assert(basic_auth != NULL);
- if (reply.result == Helper::ResultCode::Okay)
+ if (reply.result == Helper::Okay)
basic_auth->credentials(Auth::Ok);
else {
basic_auth->credentials(Auth::Failed);
static bool oldHelperWarningDone = false;
switch (reply.result) {
- case Helper::ResultCode::Unknown: {
+ case Helper::Unknown: {
// Squid 3.3 and older the digest helper only returns a HA1 hash (no "OK")
// the HA1 will be found in content() for these responses.
if (!oldHelperWarningDone) {
}
break;
- case Helper::ResultCode::Okay: {
+ case Helper::Okay: {
/* allow this because the digest_request pointer is purely local */
Auth::Digest::User *digest_user = dynamic_cast<Auth::Digest::User *>(auth_user_request->user().getRaw());
assert(digest_user != NULL);
}
break;
- case Helper::ResultCode::TT:
+ case Helper::TT:
debugs(29, DBG_IMPORTANT, "ERROR: Digest auth does not support the result code received. Using the wrong helper program? received: " << reply);
// fall through to next case. Handle this as an ERR response.
- case Helper::ResultCode::BrokenHelper:
+ case Helper::BrokenHelper:
// TODO retry the broken lookup on another helper?
// fall through to next case for now. Handle this as an ERR response silently.
- case Helper::ResultCode::Error: {
+ case Helper::Error: {
/* allow this because the digest_request pointer is purely local */
Auth::Digest::UserRequest *digest_request = dynamic_cast<Auth::Digest::UserRequest *>(auth_user_request.getRaw());
assert(digest_request);
assert(reply.whichServer == lm_request->authserver);
switch (reply.result) {
- case Helper::ResultCode::TT:
+ case Helper::TT:
/* we have been given a blob to send to the client */
safe_free(lm_request->server_blob);
lm_request->request->flags.mustKeepalive = true;
}
break;
- case Helper::ResultCode::Okay: {
+ case Helper::Okay: {
const char *userNote = reply.notes.findFirst("user");
const char *tokenNote = reply.notes.findFirst("token");
if (userNote == NULL || tokenNote == NULL) {
}
break;
- case Helper::ResultCode::Error: {
+ case Helper::Error: {
const char *messageNote = reply.notes.find("message");
const char *tokenNote = reply.notes.findFirst("token");
}
break;
- case Helper::ResultCode::Unknown:
+ case Helper::Unknown:
debugs(29, DBG_IMPORTANT, "ERROR: Negotiate Authentication Helper '" << reply.whichServer << "' crashed!.");
/* continue to the next case */
- case Helper::ResultCode::BrokenHelper: {
+ case Helper::BrokenHelper: {
/* TODO kick off a refresh process. This can occur after a YR or after
* a KK. If after a YR release the helper and resubmit the request via
* Authenticate Negotiate start.
* If after a KK deny the user's request w/ 407 and mark the helper as
* Needing YR. */
const char *errNote = reply.notes.find("message");
- if (reply.result == Helper::ResultCode::Unknown)
+ if (reply.result == Helper::Unknown)
auth_user_request->denyMessage("Internal Error");
else if (errNote != NULL)
auth_user_request->denyMessage(errNote);
assert(reply.whichServer == lm_request->authserver);
switch (reply.result) {
- case Helper::ResultCode::TT:
+ case Helper::TT:
/* we have been given a blob to send to the client */
safe_free(lm_request->server_blob);
lm_request->request->flags.mustKeepalive = true;
}
break;
- case Helper::ResultCode::Okay: {
+ case Helper::Okay: {
/* we're finished, release the helper */
const char *userLabel = reply.notes.findFirst("user");
if (!userLabel) {
}
break;
- case Helper::ResultCode::Error: {
+ case Helper::Error: {
/* authentication failure (wrong password, etc.) */
const char *errNote = reply.notes.find("message");
if (errNote != NULL)
}
break;
- case Helper::ResultCode::Unknown:
+ case Helper::Unknown:
debugs(29, DBG_IMPORTANT, "ERROR: NTLM Authentication Helper '" << reply.whichServer << "' crashed!.");
/* continue to the next case */
- case Helper::ResultCode::BrokenHelper: {
+ case Helper::BrokenHelper: {
/* TODO kick off a refresh process. This can occur after a YR or after
* a KK. If after a YR release the helper and resubmit the request via
* Authenticate NTLM start.
* If after a KK deny the user's request w/ 407 and mark the helper as
* Needing YR. */
const char *errNote = reply.notes.find("message");
- if (reply.result == Helper::ResultCode::Unknown)
+ if (reply.result == Helper::Unknown)
auth_user_request->denyMessage("Internal Error");
else if (errNote != NULL)
auth_user_request->denyMessage(errNote);
void
ConnStateData::sslCrtdHandleReply(const Helper::Reply &reply)
{
- if (reply.result == Helper::ResultCode::BrokenHelper) {
+ if (reply.result == Helper::BrokenHelper) {
debugs(33, 5, HERE << "Certificate for " << sslConnectHostOrIp << " cannot be generated. ssl_crtd response: " << reply);
} else if (!reply.other().hasContent()) {
debugs(1, DBG_IMPORTANT, HERE << "\"ssl_crtd\" helper returned <NULL> reply.");
if (reply_message.parse(reply.other().content(), reply.other().contentSize()) != Ssl::CrtdMessage::OK) {
debugs(33, 5, HERE << "Reply from ssl_crtd for " << sslConnectHostOrIp << " is incorrect");
} else {
- if (reply.result != Helper::ResultCode::Okay) {
+ if (reply.result != Helper::Okay) {
debugs(33, 5, HERE << "Certificate for " << sslConnectHostOrIp << " cannot be generated. ssl_crtd response: " << reply_message.getBody());
} else {
debugs(33, 5, HERE << "Certificate for " << sslConnectHostOrIp << " was successfully recieved from ssl_crtd");
redirectStart(http, clientRedirectDoneWrapper, context);
else {
Helper::Reply nilReply;
- nilReply.result = Helper::ResultCode::Error;
+ nilReply.result = Helper::Error;
context->clientRedirectDone(nilReply);
}
}
else {
debugs(85, 3, "access denied expected ERR reply handling: " << answer);
Helper::Reply nilReply;
- nilReply.result = Helper::ResultCode::Error;
+ nilReply.result = Helper::Error;
context->clientStoreIdDone(nilReply);
}
}
UpdateRequestNotes(http->getConn(), *old_request, reply.notes);
switch (reply.result) {
- case Helper::ResultCode::Unknown:
- case Helper::ResultCode::TT:
+ case Helper::Unknown:
+ case Helper::TT:
// Handler in redirect.cc should have already mapped Unknown
// IF it contained valid entry for the old URL-rewrite helper protocol
debugs(85, DBG_IMPORTANT, "ERROR: URL rewrite helper returned invalid result code. Wrong helper? " << reply);
break;
- case Helper::ResultCode::BrokenHelper:
+ case Helper::BrokenHelper:
debugs(85, DBG_IMPORTANT, "ERROR: URL rewrite helper: " << reply << ", attempt #" << (redirect_fail_count+1) << " of 2");
if (redirect_fail_count < 2) { // XXX: make this configurable ?
++redirect_fail_count;
}
break;
- case Helper::ResultCode::Error:
+ case Helper::Error:
// no change to be done.
break;
- case Helper::ResultCode::Okay: {
+ case Helper::Okay: {
// #1: redirect with a specific status code OK status=NNN url="..."
// #2: redirect with a default status code OK url="..."
// #3: re-write the URL OK rewrite-url="..."
UpdateRequestNotes(http->getConn(), *old_request, reply.notes);
switch (reply.result) {
- case Helper::ResultCode::Unknown:
- case Helper::ResultCode::TT:
+ case Helper::Unknown:
+ case Helper::TT:
// Handler in redirect.cc should have already mapped Unknown
// IF it contained valid entry for the old helper protocol
debugs(85, DBG_IMPORTANT, "ERROR: storeID helper returned invalid result code. Wrong helper? " << reply);
break;
- case Helper::ResultCode::BrokenHelper:
+ case Helper::BrokenHelper:
debugs(85, DBG_IMPORTANT, "ERROR: storeID helper: " << reply << ", attempt #" << (store_id_fail_count+1) << " of 2");
if (store_id_fail_count < 2) { // XXX: make this configurable ?
++store_id_fail_count;
}
break;
- case Helper::ResultCode::Error:
+ case Helper::Error:
// no change to be done.
break;
- case Helper::ResultCode::Okay: {
+ case Helper::Okay: {
const char *urlNote = reply.notes.findFirst("store-id");
// prevent broken helpers causing too much damage. If old URL == new URL skip the re-write.
debugs(82, 2, HERE << "reply=" << reply);
- if (reply.result == Helper::ResultCode::Okay)
+ if (reply.result == Helper::Okay)
entryData.result = ACCESS_ALLOWED;
// XXX: handle other non-DENIED results better
if (cbdataReferenceValid(state->def)) {
// only cache OK and ERR results.
- if (reply.result == Helper::ResultCode::Okay || reply.result == Helper::ResultCode::Error)
+ if (reply.result == Helper::Okay || reply.result == Helper::Error)
entry = external_acl_cache_add(state->def, state->key, entryData);
else {
external_acl_entry *oldentry = (external_acl_entry *)hash_lookup(state->def->cache, state->key);
#include "SquidString.h"
Helper::Reply::Reply(char *buf, size_t len) :
- result(Helper::ResultCode::Unknown),
+ result(Helper::Unknown),
whichServer(NULL)
{
parse(buf,len);
// check we have something to parse
if (!buf || len < 1) {
// empty line response was the old URL-rewriter interface ERR response.
- result = Helper::ResultCode::Error;
+ result = Helper::Error;
// for now ensure that legacy handlers are not presented with NULL strings.
debugs(84, 3, "Reply length is smaller than 1 or none at all ");
other_.init(1,1);
// we must also check for the ' ' character after the response token (if anything)
if (!strncmp(p,"OK",2) && (len == 2 || p[2] == ' ')) {
debugs(84, 3, "helper Result = OK");
- result = Helper::ResultCode::Okay;
+ result = Helper::Okay;
p+=2;
} else if (!strncmp(p,"ERR",3) && (len == 3 || p[3] == ' ')) {
debugs(84, 3, "helper Result = ERR");
- result = Helper::ResultCode::Error;
+ result = Helper::Error;
p+=3;
} else if (!strncmp(p,"BH",2) && (len == 2 || p[2] == ' ')) {
debugs(84, 3, "helper Result = BH");
- result = Helper::ResultCode::BrokenHelper;
+ result = Helper::BrokenHelper;
p+=2;
} else if (!strncmp(p,"TT ",3)) {
// NTLM challenge token
- result = Helper::ResultCode::TT;
+ result = Helper::TT;
p+=3;
// followed by an auth token
char *w1 = strwordtok(NULL, &p);
notes.add("token",authToken.content());
} else {
// token field is mandatory on this response code
- result = Helper::ResultCode::BrokenHelper;
+ result = Helper::BrokenHelper;
notes.add("message","Missing 'token' data");
}
} else if (!strncmp(p,"AF ",3)) {
// NTLM/Negotate OK response
- result = Helper::ResultCode::Okay;
+ result = Helper::Okay;
p+=3;
// followed by:
// an optional auth token and user field
}
} else if (!strncmp(p,"NA ",3)) {
// NTLM fail-closed ERR response
- result = Helper::ResultCode::Error;
+ result = Helper::Error;
p+=3;
sawNA=true;
}
parseResponseKeys();
// Hack for backward-compatibility: BH and NA used to be a text message...
- if (other().hasContent() && (sawNA || result == Helper::ResultCode::BrokenHelper)) {
+ if (other().hasContent() && (sawNA || result == Helper::BrokenHelper)) {
notes.add("message",other().content());
modifiableOther().clean();
}
{
os << "{result=";
switch (r.result) {
- case Helper::ResultCode::Okay:
+ case Helper::Okay:
os << "OK";
break;
- case Helper::ResultCode::Error:
+ case Helper::Error:
os << "ERR";
break;
- case Helper::ResultCode::BrokenHelper:
+ case Helper::BrokenHelper:
os << "BH";
break;
- case Helper::ResultCode::TT:
+ case Helper::TT:
os << "TT";
break;
- case Helper::ResultCode::Unknown:
+ case Helper::Unknown:
os << "Unknown";
break;
}
Reply &operator =(const Helper::Reply &r);
public:
- Reply() : result(Helper::ResultCode::Unknown), notes(), whichServer(NULL) {
+ Reply() : result(Helper::Unknown), notes(), whichServer(NULL) {
other_.init(1,1);
other_.terminate();
}
// and to map the old helper response format(s) into new format result code and key=value pairs
// it can be removed when the helpers are all updated to the normalized "OK/ERR kv-pairs" format
- if (reply.result == Helper::ResultCode::Unknown) {
+ if (reply.result == Helper::Unknown) {
// BACKWARD COMPATIBILITY 2012-06-15:
// Some nasty old helpers send back the entire input line including extra format keys.
// This is especially bad for simple perl search-replace filter scripts.
Helper::Reply newReply;
// BACKWARD COMPATIBILITY 2012-06-15:
- // We got Helper::ResultCode::Unknown reply result but new
- // RedirectStateData handlers require Helper::ResultCode::Okay,
+ // We got Helper::Unknown reply result but new
+ // RedirectStateData handlers require Helper::Okay,
// else will drop the helper reply
- newReply.result = Helper::ResultCode::Okay;
+ newReply.result = Helper::Okay;
newReply.notes.append(&reply.notes);
// check and parse for obsoleted Squid-2 urlgroup feature
/* Skip redirector if there is one request queued */
++redirectorBypassed;
Helper::Reply bypassReply;
- bypassReply.result = Helper::ResultCode::Okay;
+ bypassReply.result = Helper::Okay;
bypassReply.notes.add("message","URL rewrite/redirect queue too long. Bypassed.");
handler(data, bypassReply);
return;
++storeIdBypassed;
Helper::Reply bypassReply;
- bypassReply.result = Helper::ResultCode::Okay;
+ bypassReply.result = Helper::Okay;
bypassReply.notes.add("message","StoreId helper queue too long. Bypassed.");
handler(data, bypassReply);
debugs(83,5, request->GetHost() << " cert validation result: " << validationResponse.resultCode);
- if (validationResponse.resultCode == ::Helper::ResultCode::Error)
+ if (validationResponse.resultCode == ::Helper::Error)
errs = sslCrtvdCheckForErrors(validationResponse, errDetails);
- else if (validationResponse.resultCode != ::Helper::ResultCode::Okay)
+ else if (validationResponse.resultCode != ::Helper::Okay)
validatorFailed = true;
if (!errDetails && !validatorFailed) {
fatal("SSL servers not responding for 3 minutes");
debugs(34, DBG_IMPORTANT, HERE << "Queue overload, rejecting");
::Helper::Reply failReply;
- failReply.result = ::Helper::ResultCode::BrokenHelper;
+ failReply.result = ::Helper::BrokenHelper;
failReply.notes.add("message", "error 45 Temporary network problem, please retry later");
callback(data, failReply);
return;
submitData *crtdvdData = static_cast<submitData *>(data);
STACK_OF(X509) *peerCerts = SSL_get_peer_cert_chain(crtdvdData->ssl);
- if (reply.result == ::Helper::ResultCode::BrokenHelper) {
+ if (reply.result == ::Helper::BrokenHelper) {
debugs(83, DBG_IMPORTANT, "\"ssl_crtvd\" helper error response: " << reply.other().content());
- validationResponse->resultCode = ::Helper::ResultCode::BrokenHelper;
+ validationResponse->resultCode = ::Helper::BrokenHelper;
} else if (replyMsg.parse(reply.other().content(), reply.other().contentSize()) != Ssl::CrtdMessage::OK ||
!replyMsg.parseResponse(*validationResponse, peerCerts, error) ) {
debugs(83, DBG_IMPORTANT, "WARNING: Reply from ssl_crtvd for " << " is incorrect");
debugs(83, DBG_IMPORTANT, "Certificate cannot be validated. ssl_crtvd response: " << replyMsg.getBody());
- validationResponse->resultCode = ::Helper::ResultCode::BrokenHelper;
+ validationResponse->resultCode = ::Helper::BrokenHelper;
} else
validationResponse->resultCode = reply.result;
crtdvdData->callback(crtdvdData->data, *validationResponse);
if (Ssl::CertValidationHelper::HelperCache &&
- (validationResponse->resultCode == ::Helper::ResultCode::Okay || validationResponse->resultCode == ::Helper::ResultCode::Error)) {
+ (validationResponse->resultCode == ::Helper::Okay || validationResponse->resultCode == ::Helper::Error)) {
Ssl::CertValidationHelper::HelperCache->add(crtdvdData->query.c_str(), validationResponse);
} else
delete validationResponse;
fatal("ssl_crtvd queue being overloaded for long time");
debugs(83, DBG_IMPORTANT, "WARNING: ssl_crtvd queue overload, rejecting");
Ssl::CertValidationResponse resp;
- resp.resultCode = ::Helper::ResultCode::BrokenHelper;
+ resp.resultCode = ::Helper::BrokenHelper;
callback(data, resp);
return;
}
projects / thirdparty / squid.git / commitdiff
