-From: "Chemolli Francesco (USI)" <ChemolliF@GruppoCredit.it>
+From: "Francesco Chemolli" <kinkie@kame.usr.dsi.unimi.it>
Subject: Multiple NT domains authenticator
Date: Fri, 7 Jul 2000 15:37:32 +0200
#!/usr/bin/perl
+# $Id: smb_auth.pl,v 1.2 2001/05/21 04:50:58 hno Exp $
#if you define this, debugging output will be printed to STDERR.
-$debug=1;
+#$debug=1;
#to force using some DC for some domains, fill in this hash.
#the key is a regexp matched against the domain name
#i.e.:
# %controllers = ( "domain" => ["pdc","bdc"]);
-#%controllers = ( ".*" => ["tlc5",undef]);
+#%controllers = ( ".*" => ["pdcname","bdcname"]);
#define this if you wish to use a WINS server. If undefined, broadcast
# will be attempted.
-$wins_server="c0wins";
-
+#$wins_server="winsservername";
# Some servers (at least mine) really really want to be called by address.
# If this variable is defined, we'll ask nmblookup to do a reverse DNS on the
# %pdc used to cache the domain -> pdc_ip values. IT NEVER EXPIRES!
+$|=1;
while (<>) {
if (! m;([^\\]+)(\\|/)(\S+)\s(.*); ) { #parse the line
print "ERR\n";
/*
- * $Id: auth_ntlm.cc,v 1.8 2001/03/10 00:55:37 hno Exp $
+ * $Id: auth_ntlm.cc,v 1.9 2001/05/21 04:50:58 hno Exp $
*
* DEBUG: section 29 NTLM Authenticator
* AUTHOR: Robert Collins
} else {
debug(28, 0) ("unrecognised ntlm auth scheme parameter '%s'\n", param_str);
}
+ /* disable client side request pipelining. There is a race with NTLM when the client
+ * sends a second request on an NTLM connection before the authenticate challenge is
+ * sent.
+ * With this patch, the client may fail to authenticate, but squid's state will be
+ * preserved.
+ * Caveats: this should be a post-parse test, but that can wait for the modular
+ * parser to be integrated.
+ */
+ if (ntlmConfig->authenticate)
+ Config.onoff.pipeline_prefetch=0;
}
/*
- * $Id: authenticate.cc,v 1.22 2001/03/10 00:55:36 hno Exp $
+ * $Id: authenticate.cc,v 1.23 2001/05/21 04:50:57 hno Exp $
*
* DEBUG: section 29 Authenticator
* AUTHOR: Duane Wessels
debug(29, 4) ("authenticateValidateUser: Auth_user '%p' is broken for it's scheme.\n", auth_user_request->auth_user);
return 0;
}
+ if (!auth_user_request->auth_user->scheme_data) {
+ debug(29, 4) ("authenticateValidateUser: auth_user '%p' has no scheme data\n", auth_user_request->auth_user);
+ return 0;
+ }
/* any other sanity checks that we need in the future */
/* Thus should a module call to something like authValidate */
/* finally return ok */
- debug(29, 4) ("authenticateValidateUser: Validated Auth_user request '%p'.\n", auth_user_request);
+ debug(29, 5) ("authenticateValidateUser: Validated Auth_user request '%p'.\n", auth_user_request);
return 1;
}
}
void
-authenticateFixHeader(HttpReply * rep, auth_user_request_t * auth_user_request, request_t * request, int accelerated)
+authenticateFixHeader(HttpReply * rep, auth_user_request_t * auth_user_request, request_t * request, int accelerated, int internal)
/* send the auth types we are configured to support (and have compiled in!) */
{
/* auth_type_t auth_type=err->auth_type;
break;
}
debug(29, 9) ("authenticateFixHeader: headertype:%d authuser:%p\n", type, auth_user_request);
- if ((rep->sline.status == HTTP_PROXY_AUTHENTICATION_REQUIRED)
- || (rep->sline.status == HTTP_UNAUTHORIZED))
+ if (((rep->sline.status == HTTP_PROXY_AUTHENTICATION_REQUIRED)
+ || (rep->sline.status == HTTP_UNAUTHORIZED)) && internal)
/* this is a authenticate-needed response */
{
if ((auth_user_request != NULL) && (auth_user_request->auth_user->auth_module > 0))
}
}
}
+ /* allow protocol specific headers to be _added_ to the existing response - ie
+ * digest auth
+ */
if ((auth_user_request != NULL) && (auth_user_request->auth_user->auth_module > 0)
&& (authscheme_list[auth_user_request->auth_user->auth_module - 1].AddHeader))
authscheme_list[auth_user_request->auth_user->auth_module - 1].AddHeader(auth_user_request, rep, accelerated);
/*
- * $Id: client_side.cc,v 1.537 2001/05/04 13:37:41 hno Exp $
+ * $Id: client_side.cc,v 1.538 2001/05/21 04:50:57 hno Exp $
*
* DEBUG: section 33 Client-side Routines
* AUTHOR: Duane Wessels
new_request->my_port = old_request->my_port;
new_request->flags.redirected = 1;
new_request->auth_user_request = old_request->auth_user_request;
+ authenticateAuthUserRequestLock(new_request->auth_user_request);
if (old_request->body_connection) {
new_request->body_connection = old_request->body_connection;
old_request->body_connection = NULL;
}
/* Handle authentication headers */
if (request->auth_user_request)
- authenticateFixHeader(rep, request->auth_user_request, request, http->flags.accel);
+ authenticateFixHeader(rep, request->auth_user_request, request, http->flags.accel, 0);
/* Append X-Cache */
httpHeaderPutStrf(hdr, HDR_X_CACHE, "%s from %s",
is_hit ? "HIT" : "MISS", getMyHostname());
/*
- * $Id: errorpage.cc,v 1.164 2001/04/14 00:03:22 hno Exp $
+ * $Id: errorpage.cc,v 1.165 2001/05/21 04:50:57 hno Exp $
*
* DEBUG: section 4 Error Generation
* AUTHOR: Duane Wessels
* depends on authenticate behaviour: all schemes to date send no extra data
* on 407/401 responses, and do not check the accel state on 401/407 responses
*/
- authenticateFixHeader(rep, err->auth_user_request, err->request, 0);
+ authenticateFixHeader(rep, err->auth_user_request, err->request, 0, 1);
httpReplySwapOut(rep, entry);
httpReplyAbsorb(mem->reply, rep);
EBIT_CLR(entry->flags, ENTRY_FWD_HDR_WAIT);
/*
- * $Id: helper.cc,v 1.27 2001/04/14 00:03:23 hno Exp $
+ * $Id: helper.cc,v 1.28 2001/05/21 04:50:57 hno Exp $
*
* DEBUG: section 29 Helper process maintenance
* AUTHOR: Harvest Derived?
debug(29, 9) ("helperSubmit: %s\n", buf);
}
+/* lastserver = "server last used as part of a deferred or reserved
+ * request sequence"
+ */
void
helperStatefulSubmit(statefulhelper * hlp, const char *buf, HLPSCB * callback, void *data, helper_stateful_server * lastserver)
{
}
r->callback = callback;
r->data = data;
- if (buf != NULL)
+ if (buf != NULL) {
r->buf = xstrdup(buf);
- else
+ r->placeholder = 0;
+ } else {
+ r->buf = NULL;
r->placeholder = 1;
+ }
cbdataLock(r->data);
if ((buf != NULL) && lastserver) {
debug(29, 5) ("StatefulSubmit with lastserver %d\n", lastserver);
debug(29, 9) ("helperStatefulDispatch busying helper %s #%d\n", hlp->id_name, srv->index + 1);
if (r->placeholder == 1) {
/* a callback is needed before this request can _use_ a helper. */
- if (cbdataValid(r->data)) {
- /* we don't care about releasing/deferring this helper. The request NEVER
- * gets to the helper. So we throw away the return code */
- r->callback(r->data, srv, NULL);
- /* throw away the placeholder */
- helperStatefulRequestFree(r);
- /* and push the queue. Note that the callback may have call submit again -
- * which is why we test for the request*/
- if (srv->request == NULL) {
- if (srv->flags.shutdown) {
- comm_close(srv->wfd);
- srv->wfd = -1;
- } else {
- if (srv->queue.head)
- helperStatefulServerKickQueue(srv);
- else
- helperStatefulKickQueue(hlp);
- }
+ /* we don't care about releasing/deferring this helper. The request NEVER
+ * gets to the helper. So we throw away the return code */
+ r->callback(r->data, srv, NULL);
+ /* throw away the placeholder */
+ helperStatefulRequestFree(r);
+ /* and push the queue. Note that the callback may have submitted a new
+ * request to the helper which is why we test for the request*/
+ if (srv->request == NULL) {
+ if (srv->flags.shutdown) {
+ comm_close(srv->wfd);
+ srv->wfd = -1;
+ } else {
+ if (srv->queue.head)
+ helperStatefulServerKickQueue(srv);
+ else
+ helperStatefulKickQueue(hlp);
}
}
return;
/*
- * $Id: protos.h,v 1.406 2001/05/20 00:09:25 hno Exp $
+ * $Id: protos.h,v 1.407 2001/05/21 04:50:57 hno Exp $
*
*
* SQUID Web Proxy Cache http://www.squid-cache.org/
extern void authenticateSchemeInit(void);
extern void authenticateInit(authConfig *);
extern void authenticateShutdown(void);
-extern void authenticateFixHeader(HttpReply *, auth_user_request_t *, request_t *, int);
+extern void authenticateFixHeader(HttpReply *, auth_user_request_t *, request_t *, int, int);
extern void authenticateAddTrailer(HttpReply *, auth_user_request_t *, request_t *, int);
extern auth_user_request_t *authenticateGetAuthUser(const char *proxy_auth);
extern void authenticateAuthenticateUser(auth_user_request_t *, request_t *, ConnStateData *, http_hdr_type);
projects / thirdparty / squid.git / commitdiff
