From 2f1431eab290a090f81695dcbe97821693992f55 Mon Sep 17 00:00:00 2001 From: Amos Jeffries Date: Mon, 7 Feb 2011 03:27:53 -0700 Subject: [PATCH] Bug 2870: --disable-auth does not work This patch attempts to make it work by removing libauth.la and all component functionality which depends on it. So far this reduces the minimal squid binary by a further 900 KB on disk. It also means anything which requires an authentication process wont work. They get wrapped in USE_AUTH or if its a specific type with the relevant HAVE_AUTH_MODULE_* wrappers. So far this does: * FTP and CacheMgr dependency on --disable-auth-basic is already committed * cache_peer login= functionality is greatly reduced under various combinations of --disable-auth, --disable-auth-basic and --disable-auth-negotiate * peering userhash algorithm is removed * delay pools class 4 is removed * ACLs testing username are dropped. Additionally since external ACL user= field is used interchangeably in several places with a full login and with the right helper can be considered a full side-band authentication I have disabled the ExtUser/ext_user components as well. NP: pinning is not strictly dependent on NTLM, we may use it for other things without involving auth so left most of it in. Just the logics which use auth to set the pinning flag are now removable. IDENT not being an authentication mechanism is also left in. --- configure.ac | 4 +-- src/AclRegs.cc | 9 ++++- src/AuthReg.cc | 5 +++ src/ExternalACLEntry.cc | 3 +- src/ExternalACLEntry.h | 5 +++ src/HttpRequest.cc | 21 +++++++---- src/HttpRequest.h | 4 +-- src/Makefile.am | 52 +++++++++++++++++++++------- src/acl/ExtUser.cc | 4 +++ src/acl/ExtUser.h | 3 ++ src/acl/FilledChecklist.cc | 8 +++++ src/acl/FilledChecklist.h | 5 ++- src/auth/Acl.h | 3 ++ src/auth/AclMaxUserIp.h | 3 ++ src/auth/AclProxyAuth.h | 4 +++ src/auth/AuthAclState.h | 5 ++- src/auth/AuthType.h | 3 ++ src/auth/Config.h | 3 ++ src/auth/Gadgets.h | 3 ++ src/auth/Scheme.h | 3 ++ src/auth/State.h | 3 ++ src/auth/User.h | 3 ++ src/auth/UserRequest.h | 4 ++- src/cache_cf.cc | 12 +++++-- src/cf.data.pre | 1 + src/client_side.cc | 14 ++++---- src/client_side.h | 4 +++ src/client_side_reply.cc | 16 ++++++--- src/client_side_reply.h | 8 +++-- src/client_side_request.cc | 23 ++++++++++--- src/errorpage.cc | 15 ++++++-- src/errorpage.h | 4 +++ src/external_acl.cc | 65 +++++++++++++++++++++++++---------- src/http.cc | 6 +++- src/main.cc | 27 +++++++++++---- src/neighbors.cc | 4 +-- src/peer_select.cc | 2 ++ src/peer_userhash.cc | 5 +++ src/protos.h | 5 ++- src/redirect.cc | 12 +++++-- src/stat.cc | 10 ++++-- src/structs.h | 6 ++-- src/tests/testACLMaxUserIP.cc | 5 +++ src/tests/testACLMaxUserIP.h | 4 ++- src/tests/testAuth.cc | 4 +++ src/tests/testAuth.h | 7 ++-- 46 files changed, 328 insertions(+), 91 deletions(-) diff --git a/configure.ac b/configure.ac index e09e6d814b..79affe6e6e 100644 --- a/configure.ac +++ b/configure.ac @@ -1569,8 +1569,8 @@ SQUID_YESNO([$enableval], [unrecognized argument to --enable-auth: $enableval]) ]) AC_MSG_NOTICE([Authentication support enabled: ${enable_auth:=yes}]) -SQUID_DEFINE_BOOL(USE_AUTH,$enable_auth, - [Enable support for authentication]) +SQUID_DEFINE_BOOL(USE_AUTH,$enable_auth,[Enable support for authentication]) +AM_CONDITIONAL(ENABLE_AUTH, test "x$enable_auth" != "xno") AUTH_MODULES="" AC_ARG_ENABLE(auth-basic, diff --git a/src/AclRegs.cc b/src/AclRegs.cc index 139dad8e70..5c3ef645b9 100644 --- a/src/AclRegs.cc +++ b/src/AclRegs.cc @@ -18,7 +18,9 @@ #include "acl/DestinationDomain.h" #include "acl/DestinationIp.h" #include "acl/DomainData.h" +#if USE_AUTH #include "acl/ExtUser.h" +#endif #include "acl/FilledChecklist.h" #include "acl/Gadgets.h" #include "acl/HierCodeData.h" @@ -64,8 +66,10 @@ #include "acl/UrlPath.h" #include "acl/UrlPort.h" #include "acl/UserData.h" +#if USE_AUTH #include "auth/AclProxyAuth.h" #include "auth/AclMaxUserIp.h" +#endif #if USE_IDENT #include "ident/AclIdent.h" #endif @@ -79,10 +83,12 @@ ACL::Prototype ACLDestinationDomain::RegexRegistryProtoype(&ACLDestinationDomain ACLStrategised ACLDestinationDomain::RegexRegistryEntry_(new ACLRegexData,ACLDestinationDomainStrategy::Instance() ,"dstdom_regex"); ACL::Prototype ACLDestinationIP::RegistryProtoype(&ACLDestinationIP::RegistryEntry_, "dst"); ACLDestinationIP ACLDestinationIP::RegistryEntry_; +#if USE_AUTH ACL::Prototype ACLExtUser::UserRegistryProtoype(&ACLExtUser::UserRegistryEntry_, "ext_user"); ACLExtUser ACLExtUser::UserRegistryEntry_(new ACLUserData, "ext_user"); ACL::Prototype ACLExtUser::RegexRegistryProtoype(&ACLExtUser::RegexRegistryEntry_, "ext_user_regex" ); ACLExtUser ACLExtUser::RegexRegistryEntry_(new ACLRegexData, "ext_user_regex"); +#endif ACL::Prototype ACLHierCode::RegistryProtoype(&ACLHierCode::RegistryEntry_, "hier_code"); ACLStrategised ACLHierCode::RegistryEntry_(new ACLHierCodeData, ACLHierCodeStrategy::Instance(), "hier_code"); ACL::Prototype ACLHTTPRepHeader::RegistryProtoype(&ACLHTTPRepHeader::RegistryEntry_, "rep_header"); @@ -152,7 +158,7 @@ ACL::Prototype ACLIdent::RegexRegistryProtoype(&ACLIdent::RegexRegistryEntry_, " ACLIdent ACLIdent::RegexRegistryEntry_(new ACLRegexData, "ident_regex"); #endif - +#if USE_AUTH ACL::Prototype ACLProxyAuth::UserRegistryProtoype(&ACLProxyAuth::UserRegistryEntry_, "proxy_auth"); ACLProxyAuth ACLProxyAuth::UserRegistryEntry_(new ACLUserData, "proxy_auth"); ACL::Prototype ACLProxyAuth::RegexRegistryProtoype(&ACLProxyAuth::RegexRegistryEntry_, "proxy_auth_regex" ); @@ -160,6 +166,7 @@ ACLProxyAuth ACLProxyAuth::RegexRegistryEntry_(new ACLRegexData, "proxy_auth_reg ACL::Prototype ACLMaxUserIP::RegistryProtoype(&ACLMaxUserIP::RegistryEntry_, "max_user_ip"); ACLMaxUserIP ACLMaxUserIP::RegistryEntry_("max_user_ip"); +#endif ACL::Prototype ACLTag::RegistryProtoype(&ACLTag::RegistryEntry_, "tag"); ACLStrategised ACLTag::RegistryEntry_(new ACLStringData, ACLTagStrategy::Instance(), "tag"); diff --git a/src/AuthReg.cc b/src/AuthReg.cc index 2825c949c8..079d81594e 100644 --- a/src/AuthReg.cc +++ b/src/AuthReg.cc @@ -1,4 +1,7 @@ #include "config.h" + +#if USE_AUTH + #include "Debug.h" #include "protos.h" @@ -41,3 +44,5 @@ InitAuthSchemes() #endif debugs(29,1,"Initializing Authentication Schemes Complete."); } + +#endif /* USE_AUTH */ diff --git a/src/ExternalACLEntry.cc b/src/ExternalACLEntry.cc index 3adc53ae6a..a9074fec7b 100644 --- a/src/ExternalACLEntry.cc +++ b/src/ExternalACLEntry.cc @@ -84,9 +84,10 @@ ExternalACLEntry::update(ExternalACLEntryData const &someData) { date = squid_curtime; result = someData.result; - +#if USE_AUTH user = someData.user; password = someData.password; +#endif message = someData.message; tag = someData.tag; log = someData.log; diff --git a/src/ExternalACLEntry.h b/src/ExternalACLEntry.h index 864957f923..25be0daf61 100644 --- a/src/ExternalACLEntry.h +++ b/src/ExternalACLEntry.h @@ -61,8 +61,11 @@ public: ExternalACLEntryData() : result (-1) {} int result; +#if USE_AUTH + // TODO use an AuthUser to hold this info String user; String password; +#endif String message; String tag; String log; @@ -88,8 +91,10 @@ public: dlink_node lru; int result; time_t date; +#if USE_AUTH String user; String password; +#endif String message; String tag; String log; diff --git a/src/HttpRequest.cc b/src/HttpRequest.cc index 5430a979de..ad3a74cf69 100644 --- a/src/HttpRequest.cc +++ b/src/HttpRequest.cc @@ -36,7 +36,9 @@ #include "squid.h" #include "HttpRequest.h" +#if USE_AUTH #include "auth/UserRequest.h" +#endif #include "HttpHeaderRange.h" #include "MemBuf.h" #include "Store.h" @@ -82,7 +84,9 @@ HttpRequest::init() login[0] = '\0'; host[0] = '\0'; host_is_numeric = -1; +#if USE_AUTH auth_user_request = NULL; +#endif pinned_connection = NULL; port = 0; canonical = NULL; @@ -107,8 +111,10 @@ HttpRequest::init() vary_headers = NULL; myportname = null_string; tag = null_string; +#if USE_AUTH extacl_user = null_string; extacl_passwd = null_string; +#endif extacl_log = null_string; extacl_message = null_string; pstate = psReadyToParseStartLine; @@ -130,9 +136,9 @@ HttpRequest::clean() // we used to assert that the pipe is NULL, but now the request only // points to a pipe that is owned and initiated by another object. body_pipe = NULL; - +#if USE_AUTH auth_user_request = NULL; - +#endif safe_free(canonical); safe_free(vary_headers); @@ -157,11 +163,10 @@ HttpRequest::clean() myportname.clean(); tag.clean(); - +#if USE_AUTH extacl_user.clean(); - extacl_passwd.clean(); - +#endif extacl_log.clean(); extacl_message.clean(); @@ -216,8 +221,10 @@ HttpRequest::clone() const copy->myportname = myportname; copy->tag = tag; +#if USE_AUTH copy->extacl_user = extacl_user; copy->extacl_passwd = extacl_passwd; +#endif copy->extacl_log = extacl_log; copy->extacl_message = extacl_message; @@ -621,9 +628,9 @@ bool HttpRequest::inheritProperties(const HttpMsg *aMsg) errType = aReq->errType; errDetail = aReq->errDetail; - +#if USE_AUTH auth_user_request = aReq->auth_user_request; - +#endif if (aReq->pinned_connection) { pinned_connection = cbdataReference(aReq->pinned_connection); } diff --git a/src/HttpRequest.h b/src/HttpRequest.h index afa1226101..0002c092f3 100644 --- a/src/HttpRequest.h +++ b/src/HttpRequest.h @@ -158,9 +158,9 @@ private: public: Ip::Address host_addr; - +#if USE_AUTH AuthUserRequest::Pointer auth_user_request; - +#endif u_short port; String urlpath; diff --git a/src/Makefile.am b/src/Makefile.am index af3a3a68df..667b032267 100644 --- a/src/Makefile.am +++ b/src/Makefile.am @@ -30,7 +30,19 @@ LOADABLE_MODULES_SOURCES = \ LoadableModules.h \ LoadableModules.cc -SUBDIRS = base comm eui acl fs repl auth ip icmp ident log ipc mgr +SUBDIRS = base comm eui acl fs repl +DIST_SUBDIRS = base comm eui acl fs repl + +if ENABLE_AUTH +SUBDIRS += auth +AUTH_LIBS= auth/libauth.la +AUTH_ACL_LIBS= auth/libacls.la +check_PROGRAMS+= tests/testAuth tests/testACLMaxUserIP +endif +DIST_SUBDIRS += auth + +SUBDIRS += ip icmp ident log ipc mgr +DIST_SUBDIRS += ip icmp ident log ipc mgr if ENABLE_SSL SUBDIRS += ssl @@ -40,6 +52,20 @@ SSL_LIBS = \ else SSL_LOCAL_LIBS = endif +DIST_SUBDIRS += ssl + +SNMP_ALL_SOURCE = \ + snmp_core.h \ + snmp_core.cc \ + snmp_agent.cc +if ENABLE_SNMP +SNMP_SOURCE = $(SNMP_ALL_SOURCE) +SUBDIRS += snmp +SNMP_LIBS = snmp/libsnmp.la +else +SNMP_SOURCE = +endif +DIST_SUBDIRS += snmp SNMP_ALL_SOURCE = \ snmp_core.h \ @@ -56,6 +82,7 @@ endif if USE_ADAPTATION SUBDIRS += adaptation endif +DIST_SUBDIRS += adaptation if USE_ESI SUBDIRS += esi @@ -68,6 +95,7 @@ ESI_LIBS = $(ESI_LOCAL_LIBS) \ else ESI_LIBS = endif +DIST_SUBDIRS += esi DELAY_POOL_ALL_SOURCE = \ CommonPool.h \ @@ -164,12 +192,12 @@ noinst_LTLIBRARIES = libsquid.la # libraries used by many targets COMMON_LIBS = \ - auth/libacls.la \ + $(AUTH_ACL_LIBS) \ ident/libident.la \ acl/libacls.la \ eui/libeui.la \ acl/libstate.la \ - auth/libauth.la \ + $(AUTH_LIBS) \ acl/libapi.la \ base/libbase.la \ libsquid.la \ @@ -895,9 +923,7 @@ TESTSOURCES= \ TEST_CALL_SOURCES = \ event.cc - -check_PROGRAMS+= tests/testAuth \ - tests/testACLMaxUserIP \ +check_PROGRAMS+=\ tests/testBoilerplate \ tests/testCacheManager \ tests/testDiskIO \ @@ -987,7 +1013,7 @@ tests_testHttpReply_LDFLAGS = $(LIBADD_DL) tests_testHttpReply_LDADD=\ acl/libapi.la \ acl/libstate.la \ - auth/libauth.la \ + $(AUTH_LIBS) \ ip/libip.la \ base/libbase.la \ $(top_builddir)/lib/libmisccontainers.la \ @@ -1098,12 +1124,12 @@ tests_testACLMaxUserIP_SOURCES= \ nodist_tests_testACLMaxUserIP_SOURCES= \ $(TESTSOURCES) tests_testACLMaxUserIP_LDADD= \ - auth/libacls.la \ + $(AUTH_ACL_LIBS) \ ident/libident.la \ acl/libacls.la \ eui/libeui.la \ acl/libstate.la \ - auth/libauth.la \ + $(AUTH_LIBS) \ acl/libapi.la \ base/libbase.la \ libsquid.la \ @@ -1275,12 +1301,12 @@ nodist_tests_testCacheManager_SOURCES = \ $(BUILT_SOURCES) # comm.cc only requires comm/libcomm.la until fdc_table is dead. tests_testCacheManager_LDADD = \ - auth/libacls.la \ + $(AUTH_ACL_LIBS) \ ident/libident.la \ acl/libacls.la \ eui/libeui.la \ acl/libstate.la \ - auth/libauth.la \ + $(AUTH_LIBS) \ acl/libapi.la \ base/libbase.la \ libsquid.la \ @@ -1330,12 +1356,12 @@ tests_testDiskIO_LDADD = \ SquidConfig.o \ CommCalls.o \ DnsLookupDetails.o \ - auth/libacls.la \ + $(AUTH_ACL_LIBS) \ ident/libident.la \ acl/libacls.la \ eui/libeui.la \ acl/libstate.la \ - auth/libauth.la \ + $(AUTH_LIBS) \ base/libbase.la \ libsquid.la \ ip/libip.la \ diff --git a/src/acl/ExtUser.cc b/src/acl/ExtUser.cc index 6111ca1a61..a13aab7243 100644 --- a/src/acl/ExtUser.cc +++ b/src/acl/ExtUser.cc @@ -35,6 +35,9 @@ */ #include "squid.h" + +#if USE_AUTH + #include "acl/ExtUser.h" #include "acl/FilledChecklist.h" #include "acl/RegexData.h" @@ -103,3 +106,4 @@ ACLExtUser::clone() const return new ACLExtUser(*this); } +#endif /* USE_AUTH */ diff --git a/src/acl/ExtUser.h b/src/acl/ExtUser.h index 28569094ca..adb7077b5d 100644 --- a/src/acl/ExtUser.h +++ b/src/acl/ExtUser.h @@ -35,6 +35,8 @@ #ifndef SQUID_EXTUSER_H #define SQUID_EXTUSER_H +#if USE_AUTH + #include "acl/Acl.h" #include "acl/Checklist.h" #include "acl/Data.h" @@ -70,4 +72,5 @@ private: MEMPROXY_CLASS_INLINE(ACLExtUser); +#endif /* USE_AUTH */ #endif /* SQUID_EXTUSER_H */ diff --git a/src/acl/FilledChecklist.cc b/src/acl/FilledChecklist.cc index 72ec05750b..d85c5387ff 100644 --- a/src/acl/FilledChecklist.cc +++ b/src/acl/FilledChecklist.cc @@ -2,8 +2,10 @@ #include "HttpRequest.h" #include "HttpReply.h" #include "client_side.h" +#if USE_AUTH #include "auth/UserRequest.h" #include "auth/AclProxyAuth.h" +#endif #include "acl/FilledChecklist.h" CBDATA_CLASS_INIT(ACLFilledChecklist); @@ -13,6 +15,7 @@ ACLFilledChecklist::checkCallback(allow_t answer) { debugs(28, 5, HERE << this << " answer=" << answer); +#if USE_AUTH /* During reconfigure, we can end up not finishing call * sequences into the auth code */ @@ -24,6 +27,7 @@ ACLFilledChecklist::checkCallback(allow_t answer) conn()->auth_user_request = NULL; } } +#endif ACLChecklist::checkCallback(answer); // may delete us } @@ -51,7 +55,9 @@ ACLFilledChecklist::ACLFilledChecklist() : dst_rdns(NULL), request (NULL), reply (NULL), +#if USE_AUTH auth_user_request (NULL), +#endif #if SQUID_SNMP snmp_community(NULL), #endif @@ -161,7 +167,9 @@ ACLFilledChecklist::ACLFilledChecklist(const acl_access *A, HttpRequest *http_re dst_rdns(NULL), request(NULL), reply(NULL), +#if USE_AUTh auth_user_request(NULL), +#endif #if SQUID_SNMP snmp_community(NULL), #endif diff --git a/src/acl/FilledChecklist.h b/src/acl/FilledChecklist.h index 2d9f495a07..9ffccbcb61 100644 --- a/src/acl/FilledChecklist.h +++ b/src/acl/FilledChecklist.h @@ -2,7 +2,9 @@ #define SQUID_ACLFILLED_CHECKLIST_H #include "acl/Checklist.h" +#if USE_AUTH #include "auth/UserRequest.h" +#endif class ExternalACLEntry; class ConnStateData; @@ -53,8 +55,9 @@ public: HttpReply *reply; char rfc931[USER_IDENT_SZ]; +#if USE_AUTH AuthUserRequest::Pointer auth_user_request; - +#endif #if SQUID_SNMP char *snmp_community; #endif diff --git a/src/auth/Acl.h b/src/auth/Acl.h index 5c3f947f01..3c21dce4ce 100644 --- a/src/auth/Acl.h +++ b/src/auth/Acl.h @@ -1,6 +1,8 @@ #ifndef SQUID_AUTH_ACL_H #define SQUID_AUTH_ACL_H +#if USE_AUTH + // ACL-related code used by authentication-related code. This code is not in // auth/Gadgets to avoid making auth/libauth dependent on acl/libstate because // acl/libstate already depends on auth/libauth. @@ -9,4 +11,5 @@ class ACLChecklist; /// \ingroup AuthAPI extern int AuthenticateAcl(ACLChecklist *ch); +#endif /* USE_AUTH */ #endif /* SQUID_AUTH_ACL_H */ diff --git a/src/auth/AclMaxUserIp.h b/src/auth/AclMaxUserIp.h index 35a62feafe..9bac843a8a 100644 --- a/src/auth/AclMaxUserIp.h +++ b/src/auth/AclMaxUserIp.h @@ -35,6 +35,8 @@ #ifndef SQUID_ACLMAXUSERIP_H #define SQUID_ACLMAXUSERIP_H +#if USE_AUTH + #include "acl/Acl.h" #include "acl/Checklist.h" #include "auth/UserRequest.h" @@ -81,4 +83,5 @@ private: MEMPROXY_CLASS_INLINE(ACLMaxUserIP); +#endif /* USE_AUTH */ #endif /* SQUID_ACLMAXUSERIP_H */ diff --git a/src/auth/AclProxyAuth.h b/src/auth/AclProxyAuth.h index 390fd2a52b..4144d3747c 100644 --- a/src/auth/AclProxyAuth.h +++ b/src/auth/AclProxyAuth.h @@ -34,6 +34,9 @@ #ifndef SQUID_ACLPROXYAUTH_H #define SQUID_ACLPROXYAUTH_H + +#if USE_AUTH + #include "acl/Acl.h" #include "acl/Data.h" #include "acl/Checklist.h" @@ -97,4 +100,5 @@ private: MEMPROXY_CLASS_INLINE(ACLProxyAuth); +#endif /* USE_AUTH */ #endif /* SQUID_ACLPROXYAUTH_H */ diff --git a/src/auth/AuthAclState.h b/src/auth/AuthAclState.h index 10d639014e..fdd3b69e57 100644 --- a/src/auth/AuthAclState.h +++ b/src/auth/AuthAclState.h @@ -1,6 +1,8 @@ #ifndef _SQUID__SRC_AUTH_AUTHACLSTATE_H #define _SQUID__SRC_AUTH_AUTHACLSTATE_H +#if USE_AUTH + typedef enum { AUTH_ACL_CHALLENGE = -2, AUTH_ACL_HELPER = -1, @@ -8,4 +10,5 @@ typedef enum { AUTH_AUTHENTICATED = 1 } AuthAclState; -#endif +#endif /* USE_AUTH */ +#endif /* _SQUID__SRC_AUTH_AUTHACLSTATE_H */ diff --git a/src/auth/AuthType.h b/src/auth/AuthType.h index eec96b77f5..783b4b5b9b 100644 --- a/src/auth/AuthType.h +++ b/src/auth/AuthType.h @@ -1,6 +1,8 @@ #ifndef _SQUID__SRC_AUTH_AUTHTYPE_H #define _SQUID__SRC_AUTH_AUTHTYPE_H +#if USE_AUTH + typedef enum { AUTH_UNKNOWN, /* default */ AUTH_BASIC, @@ -12,4 +14,5 @@ typedef enum { extern const char *AuthType_str[]; +#endif /* USE_AUTH */ #endif diff --git a/src/auth/Config.h b/src/auth/Config.h index fa4994ea4c..aa948e25bc 100644 --- a/src/auth/Config.h +++ b/src/auth/Config.h @@ -32,6 +32,8 @@ #ifndef SQUID_AUTHCONFIG_H #define SQUID_AUTHCONFIG_H +#if USE_AUTH + #include "auth/UserRequest.h" #include "HelperChildConfig.h" @@ -142,4 +144,5 @@ extern authConfig TheConfig; } // namespace Auth +#endif /* USE_AUTH */ #endif /* SQUID_AUTHCONFIG_H */ diff --git a/src/auth/Gadgets.h b/src/auth/Gadgets.h index 7f140b2a2f..f7c3f752a0 100644 --- a/src/auth/Gadgets.h +++ b/src/auth/Gadgets.h @@ -33,6 +33,8 @@ #ifndef SQUID_AUTH_GADGETS_H #define SQUID_AUTH_GADGETS_H +#if USE_AUTH + #include "hash.h" #include "MemPool.h" #include "auth/Config.h" @@ -107,4 +109,5 @@ extern int authenticateSchemeCount(void); /// \ingroup AuthAPI extern void authenticateOnCloseConnection(ConnStateData * conn); +#endif /* USE_AUTH */ #endif /* SQUID_AUTH_GADGETS_H */ diff --git a/src/auth/Scheme.h b/src/auth/Scheme.h index 0c3d65103f..46fee0f510 100644 --- a/src/auth/Scheme.h +++ b/src/auth/Scheme.h @@ -33,6 +33,8 @@ #ifndef SQUID_AUTHSCHEME_H #define SQUID_AUTHSCHEME_H +#if USE_AUTH + #include "Array.h" #include "RefCount.h" @@ -100,4 +102,5 @@ private: static Vector *_Schemes; }; +#endif /* USE_AUTH */ #endif /* SQUID_AUTHSCHEME_H */ diff --git a/src/auth/State.h b/src/auth/State.h index cd19e72da7..0cb34ad32f 100644 --- a/src/auth/State.h +++ b/src/auth/State.h @@ -1,6 +1,8 @@ #ifndef __AUTH_AUTHENTICATE_STATE_T__ #define __AUTH_AUTHENTICATE_STATE_T__ +#if USE_AUTH + #include "auth/UserRequest.h" /** @@ -16,4 +18,5 @@ extern CBDATA_GLOBAL_TYPE(authenticateStateData); extern void authenticateStateFree(authenticateStateData * r); +#endif /* USE_AUTH */ #endif /* __AUTH_AUTHENTICATE_STATE_T__ */ diff --git a/src/auth/User.h b/src/auth/User.h index a01f45487a..cf1ee5d66e 100644 --- a/src/auth/User.h +++ b/src/auth/User.h @@ -34,6 +34,8 @@ #ifndef SQUID_AUTHUSER_H #define SQUID_AUTHUSER_H +#if USE_AUTH + #include "auth/AuthType.h" #include "dlink.h" #include "ip/Address.h" @@ -134,4 +136,5 @@ extern const char *CredentialsState_str[]; #include "auth/User.cci" #endif +#endif /* USE_AUTH */ #endif /* SQUID_AUTHUSER_H */ diff --git a/src/auth/UserRequest.h b/src/auth/UserRequest.h index c86d9cf00c..0c40449a2f 100644 --- a/src/auth/UserRequest.h +++ b/src/auth/UserRequest.h @@ -35,6 +35,8 @@ #ifndef SQUID_AUTHUSERREQUEST_H #define SQUID_AUTHUSERREQUEST_H +#if USE_AUTH + #include "auth/AuthAclState.h" #include "auth/Scheme.h" #include "auth/User.h" @@ -200,5 +202,5 @@ extern int authenticateDirection(AuthUserRequest::Pointer); /// See AuthUserRequest::authenticated() extern int authenticateUserAuthenticated(AuthUserRequest::Pointer); - +#endif /* USE_AUTH */ #endif /* SQUID_AUTHUSERREQUEST_H */ diff --git a/src/cache_cf.cc b/src/cache_cf.cc index 9efa10be91..aaf4dbd575 100644 --- a/src/cache_cf.cc +++ b/src/cache_cf.cc @@ -50,8 +50,10 @@ #include "ssl/support.h" #include "ssl/Config.h" #endif +#if USE_AUTH #include "auth/Config.h" #include "auth/Scheme.h" +#endif #include "ConfigParser.h" #include "CpuAffinityMap.h" #include "eui/Config.h" @@ -915,6 +917,7 @@ configDoConfigure(void) (uint32_t)Config.maxRequestBufferSize, (uint32_t)Config.maxRequestHeaderSize); } +#if USE_AUTH /* * disable client side request pipelining. There is a race with * Negotiate and NTLM when the client sends a second request on an @@ -930,6 +933,7 @@ configDoConfigure(void) Config.onoff.pipeline_prefetch = 0; } } +#endif } /** Parse a line containing an obsolete directive. @@ -1825,6 +1829,7 @@ check_null_string(char *s) return s == NULL; } +#if USE_AUTH static void parse_authparam(Auth::authConfig * config) { @@ -1883,6 +1888,7 @@ dump_authparam(StoreEntry * entry, const char *name, authConfig cfg) for (authConfig::iterator i = cfg.begin(); i != cfg.end(); ++i) (*i)->dump(entry, name, (*i)); } +#endif /* USE_AUTH */ /* TODO: just return the object, the # is irrelevant */ static int @@ -2222,13 +2228,15 @@ parse_peer(peer ** head) fatalf("parse_peer: non-parent carp peer %s/%d\n", p->host, p->http_port); p->options.carp = 1; - } else if (!strcasecmp(token, "userhash")) { +#if USE_AUTH if (p->type != PEER_PARENT) fatalf("parse_peer: non-parent userhash peer %s/%d\n", p->host, p->http_port); p->options.userhash = 1; - +#else + fatalf("parse_peer: userhash requires authentication. peer %s/%d\n", p->host, p->http_port); +#endif } else if (!strcasecmp(token, "sourcehash")) { if (p->type != PEER_PARENT) fatalf("parse_peer: non-parent sourcehash peer %s/%d\n", p->host, p->http_port); diff --git a/src/cf.data.pre b/src/cf.data.pre index cc705f0ad7..62637962ad 100644 --- a/src/cf.data.pre +++ b/src/cf.data.pre @@ -172,6 +172,7 @@ COMMENT_END NAME: auth_param TYPE: authparam +IFDEF: USE_AUTH LOC: Auth::TheConfig DEFAULT: none DOC_START diff --git a/src/client_side.cc b/src/client_side.cc index 5e18b7b2c2..5dbe5d2916 100644 --- a/src/client_side.cc +++ b/src/client_side.cc @@ -84,7 +84,9 @@ #include "squid.h" #include "acl/FilledChecklist.h" +#if USE_AUTH #include "auth/UserRequest.h" +#endif #include "base/TextException.h" #include "ChunkedCodingParser.h" #include "client_side.h" @@ -599,13 +601,12 @@ prepareLogWithRequestDetails(HttpRequest * request, AccessLogEntry * aLogEntry) aLogEntry->cache.requestSize += request->content_length; aLogEntry->cache.extuser = request->extacl_user.termedBuf(); +#if USE_AUTH if (request->auth_user_request != NULL) { - if (request->auth_user_request->username()) aLogEntry->cache.authuser = xstrdup(request->auth_user_request->username()); - -// WTF?? request->auth_user_request = NULL; } +#endif if (aLogEntry->request) { aLogEntry->request->errType = request->errType; @@ -763,12 +764,12 @@ ConnStateData::swanSong() clientdbEstablished(peer, -1); /* decrement */ assert(areAllContextsForThisConnection()); freeAllContexts(); - +#if USE_AUTH if (auth_user_request != NULL) { debugs(33, 4, "ConnStateData::swanSong: freeing auth_user_request '" << auth_user_request << "' (this is '" << this << "')"); auth_user_request->onConnectionClose(this); } - +#endif if (pinning.fd >= 0) comm_close(pinning.fd); @@ -2551,7 +2552,8 @@ clientProcessRequest(ConnStateData *conn, HttpParser *hp, ClientSocketContext *c clientStreamNode *node = context->getClientReplyContext(); clientReplyContext *repContext = dynamic_cast(node->data.getRaw()); assert (repContext); - repContext->setReplyToError(ERR_INVALID_REQ, HTTP_EXPECTATION_FAILED, request->method, http->uri, conn->peer, request, NULL, NULL); + repContext->setReplyToError(ERR_INVALID_REQ, HTTP_EXPECTATION_FAILED, request->method, + http->uri, conn->peer, request, NULL, NULL); assert(context->http->out.offset == 0); context->pullData(); goto finish; diff --git a/src/client_side.h b/src/client_side.h index ab7b6c3cec..169dfa2f0c 100644 --- a/src/client_side.h +++ b/src/client_side.h @@ -33,7 +33,9 @@ #ifndef SQUID_CLIENTSIDE_H #define SQUID_CLIENTSIDE_H +#if USE_AUTH #include "auth/UserRequest.h" +#endif #include "base/AsyncJob.h" #include "BodyPipe.h" #include "comm.h" @@ -181,11 +183,13 @@ public: */ int64_t mayNeedToReadMoreBody() const; +#if USE_AUTH /** * note this is ONLY connection based because NTLM and Negotiate is against HTTP spec. * the user details for connection based authentication */ AuthUserRequest::Pointer auth_user_request; +#endif /** * used by the owner of the connection, opaque otherwise diff --git a/src/client_side_reply.cc b/src/client_side_reply.cc index d6ada937d2..9dcd4e26b3 100644 --- a/src/client_side_reply.cc +++ b/src/client_side_reply.cc @@ -40,7 +40,9 @@ #include "squid.h" #include "acl/FilledChecklist.h" #include "acl/Gadgets.h" +#if USE_AUTH #include "auth/UserRequest.h" +#endif #include "client_side.h" #include "client_side_reply.h" #include "clientStream.h" @@ -97,7 +99,12 @@ void clientReplyContext::setReplyToError( err_type err, http_status status, const HttpRequestMethod& method, char const *uri, Ip::Address &addr, HttpRequest * failedrequest, const char *unparsedrequest, - AuthUserRequest::Pointer auth_user_request) +#if USE_AUTH + AuthUserRequest::Pointer auth_user_request +#else + int +#endif + ) { ErrorState *errstate = clientBuildError(err, status, uri, addr, failedrequest); @@ -111,9 +118,9 @@ clientReplyContext::setReplyToError( http->al.http.code = errstate->httpStatus; createStoreEntry(method, request_flags()); - +#if USE_AUTH errstate->auth_user_request = auth_user_request; - +#endif assert(errstate->callback_data == NULL); errorAppendEntry(http->storeEntry(), errstate); /* Now the caller reads to get this */ @@ -1343,7 +1350,6 @@ clientReplyContext::buildReplyHeader() } /* Filter unproxyable authentication types */ - if (http->logType != LOG_TCP_DENIED && hdr->has(HDR_WWW_AUTHENTICATE)) { HttpHeaderPos pos = HttpHeaderInitPos; @@ -1386,6 +1392,7 @@ clientReplyContext::buildReplyHeader() hdr->refreshMask(); } +#if USE_AUTH /* Handle authentication headers */ if (http->logType == LOG_TCP_DENIED && ( reply->sline.status == HTTP_PROXY_AUTHENTICATION_REQUIRED || @@ -1400,6 +1407,7 @@ clientReplyContext::buildReplyHeader() authenticateFixHeader(reply, request->auth_user_request, request, 0, 1); } else if (request->auth_user_request != NULL) authenticateFixHeader(reply, request->auth_user_request, request, http->flags.accel, 0); +#endif /* Append X-Cache */ httpHeaderPutStrf(hdr, HDR_X_CACHE, "%s from %s", diff --git a/src/client_side_reply.h b/src/client_side_reply.h index 77c023fb3f..79bc520f97 100644 --- a/src/client_side_reply.h +++ b/src/client_side_reply.h @@ -71,8 +71,12 @@ public: void identifyFoundObject(StoreEntry *entry); int storeOKTransferDone() const; int storeNotOKTransferDone() const; - - void setReplyToError(err_type, http_status, const HttpRequestMethod&, char const *, Ip::Address &, HttpRequest *, const char *, AuthUserRequest::Pointer); + void setReplyToError(err_type, http_status, const HttpRequestMethod&, char const *, Ip::Address &, HttpRequest *, const char *, +#if USE_AUTH + AuthUserRequest::Pointer); +#else + int unused); +#endif void createStoreEntry(const HttpRequestMethod& m, request_flags flags); void removeStoreReference(store_client ** scp, StoreEntry ** ep); void removeClientStoreReference(store_client **scp, ClientHttpRequest *http); diff --git a/src/client_side_request.cc b/src/client_side_request.cc index f59086eca4..28eef99dcb 100644 --- a/src/client_side_request.cc +++ b/src/client_side_request.cc @@ -53,7 +53,9 @@ #include "adaptation/icap/History.h" #endif #endif +#if USE_AUTH #include "auth/UserRequest.h" +#endif #include "clientStream.h" #include "client_side.h" #include "client_side_reply.h" @@ -576,21 +578,24 @@ ClientRequestContext::clientAccessCheckDone(int answer) (answer == ACCESS_ALLOWED ? "ALLOWED" : "DENIED") << ", because it matched '" << (AclMatchedName ? AclMatchedName : "NO ACL's") << "'" ); - char const *proxy_auth_msg = ""; +#if USE_AUTH + char const *proxy_auth_msg = ""; if (http->getConn() != NULL && http->getConn()->auth_user_request != NULL) proxy_auth_msg = http->getConn()->auth_user_request->denyMessage(""); else if (http->request->auth_user_request != NULL) proxy_auth_msg = http->request->auth_user_request->denyMessage(""); +#endif if (answer != ACCESS_ALLOWED) { /* Send an error */ int require_auth = (answer == ACCESS_REQ_PROXY_AUTH || aclIsProxyAuth(AclMatchedName)); debugs(85, 5, "Access Denied: " << http->uri); debugs(85, 5, "AclMatchedName = " << (AclMatchedName ? AclMatchedName : "")); - +#if USE_AUTH if (require_auth) debugs(33, 5, "Proxy Auth Message = " << (proxy_auth_msg ? proxy_auth_msg : "")); +#endif /* * NOTE: get page_id here, based on AclMatchedName because if @@ -603,6 +608,7 @@ ClientRequestContext::clientAccessCheckDone(int answer) http->logType = LOG_TCP_DENIED; if (require_auth) { +#if USE_AUTH if (!http->flags.accel) { /* Proxy authorisation needed */ status = HTTP_PROXY_AUTHENTICATION_REQUIRED; @@ -610,7 +616,10 @@ ClientRequestContext::clientAccessCheckDone(int answer) /* WWW authorisation needed */ status = HTTP_UNAUTHORIZED; } - +#else + // need auth, but not possible to do. + status = HTTP_FORBIDDEN; +#endif if (page_id == ERR_NONE) page_id = ERR_CACHE_ACCESS_DENIED; } else { @@ -630,9 +639,12 @@ ClientRequestContext::clientAccessCheckDone(int answer) http->getConn() != NULL ? http->getConn()->peer : tmpnoaddr, http->request, NULL, +#if USE_AUTH http->getConn() != NULL && http->getConn()->auth_user_request != NULL ? http->getConn()->auth_user_request : http->request->auth_user_request); - +#else + NULL); +#endif node = (clientStreamNode *)http->client_stream.tail->data; clientStreamRead(node, http, node->readBuffer); return; @@ -1037,8 +1049,9 @@ ClientRequestContext::clientRedirectDone(char *result) new_request->my_addr = old_request->my_addr; new_request->flags = old_request->flags; new_request->flags.redirected = 1; +#if USE_AUTH new_request->auth_user_request = old_request->auth_user_request; - +#endif if (old_request->body_pipe != NULL) { new_request->body_pipe = old_request->body_pipe; old_request->body_pipe = NULL; diff --git a/src/errorpage.cc b/src/errorpage.cc index fc92e04565..7284041a77 100644 --- a/src/errorpage.cc +++ b/src/errorpage.cc @@ -34,7 +34,9 @@ #include "config.h" #include "comm/Write.h" #include "errorpage.h" +#if USE_AUTH #include "auth/UserRequest.h" +#endif #include "SquidTime.h" #include "Store.h" #include "html_quote.h" @@ -548,7 +550,9 @@ errorStateFree(ErrorState * err) wordlistDestroy(&err->ftp.server_msg); safe_free(err->ftp.request); safe_free(err->ftp.reply); +#if USE_AUTH err->auth_user_request = NULL; +#endif safe_free(err->err_msg); #if USE_ERR_LOCALES if (err->err_language != Config.errorDefaultLanguage) @@ -582,10 +586,10 @@ ErrorState::Dump(MemBuf * mb) } else { str.Printf("Err: [none]\r\n"); } - +#if USE_AUTH if (auth_user_request->denyMessage()) str.Printf("Auth ErrMsg: %s\r\n", auth_user_request->denyMessage()); - +#endif if (dnsError.size() > 0) str.Printf("DNS ErrMsg: %s\r\n", dnsError.termedBuf()); @@ -659,12 +663,13 @@ ErrorState::Convert(char token, bool building_deny_info_url, bool allowRecursion switch (token) { case 'a': +#if USE_AUTH if (request && request->auth_user_request != NULL) p = request->auth_user_request->username(); if (!p) +#endif p = "-"; break; - case 'B': if (building_deny_info_url) break; p = request ? ftpUrlWith2f(request) : "[no URL]"; @@ -773,7 +778,11 @@ ErrorState::Convert(char token, bool building_deny_info_url, bool allowRecursion case 'm': if (building_deny_info_url) break; +#if USE_AUTH p = auth_user_request->denyMessage("[not available]"); +#else + p = "-"; +#endif break; case 'M': diff --git a/src/errorpage.h b/src/errorpage.h index e3ea32cfa3..bd7a52dae7 100644 --- a/src/errorpage.h +++ b/src/errorpage.h @@ -35,7 +35,9 @@ #define SQUID_ERRORPAGE_H #include "squid.h" +#if USE_AUTH #include "auth/UserRequest.h" +#endif #include "cbdata.h" #include "ip/Address.h" #if USE_SSL @@ -140,7 +142,9 @@ public: int page_id; char *err_language; http_status httpStatus; +#if USE_AUTH AuthUserRequest::Pointer auth_user_request; +#endif HttpRequest *request; char *url; int xerrno; diff --git a/src/external_acl.cc b/src/external_acl.cc index 862c058a1b..3995bdade5 100644 --- a/src/external_acl.cc +++ b/src/external_acl.cc @@ -44,7 +44,11 @@ #include "mgr/Registration.h" #include "ExternalACL.h" #include "ExternalACLEntry.h" +#if USE_AUTH +#include "auth/Acl.h" +#include "auth/Gadgets.h" #include "auth/UserRequest.h" +#endif #include "SquidTime.h" #include "Store.h" #include "fde.h" @@ -57,8 +61,6 @@ #include "client_side.h" #include "HttpRequest.h" #include "HttpReply.h" -#include "auth/Acl.h" -#include "auth/Gadgets.h" #include "helper.h" #include "MemBuf.h" #include "rfc1738.h" @@ -124,6 +126,7 @@ public: dlink_list queue; +#if USE_AUTH /** * Configuration flag. May only be altered by the configuration parser. * @@ -131,6 +134,7 @@ public: * details to be processed. If none are available its a fail match. */ bool require_auth; +#endif enum { QUOTE_METHOD_SHELL = 1, @@ -143,7 +147,9 @@ public: struct _external_acl_format { enum format_type { EXT_ACL_UNKNOWN, +#if USE_AUTH EXT_ACL_LOGIN, +#endif #if USE_IDENT EXT_ACL_IDENT, #endif @@ -178,7 +184,9 @@ struct _external_acl_format { EXT_ACL_USER_CERT_RAW, EXT_ACL_USER_CERTCHAIN_RAW, #endif +#if USE_AUTH EXT_ACL_EXT_USER, +#endif EXT_ACL_END } type; external_acl_format *next; @@ -399,9 +407,11 @@ parse_externalAclHelper(external_acl ** list) parse_header_token(format, (token+3), _external_acl_format::EXT_ACL_HEADER_REQUEST); } else if (strncmp(token, "%<{", 3) == 0) { parse_header_token(format, (token+3), _external_acl_format::EXT_ACL_HEADER_REPLY); +#if USE_AUTH } else if (strcmp(token, "%LOGIN") == 0) { format->type = _external_acl_format::EXT_ACL_LOGIN; a->require_auth = true; +#endif } #if USE_IDENT @@ -450,8 +460,10 @@ parse_externalAclHelper(external_acl ** list) format->header = xstrdup(token + 11); } #endif +#if USE_AUTH else if (strcmp(token, "%EXT_USER") == 0) format->type = _external_acl_format::EXT_ACL_EXT_USER; +#endif else { debugs(0,0, "ERROR: Unknown Format token " << token); self_destruct(); @@ -546,8 +558,9 @@ dump_externalAclHelper(StoreEntry * sentry, const char *name, const external_acl case _external_acl_format::EXT_ACL_##a: \ storeAppendPrintf(sentry, " %%%s", #a); \ break - +#if USE_AUTH DUMP_EXT_ACL_TYPE(LOGIN); +#endif #if USE_IDENT DUMP_EXT_ACL_TYPE(IDENT); @@ -586,9 +599,9 @@ dump_externalAclHelper(StoreEntry * sentry, const char *name, const external_acl storeAppendPrintf(sentry, " %%USER_CERT_%s", format->header); break; #endif - +#if USE_AUTH DUMP_EXT_ACL_TYPE(EXT_USER); - +#endif default: fatal("unknown external_acl format error"); break; @@ -693,6 +706,7 @@ ACLExternal::parse() bool ACLExternal::valid () const { +#if USE_AUTH if (data->def->require_auth) { if (authenticateSchemeCount() == 0) { debugs(28, 0, "Can't use proxy auth because no authentication schemes were compiled."); @@ -704,6 +718,7 @@ ACLExternal::valid () const return false; } } +#endif return true; } @@ -749,18 +764,18 @@ aclMatchExternal(external_acl_data *acl, ACLFilledChecklist *ch) if (!entry) { debugs(82, 9, HERE << "No helper entry available"); +#if USE_AUTH if (acl->def->require_auth) { int ti; /* Make sure the user is authenticated */ debugs(82, 3, "aclMatchExternal: " << acl->def->name << " check user authenticated."); - if ((ti = AuthenticateAcl(ch)) != 1) { debugs(82, 2, "aclMatchExternal: " << acl->def->name << " user not authenticated (" << ti << ")"); return ti; } debugs(82, 3, "aclMatchExternal: " << acl->def->name << " user is authenticated."); } - +#endif key = makeExternalAclKey(ch, acl); if (!key) { @@ -805,12 +820,13 @@ aclMatchExternal(external_acl_data *acl, ACLFilledChecklist *ch) debugs(82, 2, "aclMatchExternal: " << acl->def->name << " = " << result); if (ch->request) { +#if USE_AUTH if (entry->user.size()) ch->request->extacl_user = entry->user; if (entry->password.size()) ch->request->extacl_passwd = entry->password; - +#endif if (!ch->request->tag.size()) ch->request->tag = entry->tag; @@ -881,13 +897,13 @@ makeExternalAclKey(ACLFilledChecklist * ch, external_acl_data * acl_data) String sb; switch (format->type) { - +#if USE_AUTH case _external_acl_format::EXT_ACL_LOGIN: assert (ch->auth_user_request != NULL); str = ch->auth_user_request->username(); break; +#endif #if USE_IDENT - case _external_acl_format::EXT_ACL_IDENT: str = ch->rfc931; @@ -1047,11 +1063,11 @@ makeExternalAclKey(ACLFilledChecklist * ch, external_acl_data * acl_data) break; #endif - +#if USE_AUTH case _external_acl_format::EXT_ACL_EXT_USER: str = request->extacl_user.termedBuf(); break; - +#endif case _external_acl_format::EXT_ACL_UNKNOWN: case _external_acl_format::EXT_ACL_END: @@ -1250,9 +1266,7 @@ externalAclHandleReply(void *data, char *reply) if (state->def->quote == external_acl::QUOTE_METHOD_URL) rfc1738_unescape(value); - if (strcmp(token, "user") == 0) - entryData.user = value; - else if (strcmp(token, "message") == 0) + if (strcmp(token, "message") == 0) entryData.message = value; else if (strcmp(token, "error") == 0) entryData.message = value; @@ -1260,12 +1274,16 @@ externalAclHandleReply(void *data, char *reply) entryData.tag = value; else if (strcmp(token, "log") == 0) entryData.log = value; +#if USE_AUTH + else if (strcmp(token, "user") == 0) + entryData.user = value; else if (strcmp(token, "password") == 0) entryData.password = value; else if (strcmp(token, "passwd") == 0) entryData.password = value; else if (strcmp(token, "login") == 0) entryData.user = value; +#endif } } } @@ -1310,6 +1328,7 @@ ACLExternal::ExternalAclLookup(ACLChecklist *checklist, ACLExternal * me, EAH * bool graceful = 0; ACLFilledChecklist *ch = Filled(checklist); +#if USE_AUTH if (acl->def->require_auth) { int ti; /* Make sure the user is authenticated */ @@ -1323,6 +1342,7 @@ ACLExternal::ExternalAclLookup(ACLChecklist *checklist, ACLExternal * me, EAH * } debugs(82, 3, "aclMatchExternal: " << acl->def->name << " user is authenticated."); } +#endif const char *key = makeExternalAclKey(ch, acl); @@ -1419,10 +1439,13 @@ ACLExternal::ExternalAclLookup(ACLChecklist *checklist, ACLExternal * me, EAH * debugs(82, 4, "externalAclLookup: using cached entry " << entry); if (entry != NULL) { - debugs(82, 4, "externalAclLookup: entry = { date=" << - (long unsigned int) entry->date << ", result=" << - entry->result << ", user=" << entry->user << " tag=" << - entry->tag << " log=" << entry->log << " }"); + debugs(82, 4, "externalAclLookup: entry = { date=" << (long unsigned int) entry->date << + ", result=" << entry->result << +#if USE_AUTH + ", user=" << entry->user << +#endif + " tag=" << entry->tag << + " log=" << entry->log << " }"); } @@ -1562,5 +1585,9 @@ ACLExternal::typeString() const bool ACLExternal::isProxyAuth() const { +#if USE_AUTH return data->def->require_auth; +#else + return false; +#endif } diff --git a/src/http.cc b/src/http.cc index 3b5997f9ab..d33e4b1d39 100644 --- a/src/http.cc +++ b/src/http.cc @@ -41,7 +41,9 @@ #include "squid.h" #include "acl/FilledChecklist.h" +#if USE_AUTH #include "auth/UserRequest.h" +#endif #include "base/AsyncJobCalls.h" #include "base/TextException.h" #include "base64.h" @@ -1595,8 +1597,10 @@ httpFixupAuthentication(HttpRequest * request, HttpRequest * orig_request, const if (orig_request->extacl_user.size()) username = orig_request->extacl_user.termedBuf(); +#if USE_AUTH else if (orig_request->auth_user_request != NULL) username = orig_request->auth_user_request->username(); +#endif snprintf(loginbuf, sizeof(loginbuf), "%s%s", username, orig_request->peer_login + 1); @@ -1619,7 +1623,7 @@ httpFixupAuthentication(HttpRequest * request, HttpRequest * orig_request, const } /* Kerberos login to peer */ -#if HAVE_KRB5 && HAVE_GSSAPI +#if HAVE_AUTH_MODULE_NEGOTIATE && HAVE_KRB5 && HAVE_GSSAPI if (strncmp(orig_request->peer_login, "NEGOTIATE",strlen("NEGOTIATE")) == 0) { char *Token=NULL; char *PrincipalName=NULL,*p; diff --git a/src/main.cc b/src/main.cc index e29b7b69a2..8672de6f83 100644 --- a/src/main.cc +++ b/src/main.cc @@ -37,7 +37,9 @@ #if ICAP_CLIENT #include "adaptation/icap/icap_log.h" #endif +#if USE_AUTH #include "auth/Gadgets.h" +#endif #include "base/TextException.h" #if USE_DELAY_POOLS #include "ClientDelayConfig.h" @@ -231,10 +233,10 @@ SignalEngine::doShutdown(time_t wait) /* run the closure code which can be shared with reconfigure */ serverConnectionsClose(); - +#if USE_AUTH /* detach the auth components (only do this on full shutdown) */ AuthScheme::FreeAll(); - +#endif eventAdd("SquidShutdown", &StopEventLoop, this, (double) (wait + 1), 1, false); } @@ -667,7 +669,9 @@ serverConnectionsOpen(void) peerSelectInit(); carpInit(); +#if USE_AUTH peerUserHashInit(); +#endif peerSourceHashInit(); } } @@ -736,7 +740,9 @@ mainReconfigureStart(void) Ssl::TheGlobalContextStorage.reconfigureStart(); #endif redirectShutdown(); +#if USE_AUTH authenticateReset(); +#endif externalAclShutdown(); storeDirCloseSwapLogs(); storeLogClose(); @@ -821,7 +827,9 @@ mainReconfigureFinish(void *) #endif redirectInit(); +#if USE_AUTH authenticateInit(&Auth::TheConfig); +#endif externalAclInit(); if (IamPrimaryProcess()) { @@ -870,7 +878,9 @@ mainRotate(void) dnsShutdown(); #endif redirectShutdown(); +#if USE_AUTH authenticateRotate(); +#endif externalAclShutdown(); _db_rotate_log(); /* cache.log */ @@ -885,7 +895,9 @@ mainRotate(void) dnsInit(); #endif redirectInit(); +#if USE_AUTH authenticateInit(&Auth::TheConfig); +#endif externalAclInit(); } @@ -1011,9 +1023,9 @@ mainInitialize(void) #endif redirectInit(); - +#if USE_AUTH authenticateInit(&Auth::TheConfig); - +#endif externalAclInit(); httpHeaderInitModule(); /* must go before any header processing (e.g. the one in errorInitialize) */ @@ -1345,9 +1357,9 @@ SquidMain(int argc, char **argv) /* we may want the parsing process to set this up in the future */ Store::Root(new StoreController); - +#if USE_AUTH InitAuthSchemes(); /* required for config parsing */ - +#endif Ip::ProbeTransport(); // determine IPv4 or IPv6 capabilities before parsing. parse_err = parseConfigFile(ConfigFile); @@ -1821,8 +1833,9 @@ SquidShutdown() #if USE_DELAY_POOLS DelayPools::FreePools(); #endif - +#if USE_AUTH authenticateReset(); +#endif #if USE_WIN32_SERVICE WIN32_svcstatusupdate(SERVICE_STOP_PENDING, 10000); diff --git a/src/neighbors.cc b/src/neighbors.cc index 3490db2329..c9a8e01284 100644 --- a/src/neighbors.cc +++ b/src/neighbors.cc @@ -1574,13 +1574,13 @@ dump_peer_options(StoreEntry * sentry, peer * p) if (p->options.carp) storeAppendPrintf(sentry, " carp"); - +#if USE_AUTH if (p->options.userhash) storeAppendPrintf(sentry, " userhash"); if (p->options.userhash) storeAppendPrintf(sentry, " sourcehash"); - +#endif if (p->options.weighted_roundrobin) storeAppendPrintf(sentry, " weighted-round-robin"); diff --git a/src/peer_select.cc b/src/peer_select.cc index 4cdc429f58..84117d86c5 100644 --- a/src/peer_select.cc +++ b/src/peer_select.cc @@ -516,8 +516,10 @@ peerGetSomeParent(ps_state * ps) if ((p = getDefaultParent(request))) { code = DEFAULT_PARENT; +#if USE_AUTH } else if ((p = peerUserHashSelectParent(request))) { code = USERHASH_PARENT; +#endif } else if ((p = peerSourceHashSelectParent(request))) { code = SOURCEHASH_PARENT; } else if ((p = carpSelectParent(request))) { diff --git a/src/peer_userhash.cc b/src/peer_userhash.cc index fc7905de90..53584c53d9 100644 --- a/src/peer_userhash.cc +++ b/src/peer_userhash.cc @@ -35,6 +35,9 @@ */ #include "squid.h" + +#if USE_AUTH + #include "mgr/Registration.h" #include "Store.h" #include "HttpRequest.h" @@ -236,3 +239,5 @@ peerUserHashCachemgr(StoreEntry * sentry) sumfetches ? (double) p->stats.fetches / sumfetches : -1.0); } } + +#endif /* USE_AUTH */ diff --git a/src/protos.h b/src/protos.h index 599a9aa311..e1b99ed702 100644 --- a/src/protos.h +++ b/src/protos.h @@ -795,12 +795,15 @@ class external_acl; #endif -#if HAVE_KRB5 && HAVE_GSSAPI +#if USE_AUTH + +#if HAVE_AUTH_MODULE_NEGOTIATE && HAVE_KRB5 && HAVE_GSSAPI /* upstream proxy authentication */ SQUIDCEXTERN char *peer_proxy_negotiate_auth(char *principal_name, char *proxy); #endif /* call to ensure the auth component schemes exist. */ SQUIDCEXTERN void InitAuthSchemes(void); +#endif /* USE_AUTH */ #endif /* SQUID_PROTOS_H */ diff --git a/src/redirect.cc b/src/redirect.cc index ea777bc1f0..0641b6243f 100644 --- a/src/redirect.cc +++ b/src/redirect.cc @@ -34,7 +34,9 @@ */ #include "squid.h" +#if USE_AUTH #include "auth/UserRequest.h" +#endif #include "mgr/Registration.h" #include "Store.h" #include "fde.h" @@ -144,10 +146,12 @@ redirectStart(ClientHttpRequest * http, RH * handler, void *data) else r->client_addr.SetNoAddr(); r->client_ident = NULL; - +#if USE_AUTH if (http->request->auth_user_request != NULL) r->client_ident = http->request->auth_user_request->username(); - else if (http->request->extacl_user.defined()) { + else +#endif + if (http->request->extacl_user.defined()) { r->client_ident = http->request->extacl_user.termedBuf(); } @@ -201,8 +205,12 @@ redirectStart(ClientHttpRequest * http, RH * handler, void *data) http->getConn() != NULL ? http->getConn()->peer : tmpnoaddr, http->request, NULL, +#if USE_AUTH http->getConn() != NULL && http->getConn()->auth_user_request != NULL ? http->getConn()->auth_user_request : http->request->auth_user_request); +#else + NULL); +#endif node = (clientStreamNode *)http->client_stream.tail->data; clientStreamRead(node, http, node->readBuffer); diff --git a/src/stat.cc b/src/stat.cc index 5d767cf78b..9e63bac019 100644 --- a/src/stat.cc +++ b/src/stat.cc @@ -35,7 +35,9 @@ #include "squid.h" #include "event.h" #include "StoreClient.h" +#if USE_AUTH #include "auth/UserRequest.h" +#endif #include "mgr/Registration.h" #include "Store.h" #include "HttpRequest.h" @@ -1371,9 +1373,11 @@ statRegisterWithCacheManager(void) Mgr::RegisterAction("active_requests", "Client-side Active Requests", statClientRequests, 0, 1); +#if USE_AUTH Mgr::RegisterAction("username_cache", "Active Cached Usernames", AuthUser::UsernameCacheStats, 0, 1); +#endif #if DEBUG_OPENFD Mgr::RegisterAction("openfd_objects", "Objects with Swapout files open", statOpenfdObj, 0, 0); @@ -2051,10 +2055,12 @@ statClientRequests(StoreEntry * s) (long int) http->start_time.tv_sec, (int) http->start_time.tv_usec, tvSubDsec(http->start_time, current_time)); - +#if USE_AUTH if (http->request->auth_user_request != NULL) p = http->request->auth_user_request->username(); - else if (http->request->extacl_user.defined()) { + else +#endif + if (http->request->extacl_user.defined()) { p = http->request->extacl_user.termedBuf(); } diff --git a/src/structs.h b/src/structs.h index 2f70ffe98b..9b6e3aef96 100644 --- a/src/structs.h +++ b/src/structs.h @@ -881,7 +881,9 @@ struct peer { #endif unsigned int allow_miss:1; unsigned int carp:1; +#if USE_AUTH unsigned int userhash:1; +#endif unsigned int sourcehash:1; unsigned int originserver:1; unsigned int no_tproxy:1; @@ -924,13 +926,13 @@ struct peer { double load_multiplier; double load_factor; /* normalized weight value */ } carp; - +#if USE_AUTH struct { unsigned int hash; double load_multiplier; double load_factor; /* normalized weight value */ } userhash; - +#endif struct { unsigned int hash; double load_multiplier; diff --git a/src/tests/testACLMaxUserIP.cc b/src/tests/testACLMaxUserIP.cc index 97a4c80729..b7be6ec6c2 100644 --- a/src/tests/testACLMaxUserIP.cc +++ b/src/tests/testACLMaxUserIP.cc @@ -1,6 +1,9 @@ #define SQUID_UNIT_TEST 1 #include "squid.h" + +#if USE_AUTH + #include "testACLMaxUserIP.h" #include "auth/AclMaxUserIp.h" @@ -40,3 +43,5 @@ testACLMaxUserIP::testParseLine() CPPUNIT_ASSERT(anACL.valid()); xfree(line); } + +#endif /* USE_AUTH */ diff --git a/src/tests/testACLMaxUserIP.h b/src/tests/testACLMaxUserIP.h index 606f235f27..7c1afdd121 100644 --- a/src/tests/testACLMaxUserIP.h +++ b/src/tests/testACLMaxUserIP.h @@ -2,6 +2,8 @@ #ifndef SQUID_SRC_TEST_ACLMAXUSERIP_H #define SQUID_SRC_TEST_ACLMAXUSERIP_H +#if USE_AUTH + #include /* @@ -24,5 +26,5 @@ protected: void testParseLine(); }; +#endif /* USE_AUTH */ #endif /* SQUID_SRC_TEST_ACLMAXUSERIP_H */ - diff --git a/src/tests/testAuth.cc b/src/tests/testAuth.cc index 056bc14ba0..8b693067d0 100644 --- a/src/tests/testAuth.cc +++ b/src/tests/testAuth.cc @@ -1,6 +1,9 @@ #define SQUID_UNIT_TEST 1 #include "squid.h" + +#if USE_AUTH + #include "testAuth.h" #include "auth/Gadgets.h" #include "auth/UserRequest.h" @@ -275,3 +278,4 @@ testAuthNegotiateUserRequest::username() } #endif /* HAVE_AUTH_MODULE_NEGOTIATE */ +#endif /* USE_AUTH */ diff --git a/src/tests/testAuth.h b/src/tests/testAuth.h index b727884341..b2b3212f3e 100644 --- a/src/tests/testAuth.h +++ b/src/tests/testAuth.h @@ -1,7 +1,8 @@ - #ifndef SQUID_SRC_TEST_AUTH_H #define SQUID_SRC_TEST_AUTH_H +#if USE_AUTH + #include /* @@ -113,5 +114,5 @@ protected: }; #endif -#endif - +#endif /* USE_AUTH */ +#endif /* SQUID_SRC_TEST_AUTH_H */ -- 2.39.5