---------------------
PatchSet 2894 
Date: 2001/08/29 12:51:40
Author: rbcollins
Branch: ntlm
Tag: (none) 
Log:
Prevent leaving stateful helpers hung, and track the conn a given ntlm credential set is associated with

Members: 
	src/authenticate.c:1.1.1.3.12.52->1.1.1.3.12.53 
	src/client_side.c:1.1.1.3.4.1.2.54->1.1.1.3.4.1.2.55 
	src/errorpage.c:1.1.1.3.10.20->1.1.1.3.10.21 
	src/protos.h:1.1.1.3.12.40->1.1.1.3.12.41 
	src/auth/ntlm/auth_ntlm.c:1.1.10.14.2.44->1.1.10.14.2.45 
	src/auth/ntlm/auth_ntlm.h:1.1.8.7->1.1.8.8 

Index: squid/src/authenticate.c
===================================================================
RCS file: /cvsroot/squid-sf//squid/src/authenticate.c,v
retrieving revision 1.1.1.3.12.52
retrieving revision 1.1.1.3.12.53
diff -u -r1.1.1.3.12.52 -r1.1.1.3.12.53
--- squid/src/authenticate.c	21 Aug 2001 14:36:49 -0000	1.1.1.3.12.52
+++ squid/src/authenticate.c	29 Aug 2001 12:51:40 -0000	1.1.1.3.12.53
@@ -1,6 +1,6 @@
 
 /*
- * $Id: authenticate.c,v 1.1.1.3.12.52 2001/08/21 14:36:49 rbcollins Exp $
+ * $Id: authenticate.c,v 1.1.1.3.12.53 2001/08/29 12:51:40 rbcollins Exp $
  *
  * DEBUG: section 29    Authenticator
  * AUTHOR: Duane Wessels
@@ -363,7 +363,7 @@
  * Proxy Auth (or Auth) header. It may be a cached Auth User or a new
  * Unauthenticated structure. The structure is given an inital lock here.
  */
-auth_user_request_t *
+static auth_user_request_t *
 authenticateGetAuthUser(const char *proxy_auth)
 {
     auth_user_request_t *auth_user_request = authenticateAuthUserRequestNew();
@@ -448,7 +448,10 @@
 	conn->auth_type = AUTH_UNKNOWN;
 	debug(28, 4) ("authenticateAuthenticate: broken auth or no proxy_auth header. Requesting auth header.\n");
 	/* something wrong with the AUTH credentials. Force a new attempt */
-	conn->auth_user_request = NULL;
+	if (conn->auth_user_request) {
+	    authenticateAuthUserRequestUnlock(conn->auth_user_request);
+	    conn->auth_user_request = NULL;
+	}
 	if (*auth_user_request) {
 	    /* unlock the ACL lock */
 	    authenticateAuthUserRequestUnlock(*auth_user_request);
@@ -498,9 +501,9 @@
 		    /* lock the user for the request structure link */
 		    authenticateAuthUserRequestLock(*auth_user_request);
 		    request->auth_user_request = *auth_user_request;
-		    /* unlock the ACL reference. */
-		    authenticateAuthUserRequestUnlock(*auth_user_request);
 		}
+		/* unlock the ACL reference granted by ...GetAuthUser. */
+		authenticateAuthUserRequestUnlock(*auth_user_request);
 		*auth_user_request = NULL;
 		return AUTH_ACL_CHALLENGE;
 	    }
@@ -542,7 +545,7 @@
 	    return AUTH_ACL_HELPER;
 	}
 	/* on 0 the authentication is finished - fallthrough */
-	/* See of user authentication failed for some reason */
+	/* See if user authentication failed for some reason */
 	if (!authenticateUserAuthenticated(*auth_user_request)) {
 	    if ((authenticateUserRequestUsername(*auth_user_request))) {
 		if (!request->auth_user_request) {
Index: squid/src/client_side.c
===================================================================
RCS file: /cvsroot/squid-sf//squid/src/client_side.c,v
retrieving revision 1.1.1.3.4.1.2.54
retrieving revision 1.1.1.3.4.1.2.55
diff -u -r1.1.1.3.4.1.2.54 -r1.1.1.3.4.1.2.55
--- squid/src/client_side.c	13 Aug 2001 23:53:07 -0000	1.1.1.3.4.1.2.54
+++ squid/src/client_side.c	29 Aug 2001 12:51:41 -0000	1.1.1.3.4.1.2.55
@@ -1,6 +1,6 @@
 
 /*
- * $Id: client_side.c,v 1.1.1.3.4.1.2.54 2001/08/13 23:53:07 rbcollins Exp $
+ * $Id: client_side.c,v 1.1.1.3.4.1.2.55 2001/08/29 12:51:41 rbcollins Exp $
  *
  * DEBUG: section 33    Client-side Routines
  * AUTHOR: Duane Wessels
@@ -856,13 +856,16 @@
     clientHttpRequest *http;
     debug(33, 3) ("connStateFree: FD %d\n", fd);
     assert(connState != NULL);
-    authenticateOnCloseConnection(connState);
     clientdbEstablished(connState->peer.sin_addr, -1);	/* decrement */
     while ((http = connState->chr) != NULL) {
 	assert(http->conn == connState);
 	assert(connState->chr != connState->chr->next);
 	httpRequestFree(http);
     }
+    if (connState->auth_user_request)
+	authenticateAuthUserRequestUnlock(connState->auth_user_request);
+    connState->auth_user_request = NULL;
+    authenticateOnCloseConnection(connState);
     if (connState->in.size == CLIENT_REQ_BUF_SZ)
 	memFree(connState->in.buf, MEM_CLIENT_REQ_BUF);
     else
Index: squid/src/errorpage.c
===================================================================
RCS file: /cvsroot/squid-sf//squid/src/errorpage.c,v
retrieving revision 1.1.1.3.10.20
retrieving revision 1.1.1.3.10.21
diff -u -r1.1.1.3.10.20 -r1.1.1.3.10.21
--- squid/src/errorpage.c	8 May 2001 12:35:03 -0000	1.1.1.3.10.20
+++ squid/src/errorpage.c	29 Aug 2001 12:51:41 -0000	1.1.1.3.10.21
@@ -1,6 +1,6 @@
 
 /*
- * $Id: errorpage.c,v 1.1.1.3.10.20 2001/05/08 12:35:03 rbcollins Exp $
+ * $Id: errorpage.c,v 1.1.1.3.10.21 2001/08/29 12:51:41 rbcollins Exp $
  *
  * DEBUG: section 4     Error Generation
  * AUTHOR: Duane Wessels
@@ -372,6 +372,7 @@
     safe_free(err->ftp.reply);
     if (err->auth_user_request)
 	authenticateAuthUserRequestUnlock(err->auth_user_request);
+    err->auth_user_request = NULL;
     cbdataFree(err);
 }
 
Index: squid/src/protos.h
===================================================================
RCS file: /cvsroot/squid-sf//squid/src/protos.h,v
retrieving revision 1.1.1.3.12.40
retrieving revision 1.1.1.3.12.41
diff -u -r1.1.1.3.12.40 -r1.1.1.3.12.41
--- squid/src/protos.h	20 Aug 2001 10:45:44 -0000	1.1.1.3.12.40
+++ squid/src/protos.h	29 Aug 2001 12:51:41 -0000	1.1.1.3.12.41
@@ -1,6 +1,6 @@
 
 /*
- * $Id: protos.h,v 1.1.1.3.12.40 2001/08/20 10:45:44 rbcollins Exp $
+ * $Id: protos.h,v 1.1.1.3.12.41 2001/08/29 12:51:41 rbcollins Exp $
  *
  *
  * SQUID Web Proxy Cache          http://www.squid-cache.org/
@@ -737,7 +737,6 @@
 extern void authenticateShutdown(void);
 extern void authenticateFixHeader(HttpReply *, auth_user_request_t *, request_t *, int, int);
 extern void authenticateAddTrailer(HttpReply *, auth_user_request_t *, request_t *, int);
-extern auth_user_request_t *authenticateGetAuthUser(const char *proxy_auth);
 extern auth_acl_t authenticateAuthenticate(auth_user_request_t **, http_hdr_type, request_t *, ConnStateData *, struct in_addr);
 extern void authenticateAuthUserUnlock(auth_user_t * auth_user);
 extern void authenticateAuthUserLock(auth_user_t * auth_user);
Index: squid/src/auth/ntlm/auth_ntlm.c
===================================================================
RCS file: /cvsroot/squid-sf//squid/src/auth/ntlm/auth_ntlm.c,v
retrieving revision 1.1.10.14.2.44
retrieving revision 1.1.10.14.2.45
diff -u -r1.1.10.14.2.44 -r1.1.10.14.2.45
--- squid/src/auth/ntlm/auth_ntlm.c	21 Aug 2001 14:36:50 -0000	1.1.10.14.2.44
+++ squid/src/auth/ntlm/auth_ntlm.c	29 Aug 2001 12:51:41 -0000	1.1.10.14.2.45
@@ -794,8 +794,8 @@
 	    helperstate->challengeuses++;
 	    /* assign the challenge */
 	    ntlm_request->authchallenge = xstrndup(helperstate->challenge, NTLM_CHALLENGE_SZ + 5);
-	    /* we're not actually submitting a request, so we need to release the helper should
-	     * the connection close unexpectedly
+	    /* we're not actually submitting a request, so we need to release the helper 
+	     * should the connection close unexpectedly
 	     */
 	    ntlm_request->authserver_deferred = 1;
 	    handler(data, NULL);
@@ -879,10 +879,17 @@
     if (conn->auth_user_request != NULL) {
 	assert(conn->auth_user_request->scheme_data != NULL);
 	ntlm_request = conn->auth_user_request->scheme_data;
+	assert (ntlm_request->conn == conn);
 	if (ntlm_request->authserver != NULL && ntlm_request->authserver_deferred)
 	    authenticateNTLMReleaseServer(conn->auth_user_request);
 	/* unlock the connection based lock */
 	debug(29, 9) ("authenticateNTLMOnCloseConnection: Unlocking auth_user from the connection.\n");
+	/* minor abstraction break here: FIXME */
+	/* Ensure that the auth user request will be getting closed */
+	/* IFF we start persisting the struct after the conn closes - say for logging
+	 * then this test may become invalid
+	 */
+	assert(conn->auth_user_request->references == 1);
 	authenticateAuthUserRequestUnlock(conn->auth_user_request);
 	conn->auth_user_request = NULL;
     }
@@ -1010,6 +1017,7 @@
 	ntlm_request->ntlmnegotiate = xstrndup(proxy_auth, NTLM_CHALLENGE_SZ + 5);
 	conn->auth_type = AUTH_NTLM;
 	conn->auth_user_request = auth_user_request;
+	ntlm_request->conn = conn;
 	/* and lock for the connection duration */
 	debug(29, 9) ("authenticateNTLMAuthenticateUser: Locking auth_user from the connection.\n");
 	authenticateAuthUserRequestLock(auth_user_request);
Index: squid/src/auth/ntlm/auth_ntlm.h
===================================================================
RCS file: /cvsroot/squid-sf//squid/src/auth/ntlm/auth_ntlm.h,v
retrieving revision 1.1.8.7
retrieving revision 1.1.8.8
diff -u -r1.1.8.7 -r1.1.8.8
--- squid/src/auth/ntlm/auth_ntlm.h	1 Aug 2001 15:00:44 -0000	1.1.8.7
+++ squid/src/auth/ntlm/auth_ntlm.h	29 Aug 2001 12:51:41 -0000	1.1.8.8
@@ -34,6 +34,8 @@
     auth_state_t auth_state;
     /* have we got the helper-server in a deferred state? */
     int authserver_deferred;
+    /* what connection is this associated with */
+    ConnStateData * conn;
 };
 
 struct _ntlm_helper_state_t {