---------------------
PatchSet 1624 
Date: 2001/02/21 09:43:46
Author: rbcollins
Branch: ntlm
Tag: (none) 
Log:
fix a potential null reference

Members: 
	src/acl.c:1.1.1.3.12.38->1.1.1.3.12.39 

Index: squid/src/acl.c
===================================================================
RCS file: /cvsroot/squid-sf//squid/src/acl.c,v
retrieving revision 1.1.1.3.12.38
retrieving revision 1.1.1.3.12.39
diff -u -r1.1.1.3.12.38 -r1.1.1.3.12.39
--- squid/src/acl.c	13 Feb 2001 15:09:41 -0000	1.1.1.3.12.38
+++ squid/src/acl.c	21 Feb 2001 09:43:46 -0000	1.1.1.3.12.39
@@ -1,6 +1,6 @@
 
 /*
- * $Id: acl.c,v 1.1.1.3.12.38 2001/02/13 15:09:41 rbcollins Exp $
+ * $Id: acl.c,v 1.1.1.3.12.39 2001/02/21 09:43:46 rbcollins Exp $
  *
  * DEBUG: section 28    Access Control
  * AUTHOR: Duane Wessels
@@ -101,7 +101,8 @@
 static SPLAYCMP aclArpCompare;
 static SPLAYWALKEE aclDumpArpListWalkee;
 #endif
-static int aclCacheMatchAcl(dlink_list * cache, squid_acl acltype, void *data, char *MatchParam);
+static int aclCacheMatchAcl(dlink_list * cache, squid_acl acltype, void *data,
+    char *MatchParam);
 
 static char *
 strtokFile(void)
@@ -566,8 +567,7 @@
 		default:
 		    debug(28, 0) ("%s line %d: %s\n",
 			cfg_filename, config_lineno, config_input_line);
-		    debug(28, 0) ("aclParseTimeSpec: Bad Day '%c'\n",
-			*t);
+		    debug(28, 0) ("aclParseTimeSpec: Bad Day '%c'\n", *t);
 		    break;
 		}
 	    }
@@ -1091,8 +1091,7 @@
     Top = splay_splay(user, Top, (SPLAYCMP *) strcmp);
     /* Top=splay_splay(user,Top,(SPLAYCMP *)dumping_strcmp); */
     debug(28, 7) ("aclMatchUser: returning %d,Top is %p, Top->data is %s\n",
-	!splayLastResult,
-	Top, (Top ? Top->data : "Unavailable"));
+	!splayLastResult, Top, (Top ? Top->data : "Unavailable"));
     data->names = Top;
     return !splayLastResult;
 }
@@ -1124,8 +1123,7 @@
     while (link) {
 	auth_match = link->data;
 	if (auth_match->acl_data == data) {
-	    debug(28, 4) ("aclCacheMatchAcl: cache hit on acl '%d'\n",
-		data);
+	    debug(28, 4) ("aclCacheMatchAcl: cache hit on acl '%d'\n", data);
 	    return auth_match->matchrv;
 	}
 	link = link->next;
@@ -1174,7 +1172,8 @@
  */
 static int
 aclMatchProxyAuth(void *data, http_hdr_type headertype,
-    auth_user_request_t * auth_user_request, aclCheck_t * checklist, squid_acl acltype)
+    auth_user_request_t * auth_user_request, aclCheck_t * checklist,
+    squid_acl acltype)
 {
     /* checklist is used to register user name when identified, nothing else */
     const char *proxy_auth;
@@ -1199,7 +1198,15 @@
 	 */
 	return 0;
     }
-    if (((proxy_auth == NULL) && (checklist->conn->auth_type == AUTH_UNKNOWN)) || (checklist->conn->auth_type == AUTH_BROKEN)) {
+
+    /*
+     * a note on proxy_auth logix here:
+     * proxy_auth==NULL -> unauthenticated request || already authenticated connection
+     * so we test for an authenticated connection when we recieve no authentication
+     * header.
+     */
+    if (((proxy_auth == NULL) && (!authenticateUserAuthenticated(auth_user_request)))
+	|| (checklist->conn->auth_type == AUTH_BROKEN)) {
 	/* no header or authentication failed/got corrupted - restart */
 	checklist->conn->auth_type = AUTH_UNKNOWN;
 	debug(28, 4) ("aclMatchProxyAuth: broken auth or no proxy_auth header. Requesting auth header.\n");
@@ -1216,11 +1223,14 @@
      * not had bungled connection oriented authentication happen on it. */
     debug(28, 9) ("aclMatchProxyAuth: header %s.\n", proxy_auth);
     if (auth_user_request == NULL) {
-	debug(28, 9) ("aclMatchProxyAuth: This is a new request on FD:%d\n", checklist->conn->fd);
-	if ((!checklist->request->auth_user_request) && (checklist->conn->auth_type == AUTH_UNKNOWN)) {
+	debug(28, 9) ("aclMatchProxyAuth: This is a new request on FD:%d\n",
+	    checklist->conn->fd);
+	if ((!checklist->request->auth_user_request)
+	    && (checklist->conn->auth_type == AUTH_UNKNOWN)) {
 	    /* beginning of a new request check */
 	    debug(28, 4) ("aclMatchProxyAuth: no connection authentication type\n");
-	    if (!authenticateValidateUser(auth_user_request = authenticateGetAuthUser(proxy_auth))) {
+	    if (!authenticateValidateUser(auth_user_request =
+		    authenticateGetAuthUser(proxy_auth))) {
 		/* the decode might have left a username for logging, or a message to
 		 * the user */
 		if (authenticateUserRequestUsername(auth_user_request)) {
@@ -1244,7 +1254,9 @@
 		authenticateAuthUserRequestLock(auth_user_request);
 	    } else {
 		/* failed connection based authentication */
-		debug(28, 4) ("aclMatchProxyAuth: Auth user request %d conn-auth user request %d conn type %d authentication failed.\n", auth_user_request, checklist->conn->auth_user_request, checklist->conn->auth_type);
+		debug(28, 4) ("aclMatchProxyAuth: Auth user request %d conn-auth user request %d conn type %d authentication failed.\n",
+		    auth_user_request, checklist->conn->auth_user_request,
+		    checklist->conn->auth_type);
 		return -2;
 	    }
 	}
@@ -1253,8 +1265,10 @@
     checklist->auth_user_request = NULL;
     if (!authenticateUserAuthenticated(auth_user_request)) {
 	/* User not logged in. Log them in */
-	authenticateAuthUserRequestSetIp(auth_user_request, checklist->src_addr);
-	authenticateAuthenticateUser(auth_user_request, checklist->request, checklist->conn, headertype);
+	authenticateAuthUserRequestSetIp(auth_user_request,
+	    checklist->src_addr);
+	authenticateAuthenticateUser(auth_user_request, checklist->request,
+	    checklist->conn, headertype);
 	switch (authenticateDirection(auth_user_request)) {
 	case 1:
 	    /* this ACL check is finished. Unlock. */
@@ -1303,8 +1317,9 @@
 	/* this ACL check completed */
 	authenticateAuthUserRequestUnlock(auth_user_request);
 	/* check to see if we have matched the user-acl before */
-	return aclCacheMatchAcl(&auth_user_request->auth_user->proxy_match_cache,
-	    acltype, data, authenticateUserRequestUsername(auth_user_request));
+	return aclCacheMatchAcl(&auth_user_request->auth_user->
+	    proxy_match_cache, acltype, data,
+	    authenticateUserRequestUsername(auth_user_request));
     }
     /* this acl check completed */
     authenticateAuthUserRequestUnlock(auth_user_request);
@@ -1656,8 +1671,7 @@
     case ACL_REP_MIME_TYPE:
 	if (!checklist->reply)
 	    return 0;
-	header = httpHeaderGetStr(&checklist->reply->header,
-	    HDR_CONTENT_TYPE);
+	header = httpHeaderGetStr(&checklist->reply->header, HDR_CONTENT_TYPE);
 	if (NULL == header)
 	    header = "";
 	return aclMatchRegex(ae->data, header);
@@ -1726,20 +1740,17 @@
 	if (checklist->state[ACL_DST_IP] == ACL_LOOKUP_NEEDED) {
 	    checklist->state[ACL_DST_IP] = ACL_LOOKUP_PENDING;
 	    ipcache_nbgethostbyname(checklist->request->host,
-		aclLookupDstIPDone,
-		checklist);
+		aclLookupDstIPDone, checklist);
 	    return;
 	} else if (checklist->state[ACL_DST_ASN] == ACL_LOOKUP_NEEDED) {
 	    checklist->state[ACL_DST_ASN] = ACL_LOOKUP_PENDING;
 	    ipcache_nbgethostbyname(checklist->request->host,
-		aclLookupDstIPforASNDone,
-		checklist);
+		aclLookupDstIPforASNDone, checklist);
 	    return;
 	} else if (checklist->state[ACL_SRC_DOMAIN] == ACL_LOOKUP_NEEDED) {
 	    checklist->state[ACL_SRC_DOMAIN] = ACL_LOOKUP_PENDING;
 	    fqdncache_nbgethostbyaddr(checklist->src_addr,
-		aclLookupSrcFQDNDone,
-		checklist);
+		aclLookupSrcFQDNDone, checklist);
 	    return;
 	} else if (checklist->state[ACL_DST_DOMAIN] == ACL_LOOKUP_NEEDED) {
 	    ia = ipcacheCheckNumeric(checklist->request->host);
@@ -1750,8 +1761,7 @@
 	    checklist->dst_addr = ia->in_addrs[0];
 	    checklist->state[ACL_DST_DOMAIN] = ACL_LOOKUP_PENDING;
 	    fqdncache_nbgethostbyaddr(checklist->dst_addr,
-		aclLookupDstFQDNDone,
-		checklist);
+		aclLookupDstFQDNDone, checklist);
 	    return;
 	} else if (checklist->state[ACL_PROXY_AUTH] == ACL_LOOKUP_NEEDED) {
 	    debug(28, 3)
@@ -1917,9 +1927,7 @@
 }
 
 aclCheck_t *
-aclChecklistCreate(const acl_access * A,
-    request_t * request,
-    const char *ident)
+aclChecklistCreate(const acl_access * A, request_t * request, const char *ident)
 {
     int i;
     aclCheck_t *checklist;
@@ -2286,10 +2294,7 @@
 	    t->weekbits & ACL_THURSDAY ? 'H' : '-',
 	    t->weekbits & ACL_FRIDAY ? 'F' : '-',
 	    t->weekbits & ACL_SATURDAY ? 'A' : '-',
-	    t->start / 60,
-	    t->start % 60,
-	    t->stop / 60,
-	    t->stop % 60);
+	    t->start / 60, t->start % 60, t->stop / 60, t->stop % 60);
 	wordlistAdd(&W, buf);
 	t = t->next;
     }
@@ -2657,8 +2662,7 @@
 	    arpReq.arp_ha.sa_data[2] & 0xff,
 	    arpReq.arp_ha.sa_data[3] & 0xff,
 	    arpReq.arp_ha.sa_data[4] & 0xff,
-	    arpReq.arp_ha.sa_data[5] & 0xff,
-	    ifr->ifr_name);
+	    arpReq.arp_ha.sa_data[5] & 0xff, ifr->ifr_name);
 	/* Do lookup */
 	*Top = splay_splay(&arpReq.arp_ha.sa_data, *Top, aclArpCompare);
 	/* Return if match, otherwise continue to other interfaces */
@@ -2698,8 +2702,7 @@
 	    arpReq.arp_ha.sa_data[1] == 0 &&
 	    arpReq.arp_ha.sa_data[2] == 0 &&
 	    arpReq.arp_ha.sa_data[3] == 0 &&
-	    arpReq.arp_ha.sa_data[4] == 0 &&
-	    arpReq.arp_ha.sa_data[5] == 0)
+	    arpReq.arp_ha.sa_data[4] == 0 && arpReq.arp_ha.sa_data[5] == 0)
 	    return 0;
 	debug(28, 4) ("Got address %02x:%02x:%02x:%02x:%02x:%02x\n",
 	    arpReq.arp_ha.sa_data[0] & 0xff, arpReq.arp_ha.sa_data[1] & 0xff,