Make FTP and CacheMgr obey --disable-auth-basic

When teh proxy has been built with this auth module explicitly disabled
do not add headers indicating that it is available.

The side effect of not having Basic authentication support in the proxy
is that FTP is reduced to depending on URL logins and CacheMgr protected
actions cannot be used.

diff --git a/src/cache_manager.cc b/src/cache_manager.cc
index 95c9d27c5bebeaadcf1d982cc8e8138b1bca227f..95c4ac8f67440ca3aad036d9140ed8a79a084912 100644 (file)
--- a/src/cache_manager.cc
+++ b/src/cache_manager.cc
@@ -221,18 +221,21 @@ CacheManager::ParseUrl(const char *url)
 void
 CacheManager::ParseHeaders(const HttpRequest * request, Mgr::ActionParams &params)
 {
-    const char *basic_cookie;  /* base 64 _decoded_ user:passwd pair */
-    const char *passwd_del;
     assert(request);
 
     params.httpMethod = request->method.id();
     params.httpFlags = request->flags;
 
-    basic_cookie = request->header.getAuth(HDR_AUTHORIZATION, "Basic");
+#if HAVE_AUTH_MODULE_BASIC
+    // TODO: use the authentication system decode to retrieve these details properly.
+
+    /* base 64 _decoded_ user:passwd pair */
+    const char *basic_cookie = request->header.getAuth(HDR_AUTHORIZATION, "Basic");
 
     if (!basic_cookie)
         return;
 
+    const char *passwd_del;
     if (!(passwd_del = strchr(basic_cookie, ':'))) {
         debugs(16, DBG_IMPORTANT, "CacheManager::ParseHeaders: unknown basic_cookie format '" << basic_cookie << "'");
         return;
@@ -242,9 +245,10 @@ CacheManager::ParseHeaders(const HttpRequest * request, Mgr::ActionParams &param
     params.userName.limitInit(basic_cookie, passwd_del - basic_cookie);
     params.password = passwd_del + 1;
 
-    /* warning: this prints decoded password which maybe not what you want to do @?@ @?@ */
+    /* warning: this prints decoded password which maybe not be what you want to do @?@ @?@ */
     debugs(16, 9, "CacheManager::ParseHeaders: got user: '" <<
            params.userName << "' passwd: '" << params.password << "'");
+#endif
 }
 
 /**
@@ -336,11 +340,13 @@ CacheManager::Start(int fd, HttpRequest * request, StoreEntry * entry)
 
         errorStateFree(errState);
 
+#if HAVE_AUTH_MODULE_BASIC
         /*
          * add Authenticate header using action name as a realm because
          * password depends on the action
          */
         rep->header.putAuth("Basic", actionName);
+#endif
 
         /* store the reply */
         entry->replaceHttpReply(rep);

diff --git a/src/ftp.cc b/src/ftp.cc
index 2022409843babb888e922d616ee91a7f141cebac..9a1c3d50e1b281770b8641a6247007b47118ee35 100644 (file)
--- a/src/ftp.cc
+++ b/src/ftp.cc
@@ -1320,17 +1320,18 @@ FtpStateData::processReplyBody()
 int
 FtpStateData::checkAuth(const HttpHeader * req_hdr)
 {
-    const char *auth;
-
     /* default username */
     xstrncpy(user, "anonymous", MAX_URL);
 
+#if HAVE_AUTH_MODULE_BASIC
     /* Check HTTP Authorization: headers (better than defaults, but less than URL) */
+    const char *auth;
     if ( (auth = req_hdr->getAuth(HDR_AUTHORIZATION, "Basic")) ) {
         flags.authenticated = 1;
         loginParser(auth, FTP_LOGIN_NOT_ESCAPED);
     }
     /* we fail with authorization-required error later IFF the FTP server requests it */
+#endif
 
     /* Test URL login syntax. Overrides any headers received. */
     loginParser(request->login, FTP_LOGIN_ESCAPED);
@@ -1884,8 +1885,11 @@ FtpStateData::loginFailed()
 
     HttpReply *newrep = err->BuildHttpReply();
     errorStateFree(err);
+
+#if HAVE_AUTH_MODULE_BASIC
     /* add Authenticate header */
     newrep->header.putAuth("Basic", ftpRealm());
+#endif
 
     // add it to the store entry for response....
     entry->replaceHttpReply(newrep);
@@ -3773,8 +3777,10 @@ FtpStateData::ftpAuthRequired(HttpRequest * request, const char *realm)
     ErrorState *err = errorCon(ERR_CACHE_ACCESS_DENIED, HTTP_UNAUTHORIZED, request);
     HttpReply *newrep = err->BuildHttpReply();
     errorStateFree(err);
+#if HAVE_AUTH_MODULE_BASIC
     /* add Authenticate header */
     newrep->header.putAuth("Basic", realm);
+#endif
     return newrep;
 }