From: Amos Jeffries Date: Fri, 14 Jan 2011 14:10:21 +0000 (-0700) Subject: Make FTP and CacheMgr obey --disable-auth-basic X-Git-Tag: take00~6 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=9da6b59469979a9e9ed915108d563009e46e5dbc;p=thirdparty%2Fsquid.git Make FTP and CacheMgr obey --disable-auth-basic When teh proxy has been built with this auth module explicitly disabled do not add headers indicating that it is available. The side effect of not having Basic authentication support in the proxy is that FTP is reduced to depending on URL logins and CacheMgr protected actions cannot be used. --- diff --git a/src/cache_manager.cc b/src/cache_manager.cc index 95c9d27c5b..95c4ac8f67 100644 --- a/src/cache_manager.cc +++ b/src/cache_manager.cc @@ -221,18 +221,21 @@ CacheManager::ParseUrl(const char *url) void CacheManager::ParseHeaders(const HttpRequest * request, Mgr::ActionParams ¶ms) { - const char *basic_cookie; /* base 64 _decoded_ user:passwd pair */ - const char *passwd_del; assert(request); params.httpMethod = request->method.id(); params.httpFlags = request->flags; - basic_cookie = request->header.getAuth(HDR_AUTHORIZATION, "Basic"); +#if HAVE_AUTH_MODULE_BASIC + // TODO: use the authentication system decode to retrieve these details properly. + + /* base 64 _decoded_ user:passwd pair */ + const char *basic_cookie = request->header.getAuth(HDR_AUTHORIZATION, "Basic"); if (!basic_cookie) return; + const char *passwd_del; if (!(passwd_del = strchr(basic_cookie, ':'))) { debugs(16, DBG_IMPORTANT, "CacheManager::ParseHeaders: unknown basic_cookie format '" << basic_cookie << "'"); return; @@ -242,9 +245,10 @@ CacheManager::ParseHeaders(const HttpRequest * request, Mgr::ActionParams ¶m params.userName.limitInit(basic_cookie, passwd_del - basic_cookie); params.password = passwd_del + 1; - /* warning: this prints decoded password which maybe not what you want to do @?@ @?@ */ + /* warning: this prints decoded password which maybe not be what you want to do @?@ @?@ */ debugs(16, 9, "CacheManager::ParseHeaders: got user: '" << params.userName << "' passwd: '" << params.password << "'"); +#endif } /** @@ -336,11 +340,13 @@ CacheManager::Start(int fd, HttpRequest * request, StoreEntry * entry) errorStateFree(errState); +#if HAVE_AUTH_MODULE_BASIC /* * add Authenticate header using action name as a realm because * password depends on the action */ rep->header.putAuth("Basic", actionName); +#endif /* store the reply */ entry->replaceHttpReply(rep); diff --git a/src/ftp.cc b/src/ftp.cc index 2022409843..9a1c3d50e1 100644 --- a/src/ftp.cc +++ b/src/ftp.cc @@ -1320,17 +1320,18 @@ FtpStateData::processReplyBody() int FtpStateData::checkAuth(const HttpHeader * req_hdr) { - const char *auth; - /* default username */ xstrncpy(user, "anonymous", MAX_URL); +#if HAVE_AUTH_MODULE_BASIC /* Check HTTP Authorization: headers (better than defaults, but less than URL) */ + const char *auth; if ( (auth = req_hdr->getAuth(HDR_AUTHORIZATION, "Basic")) ) { flags.authenticated = 1; loginParser(auth, FTP_LOGIN_NOT_ESCAPED); } /* we fail with authorization-required error later IFF the FTP server requests it */ +#endif /* Test URL login syntax. Overrides any headers received. */ loginParser(request->login, FTP_LOGIN_ESCAPED); @@ -1884,8 +1885,11 @@ FtpStateData::loginFailed() HttpReply *newrep = err->BuildHttpReply(); errorStateFree(err); + +#if HAVE_AUTH_MODULE_BASIC /* add Authenticate header */ newrep->header.putAuth("Basic", ftpRealm()); +#endif // add it to the store entry for response.... entry->replaceHttpReply(newrep); @@ -3773,8 +3777,10 @@ FtpStateData::ftpAuthRequired(HttpRequest * request, const char *realm) ErrorState *err = errorCon(ERR_CACHE_ACCESS_DENIED, HTTP_UNAUTHORIZED, request); HttpReply *newrep = err->BuildHttpReply(); errorStateFree(err); +#if HAVE_AUTH_MODULE_BASIC /* add Authenticate header */ newrep->header.putAuth("Basic", realm); +#endif return newrep; }