From: wessels <>
Date: Thu, 13 Nov 1997 01:58:38 +0000 (+0000)
Subject: Fixed proxy auth support
X-Git-Tag: SQUID_3_0_PRE1~4550
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=fc5d6f7f369a05e34b136894a258d81ae3c6ca3f;p=thirdparty%2Fsquid.git

Fixed proxy auth support
---

diff --git a/src/acl.cc b/src/acl.cc
index 6e9ddd5cd6..cead898184 100644
--- a/src/acl.cc
+++ b/src/acl.cc
@@ -1,6 +1,6 @@
 
 /*
- * $Id: acl.cc,v 1.114 1997/11/12 00:08:44 wessels Exp $
+ * $Id: acl.cc,v 1.115 1997/11/12 18:58:38 wessels Exp $
  *
  * DEBUG: section 28    Access Control
  * AUTHOR: Duane Wessels
@@ -53,7 +53,7 @@ static int aclMatchDomainList(void *dataptr, const char *);
 static squid_acl aclType(const char *s);
 static int decode_addr(const char *, struct in_addr *, struct in_addr *);
 static void aclCheck(aclCheck_t * checklist);
-static void aclCheckCallback(aclCheck_t * checklist, int answer);
+static void aclCheckCallback(aclCheck_t * checklist, allow_t answer);
 static IPH aclLookupDstIPDone;
 static FQDNH aclLookupSrcFQDNDone;
 static FQDNH aclLookupDstFQDNDone;
@@ -1073,7 +1073,6 @@ aclMatchProxyAuth(struct _acl_proxy_auth *p, aclCheck_t * checklist)
 	return 0;
     }
     passwd = strtok(sent_user, null_string);
-    passwd++;
     /* See if we've already validated them */
     passwd[0] |= 0x80;
     if (strcmp(hashr->item, passwd) == 0) {
@@ -1124,8 +1123,7 @@ aclMatchTime(struct _acl_time_data *data, time_t when)
     static time_t last_when = 0;
     static struct tm tm;
     time_t t;
-    if (data == NULL)
-	fatal_dump("aclMatchTime: NULL data");
+    assert(data != NULL);
     if (when != last_when) {
 	last_when = when;
 	xmemcpy(&tm, localtime(&when), sizeof(struct tm));
@@ -1275,7 +1273,7 @@ aclCheckFast(const struct _acl_access *A, aclCheck_t * checklist)
 static void
 aclCheck(aclCheck_t * checklist)
 {
-    int allow = 0;
+    allow_t allow = ACCESS_DENIED;
     const struct _acl_access *A;
     int match;
     ipcache_addrs *ia;
@@ -1309,6 +1307,10 @@ aclCheck(aclCheck_t * checklist)
 	    return;
 	}
 	if (match) {
+	    /* hack! */
+	    if (allow == ACCESS_DENIED)
+		if (checklist->state[ACL_PROXY_AUTH] == ACL_LOOKUP_NEEDED)
+		    allow = ACCESS_REQ_PROXY_AUTH;
 	    debug(28, 3) ("aclCheck: match found, returning %d\n", allow);
 	    aclCheckCallback(checklist, allow);
 	    return;
@@ -1334,7 +1336,7 @@ aclChecklistFree(aclCheck_t * checklist)
 }
 
 static void
-aclCheckCallback(aclCheck_t * checklist, int answer)
+aclCheckCallback(aclCheck_t * checklist, allow_t answer)
 {
     debug(28, 3) ("aclCheckCallback: answer=%d\n", answer);
     if (cbdataValid(checklist->callback_data))
@@ -1523,7 +1525,7 @@ aclDestroyAcls(acl ** head)
 	    break;
 	case ACL_NONE:
 	default:
-	    fatal_dump("aclDestroyAcls: Found ACL_NONE?");
+	    assert(0);
 	    break;
 	}
 	safe_free(a->cfgline);
diff --git a/src/client_side.cc b/src/client_side.cc
index b140bc75e1..7b977f174b 100644
--- a/src/client_side.cc
+++ b/src/client_side.cc
@@ -1,6 +1,6 @@
 
 /*
- * $Id: client_side.cc,v 1.144 1997/11/12 00:08:45 wessels Exp $
+ * $Id: client_side.cc,v 1.145 1997/11/12 18:58:39 wessels Exp $
  *
  * DEBUG: section 33    Client-side Routines
  * AUTHOR: Duane Wessels
@@ -32,6 +32,8 @@
 #include "squid.h"
 
 static const char *const crlf = "\r\n";
+static const char *const proxy_auth_line =
+"Proxy-Authenticate: Basic realm=\"Squid proxy-caching web server\"\r\n";
 
 #define REQUEST_BUF_SIZE 4096
 #define FAILURE_MODE_TIME 300
@@ -39,6 +41,8 @@ static const char *const crlf = "\r\n";
 /* Local functions */
 
 static CWCB icpHandleIMSComplete;
+static CWCB clientWriteComplete;
+static CWCB clientShortWriteComplete;
 static PF clientReadRequest;
 static PF connStateFree;
 static PF requestTimeout;
@@ -61,6 +65,7 @@ static STCB clientSendMoreData;
 static STCB clientCacheHit;
 static void icpParseRequestHeaders(clientHttpRequest *);
 static void icpProcessRequest(int, clientHttpRequest *);
+static char *clientConstructProxyAuthReply(clientHttpRequest * http);
 
 
 
@@ -103,6 +108,55 @@ clientAccessCheck(void *data)
     aclNBCheck(http->acl_checklist, clientAccessCheckDone, http);
 }
 
+static char *
+clientConstructProxyAuthReply(clientHttpRequest * http)
+{
+    LOCAL_ARRAY(char, buf, 8192);
+    LOCAL_ARRAY(char, content, 4096);
+    char *hdr;
+    memset(buf, '\0', 8192);
+    memset(content, '\0', 4096);
+    snprintf(content, 4096,
+	"<TITLE>Cache Access Denied</TITLE>\n"
+	"<H2>Cache Access Denied</H2>\n"
+	"<P>\n"
+	"Sorry, you are not currently allowed to request:\n"
+	"<PRE>    %s</PRE>\n"
+	"from this cache until you have authenticated yourself.\n"
+	"\n<p>"
+	"You need to use Netscape version 2.0 or greater, or Microsoft\n"
+	"Internet Explorer 3.0 or an HTTP/1.1 compliant browser for this\n"
+	"to work.  Please contact the <a href=\"mailto:%s\">cache\n"
+	"administrator</a> if you have difficulties authenticating\n"
+	"yourself, or\n"
+	"<a href=\"http://%s/cgi-bin/chpasswd.cgi\">change</a> your\n"
+	"default password.\n"
+	"<P>\n"
+	"%s\n"
+	"<HR>\n"
+	"<ADDRESS>\n"
+	"Generated by %s/%s@%s\n"
+	"</ADDRESS>\n",
+	http->url,
+	Config.adminEmail,
+	getMyHostname(),
+	Config.errHtmlText,
+	appname,
+	version_string,
+	getMyHostname());
+    hdr = httpReplyHeader(1.0,
+	HTTP_PROXY_AUTHENTICATION_REQUIRED,
+	"text/html",
+	strlen(content),
+	-1,
+	squid_curtime);
+    snprintf(buf, 8192, "%s%s\r\n%s",
+	hdr,
+	proxy_auth_line,
+	content);
+    return buf;
+}
+
 void
 clientAccessCheckDone(int answer, void *data)
 {
@@ -110,15 +164,26 @@ clientAccessCheckDone(int answer, void *data)
     ConnStateData *conn = http->conn;
     int fd = conn->fd;
     char *redirectUrl = NULL;
+    char *buf;
     ErrorState *err = NULL;
     debug(33, 5) ("clientAccessCheckDone: '%s' answer=%d\n", http->url, answer);
     http->acl_checklist = NULL;
-    if (answer) {
+    if (answer == ACCESS_ALLOWED) {
 	urlCanonical(http->request, http->url);
 	if (http->redirect_state != REDIRECT_NONE)
 	    fatal_dump("clientAccessCheckDone: wrong redirect_state");
 	http->redirect_state = REDIRECT_PENDING;
 	redirectStart(http, clientRedirectDone, http);
+    } else if (answer == ACCESS_REQ_PROXY_AUTH) {
+	http->al.http.code = HTTP_PROXY_AUTHENTICATION_REQUIRED;
+	http->log_type = LOG_TCP_DENIED;
+	buf = clientConstructProxyAuthReply(http);
+	comm_write(fd,
+	    xstrdup(buf),
+	    strlen(buf),
+	    clientShortWriteComplete,
+	    http,
+	    xfree);
     } else {
 	debug(33, 5) ("Access Denied: %s\n", http->url);
 	http->log_type = LOG_TCP_DENIED;
@@ -870,7 +935,7 @@ clientSendMoreData(void *data, char *buf, ssize_t size)
     comm_write(fd, buf, writelen, clientWriteComplete, http, freefunc);
 }
 
-void
+static void
 clientWriteComplete(int fd, char *bufnotused, size_t size, int errflag, void *data)
 {
     clientHttpRequest *http = data;
@@ -1031,6 +1096,15 @@ icpHandleIMSComplete(int fd, char *bufnotused, size_t size, int flag, void *data
 	comm_close(fd);
 }
 
+static void
+clientShortWriteComplete(int fd, char *bufnotused, size_t size, int flag, void *data)
+{
+    clientHttpRequest *http = data;
+    http->out.size += size;
+    if (flag != COMM_ERR_CLOSING)
+	comm_close(fd);
+}
+
 /*
  * Below, we check whether the object is a hit or a miss.  If it's a hit,
  * we check whether the object is still valid or whether it is a MISS_TTL.
@@ -1723,7 +1797,6 @@ icpConstruct304reply(struct _http_reply *source)
 {
     LOCAL_ARRAY(char, line, 256);
     LOCAL_ARRAY(char, reply, 8192);
-
     memset(reply, '\0', 8192);
     strcpy(reply, "HTTP/1.0 304 Not Modified\r\n");
     if (source->date > -1) {
diff --git a/src/enums.h b/src/enums.h
index a6d5ed07e3..53a7f4498e 100644
--- a/src/enums.h
+++ b/src/enums.h
@@ -313,12 +313,12 @@ enum {
 
 
 enum {
-	HTTP_PROXYING,
-	HTTP_KEEPALIVE
+    HTTP_PROXYING,
+    HTTP_KEEPALIVE
 };
 
 enum {
-	ERR_FLAG_CBDATA
+    ERR_FLAG_CBDATA
 };
 
 enum {
@@ -358,3 +358,9 @@ enum {
     NEIGHBOR_MCAST_RESPONDER,
     NEIGHBOR_CLOSEST_ONLY
 };
+
+typedef enum {
+    ACCESS_DENIED,
+    ACCESS_ALLOWED,
+    ACCESS_REQ_PROXY_AUTH
+} allow_t;
diff --git a/src/http.cc b/src/http.cc
index 9336fb4e10..4ccd4b8196 100644
--- a/src/http.cc
+++ b/src/http.cc
@@ -1,6 +1,6 @@
 
 /*
- * $Id: http.cc,v 1.220 1997/11/12 00:08:52 wessels Exp $
+ * $Id: http.cc,v 1.221 1997/11/12 18:58:41 wessels Exp $
  *
  * DEBUG: section 11    Hypertext Transfer Protocol (HTTP)
  * AUTHOR: Harvest Derived
@@ -1254,14 +1254,10 @@ httpReplyHeader(double ver,
     time_t expires)
 {
     LOCAL_ARRAY(char, buf, HTTP_REPLY_BUF_SZ);
-    LOCAL_ARRAY(char, float_buf, 64);
     int l = 0;
     int s = HTTP_REPLY_BUF_SZ;
-    /* argh, ../lib/snprintf.c doesn't support '%f' */
-    snprintf(float_buf, 64, "%3.1f", ver);
-    assert(strlen(float_buf) == 3);
-    l += snprintf(buf + l, s - l, "HTTP/%s %d %s\r\n",
-	float_buf,
+    l += snprintf(buf + l, s - l, "HTTP/%3.1f %d %s\r\n",
+	ver,
 	(int) status,
 	httpStatusString(status));
     l += snprintf(buf + l, s - l, "Server: Squid/%s\r\n", SQUID_VERSION);
diff --git a/src/protos.h b/src/protos.h
index 95f515fd1e..294d24cae0 100644
--- a/src/protos.h
+++ b/src/protos.h
@@ -66,7 +66,6 @@ extern void clientdbInit(void);
 extern void clientdbUpdate(struct in_addr, log_type, protocol_t);
 extern int clientdbDeniedPercent(struct in_addr);
 extern void clientdbDump(StoreEntry *);
-extern CWCB clientWriteComplete;
 
 extern void clientAccessCheck(void *);
 extern void clientAccessCheckDone(int, void *);