--------------------- PatchSet 631 Date: 2000/10/13 12:45:35 Author: rbcollins Branch: ntlm Tag: (none) Log: tidy up of #defines to compile with uncommon combinations experimental ntlm authenticate caching Members: acconfig.h:1.1.1.3.10.6->1.1.1.3.10.7 configure.in:1.1.1.3.10.14->1.1.1.3.10.15 src/acl.c:1.1.1.3.12.18->1.1.1.3.12.19 src/authenticate.c:1.1.1.3.12.12->1.1.1.3.12.13 src/client_side.c:1.1.1.3.4.1.2.21->1.1.1.3.4.1.2.22 src/defines.h:1.1.1.3.12.7->1.1.1.3.12.8 src/enums.h:1.1.1.3.12.9->1.1.1.3.12.10 src/main.c:1.1.1.3.4.1.2.6->1.1.1.3.4.1.2.7 src/mem.c:1.1.1.3.12.6->1.1.1.3.12.7 src/protos.h:1.1.1.3.12.12->1.1.1.3.12.13 src/structs.h:1.1.1.3.4.1.2.17->1.1.1.3.4.1.2.18 src/typedefs.h:1.1.1.3.12.8->1.1.1.3.12.9 Index: squid/acconfig.h =================================================================== RCS file: /cvsroot/squid-sf//squid/Attic/acconfig.h,v retrieving revision 1.1.1.3.10.6 retrieving revision 1.1.1.3.10.7 diff -u -r1.1.1.3.10.6 -r1.1.1.3.10.7 --- squid/acconfig.h 2 Aug 2000 14:13:10 -0000 1.1.1.3.10.6 +++ squid/acconfig.h 13 Oct 2000 12:45:35 -0000 1.1.1.3.10.7 @@ -20,7 +20,7 @@ * */ @ TOP @ -/* $Id: acconfig.h,v 1.1.1.3.10.6 2000/08/02 14:13:10 rbcollins Exp $ */ +/* $Id: acconfig.h,v 1.1.1.3.10.7 2000/10/13 12:45:35 rbcollins Exp $ */ /********************************* * START OF CONFIGURABLE OPTIONS * @@ -239,6 +239,11 @@ #define USE_IDENT 1 /* + * Compile in support for NTLM authentication caching. + */ +#undef NTLM_CACHING + +/* * Compile in support for NTLM authentication. */ #undef USE_NTLM Index: squid/configure.in =================================================================== RCS file: /cvsroot/squid-sf//squid/configure.in,v retrieving revision 1.1.1.3.10.14 retrieving revision 1.1.1.3.10.15 diff -u -r1.1.1.3.10.14 -r1.1.1.3.10.15 --- squid/configure.in 4 Oct 2000 09:42:35 -0000 1.1.1.3.10.14 +++ squid/configure.in 13 Oct 2000 12:45:35 -0000 1.1.1.3.10.15 @@ -3,13 +3,13 @@ dnl dnl Duane Wessels, wessels@nlanr.net, February 1996 (autoconf v2.9) dnl -dnl $Id: configure.in,v 1.1.1.3.10.14 2000/10/04 09:42:35 hno Exp $ +dnl $Id: configure.in,v 1.1.1.3.10.15 2000/10/13 12:45:35 rbcollins Exp $ dnl dnl dnl AC_INIT(src/main.c) AC_CONFIG_HEADER(include/autoconf.h) -AC_REVISION($Revision: 1.1.1.3.10.14 $)dnl +AC_REVISION($Revision: 1.1.1.3.10.15 $)dnl AC_PREFIX_DEFAULT(/usr/local/squid) AC_CONFIG_AUX_DIR(cfgaux) @@ -628,6 +628,16 @@ fi ]) +AC_ARG_ENABLE(ntlm-auth-caching, +[ --enable-ntlm-auth-caching + This allows Squid to use cache the Microsoft NTLM + authentication data -- EXPERIMENTAL AT BEST], +[ if test "$enableval" = "yes" ; then + echo "Enabling NTLM authentication caching" + AC_DEFINE(NTLM_CACHING) + fi +]) + AC_ARG_ENABLE(basic-authentication, [ --enable-basic-authentication This prevents Squid from using Basic (cleartext) Index: squid/src/acl.c =================================================================== RCS file: /cvsroot/squid-sf//squid/src/acl.c,v retrieving revision 1.1.1.3.12.18 retrieving revision 1.1.1.3.12.19 diff -u -r1.1.1.3.12.18 -r1.1.1.3.12.19 --- squid/src/acl.c 9 Oct 2000 22:33:45 -0000 1.1.1.3.12.18 +++ squid/src/acl.c 13 Oct 2000 12:45:36 -0000 1.1.1.3.12.19 @@ -1,6 +1,6 @@ /* - * $Id: acl.c,v 1.1.1.3.12.18 2000/10/09 22:33:45 rbcollins Exp $ + * $Id: acl.c,v 1.1.1.3.12.19 2000/10/13 12:45:36 rbcollins Exp $ * * DEBUG: section 28 Access Control * AUTHOR: Duane Wessels @@ -36,12 +36,17 @@ #include "squid.h" #include "splay.h" + + static int aclFromFile = 0; static FILE *aclFile; +#ifdef USE_BASIC_AUTH static hash_table *proxy_auth_cache = NULL; - +#endif static void aclParseDomainList(void *curlist); +#if 0 static void aclParseProxyAuthList(void *curlist); +#endif static void aclParseIpList(void *curlist); static void aclParseIntlist(void *curlist); static void aclParseWordList(void *curlist); @@ -110,6 +115,10 @@ static SPLAYWALKEE aclDumpArpListWalkee; #endif +#if defined(USE_NTLM) && defined( NTLM_CACHING) +static hash_table *ntlmauthcache=NULL; +#endif + static char * strtokFile(void) { @@ -640,6 +649,7 @@ wordlistAdd(curlist, t); } +#if 0 /* each proxy auth acl can be for a specific front-side protocol. */ static void aclParseProxyAuthList(void *curlist) @@ -670,6 +680,7 @@ wordlistAdd(&pad->names, t); */ } +#endif /**********************/ /* aclParseDomainList */ @@ -787,19 +798,37 @@ #else aclParseWordList(&A->data); #endif +#ifdef USE_BASIC_AUTH if (!proxy_auth_cache) { /* First time around, 7921 should be big enough */ proxy_auth_cache = hash_create((HASHCMP *) strcmp, 7921, hash_string); assert(proxy_auth_cache); } +#endif +#if defined (NTLM_CACHING) && defined (USE_NTLM) + if (!ntlmauthcache) { + /* First time around, 7921 should be big enough */ + ntlmauthcache = hash_create((HASHCMP *) strcmp, 7921 , hash_string); + assert(ntlmauthcache); + } +#endif break; case ACL_PROXY_AUTH_REGEX: aclParseRegexList(&A->data); +#ifdef USE_BASIC_AUTH if (!proxy_auth_cache) { /* First time around, 7921 should be big enough */ proxy_auth_cache = hash_create((HASHCMP *) strcmp, 7921, hash_string); assert(proxy_auth_cache); } +#endif +#if defined (NTLM_CACHING) && defined (USE_NTLM) + if (!ntlmauthcache) { + /* First time around, 7921 should be big enough */ + ntlmauthcache = hash_create((HASHCMP *) strcmp, 7921 , hash_string); + assert(ntlmauthcache); + } +#endif break; #if SQUID_SNMP case ACL_SNMP_COMMUNITY: @@ -1167,7 +1196,10 @@ /* checklist is used to register user name when identified, nothing else */ LOCAL_ARRAY(char, login_buf, USER_IDENT_SZ); char *user, *password; - int type, rv; + int type; +#ifdef USE_NTLM + int rv; +#endif /* state machine for ntlm authentication on a connection should be easily modified to support Digest via the @@ -1364,14 +1396,19 @@ fatal("aclMatchProxyAuth: unknown ACL type"); return 0; /* NOTREACHED */ } - - fatal("aclMatchProxyAuth:End of NTLM auth checking code... should be Unreachable\n"); +#endif + fatal("aclMatchProxyAuth:End of auth state checking code... should be unreachable\n"); break; - } +/* #endif + default: + fatal("unknown auth type\n"); + }*/ + } fatal("aclMatchProxyAuth:END Of MatchACL routine... should be unreachable\n"); return 0; } + #ifdef USE_BASIC_AUTH static void aclLookupProxyAuthStart(aclCheck_t * checklist) @@ -1414,6 +1451,7 @@ checklist); } #endif + #ifdef USE_NTLM static void aclLookupProxyStatefulAuthStart(aclCheck_t * checklist) @@ -1422,6 +1460,9 @@ const char *proxy_auth; char *sent_string; char *user, *password; +#ifdef NTLM_CACHING + NTLMAuthEntry *authentry; +#endif int ok,auth_type; if (!checklist->request->flags.accelerated) { @@ -1448,7 +1489,6 @@ * add authenticateAUTHMETODStart and aclLookupProxyAUTHMETHODDone functions, and _if needed_ new storage to the connection structure * You should be able to reuse the auth* variable in the connection structure as the state machine _should_ avoid collisions. */ - debug(28, 5) ("aclLookupProxyStatefulAuthStart: going to ask NTLM authenticator on %s\n", proxy_auth); /* stateful authentication has no timeouts/ip storage etc */ @@ -1459,13 +1499,34 @@ sent_string++; if(checklist->conn->auth_state!=AUTHENTICATE_STATE_NEGOTIATE) { - assert(checklist->conn->authhelper); + /* we are checking on the authenticate string here */ + assert(checklist->conn->authhelper); + xstrncpy(checklist->conn->ntlmauthenticate,sent_string,NTLM_CHALLENGE_SZ); +#ifdef NTLM_CACHING + /* this is where we can 'cheat' and check for a cache hit */ + debug(28,0)("looking for a hash entry with Authenticate %s\n",checklist->conn->ntlmauthenticate ); + if (ntlmauthcache) + { + authentry=hash_lookup(ntlmauthcache,checklist->conn->ntlmauthenticate); + if (authentry){ + /* we found one */ + /* we need to walk the list, but lets prove concept first */ + debug(28,0)("found matching cache entry\n"); + debug(28,0)("Username to be used is %s\n",authentry->authuser); + checklist->conn->auth_state=AUTHENTICATE_STATE_DONE; + xstrncpy(checklist->conn->authuser,authentry->authuser,USER_IDENT_SZ); + authenticateNTLMStart("RESET", aclLookupProxyNTLMAuthDone, checklist, checklist->conn->authhelper); + return; /* the rest of this function applies to cache misses */ + } + } +#endif debug(28,6)("aclLookupProxyStatefulAuthStart: Asking NTLM authenticator '%d' on FD '%d'\n",checklist->conn->authhelper,checklist->conn->fd); } authenticateNTLMStart(sent_string, aclLookupProxyNTLMAuthDone, checklist, checklist->conn->authhelper); } #endif /*NTLM*/ + static int aclMatchInteger(intlist * data, int i) { @@ -1907,13 +1968,16 @@ debug(28,6)("aclCheck: requiring Proxy Auth header.\n"); allow = ACCESS_REQ_PROXY_AUTH; match = -1; - } else if (checklist->state[ACL_PROXY_AUTH] == ACL_HELPER_START) { + } +#ifdef USE_NTLM + else if (checklist->state[ACL_PROXY_AUTH] == ACL_HELPER_START) { /* we are using an external helper to do __everything__ in a STATEFUL fashion */ debug(28,3) ("aclCheck: handing Proxy Auth header to stateful authenticator\n"); aclLookupProxyStatefulAuthStart(checklist); checklist->state[ACL_PROXY_AUTH] = ACL_HELPER_PENDING; return; } +#endif #if USE_IDENT else if (checklist->state[ACL_IDENT] == ACL_LOOKUP_NEEDED) { debug(28, 3) ("aclCheck: Doing ident lookup\n"); @@ -2053,20 +2117,31 @@ aclLookupProxyNTLMAuthDone(void *data, void * lastserver, char *result) { aclCheck_t *checklist = data; +#ifdef NTLM_CACHING + NTLMAuthEntry *authentry; +#endif checklist->state[ACL_PROXY_AUTH] = ACL_LOOKUP_DONE; debug(28, 4) ("aclLookupProxyStatefulAuthDone: result = %s\n", result ? result : "NULL"); /* check format */ /* state info check */ assert(checklist->conn!=NULL); +#ifdef NTLM_CACHING + assert((checklist->conn->auth_state==AUTHENTICATE_STATE_NEGOTIATE)||(checklist->conn->auth_state==AUTHENTICATE_STATE_RESPONSE)||(checklist->conn->auth_state==AUTHENTICATE_STATE_DONE)); +#else assert((checklist->conn->auth_state==AUTHENTICATE_STATE_NEGOTIATE)||(checklist->conn->auth_state==AUTHENTICATE_STATE_RESPONSE)); +#endif assert(checklist->conn->auth_type ==AUTH_NTLM); switch(checklist->conn->auth_state){ case AUTHENTICATE_STATE_NONE: case AUTHENTICATE_STATE_CHALLENGE: + fatal("aclLookupProxyNTLMAuthDone: unexpected NTLM authentication state\n"); + break; case AUTHENTICATE_STATE_DONE: - fatal("aclLookupProxyNTLMAuthDone: unexpected NTLM authentication state\n"); - /* unreached */ + if (result && (strncasecmp(result, "RESET OK", 3) == 0)){ + + debug(28,0)("aclLookupProxyNTLMAuthDone: returned RESET OK from helper in state done - assuming this was a cache hit.\n"); + } break; case AUTHENTICATE_STATE_NEGOTIATE: xstrncpy(checklist->conn->authchallenge,result,NTLM_CHALLENGE_SZ); @@ -2088,6 +2163,27 @@ checklist->conn->auth_state=AUTHENTICATE_STATE_DONE; /* they are a valid domain user */ result+=3; xstrncpy(checklist->conn->authuser,result,MAX_LOGIN_SZ); +#ifdef NTLM_CACHING + /* add to the hash table. we only reach here if we had to do an auth so we know they are not in the hash table. */ +// debug(28,1)("adding ch %s\nauth %s\nauthuser %s\n", checklist->conn->authchallenge,checklist->conn->ntlmauthenticate,checklist->conn->authuser); + authentry=memAllocate(MEM_NTLM_AUTH_CACHE); + authentry->challenge=xstrndup(checklist->conn->authchallenge,NTLM_CHALLENGE_SZ); + authentry->authenticate=xstrndup(checklist->conn->ntlmauthenticate,NTLM_CHALLENGE_SZ); + xstrncpy(authentry->authuser,checklist->conn->authuser,USER_IDENT_SZ); + authentry->atime=time(NULL); + debug(28,0)("adding ch %s\nauth %s\nauthuser %s\n",authentry->challenge,authentry->authenticate,authentry->authuser); + hash_join(ntlmauthcache,(hash_link *) authentry); + +/* + debug(28, 4) ("aclMatchProxyAuth: user '%s' validated OK\n", user); + xstrncpy(checklist->request->user_ident, user, USER_IDENT_SZ); + auth_user->expiretime = current_time.tv_sec + Config.authenticateTTL; + auth_user->ip_expiretime = squid_curtime + Config.authenticateIpTTL; + auth_user->ipaddr = checklist->src_addr; + hash_join(proxy_auth_cache, (hash_link *) auth_user); +*/ + +#endif } else { Index: squid/src/authenticate.c =================================================================== RCS file: /cvsroot/squid-sf//squid/src/authenticate.c,v retrieving revision 1.1.1.3.12.12 retrieving revision 1.1.1.3.12.13 diff -u -r1.1.1.3.12.12 -r1.1.1.3.12.13 --- squid/src/authenticate.c 9 Oct 2000 22:33:45 -0000 1.1.1.3.12.12 +++ squid/src/authenticate.c 13 Oct 2000 12:45:37 -0000 1.1.1.3.12.13 @@ -1,6 +1,6 @@ /* - * $Id: authenticate.c,v 1.1.1.3.12.12 2000/10/09 22:33:45 rbcollins Exp $ + * $Id: authenticate.c,v 1.1.1.3.12.13 2000/10/13 12:45:37 rbcollins Exp $ * * DEBUG: section 29 Authenticator * AUTHOR: Duane Wessels @@ -37,6 +37,8 @@ #if defined(USE_BASIC_AUTH) || defined(USE_NTLM) + + #ifdef USE_BASIC_AUTH typedef struct { void *data; @@ -288,12 +290,16 @@ #endif } +#endif /*USE BASIC or NTLM */ + void authenticateFixErrorHeader(HttpReply * rep, ErrorState * err) { auth_type_t auth_type=err->auth_type; auth_state_t auth_state=err->auth_state; +#ifdef USE_NTLM char *authchallenge=err->authchallenge; +#endif int type; switch (err->http_status) { case HTTP_PROXY_AUTHENTICATION_REQUIRED: @@ -368,4 +374,3 @@ } return; } -#endif /*USE BASIC or NTLM */ Index: squid/src/client_side.c =================================================================== RCS file: /cvsroot/squid-sf//squid/src/client_side.c,v retrieving revision 1.1.1.3.4.1.2.21 retrieving revision 1.1.1.3.4.1.2.22 diff -u -r1.1.1.3.4.1.2.21 -r1.1.1.3.4.1.2.22 --- squid/src/client_side.c 4 Oct 2000 09:42:36 -0000 1.1.1.3.4.1.2.21 +++ squid/src/client_side.c 13 Oct 2000 12:45:37 -0000 1.1.1.3.4.1.2.22 @@ -1,6 +1,6 @@ /* - * $Id: client_side.c,v 1.1.1.3.4.1.2.21 2000/10/04 09:42:36 hno Exp $ + * $Id: client_side.c,v 1.1.1.3.4.1.2.22 2000/10/13 12:45:37 rbcollins Exp $ * * DEBUG: section 33 Client-side Routines * AUTHOR: Duane Wessels @@ -261,7 +261,9 @@ err->src_addr = http->conn->peer.sin_addr; err->auth_type = http->conn->auth_type; err->auth_state = http->conn->auth_state; +#ifdef USE_NTLM err->authchallenge = http->conn->authchallenge; +#endif errorAppendEntry(http->entry, err); } } @@ -791,6 +793,7 @@ cbdataFree(http); } +#if defined (USE_NTLM) /* || defined (USE_BASIC) etc */ /* This just releases the stateful helper used by a connection */ static void connStateFreeHelperDone(void * data, void * lastserver, char * result) @@ -800,9 +803,12 @@ if (result && (strncasecmp(result, "OK", 2) != 0)){ debug(33,1)("connStateFreeHelperDone: error resetting stateful helper, result '%s'.\n",result); } +#ifdef USE_NTLM connState->authhelper=0; +#endif connStateFree(connState->fd,data); } +#endif /* This is a handler normally called by comm_close() */ static void @@ -812,10 +818,12 @@ clientHttpRequest *http; debug(33, 3) ("connStateFree: FD %d\n", fd); assert(connState != NULL); +#ifdef USE_NTLM if (connState->authhelper){ debug(33,4)("connStateFree: FD %d releasing helper %d.\n",fd,connState->authhelper); authenticateNTLMStart("RESET",connStateFreeHelperDone,connState,connState->authhelper); } +#endif clientdbEstablished(connState->peer.sin_addr, -1); /* decrement */ while ((http = connState->chr) != NULL) { assert(http->conn == connState); Index: squid/src/defines.h =================================================================== RCS file: /cvsroot/squid-sf//squid/src/defines.h,v retrieving revision 1.1.1.3.12.7 retrieving revision 1.1.1.3.12.8 diff -u -r1.1.1.3.12.7 -r1.1.1.3.12.8 --- squid/src/defines.h 10 Aug 2000 10:06:47 -0000 1.1.1.3.12.7 +++ squid/src/defines.h 13 Oct 2000 12:45:37 -0000 1.1.1.3.12.8 @@ -1,6 +1,6 @@ /* - * $Id: defines.h,v 1.1.1.3.12.7 2000/08/10 10:06:47 rbcollins Exp $ + * $Id: defines.h,v 1.1.1.3.12.8 2000/10/13 12:45:37 rbcollins Exp $ * * * SQUID Internet Object Cache http://squid.nlanr.net/Squid/ @@ -146,7 +146,7 @@ #define AUTHENTICATE_TYPE_NTLM 2 */ -#define NTLM_CHALLENGE_SZ 256 +#define NTLM_CHALLENGE_SZ 300 /*ACL CHECKS */ /* 0 and 1 are reserved for DENY and ALLOW in ALL Cases. DO NOT ALTER */ Index: squid/src/enums.h =================================================================== RCS file: /cvsroot/squid-sf//squid/src/enums.h,v retrieving revision 1.1.1.3.12.9 retrieving revision 1.1.1.3.12.10 diff -u -r1.1.1.3.12.9 -r1.1.1.3.12.10 --- squid/src/enums.h 4 Oct 2000 09:42:36 -0000 1.1.1.3.12.9 +++ squid/src/enums.h 13 Oct 2000 12:45:37 -0000 1.1.1.3.12.10 @@ -1,6 +1,6 @@ /* - * $Id: enums.h,v 1.1.1.3.12.9 2000/10/04 09:42:36 hno Exp $ + * $Id: enums.h,v 1.1.1.3.12.10 2000/10/13 12:45:37 rbcollins Exp $ * * * SQUID Internet Object Cache http://squid.nlanr.net/Squid/ @@ -507,13 +507,15 @@ } auth_type_t; typedef enum { - AUTHENTICATE_STATE_NONE, + AUTHENTICATE_STATE_NONE +#ifdef USE_NTLM +, AUTHENTICATE_STATE_NEGOTIATE, AUTHENTICATE_STATE_CHALLENGE, AUTHENTICATE_STATE_RESPONSE, AUTHENTICATE_STATE_DONE +#endif } auth_state_t; - #if SQUID_SNMP enum { @@ -626,6 +628,9 @@ #endif MEM_EVENT, MEM_MAX +#ifdef NTLM_CACHING + ,MEM_NTLM_AUTH_CACHE +#endif } mem_type; /* Index: squid/src/main.c =================================================================== RCS file: /cvsroot/squid-sf//squid/src/main.c,v retrieving revision 1.1.1.3.4.1.2.6 retrieving revision 1.1.1.3.4.1.2.7 diff -u -r1.1.1.3.4.1.2.6 -r1.1.1.3.4.1.2.7 --- squid/src/main.c 16 Jul 2000 13:12:24 -0000 1.1.1.3.4.1.2.6 +++ squid/src/main.c 13 Oct 2000 12:45:37 -0000 1.1.1.3.4.1.2.7 @@ -1,6 +1,6 @@ /* - * $Id: main.c,v 1.1.1.3.4.1.2.6 2000/07/16 13:12:24 hno Exp $ + * $Id: main.c,v 1.1.1.3.4.1.2.7 2000/10/13 12:45:37 rbcollins Exp $ * * DEBUG: section 1 Startup and Main Loop * AUTHOR: Harvest Derived @@ -343,7 +343,9 @@ idnsShutdown(); #endif redirectShutdown(); +#if defined(USE_NTLM) || defined (USE_BASIC_AUTH) authenticateShutdown(); +#endif storeDirCloseSwapLogs(); errorClean(); mimeFreeMemory(); @@ -358,7 +360,9 @@ idnsInit(); #endif redirectInit(); +#if defined(USE_NTLM) || defined (USE_BASIC_AUTH) authenticateInit(); +#endif #if USE_WCCP wccpInit(); #endif @@ -384,7 +388,9 @@ dnsShutdown(); #endif redirectShutdown(); +#if defined(USE_NTLM) || defined (USE_BASIC_AUTH) authenticateShutdown(); +#endif _db_rotate_log(); /* cache.log */ storeDirWriteCleanLogs(1); storeLogRotate(); /* store.log */ @@ -396,7 +402,9 @@ dnsInit(); #endif redirectInit(); +#if defined(USE_NTLM) || defined (USE_BASIC_AUTH) authenticateInit(); +#endif } static void @@ -485,7 +493,9 @@ idnsInit(); #endif redirectInit(); +#if defined(USE_NTLM) || defined (USE_BASIC_AUTH) authenticateInit(); +#endif useragentOpenLog(); refererOpenLog(); httpHeaderInitModule(); /* must go before any header processing (e.g. the one in errorInitialize) */ @@ -707,7 +717,9 @@ idnsShutdown(); #endif redirectShutdown(); +#if defined(USE_NTLM) || defined (USE_BASIC_AUTH) authenticateShutdown(); +#endif eventAdd("SquidShutdown", SquidShutdown, NULL, (double) (wait + 1), 1); } eventRun(); Index: squid/src/mem.c =================================================================== RCS file: /cvsroot/squid-sf//squid/src/mem.c,v retrieving revision 1.1.1.3.12.6 retrieving revision 1.1.1.3.12.7 diff -u -r1.1.1.3.12.6 -r1.1.1.3.12.7 --- squid/src/mem.c 4 Oct 2000 09:42:36 -0000 1.1.1.3.12.6 +++ squid/src/mem.c 13 Oct 2000 12:45:37 -0000 1.1.1.3.12.7 @@ -1,6 +1,6 @@ /* - * $Id: mem.c,v 1.1.1.3.12.6 2000/10/04 09:42:36 hno Exp $ + * $Id: mem.c,v 1.1.1.3.12.7 2000/10/13 12:45:37 rbcollins Exp $ * * DEBUG: section 13 High Level Memory Pool Management * AUTHOR: Harvest Derived @@ -254,6 +254,9 @@ memDataInit(MEM_NET_DB_NAME, "net_db_name", sizeof(net_db_name), 0); memDataInit(MEM_NET_DB_PEER, "net_db_peer", sizeof(net_db_peer), 0); memDataInit(MEM_PEER, "peer", sizeof(peer), 0); +#if defined (USE_NTLM) && defined (NTLM_CACHING) + memDataInit(MEM_NTLM_AUTH_CACHE, "ntlm auth cache entry", sizeof(NTLMAuthEntry), 0); +#endif #if USE_CACHE_DIGESTS memDataInit(MEM_PEER_DIGEST, "PeerDigest", sizeof(PeerDigest), 0); memDataInit(MEM_DIGEST_FETCH_STATE, "DigestFetchState", sizeof(DigestFetchState), 0); Index: squid/src/protos.h =================================================================== RCS file: /cvsroot/squid-sf//squid/src/protos.h,v retrieving revision 1.1.1.3.12.12 retrieving revision 1.1.1.3.12.13 diff -u -r1.1.1.3.12.12 -r1.1.1.3.12.13 --- squid/src/protos.h 4 Oct 2000 09:42:36 -0000 1.1.1.3.12.12 +++ squid/src/protos.h 13 Oct 2000 12:45:37 -0000 1.1.1.3.12.13 @@ -1,6 +1,6 @@ /* - * $Id: protos.h,v 1.1.1.3.12.12 2000/10/04 09:42:36 hno Exp $ + * $Id: protos.h,v 1.1.1.3.12.13 2000/10/13 12:45:37 rbcollins Exp $ * * * SQUID Internet Object Cache http://squid.nlanr.net/Squid/ @@ -701,8 +701,8 @@ #if defined(USE_BASIC_AUTH) || defined (USE_NTLM) extern void authenticateInit(void); extern void authenticateShutdown(void); -extern void authenticateFixErrorHeader(HttpReply * rep, ErrorState * err); #endif +extern void authenticateFixErrorHeader(HttpReply * rep, ErrorState * err); extern void refreshAddToList(const char *, int, time_t, int, time_t); extern int refreshIsCachable(const StoreEntry *); Index: squid/src/structs.h =================================================================== RCS file: /cvsroot/squid-sf//squid/src/structs.h,v retrieving revision 1.1.1.3.4.1.2.17 retrieving revision 1.1.1.3.4.1.2.18 diff -u -r1.1.1.3.4.1.2.17 -r1.1.1.3.4.1.2.18 --- squid/src/structs.h 4 Oct 2000 09:42:36 -0000 1.1.1.3.4.1.2.17 +++ squid/src/structs.h 13 Oct 2000 12:45:37 -0000 1.1.1.3.4.1.2.18 @@ -1,6 +1,6 @@ /* - * $Id: structs.h,v 1.1.1.3.4.1.2.17 2000/10/04 09:42:36 hno Exp $ + * $Id: structs.h,v 1.1.1.3.4.1.2.18 2000/10/13 12:45:37 rbcollins Exp $ * * * SQUID Internet Object Cache http://squid.nlanr.net/Squid/ @@ -932,9 +932,12 @@ } body; auth_state_t auth_state; /* where the user authentication is up to */ auth_type_t auth_type; /* what authentication type this connection was made with */ +#ifdef USE_NTLM char authchallenge[NTLM_CHALLENGE_SZ]; /* what challenge did we give the client? */ - char authuser[USER_IDENT_SZ]; /* what challenge did we give the client? */ + char ntlmauthenticate[NTLM_CHALLENGE_SZ]; /* what authenticate string did we get? */ helper_stateful_server * authhelper; /*we need to store the NTLM helper between requests*/ +#endif + char authuser[USER_IDENT_SZ]; /* what username did wthey have get? */ clientHttpRequest *chr; struct sockaddr_in peer; struct sockaddr_in me; @@ -1529,7 +1532,9 @@ http_status http_status; auth_type_t auth_type; auth_state_t auth_state; +#ifdef USE_NTLM char *authchallenge; +#endif request_t *request; char *url; int xerrno; @@ -1886,6 +1891,22 @@ } stats; }; +#ifdef USE_NTLM +#ifdef NTLM_CACHING +/* + * This is used for the hash entries in the ntlm auth cache + */ + +struct _NTLMAuthEntry { + char *authenticate; //the expected authenticate string & key + NTLMAuthEntry *next; + char *challenge; //the challenge + time_t atime; //creatin time + char authuser[USER_IDENT_SZ]; +}; +#endif +#endif + /* * use this when you need to pass callback data to a blocking * operation, but you don't want to add that pointer to cbdata Index: squid/src/typedefs.h =================================================================== RCS file: /cvsroot/squid-sf//squid/src/typedefs.h,v retrieving revision 1.1.1.3.12.8 retrieving revision 1.1.1.3.12.9 diff -u -r1.1.1.3.12.8 -r1.1.1.3.12.9 --- squid/src/typedefs.h 4 Oct 2000 09:42:36 -0000 1.1.1.3.12.8 +++ squid/src/typedefs.h 13 Oct 2000 12:45:38 -0000 1.1.1.3.12.9 @@ -1,6 +1,6 @@ /* - * $Id: typedefs.h,v 1.1.1.3.12.8 2000/10/04 09:42:36 hno Exp $ + * $Id: typedefs.h,v 1.1.1.3.12.9 2000/10/13 12:45:38 rbcollins Exp $ * * * SQUID Internet Object Cache http://squid.nlanr.net/Squid/ @@ -178,6 +178,10 @@ typedef struct _RemovalPolicyNode RemovalPolicyNode; typedef struct _RemovalPolicySettings RemovalPolicySettings; +#if NTLM_CACHING +typedef struct _NTLMAuthEntry NTLMAuthEntry; +#endif + #if SQUID_SNMP typedef variable_list *(oid_ParseFn) (variable_list *, snint *); typedef struct _snmp_request_t snmp_request_t;