--------------------- PatchSet 506 Date: 2000/08/06 01:17:36 Author: rbcollins Branch: ntlm Tag: (none) Log: general code cleanup. Further partitioning of BASIC and NTLM code. Debugging code on NTLMSSP auth module Members: ntlm_auth_modules/NTLMSSP/libntlmssp.c:1.1.2.2->1.1.2.3 ntlm_auth_modules/NTLMSSP/ntlm.h:1.1.2.1->1.1.2.2 ntlm_auth_modules/NTLMSSP/ntlm_auth.c:1.1.2.1->1.1.2.2 ntlm_auth_modules/NTLMSSP/smbval/smblib.c:1.1.2.3->1.1.2.4 src/acl.c:1.1.1.3.12.10->1.1.1.3.12.11 src/authenticate.c:1.1.1.3.12.7->1.1.1.3.12.8 src/cache_cf.c:1.1.1.3.4.1.2.6->1.1.1.3.4.1.2.7 src/helper.c:1.1.1.3.12.4->1.1.1.3.12.5 src/protos.h:1.1.1.3.12.9->1.1.1.3.12.10 src/structs.h:1.1.1.3.4.1.2.13->1.1.1.3.4.1.2.14 Index: squid/ntlm_auth_modules/NTLMSSP/libntlmssp.c =================================================================== RCS file: /cvsroot/squid-sf//squid/ntlm_auth_modules/NTLMSSP/Attic/libntlmssp.c,v retrieving revision 1.1.2.2 retrieving revision 1.1.2.3 diff -u -r1.1.2.2 -r1.1.2.3 --- squid/ntlm_auth_modules/NTLMSSP/libntlmssp.c 4 Aug 2000 08:11:30 -0000 1.1.2.2 +++ squid/ntlm_auth_modules/NTLMSSP/libntlmssp.c 6 Aug 2000 01:17:36 -0000 1.1.2.3 @@ -99,8 +99,10 @@ rv.l=l; rv.str=malloc(l+1); memcpy(rv.str,packet+o,l); - rv.str[l]='\0'; /* add a dummy just in case, it shouldn't */ - /* be needed anyways. */ +/* FIXME: what if the response has \0 in it ? */ + + rv.str[l]='\0'; /* add a dummy just in case, it shouldn't */ +/* be needed anyways. */ debug("fetch_string got '%s'\n",rv.str); return rv; } @@ -143,17 +145,19 @@ rv->workstation=fetch_string(decoded,length,&n->workstation); rv->flags=n->flags; debug("decode_ntlmssp_auth: negotiation request\n\tdomain: '%s'\n" - "\tworkstation: '%s'\n\tflags: %d\n",rv->domain.str, + "\tworkstation: '%s'\n\tflags: %d\n",rv->domain.str, rv->workstation.str, rv->flags); break; case NTLM_CHALLENGE: c=(struct ntlm_challenge *) decoded; -/* rv->target=fetch_string(decoded,length,&c->target); */ +// rv->target=fetch_string(decoded,length,&c->target); rv->flags=c->flags; rv->challenge.str=malloc(9); /* 8+1 */ rv->challenge.l=8; memcpy(rv->challenge.str,&c->challenge,8); rv->challenge.str[8]='\0'; + debug("decode_ntlmssp_auth: challenge header\n\ttarget: '%s'\n" + "\tchallenge: '%s'\n\tflags: %d\n",rv->target.str,rv->challenge.str,rv->flags); break; case NTLM_AUTHENTICATE: a=(struct ntlm_authenticate *) decoded; @@ -186,12 +190,12 @@ * payload_length and hdr will be modified as a side-effect. */ void add_to_payload (char *payload, int *payload_length, struct strhdr *hdr, - char *toadd, int toadd_length, int base_offset) { + char *toadd, int toadd_length, int base_offset) { int l=*payload_length; memcpy(payload+l,toadd,toadd_length); hdr->len=toadd_length; hdr->maxlen=toadd_length; - hdr->offset=l+base_offset; /* 48 is the base offset of the payload */ + hdr->offset=l+base_offset; /* 48 is the base offset of the payload */ *payload_length+=toadd_length; } @@ -220,16 +224,19 @@ NULL}; if (handle==NULL) /* we are not connected */ handle=SMB_Connect_Server(NULL,DOMAIN_CONTROLLER,NTLM_DOMAIN); - if (handle==NULL) { /* couldn't connect */ + if (handle==NULL) { /* couldn't connect */ SMB_Discon(handle,0); handle=NULL; + debug("Couldn't connect to SMB Server\n"); return 1; } if (SMB_Negotiate(handle, SMB_Prots) < 0) { /* An error */ - SMB_Discon(handle,0); - return 2; - } - if (handle -> Security == 0) { /* share-level security, unuseable */ + debug("Error negotiating protocol with SMB Server\n"); + SMB_Discon(handle,0); + return 2; + } + if (handle -> Security == 0) { /* share-level security, unuseable */ + debug("SMB Server uses share-level security .. we need user sercurity.\n"); SMB_Discon(handle,0); handle=NULL; return 3; @@ -241,10 +248,10 @@ #endif /* OLD */ /* FIX a lot of stuff, like checks for memory etc. */ -char* make_challenge() { +char* make_challenge(ntlmssp * negotiate) { struct ntlm_challenge ch; int pl=0; - + char * encoded; if (init_challenge() > 0) return NULL; memset(&ch, 0, sizeof(struct ntlm_challenge)); @@ -253,24 +260,37 @@ #ifdef USE_MOD_NTLM_STUFF ch.flags = WSWAP(0x8201); ch.len=WSWAP(sizeof(struct ntlm_challenge)); +// ch.target.len=strlen(NTLM_DOMAIN); /*magic number time */ +// ch.target.maxlen=ch.target.len; +// add_to_payload(ch.pad,&pl,&ch.target,NTLM_DOMAIN,strlen(NTLM_DOMAIN),48); + #else /* use previous squid conventions. */ add_to_payload(ch.pad,&pl,&ch.target,NTLM_DOMAIN,strlen(NTLM_DOMAIN), NTLM_CHALLENGE_HEADER_OFFSET); ch.flags=WSWAP(0x18206); ch.unknown[6] = SSWAP(0x003a); #endif -#ifdef USE_STATIC_CHALLENGE - memcpy(ch.challenge,NTLM_STATIC_CHALLENGE,8); -#else +//#ifdef USE_STATIC_CHALLENGE +// memcpy(ch.challenge,NTLM_STATIC_CHALLENGE,8); +//#else memcpy(ch.challenge,challenge,8); -#endif - - return base64_encode_bin((char *)&ch,48+pl); +//#endif + debug("preflags :%d\n",ch.flags); + if(ch.flags & FLAGS_UNICODE){ + debug("Unicode challenge\n"); + ch.flags=(ch.flags & (~FLAGS_UNICODE)) | FLAGS_ASCII; /*clear UNICODE, set ASCII*/ + } + debug("flags :%d\n",ch.flags); + encoded=base64_encode_bin((char *)&ch,48+pl); + /* we should copy the string to release the static + * in base64_encode_bin). */ + return encoded; } /* FIXME: we're assuming that we are connected and haven't been dropped off */ int ntlm_check_auth(ntlmssp *got) { int rv; + if (handle==NULL) /*if null we aren't connected*/ if (init_challenge() > 0) return NULL; debug("ntlm_check_auth entered\n"); Index: squid/ntlm_auth_modules/NTLMSSP/ntlm.h =================================================================== RCS file: /cvsroot/squid-sf//squid/ntlm_auth_modules/NTLMSSP/Attic/ntlm.h,v retrieving revision 1.1.2.1 retrieving revision 1.1.2.2 diff -u -r1.1.2.1 -r1.1.2.2 --- squid/ntlm_auth_modules/NTLMSSP/ntlm.h 3 Aug 2000 12:41:43 -0000 1.1.2.1 +++ squid/ntlm_auth_modules/NTLMSSP/ntlm.h 6 Aug 2000 01:17:36 -0000 1.1.2.2 @@ -24,8 +24,8 @@ #define NTLM_DOMAIN "GCSINT" /* must be upper-case */ #define DOMAIN_CONTROLLER "supervisor" #else -#define NTLM_DOMAIN "DC" /* must be upper-case */ -#define DOMAIN_CONTROLLER "C0DC01" +#define NTLM_DOMAIN "OSHR" /* must be upper-case */ +#define DOMAIN_CONTROLLER "LIFELESSL" #endif #define DEBUG @@ -65,6 +65,9 @@ #define NTLM_CHALLENGE_HEADER_OFFSET 48 #define NTLM_AUTHENTICATE 3 +#define FLAGS_UNICODE 0x01 +#define FLAGS_ASCII 0x02 + /* Header proceeding each request */ typedef struct ntlmhdr { char signature[8]; /* NTLMSSP */ @@ -101,10 +104,11 @@ struct ntlm_challenge { ntlmhdr hdr; u_char pad1[4]; - u_int32_t len; +// strhdr target; /* 8 char*/ /* Authentication target (domain/server ...) */ + u_int32_t len; //4 char u_int32_t flags; u_char challenge[8]; - u_char pad2[8]; + u_char pad[128]; }; #endif /* USE_MOD_NTLM_STUFF */ Index: squid/ntlm_auth_modules/NTLMSSP/ntlm_auth.c =================================================================== RCS file: /cvsroot/squid-sf//squid/ntlm_auth_modules/NTLMSSP/Attic/ntlm_auth.c,v retrieving revision 1.1.2.1 retrieving revision 1.1.2.2 diff -u -r1.1.2.1 -r1.1.2.2 --- squid/ntlm_auth_modules/NTLMSSP/ntlm_auth.c 3 Aug 2000 12:41:43 -0000 1.1.2.1 +++ squid/ntlm_auth_modules/NTLMSSP/ntlm_auth.c 6 Aug 2000 01:17:36 -0000 1.1.2.2 @@ -35,11 +35,13 @@ char buf[10240]; ntlmssp *got; char *ch; + int state=0; /* 0 start 1 negotiate 2 authenticate */ setbuf(stdout,NULL); setbuf(stderr,NULL); while (1) { + if(state==2)state=0; if(fgets(buf, 10240, stdin) == NULL) exit(0); ch=strchr(buf,'\n'); if (ch) @@ -48,22 +50,37 @@ if (strncmp(buf,"RESET",5)==0) { debug("ntlm authenticator resetting, sending OK\n"); printf("RESET OK\n"); /* This should read "RESET OK" */ + state=0; continue; } got=decode_ntlmssp_auth(buf); if (!got) { - debug("couldn't decode challenge. Just returning ERR\n"); + debug("couldn't decode request type. Just returning ERR\n"); printf("ERR\n"); - } - debug("challenge type is %d\n",got->type); + }else + { + debug("reqest type is %d\n",got->type); switch(got->type) { case NTLM_NEGOTIATE: - ch=make_challenge(); + if(state!=0) + { + fprintf(stderr,"Unexpected Negotiate request, state=%d\n",state); + printf("ERR Unexpected negotiate request\n"); + state=0; + continue; + } + state=1; + if (got->flags & FLAGS_UNICODE)debug("Unicode\n"); + ch=make_challenge(got); debug("got challenge ('%s')\n",ch); - if (ch==NULL) { + if (ch==NULL) + { fprintf(stderr,"Couldn't get a valid challenge!\n"); printf("ERR\n"); + state=0; + continue; } + drop_ntlmssp(decode_ntlmssp_auth(ch)); debug("sending: 'CH %s'\n",ch); printf ("CH %s\n",ch); break; @@ -74,6 +91,14 @@ printf("ERR\n"); break; case NTLM_AUTHENTICATE: + if (state!=1) + { + fprintf(stderr,"Unexpected Authenticate request, state=%d\n",state); + printf("ERR Unexpected authenticate request\n"); + state=0; + continue; + } + state=2; debug("Got an authentication request\n"); if (ntlm_check_auth(got)) { debug("Returning 'OK %s\\%s'\n",got->domain.str, got->user.str); @@ -84,6 +109,7 @@ } break; } + } drop_ntlmssp(got); } return 0; Index: squid/ntlm_auth_modules/NTLMSSP/smbval/smblib.c =================================================================== RCS file: /cvsroot/squid-sf//squid/ntlm_auth_modules/NTLMSSP/smbval/Attic/smblib.c,v retrieving revision 1.1.2.3 retrieving revision 1.1.2.4 diff -u -r1.1.2.3 -r1.1.2.4 --- squid/ntlm_auth_modules/NTLMSSP/smbval/smblib.c 3 Aug 2000 23:42:15 -0000 1.1.2.3 +++ squid/ntlm_auth_modules/NTLMSSP/smbval/smblib.c 6 Aug 2000 01:17:36 -0000 1.1.2.4 @@ -36,6 +36,8 @@ #include +#define DEBUG + SMB_State_Types SMBlib_State; /* Initialize the SMBlib package */ @@ -361,8 +363,8 @@ if (pkt == NULL) { SMBlib_errno = SMBlibE_NoSpace; + fprintf(stderr,"SMB_Logon_server: Couldn't allocate packet\n"); return(SMBlibE_BAD); /* Should handle the error */ - } bzero(SMB_Hdr(pkt), SMB_ssetpLM_len); @@ -426,8 +428,8 @@ if (pkt == NULL) { SMBlib_errno = SMBlibE_NoSpace; + fprintf(stderr,"SMB_Logon_server: Couldn't allocate packet\n"); return(-1); /* Should handle the error */ - } bzero(SMB_Hdr(pkt), SMB_ssetpNTLM_len); Index: squid/src/acl.c =================================================================== RCS file: /cvsroot/squid-sf//squid/src/acl.c,v retrieving revision 1.1.1.3.12.10 retrieving revision 1.1.1.3.12.11 diff -u -r1.1.1.3.12.10 -r1.1.1.3.12.11 --- squid/src/acl.c 4 Aug 2000 00:15:24 -0000 1.1.1.3.12.10 +++ squid/src/acl.c 6 Aug 2000 01:17:37 -0000 1.1.1.3.12.11 @@ -1,6 +1,6 @@ /* - * $Id: acl.c,v 1.1.1.3.12.10 2000/08/04 00:15:24 rbcollins Exp $ + * $Id: acl.c,v 1.1.1.3.12.11 2000/08/06 01:17:37 rbcollins Exp $ * * DEBUG: section 28 Access Control * AUTHOR: Duane Wessels @@ -78,10 +78,14 @@ static IPH aclLookupDstIPforASNDone; static FQDNH aclLookupSrcFQDNDone; static FQDNH aclLookupDstFQDNDone; +#ifdef USE_BASIC_AUTH static void aclLookupProxyAuthStart(aclCheck_t * checklist); static void aclLookupProxyAuthDone(void *data, char *result); +#endif +#ifdef USE_NTLM static void aclLookupProxyStatefulAuthStart(aclCheck_t * checklist); static void aclLookupProxyNTLMAuthDone(void *data, void * lastserver, char *result); +#endif static wordlist *aclDumpIpList(void *); static wordlist *aclDumpDomainList(void *data); static wordlist *aclDumpTimeSpecList(acl_time_data *); @@ -1180,13 +1184,14 @@ } debug(28,6)("aclMatchAcl:auth state State %d.\n",checklist->conn->auth_state); debug(28,6)("aclMatchAcl:auth state type %d.\n",checklist->conn->auth_type); - debug(28,6)("aclMatchAcl:auth state state %d.\n",checklist->auth_state); - debug(28,6)("aclMatchAcl:auth state type %d.\n",checklist->auth_type); switch (checklist->conn->auth_state){ case AUTHENTICATE_STATE_NONE: /* this is a new connection */ - if (proxy_auth==NULL) /* no header, request one */ + if ((proxy_auth==NULL)||(checklist->conn->auth_type==AUTH_BROKEN)) /* no header, request one */ + { + checklist->conn->auth_type=AUTH_UNKNOWN; return -2; + } debug(28,6)("aclMatchProxyAuth: auth state none with header %s.\n",proxy_auth); switch (aclDecodeProxyAuth(proxy_auth, &type, &user, &password, login_buf, sizeof(login_buf))) { #ifdef USE_BASIC_AUTH @@ -1332,7 +1337,7 @@ switch (acltype) { case ACL_PROXY_AUTH: rv = aclMatchUser(data, checklist->conn->authuser); - if (!rv) checklist->auth_state = AUTHENTICATE_STATE_NONE; /* not permitted in this ACL */ + if (!rv) checklist->conn->auth_state = AUTHENTICATE_STATE_NONE; /* not permitted in this ACL */ else { xstrncpy(checklist->conn->ident, checklist->conn->authuser, USER_IDENT_SZ);/*using ident hack.. do we need this? */ } /* auth user was "user" before */ @@ -1340,7 +1345,7 @@ break; case ACL_PROXY_AUTH_REGEX: rv = aclMatchRegex(data, checklist->conn->authuser); - if (!rv) checklist->auth_state = AUTHENTICATE_STATE_NONE; /* not permitted in this ACL */ + if (!rv) checklist->conn->auth_state = AUTHENTICATE_STATE_NONE; /* not permitted in this ACL */ else { xstrncpy(checklist->conn->ident, checklist->conn->authuser, USER_IDENT_SZ);/*using ident hack.. do we need this? */ } @@ -1357,7 +1362,7 @@ fatal("aclMatchProxyAuth:END Of MatchACL routine... should be unreachable\n"); return 0; } - +#ifdef USE_BASIC_AUTH static void aclLookupProxyAuthStart(aclCheck_t * checklist) { @@ -1376,13 +1381,16 @@ proxy_auth = httpHeaderGetStr(&checklist->request->header, HDR_AUTHORIZATION); } - ok = aclDecodeProxyAuth(proxy_auth, &auth_type, &user, &password, login_buf, - sizeof(login_buf)); - /* - * if aclDecodeProxyAuth() fails, the same call should have failed - * in aclMatchProxyAuth, and we should never get this far. - */ - assert(ok); + if (proxy_auth!=NULL) /* there was a auth_header */ + { + ok = aclDecodeProxyAuth(proxy_auth, &auth_type, &user, &password, login_buf, + sizeof(login_buf)); + /* + * if aclDecodeProxyAuth() fails, the same call should have failed + * in aclMatchProxyAuth, and we should never get this far. + */ + assert(ok); + } debug(28, 4) ("aclLookupProxyAuthStart: going to ask authenticator on %s\n", user); /* we must still check this user's password */ auth_user = memAllocate(MEM_ACL_PROXY_AUTH_USER); @@ -1395,7 +1403,7 @@ authenticateStart(checklist->auth_user, aclLookupProxyAuthDone, checklist); } - +#endif #ifdef USE_NTLM static void aclLookupProxyStatefulAuthStart(aclCheck_t * checklist) @@ -1415,9 +1423,10 @@ proxy_auth = httpHeaderGetStr(&checklist->request->header, HDR_AUTHORIZATION); } - - /* do we need this when it's stateful? it may not make _any_ sense here! */ - + assert (proxy_auth!=NULL); + /* there was no auth_header + * stateful auth helpers (all types) start with a client request + */ ok = aclDecodeProxyAuth(proxy_auth, &auth_type, &user, &password, login_buf, sizeof(login_buf)); /* @@ -1438,7 +1447,8 @@ sent_string++; while(xisspace(*sent_string)) /*trim leading spaces*/ sent_string++; - + if(checklist->conn->auth_state!=AUTHENTICATE_STATE_NEGOTIATE) + assert(checklist->conn->authhelper); authenticateNTLMStart(sent_string, aclLookupProxyNTLMAuthDone, checklist, checklist->conn->authhelper); } #endif /*NTLM*/ @@ -1868,12 +1878,16 @@ aclLookupDstFQDNDone, checklist); return; - } else if (checklist->state[ACL_PROXY_AUTH] == ACL_LOOKUP_NEEDED) { + } +#ifdef USE_BASIC_AUTH + else if (checklist->state[ACL_PROXY_AUTH] == ACL_LOOKUP_NEEDED) { debug(28, 3) ("aclCheck: checking password via basic authenticator\n"); aclLookupProxyAuthStart(checklist); checklist->state[ACL_PROXY_AUTH] = ACL_LOOKUP_PENDING; return; - } else if (checklist->state[ACL_PROXY_AUTH] == ACL_PROXY_AUTH_NEEDED) { + } +#endif + else if (checklist->state[ACL_PROXY_AUTH] == ACL_PROXY_AUTH_NEEDED) { /* Special case. Client is required to resend the request * with authentication. The request is denied. */ @@ -2012,6 +2026,7 @@ aclCheck(checklist); } +#ifdef USE_BASIC_AUTH static void aclLookupProxyAuthDone(void *data, char *result) { @@ -2025,7 +2040,8 @@ checklist->auth_user->passwd_ok = 0; aclCheck(checklist); } - +#endif +#ifdef USE_NTLM static void aclLookupProxyNTLMAuthDone(void *data, void * lastserver, char *result) { @@ -2047,14 +2063,12 @@ /* * The helper rejected the negotiate. It automatically resets */ - /* no need to reset free helper, the fd's closing will do that.*/ - checklist->conn->auth_type = AUTH_UNKNOWN; + /* ERRS get trapped by authenicate. so we don't need to free the helper for other requests */ + checklist->conn->auth_type = AUTH_BROKEN; checklist->conn->auth_state= AUTHENTICATE_STATE_NONE; + checklist->conn->authhelper= NULL; + debug(28,1)("bad NTLM negotiate request recieved on FD:%d.\n",checklist->conn->fd); } -/* if (result && (strncasecmp(result, "OK", 2) == 0)) - checklist->auth_user->passwd_ok = 1; - else - checklist->auth_user->passwd_ok = 0; */ break; case AUTHENTICATE_STATE_RESPONSE: if (result && (strncasecmp(result, "OK ", 3) == 0)){ @@ -2063,14 +2077,17 @@ xstrncpy(checklist->conn->authuser,result,MAX_LOGIN_SZ); } else - checklist->conn->auth_state=AUTHENTICATE_STATE_NONE; /* something botched.. restart */ + { + checklist->conn->auth_state=AUTHENTICATE_STATE_NONE; /* something botched.. restart */ + checklist->conn->auth_type = AUTH_BROKEN; + } assert(checklist->conn->authhelper); checklist->conn->authhelper=0; /*clear the handler*/ break; } aclCheck(checklist); } - +#endif aclCheck_t * aclChecklistCreate(const acl_access * A, @@ -2098,8 +2115,6 @@ if (ident) xstrncpy(checklist->ident, ident, USER_IDENT_SZ); #endif - checklist->auth_state = AUTHENTICATE_STATE_NONE; - checklist->auth_user = NULL; /* init to NULL */ return checklist; } Index: squid/src/authenticate.c =================================================================== RCS file: /cvsroot/squid-sf//squid/src/authenticate.c,v retrieving revision 1.1.1.3.12.7 retrieving revision 1.1.1.3.12.8 diff -u -r1.1.1.3.12.7 -r1.1.1.3.12.8 --- squid/src/authenticate.c 3 Aug 2000 22:23:17 -0000 1.1.1.3.12.7 +++ squid/src/authenticate.c 6 Aug 2000 01:17:37 -0000 1.1.1.3.12.8 @@ -1,6 +1,6 @@ /* - * $Id: authenticate.c,v 1.1.1.3.12.7 2000/08/03 22:23:17 rbcollins Exp $ + * $Id: authenticate.c,v 1.1.1.3.12.8 2000/08/06 01:17:37 rbcollins Exp $ * * DEBUG: section 29 Authenticator * AUTHOR: Duane Wessels @@ -76,6 +76,8 @@ static int authenticateNTLMHandleReply(void *data, void * lastserver, char *reply) +/*note: this is not as clean as it should be. the callback NTLMAuthDone should + * be returning the value for Morerequests. */ { authenticateStatefulStateData *r = data; int valid,morerequests=0; @@ -98,8 +100,11 @@ morerequests=0; } else if (strncasecmp(reply, "ERR", 3) == 0) { + { + morerequests=0; /*some error has occured. no more requests */ if ((t = strchr(reply, ' ')))/* strip after a space */ *t = '\0'; + } } else { debug(29, 1) ("authenticateNTLMHandleReply: Unsupported helper response, '%s'\n", reply); @@ -139,7 +144,7 @@ } /**** PUBLIC FUNCTIONS ****/ - +#ifdef USE_BASIC_AUTH /* send the initial data to an authenticator module */ void authenticateStart(acl_proxy_auth_user * auth_user, RH * handler, void *data) @@ -163,7 +168,9 @@ snprintf(buf, 8192, "%s %s\n", auth_user->user, auth_user->passwd); helperSubmit(authenticators, buf, authenticateHandleReply, r); } +#endif +#ifdef USE_NTLM /* send the initial data to a stateful authenticator module */ void authenticateNTLMStart(const char *proxy_auth, SRH * handler, void *data, helper_stateful_server * lastserver) @@ -187,12 +194,12 @@ helperStatefulSubmit(ntlmauthenticators, buf, authenticateNTLMHandleReply, r, lastserver); debug(29,9)("authenticateNTLMstart: finished\n"); } - +#endif void authenticateInit(void) { - static int init = 0; #ifdef USE_BASIC_AUTH + static int init = 0; if (Config.Program.authenticate){ if (authenticators == NULL) authenticators = helperCreate("authenticator"); @@ -209,6 +216,7 @@ } #endif #ifdef USE_NTLM + static int ntlminit = 0; if (Config.Program.ntlmauthenticate){ if (ntlmauthenticators == NULL) ntlmauthenticators = helperStatefulCreate("ntlmauthenticator"); @@ -216,11 +224,11 @@ ntlmauthenticators->n_to_start = Config.ntlmauthenticateChildren; ntlmauthenticators->ipc_type = IPC_TCP_SOCKET; helperStatefulOpenServers(ntlmauthenticators); - if (!init) { + if (!ntlminit) { cachemgrRegister("ntlmauthenticator", "User NTLM Authenticator Stats", authenticateStats, 0, 1); - init++; + ntlminit++; } } #endif Index: squid/src/cache_cf.c =================================================================== RCS file: /cvsroot/squid-sf//squid/src/cache_cf.c,v retrieving revision 1.1.1.3.4.1.2.6 retrieving revision 1.1.1.3.4.1.2.7 diff -u -r1.1.1.3.4.1.2.6 -r1.1.1.3.4.1.2.7 --- squid/src/cache_cf.c 2 Aug 2000 14:13:11 -0000 1.1.1.3.4.1.2.6 +++ squid/src/cache_cf.c 6 Aug 2000 01:17:37 -0000 1.1.1.3.4.1.2.7 @@ -1,6 +1,6 @@ /* - * $Id: cache_cf.c,v 1.1.1.3.4.1.2.6 2000/08/02 14:13:11 rbcollins Exp $ + * $Id: cache_cf.c,v 1.1.1.3.4.1.2.7 2000/08/06 01:17:37 rbcollins Exp $ * * DEBUG: section 3 Configuration File Parsing * AUTHOR: Harvest Derived @@ -375,10 +375,14 @@ #endif if (Config.Program.redirect) requirePathnameExists("redirect_program", Config.Program.redirect->key); +#ifdef USE_NTLM if (Config.Program.ntlmauthenticate) requirePathnameExists("authenticate_program_ntlm", Config.Program.ntlmauthenticate->key); +#endif +#ifdef USE_BASIC_AUTH if (Config.Program.authenticate) requirePathnameExists("authenticate_program", Config.Program.authenticate->key); +#endif requirePathnameExists("Icon Directory", Config.icons.directory); requirePathnameExists("Error Directory", Config.errorDirectory); #if HTTP_VIOLATIONS Index: squid/src/helper.c =================================================================== RCS file: /cvsroot/squid-sf//squid/src/helper.c,v retrieving revision 1.1.1.3.12.4 retrieving revision 1.1.1.3.12.5 diff -u -r1.1.1.3.12.4 -r1.1.1.3.12.5 --- squid/src/helper.c 2 Aug 2000 14:13:11 -0000 1.1.1.3.12.4 +++ squid/src/helper.c 6 Aug 2000 01:17:37 -0000 1.1.1.3.12.5 @@ -1,6 +1,6 @@ /* - * $Id: helper.c,v 1.1.1.3.12.4 2000/08/02 14:13:11 rbcollins Exp $ + * $Id: helper.c,v 1.1.1.3.12.5 2000/08/06 01:17:37 rbcollins Exp $ * * DEBUG: section 29 Helper process maintenance * AUTHOR: Harvest Derived? @@ -259,6 +259,27 @@ debug(29,9) ("helperStatefulSubmit: %s\n",buf); } +void +helperStatefulReset(helper_stateful_server * srv) +/* puts this helper back in the queue. the calling app is required to + * manage the state in the helper + */ +{ + helper * hlp = srv->parent; + helper_stateful_request * r; + r = srv->request; + if (r != NULL) { + /* reset attempt DURING an outstaning request */ + debug(29, 1) ("helperStatefulReset: RESET During request %s \n", + hlp->id_name); + srv->flags.busy = 0; + srv->offset = 0; + helperStatefulRequestFree(r); + srv->request = NULL; + } + helperKickQueue(hlp); + srv->flags.busy = 0; +} void helperStats(StoreEntry * sentry, helper * hlp) Index: squid/src/protos.h =================================================================== RCS file: /cvsroot/squid-sf//squid/src/protos.h,v retrieving revision 1.1.1.3.12.9 retrieving revision 1.1.1.3.12.10 diff -u -r1.1.1.3.12.9 -r1.1.1.3.12.10 --- squid/src/protos.h 2 Aug 2000 14:13:11 -0000 1.1.1.3.12.9 +++ squid/src/protos.h 6 Aug 2000 01:17:37 -0000 1.1.1.3.12.10 @@ -1,6 +1,6 @@ /* - * $Id: protos.h,v 1.1.1.3.12.9 2000/08/02 14:13:11 rbcollins Exp $ + * $Id: protos.h,v 1.1.1.3.12.10 2000/08/06 01:17:37 rbcollins Exp $ * * * SQUID Internet Object Cache http://squid.nlanr.net/Squid/ @@ -694,11 +694,17 @@ extern void redirectInit(void); extern void redirectShutdown(void); +#ifdef USE_BASIC_AUTH extern void authenticateStart(acl_proxy_auth_user *, RH *, void *); +#endif +#ifdef USE_NTLM extern void authenticateNTLMStart(const char *proxy_auth, SRH * handler, void *data, helper_stateful_server * lastserver); +#endif +#if defined(USE_BASIC_AUTH) || defined (USE_NTLM) extern void authenticateInit(void); extern void authenticateShutdown(void); extern void authenticateFixErrorHeader(HttpReply *, int, auth_t, int, char *authchallenge); +#endif extern void refreshAddToList(const char *, int, time_t, int, time_t); extern int refreshIsCachable(const StoreEntry *); @@ -1175,6 +1181,7 @@ extern statefulhelper *helperStatefulCreate(const char *); extern void helperFree(helper *); extern void helperStatefulFree(statefulhelper *); +extern void helperStatefulReset(helper_stateful_server * srv); Index: squid/src/structs.h =================================================================== RCS file: /cvsroot/squid-sf//squid/src/structs.h,v retrieving revision 1.1.1.3.4.1.2.13 retrieving revision 1.1.1.3.4.1.2.14 diff -u -r1.1.1.3.4.1.2.13 -r1.1.1.3.4.1.2.14 --- squid/src/structs.h 2 Aug 2000 14:13:12 -0000 1.1.1.3.4.1.2.13 +++ squid/src/structs.h 6 Aug 2000 01:17:37 -0000 1.1.1.3.4.1.2.14 @@ -1,6 +1,6 @@ /* - * $Id: structs.h,v 1.1.1.3.4.1.2.13 2000/08/02 14:13:12 rbcollins Exp $ + * $Id: structs.h,v 1.1.1.3.4.1.2.14 2000/08/06 01:17:37 rbcollins Exp $ * * * SQUID Internet Object Cache http://squid.nlanr.net/Squid/ @@ -73,12 +73,6 @@ /* extra fields for proxy_auth */ int auth_type; char *passwd; -#ifdef USE_NTLM - char *lmresponse; - char *ntresponse; - char *domain; - char *workstation; -#endif int passwd_ok; /* 1 = passwd checked OK */ long expiretime; struct in_addr ipaddr; /* IP addr this user authenticated from */ @@ -156,8 +150,6 @@ ConnStateData *conn; /* hack for ident and NTLM*/ char ident[USER_IDENT_SZ]; #endif - int auth_type; - int auth_state; acl_proxy_auth_user *auth_user; acl_lookup_state state[ACL_ENUM_MAX]; #if SQUID_SNMP @@ -199,6 +191,7 @@ sockaddr_in_list *next; }; + #if DELAY_POOLS struct _delaySpec { int restore_bps; @@ -324,8 +317,12 @@ char *dnsserver; #endif wordlist *redirect; +#ifdef USE_BASIC_AUTH wordlist *authenticate; +#endif +#ifdef USE_NTLM wordlist *ntlmauthenticate; +#endif #if USE_ICMP char *pinger; #endif @@ -442,7 +439,9 @@ int digest_generation; #endif int log_ip_on_direct; +#ifdef USE_BASIC_AUTH int authenticateIpTTLStrict; +#endif } onoff; acl *aclList; struct { @@ -1570,7 +1569,7 @@ err_type type; int page_id; http_status http_status; - int auth_type; + auth_t auth_type; int auth_state; char *authchallenge; request_t *request;