---------------------
PatchSet 865 
Date: 2000/11/24 00:01:02
Author: rbcollins
Branch: auth_rewrite
Tag: (none) 
Log:
Last bug! All working...

Members: 
	src/acl.c:1.1.1.3.12.26.2.5->1.1.1.3.12.26.2.6 
	src/authenticate.c:1.1.1.3.12.17.2.7->1.1.1.3.12.17.2.8 
	src/client_side.c:1.1.1.3.4.1.2.30.2.4->1.1.1.3.4.1.2.30.2.5 
	src/protos.h:1.1.1.3.12.17.2.5->1.1.1.3.12.17.2.6 
	src/auth/ntlm/auth_ntlm.c:1.1.2.5->1.1.2.6 

Index: squid/src/acl.c
===================================================================
RCS file: /cvsroot/squid-sf//squid/src/acl.c,v
retrieving revision 1.1.1.3.12.26.2.5
retrieving revision 1.1.1.3.12.26.2.6
diff -u -r1.1.1.3.12.26.2.5 -r1.1.1.3.12.26.2.6
--- squid/src/acl.c	23 Nov 2000 10:37:26 -0000	1.1.1.3.12.26.2.5
+++ squid/src/acl.c	24 Nov 2000 00:01:02 -0000	1.1.1.3.12.26.2.6
@@ -1,6 +1,6 @@
 
 /*
- * $Id: acl.c,v 1.1.1.3.12.26.2.5 2000/11/23 10:37:26 rbcollins Exp $
+ * $Id: acl.c,v 1.1.1.3.12.26.2.6 2000/11/24 00:01:02 rbcollins Exp $
  *
  * DEBUG: section 28    Access Control
  * AUTHOR: Duane Wessels
@@ -1296,7 +1296,8 @@
     } 
     /* User authenticated ok */
     assert(auth_user->flags.credentials_ok==1);
-    if (auth_user->expiretime + Config.authenticateTTL > current_time.tv_sec) 
+    /* conn based auth can't time out during a connection */
+    if ((checklist->conn->auth_user) || (auth_user->expiretime + Config.authenticateTTL > current_time.tv_sec)) 
     {
         auth_user->expiretime = current_time.tv_sec;
         /* copy username to request for logging on client-side */
Index: squid/src/authenticate.c
===================================================================
RCS file: /cvsroot/squid-sf//squid/src/authenticate.c,v
retrieving revision 1.1.1.3.12.17.2.7
retrieving revision 1.1.1.3.12.17.2.8
diff -u -r1.1.1.3.12.17.2.7 -r1.1.1.3.12.17.2.8
--- squid/src/authenticate.c	23 Nov 2000 10:37:27 -0000	1.1.1.3.12.17.2.7
+++ squid/src/authenticate.c	24 Nov 2000 00:01:02 -0000	1.1.1.3.12.17.2.8
@@ -1,6 +1,6 @@
 
 /*
- * $Id: authenticate.c,v 1.1.1.3.12.17.2.7 2000/11/23 10:37:27 rbcollins Exp $
+ * $Id: authenticate.c,v 1.1.1.3.12.17.2.8 2000/11/24 00:01:02 rbcollins Exp $
  *
  * DEBUG: section 29    Authenticator
  * AUTHOR: Duane Wessels
@@ -357,6 +357,7 @@
    debug (29,6) ("authenticateAuthUserLock auth_user '%d'.\n",auth_user);
    assert(auth_user!=NULL);
    auth_user->references++;
+   debug (29,6) ("authenticateAuthUserLock auth_user '%d' now at '%d'.\n",auth_user, auth_user->references);
 }
 void authenticateAuthUserUnlock(acl_proxy_auth_user *auth_user)
 {
@@ -367,6 +368,7 @@
     } else {
         debug(29,1) ("Attempt to lower Auth User %d refcount below 0!\n",auth_user);
     }
+    debug (29,6) ("authenticateAuthUserUnlock auth_user '%d' now at '%d'.\n",auth_user, auth_user->references);
     if (auth_user->references==0) {
         /* not locked anymore */
         if (!auth_user->usernamehash) {
@@ -383,6 +385,16 @@
 }
 
 void
+authenticateAuthUserMerge(acl_proxy_auth_user *from, acl_proxy_auth_user *to) {
+/* combine two authuser structs. Incomplete: it should merge in hash references 
+   too */
+    debug (29,6) ("authenticateAuthUserMerge auth_user '%d' into auth_user '%d'.\n",from,to);
+    to->references+=from->references;
+    from->references=0;
+    authenticateFreeProxyAuthUser(from);
+}
+
+void
 authenticateFreeProxyAuthUser(void *data)
 {
     acl_proxy_auth_user *u = data;
@@ -437,6 +449,8 @@
     case AUTH_UNKNOWN:
     }
 #endif
+    /* prevent accidental reuse */
+    u->auth_type=AUTH_UNKNOWN;
     memFree(u, MEM_ACL_PROXY_AUTH_USER);
 }
 
Index: squid/src/client_side.c
===================================================================
RCS file: /cvsroot/squid-sf//squid/src/client_side.c,v
retrieving revision 1.1.1.3.4.1.2.30.2.4
retrieving revision 1.1.1.3.4.1.2.30.2.5
diff -u -r1.1.1.3.4.1.2.30.2.4 -r1.1.1.3.4.1.2.30.2.5
--- squid/src/client_side.c	23 Nov 2000 11:07:42 -0000	1.1.1.3.4.1.2.30.2.4
+++ squid/src/client_side.c	24 Nov 2000 00:01:03 -0000	1.1.1.3.4.1.2.30.2.5
@@ -1,6 +1,6 @@
 
 /*
- * $Id: client_side.c,v 1.1.1.3.4.1.2.30.2.4 2000/11/23 11:07:42 rbcollins Exp $
+ * $Id: client_side.c,v 1.1.1.3.4.1.2.30.2.5 2000/11/24 00:01:03 rbcollins Exp $
  *
  * DEBUG: section 33    Client-side Routines
  * AUTHOR: Duane Wessels
@@ -822,10 +822,6 @@
     assert(connState != NULL);
     if (connState->auth_user) {
         authenticateOnCloseConnection(connState);
-#if 0
-        authenticateAuthUserUnlock(connState->auth_user);
-        connState->auth_user=NULL; /* for consistency sake */
-#endif
     }
     clientdbEstablished(connState->peer.sin_addr, -1);	/* decrement */
     while ((http = connState->chr) != NULL) {
Index: squid/src/protos.h
===================================================================
RCS file: /cvsroot/squid-sf//squid/src/protos.h,v
retrieving revision 1.1.1.3.12.17.2.5
retrieving revision 1.1.1.3.12.17.2.6
diff -u -r1.1.1.3.12.17.2.5 -r1.1.1.3.12.17.2.6
--- squid/src/protos.h	23 Nov 2000 10:37:27 -0000	1.1.1.3.12.17.2.5
+++ squid/src/protos.h	24 Nov 2000 00:01:03 -0000	1.1.1.3.12.17.2.6
@@ -1,6 +1,6 @@
 
 /*
- * $Id: protos.h,v 1.1.1.3.12.17.2.5 2000/11/23 10:37:27 rbcollins Exp $
+ * $Id: protos.h,v 1.1.1.3.12.17.2.6 2000/11/24 00:01:03 rbcollins Exp $
  *
  *
  * SQUID Internet Object Cache  http://squid.nlanr.net/Squid/
@@ -706,6 +706,7 @@
 extern void authSchemeSetup(void);
 
 /* authenticate.c */
+extern void authenticateAuthUserMerge(acl_proxy_auth_user *, acl_proxy_auth_user *);
 extern void authenticateStart(acl_proxy_auth_user *, RH *, void *);
 #if 0
 extern void authenticateNTLMStart(acl_proxy_auth_user *, SRH * handler, void *);
Index: squid/src/auth/ntlm/auth_ntlm.c
===================================================================
RCS file: /cvsroot/squid-sf//squid/src/auth/ntlm/auth_ntlm.c,v
retrieving revision 1.1.2.5
retrieving revision 1.1.2.6
diff -u -r1.1.2.5 -r1.1.2.6
--- squid/src/auth/ntlm/auth_ntlm.c	23 Nov 2000 10:37:27 -0000	1.1.2.5
+++ squid/src/auth/ntlm/auth_ntlm.c	24 Nov 2000 00:01:03 -0000	1.1.2.6
@@ -363,6 +363,7 @@
     assert(handler);
     assert(data);
     assert(auth_user->auth_type=AUTH_NTLM);
+    debug(29,6)("authenticateNTLMStart: auth state '%d'\n",auth_user->auth_data.ntlm_auth.auth_state);
     switch(auth_user->auth_data.ntlm_auth.auth_state) {
         case AUTHENTICATE_STATE_NEGOTIATE:
             sent_string = xstrdup(auth_user->auth_data.ntlm_auth.ntlmnegotiate);
@@ -370,7 +371,7 @@
         case AUTHENTICATE_STATE_RESPONSE:
             sent_string = xstrdup(auth_user->auth_data.ntlm_auth.ntlmauthenticate);
             assert(auth_user->auth_data.ntlm_auth.authhelper);
-            debug(28, 6) ("authenticateNTLMStart: Asking NTLMauthenticator '%d'.\n", auth_user->auth_data.ntlm_auth.authhelper);
+            debug(29, 6) ("authenticateNTLMStart: Asking NTLMauthenticator '%d'.\n", auth_user->auth_data.ntlm_auth.authhelper);
             break;
         default:
             fatal("Invalid authenticate state for NTLMStart");
@@ -422,6 +423,7 @@
         if (auth_user->auth_data.ntlm_auth.authhelper != NULL)
             authenticateNTLMReleasehelper(auth_user);
         /* unlock the connection based lock */
+        debug (29,6)("authenticateNTLMOnCloseConnection: Unlocking auth_user from the connection.\n");
         authenticateAuthUserUnlock(auth_user);
         conn->auth_user = NULL;
     }
@@ -510,6 +512,7 @@
             conn->auth_type=AUTH_NTLM;
             conn->auth_user=auth_user;   
             /* and lock for the connection duration */
+            debug (29,6)("authenticateNTLMAuthenticateUser: Locking auth_user from the connection.\n");
             authenticateAuthUserLock(auth_user);
             return auth_user;
             break;
@@ -553,14 +556,20 @@
                 debug(29,3)("authenticateNTLMAuthenticateUser: ntlm proxy-auth cache hit\n");
                 /* throw away the temporary entry */
                 authenticateNTLMReleasehelper(auth_user);
+#if 0
+                debug (29,6)("authenticateNTLMAuthenticateUser: Unlocking auth_user from the connection.\n");
                 authenticateAuthUserUnlock(auth_user);
 #if 0
                 authenticateFreeProxyAuthUser(auth_user);
 #endif
-
+#endif 
+                authenticateAuthUserMerge(auth_user,proxy_auth_hash->auth_user);
                 auth_user = proxy_auth_hash->auth_user;
+#if 0
                 /* and lock for the connection duration */
+                debug (29,6)("authenticateNTLMAuthenticateUser: Locking auth_user from the connection.\n");
                 authenticateAuthUserLock(auth_user);
+#endif
                 conn->auth_user=auth_user;
                 /* we found one */
                 debug(29, 3) ("found matching cache entry\n");
@@ -604,13 +613,20 @@
                     /* we can't seamlessly recheck the username due to the 
                      * challenge nature of the protocol. Just free the 
                      * temporary auth_user */
+#if 0
+                    debug (29,6)("authenticateNTLMAuthenticateUser: Unlocking auth_user from the connection.\n");
                     authenticateAuthUserUnlock(auth_user);
 #if 0
                     authenticateFreeProxyAuthUser(auth_user);
 #endif
+#endif
+                    authenticateAuthUserMerge(auth_user,usernamehash->auth_user);
                     auth_user = usernamehash->auth_user;
+#if 0
                     /* and lock for the connection duration */
+                    debug (29,6)("authenticateNTLMAuthenticateUser: Locking auth_user from the connection.\n");
                     authenticateAuthUserLock(auth_user);
+#endif
                     conn->auth_user=auth_user;
                 }
             } else {