]> git.ipfire.org Git - thirdparty/squid.git/commitdiff
Port of 2.6/changesets/11280.patch
authorwessels <>
Wed, 9 May 2007 14:07:23 +0000 (14:07 +0000)
committerwessels <>
Wed, 9 May 2007 14:07:23 +0000 (14:07 +0000)
This is a port of
http://www.squid-cache.org/Versions/v2/2.6/changesets/11280.patch
to Squid-3.  It seems that this particular patch was skipped
or missed when other squid-2 changes were ported to squid-3.

This patch removes the AUTHENTICATE_STATE_FINISHED state from
authentication code.  It also moves some medium sized blocks of
code from the ::authenticate() method to the to
authenticateFooHandleReply() function.

src/auth/negotiate/auth_negotiate.cc
src/auth/negotiate/auth_negotiate.h
src/auth/ntlm/auth_ntlm.cc
src/auth/ntlm/auth_ntlm.h

index 064858b1bd73a0bbc3f0f2898eefedd5e5369fd0..6f41f290d44b993b7726c523702574b7204d7c60 100644 (file)
@@ -1,6 +1,6 @@
 
 /*
- * $Id: auth_negotiate.cc,v 1.16 2007/05/09 07:36:31 wessels Exp $
+ * $Id: auth_negotiate.cc,v 1.17 2007/05/09 08:07:23 wessels Exp $
  *
  * DEBUG: section 29    Negotiate Authenticator
  * AUTHOR: Robert Collins, Henrik Nordstrom, Francesco Chemolli
@@ -247,9 +247,6 @@ AuthNegotiateUserRequest::module_direction()
         assert(server_blob);
         return 1; /* send to client */
 
-    case AUTHENTICATE_STATE_FINISHED:
-        return 0; /* do nothing */
-
     case AUTHENTICATE_STATE_DONE:
         return 0; /* do nothing */
 
@@ -316,7 +313,6 @@ AuthNegotiateConfig::fixHeader(AuthUserRequest *auth_user_request, HttpReply *re
             request->flags.proxy_keepalive = 0;
             /* fall through */
 
-        case AUTHENTICATE_STATE_FINISHED:
         case AUTHENTICATE_STATE_DONE:
             /* Special case: authentication finished OK but disallowed by ACL.
              * Need to start over to give the client another chance.
@@ -452,11 +448,39 @@ authenticateNegotiateHandleReply(void *data, void *lastserver, char *reply)
 
         authenticateNegotiateReleaseServer(negotiate_request);
 
-        negotiate_request->auth_state = AUTHENTICATE_STATE_FINISHED;
+        negotiate_request->auth_state = AUTHENTICATE_STATE_DONE;
 
         result = S_HELPER_RELEASE;
 
         debugs(29, 4, "authenticateNegotiateHandleReply: Successfully validated user via NEGOTIATE. Username '" << blob << "'");
+
+        /* connection is authenticated */
+        debugs(29, 4, "AuthNegotiateUserRequest::authenticate: authenticated user " << negotiate_user->username());
+        /* see if this is an existing user with a different proxy_auth
+         * string */
+       auth_user_hash_pointer *usernamehash = static_cast<AuthUserHashPointer *>(hash_lookup(proxy_auth_username_cache, negotiate_user->username()));
+       auth_user_t *local_auth_user = negotiate_request->user();
+        while (usernamehash && (usernamehash->user()->auth_type != AUTH_NEGOTIATE || strcmp(usernamehash->user()->username(), negotiate_user->username()) != 0))
+            usernamehash = static_cast<AuthUserHashPointer *>(usernamehash->next);
+        if (usernamehash) {
+            /* we can't seamlessly recheck the username due to the
+             * challenge-response nature of the protocol.
+             * Just free the temporary auth_user */
+            usernamehash->user()->absorb(local_auth_user);
+            //authenticateAuthUserMerge(local_auth_user, usernamehash->user());
+            local_auth_user = usernamehash->user();
+            negotiate_request->_auth_user = local_auth_user;
+        } else {
+            /* store user in hash's */
+            local_auth_user->addToNameCache();
+            // authenticateUserNameCacheAdd(local_auth_user);
+        }
+        /* set these to now because this is either a new login from an
+         * existing user or a new user */
+        local_auth_user->expiretime = current_time.tv_sec;
+        authenticateNegotiateReleaseServer(negotiate_request);
+        negotiate_request->auth_state = AUTHENTICATE_STATE_DONE;
+
     } else if (strncasecmp(reply, "NA ", 3) == 0 && arg != NULL) {
         /* authentication failure (wrong password, etc.) */
 
@@ -632,9 +656,6 @@ AuthNegotiateUserRequest::authenticate(HttpRequest * request, ConnStateData::Poi
 {
     const char *proxy_auth, *blob;
 
-    //ProxyAuthCachePointer *proxy_auth_hash = NULL;
-    auth_user_hash_pointer *usernamehash;
-
     /* TODO: rename this!! */
     auth_user_t *local_auth_user;
     negotiate_user_t *negotiate_user;
@@ -717,55 +738,19 @@ AuthNegotiateUserRequest::authenticate(HttpRequest * request, ConnStateData::Poi
 
         break;
 
-    case AUTHENTICATE_STATE_FINISHED:
-        /* connection is authenticated */
-        debugs(29, 4, "AuthNegotiateUserRequest::authenticate: authenticated user " << negotiate_user->username());
-
-        /* see if this is an existing user with a different proxy_auth
-         * string */
-        usernamehash = static_cast<AuthUserHashPointer *>(hash_lookup(proxy_auth_username_cache, negotiate_user->username()));
-
-        while (usernamehash && (usernamehash->user()->auth_type != AUTH_NEGOTIATE || strcmp(usernamehash->user()->username(), negotiate_user->username()) != 0))
-            usernamehash = static_cast<AuthUserHashPointer *>(usernamehash->next);
-
-        if (usernamehash) {
-            /* we can't seamlessly recheck the username due to the
-             * challenge-response nature of the protocol.
-             * Just free the temporary auth_user */
-            usernamehash->user()->absorb(local_auth_user);
-            //authenticateAuthUserMerge(local_auth_user, usernamehash->user());
-            local_auth_user = usernamehash->user();
-            _auth_user = local_auth_user;
-        } else {
-            /* store user in hash's */
-            local_auth_user->addToNameCache();
-            // authenticateUserNameCacheAdd(local_auth_user);
-        }
-
-        /* set these to now because this is either a new login from an
-         * existing user or a new user */
-        local_auth_user->expiretime = current_time.tv_sec;
-
-        authenticateNegotiateReleaseServer(this);
-
-        auth_state = AUTHENTICATE_STATE_DONE;
+    case AUTHENTICATE_STATE_FAILED:
+        /* we've failed somewhere in authentication */
+        debugs(29, 9, "AuthNegotiateUserRequest::authenticate: auth state negotiate failed. " << proxy_auth);
 
         return;
 
         break;
 
     case AUTHENTICATE_STATE_DONE:
-        fatal("AuthNegotiateUserRequest::authenticate: unexpect auth state DONE! Report a bug to the squid developers.\n");
+       fatal("AuthNegotiateUserRequest::authenticate: unexpect auth state DONE! Report a bug to the squid developers.\n");
 
-        break;
-
-    case AUTHENTICATE_STATE_FAILED:
-        /* we've failed somewhere in authentication */
-        debugs(29, 9, "AuthNegotiateUserRequest::authenticate: auth state negotiate failed. " << proxy_auth);
-
-        return;
+       break;
 
-        break;
     }
 
     return;
index 624f408b43140886578ddc42a9b8e8b6b37174c5..035679520f9646554bb3a28113868c640526e9ee 100644 (file)
@@ -19,7 +19,6 @@ typedef enum {
     AUTHENTICATE_STATE_NONE,
     AUTHENTICATE_STATE_INITIAL,
     AUTHENTICATE_STATE_IN_PROGRESS,
-    AUTHENTICATE_STATE_FINISHED,
     AUTHENTICATE_STATE_DONE,
     AUTHENTICATE_STATE_FAILED
 } auth_state_t;                 /* connection level auth state */
index bff9535bb7d65816e0c46c491312d7350964ea42..313804b2c0999a069fd9e1b6a0a3e88b1a152dc1 100644 (file)
@@ -1,6 +1,6 @@
 
 /*
- * $Id: auth_ntlm.cc,v 1.65 2007/05/09 07:36:31 wessels Exp $
+ * $Id: auth_ntlm.cc,v 1.66 2007/05/09 08:07:23 wessels Exp $
  *
  * DEBUG: section 29    NTLM Authenticator
  * AUTHOR: Robert Collins, Henrik Nordstrom, Francesco Chemolli
@@ -248,9 +248,6 @@ AuthNTLMUserRequest::module_direction()
         assert(server_blob);
         return 1; /* send to client */
 
-    case AUTHENTICATE_STATE_FINISHED:
-        return 0; /* do nothing */
-
     case AUTHENTICATE_STATE_DONE:
         return 0; /* do nothing */
 
@@ -292,7 +289,6 @@ AuthNTLMConfig::fixHeader(AuthUserRequest *auth_user_request, HttpReply *rep, ht
             request->flags.proxy_keepalive = 0;
             /* fall through */
 
-        case AUTHENTICATE_STATE_FINISHED:
         case AUTHENTICATE_STATE_DONE:
             /* Special case: authentication finished OK but disallowed by ACL.
              * Need to start over to give the client another chance.
@@ -395,10 +391,37 @@ authenticateNTLMHandleReply(void *data, void *lastserver, char *reply)
         auth_user_request->denyMessage("Login successful");
         safe_free(ntlm_request->server_blob);
         authenticateNTLMReleaseServer(ntlm_request);
-        ntlm_request->auth_state = AUTHENTICATE_STATE_FINISHED;
+        ntlm_request->auth_state = AUTHENTICATE_STATE_DONE;
 
         result = S_HELPER_RELEASE;
         debugs(29, 4, "authenticateNTLMHandleReply: Successfully validated user via NTLM. Username '" << blob << "'");
+        /* connection is authenticated */
+        debugs(29, 4, "AuthNTLMUserRequest::authenticate: authenticated user " << ntlm_user->username());
+        /* see if this is an existing user with a different proxy_auth
+         * string */
+        auth_user_hash_pointer *usernamehash = static_cast<AuthUserHashPointer *>(hash_lookup(proxy_auth_username_cache, ntlm_user->username()));
+       auth_user_t *local_auth_user = ntlm_request->user();
+        ntlm_user_t *ntlm_user = NULL;;
+        while (usernamehash && (usernamehash->user()->auth_type != AUTH_NTLM || strcmp(usernamehash->user()->username(), ntlm_user->username()) != 0))
+            usernamehash = static_cast<AuthUserHashPointer *>(usernamehash->next);
+        if (usernamehash) {
+            /* we can't seamlessly recheck the username due to the
+             * challenge-response nature of the protocol.
+             * Just free the temporary auth_user */
+            usernamehash->user()->absorb(local_auth_user);
+            //authenticateAuthUserMerge(local_auth_user, usernamehash->user());
+            local_auth_user = usernamehash->user();
+            ntlm_request->_auth_user = local_auth_user;
+        } else {
+            /* store user in hash's */
+            local_auth_user->addToNameCache();
+            // authenticateUserNameCacheAdd(local_auth_user);
+        }
+        /* set these to now because this is either a new login from an
+         * existing user or a new user */
+        local_auth_user->expiretime = current_time.tv_sec;
+        authenticateNTLMReleaseServer(ntlm_request);
+       ntlm_request->auth_state = AUTHENTICATE_STATE_DONE;
     } else if (strncasecmp(reply, "NA ", 3) == 0) {
         /* authentication failure (wrong password, etc.) */
         auth_user_request->denyMessage(blob);
@@ -563,9 +586,6 @@ AuthNTLMUserRequest::authenticate(HttpRequest * request, ConnStateData::Pointer
 {
     const char *proxy_auth, *blob;
 
-    //ProxyAuthCachePointer *proxy_auth_hash = NULL;
-    auth_user_hash_pointer *usernamehash;
-
     /* TODO: rename this!! */
     auth_user_t *local_auth_user;
     ntlm_user_t *ntlm_user;
@@ -648,47 +668,10 @@ AuthNTLMUserRequest::authenticate(HttpRequest * request, ConnStateData::Pointer
 
         break;
 
-    case AUTHENTICATE_STATE_FINISHED:
-        /* connection is authenticated */
-        debugs(29, 4, "AuthNTLMUserRequest::authenticate: authenticated user " << ntlm_user->username());
-
-        /* see if this is an existing user with a different proxy_auth
-         * string */
-        usernamehash = static_cast<AuthUserHashPointer *>(hash_lookup(proxy_auth_username_cache, ntlm_user->username()));
-
-        while (usernamehash && (usernamehash->user()->auth_type != AUTH_NTLM || strcmp(usernamehash->user()->username(), ntlm_user->username()) != 0))
-            usernamehash = static_cast<AuthUserHashPointer *>(usernamehash->next);
-
-        if (usernamehash) {
-            /* we can't seamlessly recheck the username due to the
-             * challenge-response nature of the protocol.
-             * Just free the temporary auth_user */
-            usernamehash->user()->absorb(local_auth_user);
-            //authenticateAuthUserMerge(local_auth_user, usernamehash->user());
-            local_auth_user = usernamehash->user();
-            _auth_user = local_auth_user;
-        } else {
-            /* store user in hash's */
-            local_auth_user->addToNameCache();
-            // authenticateUserNameCacheAdd(local_auth_user);
-        }
-
-        /* set these to now because this is either a new login from an
-         * existing user or a new user */
-        local_auth_user->expiretime = current_time.tv_sec;
-
-        authenticateNTLMReleaseServer(this);
-
-        auth_state = AUTHENTICATE_STATE_DONE;
-
-        return;
-
-        break;
-
     case AUTHENTICATE_STATE_DONE:
-        fatal("AuthNTLMUserRequest::authenticate: unexpect auth state DONE! Report a bug to the squid developers.\n");
+       fatal("AuthNTLMUserRequest::authenticate: unexpect auth state DONE! Report a bug to the squid developers.\n");
 
-        break;
+       break;
 
     case AUTHENTICATE_STATE_FAILED:
         /* we've failed somewhere in authentication */
index 8006d6b03caf52134a56ee21ac31788989b0132d..f4454f2780821ce7058273d1cf6506fed3b411ab 100644 (file)
@@ -19,7 +19,6 @@ typedef enum {
     AUTHENTICATE_STATE_NONE,
     AUTHENTICATE_STATE_INITIAL,
     AUTHENTICATE_STATE_IN_PROGRESS,
-    AUTHENTICATE_STATE_FINISHED,
     AUTHENTICATE_STATE_DONE,
     AUTHENTICATE_STATE_FAILED
 } auth_state_t;                 /* connection level auth state */