/*
- * $Id: auth_negotiate.cc,v 1.16 2007/05/09 07:36:31 wessels Exp $
+ * $Id: auth_negotiate.cc,v 1.17 2007/05/09 08:07:23 wessels Exp $
*
* DEBUG: section 29 Negotiate Authenticator
* AUTHOR: Robert Collins, Henrik Nordstrom, Francesco Chemolli
assert(server_blob);
return 1; /* send to client */
- case AUTHENTICATE_STATE_FINISHED:
- return 0; /* do nothing */
-
case AUTHENTICATE_STATE_DONE:
return 0; /* do nothing */
request->flags.proxy_keepalive = 0;
/* fall through */
- case AUTHENTICATE_STATE_FINISHED:
case AUTHENTICATE_STATE_DONE:
/* Special case: authentication finished OK but disallowed by ACL.
* Need to start over to give the client another chance.
authenticateNegotiateReleaseServer(negotiate_request);
- negotiate_request->auth_state = AUTHENTICATE_STATE_FINISHED;
+ negotiate_request->auth_state = AUTHENTICATE_STATE_DONE;
result = S_HELPER_RELEASE;
debugs(29, 4, "authenticateNegotiateHandleReply: Successfully validated user via NEGOTIATE. Username '" << blob << "'");
+
+ /* connection is authenticated */
+ debugs(29, 4, "AuthNegotiateUserRequest::authenticate: authenticated user " << negotiate_user->username());
+ /* see if this is an existing user with a different proxy_auth
+ * string */
+ auth_user_hash_pointer *usernamehash = static_cast<AuthUserHashPointer *>(hash_lookup(proxy_auth_username_cache, negotiate_user->username()));
+ auth_user_t *local_auth_user = negotiate_request->user();
+ while (usernamehash && (usernamehash->user()->auth_type != AUTH_NEGOTIATE || strcmp(usernamehash->user()->username(), negotiate_user->username()) != 0))
+ usernamehash = static_cast<AuthUserHashPointer *>(usernamehash->next);
+ if (usernamehash) {
+ /* we can't seamlessly recheck the username due to the
+ * challenge-response nature of the protocol.
+ * Just free the temporary auth_user */
+ usernamehash->user()->absorb(local_auth_user);
+ //authenticateAuthUserMerge(local_auth_user, usernamehash->user());
+ local_auth_user = usernamehash->user();
+ negotiate_request->_auth_user = local_auth_user;
+ } else {
+ /* store user in hash's */
+ local_auth_user->addToNameCache();
+ // authenticateUserNameCacheAdd(local_auth_user);
+ }
+ /* set these to now because this is either a new login from an
+ * existing user or a new user */
+ local_auth_user->expiretime = current_time.tv_sec;
+ authenticateNegotiateReleaseServer(negotiate_request);
+ negotiate_request->auth_state = AUTHENTICATE_STATE_DONE;
+
} else if (strncasecmp(reply, "NA ", 3) == 0 && arg != NULL) {
/* authentication failure (wrong password, etc.) */
{
const char *proxy_auth, *blob;
- //ProxyAuthCachePointer *proxy_auth_hash = NULL;
- auth_user_hash_pointer *usernamehash;
-
/* TODO: rename this!! */
auth_user_t *local_auth_user;
negotiate_user_t *negotiate_user;
break;
- case AUTHENTICATE_STATE_FINISHED:
- /* connection is authenticated */
- debugs(29, 4, "AuthNegotiateUserRequest::authenticate: authenticated user " << negotiate_user->username());
-
- /* see if this is an existing user with a different proxy_auth
- * string */
- usernamehash = static_cast<AuthUserHashPointer *>(hash_lookup(proxy_auth_username_cache, negotiate_user->username()));
-
- while (usernamehash && (usernamehash->user()->auth_type != AUTH_NEGOTIATE || strcmp(usernamehash->user()->username(), negotiate_user->username()) != 0))
- usernamehash = static_cast<AuthUserHashPointer *>(usernamehash->next);
-
- if (usernamehash) {
- /* we can't seamlessly recheck the username due to the
- * challenge-response nature of the protocol.
- * Just free the temporary auth_user */
- usernamehash->user()->absorb(local_auth_user);
- //authenticateAuthUserMerge(local_auth_user, usernamehash->user());
- local_auth_user = usernamehash->user();
- _auth_user = local_auth_user;
- } else {
- /* store user in hash's */
- local_auth_user->addToNameCache();
- // authenticateUserNameCacheAdd(local_auth_user);
- }
-
- /* set these to now because this is either a new login from an
- * existing user or a new user */
- local_auth_user->expiretime = current_time.tv_sec;
-
- authenticateNegotiateReleaseServer(this);
-
- auth_state = AUTHENTICATE_STATE_DONE;
+ case AUTHENTICATE_STATE_FAILED:
+ /* we've failed somewhere in authentication */
+ debugs(29, 9, "AuthNegotiateUserRequest::authenticate: auth state negotiate failed. " << proxy_auth);
return;
break;
case AUTHENTICATE_STATE_DONE:
- fatal("AuthNegotiateUserRequest::authenticate: unexpect auth state DONE! Report a bug to the squid developers.\n");
+ fatal("AuthNegotiateUserRequest::authenticate: unexpect auth state DONE! Report a bug to the squid developers.\n");
- break;
-
- case AUTHENTICATE_STATE_FAILED:
- /* we've failed somewhere in authentication */
- debugs(29, 9, "AuthNegotiateUserRequest::authenticate: auth state negotiate failed. " << proxy_auth);
-
- return;
+ break;
- break;
}
return;
AUTHENTICATE_STATE_NONE,
AUTHENTICATE_STATE_INITIAL,
AUTHENTICATE_STATE_IN_PROGRESS,
- AUTHENTICATE_STATE_FINISHED,
AUTHENTICATE_STATE_DONE,
AUTHENTICATE_STATE_FAILED
} auth_state_t; /* connection level auth state */
/*
- * $Id: auth_ntlm.cc,v 1.65 2007/05/09 07:36:31 wessels Exp $
+ * $Id: auth_ntlm.cc,v 1.66 2007/05/09 08:07:23 wessels Exp $
*
* DEBUG: section 29 NTLM Authenticator
* AUTHOR: Robert Collins, Henrik Nordstrom, Francesco Chemolli
assert(server_blob);
return 1; /* send to client */
- case AUTHENTICATE_STATE_FINISHED:
- return 0; /* do nothing */
-
case AUTHENTICATE_STATE_DONE:
return 0; /* do nothing */
request->flags.proxy_keepalive = 0;
/* fall through */
- case AUTHENTICATE_STATE_FINISHED:
case AUTHENTICATE_STATE_DONE:
/* Special case: authentication finished OK but disallowed by ACL.
* Need to start over to give the client another chance.
auth_user_request->denyMessage("Login successful");
safe_free(ntlm_request->server_blob);
authenticateNTLMReleaseServer(ntlm_request);
- ntlm_request->auth_state = AUTHENTICATE_STATE_FINISHED;
+ ntlm_request->auth_state = AUTHENTICATE_STATE_DONE;
result = S_HELPER_RELEASE;
debugs(29, 4, "authenticateNTLMHandleReply: Successfully validated user via NTLM. Username '" << blob << "'");
+ /* connection is authenticated */
+ debugs(29, 4, "AuthNTLMUserRequest::authenticate: authenticated user " << ntlm_user->username());
+ /* see if this is an existing user with a different proxy_auth
+ * string */
+ auth_user_hash_pointer *usernamehash = static_cast<AuthUserHashPointer *>(hash_lookup(proxy_auth_username_cache, ntlm_user->username()));
+ auth_user_t *local_auth_user = ntlm_request->user();
+ ntlm_user_t *ntlm_user = NULL;;
+ while (usernamehash && (usernamehash->user()->auth_type != AUTH_NTLM || strcmp(usernamehash->user()->username(), ntlm_user->username()) != 0))
+ usernamehash = static_cast<AuthUserHashPointer *>(usernamehash->next);
+ if (usernamehash) {
+ /* we can't seamlessly recheck the username due to the
+ * challenge-response nature of the protocol.
+ * Just free the temporary auth_user */
+ usernamehash->user()->absorb(local_auth_user);
+ //authenticateAuthUserMerge(local_auth_user, usernamehash->user());
+ local_auth_user = usernamehash->user();
+ ntlm_request->_auth_user = local_auth_user;
+ } else {
+ /* store user in hash's */
+ local_auth_user->addToNameCache();
+ // authenticateUserNameCacheAdd(local_auth_user);
+ }
+ /* set these to now because this is either a new login from an
+ * existing user or a new user */
+ local_auth_user->expiretime = current_time.tv_sec;
+ authenticateNTLMReleaseServer(ntlm_request);
+ ntlm_request->auth_state = AUTHENTICATE_STATE_DONE;
} else if (strncasecmp(reply, "NA ", 3) == 0) {
/* authentication failure (wrong password, etc.) */
auth_user_request->denyMessage(blob);
{
const char *proxy_auth, *blob;
- //ProxyAuthCachePointer *proxy_auth_hash = NULL;
- auth_user_hash_pointer *usernamehash;
-
/* TODO: rename this!! */
auth_user_t *local_auth_user;
ntlm_user_t *ntlm_user;
break;
- case AUTHENTICATE_STATE_FINISHED:
- /* connection is authenticated */
- debugs(29, 4, "AuthNTLMUserRequest::authenticate: authenticated user " << ntlm_user->username());
-
- /* see if this is an existing user with a different proxy_auth
- * string */
- usernamehash = static_cast<AuthUserHashPointer *>(hash_lookup(proxy_auth_username_cache, ntlm_user->username()));
-
- while (usernamehash && (usernamehash->user()->auth_type != AUTH_NTLM || strcmp(usernamehash->user()->username(), ntlm_user->username()) != 0))
- usernamehash = static_cast<AuthUserHashPointer *>(usernamehash->next);
-
- if (usernamehash) {
- /* we can't seamlessly recheck the username due to the
- * challenge-response nature of the protocol.
- * Just free the temporary auth_user */
- usernamehash->user()->absorb(local_auth_user);
- //authenticateAuthUserMerge(local_auth_user, usernamehash->user());
- local_auth_user = usernamehash->user();
- _auth_user = local_auth_user;
- } else {
- /* store user in hash's */
- local_auth_user->addToNameCache();
- // authenticateUserNameCacheAdd(local_auth_user);
- }
-
- /* set these to now because this is either a new login from an
- * existing user or a new user */
- local_auth_user->expiretime = current_time.tv_sec;
-
- authenticateNTLMReleaseServer(this);
-
- auth_state = AUTHENTICATE_STATE_DONE;
-
- return;
-
- break;
-
case AUTHENTICATE_STATE_DONE:
- fatal("AuthNTLMUserRequest::authenticate: unexpect auth state DONE! Report a bug to the squid developers.\n");
+ fatal("AuthNTLMUserRequest::authenticate: unexpect auth state DONE! Report a bug to the squid developers.\n");
- break;
+ break;
case AUTHENTICATE_STATE_FAILED:
/* we've failed somewhere in authentication */
AUTHENTICATE_STATE_NONE,
AUTHENTICATE_STATE_INITIAL,
AUTHENTICATE_STATE_IN_PROGRESS,
- AUTHENTICATE_STATE_FINISHED,
AUTHENTICATE_STATE_DONE,
AUTHENTICATE_STATE_FAILED
} auth_state_t; /* connection level auth state */