From: Amos Jeffries Date: Thu, 22 May 2014 06:04:05 +0000 (-0700) Subject: Cleanup: drop Auth::User::proxy_auth_list header cache X-Git-Tag: SQUID_3_5_0_1~226 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=c3ac75826847c914c192b49ea00cab1da20d0f77;p=thirdparty%2Fsquid.git Cleanup: drop Auth::User::proxy_auth_list header cache This list/cache was originally used to short-circuit auth helper lookups based on previousy seen [Proxy-]Authorization header strings. However, that permitted replay attacks in most auth schemes and has been replaced by scheme-specific mechanisms: * Basic and Digest credentials are cached in the global user name cache wih additional nonce/password comparisons to verify located entries. * NTLM and Negotiate credentials are cached in the ConnStateData with exact-match comparison done to verify tokens. --- diff --git a/src/auth/User.cc b/src/auth/User.cc index 739cbc2e24..7c2713e7b7 100644 --- a/src/auth/User.cc +++ b/src/auth/User.cc @@ -59,7 +59,6 @@ Auth::User::User(Auth::Config *aConfig, const char *aRequestRealm) : username_(NULL), requestRealm_(aRequestRealm) { - proxy_auth_list.head = proxy_auth_list.tail = NULL; proxy_match_cache.head = proxy_match_cache.tail = NULL; ip_list.head = ip_list.tail = NULL; debugs(29, 5, HERE << "Initialised auth_user '" << this << "'."); @@ -91,7 +90,6 @@ Auth::User::absorb(Auth::User::Pointer from) { /* * XXX Incomplete: it should merge in hash references too and ask the module to merge in scheme data - * dlink_list proxy_auth_list; * dlink_list proxy_match_cache; */ diff --git a/src/auth/User.h b/src/auth/User.h index 74de93cfd8..ba5dd5cfe3 100644 --- a/src/auth/User.h +++ b/src/auth/User.h @@ -71,8 +71,6 @@ public: Auth::Type auth_type; /** the config for this user */ Auth::Config *config; - /** we may have many proxy-authenticate strings that decode to the same user */ - dlink_list proxy_auth_list; dlink_list proxy_match_cache; size_t ipcount; long expiretime; diff --git a/src/auth/negotiate/User.cc b/src/auth/negotiate/User.cc index a4b9c42373..d1808bec78 100644 --- a/src/auth/negotiate/User.cc +++ b/src/auth/negotiate/User.cc @@ -6,7 +6,6 @@ Auth::Negotiate::User::User(Auth::Config *aConfig, const char *aRequestRealm) : Auth::User(aConfig, aRequestRealm) { - proxy_auth_list.head = proxy_auth_list.tail = NULL; } Auth::Negotiate::User::~User() diff --git a/src/auth/ntlm/User.cc b/src/auth/ntlm/User.cc index cc5d9c704d..bbe6f73832 100644 --- a/src/auth/ntlm/User.cc +++ b/src/auth/ntlm/User.cc @@ -6,7 +6,6 @@ Auth::Ntlm::User::User(Auth::Config *aConfig, const char *aRequestRealm) : Auth::User(aConfig, aRequestRealm) { - proxy_auth_list.head = proxy_auth_list.tail = NULL; } Auth::Ntlm::User::~User()