/*
- * Copyright (C) 1996-2015 The Squid Software Foundation and contributors
+ * Copyright (C) 1996-2023 The Squid Software Foundation and contributors
*
* Squid software is distributed under GPLv2+ license and includes
* contributions from numerous individuals and organizations.
#include "cache_cf.h"
#include "client_side.h"
#include "helper.h"
+#include "http/Stream.h"
#include "HttpHeaderTools.h"
#include "HttpReply.h"
#include "HttpRequest.h"
#include "mgr/Registration.h"
-#include "SquidTime.h"
#include "Store.h"
#include "wordlist.h"
/* NTLM Scheme */
static AUTHSSTATS authenticateNTLMStats;
-statefulhelper *ntlmauthenticators = NULL;
+statefulhelper *ntlmauthenticators = nullptr;
static int authntlm_initialised = 0;
-static hash_table *proxy_auth_cache = NULL;
+static hash_table *proxy_auth_cache = nullptr;
void
Auth::Ntlm::Config::rotateHelpers()
void
Auth::Ntlm::Config::done()
{
- Auth::Config::done();
+ Auth::SchemeConfig::done();
authntlm_initialised = 0;
return;
delete ntlmauthenticators;
- ntlmauthenticators = NULL;
+ ntlmauthenticators = nullptr;
if (authenticateProgram)
wordlistDestroy(&authenticateProgram);
debugs(29, DBG_IMPORTANT, "Reconfigure: NTLM authentication configuration cleared.");
}
-bool
-Auth::Ntlm::Config::dump(StoreEntry * entry, const char *name, Auth::Config * scheme) const
-{
- if (!Auth::Config::dump(entry, name, scheme))
- return false;
-
- storeAppendPrintf(entry, "%s ntlm keep_alive %s\n", name, keep_alive ? "on" : "off");
- return true;
-}
-
-Auth::Ntlm::Config::Config() : keep_alive(1)
-{ }
-
-void
-Auth::Ntlm::Config::parse(Auth::Config * scheme, int n_configured, char *param_str)
-{
- if (strcmp(param_str, "program") == 0) {
- if (authenticateProgram)
- wordlistDestroy(&authenticateProgram);
-
- parse_wordlist(&authenticateProgram);
-
- requirePathnameExists("auth_param ntlm program", authenticateProgram->key);
- } else if (strcmp(param_str, "keep_alive") == 0) {
- parse_onoff(&keep_alive);
- } else
- Auth::Config::parse(scheme, n_configured, param_str);
-}
-
const char *
Auth::Ntlm::Config::type() const
{
/* Initialize helpers and the like for this auth scheme. Called AFTER parsing the
* config file */
void
-Auth::Ntlm::Config::init(Auth::Config *)
+Auth::Ntlm::Config::init(Auth::SchemeConfig *)
{
if (authenticateProgram) {
authntlm_initialised = 1;
- if (ntlmauthenticators == NULL)
+ if (ntlmauthenticators == nullptr)
ntlmauthenticators = new statefulhelper("ntlmauthenticator");
if (!proxy_auth_cache)
bool
Auth::Ntlm::Config::configured() const
{
- if ((authenticateProgram != NULL) && (authenticateChildren.n_max != 0)) {
- debugs(29, 9, HERE << "returning configured");
+ if ((authenticateProgram != nullptr) && (authenticateChildren.n_max != 0)) {
+ debugs(29, 9, "returning configured");
return true;
}
- debugs(29, 9, HERE << "returning unconfigured");
+ debugs(29, 9, "returning unconfigured");
return false;
}
/* NTLM Scheme */
void
-Auth::Ntlm::Config::fixHeader(Auth::UserRequest::Pointer auth_user_request, HttpReply *rep, http_hdr_type hdrType, HttpRequest * request)
+Auth::Ntlm::Config::fixHeader(Auth::UserRequest::Pointer auth_user_request, HttpReply *rep, Http::HdrType hdrType, HttpRequest * request)
{
if (!authenticateProgram)
return;
return;
/* New request, no user details */
- if (auth_user_request == NULL) {
- debugs(29, 9, HERE << "Sending type:" << hdrType << " header: 'NTLM'");
+ if (auth_user_request == nullptr) {
+ debugs(29, 9, "Sending type:" << hdrType << " header: 'NTLM'");
httpHeaderPutStrf(&rep->header, hdrType, "NTLM");
if (!keep_alive) {
}
} else {
Auth::Ntlm::UserRequest *ntlm_request = dynamic_cast<Auth::Ntlm::UserRequest *>(auth_user_request.getRaw());
- assert(ntlm_request != NULL);
+ assert(ntlm_request != nullptr);
switch (ntlm_request->user()->credentials()) {
/* here it makes sense to drop the connection, as auth is
* tied to it, even if MAYBE the client could handle it - Kinkie */
request->flags.proxyKeepalive = false;
- /* fall through */
+ [[fallthrough]];
case Auth::Ok:
- /* Special case: authentication finished OK but disallowed by ACL.
- * Need to start over to give the client another chance.
- */
- /* fall through */
+ /* Special case: authentication finished OK but disallowed by ACL.
+ * Need to start over to give the client another chance.
+ */
+ [[fallthrough]];
case Auth::Unchecked:
/* semantic change: do not drop the connection.
* 2.5 implementation used to keep it open - Kinkie */
- debugs(29, 9, HERE << "Sending type:" << hdrType << " header: 'NTLM'");
+ debugs(29, 9, "Sending type:" << hdrType << " header: 'NTLM'");
httpHeaderPutStrf(&rep->header, hdrType, "NTLM");
break;
case Auth::Handshake:
/* we're waiting for a response from the client. Pass it the blob */
- debugs(29, 9, HERE << "Sending type:" << hdrType << " header: 'NTLM " << ntlm_request->server_blob << "'");
+ debugs(29, 9, "Sending type:" << hdrType << " header: 'NTLM " << ntlm_request->server_blob << "'");
httpHeaderPutStrf(&rep->header, hdrType, "NTLM %s", ntlm_request->server_blob);
safe_free(ntlm_request->server_blob);
break;
static void
authenticateNTLMStats(StoreEntry * sentry)
{
- helperStatefulStats(sentry, ntlmauthenticators, "NTLM Authenticator Statistics");
+ if (ntlmauthenticators)
+ ntlmauthenticators->packStatsInto(sentry, "NTLM Authenticator Statistics");
}
/*
* Auth_user structure.
*/
Auth::UserRequest::Pointer
-Auth::Ntlm::Config::decode(char const *proxy_auth, const char *aRequestRealm)
+Auth::Ntlm::Config::decode(char const *proxy_auth, const HttpRequest *, const char *aRequestRealm)
{
- Auth::Ntlm::User *newUser = new Auth::Ntlm::User(Auth::Config::Find("ntlm"), aRequestRealm);
+ Auth::Ntlm::User *newUser = new Auth::Ntlm::User(Auth::SchemeConfig::Find("ntlm"), aRequestRealm);
Auth::UserRequest::Pointer auth_user_request = new Auth::Ntlm::UserRequest();
- assert(auth_user_request->user() == NULL);
+ assert(auth_user_request->user() == nullptr);
auth_user_request->user(newUser);
auth_user_request->user()->auth_type = Auth::AUTH_NTLM;
auth_user_request->user()->BuildUserKey(proxy_auth, aRequestRealm);
/* all we have to do is identify that it's NTLM - the helper does the rest */
- debugs(29, 9, HERE << "decode: NTLM authentication");
+ debugs(29, 9, "decode: NTLM authentication");
return auth_user_request;
}