From: Amos Jeffries Date: Sat, 31 May 2014 15:51:14 +0000 (-0700) Subject: Cleanup: de-duplicate auth_param realm configuration X-Git-Tag: SQUID_3_5_0_1~221 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=ec980001a1ef8e8c98b57557835c10a223433942;p=thirdparty%2Fsquid.git Cleanup: de-duplicate auth_param realm configuration Move realm parse and config dump logics to Auth::Config base object. This de-duplicates Basic, Digest (and future schemes ie Bearer) config processing code. Also makes realm available to NTLM and Negotiate schemes, although at present it remains unused by those schemes. Also, convert the realm parameter string to an SBuf. Removing the need for some memory maintenance code. --- diff --git a/src/auth/Config.cc b/src/auth/Config.cc index 8a601f55cc..ef0f744d50 100644 --- a/src/auth/Config.cc +++ b/src/auth/Config.cc @@ -94,7 +94,23 @@ Auth::Config::registerWithCacheManager(void) void Auth::Config::parse(Auth::Config * scheme, int n_configured, char *param_str) { - if (strcmp(param_str, "children") == 0) { + if (strcmp(param_str, "realm") == 0) { + realm.clear(); + + char *token = ConfigParser::NextQuotedOrToEol(); + + while (*token && xisspace(*token)) + ++token; + + if (!token || !*token) { + debugs(29, DBG_PARSE_NOTE(DBG_IMPORTANT), "ERROR: Missing auth_param " << scheme->type() << " realm"); + self_destruct(); + return; + } + + realm = token; + + } else if (strcmp(param_str, "children") == 0) { authenticateChildren.parseConfig(); } else if (strcmp(param_str, "key_extras") == 0) { @@ -122,6 +138,8 @@ Auth::Config::parse(Auth::Config * scheme, int n_configured, char *param_str) void Auth::Config::dump(StoreEntry *entry, const char *name, Auth::Config *scheme) { + storeAppendPrintf(entry, "%s %s realm " SQUIDSBUFPH "\n", name, scheme->type(), SQUIDSBUFPRINT(realm)); + storeAppendPrintf(entry, "%s %s children %d startup=%d idle=%d concurrency=%d\n", name, scheme->type(), authenticateChildren.n_max, authenticateChildren.n_startup, diff --git a/src/auth/Config.h b/src/auth/Config.h index ad4da18ab9..1b132dea6f 100644 --- a/src/auth/Config.h +++ b/src/auth/Config.h @@ -148,6 +148,10 @@ public: wordlist *authenticateProgram; ///< Helper program to run, includes all parameters String keyExtrasLine; ///< The format of the request to the auth helper Format::Format *keyExtras; ///< The compiled request format + +protected: + /// RFC 7235 section 2.2 - Protection Space (Realm) + SBuf realm; }; typedef std::vector ConfigVector; diff --git a/src/auth/basic/auth_basic.cc b/src/auth/basic/auth_basic.cc index d3b40a1030..89b8c80152 100644 --- a/src/auth/basic/auth_basic.cc +++ b/src/auth/basic/auth_basic.cc @@ -76,8 +76,7 @@ Auth::Basic::Config::active() const bool Auth::Basic::Config::configured() const { - if ((authenticateProgram != NULL) && (authenticateChildren.n_max != 0) && - (basicAuthRealm != NULL)) { + if ((authenticateProgram != NULL) && (authenticateChildren.n_max != 0) && !realm.isEmpty()) { debugs(29, 9, HERE << "returning configured"); return true; } @@ -96,8 +95,8 @@ void Auth::Basic::Config::fixHeader(Auth::UserRequest::Pointer auth_user_request, HttpReply *rep, http_hdr_type hdrType, HttpRequest * request) { if (authenticateProgram) { - debugs(29, 9, HERE << "Sending type:" << hdrType << " header: 'Basic realm=\"" << basicAuthRealm << "\"'"); - httpHeaderPutStrf(&rep->header, hdrType, "Basic realm=\"%s\"", basicAuthRealm); + debugs(29, 9, "Sending type:" << hdrType << " header: 'Basic realm=\"" << realm << "\"'"); + httpHeaderPutStrf(&rep->header, hdrType, "Basic realm=\"" SQUIDSBUFPH "\"", SQUIDSBUFPRINT(realm)); } } @@ -129,9 +128,6 @@ Auth::Basic::Config::done() if (authenticateProgram) wordlistDestroy(&authenticateProgram); - - if (basicAuthRealm) - safe_free(basicAuthRealm); } void @@ -147,7 +143,6 @@ Auth::Basic::Config::dump(StoreEntry * entry, const char *name, Auth::Config * s storeAppendPrintf(entry, "\n"); - storeAppendPrintf(entry, "%s basic realm %s\n", name, basicAuthRealm); storeAppendPrintf(entry, "%s basic credentialsttl %d seconds\n", name, (int) credentialsTTL); storeAppendPrintf(entry, "%s basic casesensitive %s\n", name, casesensitive ? "on" : "off"); Auth::Config::dump(entry, name, scheme); @@ -158,12 +153,8 @@ Auth::Basic::Config::Config() : casesensitive(0), utf8(0) { - basicAuthRealm = xstrdup("Squid proxy-caching web server"); -} - -Auth::Basic::Config::~Config() -{ - safe_free(basicAuthRealm); + static const SBuf defaultRealm("Squid proxy-caching web server"); + realm = defaultRealm; } void @@ -176,8 +167,6 @@ Auth::Basic::Config::parse(Auth::Config * scheme, int n_configured, char *param_ parse_wordlist(&authenticateProgram); requirePathnameExists("auth_param basic program", authenticateProgram->key); - } else if (strcmp(param_str, "realm") == 0) { - parse_eol(&basicAuthRealm); } else if (strcmp(param_str, "credentialsttl") == 0) { parse_time_t(&credentialsTTL); } else if (strcmp(param_str, "casesensitive") == 0) { diff --git a/src/auth/basic/auth_basic.h b/src/auth/basic/auth_basic.h index e15fe26747..269ef145d4 100644 --- a/src/auth/basic/auth_basic.h +++ b/src/auth/basic/auth_basic.h @@ -23,7 +23,6 @@ class Config : public Auth::Config { public: Config(); - ~Config(); virtual bool active() const; virtual bool configured() const; virtual Auth::UserRequest::Pointer decode(char const *proxy_auth, const char *requestRealm); @@ -38,7 +37,6 @@ public: virtual const char * type() const; public: - char *basicAuthRealm; time_t credentialsTTL; int casesensitive; int utf8; diff --git a/src/auth/digest/auth_digest.cc b/src/auth/digest/auth_digest.cc index 81be588c63..d6ecff5ebb 100644 --- a/src/auth/digest/auth_digest.cc +++ b/src/auth/digest/auth_digest.cc @@ -499,8 +499,7 @@ Auth::Digest::Config::dump(StoreEntry * entry, const char *name, Auth::Config * list = list->next; } - storeAppendPrintf(entry, "\n%s %s realm %s\n%s %s nonce_max_count %d\n%s %s nonce_max_duration %d seconds\n%s %s nonce_garbage_interval %d seconds\n", - name, "digest", digestAuthRealm, + storeAppendPrintf(entry, "\n%s %s nonce_max_count %d\n%s %s nonce_max_duration %d seconds\n%s %s nonce_garbage_interval %d seconds\n", name, "digest", noncemaxuses, name, "digest", (int) noncemaxduration, name, "digest", (int) nonceGCInterval); @@ -518,7 +517,7 @@ Auth::Digest::Config::configured() const { if ((authenticateProgram != NULL) && (authenticateChildren.n_max != 0) && - (digestAuthRealm != NULL) && (noncemaxduration > -1)) + !realm.isEmpty() && (noncemaxduration > -1)) return true; return false; @@ -550,12 +549,13 @@ Auth::Digest::Config::fixHeader(Auth::UserRequest::Pointer auth_user_request, Ht } debugs(29, 9, "Sending type:" << hdrType << - " header: 'Digest realm=\"" << digestAuthRealm << "\", nonce=\"" << + " header: 'Digest realm=\"" << realm << "\", nonce=\"" << authenticateDigestNonceNonceb64(nonce) << "\", qop=\"" << QOP_AUTH << "\", stale=" << (stale ? "true" : "false")); /* in the future, for WWW auth we may want to support the domain entry */ - httpHeaderPutStrf(&rep->header, hdrType, "Digest realm=\"%s\", nonce=\"%s\", qop=\"%s\", stale=%s", digestAuthRealm, authenticateDigestNonceNonceb64(nonce), QOP_AUTH, stale ? "true" : "false"); + httpHeaderPutStrf(&rep->header, hdrType, "Digest realm=\"" SQUIDSBUFPH "\", nonce=\"%s\", qop=\"%s\", stale=%s", + SQUIDSBUFPRINT(realm), authenticateDigestNonceNonceb64(nonce), QOP_AUTH, stale ? "true" : "false"); } /* Initialize helpers and the like for this auth scheme. Called AFTER parsing the @@ -613,12 +613,9 @@ Auth::Digest::Config::done() if (authenticateProgram) wordlistDestroy(&authenticateProgram); - - safe_free(digestAuthRealm); } Auth::Digest::Config::Config() : - digestAuthRealm(NULL), nonceGCInterval(5*60), noncemaxduration(30*60), noncemaxuses(50), @@ -638,8 +635,6 @@ Auth::Digest::Config::parse(Auth::Config * scheme, int n_configured, char *param parse_wordlist(&authenticateProgram); requirePathnameExists("auth_param digest program", authenticateProgram->key); - } else if (strcmp(param_str, "realm") == 0) { - parse_eol(&digestAuthRealm); } else if (strcmp(param_str, "nonce_garbage_interval") == 0) { parse_time_t(&nonceGCInterval); } else if (strcmp(param_str, "nonce_max_duration") == 0) { diff --git a/src/auth/digest/auth_digest.h b/src/auth/digest/auth_digest.h index 262935bea4..f7bc2a5489 100644 --- a/src/auth/digest/auth_digest.h +++ b/src/auth/digest/auth_digest.h @@ -83,7 +83,6 @@ public: virtual const char * type() const; public: - char *digestAuthRealm; time_t nonceGCInterval; time_t noncemaxduration; unsigned int noncemaxuses;