--------------------- PatchSet 861 Date: 2000/11/21 11:30:01 Author: rbcollins Branch: auth_rewrite Tag: (none) Log: auth split into libs completed. Couple of things remainind, but now very little code in authenticate.c or acl.c will need changing to add a new auth scheme. Members: src/acl.c:1.1.1.3.12.26.2.3->1.1.1.3.12.26.2.4 src/auth_modules.sh:1.1->1.1.2.1 src/authenticate.c:1.1.1.3.12.17.2.5->1.1.1.3.12.17.2.6 src/protos.h:1.1.1.3.12.17.2.3->1.1.1.3.12.17.2.4 src/structs.h:1.1.1.3.4.1.2.26.2.4->1.1.1.3.4.1.2.26.2.5 src/typedefs.h:1.1.1.3.12.13.2.4->1.1.1.3.12.13.2.5 src/auth/basic/auth_basic.c:1.1.2.3->1.1.2.4 src/auth/ntlm/auth_ntlm.c:1.1.2.3->1.1.2.4 Index: squid/src/acl.c =================================================================== RCS file: /cvsroot/squid-sf//squid/src/acl.c,v retrieving revision 1.1.1.3.12.26.2.3 retrieving revision 1.1.1.3.12.26.2.4 diff -u -r1.1.1.3.12.26.2.3 -r1.1.1.3.12.26.2.4 --- squid/src/acl.c 20 Nov 2000 06:55:36 -0000 1.1.1.3.12.26.2.3 +++ squid/src/acl.c 21 Nov 2000 11:30:01 -0000 1.1.1.3.12.26.2.4 @@ -1,6 +1,6 @@ /* - * $Id: acl.c,v 1.1.1.3.12.26.2.3 2000/11/20 06:55:36 rbcollins Exp $ + * $Id: acl.c,v 1.1.1.3.12.26.2.4 2000/11/21 11:30:01 rbcollins Exp $ * * DEBUG: section 28 Access Control * AUTHOR: Duane Wessels @@ -791,8 +791,15 @@ aclParseMethodList(&A->data); break; case ACL_PROXY_AUTH: + if ((Config.Program.authenticate==NULL) && (Config.Program.ntlmauthenticate==NULL)){ +#if 0 + if (authenticateSchemeCount()==0) { + debug(28,0) ("aclParseAclLine: IGNORING: Proxy Auth ACL '%s' \ +because no authentication schemes were compiled.\n",A->cfgline); + } else if (authenticateActiveSchemeCount()==0) { +#endif debug(28,0) ("aclParseAclLine: IGNORING: Proxy Auth ACL '%s' \ because no authentication helper(s) are defined.\n",A->cfgline); } else { @@ -801,10 +808,12 @@ #else aclParseWordList(&A->data); #endif +#if 0 /* this should probably be if(!authenticateUserCacheInited()) * authenticateInitUserCache() */ if (!proxy_auth_username_cache) authenticateInitUserCache(); +#endif } break; case ACL_PROXY_AUTH_REGEX: @@ -2407,15 +2416,17 @@ fatal("AclLookupProxyAuthDone: Old code floating around somewhere.\nMake clean and if that doesn't work, report a bug\n"); /* state info check */ assert(checklist->conn != NULL); +#if 0 assert ((checklist->auth_user->auth_type == AUTH_NTLM) || (checklist->auth_user->auth_type == AUTH_BASIC)); if (checklist->auth_user->auth_type == AUTH_NTLM) assert (checklist->conn->auth_user == checklist->auth_user); +#endif auth_user = checklist->auth_user; - if (auth_user->flags.credentials_ok == 3) { - /* credentials could not be checked either way*/ - /* TODO: retry the process - the data may be good */ - /* restart the whole process */ + if ((auth_user->auth_module==0) || (auth_user->flags.credentials_ok == 3)) { + /* we have lost the plot (auth_module==0) or + * credentials could not be checked either way + * restart the whole process */ checklist->conn->auth_user = NULL; checklist->conn->auth_type = AUTH_BROKEN; checklist->auth_user = NULL; @@ -2430,10 +2441,14 @@ * But if it was a connection oriented auth request we know the attempted auth type so keep that. This can save dropping the connection for request based authentication.*/ +#if 0 checklist->conn->auth_user = NULL; checklist->auth_user = NULL; + authenticateAuthUserUnlock(auth_user); + authenticateFreeProxyAuthUser(auth_user); +#endif aclCheck(checklist); return; } --- /dev/null Wed Feb 14 00:45:56 2007 +++ squid/src/auth_modules.sh Wed Feb 14 00:47:00 2007 @@ -0,0 +1,15 @@ +#!/bin/sh +echo "/* automatically generated by $0 $*" +echo " * do not edit" +echo " */" +echo "#include \"squid.h\"" +echo "" +for module in "$@"; do + echo "extern AUTHSSETUP authSchemeSetup_${module};" +done +echo "void authSchemeSetup(void)" +echo "{" +for module in "$@"; do + echo " authSchemeAdd(\"$module\", authSchemeSetup_${module});" +done +echo "}" Index: squid/src/authenticate.c =================================================================== RCS file: /cvsroot/squid-sf//squid/src/authenticate.c,v retrieving revision 1.1.1.3.12.17.2.5 retrieving revision 1.1.1.3.12.17.2.6 diff -u -r1.1.1.3.12.17.2.5 -r1.1.1.3.12.17.2.6 --- squid/src/authenticate.c 21 Nov 2000 00:11:16 -0000 1.1.1.3.12.17.2.5 +++ squid/src/authenticate.c 21 Nov 2000 11:30:01 -0000 1.1.1.3.12.17.2.6 @@ -1,6 +1,6 @@ /* - * $Id: authenticate.c,v 1.1.1.3.12.17.2.5 2000/11/21 00:11:16 rbcollins Exp $ + * $Id: authenticate.c,v 1.1.1.3.12.17.2.6 2000/11/21 11:30:01 rbcollins Exp $ * * DEBUG: section 29 Authenticator * AUTHOR: Duane Wessels @@ -40,49 +40,9 @@ #include "squid.h" -#if 0 -typedef struct { - void *data; - acl_proxy_auth_user *auth_user; -// SRH *handler; - RH *handler; -} authenticateStatefulStateData; -#endif -#if 0 -static void authenticateStatefulStateFree(authenticateStatefulStateData * r); -#endif - -/* Generic */ -typedef struct { - void *data; - acl_proxy_auth_user *auth_user; - RH *handler; -} authenticateStateData; -#if 0 -static void authenticateStateFree(authenticateStateData * r); -#endif static void authenticateDecodeAuth(const char *proxy_auth, acl_proxy_auth_user * auth_user); -/* Basic Scheme */ -#if 0 -static void authenticateBasicStart(acl_proxy_auth_user *, RH *, void *); -static HLPCB authenticateBasicHandleReply; -static void -authenticateDecodeBasicAuth(acl_proxy_auth_user *auth_user, const char * proxy_auth); - -static helper *basicauthenticators = NULL; - -/* NTLM Scheme */ - -static void authenticateNTLMStart(acl_proxy_auth_user *, RH * handler, void *); -static HLPSCB authenticateNTLMHandleReply; -static void -authenticateDecodeNTLMAuth(acl_proxy_auth_user *auth_user, const char * proxy_auth); - -static statefulhelper *ntlmauthenticators = NULL; -#endif - /* * * Private Functions @@ -103,7 +63,7 @@ assert(auth_user != NULL); /* we need this created for us. */ debug(29, 6) ("authenticateDecodeAuth: header = '%s'\n", proxy_auth); for (i = 0; authscheme_list && authscheme_list[i].typestr; i++) { - if (strncasecmp(proxy_auth, authscheme_list[i].typestr, strlen(authscheme_list[i].typestr)) == 0) { + if ((authscheme_list[i].Active()) &&(strncasecmp(proxy_auth, authscheme_list[i].typestr, strlen(authscheme_list[i].typestr)) == 0)) { auth_user->auth_module = i+1; authscheme_list[i].decodeauth(auth_user, proxy_auth); return; @@ -115,13 +75,6 @@ proxy_auth); return; } -#if 0 -static void -authenticateStateFree(authenticateStateData * r) -{ - cbdataFree(r); -} -#endif /* clear any connection related authentication details */ void @@ -168,6 +121,7 @@ } /* any other sanity checks that we need in the future */ + /* Thus should a module call to something like authValidate */ /* finally return ok */ debug(29,6) ("authenticateValidateUser: Validated Auth_user '%d'.\n",auth_user); @@ -255,10 +209,27 @@ return -2; } +int authenticateActiveSchemeCount() { + int i =0,rv =0; + for (i = 0; authscheme_list && authscheme_list[i].typestr; i++) + if (authscheme_list[i].Active()) rv++; + debug(29,3)("authenticateActiveSchemeCount: %d active.\n",rv); + return rv; +} + +int authenticateSchemeCount() { + int i =0,rv =0; + for (i = 0; authscheme_list && authscheme_list[i].typestr; i++) rv++; + debug(29,3)("authenticateSchemeCount: %d active.\n",rv); + return rv; +} + void authenticateInit(void) { authSchemeSetup(); + if (!proxy_auth_username_cache) + authenticateInitUserCache(); } void @@ -304,11 +275,11 @@ int i; /* call each currently known authscheme */ for (i = 0; authscheme_list && authscheme_list[i].typestr; i++) { - authscheme_list[i].authFixErrorHeader(auth_user,rep, type, err->request); + if (authscheme_list[i].Active()) authscheme_list[i].authFixErrorHeader(auth_user,rep, type, err->request); } } -#if OBSOLETE +#if 0 switch (auth_type){ case AUTH_UNKNOWN: #if 0 @@ -413,7 +384,8 @@ debug(29,6) ("authenticateFreeProxyAuthUser: removing usernamehash entry '%d'\n",u->usernamehash); hash_remove_link(proxy_auth_username_cache, (hash_link *) u->usernamehash); - /* don't free the key as we use the same user string as the auth_user structure */ + /* don't free the key as we use the same user string as the auth_user + * structure */ memFree(u->usernamehash, MEM_ACL_PROXY_AUTH_HASH); } /* were they linked in by one or more proxy-authenticate headers */ @@ -431,6 +403,9 @@ } /* free cached acl results */ aclCacheMatchFlush(&u->proxy_match_cache); + if (u->auth_module>0) + authscheme_list[u->auth_module-1].FreeUser(u); +#if 0 switch (u->auth_type) { case AUTH_BASIC: debug(29,6) ("authenticateFreeProxyAuthUser: Clearing Basic scheme data\n"); @@ -448,8 +423,6 @@ case AUTH_BROKEN: case AUTH_UNKNOWN: } -#if 0 - if (u->proxy_auth) xfree(u->proxy_auth); #endif memFree(u, MEM_ACL_PROXY_AUTH_USER); } @@ -485,6 +458,11 @@ hash_first(proxy_auth_username_cache); while ((usernamehash=((acl_proxy_auth_hash_pointer *)hash_next(proxy_auth_username_cache)))) { auth_user=usernamehash->auth_user; + username=authenticateUserUsername(auth_user); + + /* if we need to have inpedendent expiry clauses, insert a module call + * here */ +#if 0 switch(auth_user->auth_type) { case AUTH_UNKNOWN: case AUTH_BROKEN: @@ -497,6 +475,7 @@ username=auth_user->auth_data.basic_auth.username; break; } +#endif debug(29,6) ("authenticateProxyUserCacheCleanup: Cache entry:\n\tType: %d\n\tUsername: %s\n\texpires: %d\n\treferences: %d\n", auth_user->auth_type, username, auth_user->expiretime+ Config.authenticateTTL,auth_user->references); if (auth_user->expiretime + Config.authenticateTTL <= current_time.tv_sec) { debug(29,3)("authenticateProxyUserCacheCleanup: Removing user %s from cache due to timeout.\n",username); @@ -524,6 +503,8 @@ hash_first(proxy_auth_username_cache); while ((usernamehash=((acl_proxy_auth_hash_pointer *)hash_next(proxy_auth_username_cache)))) { auth_user=usernamehash->auth_user; + username=authenticateUserUsername(auth_user); +#if 0 switch(auth_user->auth_type) { case AUTH_UNKNOWN: case AUTH_BROKEN: @@ -536,6 +517,7 @@ username=auth_user->auth_data.basic_auth.username; break; } +#endif debug(29,3) ("authenticateUserCacheRestat: Clearing cache ACL results for user: %s\n", username); aclCacheMatchFlush(&auth_user->proxy_match_cache); } @@ -602,18 +584,13 @@ char *username=NULL; if (request_src_addr.s_addr == auth_user->ipaddr.s_addr || auth_user->ip_expiretime+ Config.authenticateIpTTL <= squid_curtime) { /* user has not moved ip or had the ip timeout expire */ - switch (auth_user->auth_type) { - case AUTH_UNKNOWN: - case AUTH_BROKEN: + if ((auth_user->auth_type==AUTH_UNKNOWN) || + (auth_user->auth_type==AUTH_BROKEN)) { debug(29, 1) - ("authenticateCheckProxyAuthIP: cant handle this auth type %d.\n", auth_user->auth_type); + ("authenticateCheckProxyAuthIP: broken or unknown auth type %d.\n", auth_user->auth_type); return 0; - case AUTH_BASIC: - username = auth_user->auth_data.basic_auth.username; - break; - case AUTH_NTLM: - username = auth_user->auth_data.ntlm_auth.username; } + username=authenticateUserUsername(auth_user); /* Update IP ttl */ auth_user->ip_expiretime = squid_curtime; auth_user->ipaddr = request_src_addr; Index: squid/src/protos.h =================================================================== RCS file: /cvsroot/squid-sf//squid/src/protos.h,v retrieving revision 1.1.1.3.12.17.2.3 retrieving revision 1.1.1.3.12.17.2.4 diff -u -r1.1.1.3.12.17.2.3 -r1.1.1.3.12.17.2.4 --- squid/src/protos.h 20 Nov 2000 13:18:04 -0000 1.1.1.3.12.17.2.3 +++ squid/src/protos.h 21 Nov 2000 11:30:01 -0000 1.1.1.3.12.17.2.4 @@ -1,6 +1,6 @@ /* - * $Id: protos.h,v 1.1.1.3.12.17.2.3 2000/11/20 13:18:04 rbcollins Exp $ + * $Id: protos.h,v 1.1.1.3.12.17.2.4 2000/11/21 11:30:01 rbcollins Exp $ * * * SQUID Internet Object Cache http://squid.nlanr.net/Squid/ @@ -725,6 +725,8 @@ extern void authenticateProxyUserCacheCleanup(void *); extern void authenticateInitUserCache(); extern void authenticateProxyAuthCacheAddLink(const char *key, acl_proxy_auth_user* auth_user); +extern int authenticateActiveSchemeCount(); +extern int authenticateSchemeCount(); extern void authenticateUserNameCacheAdd(acl_proxy_auth_user *auth_user); extern int authenticateCheckAuthUserIP(struct in_addr request_src_addr, acl_proxy_auth_user * auth_user); extern int authenticateUserAuthenticated(acl_proxy_auth_user *auth_user); Index: squid/src/structs.h =================================================================== RCS file: /cvsroot/squid-sf//squid/src/structs.h,v retrieving revision 1.1.1.3.4.1.2.26.2.4 retrieving revision 1.1.1.3.4.1.2.26.2.5 diff -u -r1.1.1.3.4.1.2.26.2.4 -r1.1.1.3.4.1.2.26.2.5 --- squid/src/structs.h 21 Nov 2000 00:11:16 -0000 1.1.1.3.4.1.2.26.2.4 +++ squid/src/structs.h 21 Nov 2000 11:30:01 -0000 1.1.1.3.4.1.2.26.2.5 @@ -1,6 +1,6 @@ /* - * $Id: structs.h,v 1.1.1.3.4.1.2.26.2.4 2000/11/21 00:11:16 rbcollins Exp $ + * $Id: structs.h,v 1.1.1.3.4.1.2.26.2.5 2000/11/21 11:30:01 rbcollins Exp $ * * * SQUID Internet Object Cache http://squid.nlanr.net/Squid/ @@ -134,10 +134,12 @@ char *typestr; // STFSPARSE *parsefunc; // STFSRECONFIGURE *reconfigurefunc; + AUTHSACTIVE *Active; AUTHSAUTHUSER *authAuthenticate; AUTHSFIXERR *authFixErrorHeader; + AUTHSFREE *FreeUser; AUTHSUSERNAME *authUserUsername; - AUTHSONCLOSEC *oncloseconnection; + AUTHSONCLOSEC *oncloseconnection; /*optional*/ AUTHSDECODE *decodeauth; AUTHSDIRECTION *getdirection; AUTHSSHUTDOWN *donefunc; Index: squid/src/typedefs.h =================================================================== RCS file: /cvsroot/squid-sf//squid/src/typedefs.h,v retrieving revision 1.1.1.3.12.13.2.4 retrieving revision 1.1.1.3.12.13.2.5 diff -u -r1.1.1.3.12.13.2.4 -r1.1.1.3.12.13.2.5 --- squid/src/typedefs.h 21 Nov 2000 00:11:16 -0000 1.1.1.3.12.13.2.4 +++ squid/src/typedefs.h 21 Nov 2000 11:30:01 -0000 1.1.1.3.12.13.2.5 @@ -1,6 +1,6 @@ /* - * $Id: typedefs.h,v 1.1.1.3.12.13.2.4 2000/11/21 00:11:16 rbcollins Exp $ + * $Id: typedefs.h,v 1.1.1.3.12.13.2.5 2000/11/21 11:30:01 rbcollins Exp $ * * * SQUID Internet Object Cache http://squid.nlanr.net/Squid/ @@ -290,10 +290,12 @@ typedef void StatHistBinDumper(StoreEntry *, int idx, double val, double size, int count); /* authenticate.c authenticate scheme routines typedefs */ +typedef int AUTHSACTIVE(); typedef acl_proxy_auth_user * AUTHSAUTHUSER(acl_proxy_auth_user *, request_t *, ConnStateData *, http_hdr_type); typedef void AUTHSDECODE(acl_proxy_auth_user *, const char *); typedef int AUTHSDIRECTION(acl_proxy_auth_user *); typedef void AUTHSFIXERR(acl_proxy_auth_user *, HttpReply *, http_hdr_type, request_t *); +typedef void AUTHSFREE(acl_proxy_auth_user *); typedef char *AUTHSUSERNAME(acl_proxy_auth_user *); typedef void AUTHSONCLOSEC(acl_proxy_auth_user *); typedef void AUTHSSETUP(authscheme_entry_t *); Index: squid/src/auth/basic/auth_basic.c =================================================================== RCS file: /cvsroot/squid-sf//squid/src/auth/basic/auth_basic.c,v retrieving revision 1.1.2.3 retrieving revision 1.1.2.4 diff -u -r1.1.2.3 -r1.1.2.4 --- squid/src/auth/basic/auth_basic.c 21 Nov 2000 00:11:16 -0000 1.1.2.3 +++ squid/src/auth/basic/auth_basic.c 21 Nov 2000 11:30:02 -0000 1.1.2.4 @@ -69,10 +69,12 @@ static void authenticateBasicStart(acl_proxy_auth_user *, RH *, void *); static HLPCB authenticateBasicHandleReply; +static AUTHSACTIVE authenticateBasicActive; static AUTHSAUTHUSER authenticateBasicAuthenticateUser; static AUTHSDIRECTION authenticateBasicDirection; static AUTHSDECODE authenticateBasicDecodeAuth; static AUTHSFIXERR authenticateBasicFixErrorHeader; +static AUTHSFREE authenticateBasicFreeUser; static AUTHSSTART authenticateBasicStart; static AUTHSSTATS authenticateBasicStats; static AUTHSUSERNAME authenticateBasicUsername; @@ -104,8 +106,11 @@ assert(!authbasic_initialised); // authscheme->parsefunc = storeUfsDirParse; // authscheme->reconfigurefunc = storeUfsDirReconfigure; + authscheme->Active =authenticateBasicActive; + if (Config.Program.authenticate){ authscheme->authAuthenticate = authenticateBasicAuthenticateUser; authscheme->authFixErrorHeader=authenticateBasicFixErrorHeader; + authscheme->FreeUser =authenticateBasicFreeUser; authscheme->authStart =authenticateBasicStart; authscheme->authStats =authenticateBasicStats; authscheme->authUserUsername = authenticateBasicUsername; @@ -114,7 +119,7 @@ authscheme->decodeauth =authenticateBasicDecodeAuth; authscheme->donefunc = authBasicDone; // ufs_state_pool = memPoolCreate("UFS IO State data", sizeof(ufsstate_t)); - if (Config.Program.authenticate){ + authbasic_initialised = 1; if (basicauthenticators == NULL) basicauthenticators = helperCreate("basicauthenticator"); basicauthenticators->cmdline = Config.Program.authenticate; @@ -128,7 +133,14 @@ init++; } } - authbasic_initialised = 1; +} + +int +authenticateBasicActive(){ + if (authbasic_initialised) + return 1; + else + return 0; } /* log a basic user in @@ -211,6 +223,15 @@ } } +void +authenticateBasicFreeUser(acl_proxy_auth_user *auth_user) { + debug(29,6) ("authenticateBasicFreeUser: Clearing Basic scheme data\n"); + if (auth_user->auth_data.basic_auth.username) + xfree(auth_user->auth_data.basic_auth.username); + if (auth_user->auth_data.basic_auth.passwd) + xfree(auth_user->auth_data.basic_auth.passwd); +} + static void authenticateBasicHandleReply(void *data, char *reply) { @@ -269,6 +290,8 @@ char *sent_auth; char *cleartext; assert(auth_user->auth_type == AUTH_UNKNOWN); + /* basic until proved otherwise */ + auth_user->auth_type = AUTH_BASIC; /* trim BASIC from string */ while (!xisspace(*proxy_auth)) Index: squid/src/auth/ntlm/auth_ntlm.c =================================================================== RCS file: /cvsroot/squid-sf//squid/src/auth/ntlm/auth_ntlm.c,v retrieving revision 1.1.2.3 retrieving revision 1.1.2.4 diff -u -r1.1.2.3 -r1.1.2.4 --- squid/src/auth/ntlm/auth_ntlm.c 21 Nov 2000 00:11:16 -0000 1.1.2.3 +++ squid/src/auth/ntlm/auth_ntlm.c 21 Nov 2000 11:30:02 -0000 1.1.2.4 @@ -68,8 +68,10 @@ /* NTLM Scheme */ static void authenticateNTLMStart(acl_proxy_auth_user *, RH * handler, void *); static HLPSCB authenticateNTLMHandleReply; +static AUTHSACTIVE authenticateNTLMActive; static AUTHSAUTHUSER authenticateNTLMAuthenticateUser; static AUTHSFIXERR authenticateNTLMFixErrorHeader; +static AUTHSFREE authenticateNTLMFreeUser; static AUTHSDIRECTION authenticateNTLMDirection; static AUTHSDECODE authenticateDecodeNTLMAuth; static AUTHSONCLOSEC authenticateNTLMOnCloseConnection; @@ -107,8 +109,11 @@ assert(!authntlm_initialised); // authscheme->parsefunc = storeUfsDirParse; // authscheme->reconfigurefunc = storeUfsDirReconfigure; + authscheme->Active =authenticateNTLMActive; + if (Config.Program.ntlmauthenticate){ authscheme->authAuthenticate = authenticateNTLMAuthenticateUser; authscheme->authFixErrorHeader=authenticateNTLMFixErrorHeader; + authscheme->FreeUser =authenticateNTLMFreeUser; authscheme->authStart =authenticateNTLMStart; authscheme->authStats =authenticateNTLMStats; authscheme->authUserUsername = authenticateNTLMUsername; @@ -118,7 +123,6 @@ authscheme->oncloseconnection = authenticateNTLMOnCloseConnection; // ufs_state_pool = memPoolCreate("UFS IO State data", sizeof(ufsstate_t)); authntlm_initialised = 1; - if (Config.Program.ntlmauthenticate){ if (ntlmauthenticators == NULL) ntlmauthenticators = helperStatefulCreate("ntlmauthenticator"); ntlmauthenticators->cmdline = Config.Program.ntlmauthenticate; @@ -134,6 +138,14 @@ } } +int +authenticateNTLMActive(){ + if (authntlm_initialised) + return 1; + else + return 0; +} + /* NTLM Scheme */ int authenticateNTLMDirection(acl_proxy_auth_user *auth_user) { @@ -195,6 +207,19 @@ } } +void +authenticateNTLMFreeUser(acl_proxy_auth_user *auth_user) { + debug(29,6) ("authenticateNTLMFreeUser: Clearing NTLM scheme data\n"); + if (auth_user->auth_data.ntlm_auth.username) + xfree(auth_user->auth_data.ntlm_auth.username); + if (auth_user->auth_data.ntlm_auth.ntlmnegotiate) + xfree(auth_user->auth_data.ntlm_auth.ntlmnegotiate); + if (auth_user->auth_data.ntlm_auth.authchallenge) + xfree(auth_user->auth_data.ntlm_auth.authchallenge); + if (auth_user->auth_data.ntlm_auth.ntlmauthenticate) + xfree(auth_user->auth_data.ntlm_auth.ntlmauthenticate); +} + static stateful_helper_callback_t authenticateNTLMHandleReply(void *data, void * lastserver, char *reply) {