This list/cache was originally used to short-circuit auth helper lookups
based on previousy seen [Proxy-]Authorization header strings.
However, that permitted replay attacks in most auth schemes and has been
replaced by scheme-specific mechanisms:
* Basic and Digest credentials are cached in the global user name cache
wih additional nonce/password comparisons to verify located entries.
* NTLM and Negotiate credentials are cached in the ConnStateData with
exact-match comparison done to verify tokens.
username_(NULL),
requestRealm_(aRequestRealm)
{
- proxy_auth_list.head = proxy_auth_list.tail = NULL;
proxy_match_cache.head = proxy_match_cache.tail = NULL;
ip_list.head = ip_list.tail = NULL;
debugs(29, 5, HERE << "Initialised auth_user '" << this << "'.");
{
/*
* XXX Incomplete: it should merge in hash references too and ask the module to merge in scheme data
- * dlink_list proxy_auth_list;
* dlink_list proxy_match_cache;
*/
Auth::Type auth_type;
/** the config for this user */
Auth::Config *config;
- /** we may have many proxy-authenticate strings that decode to the same user */
- dlink_list proxy_auth_list;
dlink_list proxy_match_cache;
size_t ipcount;
long expiretime;
Auth::Negotiate::User::User(Auth::Config *aConfig, const char *aRequestRealm) :
Auth::User(aConfig, aRequestRealm)
{
- proxy_auth_list.head = proxy_auth_list.tail = NULL;
}
Auth::Negotiate::User::~User()
Auth::Ntlm::User::User(Auth::Config *aConfig, const char *aRequestRealm) :
Auth::User(aConfig, aRequestRealm)
{
- proxy_auth_list.head = proxy_auth_list.tail = NULL;
}
Auth::Ntlm::User::~User()
projects / thirdparty / squid.git / commitdiff
