--------------------- PatchSet 895 Date: 2000/12/07 04:25:03 Author: rbcollins Branch: auth_rewrite Tag: (none) Log: imnplemented BH verb Members: src/auth/ntlm/auth_ntlm.c:1.1.2.11->1.1.2.12 Index: squid/src/auth/ntlm/auth_ntlm.c =================================================================== RCS file: /cvsroot/squid-sf//squid/src/auth/ntlm/auth_ntlm.c,v retrieving revision 1.1.2.11 retrieving revision 1.1.2.12 diff -u -r1.1.2.11 -r1.1.2.12 --- squid/src/auth/ntlm/auth_ntlm.c 5 Dec 2000 07:33:00 -0000 1.1.2.11 +++ squid/src/auth/ntlm/auth_ntlm.c 7 Dec 2000 04:25:03 -0000 1.1.2.12 @@ -254,18 +254,13 @@ if (valid) { if (reply) { /* seperate out the useful data */ -#ifdef NTLMHELPROTOCOLV2 - if (strncasecmp(reply, "CH ", 3) == 0) { -#else if (strncasecmp(reply, "TT ", 3) == 0) { -#endif reply += 3; /* we have been given a Challenge */ /* we should check we weren't given an empty challenge */ #if 0 result=S_HELPER_RESERVE; #endif -#ifndef NTLMHELPPROTOCOLV2 /* copy the challenge to the state data */ helperstate=helperStatefulServerGetData(lastserver); if (helperstate == NULL) fatal ("lost NTLm helper state! quitting\n"); @@ -273,7 +268,6 @@ helperstate->challengeuses=0; helperstate->renewed=squid_curtime; /* and we satisfy the request that happended on the refresh boundary */ -#endif /* note this code is now in two places FIXME */ assert(r->auth_user != NULL); assert(r->auth_user->auth_type == AUTH_NTLM); @@ -289,11 +283,7 @@ auth_user->auth_data.ntlm_auth.authchallenge = xstrndup(reply, NTLM_CHALLENGE_SZ+5); } -#ifdef NTLMHELPPROTOCOLV2 - else if (strncasecmp(reply, "OK ", 3) == 0) { -#else else if (strncasecmp(reply, "AF ", 3) == 0) { -#endif /* we're finished, release the helper*/ reply+=3; assert(r->auth_user != NULL); @@ -306,20 +296,7 @@ auth_user->auth_data.ntlm_auth.authhelper = NULL; auth_user->flags.credentials_ok = 1; /* login ok */ } -#ifdef NTLMHELPPROTOCOLV2 - else if (strncasecmp(reply, "RESET OK", 8) == 0) { - /* Helper successfully reset */ - /* note a reset request returning here MUST NOT reserve the helper */ - /* also auth_user does not need to be valid on a reset call */ - result=S_HELPER_RELEASE; - if (r->auth_user) r->auth_user->auth_data.ntlm_auth.authhelper=NULL; - } -#endif -#ifdef NTLMHELPPROTOCOLV2 - else if (strncasecmp(reply, "ERR", 3) == 0) { -#else else if (strncasecmp(reply, "NA ", 3) == 0) { -#endif /* TODO: only work with auth_user here if it exists */ assert(r->auth_user != NULL); assert(r->auth_user->auth_type == AUTH_NTLM); @@ -327,25 +304,52 @@ /* todo: action of Negotiate state on error */ result=S_HELPER_RELEASE; /*some error has occured. no more requests */ auth_user->auth_data.ntlm_auth.authhelper = NULL; + auth_user->flags.credentials_ok = 2; /* Login/Usercode failed */ + debug(29, 1) ("authenticateNTLMHandleReply: Error validating user via NTLM.\n"); auth_user->auth_data.ntlm_auth.auth_state = AUTHENTICATE_STATE_NONE; - if (auth_user->auth_data.ntlm_auth.auth_state == AUTHENTICATE_STATE_NEGOTIATE) { - /* The helper rejected the negotiate. It automatically - * resets */ - auth_user->flags.credentials_ok = 3; /* cannot process */ - debug(29, 1) ("authenticateNTLMHandleReply: Error obtaining challenge from helper: %d.\n", lastserver); - } else { - auth_user->flags.credentials_ok = 2; /* Login/Usercode failed */ - debug(29, 1) ("authenticateNTLMHandleReply: Error validating user via NTLM.\n"); - } if ((t = strchr(reply, ' ')))/* strip after a space */ *t = '\0'; } -#ifndef NTLMHELPPROTOCOLV2 else if (strncasecmp(reply, "BH ", 3) == 0) { - /* TODO kick off a refresh process */ - fatal("BH handler code not written yet. BYAHAHAHAHAHHA. Please tell Robert on squid-users.\n"); + /* TODO kick off a refresh process. This can occur after a YR or after + a KK. If after a YR release the helper and resubmit the request via + Authenticate NTLM start. + If after a KK deny the user's request w/ 407 and mark the helper as + Needing YR.*/ + assert(r->auth_user != NULL); + assert(r->auth_user->auth_type == AUTH_NTLM); + auth_user=r->auth_user; + result=S_HELPER_RELEASE; /*some error has occured. no more requests for + this helper */ + helperstate=helperStatefulServerGetData(auth_user->auth_data.ntlm_auth.authhelper); + auth_user->auth_data.ntlm_auth.authhelper = NULL; + if (auth_user->auth_data.ntlm_auth.auth_state == AUTHENTICATE_STATE_NEGOTIATE) + { + /* The helper broke on YR. It automatically + * resets */ + auth_user->flags.credentials_ok = 3; /* cannot process */ + debug(29, 1) ("authenticateNTLMHandleReply: Error obtaining challenge +from helper: %d.\n", lastserver); + /* mark it for starving */ + helperstate->starve=1; + /* resubmit the request. This helper is currently busy, so we will get + * a different one. */ + authenticateNTLMStart(auth_user, r->handler, r->data); + } else + { + /* the helper broke on a KK */ + /* first the standard KK stuff */ + auth_user->flags.credentials_ok = 2; /* Login/Usercode failed */ + debug(29, 1) ("authenticateNTLMHandleReply: Error validating user via NTLM +.\n"); + auth_user->auth_data.ntlm_auth.auth_state = AUTHENTICATE_STATE_NONE; + if ((t = strchr(reply, ' ')))/* strip after a space */ + *t = '\0'; + /* now we mark the helper for resetting. */ + helperstate->starve=1; + } + auth_user->auth_data.ntlm_auth.auth_state = AUTHENTICATE_STATE_NONE; } -#endif else { /* TODO: only work with auth_user here if it exists */ assert(r->auth_user != NULL);