[thirdparty/squid.git] / src / auth / digest / UserRequest.cc

#include "config.h"
#include "auth/digest/auth_digest.h"
#include "auth/digest/User.h"
#include "auth/digest/UserRequest.h"
#include "auth/State.h"
#include "charset.h"
#include "HttpReply.h"
#include "HttpRequest.h"
#include "SquidTime.h"

AuthDigestUserRequest::AuthDigestUserRequest() :
        nonceb64(NULL),
        cnonce(NULL),
        realm(NULL),
        pszPass(NULL),
        algorithm(NULL),
        pszMethod(NULL),
        qop(NULL),
        uri(NULL),
        response(NULL),
        nonce(NULL)
{}

/**
 * Delete the digest request structure.
 * Does NOT delete related AuthUser structures
 */
AuthDigestUserRequest::~AuthDigestUserRequest()
{
    assert(RefCountCount()==0);

    safe_free(nonceb64);
    safe_free(cnonce);
    safe_free(realm);
    safe_free(pszPass);
    safe_free(algorithm);
    safe_free(pszMethod);
    safe_free(qop);
    safe_free(uri);
    safe_free(response);

    if (nonce)
        authDigestNonceUnlink(nonce);
}

int
AuthDigestUserRequest::authenticated() const
{
    if (user() != NULL && user()->credentials() == Auth::Ok)
        return 1;

    return 0;
}

/** log a digest user in
 */
void
AuthDigestUserRequest::authenticate(HttpRequest * request, ConnStateData * conn, http_hdr_type type)
{
    HASHHEX SESSIONKEY;
    HASHHEX HA2 = "";
    HASHHEX Response;

    /* if the check has corrupted the user, just return */
    if (user() == NULL || user()->credentials() == Auth::Failed) {
        return;
    }

    Auth::User::Pointer auth_user = user();

    Auth::Digest::User *digest_user = dynamic_cast<Auth::Digest::User*>(auth_user.getRaw());
    assert(digest_user != NULL);

    AuthDigestUserRequest *digest_request = this;

    /* do we have the HA1 */
    if (!digest_user->HA1created) {
        auth_user->credentials(Auth::Pending);
        return;
    }

    if (digest_request->nonce == NULL) {
        /* this isn't a nonce we issued */
        auth_user->credentials(Auth::Failed);
        return;
    }

    DigestCalcHA1(digest_request->algorithm, NULL, NULL, NULL,
                  authenticateDigestNonceNonceb64(digest_request->nonce),
                  digest_request->cnonce,
                  digest_user->HA1, SESSIONKEY);
    DigestCalcResponse(SESSIONKEY, authenticateDigestNonceNonceb64(digest_request->nonce),
                       digest_request->nc, digest_request->cnonce, digest_request->qop,
                       RequestMethodStr(request->method), digest_request->uri, HA2, Response);

    debugs(29, 9, "\nResponse = '" << digest_request->response << "'\nsquid is = '" << Response << "'");

    if (strcasecmp(digest_request->response, Response) != 0) {
        if (!digest_request->flags.helper_queried) {
            /* Query the helper in case the password has changed */
            digest_request->flags.helper_queried = 1;
            auth_user->credentials(Auth::Pending);
            return;
        }

        if (static_cast<Auth::Digest::Config*>(Auth::Config::Find("digest"))->PostWorkaround && request->method != METHOD_GET) {
            /* Ugly workaround for certain very broken browsers using the
             * wrong method to calculate the request-digest on POST request.
             * This should be deleted once Digest authentication becomes more
             * widespread and such broken browsers no longer are commonly
             * used.
             */
            DigestCalcResponse(SESSIONKEY, authenticateDigestNonceNonceb64(digest_request->nonce),
                               digest_request->nc, digest_request->cnonce, digest_request->qop,
                               RequestMethodStr(METHOD_GET), digest_request->uri, HA2, Response);

            if (strcasecmp(digest_request->response, Response)) {
                auth_user->credentials(Auth::Failed);
                digest_request->flags.invalid_password = 1;
                digest_request->setDenyMessage("Incorrect password");
                return;
            } else {
                const char *useragent = request->header.getStr(HDR_USER_AGENT);

                static Ip::Address last_broken_addr;
                static int seen_broken_client = 0;

                if (!seen_broken_client) {
                    last_broken_addr.SetNoAddr();
                    seen_broken_client = 1;
                }

                if (last_broken_addr != request->client_addr) {
                    debugs(29, 1, "\nDigest POST bug detected from " <<
                           request->client_addr << " using '" <<
                           (useragent ? useragent : "-") <<
                           "'. Please upgrade browser. See Bug #630 for details.");

                    last_broken_addr = request->client_addr;
                }
            }
        } else {
            auth_user->credentials(Auth::Failed);
            digest_request->flags.invalid_password = 1;
            digest_request->setDenyMessage("Incorrect password");
            return;
        }

        /* check for stale nonce */
        if (!authDigestNonceIsValid(digest_request->nonce, digest_request->nc)) {
            debugs(29, 3, "authenticateDigestAuthenticateuser: user '" << auth_user->username() << "' validated OK but nonce stale");
            auth_user->credentials(Auth::Failed);
            digest_request->setDenyMessage("Stale nonce");
            return;
        }
    }

    auth_user->credentials(Auth::Ok);

    /* password was checked and did match */
    debugs(29, 4, "authenticateDigestAuthenticateuser: user '" << auth_user->username() << "' validated OK");

    /* auth_user is now linked, we reset these values
     * after external auth occurs anyway */
    auth_user->expiretime = current_time.tv_sec;
    return;
}

Auth::Direction
AuthDigestUserRequest::module_direction()
{
    if (user()->auth_type != Auth::AUTH_DIGEST)
        return Auth::CRED_ERROR;

    switch (user()->credentials()) {

    case Auth::Ok:
        return Auth::CRED_VALID;

    case Auth::Failed:
        /* send new challenge */
        return Auth::CRED_CHALLENGE;

    case Auth::Unchecked:
    case Auth::Pending:
        return Auth::CRED_LOOKUP;

    default:
        return Auth::CRED_ERROR;
    }
}

void
AuthDigestUserRequest::addAuthenticationInfoHeader(HttpReply * rep, int accel)
{
    http_hdr_type type;

    /* don't add to authentication error pages */

    if ((!accel && rep->sline.status == HTTP_PROXY_AUTHENTICATION_REQUIRED)
            || (accel && rep->sline.status == HTTP_UNAUTHORIZED))
        return;

    type = accel ? HDR_AUTHENTICATION_INFO : HDR_PROXY_AUTHENTICATION_INFO;

#if WAITING_FOR_TE
    /* test for http/1.1 transfer chunked encoding */
    if (chunkedtest)
        return;
#endif

    if ((static_cast<Auth::Digest::Config*>(Auth::Config::Find("digest"))->authenticateProgram) && authDigestNonceLastRequest(nonce)) {
        flags.authinfo_sent = 1;
        debugs(29, 9, "authDigestAddHead: Sending type:" << type << " header: 'nextnonce=\"" << authenticateDigestNonceNonceb64(nonce) << "\"");
        httpHeaderPutStrf(&rep->header, type, "nextnonce=\"%s\"", authenticateDigestNonceNonceb64(nonce));
    }
}

#if WAITING_FOR_TE
void
AuthDigestUserRequest::addAuthenticationInfoTrailer(HttpReply * rep, int accel)
{
    int type;

    if (!auth_user_request)
        return;

    /* has the header already been send? */
    if (flags.authinfo_sent)
        return;

    /* don't add to authentication error pages */
    if ((!accel && rep->sline.status == HTTP_PROXY_AUTHENTICATION_REQUIRED)
            || (accel && rep->sline.status == HTTP_UNAUTHORIZED))
        return;

    type = accel ? HDR_AUTHENTICATION_INFO : HDR_PROXY_AUTHENTICATION_INFO;

    if ((static_cast<Auth::Digest::Config*>(digestScheme::GetInstance()->getConfig())->authenticate) && authDigestNonceLastRequest(nonce)) {
        debugs(29, 9, "authDigestAddTrailer: Sending type:" << type << " header: 'nextnonce=\"" << authenticateDigestNonceNonceb64(nonce) << "\"");
        httpTrailerPutStrf(&rep->header, type, "nextnonce=\"%s\"", authenticateDigestNonceNonceb64(nonce));
    }
}
#endif

/* send the initial data to a digest authenticator module */
void
AuthDigestUserRequest::module_start(RH * handler, void *data)
{
    char buf[8192];

    assert(user() != NULL && user()->auth_type == Auth::AUTH_DIGEST);
    debugs(29, 9, "authenticateStart: '\"" << user()->username() << "\":\"" << realm << "\"'");

    if (static_cast<Auth::Digest::Config*>(Auth::Config::Find("digest"))->authenticateProgram == NULL) {
        debugs(29, DBG_CRITICAL, "ERROR: No Digest authentication program configured.");
        handler(data, NULL);
        return;
    }

    if (static_cast<Auth::Digest::Config*>(Auth::Config::Find("digest"))->utf8) {
        char userstr[1024];
        latin1_to_utf8(userstr, sizeof(userstr), user()->username());
        snprintf(buf, 8192, "\"%s\":\"%s\"\n", userstr, realm);
    } else {
        snprintf(buf, 8192, "\"%s\":\"%s\"\n", user()->username(), realm);
    }

    helperSubmit(digestauthenticators, buf, AuthDigestUserRequest::HandleReply,
                 new Auth::StateData(this, handler, data));
}

void
AuthDigestUserRequest::HandleReply(void *data, char *reply)
{
    Auth::StateData *replyData = static_cast<Auth::StateData *>(data);
    char *t = NULL;
    void *cbdata;
    debugs(29, 9, HERE << "{" << (reply ? reply : "<NULL>") << "}");

    if (reply) {
        if ((t = strchr(reply, ' ')))
            *t++ = '\0';

        if (*reply == '\0' || *reply == '\n')
            reply = NULL;
    }

    assert(replyData->auth_user_request != NULL);
    AuthUserRequest::Pointer auth_user_request = replyData->auth_user_request;

    if (reply && (strncasecmp(reply, "ERR", 3) == 0)) {
        /* allow this because the digest_request pointer is purely local */
        AuthDigestUserRequest *digest_request = dynamic_cast<AuthDigestUserRequest *>(auth_user_request.getRaw());
        assert(digest_request);

        digest_request->user()->credentials(Auth::Failed);
        digest_request->flags.invalid_password = 1;

        if (t && *t)
            digest_request->setDenyMessage(t);
    } else if (reply) {
        /* allow this because the digest_request pointer is purely local */
        Auth::Digest::User *digest_user = dynamic_cast<Auth::Digest::User *>(auth_user_request->user().getRaw());
        assert(digest_user != NULL);

        CvtBin(reply, digest_user->HA1);
        digest_user->HA1created = 1;
    }

    if (cbdataReferenceValidDone(replyData->data, &cbdata))
        replyData->handler(cbdata, NULL);

    delete replyData;
}
Commit	Line	Data
928f3421 AJ	1	#include "config.h"
928f3421 AJ	2	#include "auth/digest/auth_digest.h"
aa110616	3	#include "auth/digest/User.h"
616cfc4c	4	#include "auth/digest/UserRequest.h"
928f3421	5	#include "auth/State.h"
25f98340	6	#include "charset.h"
928f3421 AJ	7	#include "HttpReply.h"
	8	#include "HttpRequest.h"
	9	#include "SquidTime.h"
	10
	11	AuthDigestUserRequest::AuthDigestUserRequest() :
	12	nonceb64(NULL),
	13	cnonce(NULL),
	14	realm(NULL),
	15	pszPass(NULL),
	16	algorithm(NULL),
	17	pszMethod(NULL),
	18	qop(NULL),
	19	uri(NULL),
	20	response(NULL),
d232141d	21	nonce(NULL)
928f3421 AJ	22	{}
	23
	24	/**
	25	* Delete the digest request structure.
	26	* Does NOT delete related AuthUser structures
	27	*/
	28	AuthDigestUserRequest::~AuthDigestUserRequest()
	29	{
ea0695f2 AJ	30	assert(RefCountCount()==0);
ea0695f2 AJ	31
928f3421 AJ	32	safe_free(nonceb64);
	33	safe_free(cnonce);
	34	safe_free(realm);
	35	safe_free(pszPass);
	36	safe_free(algorithm);
	37	safe_free(pszMethod);
	38	safe_free(qop);
	39	safe_free(uri);
	40	safe_free(response);
	41
	42	if (nonce)
	43	authDigestNonceUnlink(nonce);
	44	}
	45
928f3421 AJ	46	int
	47	AuthDigestUserRequest::authenticated() const
	48	{
d87154ee	49	if (user() != NULL && user()->credentials() == Auth::Ok)
928f3421 AJ	50	return 1;
	51
	52	return 0;
	53	}
	54
	55	/** log a digest user in
	56	*/
	57	void
	58	AuthDigestUserRequest::authenticate(HttpRequest * request, ConnStateData * conn, http_hdr_type type)
	59	{
928f3421 AJ	60	HASHHEX SESSIONKEY;
	61	HASHHEX HA2 = "";
	62	HASHHEX Response;
	63
928f3421	64	/* if the check has corrupted the user, just return */
d87154ee	65	if (user() == NULL \|\| user()->credentials() == Auth::Failed) {
928f3421 AJ	66	return;
	67	}
	68
d87154ee	69	Auth::User::Pointer auth_user = user();
928f3421	70
aa110616	71	Auth::Digest::User digest_user = dynamic_cast<Auth::Digest::User>(auth_user.getRaw());
56a49fda	72	assert(digest_user != NULL);
928f3421	73
56a49fda AJ	74	AuthDigestUserRequest *digest_request = this;
	75
	76	/* do we have the HA1 */
928f3421	77	if (!digest_user->HA1created) {
d87154ee	78	auth_user->credentials(Auth::Pending);
928f3421 AJ	79	return;
	80	}
	81
	82	if (digest_request->nonce == NULL) {
	83	/* this isn't a nonce we issued */
d87154ee	84	auth_user->credentials(Auth::Failed);
928f3421 AJ	85	return;
	86	}
	87
	88	DigestCalcHA1(digest_request->algorithm, NULL, NULL, NULL,
	89	authenticateDigestNonceNonceb64(digest_request->nonce),
	90	digest_request->cnonce,
	91	digest_user->HA1, SESSIONKEY);
	92	DigestCalcResponse(SESSIONKEY, authenticateDigestNonceNonceb64(digest_request->nonce),
	93	digest_request->nc, digest_request->cnonce, digest_request->qop,
	94	RequestMethodStr(request->method), digest_request->uri, HA2, Response);
	95
	96	debugs(29, 9, "\nResponse = '" << digest_request->response << "'\nsquid is = '" << Response << "'");
	97
	98	if (strcasecmp(digest_request->response, Response) != 0) {
	99	if (!digest_request->flags.helper_queried) {
	100	/* Query the helper in case the password has changed */
	101	digest_request->flags.helper_queried = 1;
d87154ee	102	auth_user->credentials(Auth::Pending);
928f3421 AJ	103	return;
	104	}
	105
372fccd6	106	if (static_cast<Auth::Digest::Config*>(Auth::Config::Find("digest"))->PostWorkaround && request->method != METHOD_GET) {
928f3421 AJ	107	/* Ugly workaround for certain very broken browsers using the
	108	* wrong method to calculate the request-digest on POST request.
	109	* This should be deleted once Digest authentication becomes more
	110	* widespread and such broken browsers no longer are commonly
	111	* used.
	112	*/
	113	DigestCalcResponse(SESSIONKEY, authenticateDigestNonceNonceb64(digest_request->nonce),
	114	digest_request->nc, digest_request->cnonce, digest_request->qop,
	115	RequestMethodStr(METHOD_GET), digest_request->uri, HA2, Response);
	116
	117	if (strcasecmp(digest_request->response, Response)) {
d87154ee	118	auth_user->credentials(Auth::Failed);
35247d59	119	digest_request->flags.invalid_password = 1;
928f3421 AJ	120	digest_request->setDenyMessage("Incorrect password");
	121	return;
	122	} else {
	123	const char *useragent = request->header.getStr(HDR_USER_AGENT);
	124
08acdd08	125	static Ip::Address last_broken_addr;
928f3421 AJ	126	static int seen_broken_client = 0;
	127
	128	if (!seen_broken_client) {
	129	last_broken_addr.SetNoAddr();
	130	seen_broken_client = 1;
	131	}
	132
	133	if (last_broken_addr != request->client_addr) {
	134	debugs(29, 1, "\nDigest POST bug detected from " <<
	135	request->client_addr << " using '" <<
	136	(useragent ? useragent : "-") <<
	137	"'. Please upgrade browser. See Bug #630 for details.");
	138
	139	last_broken_addr = request->client_addr;
	140	}
	141	}
	142	} else {
d87154ee	143	auth_user->credentials(Auth::Failed);
928f3421 AJ	144	digest_request->flags.invalid_password = 1;
	145	digest_request->setDenyMessage("Incorrect password");
	146	return;
	147	}
	148
	149	/* check for stale nonce */
	150	if (!authDigestNonceIsValid(digest_request->nonce, digest_request->nc)) {
56a49fda	151	debugs(29, 3, "authenticateDigestAuthenticateuser: user '" << auth_user->username() << "' validated OK but nonce stale");
d87154ee	152	auth_user->credentials(Auth::Failed);
928f3421 AJ	153	digest_request->setDenyMessage("Stale nonce");
	154	return;
	155	}
	156	}
	157
d87154ee	158	auth_user->credentials(Auth::Ok);
928f3421 AJ	159
928f3421 AJ	160	/* password was checked and did match */
56a49fda	161	debugs(29, 4, "authenticateDigestAuthenticateuser: user '" << auth_user->username() << "' validated OK");
928f3421 AJ	162
	163	/* auth_user is now linked, we reset these values
	164	* after external auth occurs anyway */
	165	auth_user->expiretime = current_time.tv_sec;
	166	return;
	167	}
	168
51a3dd58	169	Auth::Direction
928f3421 AJ	170	AuthDigestUserRequest::module_direction()
928f3421 AJ	171	{
616cfc4c	172	if (user()->auth_type != Auth::AUTH_DIGEST)
51a3dd58	173	return Auth::CRED_ERROR;
928f3421	174
d232141d	175	switch (user()->credentials()) {
928f3421	176
d87154ee	177	case Auth::Ok:
51a3dd58	178	return Auth::CRED_VALID;
928f3421	179
d87154ee	180	case Auth::Failed:
928f3421	181	/* send new challenge */
51a3dd58	182	return Auth::CRED_CHALLENGE;
d232141d	183
d87154ee AJ	184	case Auth::Unchecked:
d87154ee AJ	185	case Auth::Pending:
51a3dd58	186	return Auth::CRED_LOOKUP;
d232141d AJ	187
d232141d AJ	188	default:
51a3dd58	189	return Auth::CRED_ERROR;
928f3421	190	}
928f3421 AJ	191	}
928f3421 AJ	192
928f3421	193	void
7afc3bf2	194	AuthDigestUserRequest::addAuthenticationInfoHeader(HttpReply * rep, int accel)
928f3421 AJ	195	{
	196	http_hdr_type type;
	197
	198	/* don't add to authentication error pages */
	199
	200	if ((!accel && rep->sline.status == HTTP_PROXY_AUTHENTICATION_REQUIRED)
	201	\|\| (accel && rep->sline.status == HTTP_UNAUTHORIZED))
	202	return;
	203
	204	type = accel ? HDR_AUTHENTICATION_INFO : HDR_PROXY_AUTHENTICATION_INFO;
	205
	206	#if WAITING_FOR_TE
	207	/* test for http/1.1 transfer chunked encoding */
	208	if (chunkedtest)
	209	return;
	210	#endif
	211
372fccd6	212	if ((static_cast<Auth::Digest::Config*>(Auth::Config::Find("digest"))->authenticateProgram) && authDigestNonceLastRequest(nonce)) {
928f3421 AJ	213	flags.authinfo_sent = 1;
	214	debugs(29, 9, "authDigestAddHead: Sending type:" << type << " header: 'nextnonce=\"" << authenticateDigestNonceNonceb64(nonce) << "\"");
	215	httpHeaderPutStrf(&rep->header, type, "nextnonce=\"%s\"", authenticateDigestNonceNonceb64(nonce));
	216	}
	217	}
	218
	219	#if WAITING_FOR_TE
928f3421	220	void
7afc3bf2	221	AuthDigestUserRequest::addAuthenticationInfoTrailer(HttpReply * rep, int accel)
928f3421 AJ	222	{
	223	int type;
	224
	225	if (!auth_user_request)
	226	return;
	227
	228	/* has the header already been send? */
	229	if (flags.authinfo_sent)
	230	return;
	231
	232	/* don't add to authentication error pages */
	233	if ((!accel && rep->sline.status == HTTP_PROXY_AUTHENTICATION_REQUIRED)
	234	\|\| (accel && rep->sline.status == HTTP_UNAUTHORIZED))
	235	return;
	236
	237	type = accel ? HDR_AUTHENTICATION_INFO : HDR_PROXY_AUTHENTICATION_INFO;
	238
372fccd6	239	if ((static_cast<Auth::Digest::Config*>(digestScheme::GetInstance()->getConfig())->authenticate) && authDigestNonceLastRequest(nonce)) {
928f3421 AJ	240	debugs(29, 9, "authDigestAddTrailer: Sending type:" << type << " header: 'nextnonce=\"" << authenticateDigestNonceNonceb64(nonce) << "\"");
	241	httpTrailerPutStrf(&rep->header, type, "nextnonce=\"%s\"", authenticateDigestNonceNonceb64(nonce));
	242	}
	243	}
	244	#endif
	245
	246	/* send the initial data to a digest authenticator module */
	247	void
	248	AuthDigestUserRequest::module_start(RH * handler, void *data)
	249	{
928f3421	250	char buf[8192];
56a49fda	251
616cfc4c	252	assert(user() != NULL && user()->auth_type == Auth::AUTH_DIGEST);
56a49fda	253	debugs(29, 9, "authenticateStart: '\"" << user()->username() << "\":\"" << realm << "\"'");
928f3421	254
372fccd6	255	if (static_cast<Auth::Digest::Config*>(Auth::Config::Find("digest"))->authenticateProgram == NULL) {
d232141d	256	debugs(29, DBG_CRITICAL, "ERROR: No Digest authentication program configured.");
928f3421 AJ	257	handler(data, NULL);
	258	return;
	259	}
	260
372fccd6	261	if (static_cast<Auth::Digest::Config*>(Auth::Config::Find("digest"))->utf8) {
928f3421	262	char userstr[1024];
56a49fda	263	latin1_to_utf8(userstr, sizeof(userstr), user()->username());
928f3421 AJ	264	snprintf(buf, 8192, "\"%s\":\"%s\"\n", userstr, realm);
928f3421 AJ	265	} else {
56a49fda	266	snprintf(buf, 8192, "\"%s\":\"%s\"\n", user()->username(), realm);
928f3421 AJ	267	}
928f3421 AJ	268
1c756645 AJ	269	helperSubmit(digestauthenticators, buf, AuthDigestUserRequest::HandleReply,
1c756645 AJ	270	new Auth::StateData(this, handler, data));
928f3421 AJ	271	}
	272
	273	void
	274	AuthDigestUserRequest::HandleReply(void data, char reply)
	275	{
1c756645	276	Auth::StateData replyData = static_cast<Auth::StateData >(data);
928f3421 AJ	277	char *t = NULL;
	278	void *cbdata;
	279	debugs(29, 9, HERE << "{" << (reply ? reply : "<NULL>") << "}");
	280
	281	if (reply) {
	282	if ((t = strchr(reply, ' ')))
	283	*t++ = '\0';
	284
	285	if (reply == '\0' \|\| reply == '\n')
	286	reply = NULL;
	287	}
	288
	289	assert(replyData->auth_user_request != NULL);
	290	AuthUserRequest::Pointer auth_user_request = replyData->auth_user_request;
	291
928f3421	292	if (reply && (strncasecmp(reply, "ERR", 3) == 0)) {
56a49fda AJ	293	/* allow this because the digest_request pointer is purely local */
	294	AuthDigestUserRequest digest_request = dynamic_cast<AuthDigestUserRequest >(auth_user_request.getRaw());
	295	assert(digest_request);
	296
d87154ee	297	digest_request->user()->credentials(Auth::Failed);
928f3421 AJ	298	digest_request->flags.invalid_password = 1;
	299
	300	if (t && *t)
	301	digest_request->setDenyMessage(t);
	302	} else if (reply) {
56a49fda	303	/* allow this because the digest_request pointer is purely local */
aa110616	304	Auth::Digest::User digest_user = dynamic_cast<Auth::Digest::User >(auth_user_request->user().getRaw());
56a49fda AJ	305	assert(digest_user != NULL);
56a49fda AJ	306
928f3421 AJ	307	CvtBin(reply, digest_user->HA1);
	308	digest_user->HA1created = 1;
	309	}
	310
	311	if (cbdataReferenceValidDone(replyData->data, &cbdata))
	312	replyData->handler(cbdata, NULL);
	313
1c756645	314	delete replyData;
928f3421	315	}