From: serassio <>
Date: Sun, 16 Oct 2005 22:47:02 +0000 (+0000)
Subject: Bug #1391: FATAL: Incorrect scheme in auth header
X-Git-Tag: SQUID_3_0_PRE4~585
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=638b2ce3a2f6601d8edf51928abe580917cc493c;p=thirdparty%2Fsquid.git

Bug #1391: FATAL: Incorrect scheme in auth header

Forward port of 2.5 patch.
---

diff --git a/src/AuthUserRequest.cc b/src/AuthUserRequest.cc
index c337197dd0..4e356786a0 100644
--- a/src/AuthUserRequest.cc
+++ b/src/AuthUserRequest.cc
@@ -1,6 +1,6 @@
 
 /*
- * $Id: AuthUserRequest.cc,v 1.4 2005/05/06 01:57:55 hno Exp $
+ * $Id: AuthUserRequest.cc,v 1.5 2005/10/16 16:47:02 serassio Exp $
  *
  * DO NOT MODIFY NEXT 2 LINES:
  * arch-tag: 6803fde1-d5a2-4c29-9034-1c0c9f650eb4
@@ -477,6 +477,18 @@ AuthUserRequest::authenticate(auth_user_request_t ** auth_user_request, http_hdr
         debug(28, 9) ("authenticateAuthenticate: This is a new checklist test on FD:%d\n",
                       conn.getRaw() != NULL ? conn->fd : -1);
 
+        if (proxy_auth && !request->auth_user_request && conn.getRaw() && conn->auth_user_request) {
+            AuthScheme * id = AuthScheme::Find(proxy_auth);
+
+            if (!conn->auth_user_request->user() || AuthScheme::Find(conn->auth_user_request->user()->config->type()) != id) {
+                debug(28, 1) ("authenticateAuthenticate: Unexpected change of authentication scheme from '%s' to '%s' (client %s)\n",
+                              conn->auth_user_request->user()->config->type(), proxy_auth, inet_ntoa(src_addr));
+                conn->auth_user_request->unlock();
+                conn->auth_user_request = NULL;
+                conn->auth_type = AUTH_UNKNOWN;
+            }
+        }
+
         if ((!request->auth_user_request)
                 && (conn.getRaw() == NULL || conn->auth_type == AUTH_UNKNOWN)) {
             /* beginning of a new request check */
diff --git a/src/auth/ntlm/auth_ntlm.cc b/src/auth/ntlm/auth_ntlm.cc
index bed1e82435..5176364756 100644
--- a/src/auth/ntlm/auth_ntlm.cc
+++ b/src/auth/ntlm/auth_ntlm.cc
@@ -1,6 +1,6 @@
 
 /*
- * $Id: auth_ntlm.cc,v 1.48 2005/09/14 17:10:39 serassio Exp $
+ * $Id: auth_ntlm.cc,v 1.49 2005/10/16 16:47:02 serassio Exp $
  *
  * DEBUG: section 29    NTLM Authenticator
  * AUTHOR: Robert Collins
@@ -1046,12 +1046,7 @@ AuthNTLMUserRequest::authenticate(HttpRequest * request, ConnStateData::Pointer
          * challenge - release the helper and use the existing auth_user 
          * details. */
 
-        if (strncmp("NTLM ", proxy_auth, 5) == 0) {
-            ntlm_request->ntlmauthenticate = xstrdup(proxy_auth);
-        } else {
-            fatal("Incorrect scheme in auth header\n");
-            /* TODO: more fault tolerance.. reset the auth scheme here */
-        }
+        ntlm_request->ntlmauthenticate = xstrdup(proxy_auth);
 
         /* cache entries have authenticateauthheaderchallengestring */
         snprintf(ntlmhash, sizeof(ntlmhash) - 1, "%s%s",