proxy auth cleanup/fix from author

diff --git a/src/Makefile.in b/src/Makefile.in
index db08b87bf73bab0b4714a3d4e28f4d372857a9a3..3aaa0f4c2d6cf4750df7f40a4325cbce4b39ab5e 100644 (file)
--- a/src/Makefile.in
+++ b/src/Makefile.in
@@ -1,14 +1,15 @@
 #
 #  Makefile for the Squid Object Cache server
 #
-#  $Id: Makefile.in,v 1.35 1996/08/19 22:44:48 wessels Exp $
+#  $Id: Makefile.in,v 1.36 1996/08/29 16:55:46 wessels Exp $
 #
 #  Uncomment and customize the following to suit your needs:
 #
 HOST_OPT       = # -DCACHEMGR_HOSTNAME="getfullhostname()"
 AIO_OPT                = # -DUSE_ASYNC_IO=1
 AIO_LIBS       = # @AIO_LIBS@
-DEFINES         = $(HOST_OPT) $(AIO_OPT)
+AUTH_OPT       = # -DUSE_PROXY_AUTH=1
+DEFINES                = $(HOST_OPT) $(AIO_OPT) $(AUTH_OPT)
 
 prefix         = @prefix@
 exec_prefix    = @exec_prefix@

diff --git a/src/cache_cf.cc b/src/cache_cf.cc
index e481db3f4130f2b44b4d8847e2e1203128da3925..59cb8fa7a2e81560ba820a19a0dc4f9006b06eb2 100644 (file)
--- a/src/cache_cf.cc
+++ b/src/cache_cf.cc
@@ -1,5 +1,5 @@
 /*
- * $Id: cache_cf.cc,v 1.78 1996/08/28 20:12:52 wessels Exp $
+ * $Id: cache_cf.cc,v 1.79 1996/08/29 16:55:47 wessels Exp $
  *
  * DEBUG: section 3     Configuration File Parsing
  * AUTHOR: Harvest Derived
@@ -147,7 +147,7 @@ struct SquidConfig Config;
 #define DefaultStoreLogFile    DEFAULT_STORE_LOG
 #if USE_PROXY_AUTH
 #define DefaultProxyAuthFile    (char *)NULL   /* default NONE */
-#define DefaultProxyAuthIgnoreDomain "none-at-all"
+#define DefaultProxyAuthIgnoreDomain (char *)NULL      /* default NONE */
 #endif /* USE_PROXY_AUTH */
 #define DefaultLogRotateNumber  10
 #define DefaultAdminEmail      "webmaster"
@@ -1231,7 +1231,7 @@ int parseConfigFile(file_name)
            parseIntegerValue(&Config.redirectChildren);
 
 #if USE_PROXY_AUTH
-       else if (!strcmp(token, "proxy_authentication"))
+       else if (!strcmp(token, "proxy_auth"))
            parseProxyAuthLine();
 #endif /* USE_PROXY_AUTH */
 

diff --git a/src/client_side.cc b/src/client_side.cc
index e2f8e2f9ac67e1f660938ebe49f91f9c5e3d7490..bbe380e0d409f515729687f1a3b2d7d286f37634 100644 (file)
--- a/src/client_side.cc
+++ b/src/client_side.cc
@@ -1,6 +1,6 @@
 
 /*
- * $Id: client_side.cc,v 1.13 1996/08/28 17:22:52 wessels Exp $
+ * $Id: client_side.cc,v 1.14 1996/08/29 16:55:48 wessels Exp $
  *
  * DEBUG: section 33    Client-side Routines
  * AUTHOR: Duane Wessels
@@ -86,11 +86,11 @@ static int clientProxyAuthCheck(icpState)
      * an object of type cacheobj:// */
     if (Config.proxyAuthFile == NULL)
        return 1;
-    if (strstr(icpState->url, Config.proxyAuthIgnoreDomain))
-       return 1;
     if (urlParseProtocol(icpState->url) == PROTO_CACHEOBJ)
        return 1;
-
+    if (Config.proxyAuthIgnoreDomain != NULL)
+       if (matchDomainName(Config.proxyAuthIgnoreDomain, icpState->request->host))
+           return 1;
     proxy_user = proxyAuthenticate(icpState->request_hdr);
     strncpy(icpState->ident, proxy_user, ICP_IDENT_SZ);
     debug(33, 6, "jrmt: user = %s\n", icpState->ident);
@@ -126,6 +126,7 @@ void clientAccessCheck(icpState, handler)
                icpState->url,
                fd_table[fd].ipaddr));
        icpSendERROR(fd, icpState->log_type, wbuf, icpState, icpState->http_code);
+       safe_free(icpState->aclChecklist);
        return;
     }
 #endif /* USE_PROXY_AUTH */
@@ -234,17 +235,12 @@ char *proxyAuthenticate(char *headers)
     hash_link *hashr = NULL;
     FILE *f = NULL;
 
-    /* Look for Proxy-[Aa]uthorization: Basic in the
+    /* Look for Proxy-authorization: Basic in the
      * headers sent by the client
      */
     if ((s = mime_get_header(headers, "Proxy-authorization:")) == NULL) {
-       /* Check for MS Internet Explorer too, as well as Netscape
-        * FIXME: Need a version of mime_get_header that uses strcasecmp()
-        */
-       if ((s = mime_get_header(headers, "Proxy-Authorization:")) == NULL) {
-           debug(33, 5, "jrmt: Can't find authorization header\n");
-           return (dash_str);
-       }
+       debug(33, 5, "jrmt: Can't find authorization header\n");
+       return (dash_str);
     }
     /* Skip the 'Basic' part */
     s += strlen(" Basic");
@@ -258,7 +254,7 @@ char *proxyAuthenticate(char *headers)
     debug(33, 5, "jrmt: user = %s\n", sent_user);
 
     /* Look at the Last-modified time of the proxy.passwords
-     * file every ten seconds, to see if it's been changed via
+     * file every five minutes, to see if it's been changed via
      * a cgi-bin script, etc. If so, reload a fresh copy into memory
      */
 
@@ -272,9 +268,6 @@ char *proxyAuthenticate(char *headers)
                debug(33, 0, "jrmt: reloading changed proxy authentication password file %s \n", Config.proxyAuthFile);
                change_time = buf.st_mtime;
 
-               if (passwords != NULL)
-                   xfree(passwords);
-
                if (validated != 0) {
                    debug(33, 5, "jrmt: invalidating old entries\n");
                    for (i = 0, hashr = hash_first(validated); hashr; hashr = hash_next(validated)) {
@@ -282,10 +275,11 @@ char *proxyAuthenticate(char *headers)
                        hash_delete(validated, hashr->key);
                    }
                } else {
-                   /* First time around, 7921 should be big enough for GDS :-) */
+                   /* First time around, 7921 should be big enough */
                    if ((validated = hash_create(urlcmp, 7921, hash_string)) < 0) {
                        debug(1, 1, "ERK: can't create hash table. Turning auth off");
-                       Config.proxyAuthOn = 0;
+                       xfree(Config.proxyAuthFile);
+                       Config.proxyAuthFile = NULL;
                        return (dash_str);
                    }
                }
@@ -304,15 +298,18 @@ char *proxyAuthenticate(char *headers)
                while (user != NULL) {
                    if (strlen(user) > 1 && strlen(passwd) > 1) {
                        debug(33, 6, "jrmt: adding %s, %s to hash table\n", user, passwd);
-                       hash_insert(validated, user, (void *) passwd);
+                       hash_insert(validated, xstrdup(user), (void *) xstrdup(passwd));
                    }
                    user = strtok(NULL, ":");
                    passwd = strtok(NULL, "\n");
                }
+
+               xfree(passwords);
            }
        } else {
-           debug(1, 1, "ERK: can't access proxy_auth_file %s. Turning authentication off until SIGHUPed", Config.proxyAuthFile);
-           Config.proxyAuthOn = 0;
+           debug(1, 1, "ERK: can't access proxy_auth file %s. Turning authentication off", Config.proxyAuthFile);
+           xfree(Config.proxyAuthFile);
+           Config.proxyAuthFile = NULL;
            return (dash_str);
        }
     }
@@ -325,24 +322,24 @@ char *proxyAuthenticate(char *headers)
        xfree(clear_userandpw);
        return (dash_str);
     }
+    passwd = strstr(clear_userandpw, ":");
+    passwd++;
+
     /* See if we've already validated them */
-    if (strcmp(hashr->item, "OK") == 0) {
+    if (strcmp(hashr->item, passwd) == 0) {
        debug(33, 5, "jrmt: user %s previously validated\n", sent_user);
        xfree(clear_userandpw);
        return sent_user;
     }
-    passwd = strstr(clear_userandpw, ":");
-    passwd++;
-
     if (strcmp(hashr->item, (char *) crypt(passwd, hashr->item))) {
        /* Passwords differ, deny access */
        debug(33, 4, "jrmt: authentication failed: user %s passwords differ\n", sent_user);
-       debug(33, 6, "jrmt: password given: %s, actual %s\n", passwd, hashr->item);
        xfree(clear_userandpw);
        return (dash_str);
     }
     debug(33, 5, "jrmt: user %s validated\n", sent_user);
-    hash_insert(validated, sent_user, (void *) "OK");
+    hash_delete(validated, sent_user);
+    hash_insert(validated, xstrdup(sent_user), (void *) xstrdup(passwd));
 
     xfree(clear_userandpw);
     return (sent_user);