This patch is generated from the authinfo branch of HEAD in squid
Fri Jan 30 10:14:30 2004 GMT
See http://devel.squid-cache.org/
Index: squid/ChangeLog
diff -u squid/ChangeLog:1.10 squid/ChangeLog:1.10.16.1
--- squid/ChangeLog:1.10 Fri Mar 9 16:58:29 2001
+++ squid/ChangeLog Fri Apr 13 16:17:14 2001
@@ -1,3 +1,5 @@
+ - Extended authenticator protocol to allow for more detailed responses
+ and to verify the client IP address. (Pedro Lineu Orso)
- Added 'max-conn' option to 'cache_peer'
Changes to squid-2.5
Index: squid/errors/Bulgarian/ERR_REQ_PWD_CHANGE
diff -u /dev/null squid/errors/Bulgarian/ERR_REQ_PWD_CHANGE:1.1.58.1
--- /dev/null Fri Jan 30 02:13:09 2004
+++ squid/errors/Bulgarian/ERR_REQ_PWD_CHANGE Fri Apr 13 16:17:14 2001
@@ -0,0 +1,10 @@
+</HEAD><BODY>
+<H1>ERROR</H1>
+<H2>Expired User Password.</H2>
+<HR>
+<P>
+<P>
+You need to <A HREF="http://%h/cgi-bin/chpasswd.cgi"> change</a> your password.
+<P>
+<P>
+</HTML>
Index: squid/errors/Bulgarian/ERR_UNAUTHORIZED_IP_ADDRESS
diff -u /dev/null squid/errors/Bulgarian/ERR_UNAUTHORIZED_IP_ADDRESS:1.1.58.1
--- /dev/null Fri Jan 30 02:13:09 2004
+++ squid/errors/Bulgarian/ERR_UNAUTHORIZED_IP_ADDRESS Fri Apr 13 16:17:14 2001
@@ -0,0 +1,10 @@
+</HEAD><BODY>
+<H1>ERROR</H1>
+<H2>Unauthorized IP Address.</H2>
+<HR>
+<P>
+<P>
+You are not authorized to access the cache using IP Address '%i'.
+<P>
+<P>
+</HTML>
Index: squid/errors/Czech/ERR_REQ_PWD_CHANGE
diff -u /dev/null squid/errors/Czech/ERR_REQ_PWD_CHANGE:1.1.58.1
--- /dev/null Fri Jan 30 02:13:09 2004
+++ squid/errors/Czech/ERR_REQ_PWD_CHANGE Fri Apr 13 16:17:14 2001
@@ -0,0 +1,10 @@
+</HEAD><BODY>
+<H1>ERROR</H1>
+<H2>Expired User Password.</H2>
+<HR>
+<P>
+<P>
+You need to <A HREF="http://%h/cgi-bin/chpasswd.cgi"> change</a> your password.
+<P>
+<P>
+</HTML>
Index: squid/errors/Czech/ERR_UNAUTHORIZED_IP_ADDRESS
diff -u /dev/null squid/errors/Czech/ERR_UNAUTHORIZED_IP_ADDRESS:1.1.58.1
--- /dev/null Fri Jan 30 02:13:09 2004
+++ squid/errors/Czech/ERR_UNAUTHORIZED_IP_ADDRESS Fri Apr 13 16:17:14 2001
@@ -0,0 +1,10 @@
+</HEAD><BODY>
+<H1>ERROR</H1>
+<H2>Unauthorized IP Address.</H2>
+<HR>
+<P>
+<P>
+You are not authorized to access the cache using IP Address '%i'.
+<P>
+<P>
+</HTML>
Index: squid/errors/Danish/ERR_REQ_PWD_CHANGE
diff -u /dev/null squid/errors/Danish/ERR_REQ_PWD_CHANGE:1.1.58.1
--- /dev/null Fri Jan 30 02:13:09 2004
+++ squid/errors/Danish/ERR_REQ_PWD_CHANGE Fri Apr 13 16:17:15 2001
@@ -0,0 +1,10 @@
+</HEAD><BODY>
+<H1>ERROR</H1>
+<H2>Expired User Password.</H2>
+<HR>
+<P>
+<P>
+You need to <A HREF="http://%h/cgi-bin/chpasswd.cgi"> change</a> your password.
+<P>
+<P>
+</HTML>
Index: squid/errors/Danish/ERR_UNAUTHORIZED_IP_ADDRESS
diff -u /dev/null squid/errors/Danish/ERR_UNAUTHORIZED_IP_ADDRESS:1.1.58.1
--- /dev/null Fri Jan 30 02:13:09 2004
+++ squid/errors/Danish/ERR_UNAUTHORIZED_IP_ADDRESS Fri Apr 13 16:17:15 2001
@@ -0,0 +1,10 @@
+</HEAD><BODY>
+<H1>ERROR</H1>
+<H2>Unauthorized IP Address.</H2>
+<HR>
+<P>
+<P>
+You are not authorized to access the cache using IP Address '%i'.
+<P>
+<P>
+</HTML>
Index: squid/errors/Dutch/ERR_REQ_PWD_CHANGE
diff -u /dev/null squid/errors/Dutch/ERR_REQ_PWD_CHANGE:1.1.58.1
--- /dev/null Fri Jan 30 02:13:09 2004
+++ squid/errors/Dutch/ERR_REQ_PWD_CHANGE Fri Apr 13 16:17:15 2001
@@ -0,0 +1,10 @@
+</HEAD><BODY>
+<H1>ERROR</H1>
+<H2>Expired User Password.</H2>
+<HR>
+<P>
+<P>
+You need to <A HREF="http://%h/cgi-bin/chpasswd.cgi"> change</a> your password.
+<P>
+<P>
+</HTML>
Index: squid/errors/Dutch/ERR_UNAUTHORIZED_IP_ADDRESS
diff -u /dev/null squid/errors/Dutch/ERR_UNAUTHORIZED_IP_ADDRESS:1.1.58.1
--- /dev/null Fri Jan 30 02:13:09 2004
+++ squid/errors/Dutch/ERR_UNAUTHORIZED_IP_ADDRESS Fri Apr 13 16:17:15 2001
@@ -0,0 +1,10 @@
+</HEAD><BODY>
+<H1>ERROR</H1>
+<H2>Unauthorized IP Address.</H2>
+<HR>
+<P>
+<P>
+You are not authorized to access the cache using IP Address '%i'.
+<P>
+<P>
+</HTML>
Index: squid/errors/English/ERR_REQ_PWD_CHANGE
diff -u /dev/null squid/errors/English/ERR_REQ_PWD_CHANGE:1.1.58.1
--- /dev/null Fri Jan 30 02:13:09 2004
+++ squid/errors/English/ERR_REQ_PWD_CHANGE Fri Apr 13 16:17:15 2001
@@ -0,0 +1,10 @@
+</HEAD><BODY>
+<H1>ERROR</H1>
+<H2>Expired User Password.</H2>
+<HR>
+<P>
+<P>
+You need to <A HREF="http://%h/cgi-bin/chpasswd.cgi"> change</a> your password.
+<P>
+<P>
+</HTML>
Index: squid/errors/English/ERR_UNAUTHORIZED_IP_ADDRESS
diff -u /dev/null squid/errors/English/ERR_UNAUTHORIZED_IP_ADDRESS:1.1.58.1
--- /dev/null Fri Jan 30 02:13:09 2004
+++ squid/errors/English/ERR_UNAUTHORIZED_IP_ADDRESS Fri Apr 13 16:17:15 2001
@@ -0,0 +1,10 @@
+</HEAD><BODY>
+<H1>ERROR</H1>
+<H2>Unauthorized IP Address.</H2>
+<HR>
+<P>
+<P>
+You are not authorized to access the cache using IP Address '%i'.
+<P>
+<P>
+</HTML>
Index: squid/errors/Estonian/ERR_REQ_PWD_CHANGE
diff -u /dev/null squid/errors/Estonian/ERR_REQ_PWD_CHANGE:1.1.58.1
--- /dev/null Fri Jan 30 02:13:09 2004
+++ squid/errors/Estonian/ERR_REQ_PWD_CHANGE Fri Apr 13 16:17:15 2001
@@ -0,0 +1,10 @@
+</HEAD><BODY>
+<H1>ERROR</H1>
+<H2>Expired User Password.</H2>
+<HR>
+<P>
+<P>
+You need to <A HREF="http://%h/cgi-bin/chpasswd.cgi"> change</a> your password.
+<P>
+<P>
+</HTML>
Index: squid/errors/Estonian/ERR_UNAUTHORIZED_IP_ADDRESS
diff -u /dev/null squid/errors/Estonian/ERR_UNAUTHORIZED_IP_ADDRESS:1.1.58.1
--- /dev/null Fri Jan 30 02:13:09 2004
+++ squid/errors/Estonian/ERR_UNAUTHORIZED_IP_ADDRESS Fri Apr 13 16:17:15 2001
@@ -0,0 +1,10 @@
+</HEAD><BODY>
+<H1>ERROR</H1>
+<H2>Unauthorized IP Address.</H2>
+<HR>
+<P>
+<P>
+You are not authorized to access the cache using IP Address '%i'.
+<P>
+<P>
+</HTML>
Index: squid/errors/Finnish/ERR_REQ_PWD_CHANGE
diff -u /dev/null squid/errors/Finnish/ERR_REQ_PWD_CHANGE:1.1.58.1
--- /dev/null Fri Jan 30 02:13:09 2004
+++ squid/errors/Finnish/ERR_REQ_PWD_CHANGE Fri Apr 13 16:17:15 2001
@@ -0,0 +1,10 @@
+</HEAD><BODY>
+<H1>ERROR</H1>
+<H2>Expired User Password.</H2>
+<HR>
+<P>
+<P>
+You need to <A HREF="http://%h/cgi-bin/chpasswd.cgi"> change</a> your password.
+<P>
+<P>
+</HTML>
Index: squid/errors/Finnish/ERR_UNAUTHORIZED_IP_ADDRESS
diff -u /dev/null squid/errors/Finnish/ERR_UNAUTHORIZED_IP_ADDRESS:1.1.58.1
--- /dev/null Fri Jan 30 02:13:09 2004
+++ squid/errors/Finnish/ERR_UNAUTHORIZED_IP_ADDRESS Fri Apr 13 16:17:15 2001
@@ -0,0 +1,10 @@
+</HEAD><BODY>
+<H1>ERROR</H1>
+<H2>Unauthorized IP Address.</H2>
+<HR>
+<P>
+<P>
+You are not authorized to access the cache using IP Address '%i'.
+<P>
+<P>
+</HTML>
Index: squid/errors/French/ERR_REQ_PWD_CHANGE
diff -u /dev/null squid/errors/French/ERR_REQ_PWD_CHANGE:1.1.58.1
--- /dev/null Fri Jan 30 02:13:09 2004
+++ squid/errors/French/ERR_REQ_PWD_CHANGE Fri Apr 13 16:17:15 2001
@@ -0,0 +1,10 @@
+</HEAD><BODY>
+<H1>ERROR</H1>
+<H2>Expired User Password.</H2>
+<HR>
+<P>
+<P>
+You need to <A HREF="http://%h/cgi-bin/chpasswd.cgi"> change</a> your password.
+<P>
+<P>
+</HTML>
Index: squid/errors/French/ERR_UNAUTHORIZED_IP_ADDRESS
diff -u /dev/null squid/errors/French/ERR_UNAUTHORIZED_IP_ADDRESS:1.1.58.1
--- /dev/null Fri Jan 30 02:13:09 2004
+++ squid/errors/French/ERR_UNAUTHORIZED_IP_ADDRESS Fri Apr 13 16:17:15 2001
@@ -0,0 +1,10 @@
+</HEAD><BODY>
+<H1>ERROR</H1>
+<H2>Unauthorized IP Address.</H2>
+<HR>
+<P>
+<P>
+You are not authorized to access the cache using IP Address '%i'.
+<P>
+<P>
+</HTML>
Index: squid/errors/German/ERR_REQ_PWD_CHANGE
diff -u /dev/null squid/errors/German/ERR_REQ_PWD_CHANGE:1.1.58.1
--- /dev/null Fri Jan 30 02:13:09 2004
+++ squid/errors/German/ERR_REQ_PWD_CHANGE Fri Apr 13 16:17:15 2001
@@ -0,0 +1,10 @@
+</HEAD><BODY>
+<H1>ERROR</H1>
+<H2>Expired User Password.</H2>
+<HR>
+<P>
+<P>
+You need to <A HREF="http://%h/cgi-bin/chpasswd.cgi"> change</a> your password.
+<P>
+<P>
+</HTML>
Index: squid/errors/German/ERR_UNAUTHORIZED_IP_ADDRESS
diff -u /dev/null squid/errors/German/ERR_UNAUTHORIZED_IP_ADDRESS:1.1.58.1
--- /dev/null Fri Jan 30 02:13:09 2004
+++ squid/errors/German/ERR_UNAUTHORIZED_IP_ADDRESS Fri Apr 13 16:17:15 2001
@@ -0,0 +1,10 @@
+</HEAD><BODY>
+<H1>ERROR</H1>
+<H2>Unauthorized IP Address.</H2>
+<HR>
+<P>
+<P>
+You are not authorized to access the cache using IP Address '%i'.
+<P>
+<P>
+</HTML>
Index: squid/errors/Hungarian/ERR_REQ_PWD_CHANGE
diff -u /dev/null squid/errors/Hungarian/ERR_REQ_PWD_CHANGE:1.1.58.1
--- /dev/null Fri Jan 30 02:13:10 2004
+++ squid/errors/Hungarian/ERR_REQ_PWD_CHANGE Fri Apr 13 16:17:15 2001
@@ -0,0 +1,10 @@
+</HEAD><BODY>
+<H1>ERROR</H1>
+<H2>Expired User Password.</H2>
+<HR>
+<P>
+<P>
+You need to <A HREF="http://%h/cgi-bin/chpasswd.cgi"> change</a> your password.
+<P>
+<P>
+</HTML>
Index: squid/errors/Hungarian/ERR_UNAUTHORIZED_IP_ADDRESS
diff -u /dev/null squid/errors/Hungarian/ERR_UNAUTHORIZED_IP_ADDRESS:1.1.58.1
--- /dev/null Fri Jan 30 02:13:10 2004
+++ squid/errors/Hungarian/ERR_UNAUTHORIZED_IP_ADDRESS Fri Apr 13 16:17:15 2001
@@ -0,0 +1,10 @@
+</HEAD><BODY>
+<H1>ERROR</H1>
+<H2>Unauthorized IP Address.</H2>
+<HR>
+<P>
+<P>
+You are not authorized to access the cache using IP Address '%i'.
+<P>
+<P>
+</HTML>
Index: squid/errors/Italian/ERR_REQ_PWD_CHANGE
diff -u /dev/null squid/errors/Italian/ERR_REQ_PWD_CHANGE:1.1.58.1
--- /dev/null Fri Jan 30 02:13:10 2004
+++ squid/errors/Italian/ERR_REQ_PWD_CHANGE Fri Apr 13 16:17:15 2001
@@ -0,0 +1,10 @@
+</HEAD><BODY>
+<H1>ERROR</H1>
+<H2>Expired User Password.</H2>
+<HR>
+<P>
+<P>
+You need to <A HREF="http://%h/cgi-bin/chpasswd.cgi"> change</a> your password.
+<P>
+<P>
+</HTML>
Index: squid/errors/Italian/ERR_UNAUTHORIZED_IP_ADDRESS
diff -u /dev/null squid/errors/Italian/ERR_UNAUTHORIZED_IP_ADDRESS:1.1.58.1
--- /dev/null Fri Jan 30 02:13:10 2004
+++ squid/errors/Italian/ERR_UNAUTHORIZED_IP_ADDRESS Fri Apr 13 16:17:15 2001
@@ -0,0 +1,10 @@
+</HEAD><BODY>
+<H1>ERROR</H1>
+<H2>Unauthorized IP Address.</H2>
+<HR>
+<P>
+<P>
+You are not authorized to access the cache using IP Address '%i'.
+<P>
+<P>
+</HTML>
Index: squid/errors/Japanese/ERR_REQ_PWD_CHANGE
diff -u /dev/null squid/errors/Japanese/ERR_REQ_PWD_CHANGE:1.1.58.1
--- /dev/null Fri Jan 30 02:13:10 2004
+++ squid/errors/Japanese/ERR_REQ_PWD_CHANGE Fri Apr 13 16:17:15 2001
@@ -0,0 +1,10 @@
+</HEAD><BODY>
+<H1>ERROR</H1>
+<H2>Expired User Password.</H2>
+<HR>
+<P>
+<P>
+You need to <A HREF="http://%h/cgi-bin/chpasswd.cgi"> change</a> your password.
+<P>
+<P>
+</HTML>
Index: squid/errors/Japanese/ERR_UNAUTHORIZED_IP_ADDRESS
diff -u /dev/null squid/errors/Japanese/ERR_UNAUTHORIZED_IP_ADDRESS:1.1.58.1
--- /dev/null Fri Jan 30 02:13:10 2004
+++ squid/errors/Japanese/ERR_UNAUTHORIZED_IP_ADDRESS Fri Apr 13 16:17:15 2001
@@ -0,0 +1,10 @@
+</HEAD><BODY>
+<H1>ERROR</H1>
+<H2>Unauthorized IP Address.</H2>
+<HR>
+<P>
+<P>
+You are not authorized to access the cache using IP Address '%i'.
+<P>
+<P>
+</HTML>
Index: squid/errors/Korean/ERR_REQ_PWD_CHANGE
diff -u /dev/null squid/errors/Korean/ERR_REQ_PWD_CHANGE:1.1.58.1
--- /dev/null Fri Jan 30 02:13:10 2004
+++ squid/errors/Korean/ERR_REQ_PWD_CHANGE Fri Apr 13 16:17:15 2001
@@ -0,0 +1,10 @@
+</HEAD><BODY>
+<H1>ERROR</H1>
+<H2>Expired User Password.</H2>
+<HR>
+<P>
+<P>
+You need to <A HREF="http://%h/cgi-bin/chpasswd.cgi"> change</a> your password.
+<P>
+<P>
+</HTML>
Index: squid/errors/Korean/ERR_UNAUTHORIZED_IP_ADDRESS
diff -u /dev/null squid/errors/Korean/ERR_UNAUTHORIZED_IP_ADDRESS:1.1.58.1
--- /dev/null Fri Jan 30 02:13:10 2004
+++ squid/errors/Korean/ERR_UNAUTHORIZED_IP_ADDRESS Fri Apr 13 16:17:15 2001
@@ -0,0 +1,10 @@
+</HEAD><BODY>
+<H1>ERROR</H1>
+<H2>Unauthorized IP Address.</H2>
+<HR>
+<P>
+<P>
+You are not authorized to access the cache using IP Address '%i'.
+<P>
+<P>
+</HTML>
Index: squid/errors/Polish/ERR_REQ_PWD_CHANGE
diff -u /dev/null squid/errors/Polish/ERR_REQ_PWD_CHANGE:1.1.58.1
--- /dev/null Fri Jan 30 02:13:10 2004
+++ squid/errors/Polish/ERR_REQ_PWD_CHANGE Fri Apr 13 16:17:15 2001
@@ -0,0 +1,10 @@
+</HEAD><BODY>
+<H1>ERROR</H1>
+<H2>Expired User Password.</H2>
+<HR>
+<P>
+<P>
+You need to <A HREF="http://%h/cgi-bin/chpasswd.cgi"> change</a> your password.
+<P>
+<P>
+</HTML>
Index: squid/errors/Polish/ERR_UNAUTHORIZED_IP_ADDRESS
diff -u /dev/null squid/errors/Polish/ERR_UNAUTHORIZED_IP_ADDRESS:1.1.58.1
--- /dev/null Fri Jan 30 02:13:10 2004
+++ squid/errors/Polish/ERR_UNAUTHORIZED_IP_ADDRESS Fri Apr 13 16:17:15 2001
@@ -0,0 +1,10 @@
+</HEAD><BODY>
+<H1>ERROR</H1>
+<H2>Unauthorized IP Address.</H2>
+<HR>
+<P>
+<P>
+You are not authorized to access the cache using IP Address '%i'.
+<P>
+<P>
+</HTML>
Index: squid/errors/Portuguese/ERR_REQ_PWD_CHANGE
diff -u /dev/null squid/errors/Portuguese/ERR_REQ_PWD_CHANGE:1.1.58.1
--- /dev/null Fri Jan 30 02:13:10 2004
+++ squid/errors/Portuguese/ERR_REQ_PWD_CHANGE Fri Apr 13 16:17:15 2001
@@ -0,0 +1,10 @@
+</HEAD><BODY>
+<H1>ERROR</H1>
+<H2>Senha expirada.</H2>
+<HR>
+<P>
+<P>
+Você precisa <A HREF="http://%h/cgi-bin/chpasswd.cgi">alterar</a> sua senha.
+<P>
+<P>
+</HTML>
Index: squid/errors/Portuguese/ERR_UNAUTHORIZED_IP_ADDRESS
diff -u /dev/null squid/errors/Portuguese/ERR_UNAUTHORIZED_IP_ADDRESS:1.1.58.1
--- /dev/null Fri Jan 30 02:13:10 2004
+++ squid/errors/Portuguese/ERR_UNAUTHORIZED_IP_ADDRESS Fri Apr 13 16:17:15 2001
@@ -0,0 +1,10 @@
+</HEAD><BODY>
+<H1>ERROR</H1>
+<H2>Endereço IP não autorizado.</H2>
+<HR>
+<P>
+<P>
+Você não está autorizado para acesso ao cache através do endereço IP '%i';
+<P>
+<P>
+</HTML>
Index: squid/errors/Portuguese/README
diff -u squid/errors/Portuguese/README:1.1.1.1 squid/errors/Portuguese/README:1.1.1.1.110.1
--- squid/errors/Portuguese/README:1.1.1.1 Tue Jan 25 19:21:47 2000
+++ squid/errors/Portuguese/README Fri Apr 13 16:17:15 2001
@@ -1,2 +1,2 @@
-Thank you to Pedro Lineu Orso <orso@pop.hsbcbamerindus.com.br> for
+Thank you to Pedro Lineu Orso <orso@pop.hsbc.com.br> for
creating these error pages in Portugese!
Index: squid/errors/Romanian/ERR_REQ_PWD_CHANGE
diff -u /dev/null squid/errors/Romanian/ERR_REQ_PWD_CHANGE:1.1.58.1
--- /dev/null Fri Jan 30 02:13:10 2004
+++ squid/errors/Romanian/ERR_REQ_PWD_CHANGE Fri Apr 13 16:17:16 2001
@@ -0,0 +1,10 @@
+</HEAD><BODY>
+<H1>ERROR</H1>
+<H2>Expired User Password.</H2>
+<HR>
+<P>
+<P>
+You need to <A HREF="http://%h/cgi-bin/chpasswd.cgi"> change</a> your password.
+<P>
+<P>
+</HTML>
Index: squid/errors/Romanian/ERR_UNAUTHORIZED_IP_ADDRESS
diff -u /dev/null squid/errors/Romanian/ERR_UNAUTHORIZED_IP_ADDRESS:1.1.58.1
--- /dev/null Fri Jan 30 02:13:10 2004
+++ squid/errors/Romanian/ERR_UNAUTHORIZED_IP_ADDRESS Fri Apr 13 16:17:16 2001
@@ -0,0 +1,10 @@
+</HEAD><BODY>
+<H1>ERROR</H1>
+<H2>Unauthorized IP Address.</H2>
+<HR>
+<P>
+<P>
+You are not authorized to access the cache using IP Address '%i'.
+<P>
+<P>
+</HTML>
Index: squid/errors/Russian-1251/ERR_REQ_PWD_CHANGE
diff -u /dev/null squid/errors/Russian-1251/ERR_REQ_PWD_CHANGE:1.1.58.1
--- /dev/null Fri Jan 30 02:13:10 2004
+++ squid/errors/Russian-1251/ERR_REQ_PWD_CHANGE Fri Apr 13 16:17:16 2001
@@ -0,0 +1,10 @@
+</HEAD><BODY>
+<H1>ERROR</H1>
+<H2>Expired User Password.</H2>
+<HR>
+<P>
+<P>
+You need to <A HREF="http://%h/cgi-bin/chpasswd.cgi"> change</a> your password.
+<P>
+<P>
+</HTML>
Index: squid/errors/Russian-1251/ERR_UNAUTHORIZED_IP_ADDRESS
diff -u /dev/null squid/errors/Russian-1251/ERR_UNAUTHORIZED_IP_ADDRESS:1.1.58.1
--- /dev/null Fri Jan 30 02:13:10 2004
+++ squid/errors/Russian-1251/ERR_UNAUTHORIZED_IP_ADDRESS Fri Apr 13 16:17:16 2001
@@ -0,0 +1,10 @@
+</HEAD><BODY>
+<H1>ERROR</H1>
+<H2>Unauthorized IP Address.</H2>
+<HR>
+<P>
+<P>
+You are not authorized to access the cache using IP Address '%i'.
+<P>
+<P>
+</HTML>
Index: squid/errors/Russian-koi8-r/ERR_REQ_PWD_CHANGE
diff -u /dev/null squid/errors/Russian-koi8-r/ERR_REQ_PWD_CHANGE:1.1.58.1
--- /dev/null Fri Jan 30 02:13:10 2004
+++ squid/errors/Russian-koi8-r/ERR_REQ_PWD_CHANGE Fri Apr 13 16:17:16 2001
@@ -0,0 +1,10 @@
+</HEAD><BODY>
+<H1>ERROR</H1>
+<H2>Expired User Password.</H2>
+<HR>
+<P>
+<P>
+You need to <A HREF="http://%h/cgi-bin/chpasswd.cgi"> change</a> your password.
+<P>
+<P>
+</HTML>
Index: squid/errors/Russian-koi8-r/ERR_UNAUTHORIZED_IP_ADDRESS
diff -u /dev/null squid/errors/Russian-koi8-r/ERR_UNAUTHORIZED_IP_ADDRESS:1.1.58.1
--- /dev/null Fri Jan 30 02:13:10 2004
+++ squid/errors/Russian-koi8-r/ERR_UNAUTHORIZED_IP_ADDRESS Fri Apr 13 16:17:16 2001
@@ -0,0 +1,10 @@
+</HEAD><BODY>
+<H1>ERROR</H1>
+<H2>Unauthorized IP Address.</H2>
+<HR>
+<P>
+<P>
+You are not authorized to access the cache using IP Address '%i'.
+<P>
+<P>
+</HTML>
Index: squid/errors/Simplify_Chinese/ERR_REQ_PWD_CHANGE
diff -u /dev/null squid/errors/Simplify_Chinese/ERR_REQ_PWD_CHANGE:1.1.58.1
--- /dev/null Fri Jan 30 02:13:11 2004
+++ squid/errors/Simplify_Chinese/ERR_REQ_PWD_CHANGE Fri Apr 13 16:17:16 2001
@@ -0,0 +1,10 @@
+</HEAD><BODY>
+<H1>ERROR</H1>
+<H2>Expired User Password.</H2>
+<HR>
+<P>
+<P>
+You need to <A HREF="http://%h/cgi-bin/chpasswd.cgi"> change</a> your password.
+<P>
+<P>
+</HTML>
Index: squid/errors/Simplify_Chinese/ERR_UNAUTHORIZED_IP_ADDRESS
diff -u /dev/null squid/errors/Simplify_Chinese/ERR_UNAUTHORIZED_IP_ADDRESS:1.1.58.1
--- /dev/null Fri Jan 30 02:13:11 2004
+++ squid/errors/Simplify_Chinese/ERR_UNAUTHORIZED_IP_ADDRESS Fri Apr 13 16:17:16 2001
@@ -0,0 +1,10 @@
+</HEAD><BODY>
+<H1>ERROR</H1>
+<H2>Unauthorized IP Address.</H2>
+<HR>
+<P>
+<P>
+You are not authorized to access the cache using IP Address '%i'.
+<P>
+<P>
+</HTML>
Index: squid/errors/Slovak/ERR_REQ_PWD_CHANGE
diff -u /dev/null squid/errors/Slovak/ERR_REQ_PWD_CHANGE:1.1.58.1
--- /dev/null Fri Jan 30 02:13:11 2004
+++ squid/errors/Slovak/ERR_REQ_PWD_CHANGE Fri Apr 13 16:17:16 2001
@@ -0,0 +1,10 @@
+</HEAD><BODY>
+<H1>ERROR</H1>
+<H2>Expired User Password.</H2>
+<HR>
+<P>
+<P>
+You need to <A HREF="http://%h/cgi-bin/chpasswd.cgi"> change</a> your password.
+<P>
+<P>
+</HTML>
Index: squid/errors/Slovak/ERR_UNAUTHORIZED_IP_ADDRESS
diff -u /dev/null squid/errors/Slovak/ERR_UNAUTHORIZED_IP_ADDRESS:1.1.58.1
--- /dev/null Fri Jan 30 02:13:11 2004
+++ squid/errors/Slovak/ERR_UNAUTHORIZED_IP_ADDRESS Fri Apr 13 16:17:16 2001
@@ -0,0 +1,10 @@
+</HEAD><BODY>
+<H1>ERROR</H1>
+<H2>Unauthorized IP Address.</H2>
+<HR>
+<P>
+<P>
+You are not authorized to access the cache using IP Address '%i'.
+<P>
+<P>
+</HTML>
Index: squid/errors/Spanish/ERR_REQ_PWD_CHANGE
diff -u /dev/null squid/errors/Spanish/ERR_REQ_PWD_CHANGE:1.1.58.1
--- /dev/null Fri Jan 30 02:13:11 2004
+++ squid/errors/Spanish/ERR_REQ_PWD_CHANGE Fri Apr 13 16:17:16 2001
@@ -0,0 +1,10 @@
+</HEAD><BODY>
+<H1>ERROR</H1>
+<H2>Expired User Password.</H2>
+<HR>
+<P>
+<P>
+You need to <A HREF="http://%h/cgi-bin/chpasswd.cgi"> change</a> your password.
+<P>
+<P>
+</HTML>
Index: squid/errors/Spanish/ERR_UNAUTHORIZED_IP_ADDRESS
diff -u /dev/null squid/errors/Spanish/ERR_UNAUTHORIZED_IP_ADDRESS:1.1.58.1
--- /dev/null Fri Jan 30 02:13:11 2004
+++ squid/errors/Spanish/ERR_UNAUTHORIZED_IP_ADDRESS Fri Apr 13 16:17:16 2001
@@ -0,0 +1,10 @@
+</HEAD><BODY>
+<H1>ERROR</H1>
+<H2>Unauthorized IP Address.</H2>
+<HR>
+<P>
+<P>
+You are not authorized to access the cache using IP Address '%i'.
+<P>
+<P>
+</HTML>
Index: squid/errors/Swedish/ERR_REQ_PWD_CHANGE
diff -u /dev/null squid/errors/Swedish/ERR_REQ_PWD_CHANGE:1.1.58.1
--- /dev/null Fri Jan 30 02:13:11 2004
+++ squid/errors/Swedish/ERR_REQ_PWD_CHANGE Fri Apr 13 16:17:16 2001
@@ -0,0 +1,10 @@
+</HEAD><BODY>
+<H1>ERROR</H1>
+<H2>Expired User Password.</H2>
+<HR>
+<P>
+<P>
+You need to <A HREF="http://%h/cgi-bin/chpasswd.cgi"> change</a> your password.
+<P>
+<P>
+</HTML>
Index: squid/errors/Swedish/ERR_UNAUTHORIZED_IP_ADDRESS
diff -u /dev/null squid/errors/Swedish/ERR_UNAUTHORIZED_IP_ADDRESS:1.1.58.1
--- /dev/null Fri Jan 30 02:13:11 2004
+++ squid/errors/Swedish/ERR_UNAUTHORIZED_IP_ADDRESS Fri Apr 13 16:17:16 2001
@@ -0,0 +1,10 @@
+</HEAD><BODY>
+<H1>ERROR</H1>
+<H2>Unauthorized IP Address.</H2>
+<HR>
+<P>
+<P>
+You are not authorized to access the cache using IP Address '%i'.
+<P>
+<P>
+</HTML>
Index: squid/errors/Traditional_Chinese/ERR_REQ_PWD_CHANGE
diff -u /dev/null squid/errors/Traditional_Chinese/ERR_REQ_PWD_CHANGE:1.1.58.1
--- /dev/null Fri Jan 30 02:13:11 2004
+++ squid/errors/Traditional_Chinese/ERR_REQ_PWD_CHANGE Fri Apr 13 16:17:16 2001
@@ -0,0 +1,10 @@
+</HEAD><BODY>
+<H1>ERROR</H1>
+<H2>Expired User Password.</H2>
+<HR>
+<P>
+<P>
+You need to <A HREF="http://%h/cgi-bin/chpasswd.cgi"> change</a> your password.
+<P>
+<P>
+</HTML>
Index: squid/errors/Traditional_Chinese/ERR_UNAUTHORIZED_IP_ADDRESS
diff -u /dev/null squid/errors/Traditional_Chinese/ERR_UNAUTHORIZED_IP_ADDRESS:1.1.58.1
--- /dev/null Fri Jan 30 02:13:11 2004
+++ squid/errors/Traditional_Chinese/ERR_UNAUTHORIZED_IP_ADDRESS Fri Apr 13 16:17:16 2001
@@ -0,0 +1,10 @@
+</HEAD><BODY>
+<H1>ERROR</H1>
+<H2>Unauthorized IP Address.</H2>
+<HR>
+<P>
+<P>
+You are not authorized to access the cache using IP Address '%i'.
+<P>
+<P>
+</HTML>
Index: squid/errors/Turkish/ERR_REQ_PWD_CHANGE
diff -u /dev/null squid/errors/Turkish/ERR_REQ_PWD_CHANGE:1.1.58.1
--- /dev/null Fri Jan 30 02:13:11 2004
+++ squid/errors/Turkish/ERR_REQ_PWD_CHANGE Fri Apr 13 16:17:16 2001
@@ -0,0 +1,10 @@
+</HEAD><BODY>
+<H1>ERROR</H1>
+<H2>Expired User Password.</H2>
+<HR>
+<P>
+<P>
+You need to <A HREF="http://%h/cgi-bin/chpasswd.cgi"> change</a> your password.
+<P>
+<P>
+</HTML>
Index: squid/errors/Turkish/ERR_UNAUTHORIZED_IP_ADDRESS
diff -u /dev/null squid/errors/Turkish/ERR_UNAUTHORIZED_IP_ADDRESS:1.1.58.1
--- /dev/null Fri Jan 30 02:13:11 2004
+++ squid/errors/Turkish/ERR_UNAUTHORIZED_IP_ADDRESS Fri Apr 13 16:17:16 2001
@@ -0,0 +1,10 @@
+</HEAD><BODY>
+<H1>ERROR</H1>
+<H2>Unauthorized IP Address.</H2>
+<HR>
+<P>
+<P>
+You are not authorized to access the cache using IP Address '%i'.
+<P>
+<P>
+</HTML>
Index: squid/src/acl.c
diff -u squid/src/acl.c:1.29 squid/src/acl.c:1.29.8.1
--- squid/src/acl.c:1.29 Thu Apr 5 23:49:27 2001
+++ squid/src/acl.c Fri Apr 13 16:17:16 2001
@@ -1173,12 +1173,15 @@
}
}
-/* aclMatchProxyAuth can return four exit codes:
- * 0 : Authenticated OK, Authorisation for this ACL failed.
- * 1 : Authenticated OK, Authorisation OK.
- * -1 : send data to an external authenticator
- * -2 : send data to the client
- */
+/* aclMatchProxyAuth can return any of these exit codes */
+enum {
+ PROXYAUTH_NOTMATCH = 0, /* Authenticated OK, not in ACL */
+ PROXYAUTH_MATCHED = 1, /* Authenticated OK, matched ACL */
+ PROXYAUTH_VALIDATE = -1, /* Ask external authenticator */
+ PROXYAUTH_FAIL = -2, /* Authentication failure, bad password */
+ PROXYAUTH_EXPIRED = -3, /* Authentication failure, expired */
+ PROXYAUTH_BADIP = -4, /* Authentication failure, diallowed IP */
+};
static int
aclMatchProxyAuth(void *data, http_hdr_type headertype,
auth_user_request_t * auth_user_request, aclCheck_t * checklist,
@@ -1205,7 +1208,7 @@
* deny access: clientreadrequest requires conn data, and it is always
* compiled in so we should have it too.
*/
- return 0;
+ return PROXYAUTH_NOTMATCH;
}
/*
* a note on proxy_auth logix here:
@@ -1225,7 +1228,7 @@
/* unlock the ACL lock */
authenticateAuthUserRequestUnlock(auth_user_request);
}
- return -2;
+ return PROXYAUTH_FAIL;
}
/* we have a proxy auth header and as far as we know this connection has
* not had bungled connection oriented authentication happen on it. */
@@ -1248,7 +1251,7 @@
/* unlock the ACL reference. */
authenticateAuthUserRequestUnlock(auth_user_request);
}
- return -2;
+ return PROXYAUTH_FAIL;
}
/* the user_request comes prelocked for the caller to GetAuthUser (us) */
} else if (checklist->request->auth_user_request) {
@@ -1265,7 +1268,7 @@
debug(28, 4) ("aclMatchProxyAuth: Auth user request %d conn-auth user request %d conn type %d authentication failed.\n",
auth_user_request, checklist->conn->auth_user_request,
checklist->conn->auth_type);
- return -2;
+ return PROXYAUTH_FAIL;
}
}
}
@@ -1278,20 +1281,28 @@
authenticateAuthenticateUser(auth_user_request, checklist->request,
checklist->conn, headertype);
switch (authenticateDirection(auth_user_request)) {
- case 1:
+ case AUTHDIR_CHALLENGE:
/* this ACL check is finished. Unlock. */
authenticateAuthUserRequestUnlock(auth_user_request);
- return -2;
- case -1:
+ return PROXYAUTH_FAIL;
+ case AUTHDIR_REVALIDATE:
/* we are partway through authentication within squid
* store the auth_user for the callback to here */
checklist->auth_user_request = auth_user_request;
/* we will be called back here. Do not Unlock */
- return -1;
- case -2:
+ return PROXYAUTH_VALIDATE;
+ case AUTHDIR_FAILED:
+ /* this ACL check is finished. Unlock. */
+ authenticateAuthUserRequestUnlock(auth_user_request);
+ return PROXYAUTH_FAIL;
+ case AUTHDIR_EXPIRED:
+ /* this ACL check is finished. Unlock. */
+ authenticateAuthUserRequestUnlock(auth_user_request);
+ return PROXYAUTH_EXPIRED;
+ case AUTHDIR_BADIP:
/* this ACL check is finished. Unlock. */
authenticateAuthUserRequestUnlock(auth_user_request);
- return -2;
+ return PROXYAUTH_BADIP;
} /* on 0 the authentication is finished - fallthrough */
/* See of user authentication failed for some reason */
if (!authenticateUserAuthenticated(auth_user_request)) {
@@ -1305,7 +1316,7 @@
}
/* this ACL check is finished. Unlock. */
authenticateAuthUserRequestUnlock(auth_user_request);
- return -2;
+ return PROXYAUTH_FAIL;
}
}
@@ -1327,11 +1338,12 @@
/* check to see if we have matched the user-acl before */
return aclCacheMatchAcl(&auth_user_request->auth_user->
proxy_match_cache, acltype, data,
- authenticateUserRequestUsername(auth_user_request));
+ authenticateUserRequestUsername(auth_user_request)) ?
+ PROXYAUTH_MATCHED : PROXYAUTH_NOTMATCH;
}
/* this acl check completed */
authenticateAuthUserRequestUnlock(auth_user_request);
- return 0;
+ return PROXYAUTH_NOTMATCH;
}
static void
@@ -1619,22 +1631,30 @@
/* Check the credentials */
switch (aclMatchProxyAuth(ae->data, headertype,
checklist->auth_user_request, checklist, ae->type)) {
- case 0:
+ case PROXYAUTH_NOTMATCH:
debug(28, 4) ("aclMatchAcl: returning 0 user authenticated but not authorised.\n");
/* Authenticated but not Authorised for this ACL */
return 0;
- case 1:
+ case PROXYAUTH_MATCHED:
debug(28, 4) ("aclMatchAcl: returning 1 user authenticated and authorised.\n");
/* Authenticated and Authorised for this ACL */
return 1;
- case -2:
+ case PROXYAUTH_BADIP:
+ debug(28, 4) ("aclMatchAcl: returning 0 unauthorized IP address for user\n");
+ checklist->state[ACL_PROXY_AUTH] = ACL_UNAUTHORIZED_IP_ADDRESS;
+ return 0;
+ case PROXYAUTH_EXPIRED:
+ debug(28, 4) ("aclMatchAcl: returning 0 user password expired.\n");
+ checklist->state[ACL_PROXY_AUTH] = ACL_EXPIRED_PASSWORD;
+ return 0;
+ case PROXYAUTH_FAIL:
debug(28, 4) ("aclMatchAcl: returning 0 sending authentication challenge.\n");
/* Authentication credentials invalid or missing. */
/* Or partway through NTLM handshake. A proxy_Authenticate header
* gets sent to the client. */
checklist->state[ACL_PROXY_AUTH] = ACL_PROXY_AUTH_NEEDED;
return 0;
- case -1:
+ case PROXYAUTH_VALIDATE:
debug(28, 4) ("aclMatchAcl: returning 0 sending credentials to helper.\n");
/*
* we need to validate the password
@@ -1777,6 +1797,14 @@
aclLookupProxyAuthStart(checklist);
checklist->state[ACL_PROXY_AUTH] = ACL_LOOKUP_PENDING;
return;
+ } else if (checklist->state[ACL_PROXY_AUTH] == ACL_EXPIRED_PASSWORD) {
+ debug(28, 3) ("aclCheck: user password expired, must be changed\n");
+ allow = ACCESS_REQ_PWD_CHANGE;
+ match = -1;
+ } else if (checklist->state[ACL_PROXY_AUTH] == ACL_UNAUTHORIZED_IP_ADDRESS) {
+ debug(28, 3) ("aclCheck: unauthorized IP Address for user\n");
+ allow = ACCESS_UNAUTHORIZED_IP_ADDRESS;
+ match = -1;
} else if (checklist->state[ACL_PROXY_AUTH] == ACL_PROXY_AUTH_NEEDED) {
/* Client is required to resend the request with correct authentication
* credentials. (This may be part of a stateful auth protocol.
Index: squid/src/client_side.c
diff -u squid/src/client_side.c:1.26 squid/src/client_side.c:1.25.2.2
--- squid/src/client_side.c:1.26 Fri Apr 13 17:31:01 2001
+++ squid/src/client_side.c Sat Apr 14 06:54:05 2001
@@ -247,7 +247,13 @@
http->log_type = LOG_TCP_DENIED;
http->entry = clientCreateStoreEntry(http, http->request->method,
null_request_flags);
- if (answer == ACCESS_REQ_PROXY_AUTH || aclIsProxyAuth(AclMatchedName)) {
+ if (answer == ACCESS_REQ_PWD_CHANGE) {
+ status = HTTP_FORBIDDEN;
+ page_id = ERR_REQ_PWD_CHANGE;
+ } else if (answer == ACCESS_UNAUTHORIZED_IP_ADDRESS) {
+ status = HTTP_FORBIDDEN;
+ page_id = ERR_UNAUTHORIZED_IP_ADDRESS;
+ } else if (answer == ACCESS_REQ_PROXY_AUTH || aclIsProxyAuth(AclMatchedName)) {
if (!http->flags.accel) {
/* Proxy authorisation needed */
status = HTTP_PROXY_AUTHENTICATION_REQUIRED;
Index: squid/src/enums.h
diff -u squid/src/enums.h:1.19 squid/src/enums.h:1.18.2.3
--- squid/src/enums.h:1.19 Fri Apr 13 17:31:02 2001
+++ squid/src/enums.h Sat Apr 14 06:54:06 2001
@@ -89,6 +89,8 @@
ERR_FTP_UNAVAILABLE,
ERR_ONLY_IF_CACHED_MISS, /* failure to satisfy only-if-cached request */
ERR_TOO_BIG,
+ ERR_REQ_PWD_CHANGE,
+ ERR_UNAUTHORIZED_IP_ADDRESS,
ERR_MAX
} err_type;
@@ -138,6 +140,8 @@
ACL_LOOKUP_PENDING,
ACL_LOOKUP_DONE,
ACL_PROXY_AUTH_NEEDED,
+ ACL_EXPIRED_PASSWORD,
+ ACL_UNAUTHORIZED_IP_ADDRESS,
} acl_lookup_state;
enum {
@@ -502,7 +506,9 @@
typedef enum {
ACCESS_DENIED,
ACCESS_ALLOWED,
- ACCESS_REQ_PROXY_AUTH
+ ACCESS_REQ_PROXY_AUTH,
+ ACCESS_REQ_PWD_CHANGE,
+ ACCESS_UNAUTHORIZED_IP_ADDRESS,
} allow_t;
typedef enum {
@@ -757,6 +763,24 @@
CBDATA_FIRST_CUSTOM_TYPE = 1000
} cbdata_type;
+enum _credentials_status_t {
+ CREDENTIALS_UNKNOWN,
+ CREDENTIALS_OK,
+ CREDENTIALS_FAILED,
+ CREDENTIALS_PENDING,
+ CREDENTIALS_EXPIRED,
+ CREDENTIALS_BADIP,
+};
+
+enum _authdir_result_t {
+ AUTHDIR_OK = 0,
+ AUTHDIR_CHALLENGE = 1,
+ AUTHDIR_REVALIDATE = -1,
+ AUTHDIR_FAILED = -2,
+ AUTHDIR_EXPIRED = -3,
+ AUTHDIR_BADIP = -4,
+};
+
/*
* Return codes from checkVary(request)
*/
Index: squid/src/structs.h
diff -u squid/src/structs.h:1.30 squid/src/structs.h:1.29.8.2
--- squid/src/structs.h:1.30 Fri Apr 13 17:31:02 2001
+++ squid/src/structs.h Sat Apr 14 06:54:06 2001
@@ -98,9 +98,7 @@
/* we may have many proxy-authenticate strings that decode to the same user */
dlink_list proxy_auth_list;
dlink_list proxy_match_cache;
- struct {
- unsigned int credentials_ok:2; /*0=unchecked,1=ok,2=failed */
- } flags;
+ credentials_status_t credentials_status;
long expiretime;
/* IP addr this user authenticated from */
struct in_addr ipaddr;
Index: squid/src/typedefs.h
diff -u squid/src/typedefs.h:1.18 squid/src/typedefs.h:1.17.18.2
--- squid/src/typedefs.h:1.18 Fri Apr 13 17:31:02 2001
+++ squid/src/typedefs.h Sat Apr 14 06:54:06 2001
@@ -61,6 +61,7 @@
typedef struct _acl_time_data acl_time_data;
typedef struct _acl_name_list acl_name_list;
typedef struct _acl_deny_info_list acl_deny_info_list;
+typedef enum _credentials_status_t credentials_status_t;
typedef struct _auth_user_t auth_user_t;
typedef struct _auth_user_request_t auth_user_request_t;
typedef struct _auth_user_hash_pointer auth_user_hash_pointer;
@@ -187,6 +188,7 @@
typedef struct _RemovalPurgeWalker RemovalPurgeWalker;
typedef struct _RemovalPolicyNode RemovalPolicyNode;
typedef struct _RemovalPolicySettings RemovalPolicySettings;
+typedef enum _authdir_result_t authdir_result_t;
typedef struct _http_version_t http_version_t;
@@ -296,7 +298,7 @@
typedef void AUTHSAUTHUSER(auth_user_request_t *, request_t *, ConnStateData *, http_hdr_type);
typedef int AUTHSCONFIGURED(void);
typedef void AUTHSDECODE(auth_user_request_t *, const char *);
-typedef int AUTHSDIRECTION(auth_user_request_t *);
+typedef authdir_result_t AUTHSDIRECTION(auth_user_request_t *);
typedef void AUTHSDUMP(StoreEntry *, const char *, authScheme *);
typedef void AUTHSFIXERR(auth_user_request_t *, HttpReply *, http_hdr_type, request_t *);
typedef void AUTHSADDHEADER(auth_user_request_t *, HttpReply *, int);
Index: squid/src/auth/basic/auth_basic.c
diff -u squid/src/auth/basic/auth_basic.c:1.11 squid/src/auth/basic/auth_basic.c:1.11.16.3
--- squid/src/auth/basic/auth_basic.c:1.11 Wed Mar 21 15:43:33 2001
+++ squid/src/auth/basic/auth_basic.c Sat Apr 14 11:36:58 2001
@@ -149,7 +149,7 @@
authenticateBasicAuthenticated(auth_user_request_t * auth_user_request)
{
basic_data *basic_auth = auth_user_request->auth_user->scheme_data;
- if ((auth_user_request->auth_user->flags.credentials_ok == 1) && (basic_auth->credentials_checkedtime + basicConfig->credentialsTTL > squid_curtime))
+ if ((auth_user_request->auth_user->credentials_status == CREDENTIALS_OK) && (basic_auth->credentials_checkedtime + basicConfig->credentialsTTL > squid_curtime))
return 1;
debug(29, 4) ("User not authenticated or credentials need rechecking.\n");
return 0;
@@ -175,7 +175,7 @@
auth_user = auth_user_request->auth_user;
/* if the password is not ok, do an identity */
- if (auth_user->flags.credentials_ok != 1)
+ if (auth_user->credentials_status != CREDENTIALS_OK)
return;
assert(auth_user->scheme_data != NULL);
@@ -197,25 +197,31 @@
return;
}
-int
+authdir_result_t
authenticateBasicDirection(auth_user_request_t * auth_user_request)
{
/* null auth_user is checked for by authenticateDirection */
auth_user_t *auth_user = auth_user_request->auth_user;
basic_data *basic_auth = auth_user->scheme_data;
- switch (auth_user->flags.credentials_ok) {
- case 0: /* not checked */
- return -1;
- case 1: /* checked & ok */
+ switch (auth_user->credentials_status) {
+ case CREDENTIALS_UNKNOWN: /* not checked */
+ return AUTHDIR_REVALIDATE;
+ case CREDENTIALS_OK: /* checked & ok */
if (basic_auth->credentials_checkedtime + basicConfig->credentialsTTL <= squid_curtime)
- return -1;
- return 0;
- case 2: /* paused while waiting for a username:password check on another request */
- return -1;
- case 3: /* authentication process failed. */
- return -2;
+ return AUTHDIR_REVALIDATE;
+ return AUTHDIR_OK;
+ case CREDENTIALS_PENDING: /* paused while waiting for a username:password check on another request */
+ return AUTHDIR_REVALIDATE;
+ case CREDENTIALS_FAILED: /* authentication process failed. */
+ return AUTHDIR_FAILED;
+ case CREDENTIALS_EXPIRED: /* authentication process indicated expired password */
+ return AUTHDIR_EXPIRED;
+ case CREDENTIALS_BADIP: /* authentication process indicated bad IP */
+ return AUTHDIR_BADIP;
+ default:
+ debug(29, 1) ("authenticateBasicDirection: Unknown credential status %d\n", auth_user->credentials_status);
+ return AUTHDIR_FAILED; /* just in case... */
}
- return -2;
}
void
@@ -275,10 +281,15 @@
assert(r->auth_user_request->auth_user->auth_type == AUTH_BASIC);
auth_user = r->auth_user_request->auth_user;
basic_auth = auth_user->scheme_data;
- if (reply && (strncasecmp(reply, "OK", 2) == 0))
- auth_user->flags.credentials_ok = 1;
- else
- auth_user->flags.credentials_ok = 3;
+ auth_user->credentials_status = CREDENTIALS_FAILED;
+ if (reply) {
+ if (strncasecmp(reply, "OK", 2) == 0)
+ auth_user->credentials_status = CREDENTIALS_OK;
+ else if (strncasecmp(reply, "EXP", 3) == 0)
+ auth_user->credentials_status = CREDENTIALS_EXPIRED;
+ else if (strncasecmp(reply, "NIP", 3) == 0)
+ auth_user->credentials_status = CREDENTIALS_BADIP;
+ }
basic_auth->credentials_checkedtime = squid_curtime;
valid = cbdataValid(r->data);
if (valid)
@@ -515,7 +526,7 @@
basic_auth = auth_user->scheme_data;
if (strcmp(local_basic.passwd, basic_auth->passwd)) {
debug(29, 4) ("authBasicDecodeAuth: new password found. Updating in user master record and resetting auth state to unchecked\n");
- auth_user->flags.credentials_ok = 0;
+ auth_user->credentials_status = CREDENTIALS_UNKNOWN;
xfree(basic_auth->passwd);
basic_auth->passwd = local_basic.passwd;
} else
@@ -575,7 +586,7 @@
return;
}
/* check to see if the auth_user already has a request outstanding */
- if (auth_user_request->auth_user->flags.credentials_ok == 2) {
+ if (auth_user_request->auth_user->credentials_status == CREDENTIALS_OK) {
/* there is a request with the same credentials already being verified */
auth_basic_queue_node *node;
node = xmalloc(sizeof(auth_basic_queue_node));
@@ -595,8 +606,8 @@
r->data = data;
r->auth_user_request = auth_user_request;
/* mark the user as haveing verification in progress */
- auth_user_request->auth_user->flags.credentials_ok = 2;
- snprintf(buf, 8192, "%s %s\n", basic_auth->username, basic_auth->passwd);
+ auth_user_request->auth_user->credentials_status = CREDENTIALS_PENDING;
+ snprintf(buf, 8192, "%s %s %s\n", basic_auth->username, basic_auth->passwd, inet_ntoa(auth_user_request->auth_user->ipaddr));
helperSubmit(basicauthenticators, buf, authenticateBasicHandleReply, r);
}
}
Index: squid/src/auth/basic/helpers/NCSA_PLUS/Makefile.in
diff -u /dev/null squid/src/auth/basic/helpers/NCSA_PLUS/Makefile.in:1.1.2.1
--- /dev/null Fri Jan 30 02:13:15 2004
+++ squid/src/auth/basic/helpers/NCSA_PLUS/Makefile.in Fri Apr 13 16:17:17 2001
@@ -0,0 +1,100 @@
+#
+# Makefile for the Squid Object Cache server
+#
+# $Id: squid-authinfo-HEAD,v 1.2 2004/09/29 00:22:49 hno Exp $
+#
+# Uncomment and customize the following to suit your needs:
+#
+
+prefix = @prefix@
+exec_prefix = @exec_prefix@
+exec_suffix = @exec_suffix@
+cgi_suffix = @cgi_suffix@
+top_srcdir = @top_srcdir@
+bindir = @bindir@
+libexecdir = @libexecdir@
+sysconfdir = @sysconfdir@
+localstatedir = @localstatedir@
+srcdir = @srcdir@
+VPATH = @srcdir@
+
+# Gotta love the DOS legacy
+#
+NCSA_AUTH_PLUS_EXE = ncsa_auth_plus$(exec_suffix)
+
+DEFAULT_PASSWD_FILE = $(sysconfdir)/passwd
+
+CC = @CC@
+MAKEDEPEND = @MAKEDEPEND@
+INSTALL = @INSTALL@
+INSTALL_BIN = @INSTALL_PROGRAM@
+INSTALL_FILE = @INSTALL_DATA@
+INSTALL_SUID = @INSTALL_PROGRAM@ -o root -m 4755
+RANLIB = @RANLIB@
+LN_S = @LN_S@
+PERL = @PERL@
+CRYPTLIB = @CRYPTLIB@
+REGEXLIB = @REGEXLIB@
+PTHREADLIB = @PTHREADLIB@
+SNMPLIB = @SNMPLIB@
+MALLOCLIB = @LIB_MALLOC@
+AC_CFLAGS = @CFLAGS@
+LDFLAGS = @LDFLAGS@
+XTRA_LIBS = @XTRA_LIBS@
+XTRA_OBJS = @XTRA_OBJS@
+MV = @MV@
+RM = @RM@
+SHELL = /bin/sh
+
+
+INCLUDE = -I. -I../../../../../include -I$(top_srcdir)/include
+CFLAGS = $(AC_CFLAGS) $(INCLUDE) $(DEFINES)
+AUTH_LIBS = -L../../../../../lib -lmiscutil $(CRYPTLIB) $(XTRA_LIBS)
+
+PROGS = $(NCSA_AUTH_PLUS_EXE)
+OBJS = ncsa_auth_plus.o
+
+all: $(NCSA_AUTH_PLUS_EXE)
+
+$(OBJS): $(top_srcdir)/include/version.h
+
+$(NCSA_AUTH_PLUS_EXE): ncsa_auth_plus.o
+ $(CC) $(LDFLAGS) ncsa_auth_plus.o -o $@ $(AUTH_LIBS)
+
+install-mkdirs:
+ -@if test ! -d $(prefix); then \
+ echo "mkdir $(prefix)"; \
+ mkdir -p $(prefix); \
+ fi
+ -@if test ! -d $(bindir); then \
+ echo "mkdir $(bindir)"; \
+ mkdir -p $(bindir); \
+ fi
+
+# Michael Lupp <mike@nemesis.saar.de> wants to know about additions
+# to the install target.
+install: all install-mkdirs
+ @for f in $(PROGS); do \
+ if test -f $(bindir)/$$f; then \
+ echo $(MV) $(bindir)/$$f $(bindir)/-$$f; \
+ $(MV) $(bindir)/$$f $(bindir)/-$$f; \
+ fi; \
+ echo $(INSTALL_BIN) $$f $(bindir); \
+ $(INSTALL_BIN) $$f $(bindir); \
+ if test -f $(bindir)/-$$f; then \
+ echo $(RM) -f $(bindir)/-$$f; \
+ $(RM) -f $(bindir)/-$$f; \
+ fi; \
+ done
+
+clean:
+ -rm -rf *.o *pure_* core $(PROGS)
+
+distclean: clean
+ -rm -f Makefile
+
+tags:
+ ctags *.[ch] ../include/*.h ../lib/*.[ch]
+
+depend:
+ $(MAKEDEPEND) -I../include -I. -fMakefile *.c
Index: squid/src/auth/basic/helpers/NCSA_PLUS/ncsa_auth_plus.c
diff -u /dev/null squid/src/auth/basic/helpers/NCSA_PLUS/ncsa_auth_plus.c:1.1.2.1
--- /dev/null Fri Jan 30 02:13:15 2004
+++ squid/src/auth/basic/helpers/NCSA_PLUS/ncsa_auth_plus.c Fri Apr 13 16:17:17 2001
@@ -0,0 +1,271 @@
+/*
+ * ncsa_auth_plus.c
+ *
+ * AUTHOR: Pedro Lineu Orso <orso@onda.com.br>
+ *
+ * Adapted from ncsa_auth from Arjan de Vet <Arjan.deVet@adv.iae.nl>
+ *
+ * Passwod age and IP Address control implemented.
+ *
+ * The password file must have the cahcnged date and the
+ * IP Address authorized for the user in the following format:
+ *
+ * user:password:changed_date:ip_address
+ *
+ * with expiration date and ip address control:
+ * Eg.: user01:owiGx.YxAufGU:2000-08-20:192.168.10.1
+ *
+ * without expiration date and with ip address control:
+ * Eg.: user01:owiGx.YxAufGU:*:192.168.10.1
+ *
+ * with expiration date and without ip address control:
+ * Eg.: user01:owiGx.YxAufGU:2000-08-20:*
+ *
+ * with expiration date and ip address control:
+ * Eg.: user01:owiGx.YxAufGU:*:*
+ *
+ * You must set the EXPIRATION_NDAYS ndays variable. The default is 30 days.
+ *
+ */
+
+#include "config.h"
+#if HAVE_STDIO_H
+#include <stdio.h>
+#endif
+#if HAVE_STDLIB_H
+#include <stdlib.h>
+#endif
+#if HAVE_UNISTD_H
+#include <unistd.h>
+#endif
+#if HAVE_STRING_H
+#include <string.h>
+#endif
+#if HAVE_SYS_TYPES_H
+#include <sys/types.h>
+#endif
+#if HAVE_SYS_STAT_H
+#include <sys/stat.h>
+#endif
+#if HAVE_CRYPT_H
+#include <crypt.h>
+#endif
+
+#include "util.h"
+#include "hash.h"
+
+#define EXPIRATION_NDAYS 30
+
+static hash_table *hash = NULL;
+static HASHFREE my_free;
+
+typedef struct _user_data {
+ /* first two items must be same as hash_link */
+ char *user;
+ struct _user_data *next;
+ char *passwd;
+ int passwd_ok; /* 1 = passwd checked OK */
+ long expiretime;
+ char *ipaddr; /* IP addr this user authenticated from */
+ time_t ip_expiretime;
+ char *pwd_last_change;
+ char *authorized_ip;
+} user_data;
+
+static void
+my_free(void *p)
+{
+ user_data *u = p;
+ xfree(u->user);
+ xfree(u->passwd);
+ xfree(u->pwd_last_change);
+ xfree(u->authorized_ip);
+ xfree(u);
+}
+
+static void
+getword(char *word, char *line, char stop)
+{
+ int x = 0,y;
+
+ for(x=0;((line[x]) && (line[x] != stop ));x++)
+ word[x] = line[x];
+
+ word[x] = '\0';
+ if(line[x]) ++x;
+ y=0;
+
+ while((line[y++] = line[x++]));
+}
+
+static void
+read_passwd_file(const char *passwdfile)
+{
+ FILE *f;
+ char buf[8192];
+ user_data *u;
+ char *user;
+ char *passwd;
+ char *pwd_last_change;
+ char *authorized_ip;
+ if (hash != NULL) {
+ hashFreeItems(hash, my_free);
+ }
+ /* initial setup */
+ hash = hash_create((HASHCMP *) strcmp, 7921, hash_string);
+ if (NULL == hash) {
+ fprintf(stderr, "ncsa_auth: cannot create hash table\n");
+ exit(1);
+ }
+ f = fopen(passwdfile, "r");
+ while (fgets(buf, 8192, f) != NULL) {
+ if ((buf[0] == '#') || (buf[0] == ' ') || (buf[0] == '\t') ||
+ (buf[0] == '\n'))
+ continue;
+ user = strtok(buf, ":\n");
+ passwd = strtok(NULL, ":\n");
+ pwd_last_change = strtok(NULL, ":\n");
+ authorized_ip = strtok(NULL, ":\n");
+ if ((strlen(user) > 0) && passwd) {
+ u = xmalloc(sizeof(*u));
+ u->user = xstrdup(user);
+ u->passwd = xstrdup(passwd);
+ if(pwd_last_change != NULL)
+ u->pwd_last_change = xstrdup(pwd_last_change);
+ else u->pwd_last_change = xstrdup("\0");
+ if(authorized_ip != NULL)
+ u->authorized_ip = xstrdup(authorized_ip);
+ else u->authorized_ip = xstrdup("\0");
+ hash_join(hash, (hash_link *) u);
+ }
+ }
+ fclose(f);
+}
+
+int calcdate(char *last)
+{
+ time_t tm;
+ struct tm *t;
+
+ char mdays[12][3]={"31","28","31","30","31","30","31","31","30","31","30","31"};
+ char y1[5], y2[5];
+ char m1[3], m2[3];
+ char d1[3], d2[3];
+ char w[20], wlast[20];
+ int div=4;
+ int x=0, n=0;
+ int jul1=0;
+ int jul2=0;
+
+ strcpy(wlast,last);
+ getword(y1,wlast,'-');
+ getword(m1,wlast,'-');
+ getword(d1,wlast,'-');
+
+ tm = time(NULL);
+ t = localtime(&tm);
+ strftime(y2, 5, "%Y", t);
+ strftime(m2, 3, "%m", t);
+ strftime(d2, 3, "%d", t);
+
+ if(atoi(m1) < 2)
+ jul1=atoi(d1);
+ else {
+ for(x=1; x<=atoi(m1)-1; x++)
+ jul1+=atoi(mdays[x-1]);
+ jul1+=atoi(d1);
+ if(strncmp(y1+2,"00",2) == 0) {
+ div=400;
+ n=366;
+ } else n=365;
+ if(!atoi(y1)%div)
+ jul1++;
+ }
+
+ if(atoi(m2) < 2)
+ jul2=atoi(d2);
+ else {
+ for(x=1; x<=atoi(m2)-1; x++)
+ jul2+=atoi(mdays[x-1]);
+ jul2+=atoi(d2);
+ if(strncmp(y2+2,"00",2) == 0)
+ div=400;
+ if(!atoi(y2)%div)
+ jul2++;
+ }
+
+ if(jul2<jul1) {
+ jul1=n-jul1;
+ return (jul1+jul2);
+ } else {
+ sprintf(w,"%s%03d",y1,jul1);
+ jul1=atoi(w);
+ sprintf(w,"%s%03d",y2,jul2);
+ jul2=atoi(w);
+ return (jul2-jul1);
+ }
+
+}
+
+int
+main(int argc, char **argv)
+{
+ struct stat sb;
+ time_t change_time = 0;
+ char buf[256];
+ char *user, *passwd, *ipaddr, *p;
+ user_data *u;
+ int days;
+
+ setbuf(stdout, NULL);
+ if (argc != 2) {
+ fprintf(stderr, "Usage: ncsa_auth <passwordfile>\n");
+ exit(1);
+ }
+ if (stat(argv[1], &sb) != 0) {
+ fprintf(stderr, "cannot stat %s\n", argv[1]);
+ exit(1);
+ }
+ while (fgets(buf, 256, stdin) != NULL) {
+ if ((p = strchr(buf, '\n')) != NULL)
+ *p = '\0'; /* strip \n */
+ if (stat(argv[1], &sb) == 0) {
+ if (sb.st_mtime != change_time) {
+ read_passwd_file(argv[1]);
+ change_time = sb.st_mtime;
+ }
+ }
+ if ((user = strtok(buf, " ")) == NULL) {
+ printf("ERR\n");
+ continue;
+ }
+ if ((passwd = strtok(NULL, " ")) == NULL) {
+ printf("ERR\n");
+ continue;
+ }
+ if ((ipaddr = strtok(NULL, " ")) == NULL) {
+ printf("ERR\n");
+ continue;
+ }
+ u = hash_lookup(hash, user);
+
+ days = 0;
+ if(u->pwd_last_change[0] != '\0' && u->pwd_last_change[0] != '*')
+ days=calcdate(u->pwd_last_change);
+ if(u->authorized_ip[0] == '\0' || u->authorized_ip[0] == '*')
+ u->authorized_ip = xstrdup(ipaddr);
+
+ if (u == NULL) {
+ printf("ERR\n");
+ } else if (strcmp(u->passwd, (char *) crypt(passwd, u->passwd))) {
+ printf("ERR\n");
+ } else if (days >= EXPIRATION_NDAYS) {
+ printf("EXP\n");
+ } else if (strncmp(ipaddr,u->authorized_ip,strlen(ipaddr)) != 0) {
+ printf("NIP\n");
+ } else {
+ printf("OK\n");
+ }
+ }
+ exit(0);
+}
Index: squid/src/auth/digest/auth_digest.c
diff -u squid/src/auth/digest/auth_digest.c:1.5 squid/src/auth/digest/auth_digest.c:1.5.22.2
--- squid/src/auth/digest/auth_digest.c:1.5 Sat Mar 3 02:44:33 2001
+++ squid/src/auth/digest/auth_digest.c Fri Apr 13 16:29:44 2001
@@ -617,7 +617,7 @@
int
authDigestAuthenticated(auth_user_request_t * auth_user_request)
{
- if (auth_user_request->auth_user->flags.credentials_ok == 1)
+ if (auth_user_request->auth_user->credentials_status == CREDENTIALS_OK)
return 1;
else
return 0;
@@ -640,7 +640,7 @@
auth_user = auth_user_request->auth_user;
/* if the check has corrupted the user, just return */
- if (auth_user_request->auth_user->flags.credentials_ok == 3) {
+ if (auth_user_request->auth_user->credentials_status == CREDENTIALS_FAILED) {
return;
}
assert(auth_user->scheme_data != NULL);
@@ -651,7 +651,7 @@
/* do we have the HA1 */
if (!digest_user->HA1created) {
- auth_user_request->auth_user->flags.credentials_ok = 2;
+ auth_user_request->auth_user->credentials_status = CREDENTIALS_PENDING;
return;
}
if (digest_request->nonce == NULL) {
@@ -660,7 +660,7 @@
* This is probably best done with support changes at the auth_rewrite level -RBC
* and can wait for auth_rewrite V2.
*/
- auth_user->flags.credentials_ok = 3;
+ auth_user->credentials_status = CREDENTIALS_FAILED;
return;
}
DigestCalcHA1(digest_request->algorithm, NULL, NULL, NULL,
@@ -675,10 +675,10 @@
"squid is = '%s'\n", digest_request->response, Response);
if (strcasecmp(digest_request->response, Response)) {
- auth_user->flags.credentials_ok = 3;
+ auth_user->credentials_status = CREDENTIALS_FAILED;
return;
}
- auth_user->flags.credentials_ok = 1;
+ auth_user->credentials_status = CREDENTIALS_OK;
/* password was checked and did match */
debug(29, 4) ("authenticateDigestAuthenticateuser: user '%s' validated OK\n",
digest_user->username);
@@ -690,26 +690,26 @@
return;
}
-int
+authdir_result_t
authenticateDigestDirection(auth_user_request_t * auth_user_request)
{
digest_request_h *digest_request;
/* null auth_user is checked for by authenticateDirection */
- switch (auth_user_request->auth_user->flags.credentials_ok) {
- case 0: /* not checked */
- return -1;
- case 1: /* checked & ok */
+ switch (auth_user_request->auth_user->credentials_status) {
+ case CREDENTIALS_UNKNOWN: /* not checked */
+ return AUTHDIR_REVALIDATE;
+ case CREDENTIALS_OK: /* checked & ok */
digest_request = auth_user_request->scheme_data;
if (authDigestNonceIsStale(digest_request->nonce))
/* send stale response to the client agent */
- return -2;
- return 0;
- case 2: /* partway through checking. */
- return -1;
- case 3: /* authentication process failed. */
- return -2;
+ return AUTHDIR_FAILED;
+ return AUTHDIR_OK;
+ case CREDENTIALS_PENDING: /* partway through checking. */
+ return AUTHDIR_REVALIDATE;
+ case CREDENTIALS_FAILED: /* authentication process failed. */
+ default:
+ return AUTHDIR_FAILED;
}
- return -2;
}
/* add the [proxy]authorisation header */
@@ -830,7 +830,7 @@
digest_request = auth_user_request->scheme_data;
digest_user = auth_user_request->auth_user->scheme_data;
if (reply && (strncasecmp(reply, "ERR", 3) == 0))
- auth_user_request->auth_user->flags.credentials_ok = 3;
+ auth_user_request->auth_user->credentials_status = CREDENTIALS_FAILED;
else {
CvtBin(reply, digest_user->HA1);
digest_user->HA1created = 1;
Index: squid/src/auth/ntlm/auth_ntlm.c
diff -u squid/src/auth/ntlm/auth_ntlm.c:1.9 squid/src/auth/ntlm/auth_ntlm.c:1.9.18.1
--- squid/src/auth/ntlm/auth_ntlm.c:1.9 Fri Mar 9 16:58:00 2001
+++ squid/src/auth/ntlm/auth_ntlm.c Fri Apr 13 16:17:17 2001
@@ -263,7 +263,7 @@
/* NTLM Scheme */
-int
+authdir_result_t
authenticateNTLMDirection(auth_user_request_t * auth_user_request)
{
ntlm_request_t *ntlm_request = auth_user_request->scheme_data;
@@ -271,16 +271,16 @@
switch (ntlm_request->auth_state) {
case AUTHENTICATE_STATE_NONE: /* no progress at all. */
debug(28, 1) ("authenticateNTLMDirection: called before NTLM Authenticate!. Report a bug to squid-dev.\n");
- return -2;
+ return AUTHDIR_FAILED;
case AUTHENTICATE_STATE_NEGOTIATE: /* send to helper */
case AUTHENTICATE_STATE_RESPONSE: /*send to helper */
- return -1;
+ return AUTHDIR_REVALIDATE;
case AUTHENTICATE_STATE_CHALLENGE: /* send to client */
- return 1;
+ return AUTHDIR_CHALLENGE;
case AUTHENTICATE_STATE_DONE: /* do nothing.. */
- return 0;
+ return AUTHDIR_OK;
}
- return -2;
+ return AUTHDIR_FAILED;
}
/*
@@ -452,7 +452,7 @@
assert(ntlm_request->auth_state == AUTHENTICATE_STATE_RESPONSE);
ntlm_user->username = xstrndup(reply, MAX_LOGIN_SZ);
ntlm_request->authhelper = NULL;
- auth_user->flags.credentials_ok = 1; /* login ok */
+ auth_user->credentials_status = CREDENTIALS_OK; /* login ok */
#ifdef NTLM_FAIL_OPEN
} else if (strncasecmp(reply, "LD ", 3) == 0) {
/* This is a variant of BH, which rather than deny access
@@ -479,7 +479,7 @@
ntlm_user->username = xstrndup(reply, MAX_LOGIN_SZ);
helperstate = helperStatefulServerGetData(ntlm_request->authhelper);
ntlm_request->authhelper = NULL;
- auth_user->flags.credentials_ok = 1; /* login ok */
+ auth_user->credentials_status = CREDENTIALS_OK; /* login ok */
/* BH code: mark helper as broken */
/* Not a valid helper response to a YR request. Assert so the helper
* programmer will fix their bugs! */
@@ -500,7 +500,7 @@
/* todo: action of Negotiate state on error */
result = S_HELPER_RELEASE; /*some error has occured. no more requests */
ntlm_request->authhelper = NULL;
- auth_user->flags.credentials_ok = 2; /* Login/Usercode failed */
+ auth_user->credentials_status = CREDENTIALS_FAILED; /* Login/Usercode failed */
debug(29, 4) ("authenticateNTLMHandleReply: Error validating user via NTLM. Error returned '%s'\n", reply);
ntlm_request->auth_state = AUTHENTICATE_STATE_NONE;
if ((t = strchr(reply, ' '))) /* strip after a space */
@@ -526,7 +526,7 @@
if (ntlm_request->auth_state == AUTHENTICATE_STATE_NEGOTIATE) {
/* The helper broke on YR. It automatically
* resets */
- auth_user->flags.credentials_ok = 3; /* cannot process */
+ auth_user->credentials_status = CREDENTIALS_UNKNOWN; /* cannot process */
debug(29, 1) ("authenticateNTLMHandleReply: Error obtaining challenge from helper: %d. Error returned '%s'\n", lastserver, reply);
/* mark it for starving */
helperstate->starve = 1;
@@ -536,7 +536,7 @@
} else {
/* the helper broke on a KK */
/* first the standard KK stuff */
- auth_user->flags.credentials_ok = 2; /* Login/Usercode failed */
+ auth_user->credentials_status = CREDENTIALS_FAILED; /* Login/Usercode failed */
debug(29, 4) ("authenticateNTLMHandleReply: Error validating user via NTLM. Error returned '%s'\n", reply);
ntlm_request->auth_state = AUTHENTICATE_STATE_NONE;
if ((t = strchr(reply, ' '))) /* strip after a space */
@@ -558,7 +558,7 @@
debug(29, 1) ("authenticateNTLMHandleReply: Unsupported helper response, '%s'\n", reply);
/* restart the authentication process */
ntlm_request->auth_state = AUTHENTICATE_STATE_NONE;
- auth_user->flags.credentials_ok = 3; /* cannot process */
+ auth_user->credentials_status = CREDENTIALS_FAILED; /* cannot process */
ntlm_request->authhelper = NULL;
}
} else {
@@ -897,7 +897,7 @@
case AUTHENTICATE_STATE_NONE:
/* we've recieved a negotiate request. pass to a helper */
debug(29, 9) ("authenticateNTLMAuthenticateUser: auth state ntlm none. %s\n", proxy_auth);
- if (auth_user->flags.credentials_ok == 2) {
+ if (auth_user->credentials_status == CREDENTIALS_FAILED) {
/* the authentication fialed badly... */
return;
}
@@ -953,7 +953,7 @@
/* get the existing entries details */
ntlm_user = auth_user->scheme_data;
debug(29, 9) ("Username to be used is %s\n", ntlm_user->username);
- auth_user->flags.credentials_ok = 1; /* authenticated ok */
+ auth_user->credentials_status = CREDENTIALS_OK; /* authenticated ok */
/* on ntlm auth we do not unlock the auth_user until the
* connection is dropped. Thank MS for this quirk */
auth_user->expiretime = current_time.tv_sec;
@@ -1001,7 +1001,7 @@
* existing user or a new user */
auth_user->expiretime = current_time.tv_sec;
auth_user->ip_expiretime = squid_curtime;
- auth_user->flags.credentials_ok = 1; /*authenticated ok */
+ auth_user->credentials_status = CREDENTIALS_OK; /*authenticated ok */
return;
break;
case AUTHENTICATE_STATE_DONE: