxyAuthCacheAddLink(proxy_auth, usernamehash->auth_user); /* maybe the p/w changed. update in the old structure */ - xfree(usernamehash->auth_user->auth_data.basic_auth.passwd); - usernamehash->auth_user->auth_data.basic_auth.passwd = - auth_user->auth_data.basic_auth.passwd; - auth_user->auth_data.basic_auth.passwd = NULL; + temp_auth=usernamehash->auth_user->scheme_data; + xfree(temp_auth->passwd); + temp_auth->passwd = basic_auth->passwd; + basic_auth->passwd = NULL; /* and remove the temporary structure */ authenticateAuthUserUnlock(auth_user); authenticateFreeProxyAuthUser(auth_user); auth_user = usernamehash->auth_user; + /* and reference the existing basic data structure */ + basic_auth = auth_user->scheme_data; /* lock the structure for this request */ authenticateAuthUserLock(auth_user); } @@ -201,7 +195,7 @@ return auth_user; } -int authenticateBasicDirection(acl_proxy_auth_user *auth_user) { +int authenticateBasicDirection(auth_user_t *auth_user) { /* null auth_user is checked for by authenticateDirection */ switch (auth_user->flags.credentials_ok) { case 0: /* not checked */ @@ -217,7 +211,7 @@ } void -authenticateBasicFixErrorHeader(acl_proxy_auth_user *auth_user, HttpReply *rep, http_hdr_type type, request_t * request){ +authenticateBasicFixErrorHeader(auth_user_t *auth_user, HttpReply *rep, http_hdr_type type, request_t * request){ if (Config.Program.authenticate){ debug(29, 5) ("authenticateFixErrorHeader: Sending type:%d header: 'Basic realm=\"%s\"'\n",type,Config.proxyAuthRealm); httpHeaderPutStrf(&rep->header, type, "Basic realm=\"%s\"", Config.proxyAuthRealm); @@ -225,19 +219,22 @@ } void -authenticateBasicFreeUser(acl_proxy_auth_user *auth_user) { +authenticateBasicFreeUser(auth_user_t *auth_user) { + basic_data * basic_auth = auth_user->scheme_data; debug(29,6) ("authenticateBasicFreeUser: Clearing Basic scheme data\n"); - if (auth_user->auth_data.basic_auth.username) - xfree(auth_user->auth_data.basic_auth.username); - if (auth_user->auth_data.basic_auth.passwd) - xfree(auth_user->auth_data.basic_auth.passwd); + if (basic_auth->username) + xfree(basic_auth->username); + if (basic_auth->passwd) + xfree(basic_auth->passwd); + memPoolFree(basic_data_pool, auth_user->scheme_data); + auth_user->scheme_data = NULL; } static void authenticateBasicHandleReply(void *data, char *reply) { authenticateStateData *r = data; - acl_proxy_auth_user *auth_user; + auth_user_t *auth_user; int valid; char *t = NULL; debug(29, 5) ("authenticateBasicHandleReply: {%s}\n", reply ? reply : ""); @@ -275,9 +272,10 @@ /* authenticateBasicUsername: return a pointer to the username in the */ char * -authenticateBasicUsername(acl_proxy_auth_user *auth_user) { +authenticateBasicUsername(auth_user_t *auth_user) { + basic_data * basic_auth = auth_user->scheme_data; if (auth_user->auth_type==AUTH_BASIC) - return auth_user->auth_data.basic_auth.username; + return basic_auth->username; return NULL; } @@ -287,12 +285,17 @@ */ static void -authenticateBasicDecodeAuth(acl_proxy_auth_user *auth_user, const char * proxy_auth) { +authenticateBasicDecodeAuth(auth_user_t *auth_user, const char * proxy_auth) { char *sent_auth; char *cleartext; + basic_data * basic_auth; assert(auth_user->auth_type == AUTH_UNKNOWN); /* basic until proved otherwise */ auth_user->auth_type = AUTH_BASIC; + /* have we been called before? */ + assert(auth_user->scheme_data == NULL); + auth_user->scheme_data = memPoolAlloc(basic_data_pool); + basic_auth=auth_user->scheme_data; /* trim BASIC from string */ while (!xisspace(*proxy_auth)) @@ -313,35 +316,33 @@ */ strtok(cleartext, "\r\n"); debug(29, 6) ("authenticateBasicDecodeAuth: cleartext = '%s'\n", cleartext); - /* have we been called twice? */ - assert(auth_user->auth_data.basic_auth.username == NULL); - auth_user->auth_data.basic_auth.username = - xstrndup(cleartext, USER_IDENT_SZ); + basic_auth->username = xstrndup(cleartext, USER_IDENT_SZ); xfree(cleartext); - /* again, have we been called twice? */ - assert(auth_user->auth_data.basic_auth.passwd == NULL); - if ((cleartext = - strchr(auth_user->auth_data.basic_auth.username, ':')) != NULL) + if ((cleartext = strchr(basic_auth->username, ':')) != NULL) *(cleartext)++ = '\0'; if (cleartext == NULL) { debug(29, 2) ("authenticateBasicDecodeAuth: no password in proxy authorization header '%s'\n", - proxy_auth); auth_user->auth_type = AUTH_BROKEN; + proxy_auth); + auth_user->auth_type = AUTH_BROKEN; } if (*cleartext == '\0') { debug(29, 2) ("authenticateBasicDecodeAuth: Disallowing empty password," - "user is '%s'\n", auth_user->auth_data.basic_auth.username); + "user is '%s'\n", basic_auth->username); auth_user->auth_type = AUTH_BROKEN; } /* special case: we have to free the strings for user and password * if we are not returning AUTH_BASIC else the UserFree function will * be confused. */ - if (auth_user->auth_type != AUTH_BASIC) { - if (auth_user->auth_data.basic_auth.username) - xfree(auth_user->auth_data.basic_auth.username); - } else { - auth_user->auth_data.basic_auth.passwd = xstrndup(cleartext, USER_IDENT_SZ); - } + if (auth_user->auth_type != AUTH_BASIC) + { + if (basic_auth->username) + xfree(basic_auth->username); + memPoolFree(basic_data_pool, basic_auth); + auth_user->scheme_data = NULL; + } else { + basic_auth->passwd = xstrndup(cleartext, USER_IDENT_SZ); + } /* we are finished with the proxy_auth */ // xfree(auth_user->proxy_auth); // auth_user->proxy_auth = NULL; @@ -350,15 +351,18 @@ /* send the initial data to a basic authenticator module */ static void -authenticateBasicStart(acl_proxy_auth_user * auth_user, RH * handler, void *data) +authenticateBasicStart(auth_user_t * auth_user, RH * handler, void *data) { authenticateStateData *r = NULL; char buf[8192]; + basic_data * basic_auth; assert(auth_user); assert(handler); assert(auth_user->auth_type==AUTH_BASIC); - debug(29, 5) ("authenticateStart: '%s:%s'\n", auth_user->auth_data.basic_auth.username, - auth_user->auth_data.basic_auth.passwd); + assert(auth_user->scheme_data != NULL); + basic_auth = auth_user->scheme_data; + debug(29, 5) ("authenticateStart: '%s:%s'\n", basic_auth->username, + basic_auth->passwd); if (Config.Program.authenticate == NULL) { handler(data, NULL); return; @@ -369,6 +373,6 @@ cbdataLock(data); r->data = data; r->auth_user = auth_user; - snprintf(buf, 8192, "%s %s\n", auth_user->auth_data.basic_auth.username, auth_user->auth_data.basic_auth.passwd); + snprintf(buf, 8192, "%s %s\n", basic_auth->username, basic_auth->passwd); helperSubmit(basicauthenticators, buf, authenticateBasicHandleReply, r); } --- /dev/null Wed Feb 14 00:45:56 2007 +++ squid/src/auth/basic/auth_basic.h Wed Feb 14 00:47:07 2007 @@ -0,0 +1,38 @@ +/* + * auth_basic.h + * Internal declarations for the basic auth module + */ + +#ifndef __AUTH_BASIC_H__ +#define __AUTH_BASIC_H__ + + +/* Generic */ +typedef struct { + void *data; + auth_user_t *auth_user; + RH *handler; +} authenticateStateData; + + +struct _basic_data { + char *username; + char *passwd; +}; + +typedef struct _basic_data basic_data; + +#if 0 +struct _ntlm_helper_state_t { + char *challenge; /* the challenge to use with this helper */ + int starve; /* 0= normal operation. 1=don't hand out any more challenges */ + int challengeuses; /* the number of times this challenge has been issued */ + time_t renewed; +}; + +typedef struct _ntlm_helper_state_t ntlm_helper_state_t; + +extern MemPool *ntlm_helper_state_pool; +#endif + +#endif Index: squid/src/auth/ntlm/auth_ntlm.c =================================================================== RCS file: /cvsroot/squid-sf//squid/src/auth/ntlm/auth_ntlm.c,v retrieving revision 1.1.2.14 retrieving revision 1.1.2.15 diff -u -r1.1.2.14 -r1.1.2.15 --- squid/src/auth/ntlm/auth_ntlm.c 10 Dec 2000 00:56:52 -0000 1.1.2.14 +++ squid/src/auth/ntlm/auth_ntlm.c 11 Dec 2000 23:32:15 -0000 1.1.2.15 @@ -41,25 +41,6 @@ #include "squid.h" #include "auth_ntlm.h" -#if 0 -typedef struct { - void *data; - acl_proxy_auth_user *auth_user; -// SRH *handler; - RH *handler; -} authenticateStatefulStateData; -#endif -#if 0 -static void authenticateStatefulStateFree(authenticateStatefulStateData * r); -#endif - -/* Generic */ -typedef struct { - void *data; - acl_proxy_auth_user *auth_user; - RH *handler; -} authenticateStateData; - static void authenticateStateFree(authenticateStateData * r) { @@ -67,7 +48,7 @@ } /* NTLM Scheme */ -static void authenticateNTLMStart(acl_proxy_auth_user *, RH * handler, void *); +static void authenticateNTLMStart(auth_user_t *, RH * handler, void *); static HLPSCB authenticateNTLMHandleReply; static HLPSCB authenticateNTLMHandleplaceholder; static AUTHSACTIVE authenticateNTLMActive; @@ -91,6 +72,7 @@ static int authntlm_initialised = 0; MemPool *ntlm_helper_state_pool = NULL; +MemPool *ntlm_data_pool = NULL; /* * @@ -111,6 +93,7 @@ helperStatefulFree(ntlmauthenticators); ntlmauthenticators = NULL; memPoolDestroy(ntlm_helper_state_pool); + memPoolDestroy(ntlm_data_pool); } void @@ -131,7 +114,10 @@ authscheme->decodeauth =authenticateDecodeNTLMAuth; authscheme->donefunc = authNTLMDone; authscheme->oncloseconnection = authenticateNTLMOnCloseConnection; - ntlm_helper_state_pool = memPoolCreate("NTLM Helper State data", sizeof(ntlm_helper_state_t)); + if (!ntlm_helper_state_pool) + ntlm_helper_state_pool = memPoolCreate("NTLM Helper State data", sizeof(ntlm_helper_state_t)); + if (!ntlm_data_pool) + ntlm_data_pool = memPoolCreate("NTLM Scheme User Data", sizeof(ntlm_data)); authntlm_initialised = 1; if (ntlmauthenticators == NULL) ntlmauthenticators = helperStatefulCreate("ntlmauthenticator"); @@ -163,9 +149,10 @@ /* NTLM Scheme */ -int authenticateNTLMDirection(acl_proxy_auth_user *auth_user) { +int authenticateNTLMDirection(auth_user_t *auth_user) { + ntlm_data * ntlm_auth = auth_user->scheme_data; /* null auth_user is checked for by authenticateDirection */ - switch (auth_user->auth_data.ntlm_auth.auth_state) { + switch (ntlm_auth->auth_state) { case AUTHENTICATE_STATE_NONE: /* no progress at all.*/ debug(28,1) ("authenticateNTLMDirection: called before NTLM Authenticate!. Report a bug to squid-dev.\n"); return -2; @@ -186,7 +173,8 @@ * else. */ void -authenticateNTLMFixErrorHeader(acl_proxy_auth_user *auth_user, HttpReply *rep, http_hdr_type type, request_t * request){ +authenticateNTLMFixErrorHeader(auth_user_t *auth_user, HttpReply *rep, http_hdr_type type, request_t * request){ + ntlm_data * ntlm_auth; if (Config.Program.ntlmauthenticate){ /* New request, no user details */ if (auth_user == NULL) { @@ -198,7 +186,8 @@ I haven't checked the RFC compliance of this hack - RBCollins*/ request->flags.proxy_keepalive = 0; } else { - switch (auth_user->auth_data.ntlm_auth.auth_state){ + ntlm_auth=auth_user->scheme_data; + switch (ntlm_auth->auth_state){ case AUTHENTICATE_STATE_NONE: debug(29, 5) ("authenticateFixErrorHeader: Sending type:%d header: 'NTLM'\n",type); httpHeaderPutStrf(&rep->header, type, "NTLM"); @@ -211,11 +200,11 @@ case AUTHENTICATE_STATE_CHALLENGE: /* we are 'waiting' for a response */ /* pass the challenge to the client */ - debug(29, 5) ("authenticateFixErrorHeader: Sending type:%d header: 'NTLM %s'\n",type,auth_user->auth_data.ntlm_auth.authchallenge); - httpHeaderPutStrf(&rep->header, type, "NTLM %s", auth_user->auth_data.ntlm_auth.authchallenge); + debug(29, 5) ("authenticateFixErrorHeader: Sending type:%d header: 'NTLM %s'\n",type,ntlm_auth->authchallenge); + httpHeaderPutStrf(&rep->header, type, "NTLM %s", ntlm_auth->authchallenge); break; default: - debug(29,1)("authenticateFixErrorHeader: state %d.\n",auth_user->auth_data.ntlm_auth.auth_state); + debug(29,1)("authenticateFixErrorHeader: state %d.\n",ntlm_auth->auth_state); fatal("unexpected state in AuthenticateFixErrorHeader.\n"); } } @@ -223,16 +212,19 @@ } void -authenticateNTLMFreeUser(acl_proxy_auth_user *auth_user) { +authenticateNTLMFreeUser(auth_user_t *auth_user) { + ntlm_data * ntlm_auth = auth_user->scheme_data; debug(29,6) ("authenticateNTLMFreeUser: Clearing NTLM scheme data\n"); - if (auth_user->auth_data.ntlm_auth.username) - xfree(auth_user->auth_data.ntlm_auth.username); - if (auth_user->auth_data.ntlm_auth.ntlmnegotiate) - xfree(auth_user->auth_data.ntlm_auth.ntlmnegotiate); - if (auth_user->auth_data.ntlm_auth.authchallenge) - xfree(auth_user->auth_data.ntlm_auth.authchallenge); - if (auth_user->auth_data.ntlm_auth.ntlmauthenticate) - xfree(auth_user->auth_data.ntlm_auth.ntlmauthenticate); + if (ntlm_auth->username) + xfree(ntlm_auth->username); + if (ntlm_auth->ntlmnegotiate) + xfree(ntlm_auth->ntlmnegotiate); + if (ntlm_auth->authchallenge) + xfree(ntlm_auth->authchallenge); + if (ntlm_auth->ntlmauthenticate) + xfree(ntlm_auth->ntlmauthenticate); + memPoolFree(ntlm_data_pool, ntlm_auth); + auth_user->scheme_data = NULL; } static stateful_helper_callback_t @@ -270,7 +262,8 @@ void *nextserver=NULL; #endif char *t = NULL; - acl_proxy_auth_user *auth_user; + auth_user_t *auth_user; + ntlm_data *ntlm_auth; debug(29, 5) ("authenticateNTLMHandleReply: Helper: '%d' {%s}\n", lastserver, reply ? reply : ""); valid = cbdataValid(r->data); cbdataUnlock(r->data); @@ -295,16 +288,17 @@ assert(r->auth_user != NULL); assert(r->auth_user->auth_type == AUTH_NTLM); auth_user=r->auth_user; + ntlm_auth=auth_user->scheme_data; + assert(ntlm_auth != NULL); result=S_HELPER_DEFER; #if 0 nextserver=lastserver; #endif debug(29,5)("authenticateNTLMHandleReply: helper '%d'\n",lastserver); - assert(auth_user->auth_data.ntlm_auth.auth_state == AUTHENTICATE_STATE_NEGOTIATE); + assert(ntlm_auth->auth_state == AUTHENTICATE_STATE_NEGOTIATE); // auth_user->auth_data.ntlm_auth.auth_state = AUTHENTICATE_STATE_CHALLENGE; - auth_user->auth_data.ntlm_auth.authhelper = lastserver; - auth_user->auth_data.ntlm_auth.authchallenge = - xstrndup(reply, NTLM_CHALLENGE_SZ+5); + ntlm_auth->authhelper = lastserver; + ntlm_auth->authchallenge = xstrndup(reply, NTLM_CHALLENGE_SZ+5); } else if (strncasecmp(reply, "AF ", 3) == 0) { /* we're finished, release the helper*/ @@ -312,11 +306,13 @@ assert(r->auth_user != NULL); assert(r->auth_user->auth_type == AUTH_NTLM); auth_user=r->auth_user; + assert(auth_user->scheme_data != NULL); + ntlm_auth = auth_user->scheme_data; result=S_HELPER_RELEASE; /* we only expect OK when finishing the handshake */ - assert(auth_user->auth_data.ntlm_auth.auth_state == AUTHENTICATE_STATE_RESPONSE); - auth_user->auth_data.ntlm_auth.username = xstrndup(reply, MAX_LOGIN_SZ); - auth_user->auth_data.ntlm_auth.authhelper = NULL; + assert(ntlm_auth->auth_state == AUTHENTICATE_STATE_RESPONSE); + ntlm_auth->username = xstrndup(reply, MAX_LOGIN_SZ); + ntlm_auth->authhelper = NULL; auth_user->flags.credentials_ok = 1; /* login ok */ } else if (strncasecmp(reply, "NA ", 3) == 0) { @@ -324,12 +320,14 @@ assert(r->auth_user != NULL); assert(r->auth_user->auth_type == AUTH_NTLM); auth_user=r->auth_user; + assert(auth_user->scheme_data != NULL); + ntlm_auth = auth_user->scheme_data; /* todo: action of Negotiate state on error */ result=S_HELPER_RELEASE; /*some error has occured. no more requests */ - auth_user->auth_data.ntlm_auth.authhelper = NULL; + ntlm_auth->authhelper = NULL; auth_user->flags.credentials_ok = 2; /* Login/Usercode failed */ debug(29, 1) ("authenticateNTLMHandleReply: Error validating user via NTLM.\n"); - auth_user->auth_data.ntlm_auth.auth_state = AUTHENTICATE_STATE_NONE; + ntlm_auth->auth_state = AUTHENTICATE_STATE_NONE; if ((t = strchr(reply, ' ')))/* strip after a space */ *t = '\0'; } @@ -342,11 +340,13 @@ assert(r->auth_user != NULL); assert(r->auth_user->auth_type == AUTH_NTLM); auth_user=r->auth_user; + assert(auth_user->scheme_data != NULL); + ntlm_auth = auth_user->scheme_data; result=S_HELPER_RELEASE; /*some error has occured. no more requests for this helper */ - helperstate=helperStatefulServerGetData(auth_user->auth_data.ntlm_auth.authhelper); - auth_user->auth_data.ntlm_auth.authhelper = NULL; - if (auth_user->auth_data.ntlm_auth.auth_state == AUTHENTICATE_STATE_NEGOTIATE) + helperstate=helperStatefulServerGetData(ntlm_auth->authhelper); + ntlm_auth->authhelper = NULL; + if (ntlm_auth->auth_state == AUTHENTICATE_STATE_NEGOTIATE) { /* The helper broke on YR. It automatically * resets */ @@ -365,24 +365,26 @@ auth_user->flags.credentials_ok = 2; /* Login/Usercode failed */ debug(29, 1) ("authenticateNTLMHandleReply: Error validating user via NTLM .\n"); - auth_user->auth_data.ntlm_auth.auth_state = AUTHENTICATE_STATE_NONE; + ntlm_auth->auth_state = AUTHENTICATE_STATE_NONE; if ((t = strchr(reply, ' ')))/* strip after a space */ *t = '\0'; /* now we mark the helper for resetting. */ helperstate->starve=1; } - auth_user->auth_data.ntlm_auth.auth_state = AUTHENTICATE_STATE_NONE; + ntlm_auth->auth_state = AUTHENTICATE_STATE_NONE; } else { /* TODO: only work with auth_user here if it exists */ assert(r->auth_user != NULL); assert(r->auth_user->auth_type == AUTH_NTLM); auth_user=r->auth_user; + assert(auth_user->scheme_data != NULL); + ntlm_auth = auth_user->scheme_data; debug(29, 1) ("authenticateNTLMHandleReply: Unsupported helper response, '%s'\n", reply); /* restart the authentication process */ - auth_user->auth_data.ntlm_auth.auth_state = AUTHENTICATE_STATE_NONE; + ntlm_auth->auth_state = AUTHENTICATE_STATE_NONE; auth_user->flags.credentials_ok = 3; /* cannot process */ - auth_user->auth_data.ntlm_auth.authhelper = NULL; + ntlm_auth->authhelper = NULL; } #if 0 if (*reply == '\0') @@ -443,7 +445,7 @@ /* send the initial data to a stateful ntlm authenticator module */ static void -authenticateNTLMStart(acl_proxy_auth_user * auth_user, RH * handler, void *data) +authenticateNTLMStart(auth_user_t * auth_user, RH * handler, void *data) { #if 0 authenticateStatefulStateData *r = NULL; @@ -453,20 +455,23 @@ ntlm_helper_state_t *helperstate; char buf[8192]; char *sent_string=NULL; + ntlm_data * ntlm_auth; assert(auth_user); assert(handler); assert(data); assert(auth_user->auth_type=AUTH_NTLM); - debug(29,6)("authenticateNTLMStart: auth state '%d'\n",auth_user->auth_data.ntlm_auth.auth_state); - switch(auth_user->auth_data.ntlm_auth.auth_state) { + assert(auth_user->scheme_data != NULL); + ntlm_auth = auth_user->scheme_data; + debug(29,6)("authenticateNTLMStart: auth state '%d'\n",ntlm_auth->auth_state); + switch(ntlm_auth->auth_state) { case AUTHENTICATE_STATE_NEGOTIATE: - sent_string = xstrdup(auth_user->auth_data.ntlm_auth.ntlmnegotiate); + sent_string = xstrdup(ntlm_auth->ntlmnegotiate); break; case AUTHENTICATE_STATE_RESPONSE: - sent_string = xstrdup(auth_user->auth_data.ntlm_auth.ntlmauthenticate); - assert(auth_user->auth_data.ntlm_auth.authhelper); - debug(29, 6) ("authenticateNTLMStart: Asking NTLMauthenticator '%d'.\n", auth_user->auth_data.ntlm_auth.authhelper); + sent_string = xstrdup(ntlm_auth->ntlmauthenticate); + assert(ntlm_auth->authhelper); + debug(29, 6) ("authenticateNTLMStart: Asking NTLMauthenticator '%d'.\n", ntlm_auth->authhelper); break; default: fatal("Invalid authenticate state for NTLMStart"); @@ -478,7 +483,7 @@ while (xisspace(*sent_string)) /*trim leading spaces */ sent_string++; - debug(29, 5) ("authenticateNTLMStart: state '%d'\n", auth_user->auth_data.ntlm_auth.auth_state); + debug(29, 5) ("authenticateNTLMStart: state '%d'\n", ntlm_auth->auth_state); debug(29, 5) ("authenticateNTLMStart: '%s'\n", sent_string); if (Config.Program.ntlmauthenticate == NULL) { debug(29, 1) ("authenticateNTLMStart: no NTLM program specified:'%s'\n", sent_string); @@ -488,21 +493,18 @@ } #ifdef NTLMHELPPROTOCOLV2 r = xcalloc(1, sizeof(authenticateStateData)); -#if 0 - r = xcalloc(1, sizeof(authenticateStatefulStateData)); -#endif cbdataAdd(r, cbdataXfree, 0); r->handler = handler; cbdataLock(data); r->data = data; r->auth_user = auth_user; snprintf(buf, 8192, "%s\n", sent_string); - helperStatefulSubmit(ntlmauthenticators, buf, authenticateNTLMHandleReply, r, auth_user->auth_data.ntlm_auth.authhelper); + helperStatefulSubmit(ntlmauthenticators, buf, authenticateNTLMHandleReply, r, ntlm_auth->authhelper); debug(29,9)("authenticateNTLMstart: finished\n"); #else /* this is ugly TODO: move the challenge generation routines to their own function and * tidy the logic up to make use of the efficiency we now have */ - switch(auth_user->auth_data.ntlm_auth.auth_state) { + switch(ntlm_auth->auth_state) { case AUTHENTICATE_STATE_NEGOTIATE: /* * 1: get a helper server @@ -524,7 +526,7 @@ } if (server==NULL) debug(29,4) ("unable to get a deferred ntlm helper... all helpers are refreshing challenges. Queuing as a placeholder request.\n"); - auth_user->auth_data.ntlm_auth.authhelper=server; + ntlm_auth->authhelper=server; /* tell the log what helper we have been given */ debug(29,5)("authenticateNTLMStart: helper '%d' assigned\n",server); /* valid challenge? */ @@ -538,12 +540,12 @@ r->auth_user = auth_user; if (server == NULL) { - helperStatefulSubmit(ntlmauthenticators, NULL, authenticateNTLMHandleplaceholder, r, auth_user->auth_data.ntlm_auth.authhelper); + helperStatefulSubmit(ntlmauthenticators, NULL, authenticateNTLMHandleplaceholder, r, ntlm_auth->authhelper); } else { snprintf(buf, 8192, "YR\n"); - helperStatefulSubmit(ntlmauthenticators, buf, authenticateNTLMHandleReply, r, auth_user->auth_data.ntlm_auth.authhelper); + helperStatefulSubmit(ntlmauthenticators, buf, authenticateNTLMHandleReply, r, ntlm_auth->authhelper); } } else { /* we have a valid challenge */ @@ -551,7 +553,7 @@ /* increment the challenge uses */ helperstate->challengeuses++; /* assign the challenge */ - auth_user->auth_data.ntlm_auth.authchallenge = + ntlm_auth->authchallenge = xstrndup(helperstate->challenge, NTLM_CHALLENGE_SZ+5); handler(data, NULL); } @@ -565,7 +567,7 @@ r->data = data; r->auth_user = auth_user; snprintf(buf, 8192, "KK %s\n", sent_string); - helperStatefulSubmit(ntlmauthenticators, buf, authenticateNTLMHandleReply, r, auth_user->auth_data.ntlm_auth.authhelper); + helperStatefulSubmit(ntlmauthenticators, buf, authenticateNTLMHandleReply, r, ntlm_auth->authhelper); debug(29,9)("authenticateNTLMstart: finished\n"); break; default: @@ -616,21 +618,27 @@ /* clear the NTLM helper of being reserved for future requests */ void -authenticateNTLMReleasehelper(acl_proxy_auth_user *auth_user){ +authenticateNTLMReleasehelper(auth_user_t *auth_user){ + ntlm_data * ntlm_auth; assert(auth_user->auth_type==AUTH_NTLM); - debug(29,5) ("authenticateNTLMReleasehelper: releasing helper '%d'\n",auth_user->auth_data.ntlm_auth.authhelper); - helperStatefulReleaseServer(auth_user->auth_data.ntlm_auth.authhelper); - auth_user->auth_data.ntlm_auth.authhelper=NULL; + assert(auth_user->scheme_data != NULL); + ntlm_auth = auth_user->scheme_data; + debug(29,5) ("authenticateNTLMReleasehelper: releasing helper '%d'\n",ntlm_auth->authhelper); + helperStatefulReleaseServer(ntlm_auth->authhelper); + ntlm_auth->authhelper=NULL; } /* clear any connection related authentication details */ void authenticateNTLMOnCloseConnection(ConnStateData *conn) { - acl_proxy_auth_user *auth_user; + auth_user_t *auth_user; + ntlm_data * ntlm_auth; assert(conn !=NULL); if (conn->auth_user != NULL) { auth_user=conn->auth_user; - if (auth_user->auth_data.ntlm_auth.authhelper != NULL) + assert(auth_user->scheme_data != NULL); + ntlm_auth = auth_user->scheme_data; + if (ntlm_auth->authhelper != NULL) authenticateNTLMReleasehelper(auth_user); /* unlock the connection based lock */ debug (29,6)("authenticateNTLMOnCloseConnection: Unlocking auth_user from the connection.\n"); @@ -639,42 +647,12 @@ } } -#if OBSOLETE -/* send the initial data to a stateful ntlm authenticator module */ -void -authenticateNTLMStart(const char *proxy_auth, SRH * handler, void *data, helper_ -stateful_server * lastserver) -{ - authenticateStatefulStateData *r = NULL; - char buf[8192]; - assert(proxy_auth); - assert(handler); - assert(data); - debug(29, 5) ("authenticateNTLMStart: '%s'\n", proxy_auth); - if (Config.Program.ntlmauthenticate == NULL) { - debug(29, 1) ("authenticateNTLMStart: no NTLM program specified:'%s'\n", - proxy_auth); - handler(data,0, NULL); - return; - } - r = xcalloc(1, sizeof(authenticateStatefulStateData)); - cbdataAdd(r, cbdataXfree, 0); - r->handler = handler; - cbdataLock(data); - r->data = data; - snprintf(buf, 8192, "%s\n", proxy_auth); - helperStatefulSubmit(ntlmauthenticators, buf, authenticateNTLMHandleReply, r -, lastserver); - debug(29,9)("authenticateNTLMstart: finished\n"); -} -#endif - - /* authenticateUserUsername: return a pointer to the username in the */ char * -authenticateNTLMUsername(acl_proxy_auth_user *auth_user) { - if(auth_user->auth_type== AUTH_NTLM) - return auth_user->auth_data.ntlm_auth.username; +authenticateNTLMUsername(auth_user_t *auth_user) { + ntlm_data * ntlm_auth=auth_user->scheme_data; + if(auth_user->auth_type== AUTH_NTLM && (ntlm_auth != NULL)) + return ntlm_auth->username; return NULL; } @@ -685,40 +663,44 @@ */ void -authenticateDecodeNTLMAuth(acl_proxy_auth_user *auth_user, const char * proxy_auth) { +authenticateDecodeNTLMAuth(auth_user_t *auth_user, const char * proxy_auth) { assert(auth_user->auth_type == AUTH_UNKNOWN); auth_user->auth_type = AUTH_NTLM; + auth_user->scheme_data = memPoolAlloc(ntlm_data_pool); /* all we have to do is identify that it's NTLM - the helper does the rest */ debug(29, 6) ("authenticateDecodeNTLMAuth: NTLM authentication\n"); return; } + +int authenticateNTLMcmpUsername(ntlm_data *u1, ntlm_data *u2) +{ + return strcmp(u1->username, u2->username); +} + #if 0 static acl_proxy_auth_user * authenticateNTLMAuthenticateUser(void *data, const char * proxy_auth, ConnStateData *conn) { #endif -static acl_proxy_auth_user * -authenticateNTLMAuthenticateUser(acl_proxy_auth_user *auth_user, request_t *request, ConnStateData *conn, http_hdr_type type) { -// acl_proxy_auth_user *auth_user=data; +static auth_user_t * +authenticateNTLMAuthenticateUser(auth_user_t *auth_user, request_t *request, ConnStateData *conn, http_hdr_type type) { const char * proxy_auth; - acl_proxy_auth_hash_pointer *usernamehash, *proxy_auth_hash=NULL; + auth_user_hash_pointer *usernamehash, *proxy_auth_hash=NULL; + ntlm_data * ntlm_auth; LOCAL_ARRAY(char, ntlmhash, NTLM_CHALLENGE_SZ * 2); -// char * proxy_auth=auth_user->proxy_auth; /* get header */ proxy_auth = httpHeaderGetStr(&request->header, type); assert(auth_user->auth_type==AUTH_NTLM); - switch (auth_user->auth_data.ntlm_auth.auth_state) { + assert(auth_user->scheme_data != NULL); + ntlm_auth = auth_user->scheme_data; + switch (ntlm_auth->auth_state) { case AUTHENTICATE_STATE_NONE: /* we've recieved a negotiate request. pass to a helper */ debug(29, 3) ("authenticateNTLMAuthenticateUser: auth state ntlm none. %s\n", proxy_auth); - auth_user->auth_data.ntlm_auth.auth_state = AUTHENTICATE_STATE_NEGOTIATE; -// auth_user->auth_data.ntlm_auth.ntlmnegotiate = auth_user->proxy_auth; -// /* use it up. */ -// auth_user->proxy_auth=NULL; - - auth_user->auth_data.ntlm_auth.ntlmnegotiate=xstrndup(proxy_auth, NTLM_CHALLENGE_SZ+5); + ntlm_auth->auth_state = AUTHENTICATE_STATE_NEGOTIATE; + ntlm_auth->ntlmnegotiate=xstrndup(proxy_auth, NTLM_CHALLENGE_SZ+5); conn->auth_type=AUTH_NTLM; conn->auth_user=auth_user; /* and lock for the connection duration */ @@ -727,9 +709,7 @@ return auth_user; break; case AUTHENTICATE_STATE_NEGOTIATE: - auth_user->auth_data.ntlm_auth.auth_state = AUTHENTICATE_STATE_CHALLENGE; -// xfree(auth_user->proxy_auth); -// auth_user->proxy_auth=NULL; + ntlm_auth->auth_state = AUTHENTICATE_STATE_CHALLENGE; return auth_user; break; case AUTHENTICATE_STATE_CHALLENGE: @@ -743,7 +723,7 @@ #if 0 proxy_auth += 5; #endif - auth_user->auth_data.ntlm_auth.ntlmauthenticate = xstrdup(proxy_auth); + ntlm_auth->ntlmauthenticate = xstrdup(proxy_auth); // xfree(auth_user->proxy_auth); // auth_user->proxy_auth = NULL; } else { @@ -752,15 +732,15 @@ } /* cache entries have authenticateauthheaderchallengestring */ snprintf(ntlmhash, sizeof(ntlmhash) - 1, "%s%s", - auth_user->auth_data.ntlm_auth.ntlmauthenticate, - auth_user->auth_data.ntlm_auth.authchallenge); + ntlm_auth->ntlmauthenticate, + ntlm_auth->authchallenge); /* see if we already know this user's authenticate */ debug(29,3)("aclMatchProxyAuth: cache lookup with key '%s'\n",ntlmhash); assert(proxy_auth_cache!=NULL); proxy_auth_hash = hash_lookup(proxy_auth_cache, ntlmhash); if (!proxy_auth_hash) { /* not in the hash table */ debug(29,3)("authenticateNTLMAuthenticateUser: proxy-auth cache miss.\n"); - auth_user->auth_data.ntlm_auth.auth_state = AUTHENTICATE_STATE_RESPONSE; + ntlm_auth->auth_state = AUTHENTICATE_STATE_RESPONSE; /* verify with the ntlm helper */ } else { debug(29,3)("authenticateNTLMAuthenticateUser: ntlm proxy-auth cache hit\n"); @@ -784,8 +764,10 @@ /* we found one */ debug(29, 3) ("found matching cache entry\n"); assert(auth_user->auth_type == AUTH_NTLM); + /* get the existing entries details */ + ntlm_auth = auth_user->scheme_data; debug(29, 3) ("Username to be used is %s\n", - auth_user->auth_data.ntlm_auth.username); + ntlm_auth->username); auth_user->flags.credentials_ok = 1; /* authenticated ok */ /* on ntlm auth we do not unlock the auth_user until the * connection is dropped. Thank MS for this quirk */ @@ -797,22 +779,22 @@ case AUTHENTICATE_STATE_RESPONSE: /* auth-challenge pair cache miss. We've just got the response */ /*add to cache and let them through */ - auth_user->auth_data.ntlm_auth.auth_state = AUTHENTICATE_STATE_DONE; + ntlm_auth->auth_state = AUTHENTICATE_STATE_DONE; /* this connection is authenticated */ debug(29, 3) ("validated\nch %s\nauth %s\nauthuser %s\n", - auth_user->auth_data.ntlm_auth.authchallenge, - auth_user->auth_data.ntlm_auth.ntlmauthenticate, - auth_user->auth_data.ntlm_auth.username); + ntlm_auth->authchallenge, + ntlm_auth->ntlmauthenticate, + ntlm_auth->username); /* cache entries have authenticateauthheaderchallengestring */ - snprintf(ntlmhash, sizeof(ntlmhash) - 1, "%s%s", auth_user->auth_data.ntlm_auth.ntlmauthenticate, - auth_user->auth_data.ntlm_auth.authchallenge); + snprintf(ntlmhash, sizeof(ntlmhash) - 1, "%s%s", ntlm_auth->ntlmauthenticate, + ntlm_auth->authchallenge); /* see if this is an existing user with a different proxy_auth * string */ if ((usernamehash = hash_lookup(proxy_auth_username_cache, - auth_user->auth_data.ntlm_auth.username))) { + ntlm_auth->username))) { while ((usernamehash->auth_user->auth_type != auth_user->auth_type) && (usernamehash->next) && - !strcmp(usernamehash->auth_user->auth_data.ntlm_auth.username, auth_user->auth_data.ntlm_auth.username) ) + !authenticateNTLMcmpUsername(usernamehash->auth_user->scheme_data, ntlm_auth) ) usernamehash=usernamehash->next; if (usernamehash->auth_user->auth_type==auth_user->auth_type) { /* @@ -823,20 +805,8 @@ /* we can't seamlessly recheck the username due to the * challenge nature of the protocol. Just free the * temporary auth_user */ -#if 0 - debug (29,6)("authenticateNTLMAuthenticateUser: Unlocking auth_user from the connection.\n"); - authenticateAuthUserUnlock(auth_user); -#if 0 - authenticateFreeProxyAuthUser(auth_user); -#endif -#endif authenticateAuthUserMerge(auth_user,usernamehash->auth_user); auth_user = usernamehash->auth_user; -#if 0 - /* and lock for the connection duration */ - debug (29,6)("authenticateNTLMAuthenticateUser: Locking auth_user from the connection.\n"); - authenticateAuthUserLock(auth_user); -#endif conn->auth_user=auth_user; } } else { Index: squid/src/auth/ntlm/auth_ntlm.h =================================================================== RCS file: /cvsroot/squid-sf//squid/src/auth/ntlm/auth_ntlm.h,v retrieving revision 1.1.2.3 retrieving revision 1.1.2.4 diff -u -r1.1.2.3 -r1.1.2.4 --- squid/src/auth/ntlm/auth_ntlm.h 4 Dec 2000 12:36:11 -0000 1.1.2.3 +++ squid/src/auth/ntlm/auth_ntlm.h 11 Dec 2000 23:32:15 -0000 1.1.2.4 @@ -6,6 +6,29 @@ #ifndef __AUTH_NTLM_H__ #define __AUTH_NTLM_H__ + +/* Generic */ +typedef struct { + void *data; + auth_user_t *auth_user; + RH *handler; +} authenticateStateData; + +struct _ntlm_data { + /* what username did this connection get? */ + char *username; + /* what negotiate string did the client use? */ + char *ntlmnegotiate; + /* what challenge did we give the client? */ + char *authchallenge; + /* what authenticate string did we get? */ + char *ntlmauthenticate; + /*we need to store the NTLM helper between requests*/ + helper_stateful_server * authhelper; + /* how far through the authentication process are we? */ + auth_state_t auth_state; +}; + struct _ntlm_helper_state_t { char *challenge; /* the challenge to use with this helper */ int starve; /* 0= normal operation. 1=don't hand out any more challenges */ @@ -13,8 +36,11 @@ time_t renewed; }; + +typedef struct _ntlm_data ntlm_data; typedef struct _ntlm_helper_state_t ntlm_helper_state_t; extern MemPool *ntlm_helper_state_pool; +extern MemPool *ntlm_data_pool; #endif