Turns out there were a number of reasons why NTLM authentication
didn't work. Some of these were addressed by patches committed a
few revs earlier. With this current patch, Squid is now handling
a Web Polygraph workload with NTLM authentication.
The big change here is to locking of AuthUserRequest by the various
other classes that maintain a pointer to it. The old locking logic
was difficult for me to follow, and it seemed that there were not
enough unlocks, leading to helper processes getting stuck in RESERVED
state.
I copied the ideas from HttpMsg locking and created macros
AUTHUSERREQUESTLOCK and AUTHUSERREQUESTUNLOCK. I also tried to
make sure that locks and unlocks occur in places where pointers are
assigned. The most tricky part is with the ACLchecklist class,
which passes a pointer to a pointer. Previously AuthUserRequest
was doing a lot of locking on behalf of ACLchecklist, but now I
make ACLchecklist do all its own locking and AuthUserRequest really
shouldn't lock its own objects for any other classes.
Another important change was to helperStatefulReleaseServer(). The
old version apparently ignored helper servers in the S_HELPER_RESERVED
states. It was only concerned about the S_HELPER_DEFERRED state.
Now I think it does the right thing for both states.
This patch also contains numerous cosmetic "style" changes to the
source code and debugging that don't really affect its functionality.
I couldn't resist.