From: adrian <> Date: Fri, 3 Aug 2001 21:12:57 +0000 (+0000) Subject: Latest NTLM snapshot code, courtesy of kinkie and robert. X-Git-Tag: SQUID_3_0_PRE1~1459 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=60d096f4287b864c0213790e0593d37851a15907;p=thirdparty%2Fsquid.git Latest NTLM snapshot code, courtesy of kinkie and robert. It's been a while coming... but Kinkie and I now have probably-production ready NTLM code. It's gone past 1.5 million requests without failing. The attached patch is a rollup of many minor fixes and some enhancements: * Digest: fix crash on shutdown * ACL: New type max_user_ip to replace authenticate_ip_is_strict. * ACL: Authenication refactored, to separate authentication and authorisation as well as allow 'lazy auth' where authentication is triggered by the presence of an authentication using ACL, not necessarily "proxy_auth". I.e. using max_user_ip will trigger authentication even if no proxy_auth acl's are defined. * Authentication: API for schemes extended to allow handling duplicate authentication on a authenticated _connection_ (yes NTLM again). * Authentication: Authentication API extended to allow multiple IP's per auth_user, and to allow authentication as an orthogonal process to authorisation. * NTLM: many minor races fixed. Should prevent the "Direction before ..." errors and the "Duplicate auth" + login popup bug. * Delay pools: Support authentication (Non-NTLM)in delay pools acl's. Beginnings of NTLM support for same. * Helpers: Stateful helper bugfixes to prevent negative deferred helper counts (which prevented ntlm challenge refreshing). * configure: detect two more headers for NTLM compilation on some platforms. --- diff --git a/configure b/configure index 5ef6e8d415..c4278622df 100755 --- a/configure +++ b/configure @@ -700,7 +700,7 @@ fi -# From configure.in Revision: 1.225 +# From configure.in Revision: 1.226 ac_aux_dir= for ac_dir in cfgaux $srcdir/cfgaux; do if test -f $ac_dir/install-sh; then @@ -2936,21 +2936,23 @@ for ac_hdr in \ varargs.h \ byteswap.h \ glib.h \ + stdint.h \ + inttypes.h \ do ac_safe=`echo "$ac_hdr" | sed 'y%./+-%__p_%'` echo $ac_n "checking for $ac_hdr""... $ac_c" 1>&6 -echo "configure:2944: checking for $ac_hdr" >&5 +echo "configure:2946: checking for $ac_hdr" >&5 if eval "test \"`echo '$''{'ac_cv_header_$ac_safe'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext < EOF ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out" -{ (eval echo configure:2954: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } +{ (eval echo configure:2956: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } ac_err=`grep -v '^ *+' conftest.out | grep -v "^conftest.${ac_ext}\$"` if test -z "$ac_err"; then rm -rf conftest* @@ -2978,12 +2980,12 @@ done echo $ac_n "checking for working const""... $ac_c" 1>&6 -echo "configure:2982: checking for working const" >&5 +echo "configure:2984: checking for working const" >&5 if eval "test \"`echo '$''{'ac_cv_c_const'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext <&5; (eval $ac_compile) 2>&5; }; then +if { (eval echo configure:3038: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then rm -rf conftest* ac_cv_c_const=yes else @@ -3053,14 +3055,14 @@ EOF fi echo $ac_n "checking whether byte ordering is bigendian""... $ac_c" 1>&6 -echo "configure:3057: checking whether byte ordering is bigendian" >&5 +echo "configure:3059: checking whether byte ordering is bigendian" >&5 if eval "test \"`echo '$''{'ac_cv_c_bigendian'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else ac_cv_c_bigendian=unknown # See if sys/param.h defines the BYTE_ORDER macro. cat > conftest.$ac_ext < #include @@ -3071,11 +3073,11 @@ int main() { #endif ; return 0; } EOF -if { (eval echo configure:3075: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then +if { (eval echo configure:3077: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then rm -rf conftest* # It does; now see whether it defined to BIG_ENDIAN or not. cat > conftest.$ac_ext < #include @@ -3086,7 +3088,7 @@ int main() { #endif ; return 0; } EOF -if { (eval echo configure:3090: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then +if { (eval echo configure:3092: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then rm -rf conftest* ac_cv_c_bigendian=yes else @@ -3106,7 +3108,7 @@ if test "$cross_compiling" = yes; then { echo "configure: error: can not run test program while cross compiling" 1>&2; exit 1; } else cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null +if { (eval echo configure:3125: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null then ac_cv_c_bigendian=no else @@ -3144,20 +3146,20 @@ fi echo $ac_n "checking if ANSI prototypes work""... $ac_c" 1>&6 -echo "configure:3148: checking if ANSI prototypes work" >&5 +echo "configure:3150: checking if ANSI prototypes work" >&5 if eval "test \"`echo '$''{'ac_cv_have_ansi_prototypes'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext <&5; (eval $ac_compile) 2>&5; }; then +if { (eval echo configure:3163: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then rm -rf conftest* ac_cv_have_ansi_prototypes="yes" else @@ -3179,13 +3181,13 @@ EOF fi echo $ac_n "checking for tm->tm_gmtoff""... $ac_c" 1>&6 -echo "configure:3183: checking for tm->tm_gmtoff" >&5 +echo "configure:3185: checking for tm->tm_gmtoff" >&5 if eval "test \"`echo '$''{'ac_cv_have_tm_gmoff'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext < #include @@ -3194,7 +3196,7 @@ struct tm foo; foo.tm_gmtoff = 0; ; return 0; } EOF -if { (eval echo configure:3198: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then +if { (eval echo configure:3200: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then rm -rf conftest* ac_cv_have_tm_gmoff="yes" else @@ -3216,13 +3218,13 @@ EOF fi echo $ac_n "checking for struct mallinfo""... $ac_c" 1>&6 -echo "configure:3220: checking for struct mallinfo" >&5 +echo "configure:3222: checking for struct mallinfo" >&5 if eval "test \"`echo '$''{'ac_cv_have_struct_mallinfo'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext < #if HAVE_MALLOC_H @@ -3240,7 +3242,7 @@ struct mallinfo foo; foo.keepcost = 0; ; return 0; } EOF -if { (eval echo configure:3244: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then +if { (eval echo configure:3246: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then rm -rf conftest* ac_cv_have_struct_mallinfo="yes" else @@ -3262,13 +3264,13 @@ EOF fi echo $ac_n "checking for extended mallinfo""... $ac_c" 1>&6 -echo "configure:3266: checking for extended mallinfo" >&5 +echo "configure:3268: checking for extended mallinfo" >&5 if eval "test \"`echo '$''{'ac_cv_have_ext_mallinfo'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext < #include @@ -3277,7 +3279,7 @@ struct mallinfo foo; foo.mxfast = 0; ; return 0; } EOF -if { (eval echo configure:3281: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then +if { (eval echo configure:3283: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then rm -rf conftest* ac_cv_have_ext_mallinfo="yes" else @@ -3299,13 +3301,13 @@ EOF fi echo $ac_n "checking for struct rusage""... $ac_c" 1>&6 -echo "configure:3303: checking for struct rusage" >&5 +echo "configure:3305: checking for struct rusage" >&5 if eval "test \"`echo '$''{'ac_cv_have_struct_rusage'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext <&5; (eval $ac_compile) 2>&5; }; then +if { (eval echo configure:3324: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then rm -rf conftest* ac_cv_have_struct_rusage="yes" else @@ -3340,13 +3342,13 @@ EOF fi echo $ac_n "checking for ip->ip_hl""... $ac_c" 1>&6 -echo "configure:3344: checking for ip->ip_hl" >&5 +echo "configure:3346: checking for ip->ip_hl" >&5 if eval "test \"`echo '$''{'ac_cv_have_ip_hl'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext < #include @@ -3365,7 +3367,7 @@ struct iphdr ip; ip.ip_hl= 0; ; return 0; } EOF -if { (eval echo configure:3369: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then +if { (eval echo configure:3371: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then rm -rf conftest* ac_cv_have_ip_hl="yes" else @@ -3387,7 +3389,7 @@ EOF fi echo $ac_n "checking size of void *""... $ac_c" 1>&6 -echo "configure:3391: checking size of void *" >&5 +echo "configure:3393: checking size of void *" >&5 if eval "test \"`echo '$''{'ac_cv_sizeof_void_p'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else @@ -3395,7 +3397,7 @@ else { echo "configure: error: can not run test program while cross compiling" 1>&2; exit 1; } else cat > conftest.$ac_ext < main() @@ -3406,7 +3408,7 @@ main() exit(0); } EOF -if { (eval echo configure:3410: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null +if { (eval echo configure:3412: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null then ac_cv_sizeof_void_p=`cat conftestval` else @@ -3426,7 +3428,7 @@ EOF echo $ac_n "checking size of short""... $ac_c" 1>&6 -echo "configure:3430: checking size of short" >&5 +echo "configure:3432: checking size of short" >&5 if eval "test \"`echo '$''{'ac_cv_sizeof_short'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else @@ -3434,7 +3436,7 @@ else { echo "configure: error: can not run test program while cross compiling" 1>&2; exit 1; } else cat > conftest.$ac_ext < main() @@ -3445,7 +3447,7 @@ main() exit(0); } EOF -if { (eval echo configure:3449: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null +if { (eval echo configure:3451: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null then ac_cv_sizeof_short=`cat conftestval` else @@ -3465,7 +3467,7 @@ EOF echo $ac_n "checking size of int""... $ac_c" 1>&6 -echo "configure:3469: checking size of int" >&5 +echo "configure:3471: checking size of int" >&5 if eval "test \"`echo '$''{'ac_cv_sizeof_int'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else @@ -3473,7 +3475,7 @@ else { echo "configure: error: can not run test program while cross compiling" 1>&2; exit 1; } else cat > conftest.$ac_ext < main() @@ -3484,7 +3486,7 @@ main() exit(0); } EOF -if { (eval echo configure:3488: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null +if { (eval echo configure:3490: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null then ac_cv_sizeof_int=`cat conftestval` else @@ -3504,7 +3506,7 @@ EOF echo $ac_n "checking size of long""... $ac_c" 1>&6 -echo "configure:3508: checking size of long" >&5 +echo "configure:3510: checking size of long" >&5 if eval "test \"`echo '$''{'ac_cv_sizeof_long'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else @@ -3512,7 +3514,7 @@ else { echo "configure: error: can not run test program while cross compiling" 1>&2; exit 1; } else cat > conftest.$ac_ext < main() @@ -3523,7 +3525,7 @@ main() exit(0); } EOF -if { (eval echo configure:3527: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null +if { (eval echo configure:3529: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null then ac_cv_sizeof_long=`cat conftestval` else @@ -3543,7 +3545,7 @@ EOF echo $ac_n "checking size of long long""... $ac_c" 1>&6 -echo "configure:3547: checking size of long long" >&5 +echo "configure:3549: checking size of long long" >&5 if eval "test \"`echo '$''{'ac_cv_sizeof_long_long'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else @@ -3551,7 +3553,7 @@ else { echo "configure: error: can not run test program while cross compiling" 1>&2; exit 1; } else cat > conftest.$ac_ext < main() @@ -3562,7 +3564,7 @@ main() exit(0); } EOF -if { (eval echo configure:3566: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null +if { (eval echo configure:3568: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null then ac_cv_sizeof_long_long=`cat conftestval` else @@ -3582,7 +3584,7 @@ EOF echo $ac_n "checking size of __int64""... $ac_c" 1>&6 -echo "configure:3586: checking size of __int64" >&5 +echo "configure:3588: checking size of __int64" >&5 if eval "test \"`echo '$''{'ac_cv_sizeof___int64'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else @@ -3590,7 +3592,7 @@ else { echo "configure: error: can not run test program while cross compiling" 1>&2; exit 1; } else cat > conftest.$ac_ext < main() @@ -3601,7 +3603,7 @@ main() exit(0); } EOF -if { (eval echo configure:3605: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null +if { (eval echo configure:3607: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null then ac_cv_sizeof___int64=`cat conftestval` else @@ -3621,7 +3623,7 @@ EOF echo $ac_n "checking size of int16_t""... $ac_c" 1>&6 -echo "configure:3625: checking size of int16_t" >&5 +echo "configure:3627: checking size of int16_t" >&5 if eval "test \"`echo '$''{'ac_cv_sizeof_int16_t'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else @@ -3629,7 +3631,7 @@ else { echo "configure: error: can not run test program while cross compiling" 1>&2; exit 1; } else cat > conftest.$ac_ext < main() @@ -3640,7 +3642,7 @@ main() exit(0); } EOF -if { (eval echo configure:3644: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null +if { (eval echo configure:3646: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null then ac_cv_sizeof_int16_t=`cat conftestval` else @@ -3660,7 +3662,7 @@ EOF echo $ac_n "checking size of uint16_t""... $ac_c" 1>&6 -echo "configure:3664: checking size of uint16_t" >&5 +echo "configure:3666: checking size of uint16_t" >&5 if eval "test \"`echo '$''{'ac_cv_sizeof_uint16_t'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else @@ -3668,7 +3670,7 @@ else { echo "configure: error: can not run test program while cross compiling" 1>&2; exit 1; } else cat > conftest.$ac_ext < main() @@ -3679,7 +3681,7 @@ main() exit(0); } EOF -if { (eval echo configure:3683: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null +if { (eval echo configure:3685: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null then ac_cv_sizeof_uint16_t=`cat conftestval` else @@ -3699,7 +3701,7 @@ EOF echo $ac_n "checking size of u_int16_t""... $ac_c" 1>&6 -echo "configure:3703: checking size of u_int16_t" >&5 +echo "configure:3705: checking size of u_int16_t" >&5 if eval "test \"`echo '$''{'ac_cv_sizeof_u_int16_t'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else @@ -3707,7 +3709,7 @@ else { echo "configure: error: can not run test program while cross compiling" 1>&2; exit 1; } else cat > conftest.$ac_ext < main() @@ -3718,7 +3720,7 @@ main() exit(0); } EOF -if { (eval echo configure:3722: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null +if { (eval echo configure:3724: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null then ac_cv_sizeof_u_int16_t=`cat conftestval` else @@ -3738,7 +3740,7 @@ EOF echo $ac_n "checking size of int32_t""... $ac_c" 1>&6 -echo "configure:3742: checking size of int32_t" >&5 +echo "configure:3744: checking size of int32_t" >&5 if eval "test \"`echo '$''{'ac_cv_sizeof_int32_t'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else @@ -3746,7 +3748,7 @@ else { echo "configure: error: can not run test program while cross compiling" 1>&2; exit 1; } else cat > conftest.$ac_ext < main() @@ -3757,7 +3759,7 @@ main() exit(0); } EOF -if { (eval echo configure:3761: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null +if { (eval echo configure:3763: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null then ac_cv_sizeof_int32_t=`cat conftestval` else @@ -3777,7 +3779,7 @@ EOF echo $ac_n "checking size of uint32_t""... $ac_c" 1>&6 -echo "configure:3781: checking size of uint32_t" >&5 +echo "configure:3783: checking size of uint32_t" >&5 if eval "test \"`echo '$''{'ac_cv_sizeof_uint32_t'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else @@ -3785,7 +3787,7 @@ else { echo "configure: error: can not run test program while cross compiling" 1>&2; exit 1; } else cat > conftest.$ac_ext < main() @@ -3796,7 +3798,7 @@ main() exit(0); } EOF -if { (eval echo configure:3800: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null +if { (eval echo configure:3802: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null then ac_cv_sizeof_uint32_t=`cat conftestval` else @@ -3816,7 +3818,7 @@ EOF echo $ac_n "checking size of u_int32_t""... $ac_c" 1>&6 -echo "configure:3820: checking size of u_int32_t" >&5 +echo "configure:3822: checking size of u_int32_t" >&5 if eval "test \"`echo '$''{'ac_cv_sizeof_u_int32_t'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else @@ -3824,7 +3826,7 @@ else { echo "configure: error: can not run test program while cross compiling" 1>&2; exit 1; } else cat > conftest.$ac_ext < main() @@ -3835,7 +3837,7 @@ main() exit(0); } EOF -if { (eval echo configure:3839: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null +if { (eval echo configure:3841: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null then ac_cv_sizeof_u_int32_t=`cat conftestval` else @@ -3855,7 +3857,7 @@ EOF echo $ac_n "checking size of int64_t""... $ac_c" 1>&6 -echo "configure:3859: checking size of int64_t" >&5 +echo "configure:3861: checking size of int64_t" >&5 if eval "test \"`echo '$''{'ac_cv_sizeof_int64_t'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else @@ -3863,7 +3865,7 @@ else { echo "configure: error: can not run test program while cross compiling" 1>&2; exit 1; } else cat > conftest.$ac_ext < main() @@ -3874,7 +3876,7 @@ main() exit(0); } EOF -if { (eval echo configure:3878: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null +if { (eval echo configure:3880: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null then ac_cv_sizeof_int64_t=`cat conftestval` else @@ -3894,7 +3896,7 @@ EOF echo $ac_n "checking size of uint64_t""... $ac_c" 1>&6 -echo "configure:3898: checking size of uint64_t" >&5 +echo "configure:3900: checking size of uint64_t" >&5 if eval "test \"`echo '$''{'ac_cv_sizeof_uint64_t'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else @@ -3902,7 +3904,7 @@ else { echo "configure: error: can not run test program while cross compiling" 1>&2; exit 1; } else cat > conftest.$ac_ext < main() @@ -3913,7 +3915,7 @@ main() exit(0); } EOF -if { (eval echo configure:3917: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null +if { (eval echo configure:3919: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null then ac_cv_sizeof_uint64_t=`cat conftestval` else @@ -3933,7 +3935,7 @@ EOF echo $ac_n "checking size of u_int64_t""... $ac_c" 1>&6 -echo "configure:3937: checking size of u_int64_t" >&5 +echo "configure:3939: checking size of u_int64_t" >&5 if eval "test \"`echo '$''{'ac_cv_sizeof_u_int64_t'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else @@ -3941,7 +3943,7 @@ else { echo "configure: error: can not run test program while cross compiling" 1>&2; exit 1; } else cat > conftest.$ac_ext < main() @@ -3952,7 +3954,7 @@ main() exit(0); } EOF -if { (eval echo configure:3956: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null +if { (eval echo configure:3958: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null then ac_cv_sizeof_u_int64_t=`cat conftestval` else @@ -3974,12 +3976,12 @@ EOF if test "x$ac_cv_sizeof_short" = "x2"; then echo $ac_n "checking for int16_t""... $ac_c" 1>&6 -echo "configure:3978: checking for int16_t" >&5 +echo "configure:3980: checking for int16_t" >&5 if eval "test \"`echo '$''{'ac_cv_type_int16_t'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext < #if STDC_HEADERS @@ -4008,12 +4010,12 @@ fi elif test "x$ac_cv_sizeof_int" = "x2"; then echo $ac_n "checking for int16_t""... $ac_c" 1>&6 -echo "configure:4012: checking for int16_t" >&5 +echo "configure:4014: checking for int16_t" >&5 if eval "test \"`echo '$''{'ac_cv_type_int16_t'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext < #if STDC_HEADERS @@ -4043,12 +4045,12 @@ fi fi if test "x$ac_cv_sizeof_uint16_t" = "x2"; then echo $ac_n "checking for u_int16_t""... $ac_c" 1>&6 -echo "configure:4047: checking for u_int16_t" >&5 +echo "configure:4049: checking for u_int16_t" >&5 if eval "test \"`echo '$''{'ac_cv_type_u_int16_t'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext < #if STDC_HEADERS @@ -4077,12 +4079,12 @@ fi elif test "x$ac_cv_sizeof_short" = "x2"; then echo $ac_n "checking for u_int16_t""... $ac_c" 1>&6 -echo "configure:4081: checking for u_int16_t" >&5 +echo "configure:4083: checking for u_int16_t" >&5 if eval "test \"`echo '$''{'ac_cv_type_u_int16_t'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext < #if STDC_HEADERS @@ -4111,12 +4113,12 @@ fi elif test "x$ac_cv_sizeof_int" = "x2"; then echo $ac_n "checking for u_int16_t""... $ac_c" 1>&6 -echo "configure:4115: checking for u_int16_t" >&5 +echo "configure:4117: checking for u_int16_t" >&5 if eval "test \"`echo '$''{'ac_cv_type_u_int16_t'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext < #if STDC_HEADERS @@ -4146,12 +4148,12 @@ fi fi if test "x$ac_cv_sizeof_int" = "x4"; then echo $ac_n "checking for int32_t""... $ac_c" 1>&6 -echo "configure:4150: checking for int32_t" >&5 +echo "configure:4152: checking for int32_t" >&5 if eval "test \"`echo '$''{'ac_cv_type_int32_t'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext < #if STDC_HEADERS @@ -4180,12 +4182,12 @@ fi elif "x$ac_cv_sizeof_long" = "x4"; then echo $ac_n "checking for int32_t""... $ac_c" 1>&6 -echo "configure:4184: checking for int32_t" >&5 +echo "configure:4186: checking for int32_t" >&5 if eval "test \"`echo '$''{'ac_cv_type_int32_t'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext < #if STDC_HEADERS @@ -4215,12 +4217,12 @@ fi fi if test "x$ac_cv_sizeof_uint32_t" = "x4"; then echo $ac_n "checking for u_int32_t""... $ac_c" 1>&6 -echo "configure:4219: checking for u_int32_t" >&5 +echo "configure:4221: checking for u_int32_t" >&5 if eval "test \"`echo '$''{'ac_cv_type_u_int32_t'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext < #if STDC_HEADERS @@ -4249,12 +4251,12 @@ fi elif test "x$ac_cv_sizeof_int" = "x4"; then echo $ac_n "checking for u_int32_t""... $ac_c" 1>&6 -echo "configure:4253: checking for u_int32_t" >&5 +echo "configure:4255: checking for u_int32_t" >&5 if eval "test \"`echo '$''{'ac_cv_type_u_int32_t'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext < #if STDC_HEADERS @@ -4283,12 +4285,12 @@ fi elif test "x$ac_cv_sizeof_long" = "x4"; then echo $ac_n "checking for u_int32_t""... $ac_c" 1>&6 -echo "configure:4287: checking for u_int32_t" >&5 +echo "configure:4289: checking for u_int32_t" >&5 if eval "test \"`echo '$''{'ac_cv_type_u_int32_t'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext < #if STDC_HEADERS @@ -4318,12 +4320,12 @@ fi fi if test "x$ac_cv_sizeof_long" = "x8"; then echo $ac_n "checking for int64_t""... $ac_c" 1>&6 -echo "configure:4322: checking for int64_t" >&5 +echo "configure:4324: checking for int64_t" >&5 if eval "test \"`echo '$''{'ac_cv_type_int64_t'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext < #if STDC_HEADERS @@ -4352,12 +4354,12 @@ fi elif test "x$ac_cv_sizeof_long_long" = "x8"; then echo $ac_n "checking for int64_t""... $ac_c" 1>&6 -echo "configure:4356: checking for int64_t" >&5 +echo "configure:4358: checking for int64_t" >&5 if eval "test \"`echo '$''{'ac_cv_type_int64_t'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext < #if STDC_HEADERS @@ -4386,12 +4388,12 @@ fi elif test "x$ac_cv_sizeof___int64" = "x8"; then echo $ac_n "checking for int64_t""... $ac_c" 1>&6 -echo "configure:4390: checking for int64_t" >&5 +echo "configure:4392: checking for int64_t" >&5 if eval "test \"`echo '$''{'ac_cv_type_int64_t'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext < #if STDC_HEADERS @@ -4421,12 +4423,12 @@ fi fi if test "x$ac_cv_sizeof_uint64_t" = "x8"; then echo $ac_n "checking for u_int64_t""... $ac_c" 1>&6 -echo "configure:4425: checking for u_int64_t" >&5 +echo "configure:4427: checking for u_int64_t" >&5 if eval "test \"`echo '$''{'ac_cv_type_u_int64_t'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext < #if STDC_HEADERS @@ -4455,12 +4457,12 @@ fi elif test "x$ac_cv_sizeof_long" = "x8"; then echo $ac_n "checking for u_int64_t""... $ac_c" 1>&6 -echo "configure:4459: checking for u_int64_t" >&5 +echo "configure:4461: checking for u_int64_t" >&5 if eval "test \"`echo '$''{'ac_cv_type_u_int64_t'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext < #if STDC_HEADERS @@ -4489,12 +4491,12 @@ fi elif test "x$ac_cv_sizeof_long_long" = "x8"; then echo $ac_n "checking for u_int64_t""... $ac_c" 1>&6 -echo "configure:4493: checking for u_int64_t" >&5 +echo "configure:4495: checking for u_int64_t" >&5 if eval "test \"`echo '$''{'ac_cv_type_u_int64_t'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext < #if STDC_HEADERS @@ -4523,12 +4525,12 @@ fi elif test "x$ac_cv_sizeof___int64" = "x8"; then echo $ac_n "checking for int64_t""... $ac_c" 1>&6 -echo "configure:4527: checking for int64_t" >&5 +echo "configure:4529: checking for int64_t" >&5 if eval "test \"`echo '$''{'ac_cv_type_int64_t'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext < #if STDC_HEADERS @@ -4558,12 +4560,12 @@ fi fi echo $ac_n "checking for pid_t""... $ac_c" 1>&6 -echo "configure:4562: checking for pid_t" >&5 +echo "configure:4564: checking for pid_t" >&5 if eval "test \"`echo '$''{'ac_cv_type_pid_t'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext < #if STDC_HEADERS @@ -4591,12 +4593,12 @@ EOF fi echo $ac_n "checking for size_t""... $ac_c" 1>&6 -echo "configure:4595: checking for size_t" >&5 +echo "configure:4597: checking for size_t" >&5 if eval "test \"`echo '$''{'ac_cv_type_size_t'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext < #if STDC_HEADERS @@ -4624,12 +4626,12 @@ EOF fi echo $ac_n "checking for ssize_t""... $ac_c" 1>&6 -echo "configure:4628: checking for ssize_t" >&5 +echo "configure:4630: checking for ssize_t" >&5 if eval "test \"`echo '$''{'ac_cv_type_ssize_t'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext < #if STDC_HEADERS @@ -4657,12 +4659,12 @@ EOF fi echo $ac_n "checking for off_t""... $ac_c" 1>&6 -echo "configure:4661: checking for off_t" >&5 +echo "configure:4663: checking for off_t" >&5 if eval "test \"`echo '$''{'ac_cv_type_off_t'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext < #if STDC_HEADERS @@ -4690,12 +4692,12 @@ EOF fi echo $ac_n "checking for mode_t""... $ac_c" 1>&6 -echo "configure:4694: checking for mode_t" >&5 +echo "configure:4696: checking for mode_t" >&5 if eval "test \"`echo '$''{'ac_cv_type_mode_t'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext < #if STDC_HEADERS @@ -4723,12 +4725,12 @@ EOF fi echo $ac_n "checking for fd_mask""... $ac_c" 1>&6 -echo "configure:4727: checking for fd_mask" >&5 +echo "configure:4729: checking for fd_mask" >&5 if eval "test \"`echo '$''{'ac_cv_type_fd_mask'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext < #if STDC_HEADERS @@ -4759,19 +4761,19 @@ fi # The Ultrix 4.2 mips builtin alloca declared by alloca.h only works # for constant arguments. Useless! echo $ac_n "checking for working alloca.h""... $ac_c" 1>&6 -echo "configure:4763: checking for working alloca.h" >&5 +echo "configure:4765: checking for working alloca.h" >&5 if eval "test \"`echo '$''{'ac_cv_header_alloca_h'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext < int main() { char *p = alloca(2 * sizeof(int)); ; return 0; } EOF -if { (eval echo configure:4775: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then +if { (eval echo configure:4777: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then rm -rf conftest* ac_cv_header_alloca_h=yes else @@ -4792,12 +4794,12 @@ EOF fi echo $ac_n "checking for alloca""... $ac_c" 1>&6 -echo "configure:4796: checking for alloca" >&5 +echo "configure:4798: checking for alloca" >&5 if eval "test \"`echo '$''{'ac_cv_func_alloca_works'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then +if { (eval echo configure:4831: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then rm -rf conftest* ac_cv_func_alloca_works=yes else @@ -4857,12 +4859,12 @@ EOF echo $ac_n "checking whether alloca needs Cray hooks""... $ac_c" 1>&6 -echo "configure:4861: checking whether alloca needs Cray hooks" >&5 +echo "configure:4863: checking whether alloca needs Cray hooks" >&5 if eval "test \"`echo '$''{'ac_cv_os_cray'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext <&6 if test $ac_cv_os_cray = yes; then for ac_func in _getb67 GETB67 getb67; do echo $ac_n "checking for $ac_func""... $ac_c" 1>&6 -echo "configure:4891: checking for $ac_func" >&5 +echo "configure:4893: checking for $ac_func" >&5 if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then +if { (eval echo configure:4921: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then rm -rf conftest* eval "ac_cv_func_$ac_func=yes" else @@ -4942,7 +4944,7 @@ done fi echo $ac_n "checking stack direction for C alloca""... $ac_c" 1>&6 -echo "configure:4946: checking stack direction for C alloca" >&5 +echo "configure:4948: checking stack direction for C alloca" >&5 if eval "test \"`echo '$''{'ac_cv_c_stack_direction'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else @@ -4950,7 +4952,7 @@ else ac_cv_c_stack_direction=0 else cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null +if { (eval echo configure:4975: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null then ac_cv_c_stack_direction=1 else @@ -4993,13 +4995,13 @@ fi echo $ac_n "checking for socklen_t""... $ac_c" 1>&6 -echo "configure:4997: checking for socklen_t" >&5 +echo "configure:4999: checking for socklen_t" >&5 if eval "test \"`echo '$''{'ac_cv_type_socklen_t'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext < #include @@ -5030,13 +5032,13 @@ EOF fi echo $ac_n "checking for mtyp_t""... $ac_c" 1>&6 -echo "configure:5034: checking for mtyp_t" >&5 +echo "configure:5036: checking for mtyp_t" >&5 if eval "test \"`echo '$''{'ac_cv_type_mtyp_t'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext < #include @@ -5064,7 +5066,7 @@ EOF fi echo $ac_n "checking for main in -lnsl""... $ac_c" 1>&6 -echo "configure:5068: checking for main in -lnsl" >&5 +echo "configure:5070: checking for main in -lnsl" >&5 ac_lib_var=`echo nsl'_'main | sed 'y%./+-%__p_%'` if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 @@ -5072,14 +5074,14 @@ else ac_save_LIBS="$LIBS" LIBS="-lnsl $LIBS" cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then +if { (eval echo configure:5085: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then rm -rf conftest* eval "ac_cv_lib_$ac_lib_var=yes" else @@ -5107,7 +5109,7 @@ else fi echo $ac_n "checking for main in -lsocket""... $ac_c" 1>&6 -echo "configure:5111: checking for main in -lsocket" >&5 +echo "configure:5113: checking for main in -lsocket" >&5 ac_lib_var=`echo socket'_'main | sed 'y%./+-%__p_%'` if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 @@ -5115,14 +5117,14 @@ else ac_save_LIBS="$LIBS" LIBS="-lsocket $LIBS" cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then +if { (eval echo configure:5128: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then rm -rf conftest* eval "ac_cv_lib_$ac_lib_var=yes" else @@ -5154,7 +5156,7 @@ if test "x$ac_cv_enabled_dlmalloc" = "xyes" ; then echo "skipping libmalloc check (--enable-dlmalloc specified)" else echo $ac_n "checking for main in -lgnumalloc""... $ac_c" 1>&6 -echo "configure:5158: checking for main in -lgnumalloc" >&5 +echo "configure:5160: checking for main in -lgnumalloc" >&5 ac_lib_var=`echo gnumalloc'_'main | sed 'y%./+-%__p_%'` if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 @@ -5162,14 +5164,14 @@ else ac_save_LIBS="$LIBS" LIBS="-lgnumalloc $LIBS" cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then +if { (eval echo configure:5175: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then rm -rf conftest* eval "ac_cv_lib_$ac_lib_var=yes" else @@ -5212,7 +5214,7 @@ fi *) echo $ac_n "checking for main in -lmalloc""... $ac_c" 1>&6 -echo "configure:5216: checking for main in -lmalloc" >&5 +echo "configure:5218: checking for main in -lmalloc" >&5 ac_lib_var=`echo malloc'_'main | sed 'y%./+-%__p_%'` if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 @@ -5220,14 +5222,14 @@ else ac_save_LIBS="$LIBS" LIBS="-lmalloc $LIBS" cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then +if { (eval echo configure:5233: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then rm -rf conftest* eval "ac_cv_lib_$ac_lib_var=yes" else @@ -5260,7 +5262,7 @@ fi fi echo $ac_n "checking for main in -lbsd""... $ac_c" 1>&6 -echo "configure:5264: checking for main in -lbsd" >&5 +echo "configure:5266: checking for main in -lbsd" >&5 ac_lib_var=`echo bsd'_'main | sed 'y%./+-%__p_%'` if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 @@ -5268,14 +5270,14 @@ else ac_save_LIBS="$LIBS" LIBS="-lbsd $LIBS" cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then +if { (eval echo configure:5281: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then rm -rf conftest* eval "ac_cv_lib_$ac_lib_var=yes" else @@ -5303,7 +5305,7 @@ else fi echo $ac_n "checking for main in -lregex""... $ac_c" 1>&6 -echo "configure:5307: checking for main in -lregex" >&5 +echo "configure:5309: checking for main in -lregex" >&5 ac_lib_var=`echo regex'_'main | sed 'y%./+-%__p_%'` if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 @@ -5311,14 +5313,14 @@ else ac_save_LIBS="$LIBS" LIBS="-lregex $LIBS" cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then +if { (eval echo configure:5324: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then rm -rf conftest* eval "ac_cv_lib_$ac_lib_var=yes" else @@ -5339,7 +5341,7 @@ else fi echo $ac_n "checking for gethostbyname in -lbind""... $ac_c" 1>&6 -echo "configure:5343: checking for gethostbyname in -lbind" >&5 +echo "configure:5345: checking for gethostbyname in -lbind" >&5 ac_lib_var=`echo bind'_'gethostbyname | sed 'y%./+-%__p_%'` if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 @@ -5347,7 +5349,7 @@ else ac_save_LIBS="$LIBS" LIBS="-lbind $LIBS" cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then +if { (eval echo configure:5364: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then rm -rf conftest* eval "ac_cv_lib_$ac_lib_var=yes" else @@ -5392,7 +5394,7 @@ if test $ac_cv_lib_bind_gethostbyname = "no" ; then ;; *) echo $ac_n "checking for inet_aton in -lresolv""... $ac_c" 1>&6 -echo "configure:5396: checking for inet_aton in -lresolv" >&5 +echo "configure:5398: checking for inet_aton in -lresolv" >&5 ac_lib_var=`echo resolv'_'inet_aton | sed 'y%./+-%__p_%'` if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 @@ -5400,7 +5402,7 @@ else ac_save_LIBS="$LIBS" LIBS="-lresolv $LIBS" cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then +if { (eval echo configure:5417: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then rm -rf conftest* eval "ac_cv_lib_$ac_lib_var=yes" else @@ -5427,7 +5429,7 @@ fi if eval "test \"`echo '$ac_cv_lib_'$ac_lib_var`\" = yes"; then echo "$ac_t""yes" 1>&6 echo $ac_n "checking for inet_aton in -l44bsd""... $ac_c" 1>&6 -echo "configure:5431: checking for inet_aton in -l44bsd" >&5 +echo "configure:5433: checking for inet_aton in -l44bsd" >&5 ac_lib_var=`echo 44bsd'_'inet_aton | sed 'y%./+-%__p_%'` if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 @@ -5435,7 +5437,7 @@ else ac_save_LIBS="$LIBS" LIBS="-l44bsd $LIBS" cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then +if { (eval echo configure:5452: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then rm -rf conftest* eval "ac_cv_lib_$ac_lib_var=yes" else @@ -5478,7 +5480,7 @@ else fi echo $ac_n "checking for main in -lresolv""... $ac_c" 1>&6 -echo "configure:5482: checking for main in -lresolv" >&5 +echo "configure:5484: checking for main in -lresolv" >&5 ac_lib_var=`echo resolv'_'main | sed 'y%./+-%__p_%'` if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 @@ -5486,14 +5488,14 @@ else ac_save_LIBS="$LIBS" LIBS="-lresolv $LIBS" cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then +if { (eval echo configure:5499: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then rm -rf conftest* eval "ac_cv_lib_$ac_lib_var=yes" else @@ -5524,7 +5526,7 @@ fi esac fi echo $ac_n "checking for main in -lm""... $ac_c" 1>&6 -echo "configure:5528: checking for main in -lm" >&5 +echo "configure:5530: checking for main in -lm" >&5 ac_lib_var=`echo m'_'main | sed 'y%./+-%__p_%'` if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 @@ -5532,14 +5534,14 @@ else ac_save_LIBS="$LIBS" LIBS="-lm $LIBS" cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then +if { (eval echo configure:5545: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then rm -rf conftest* eval "ac_cv_lib_$ac_lib_var=yes" else @@ -5568,7 +5570,7 @@ fi echo $ac_n "checking for crypt in -lcrypt""... $ac_c" 1>&6 -echo "configure:5572: checking for crypt in -lcrypt" >&5 +echo "configure:5574: checking for crypt in -lcrypt" >&5 ac_lib_var=`echo crypt'_'crypt | sed 'y%./+-%__p_%'` if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 @@ -5576,7 +5578,7 @@ else ac_save_LIBS="$LIBS" LIBS="-lcrypt $LIBS" cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then +if { (eval echo configure:5593: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then rm -rf conftest* eval "ac_cv_lib_$ac_lib_var=yes" else @@ -5610,7 +5612,7 @@ fi echo $ac_n "checking for dlopen in -ldl""... $ac_c" 1>&6 -echo "configure:5614: checking for dlopen in -ldl" >&5 +echo "configure:5616: checking for dlopen in -ldl" >&5 ac_lib_var=`echo dl'_'dlopen | sed 'y%./+-%__p_%'` if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 @@ -5618,7 +5620,7 @@ else ac_save_LIBS="$LIBS" LIBS="-ldl $LIBS" cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then +if { (eval echo configure:5635: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then rm -rf conftest* eval "ac_cv_lib_$ac_lib_var=yes" else @@ -5652,7 +5654,7 @@ fi echo $ac_n "checking for main in -lpthread""... $ac_c" 1>&6 -echo "configure:5656: checking for main in -lpthread" >&5 +echo "configure:5658: checking for main in -lpthread" >&5 ac_lib_var=`echo pthread'_'main | sed 'y%./+-%__p_%'` if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 @@ -5660,14 +5662,14 @@ else ac_save_LIBS="$LIBS" LIBS="-lpthread $LIBS" cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then +if { (eval echo configure:5673: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then rm -rf conftest* eval "ac_cv_lib_$ac_lib_var=yes" else @@ -5692,7 +5694,7 @@ fi case "$host" in *-pc-sco3.2*) echo $ac_n "checking for strftime in -lintl""... $ac_c" 1>&6 -echo "configure:5696: checking for strftime in -lintl" >&5 +echo "configure:5698: checking for strftime in -lintl" >&5 ac_lib_var=`echo intl'_'strftime | sed 'y%./+-%__p_%'` if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 @@ -5700,7 +5702,7 @@ else ac_save_LIBS="$LIBS" LIBS="-lintl $LIBS" cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then +if { (eval echo configure:5717: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then rm -rf conftest* eval "ac_cv_lib_$ac_lib_var=yes" else @@ -5896,12 +5898,12 @@ for ac_func in \ do echo $ac_n "checking for $ac_func""... $ac_c" 1>&6 -echo "configure:5900: checking for $ac_func" >&5 +echo "configure:5902: checking for $ac_func" >&5 if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then +if { (eval echo configure:5930: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then rm -rf conftest* eval "ac_cv_func_$ac_func=yes" else @@ -5950,7 +5952,7 @@ done echo $ac_n "checking if setresuid is implemented""... $ac_c" 1>&6 -echo "configure:5954: checking if setresuid is implemented" >&5 +echo "configure:5956: checking if setresuid is implemented" >&5 if eval "test \"`echo '$''{'ac_cv_func_setresuid'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else @@ -5958,7 +5960,7 @@ else { echo "configure: error: can not run test program while cross compiling" 1>&2; exit 1; } else cat > conftest.$ac_ext < @@ -5971,7 +5973,7 @@ else } EOF -if { (eval echo configure:5975: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null +if { (eval echo configure:5977: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null then ac_cv_func_setresuid="yes" else @@ -5996,7 +5998,7 @@ fi if test "$IPF_TRANSPARENT" ; then echo $ac_n "checking if IP-Filter header files are installed""... $ac_c" 1>&6 -echo "configure:6000: checking if IP-Filter header files are installed" >&5 +echo "configure:6002: checking if IP-Filter header files are installed" >&5 # hold on to your hats... if test "$ac_cv_header_ip_compat_h" = "yes" || test "$ac_cv_header_ip_fil_compat_h" = "yes" || @@ -6037,7 +6039,7 @@ fi if test "$LINUX_NETFILTER" ; then echo $ac_n "checking if Linux 2.4 kernel header files are installed""... $ac_c" 1>&6 -echo "configure:6041: checking if Linux 2.4 kernel header files are installed" >&5 +echo "configure:6043: checking if Linux 2.4 kernel header files are installed" >&5 # hold on to your hats... if test "$ac_cv_header_linux_netfilter_ipv4_h" = "yes"; then LINUX_NETFILTER="yes" @@ -6071,13 +6073,13 @@ if test -z "$USE_GNUREGEX" ; then esac fi echo $ac_n "checking if GNUregex needs to be compiled""... $ac_c" 1>&6 -echo "configure:6075: checking if GNUregex needs to be compiled" >&5 +echo "configure:6077: checking if GNUregex needs to be compiled" >&5 if test -z "$USE_GNUREGEX"; then if test "$ac_cv_func_regcomp" = "no" || test "$USE_GNUREGEX" = "yes" ; then USE_GNUREGEX="yes" else cat > conftest.$ac_ext < #include @@ -6085,7 +6087,7 @@ int main() { regex_t t; regcomp(&t,"",0); ; return 0; } EOF -if { (eval echo configure:6089: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then +if { (eval echo configure:6091: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then rm -rf conftest* USE_GNUREGEX="no" else @@ -6116,12 +6118,12 @@ for ac_func in \ do echo $ac_n "checking for $ac_func""... $ac_c" 1>&6 -echo "configure:6120: checking for $ac_func" >&5 +echo "configure:6122: checking for $ac_func" >&5 if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then +if { (eval echo configure:6150: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then rm -rf conftest* eval "ac_cv_func_$ac_func=yes" else @@ -6172,12 +6174,12 @@ done echo $ac_n "checking Default FD_SETSIZE value""... $ac_c" 1>&6 -echo "configure:6176: checking Default FD_SETSIZE value" >&5 +echo "configure:6178: checking Default FD_SETSIZE value" >&5 if test "$cross_compiling" = yes; then DEFAULT_FD_SETSIZE=256 else cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null +if { (eval echo configure:6208: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null then DEFAULT_FD_SETSIZE=`cat conftestval` else @@ -6221,7 +6223,7 @@ EOF echo $ac_n "checking Maximum number of filedescriptors we can open""... $ac_c" 1>&6 -echo "configure:6225: checking Maximum number of filedescriptors we can open" >&5 +echo "configure:6227: checking Maximum number of filedescriptors we can open" >&5 TLDFLAGS="$LDFLAGS" case $host in i386-unknown-freebsd*) @@ -6233,7 +6235,7 @@ if test "$cross_compiling" = yes; then SQUID_MAXFD=256 else cat > conftest.$ac_ext < @@ -6293,7 +6295,7 @@ main() { } EOF -if { (eval echo configure:6297: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null +if { (eval echo configure:6299: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null then SQUID_MAXFD=`cat conftestval` else @@ -6320,12 +6322,12 @@ fi LDFLAGS="$TLDFLAGS" echo $ac_n "checking Default UDP send buffer size""... $ac_c" 1>&6 -echo "configure:6324: checking Default UDP send buffer size" >&5 +echo "configure:6326: checking Default UDP send buffer size" >&5 if test "$cross_compiling" = yes; then SQUID_UDP_SO_SNDBUF=16384 else cat > conftest.$ac_ext < @@ -6346,7 +6348,7 @@ main () } EOF -if { (eval echo configure:6350: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null +if { (eval echo configure:6352: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null then SQUID_UDP_SO_SNDBUF=`cat conftestval` else @@ -6365,12 +6367,12 @@ EOF echo $ac_n "checking Default UDP receive buffer size""... $ac_c" 1>&6 -echo "configure:6369: checking Default UDP receive buffer size" >&5 +echo "configure:6371: checking Default UDP receive buffer size" >&5 if test "$cross_compiling" = yes; then SQUID_UDP_SO_RCVBUF=16384 else cat > conftest.$ac_ext < @@ -6391,7 +6393,7 @@ main () } EOF -if { (eval echo configure:6395: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null +if { (eval echo configure:6397: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null then SQUID_UDP_SO_RCVBUF=`cat conftestval` else @@ -6410,12 +6412,12 @@ EOF echo $ac_n "checking Default TCP send buffer size""... $ac_c" 1>&6 -echo "configure:6414: checking Default TCP send buffer size" >&5 +echo "configure:6416: checking Default TCP send buffer size" >&5 if test "$cross_compiling" = yes; then SQUID_TCP_SO_SNDBUF=16384 else cat > conftest.$ac_ext < @@ -6436,7 +6438,7 @@ main () } EOF -if { (eval echo configure:6440: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null +if { (eval echo configure:6442: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null then SQUID_TCP_SO_SNDBUF=`cat conftestval` else @@ -6455,12 +6457,12 @@ EOF echo $ac_n "checking Default TCP receive buffer size""... $ac_c" 1>&6 -echo "configure:6459: checking Default TCP receive buffer size" >&5 +echo "configure:6461: checking Default TCP receive buffer size" >&5 if test "$cross_compiling" = yes; then SQUID_TCP_SO_RCVBUF=16384 else cat > conftest.$ac_ext < @@ -6481,7 +6483,7 @@ main () } EOF -if { (eval echo configure:6485: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null +if { (eval echo configure:6487: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null then SQUID_TCP_SO_RCVBUF=`cat conftestval` else @@ -6500,19 +6502,19 @@ EOF echo $ac_n "checking if sys_errlist is already defined""... $ac_c" 1>&6 -echo "configure:6504: checking if sys_errlist is already defined" >&5 +echo "configure:6506: checking if sys_errlist is already defined" >&5 if eval "test \"`echo '$''{'ac_cv_needs_sys_errlist'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext < int main() { char *s = sys_errlist; ; return 0; } EOF -if { (eval echo configure:6516: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then +if { (eval echo configure:6518: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then rm -rf conftest* ac_cv_needs_sys_errlist="no" else @@ -6534,16 +6536,16 @@ EOF fi echo $ac_n "checking for libresolv _dns_ttl_ hack""... $ac_c" 1>&6 -echo "configure:6538: checking for libresolv _dns_ttl_ hack" >&5 +echo "configure:6540: checking for libresolv _dns_ttl_ hack" >&5 cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then +if { (eval echo configure:6549: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then rm -rf conftest* echo "$ac_t""yes" 1>&6 cat >> confdefs.h <<\EOF @@ -6559,12 +6561,12 @@ fi rm -f conftest* echo $ac_n "checking if inet_ntoa() actually works""... $ac_c" 1>&6 -echo "configure:6563: checking if inet_ntoa() actually works" >&5 +echo "configure:6565: checking if inet_ntoa() actually works" >&5 if test "$cross_compiling" = yes; then INET_NTOA_RESULT="broken" else cat > conftest.$ac_ext < @@ -6583,7 +6585,7 @@ main () } EOF -if { (eval echo configure:6587: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null +if { (eval echo configure:6589: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null then INET_NTOA_RESULT=`cat conftestval` else @@ -6609,9 +6611,9 @@ fi if test "$ac_cv_header_sys_statvfs_h" = "yes" ; then echo $ac_n "checking for working statvfs() interface""... $ac_c" 1>&6 -echo "configure:6613: checking for working statvfs() interface" >&5 +echo "configure:6615: checking for working statvfs() interface" >&5 cat > conftest.$ac_ext < @@ -6628,7 +6630,7 @@ statvfs("/tmp", &sfs); ; return 0; } EOF -if { (eval echo configure:6632: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then +if { (eval echo configure:6634: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then rm -rf conftest* ac_cv_func_statvfs=yes else @@ -6648,12 +6650,12 @@ fi fi echo $ac_n "checking for _res.nsaddr_list""... $ac_c" 1>&6 -echo "configure:6652: checking for _res.nsaddr_list" >&5 +echo "configure:6654: checking for _res.nsaddr_list" >&5 if eval "test \"`echo '$''{'ac_cv_have_res_nsaddr_list'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext <&5; (eval $ac_compile) 2>&5; }; then +if { (eval echo configure:6682: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then rm -rf conftest* ac_cv_have_res_nsaddr_list="yes" else @@ -6698,12 +6700,12 @@ fi if test $ac_cv_have_res_nsaddr_list = "no" ; then echo $ac_n "checking for _res.ns_list""... $ac_c" 1>&6 -echo "configure:6702: checking for _res.ns_list" >&5 +echo "configure:6704: checking for _res.ns_list" >&5 if eval "test \"`echo '$''{'ac_cv_have_res_ns_list'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext <&5; (eval $ac_compile) 2>&5; }; then +if { (eval echo configure:6732: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then rm -rf conftest* ac_cv_have_res_ns_list="yes" else diff --git a/configure.in b/configure.in index 6df8059bf8..57e46d9f1f 100644 --- a/configure.in +++ b/configure.in @@ -3,13 +3,13 @@ dnl Configuration input file for Squid dnl dnl Duane Wessels, wessels@nlanr.net, February 1996 (autoconf v2.9) dnl -dnl $Id: configure.in,v 1.226 2001/06/10 18:31:40 adrian Exp $ +dnl $Id: configure.in,v 1.227 2001/08/03 15:12:58 adrian Exp $ dnl dnl dnl AC_INIT(src/main.c) AC_CONFIG_HEADER(include/autoconf.h) -AC_REVISION($Revision: 1.226 $)dnl +AC_REVISION($Revision: 1.227 $)dnl AC_PREFIX_DEFAULT(/usr/local/squid) AC_CONFIG_AUX_DIR(cfgaux) @@ -1054,6 +1054,8 @@ AC_CHECK_HEADERS( \ varargs.h \ byteswap.h \ glib.h \ + stdint.h \ + inttypes.h \ ) AC_C_CONST diff --git a/helpers/ntlm_auth/SMB/ntlm_auth.c b/helpers/ntlm_auth/SMB/ntlm_auth.c index 1ea2c43c97..6ab8749ce5 100644 --- a/helpers/ntlm_auth/SMB/ntlm_auth.c +++ b/helpers/ntlm_auth/SMB/ntlm_auth.c @@ -213,7 +213,7 @@ const char * obtain_challenge() { int j = 0; - const char *ch; + const char *ch = NULL; debug("obtain_challenge: getting new challenge\n"); for (j = 0; j < numcontrollers; j++) { if (current_dc->status == DC_OK) { diff --git a/include/autoconf.h.in b/include/autoconf.h.in index 9b2a7c1d7a..246c134221 100644 --- a/include/autoconf.h.in +++ b/include/autoconf.h.in @@ -600,6 +600,9 @@ /* Define if you have the header file. */ #undef HAVE_GRP_H +/* Define if you have the header file. */ +#undef HAVE_INTTYPES_H + /* Define if you have the header file. */ #undef HAVE_IP_COMPAT_H @@ -696,6 +699,9 @@ /* Define if you have the header file. */ #undef HAVE_STDDEF_H +/* Define if you have the header file. */ +#undef HAVE_STDINT_H + /* Define if you have the header file. */ #undef HAVE_STDIO_H diff --git a/src/acl.cc b/src/acl.cc index 3798fa96cb..88bb6633ab 100644 --- a/src/acl.cc +++ b/src/acl.cc @@ -1,6 +1,6 @@ /* - * $Id: acl.cc,v 1.255 2001/06/28 20:16:30 wessels Exp $ + * $Id: acl.cc,v 1.256 2001/08/03 15:13:03 adrian Exp $ * * DEBUG: section 28 Access Control * AUTHOR: Duane Wessels @@ -67,6 +67,10 @@ static int aclMatchIntegerRange(intrange * data, int i); #if SQUID_SNMP static int aclMatchWordList(wordlist *, const char *); #endif +static void aclParseUserMaxIP(void *data); +static void aclDestroyUserMaxIP(void *data); +static wordlist *aclDumpUserMaxIP(void *data); +static int aclMatchUserMaxIP(void *, auth_user_request_t *, struct in_addr); static squid_acl aclStrToType(const char *s); static int decode_addr(const char *, struct in_addr *, struct in_addr *); static void aclCheck(aclCheck_t * checklist); @@ -220,6 +224,8 @@ aclStrToType(const char *s) return ACL_REQ_MIME_TYPE; if (!strcmp(s, "rep_mime_type")) return ACL_REP_MIME_TYPE; + if (!strcmp(s, "max_user_ip")) + return ACL_MAX_USER_IP; return ACL_NONE; } @@ -288,6 +294,8 @@ aclTypeToStr(squid_acl type) return "req_mime_type"; if (type == ACL_REP_MIME_TYPE) return "rep_mime_type"; + if (type == ACL_MAX_USER_IP) + return "max_user_ip"; return "ERROR"; } @@ -784,6 +792,9 @@ aclParseAclLine(acl ** head) case ACL_DST_ASN: aclParseIntlist(&A->data); break; + case ACL_MAX_USER_IP: + aclParseUserMaxIP(&A->data); + break; #if SRC_RTT_NOT_YET_FINISHED case ACL_NETDB_SRC_RTT: aclParseIntlist(&A->data); @@ -1088,14 +1099,14 @@ aclMatchUser(void *proxyauth_acl, char *user) if (user == NULL) return 0; - if (data->flags.case_insensitive) - Tolower(user); - if (data->flags.required) { debug(28, 7) ("aclMatchUser: user REQUIRED and auth-info present.\n"); return 1; } - Top = splay_splay(user, Top, (SPLAYCMP *) strcmp); + if (data->flags.case_insensitive) + Top = splay_splay(user, Top, (SPLAYCMP *) strcasecmp); + else + Top = splay_splay(user, Top, (SPLAYCMP *) strcmp); /* Top=splay_splay(user,Top,(SPLAYCMP *)dumping_strcmp); */ debug(28, 7) ("aclMatchUser: returning %d,Top is %p, Top->data is %s\n", !splayLastResult, Top, (Top ? Top->data : "Unavailable")); @@ -1171,11 +1182,9 @@ aclCacheMatchFlush(dlink_list * cache) } } -/* aclMatchProxyAuth can return four exit codes: - * 0 : Authenticated OK, Authorisation for this ACL failed. - * 1 : Authenticated OK, Authorisation OK. - * -1 : send data to an external authenticator - * -2 : send data to the client +/* aclMatchProxyAuth can return two exit codes: + * 0 : Authorisation for this ACL failed. (Did not match) + * 1 : Authorisation OK. (Matched) */ static int aclMatchProxyAuth(void *data, http_hdr_type headertype, @@ -1183,9 +1192,6 @@ aclMatchProxyAuth(void *data, http_hdr_type headertype, squid_acl acltype) { /* checklist is used to register user name when identified, nothing else */ - const char *proxy_auth; - /* consistent parameters ? */ - assert(auth_user_request == checklist->auth_user_request); /* General program flow in proxy_auth acls * 1. Consistency checks: are we getting sensible data @@ -1194,147 +1200,108 @@ aclMatchProxyAuth(void *data, http_hdr_type headertype, * username */ - assert(headertype != 0); - proxy_auth = httpHeaderGetStr(&checklist->request->header, headertype); + /* for completeness */ + authenticateAuthUserRequestLock(auth_user_request); - if (checklist->conn == NULL) { - debug(28, 1) ("aclMatchProxyAuth: no connection data, cannot process authentication\n"); - /* - * deny access: clientreadrequest requires conn data, and it is always - * compiled in so we should have it too. - */ - return 0; + /* consistent parameters ? */ + assert(authenticateUserAuthenticated(auth_user_request)); + /* this ACL check completed */ + authenticateAuthUserRequestUnlock(auth_user_request); + /* check to see if we have matched the user-acl before */ + return aclCacheMatchAcl(&auth_user_request->auth_user-> + proxy_match_cache, acltype, data, + authenticateUserRequestUsername(auth_user_request)); +} + +CBDATA_TYPE(acl_user_ip_data); + +void +aclParseUserMaxIP(void *data) +{ + acl_user_ip_data **acldata = data; + char *t = NULL; + CBDATA_INIT_TYPE(acl_user_ip_data); + if (*acldata) { + debug(28, 1) ("Attempting to alter already set User max IP acl\n"); + return; } - /* - * a note on proxy_auth logix here: - * proxy_auth==NULL -> unauthenticated request || already authenticated connection - * so we test for an authenticated connection when we recieve no authentication - * header. - */ - if (((proxy_auth == NULL) && (!authenticateUserAuthenticated(auth_user_request ? auth_user_request : checklist->conn->auth_user_request))) - || (checklist->conn->auth_type == AUTH_BROKEN)) { - /* no header or authentication failed/got corrupted - restart */ - checklist->conn->auth_type = AUTH_UNKNOWN; - debug(28, 4) ("aclMatchProxyAuth: broken auth or no proxy_auth header. Requesting auth header.\n"); - /* something wrong with the AUTH credentials. Force a new attempt */ - checklist->auth_user_request = NULL; - checklist->conn->auth_user_request = NULL; - if (auth_user_request) { - /* unlock the ACL lock */ - authenticateAuthUserRequestUnlock(auth_user_request); - } - return -2; - } - /* we have a proxy auth header and as far as we know this connection has - * not had bungled connection oriented authentication happen on it. */ - debug(28, 9) ("aclMatchProxyAuth: header %s.\n", proxy_auth); - if (auth_user_request == NULL) { - debug(28, 9) ("aclMatchProxyAuth: This is a new request on FD:%d\n", - checklist->conn->fd); - if ((!checklist->request->auth_user_request) - && (checklist->conn->auth_type == AUTH_UNKNOWN)) { - /* beginning of a new request check */ - debug(28, 4) ("aclMatchProxyAuth: no connection authentication type\n"); - if (!authenticateValidateUser(auth_user_request = - authenticateGetAuthUser(proxy_auth))) { - /* the decode might have left a username for logging, or a message to - * the user */ - if (authenticateUserRequestUsername(auth_user_request)) { - /* lock the user for the request structure link */ - authenticateAuthUserRequestLock(auth_user_request); - checklist->request->auth_user_request = auth_user_request; - /* unlock the ACL reference. */ - authenticateAuthUserRequestUnlock(auth_user_request); - } - return -2; - } - /* the user_request comes prelocked for the caller to GetAuthUser (us) */ - } else if (checklist->request->auth_user_request) { - auth_user_request = checklist->request->auth_user_request; - /* lock the user request for this ACL processing */ - authenticateAuthUserRequestLock(auth_user_request); + *acldata = cbdataAlloc(acl_user_ip_data); + if ((t = strtokFile())) { + debug(28, 5) ("aclParseUserMaxIP: First token is %s\n", t); + if (strcmp("-s", t) == 0) { + debug(28, 5) ("aclParseUserMaxIP: Going strict\n"); + (*acldata)->flags.strict = 1; } else { - if (checklist->conn->auth_user_request != NULL) { - auth_user_request = checklist->conn->auth_user_request; - /* lock the user request for this ACL processing */ - authenticateAuthUserRequestLock(auth_user_request); - } else { - /* failed connection based authentication */ - debug(28, 4) ("aclMatchProxyAuth: Auth user request %d conn-auth user request %d conn type %d authentication failed.\n", - auth_user_request, checklist->conn->auth_user_request, - checklist->conn->auth_type); - return -2; - } + (*acldata)->max = atoi(t); + debug(28, 5) ("aclParseUserMaxIP: Max IP address's %d\n", (*acldata)->max); } - } - /* Clear the reference in the checklist */ - checklist->auth_user_request = NULL; - if (!authenticateUserAuthenticated(auth_user_request)) { - /* User not logged in. Log them in */ - authenticateAuthUserRequestSetIp(auth_user_request, - checklist->src_addr); - authenticateAuthenticateUser(auth_user_request, checklist->request, - checklist->conn, headertype); - switch (authenticateDirection(auth_user_request)) { - case 1: - /* this ACL check is finished. Unlock. */ - authenticateAuthUserRequestUnlock(auth_user_request); - return -2; - case -1: - /* we are partway through authentication within squid - * store the auth_user for the callback to here */ - checklist->auth_user_request = auth_user_request; - /* we will be called back here. Do not Unlock */ - return -1; - case -2: - /* this ACL check is finished. Unlock. */ - authenticateAuthUserRequestUnlock(auth_user_request); - return -2; - } /* on 0 the authentication is finished - fallthrough */ - /* See of user authentication failed for some reason */ - if (!authenticateUserAuthenticated(auth_user_request)) { - if ((!checklist->rfc931[0]) && - (authenticateUserRequestUsername(auth_user_request))) { - if (!checklist->request->auth_user_request) { - /* lock the user for the request structure link */ - authenticateAuthUserRequestLock(auth_user_request); - checklist->request->auth_user_request = auth_user_request; - } - } - /* this ACL check is finished. Unlock. */ - authenticateAuthUserRequestUnlock(auth_user_request); - return -2; + } else + fatal("aclParseUserMaxIP: Malformed ACL %d\n"); +} - } - } - /* User authenticated ok */ - assert(authenticateUserAuthenticated(auth_user_request)); +void +aclDestroyUserMaxIP(void *data) +{ + acl_user_ip_data **acldata = data; + if (*acldata) + cbdataFree(*acldata); + *acldata = NULL; +} - /* copy username to request for logging on client-side */ - /* the credentials are correct at this point */ - if (!checklist->request->auth_user_request) { - /* lock the user for the request structure link */ - authenticateAuthUserRequestLock(auth_user_request); - checklist->request->auth_user_request = auth_user_request; - } - if (authenticateCheckAuthUserIP(checklist->src_addr, auth_user_request)) { - /* Once the match is completed we have finished with the - * auth_user structure */ - /* this ACL check completed */ - authenticateAuthUserRequestUnlock(auth_user_request); - /* check to see if we have matched the user-acl before */ - return aclCacheMatchAcl(&auth_user_request->auth_user-> - proxy_match_cache, acltype, data, - authenticateUserRequestUsername(auth_user_request)); +wordlist * +aclDumpUserMaxIP(void *data) +{ + acl_user_ip_data *acldata = data; + wordlist *W = NULL; + char buf[128]; + if (acldata->flags.strict) + wordlistAdd(&W, "-s"); + snprintf(buf, sizeof(buf), "%d", acldata->max); + wordlistAdd(&W, buf); + return W; +} + +/* aclMatchUserMaxIP - check for users logging in from multiple IP's + * 0 : No match + * 1 : Match + */ +int +aclMatchUserMaxIP(void *data, auth_user_request_t * auth_user_request, + struct in_addr src_addr) +{ +/* + * > the logic for flush the ip list when the limit is hit vs keep it sorted in most recent access order and just drop the oldest one off is currently undecided + */ + acl_user_ip_data *acldata = data; + + if (authenticateAuthUserRequestIPCount(auth_user_request) <= acldata->max) + return 0; + + /* this is a match */ + if (acldata->flags.strict) { + /* simply deny access - the user name is already associated with + * the request + */ + /* remove _this_ ip, as it is the culprit for going over the limit */ + authenticateAuthUserRequestRemoveIp(auth_user_request, src_addr); + debug(28, 4) ("aclMatchUserMaxIP: Denying access in strict mode\n"); } else { - debug(28, 1) ("XXX authenticateCheckAuthUserIP returned 0, somebody " - "make sure the username gets logged to access.log.\n"); - debug(28, 1) ("XXX if it works, tell developers to remove this " - "message\n"); + /* non-strict - remove some/all of the cached entries + * ie to allow the user to move machines easily + */ + authenticateAuthUserRequestClearIp(auth_user_request); + debug(28, 4) ("aclMatchUserMaxIP: Denying access in non-strict mode - flushing the user ip cache\n"); } - /* this acl check completed */ - authenticateAuthUserRequestUnlock(auth_user_request); - return 0; + /* We had reports about the username being lost when denying due to + * IP limits. That should be fixed in the new lazy-proxy code, but + * This note note is a reminder! + */ + debug(28, 1) ("XXX aclMatchUserMaxIP returned 0, somebody " + "make sure the username gets logged to access.log.\n"); + debug(28, 1) ("XXX if it works, tell developers to remove this " + "message\n"); + + return 1; } static void @@ -1443,7 +1410,7 @@ aclMatchAcl(acl * ae, aclCheck_t * checklist) char *esc_buf; const char *header; const char *browser; - int k; + int k, ti; http_hdr_type headertype; if (!ae) return 0; @@ -1602,6 +1569,8 @@ aclMatchAcl(acl * ae, aclCheck_t * checklist) /* NOTREACHED */ case ACL_PROXY_AUTH: case ACL_PROXY_AUTH_REGEX: + case ACL_MAX_USER_IP: + /* ALL authentication predicated ACL's live here */ if (NULL == r) { return -1; } else if (!r->flags.accelerated) { @@ -1619,9 +1588,46 @@ aclMatchAcl(acl * ae, aclCheck_t * checklist) return -1; #endif } + /* get authed here */ + if ((ti = authenticateAuthenticate(&checklist->auth_user_request, headertype, checklist->request, checklist->conn, checklist->src_addr)) != AUTH_AUTHENTICATED) { + switch (ti) { + case 0: + /* Authenticated but not Authorised for this ACL */ + debug(28, 4) ("aclMatchAcl: returning 0 user authenticated but not authorised.\n"); + return 0; + case 1: + fatal("AUTH_AUTHENTICATED == 1\n"); + break; + case -1: + /* Send data to the helper */ + debug(28, 4) ("aclMatchAcl: returning 0 sending authentication challenge.\n"); + checklist->state[ACL_PROXY_AUTH] = ACL_LOOKUP_NEEDED; + return 0; + case -2: + /* Send a challenge to the client */ + debug(28, 4) ("aclMatchAcl: returning 0 sending credentials to helper.\n"); + checklist->state[ACL_PROXY_AUTH] = ACL_PROXY_AUTH_NEEDED; + return 0; + } + } + /* then, switch on type again to do the correct match routine :> */ + switch (ae->type) { + case ACL_PROXY_AUTH: + case ACL_PROXY_AUTH_REGEX: + ti = aclMatchProxyAuth(ae->data, headertype, + checklist->auth_user_request, checklist, ae->type); + break; + case ACL_MAX_USER_IP: + ti = aclMatchUserMaxIP(ae->data, checklist->auth_user_request, + checklist->src_addr); + break; + default: + /* Keep GCC happy */ + break; + } + checklist->auth_user_request = NULL; /* Check the credentials */ - switch (aclMatchProxyAuth(ae->data, headertype, - checklist->auth_user_request, checklist, ae->type)) { + switch (ti) { case 0: debug(28, 4) ("aclMatchAcl: returning 0 user authenticated but not authorised.\n"); /* Authenticated but not Authorised for this ACL */ @@ -1631,20 +1637,11 @@ aclMatchAcl(acl * ae, aclCheck_t * checklist) /* Authenticated and Authorised for this ACL */ return 1; case -2: - debug(28, 4) ("aclMatchAcl: returning 0 sending authentication challenge.\n"); - /* Authentication credentials invalid or missing. */ - /* Or partway through NTLM handshake. A proxy_Authenticate header - * gets sent to the client. */ - checklist->state[ACL_PROXY_AUTH] = ACL_PROXY_AUTH_NEEDED; - return 0; case -1: - debug(28, 4) ("aclMatchAcl: returning 0 sending credentials to helper.\n"); - /* - * we need to validate the password - */ - checklist->state[ACL_PROXY_AUTH] = ACL_LOOKUP_NEEDED; - return 0; + fatal("Invalid response from match routine\n"); + break; } + /* NOTREACHED */ #if SQUID_SNMP case ACL_SNMP_COMMUNITY: @@ -1919,12 +1916,11 @@ aclLookupProxyAuthDone(void *data, char *result) checklist->state[ACL_PROXY_AUTH] = ACL_LOOKUP_DONE; if (result != NULL) fatal("AclLookupProxyAuthDone: Old code floating around somewhere.\nMake clean and if that doesn't work, report a bug to the squid developers.\n"); - /* state info check */ - assert(checklist->conn != NULL); auth_user_request = checklist->auth_user_request; - if (!authenticateValidateUser(auth_user_request)) { + if (!authenticateValidateUser(auth_user_request) || checklist->conn == NULL) { /* credentials could not be checked either way * restart the whole process */ + /* OR the connection was closed, there's no way to continue */ checklist->conn->auth_user_request = NULL; checklist->conn->auth_type = AUTH_BROKEN; checklist->auth_user_request = NULL; @@ -2080,6 +2076,9 @@ aclDestroyAcls(acl ** head) case ACL_MAXCONN: intlistDestroy((intlist **) & a->data); break; + case ACL_MAX_USER_IP: + aclDestroyUserMaxIP(&a->data); + break; case ACL_URL_PORT: case ACL_MY_PORT: aclDestroyIntRange(a->data); @@ -2417,6 +2416,8 @@ aclDumpGeneric(const acl * a) case ACL_MAXCONN: case ACL_DST_ASN: return aclDumpIntlistList(a->data); + case ACL_MAX_USER_IP: + return aclDumpUserMaxIP(a->data); case ACL_URL_PORT: case ACL_MY_PORT: return aclDumpIntRangeList(a->data); diff --git a/src/auth/basic/auth_basic.cc b/src/auth/basic/auth_basic.cc index 46546bd8d2..bd569ddef4 100644 --- a/src/auth/basic/auth_basic.cc +++ b/src/auth/basic/auth_basic.cc @@ -1,6 +1,5 @@ - /* - * $Id: auth_basic.cc,v 1.8 2001/03/21 23:41:13 hno Exp $ + * $Id: auth_basic.cc,v 1.9 2001/08/03 15:13:06 adrian Exp $ * * DEBUG: section 29 Authenticator * AUTHOR: Duane Wessels @@ -104,6 +103,7 @@ authSchemeSetup_basic(authscheme_entry_t * authscheme) authscheme->oncloseconnection = NULL; authscheme->decodeauth = authenticateBasicDecodeAuth; authscheme->donefunc = authBasicDone; + authscheme->authConnLastHeader = NULL; } /* internal functions */ @@ -193,7 +193,6 @@ authenticateBasicAuthenticateUser(auth_user_request_t * auth_user_request, reque /* Decode now takes care of finding the auth_user struct in the cache */ /* after external auth occurs anyway */ auth_user->expiretime = current_time.tv_sec; - auth_user->ip_expiretime = squid_curtime; return; } @@ -385,17 +384,14 @@ static auth_user_t * authBasicAuthUserFindUsername(const char *username) { auth_user_hash_pointer *usernamehash; - auth_user_t *auth_user; debug(29, 9) ("authBasicAuthUserFindUsername: Looking for user '%s'\n", username); if (username && (usernamehash = hash_lookup(proxy_auth_username_cache, username))) { - while ((usernamehash->auth_user->auth_type != AUTH_BASIC) && - (usernamehash->next)) + while (usernamehash) { + if ((usernamehash->auth_user->auth_type == AUTH_BASIC) && + !strcmp(username, usernamehash->key)) + return usernamehash->auth_user; usernamehash = usernamehash->next; - auth_user = NULL; - if (usernamehash->auth_user->auth_type == AUTH_BASIC) { - auth_user = usernamehash->auth_user; } - return auth_user; } return NULL; } @@ -503,7 +499,6 @@ authenticateBasicDecodeAuth(auth_user_request_t * auth_user_request, const char auth_user->auth_type = AUTH_BASIC; /* current time for timeouts */ auth_user->expiretime = current_time.tv_sec; - auth_user->ip_expiretime = squid_curtime; /* this auth_user struct is the 'lucky one' to get added to the username cache */ /* the requests after this link to the auth_user */ diff --git a/src/auth/digest/auth_digest.cc b/src/auth/digest/auth_digest.cc index 71c5c0251d..543e328e8a 100644 --- a/src/auth/digest/auth_digest.cc +++ b/src/auth/digest/auth_digest.cc @@ -1,6 +1,6 @@ /* - * $Id: auth_digest.cc,v 1.2 2001/03/03 10:39:36 hno Exp $ + * $Id: auth_digest.cc,v 1.3 2001/08/03 15:13:10 adrian Exp $ * * DEBUG: section 29 Authenticator * AUTHOR: Robert Collins @@ -456,7 +456,8 @@ authDigestUserShutdown() hash_first(proxy_auth_username_cache); while ((usernamehash = ((auth_user_hash_pointer *) hash_next(proxy_auth_username_cache)))) { auth_user = usernamehash->auth_user; - if (strcmp(authscheme_list[auth_user->auth_module - 1].typestr, "digest") == 0) + if (authscheme_list[auth_user->auth_module - 1].typestr && + strcmp(authscheme_list[auth_user->auth_module - 1].typestr, "digest") == 0) /* it's digest */ authenticateAuthUserUnlock(auth_user); } @@ -597,6 +598,7 @@ authSchemeSetup_digest(authscheme_entry_t * authscheme) authscheme->decodeauth = authenticateDigestDecodeAuth; authscheme->donefunc = authDigestDone; authscheme->requestFree = authDigestAURequestFree; + authscheme->authConnLastHeader = NULL; } int @@ -686,7 +688,6 @@ authenticateDigestAuthenticateUser(auth_user_request_t * auth_user_request, requ /* auth_user is now linked, we reset these values * after external auth occurs anyway */ auth_user->expiretime = current_time.tv_sec; - auth_user->ip_expiretime = squid_curtime; return; } diff --git a/src/auth/ntlm/auth_ntlm.cc b/src/auth/ntlm/auth_ntlm.cc index 87cac78ef7..731cc151da 100644 --- a/src/auth/ntlm/auth_ntlm.cc +++ b/src/auth/ntlm/auth_ntlm.cc @@ -1,6 +1,6 @@ /* - * $Id: auth_ntlm.cc,v 1.9 2001/05/21 04:50:58 hno Exp $ + * $Id: auth_ntlm.cc,v 1.10 2001/08/03 15:13:12 adrian Exp $ * * DEBUG: section 29 NTLM Authenticator * AUTHOR: Robert Collins @@ -62,6 +62,7 @@ static AUTHSDUMP authNTLMCfgDump; static AUTHSFREECONFIG authNTLMFreeConfig; static AUTHSINIT authNTLMInit; static AUTHSONCLOSEC authenticateNTLMOnCloseConnection; +static AUTHSCONNLASTHEADER NTLMLastHeader; static AUTHSUSERNAME authenticateNTLMUsername; static AUTHSREQFREE authNTLMAURequestFree; static AUTHSPARSE authNTLMParse; @@ -74,6 +75,7 @@ static HLPSAVAIL authenticateNTLMHelperServerAvailable; static HLPSONEQ authenticateNTLMHelperServerOnEmpty; static statefulhelper *ntlmauthenticators = NULL; +static wordlist *ntlmprevauthline = NULL; CBDATA_TYPE(authenticateStateData); @@ -92,17 +94,34 @@ static hash_table *proxy_auth_cache = NULL; * */ +static int +wordliststrcmp(wordlist * a, wordlist * b) +{ + int i; + while (a && b) { + if ((i = strcmp(a->key, b->key))) + return i; + a = a->next; + b = b->next; + } + if (a && !b) + return -1; + if (b && !a) + return 1; + return 0; +} + void authNTLMDone(void) { debug(29, 2) ("authNTLMDone: shutting down NTLM authentication.\n"); - if (ntlmauthenticators) - helperStatefulShutdown(ntlmauthenticators); authntlm_initialised = 0; if (!shutting_down) return; - if (ntlmauthenticators) + if (ntlmauthenticators) { + helperStatefulShutdown(ntlmauthenticators); helperStatefulFree(ntlmauthenticators); + } ntlmauthenticators = NULL; if (ntlm_helper_state_pool) { assert(memPoolInUseCount(ntlm_helper_state_pool) == 0); @@ -189,7 +208,7 @@ authNTLMParse(authScheme * scheme, int n_configured, char *param_str) * parser to be integrated. */ if (ntlmConfig->authenticate) - Config.onoff.pipeline_prefetch=0; + Config.onoff.pipeline_prefetch = 0; } @@ -215,6 +234,7 @@ authSchemeSetup_ntlm(authscheme_entry_t * authscheme) authscheme->decodeauth = authenticateDecodeNTLMAuth; authscheme->donefunc = authNTLMDone; authscheme->oncloseconnection = authenticateNTLMOnCloseConnection; + authscheme->authConnLastHeader = NTLMLastHeader; } /* Initialize helpers and the like for this auth scheme. Called AFTER parsing the @@ -242,7 +262,13 @@ authNTLMInit(authScheme * scheme) ntlmauthenticators->datapool = ntlm_helper_state_pool; ntlmauthenticators->IsAvailable = authenticateNTLMHelperServerAvailable; ntlmauthenticators->OnEmptyQueue = authenticateNTLMHelperServerOnEmpty; - helperStatefulOpenServers(ntlmauthenticators); + if (wordliststrcmp(ntlmprevauthline, ntlmConfig->authenticate)) { + helperStatefulShutdown(ntlmauthenticators); + helperStatefulOpenServers(ntlmauthenticators); + if (ntlmprevauthline) + wordlistDestroy(&ntlmprevauthline); + ntlmprevauthline = wordlistDup(ntlmConfig->authenticate); + } /* TODO: In here send the initial YR to preinitialise the challenge cache */ /* Think about this... currently we ask when the challenge is needed. Better? */ if (!ntlminit) { @@ -398,6 +424,10 @@ authenticateNTLMHandleplaceholder(void *data, void *lastserver, char *reply) assert(r->auth_user_request); /* standard callback stuff */ valid = cbdataValid(r->data); + if (!valid) { + debug(29, 1) ("AuthenticateNTLMHandlePlacheholder: invalid callback data.\n"); + return result; + } /* call authenticateNTLMStart to retry this request */ debug(29, 9) ("authenticateNTLMHandleplaceholder: calling authenticateNTLMStart\n"); authenticateNTLMStart(r->auth_user_request, r->handler, r->data); @@ -430,7 +460,7 @@ authenticateNTLMHandleReply(void *data, void *lastserver, char *reply) /* copy the challenge to the state data */ helperstate = helperStatefulServerGetData(lastserver); if (helperstate == NULL) - fatal("lost NTLm helper state! quitting\n"); + fatal("lost NTLM helper state! quitting\n"); helperstate->challenge = xstrndup(reply, NTLM_CHALLENGE_SZ + 5); helperstate->challengeuses = 0; helperstate->renewed = squid_curtime; @@ -442,9 +472,11 @@ authenticateNTLMHandleReply(void *data, void *lastserver, char *reply) ntlm_request = auth_user_request->scheme_data; assert(ntlm_request != NULL); result = S_HELPER_DEFER; + /* reserve the server for future authentication */ + ntlm_request->authserver_deferred = 1; debug(29, 9) ("authenticateNTLMHandleReply: helper '%d'\n", lastserver); assert(ntlm_request->auth_state == AUTHENTICATE_STATE_NEGOTIATE); - ntlm_request->authhelper = lastserver; + ntlm_request->authserver = lastserver; ntlm_request->authchallenge = xstrndup(reply, NTLM_CHALLENGE_SZ + 5); } else if (strncasecmp(reply, "AF ", 3) == 0) { /* we're finished, release the helper */ @@ -461,7 +493,7 @@ authenticateNTLMHandleReply(void *data, void *lastserver, char *reply) /* we only expect OK when finishing the handshake */ assert(ntlm_request->auth_state == AUTHENTICATE_STATE_RESPONSE); ntlm_user->username = xstrndup(reply, MAX_LOGIN_SZ); - ntlm_request->authhelper = NULL; + ntlm_request->authserver = NULL; auth_user->flags.credentials_ok = 1; /* login ok */ #ifdef NTLM_FAIL_OPEN } else if (strncasecmp(reply, "LD ", 3) == 0) { @@ -487,8 +519,8 @@ authenticateNTLMHandleReply(void *data, void *lastserver, char *reply) /* we only expect OK when finishing the handshake */ assert(ntlm_request->auth_state == AUTHENTICATE_STATE_RESPONSE); ntlm_user->username = xstrndup(reply, MAX_LOGIN_SZ); - helperstate = helperStatefulServerGetData(ntlm_request->authhelper); - ntlm_request->authhelper = NULL; + helperstate = helperStatefulServerGetData(ntlm_request->authserver); + ntlm_request->authserver = NULL; auth_user->flags.credentials_ok = 1; /* login ok */ /* BH code: mark helper as broken */ /* Not a valid helper response to a YR request. Assert so the helper @@ -509,7 +541,7 @@ authenticateNTLMHandleReply(void *data, void *lastserver, char *reply) assert((ntlm_user != NULL) && (ntlm_request != NULL)); /* todo: action of Negotiate state on error */ result = S_HELPER_RELEASE; /*some error has occured. no more requests */ - ntlm_request->authhelper = NULL; + ntlm_request->authserver = NULL; auth_user->flags.credentials_ok = 2; /* Login/Usercode failed */ debug(29, 4) ("authenticateNTLMHandleReply: Error validating user via NTLM. Error returned '%s'\n", reply); ntlm_request->auth_state = AUTHENTICATE_STATE_NONE; @@ -531,8 +563,8 @@ authenticateNTLMHandleReply(void *data, void *lastserver, char *reply) assert((ntlm_user != NULL) && (ntlm_request != NULL)); result = S_HELPER_RELEASE; /*some error has occured. no more requests for * this helper */ - helperstate = helperStatefulServerGetData(ntlm_request->authhelper); - ntlm_request->authhelper = NULL; + helperstate = helperStatefulServerGetData(ntlm_request->authserver); + ntlm_request->authserver = NULL; if (ntlm_request->auth_state == AUTHENTICATE_STATE_NEGOTIATE) { /* The helper broke on YR. It automatically * resets */ @@ -569,7 +601,7 @@ authenticateNTLMHandleReply(void *data, void *lastserver, char *reply) /* restart the authentication process */ ntlm_request->auth_state = AUTHENTICATE_STATE_NONE; auth_user->flags.credentials_ok = 3; /* cannot process */ - ntlm_request->authhelper = NULL; + ntlm_request->authserver = NULL; } } else { fatal("authenticateNTLMHandleReply: called with no result string\n"); @@ -604,7 +636,7 @@ authenticateNTLMValidChallenge(ntlm_helper_state_t * helperstate) /* does our policy call for changing the challenge now? */ int -authenticateNTLMChangeChallenge(ntlm_helper_state_t * helperstate) +authenticateNTLMChangeChallenge_p(ntlm_helper_state_t * helperstate) { /* don't check for invalid challenges just for expiry choices */ /* this is needed because we have to starve the helper until all old @@ -612,15 +644,15 @@ authenticateNTLMChangeChallenge(ntlm_helper_state_t * helperstate) if (!helperstate->renewed) { /* first use, no challenge has been set. Without this check, it will * loop forever */ - debug(29, 5) ("authenticateNTLMChangeChallenge: first use\n"); + debug(29, 5) ("authenticateNTLMChangeChallenge_p: first use\n"); return 0; } if (helperstate->challengeuses > ntlmConfig->challengeuses) { - debug(29, 4) ("authenticateNTLMChangeChallenge: Challenge uses (%d) exceeded max uses (%d)\n", helperstate->challengeuses, ntlmConfig->challengeuses); + debug(29, 4) ("authenticateNTLMChangeChallenge_p: Challenge uses (%d) exceeded max uses (%d)\n", helperstate->challengeuses, ntlmConfig->challengeuses); return 1; } if (helperstate->renewed + ntlmConfig->challengelifetime < squid_curtime) { - debug(29, 4) ("authenticateNTLMChangeChallenge: Challenge exceeded max lifetime by %d seconds\n", squid_curtime - (helperstate->renewed + ntlmConfig->challengelifetime)); + debug(29, 4) ("authenticateNTLMChangeChallenge_p: Challenge exceeded max lifetime by %d seconds\n", squid_curtime - (helperstate->renewed + ntlmConfig->challengelifetime)); return 1; } debug(29, 9) ("Challenge is to be reused\n"); @@ -656,8 +688,8 @@ authenticateNTLMStart(auth_user_request_t * auth_user_request, RH * handler, voi break; case AUTHENTICATE_STATE_RESPONSE: sent_string = xstrdup(ntlm_request->ntlmauthenticate); - assert(ntlm_request->authhelper); - debug(29, 9) ("authenticateNTLMStart: Asking NTLMauthenticator '%d'.\n", ntlm_request->authhelper); + assert(ntlm_request->authserver); + debug(29, 9) ("authenticateNTLMStart: Asking NTLMauthenticator '%d'.\n", ntlm_request->authserver); break; default: fatal("Invalid authenticate state for NTLMStart"); @@ -676,16 +708,6 @@ authenticateNTLMStart(auth_user_request_t * auth_user_request, RH * handler, voi handler(data, NULL); return; } -#ifdef NTLMHELPPROTOCOLV2 - r = cbdataAlloc(authenticateStateData); - r->handler = handler; - cbdataLock(data); - r->data = data; - r->auth_user_request = auth_user_request; - snprintf(buf, 8192, "%s\n", sent_string); - helperStatefulSubmit(ntlmauthenticators, buf, authenticateNTLMHandleReply, r, ntlm_request->authhelper); - debug(29, 9) ("authenticateNTLMstart: finished\n"); -#else /* this is ugly TODO: move the challenge generation routines to their own function and * tidy the logic up to make use of the efficiency we now have */ switch (ntlm_request->auth_state) { @@ -697,11 +719,12 @@ authenticateNTLMStart(auth_user_request_t * auth_user_request, RH * handler, voi */ server = helperStatefulDefer(ntlmauthenticators); helperstate = server ? helperStatefulServerGetData(server) : NULL; - while ((server != NULL) && authenticateNTLMChangeChallenge(helperstate)) { + while ((server != NULL) && authenticateNTLMChangeChallenge_p(helperstate)) { /* flag this helper for challenge changing */ helperstate->starve = 1; /* and release the deferred request */ helperStatefulReleaseServer(server); + /* Get another deferrable server */ server = helperStatefulDefer(ntlmauthenticators); if (server != NULL) helperstate = helperStatefulServerGetData(server); @@ -709,29 +732,35 @@ authenticateNTLMStart(auth_user_request_t * auth_user_request, RH * handler, voi if (server == NULL) debug(29, 9) ("unable to get a deferred ntlm helper... all helpers are refreshing challenges. Queuing as a placeholder request.\n"); - ntlm_request->authhelper = server; + ntlm_request->authserver = server; /* tell the log what helper we have been given */ debug(29, 9) ("authenticateNTLMStart: helper '%d' assigned\n", server); - /* valid challenge? */ + /* server and valid challenge? */ if ((server == NULL) || !authenticateNTLMValidChallenge(helperstate)) { + /* No server, or server with invalid challenge */ r = cbdataAlloc(authenticateStateData); r->handler = handler; cbdataLock(data); r->data = data; r->auth_user_request = auth_user_request; if (server == NULL) { - helperStatefulSubmit(ntlmauthenticators, NULL, authenticateNTLMHandleplaceholder, r, ntlm_request->authhelper); + helperStatefulSubmit(ntlmauthenticators, NULL, authenticateNTLMHandleplaceholder, r, NULL); } else { + /* Server with invalid challenge */ snprintf(buf, 8192, "YR\n"); - helperStatefulSubmit(ntlmauthenticators, buf, authenticateNTLMHandleReply, r, ntlm_request->authhelper); + helperStatefulSubmit(ntlmauthenticators, buf, authenticateNTLMHandleReply, r, ntlm_request->authserver); } } else { - /* we have a valid challenge */ + /* (server != NULL and we have a valid challenge) */ /* TODO: turn the below into a function and call from here and handlereply */ /* increment the challenge uses */ helperstate->challengeuses++; /* assign the challenge */ ntlm_request->authchallenge = xstrndup(helperstate->challenge, NTLM_CHALLENGE_SZ + 5); + /* we're not actually submitting a request, so we need to release the helper should + * the connection close unexpectedly + */ + ntlm_request->authserver_deferred = 1; handler(data, NULL); } @@ -743,13 +772,14 @@ authenticateNTLMStart(auth_user_request_t * auth_user_request, RH * handler, voi r->data = data; r->auth_user_request = auth_user_request; snprintf(buf, 8192, "KK %s\n", sent_string); - helperStatefulSubmit(ntlmauthenticators, buf, authenticateNTLMHandleReply, r, ntlm_request->authhelper); + /* getting rid of deferred request status */ + ntlm_request->authserver_deferred = 0; + helperStatefulSubmit(ntlmauthenticators, buf, authenticateNTLMHandleReply, r, ntlm_request->authserver); debug(29, 9) ("authenticateNTLMstart: finished\n"); break; default: fatal("Invalid authenticate state for NTLMStart"); } -#endif } /* callback used by stateful helper routines */ @@ -790,15 +820,15 @@ authenticateNTLMHelperServerOnEmpty(void *data) /* clear the NTLM helper of being reserved for future requests */ void -authenticateNTLMReleasehelper(auth_user_request_t * auth_user_request) +authenticateNTLMReleaseServer(auth_user_request_t * auth_user_request) { ntlm_request_t *ntlm_request; assert(auth_user_request->auth_user->auth_type == AUTH_NTLM); assert(auth_user_request->scheme_data != NULL); ntlm_request = auth_user_request->scheme_data; - debug(29, 9) ("authenticateNTLMReleasehelper: releasing helper '%d'\n", ntlm_request->authhelper); - helperStatefulReleaseServer(ntlm_request->authhelper); - ntlm_request->authhelper = NULL; + debug(29, 9) ("authenticateNTLMReleaseServer: releasing server '%d'\n", ntlm_request->authserver); + helperStatefulReleaseServer(ntlm_request->authserver); + ntlm_request->authserver = NULL; } /* clear any connection related authentication details */ @@ -810,8 +840,8 @@ authenticateNTLMOnCloseConnection(ConnStateData * conn) if (conn->auth_user_request != NULL) { assert(conn->auth_user_request->scheme_data != NULL); ntlm_request = conn->auth_user_request->scheme_data; - if (ntlm_request->authhelper != NULL) - authenticateNTLMReleasehelper(conn->auth_user_request); + if (ntlm_request->authserver != NULL && ntlm_request->authserver_deferred) + authenticateNTLMReleaseServer(conn->auth_user_request); /* unlock the connection based lock */ debug(29, 9) ("authenticateNTLMOnCloseConnection: Unlocking auth_user from the connection.\n"); authenticateAuthUserRequestUnlock(conn->auth_user_request); @@ -829,6 +859,18 @@ authenticateNTLMUsername(auth_user_t * auth_user) return NULL; } +/* NTLMLastHeader: return a pointer to the last header used in authenticating + * the request/conneciton + */ +const char * +NTLMLastHeader(auth_user_request_t * auth_user_request) +{ + ntlm_request_t *ntlm_request; + assert(auth_user_request != NULL); + assert(auth_user_request->scheme_data != NULL); + ntlm_request = auth_user_request->scheme_data; + return ntlm_request->ntlmauthenticate; +} /* * Decode an NTLM [Proxy-]Auth string, placing the results in the passed @@ -844,6 +886,7 @@ authenticateDecodeNTLMAuth(auth_user_request_t * auth_user_request, const char * auth_user_request->auth_user->auth_type = AUTH_NTLM; auth_user_request->auth_user->scheme_data = memPoolAlloc(ntlm_user_pool); auth_user_request->scheme_data = memPoolAlloc(ntlm_request_pool); + memset(auth_user_request->scheme_data, '\0', sizeof(ntlm_request_t)); /* lock for the auth_user_request link */ authenticateAuthUserLock(auth_user_request->auth_user); node = dlinkNodeNew(); @@ -860,15 +903,28 @@ authenticateNTLMcmpUsername(ntlm_user_t * u1, ntlm_user_t * u2) return strcmp(u1->username, u2->username); } + +/* there is a known race where a single client recieves the same challenge + * and sends the same response to squid on a single select cycle. + * Check for this and if found ignore the new link + */ void authenticateProxyAuthCacheAddLink(const char *key, auth_user_t * auth_user) { auth_user_hash_pointer *proxy_auth_hash; + dlink_node *node; ntlm_user_t *ntlm_user; + ntlm_user = auth_user->scheme_data; + node = ntlm_user->proxy_auth_list.head; + /* prevent duplicates */ + while (node) { + if (!strcmp(key, ((auth_user_hash_pointer *) node->data)->key)) + return; + node = node->next; + } proxy_auth_hash = memAllocate(MEM_AUTH_USER_HASH); proxy_auth_hash->key = xstrdup(key); proxy_auth_hash->auth_user = auth_user; - ntlm_user = auth_user->scheme_data; dlinkAddTail(proxy_auth_hash, &proxy_auth_hash->link, &ntlm_user->proxy_auth_list); hash_join(proxy_auth_cache, (hash_link *) proxy_auth_hash); } @@ -922,6 +978,8 @@ authenticateNTLMAuthenticateUser(auth_user_request_t * auth_user_request, reques break; case AUTHENTICATE_STATE_NEGOTIATE: ntlm_request->auth_state = AUTHENTICATE_STATE_CHALLENGE; + /* We _MUST_ have the auth challenge by now */ + assert(ntlm_request->authchallenge); return; break; case AUTHENTICATE_STATE_CHALLENGE: @@ -952,7 +1010,7 @@ authenticateNTLMAuthenticateUser(auth_user_request_t * auth_user_request, reques } else { debug(29, 4) ("authenticateNTLMAuthenticateUser: ntlm proxy-auth cache hit\n"); /* throw away the temporary entry */ - authenticateNTLMReleasehelper(auth_user_request); + authenticateNTLMReleaseServer(auth_user_request); authenticateAuthUserMerge(auth_user, proxy_auth_hash->auth_user); auth_user = proxy_auth_hash->auth_user; auth_user_request->auth_user = auth_user; @@ -967,7 +1025,6 @@ authenticateNTLMAuthenticateUser(auth_user_request_t * auth_user_request, reques /* on ntlm auth we do not unlock the auth_user until the * connection is dropped. Thank MS for this quirk */ auth_user->expiretime = current_time.tv_sec; - auth_user->ip_expiretime = squid_curtime; } return; break; @@ -1010,7 +1067,6 @@ authenticateNTLMAuthenticateUser(auth_user_request_t * auth_user_request, reques /* set these to now because this is either a new login from an * existing user or a new user */ auth_user->expiretime = current_time.tv_sec; - auth_user->ip_expiretime = squid_curtime; auth_user->flags.credentials_ok = 1; /*authenticated ok */ return; break; diff --git a/src/auth/ntlm/auth_ntlm.h b/src/auth/ntlm/auth_ntlm.h index bf1f00c54c..df4dce8bd6 100644 --- a/src/auth/ntlm/auth_ntlm.h +++ b/src/auth/ntlm/auth_ntlm.h @@ -28,10 +28,12 @@ struct _ntlm_request { char *authchallenge; /* what authenticate string did we get? */ char *ntlmauthenticate; - /*we need to store the NTLM helper between requests */ - helper_stateful_server *authhelper; + /*we need to store the NTLM server between requests */ + helper_stateful_server *authserver; /* how far through the authentication process are we? */ auth_state_t auth_state; + /* have we got the helper-server in a deferred state? */ + int authserver_deferred; }; struct _ntlm_helper_state_t { diff --git a/src/authenticate.cc b/src/authenticate.cc index a46dc73cd7..6c9a058a8a 100644 --- a/src/authenticate.cc +++ b/src/authenticate.cc @@ -1,6 +1,6 @@ /* - * $Id: authenticate.cc,v 1.24 2001/07/12 22:30:25 hno Exp $ + * $Id: authenticate.cc,v 1.25 2001/08/03 15:13:03 adrian Exp $ * * DEBUG: section 29 Authenticator * AUTHOR: Duane Wessels @@ -40,6 +40,8 @@ #include "squid.h" +CBDATA_TYPE(auth_user_ip_t); + static void authenticateDecodeAuth(const char *proxy_auth, auth_user_request_t * auth_user_request); @@ -175,6 +177,7 @@ authenticateAuthUserNew(const char *scheme) auth_user_t *temp_auth; temp_auth = memAllocate(MEM_AUTH_USER_T); assert(temp_auth != NULL); + memset(temp_auth, '\0', sizeof(auth_user_t)); temp_auth->auth_type = AUTH_UNKNOWN; temp_auth->references = 0; temp_auth->auth_module = authenticateAuthSchemeId(scheme) + 1; @@ -241,11 +244,110 @@ authenticateAuthUserRequestMessage(auth_user_request_t * auth_user_request) void authenticateAuthUserRequestSetIp(auth_user_request_t * auth_user_request, struct in_addr ipaddr) { - if (auth_user_request->auth_user) - if (!auth_user_request->auth_user->ipaddr.s_addr) - auth_user_request->auth_user->ipaddr = ipaddr; + auth_user_ip_t *ipdata, *tempnode; + auth_user_t *auth_user; + char *ip1; + CBDATA_INIT_TYPE(auth_user_ip_t); + if (!auth_user_request->auth_user) + return; + auth_user = auth_user_request->auth_user; + ipdata = (auth_user_ip_t *) auth_user->ip_list.head; + /* we walk the entire list to prevent the first item in the list preventing + * old entries being flushed and locking a user out after a timeout+reconfigure + */ + while (ipdata) { + tempnode = (auth_user_ip_t *) ipdata->node.next; + /* walk the ip list */ + if (ipdata->ipaddr.s_addr == ipaddr.s_addr) { + /* This ip has alreadu been seen. */ + /* update IP ttl */ + ipdata->ip_expiretime = squid_curtime; + } else if (ipdata->ip_expiretime + Config.authenticateIpTTL < squid_curtime) { + /* This IP has expired - remove from the seen list */ + dlinkDelete(&ipdata->node, &auth_user->ip_list); + cbdataFree(ipdata); + /* catch incipient underflow */ + assert(auth_user->ipcount); + auth_user->ipcount--; + } + ipdata = tempnode; + } + + /* This ip is not in the seen list */ + ipdata = cbdataAlloc(auth_user_ip_t); + ipdata->ip_expiretime = squid_curtime; + ipdata->ipaddr = ipaddr; + dlinkAddTail(ipdata, &ipdata->node, &auth_user->ip_list); + auth_user->ipcount++; + + ip1 = xstrdup(inet_ntoa(ipaddr)); + debug(29, 1) ("authenticateAuthUserRequestSetIp: user '%s' has been seen at a new IP address (%s, %s)\n ", authenticateUserUsername(auth_user), ip1); + safe_free(ip1); +} + +void +authenticateAuthUserRequestRemoveIp(auth_user_request_t * auth_user_request, struct in_addr ipaddr) +{ + auth_user_ip_t *ipdata; + auth_user_t *auth_user; + if (!auth_user_request->auth_user) + return; + auth_user = auth_user_request->auth_user; + ipdata = (auth_user_ip_t *) auth_user->ip_list.head; + while (ipdata) { + /* walk the ip list */ + if (ipdata->ipaddr.s_addr == ipaddr.s_addr) { + /* remove the node */ + dlinkDelete(&ipdata->node, &auth_user->ip_list); + cbdataFree(ipdata); + /* catch incipient underflow */ + assert(auth_user->ipcount); + auth_user->ipcount--; + return; + } + ipdata = (auth_user_ip_t *) ipdata->node.next; + } + } +static void +authenticateAuthUserClearIp(auth_user_t * auth_user) +{ + auth_user_ip_t *ipdata, *tempnode; + if (!auth_user) + return; + ipdata = (auth_user_ip_t *) auth_user->ip_list.head; + while (ipdata) { + tempnode = (auth_user_ip_t *) ipdata->node.next; + /* walk the ip list */ + dlinkDelete(&ipdata->node, &auth_user->ip_list); + cbdataFree(ipdata); + /* catch incipient underflow */ + assert(auth_user->ipcount); + auth_user->ipcount--; + ipdata = tempnode; + } + /* integrity check */ + assert(auth_user->ipcount == 0); +} + + +void +authenticateAuthUserRequestClearIp(auth_user_request_t * auth_user_request) +{ + if (auth_user_request) + authenticateAuthUserClearIp(auth_user_request->auth_user); +} + +size_t +authenticateAuthUserRequestIPCount(auth_user_request_t * auth_user_request) +{ + assert(auth_user_request); + assert(auth_user_request->auth_user); + return auth_user_request->auth_user->ipcount; +} + + /* Get Auth User: Return a filled out auth_user structure for the given * Proxy Auth (or Auth) header. It may be a cached Auth User or a new * Unauthenticated structure. The structure is given an inital lock here. @@ -256,6 +358,7 @@ authenticateGetAuthUser(const char *proxy_auth) auth_user_request_t *auth_user_request = authenticateAuthUserRequestNew(); /* and lock for the callers instance */ authenticateAuthUserRequestLock(auth_user_request); + /* The scheme is allowed to provide a cached auth_user or a new one */ authenticateDecodeAuth(proxy_auth, auth_user_request); return auth_user_request; } @@ -275,11 +378,12 @@ authenticateUserAuthenticated(auth_user_request_t * auth_user_request) } /* - * authenticateAuthenticateUser: log this user request in. + * authenticateAuthenticateUser: call the module specific code to + * log this user request in. * Cache hits may change the auth_user pointer in the structure if needed. * This is basically a handle approach. */ -void +static void authenticateAuthenticateUser(auth_user_request_t * auth_user_request, request_t * request, ConnStateData * conn, http_hdr_type type) { assert(auth_user_request != NULL); @@ -287,6 +391,179 @@ authenticateAuthenticateUser(auth_user_request_t * auth_user_request, request_t authscheme_list[auth_user_request->auth_user->auth_module - 1].authAuthenticate(auth_user_request, request, conn, type); } +/* returns one of + * AUTH_ACL_CHALLENGE, + * AUTH_ACL_HELPER, + * AUTH_ACL_CANNOT_AUTHENTICATE, + * AUTH_AUTHENTICATED + * + * How to use: In your proxy-auth dependent acl code, use the following + * construct: + * int rv; + * if ((rv = AuthenticateAuthenticate()) != AUTH_AUTHENTICATED) + * return rv; + * + * when this code is reached, the request/connection is authenticated. + * + * if you have non-acl code, but want to force authentication, you need a + * callback mechanism like the acl testing routines that will send a 40[1|7] to + * the client when rv==AUTH_ACL_CHALLENGE, and will communicate with + * the authenticateStart routine for rv==AUTH_ACL_HELPER + */ +auth_acl_t +authenticateAuthenticate(auth_user_request_t ** auth_user_request, http_hdr_type headertype, request_t * request, ConnStateData * conn, struct in_addr src_addr) +{ + const char *proxy_auth; + assert(headertype != 0); + proxy_auth = httpHeaderGetStr(&request->header, headertype); + + if (conn == NULL) { + debug(28, 1) ("authenticateAuthenticate: no connection data, cannot process authentication\n"); + /* + * deny access: clientreadrequest requires conn data, and it is always + * compiled in so we should have it too. + */ + return AUTH_ACL_CANNOT_AUTHENTICATE; + } + /* + * a note on proxy_auth logix here: + * proxy_auth==NULL -> unauthenticated request || already authenticated connection + * so we test for an authenticated connection when we recieve no authentication + * header. + */ + if (((proxy_auth == NULL) && (!authenticateUserAuthenticated(*auth_user_request ? *auth_user_request : conn->auth_user_request))) + || (conn->auth_type == AUTH_BROKEN)) { + /* no header or authentication failed/got corrupted - restart */ + conn->auth_type = AUTH_UNKNOWN; + debug(28, 4) ("authenticateAuthenticate: broken auth or no proxy_auth header. Requesting auth header.\n"); + /* something wrong with the AUTH credentials. Force a new attempt */ + conn->auth_user_request = NULL; + if (*auth_user_request) { + /* unlock the ACL lock */ + authenticateAuthUserRequestUnlock(*auth_user_request); + auth_user_request = NULL; + } + return AUTH_ACL_CHALLENGE; + } + /* + * Is this an already authenticated connection with a new auth header? + * No check for function required in the if: its compulsory for conn based + * auth modules + */ + if (proxy_auth && conn->auth_user_request && + authenticateUserAuthenticated(conn->auth_user_request) && + strcmp(proxy_auth, authscheme_list[conn->auth_user_request->auth_user->auth_module - 1].authConnLastHeader(conn->auth_user_request))) { + debug(28, 1) ("authenticateAuthenticate: DUPLICATE AUTH - authentication header on already authenticated connection!. Current user '%s' proxy_auth %s\n", authenticateUserRequestUsername(conn->auth_user_request), proxy_auth); + /* remove this request struct - the link is already authed and it can't be to + * reauth. + */ + + /* This should _only_ ever occur on the first pass through + * authenticateAuthenticate + */ + assert(*auth_user_request == NULL); + /* unlock the conn lock on the auth_user_request */ + authenticateAuthUserRequestUnlock(conn->auth_user_request); + /* mark the conn as non-authed. */ + conn->auth_user_request = NULL; + /* Set the connection auth type */ + conn->auth_type = AUTH_UNKNOWN; + } + /* we have a proxy auth header and as far as we know this connection has + * not had bungled connection oriented authentication happen on it. */ + debug(28, 9) ("authenticateAuthenticate: header %s.\n", proxy_auth); + if (*auth_user_request == NULL) { + debug(28, 9) ("authenticateAuthenticate: This is a new checklist test on FD:%d\n", + conn->fd); + if ((!request->auth_user_request) + && (conn->auth_type == AUTH_UNKNOWN)) { + /* beginning of a new request check */ + debug(28, 4) ("authenticateAuthenticate: no connection authentication type\n"); + if (!authenticateValidateUser(*auth_user_request = + authenticateGetAuthUser(proxy_auth))) { + /* the decode might have left a username for logging, or a message to + * the user */ + if (authenticateUserRequestUsername(*auth_user_request)) { + /* lock the user for the request structure link */ + authenticateAuthUserRequestLock(*auth_user_request); + request->auth_user_request = *auth_user_request; + /* unlock the ACL reference. */ + authenticateAuthUserRequestUnlock(*auth_user_request); + } + *auth_user_request = NULL; + return AUTH_ACL_CHALLENGE; + } + /* the user_request comes prelocked for the caller to GetAuthUser (us) */ + } else if (request->auth_user_request) { + *auth_user_request = request->auth_user_request; + /* lock the user request for this ACL processing */ + authenticateAuthUserRequestLock(*auth_user_request); + } else { + if (conn->auth_user_request != NULL) { + *auth_user_request = conn->auth_user_request; + /* lock the user request for this ACL processing */ + authenticateAuthUserRequestLock(*auth_user_request); + } else { + /* failed connection based authentication */ + debug(28, 4) ("authenticateAuthenticate: Auth user request %d conn-auth user request %d conn type %d authentication failed.\n", + *auth_user_request, conn->auth_user_request, conn->auth_type); + authenticateAuthUserRequestUnlock(*auth_user_request); + *auth_user_request = NULL; + return AUTH_ACL_CHALLENGE; + } + } + } + if (!authenticateUserAuthenticated(*auth_user_request)) { + /* User not logged in. Log them in */ + authenticateAuthenticateUser(*auth_user_request, request, + conn, headertype); + switch (authenticateDirection(*auth_user_request)) { + case 1: + /* this ACL check is finished. Unlock. */ + authenticateAuthUserRequestUnlock(*auth_user_request); + *auth_user_request = NULL; + return AUTH_ACL_CHALLENGE; + case -1: + /* we are partway through authentication within squid, + * the *auth_user_request variables stores the auth_user_request + * for the callback to here - Do not Unlock */ + return AUTH_ACL_HELPER; + case -2: + /* this ACL check is finished. Unlock. */ + authenticateAuthUserRequestUnlock(*auth_user_request); + *auth_user_request = NULL; + return AUTH_ACL_CHALLENGE; + } + /* on 0 the authentication is finished - fallthrough */ + /* See of user authentication failed for some reason */ + if (!authenticateUserAuthenticated(*auth_user_request)) { + if ((authenticateUserRequestUsername(*auth_user_request))) { + if (!request->auth_user_request) { + /* lock the user for the request structure link */ + authenticateAuthUserRequestLock(*auth_user_request); + request->auth_user_request = *auth_user_request; + } + } + /* this ACL check is finished. Unlock. */ + authenticateAuthUserRequestUnlock(*auth_user_request); + *auth_user_request = NULL; + return AUTH_ACL_CHALLENGE; + } + } + /* copy username to request for logging on client-side */ + /* the credentials are correct at this point */ + if (!request->auth_user_request) { + /* lock the user for the request structure link */ + authenticateAuthUserRequestLock(*auth_user_request); + request->auth_user_request = *auth_user_request; + authenticateAuthUserRequestSetIp(*auth_user_request, src_addr); + } + /* Unlock the request - we've authenticated it */ + authenticateAuthUserRequestUnlock(*auth_user_request); + return AUTH_AUTHENTICATED; +} + + /* authenticateUserUsername: return a pointer to the username in the */ char * authenticateUserUsername(auth_user_t * auth_user) @@ -414,7 +691,7 @@ authenticateFixHeader(HttpReply * rep, auth_user_request_t * auth_user_request, || (rep->sline.status == HTTP_UNAUTHORIZED)) && internal) /* this is a authenticate-needed response */ { - if ((auth_user_request != NULL) && (auth_user_request->auth_user->auth_module > 0) &! authenticateUserAuthenticated(auth_user_request)) + if ((auth_user_request != NULL) && (auth_user_request->auth_user->auth_module > 0) & !authenticateUserAuthenticated(auth_user_request)) authscheme_list[auth_user_request->auth_user->auth_module - 1].authFixHeader(auth_user_request, rep, type, request); else { int i; @@ -563,6 +840,8 @@ authenticateFreeProxyAuthUser(void *data) } /* free cached acl results */ aclCacheMatchFlush(&u->proxy_match_cache); + /* free seen ip address's */ + authenticateAuthUserClearIp(u); if (u->scheme_data && u->auth_module > 0) authscheme_list[u->auth_module - 1].FreeUser(u); /* prevent accidental reuse */ @@ -673,45 +952,3 @@ authenticateUserNameCacheAdd(auth_user_t * auth_user) /* lock for presence in the cache */ authenticateAuthUserLock(auth_user); } - - - -/* - * check the user for ip changes timeouts - * 0 = failed check - * 1 = ip requirements are ok. - */ -/* TODO: - * ip_expire data should be in a struct of it's own - for code reuse */ -int -authenticateCheckAuthUserIP(struct in_addr request_src_addr, auth_user_request_t * auth_user_request) -{ - char *username = authenticateUserRequestUsername(auth_user_request); - if (request_src_addr.s_addr == auth_user_request->auth_user->ipaddr.s_addr || auth_user_request->auth_user->ip_expiretime + Config.authenticateIpTTL <= squid_curtime) { - /* user has not moved ip or had the ip timeout expire */ - if ((auth_user_request->auth_user->auth_type == AUTH_UNKNOWN) || - (auth_user_request->auth_user->auth_type == AUTH_BROKEN)) { - debug(29, 1) ("authenticateCheckProxyAuthIP: broken or unknown auth type %d.\n", auth_user_request->auth_user->auth_type); - return 0; - } - username = authenticateUserRequestUsername(auth_user_request); - /* Update IP ttl */ - auth_user_request->auth_user->ip_expiretime = squid_curtime; - auth_user_request->auth_user->ipaddr = request_src_addr; - return 1; - } else { - char *ip1 = xstrdup(inet_ntoa(auth_user_request->auth_user->ipaddr)); - char *ip2 = xstrdup(inet_ntoa(request_src_addr)); - if (Config.onoff.authenticateIpTTLStrict) { - debug(29, 1) ("aclMatchProxyAuth: user '%s' tried to use multiple IP addresses! (%s, %s)\n ", username, ip1, ip2); - } else { - /* Non-strict mode. Reassign ownership to the new IP */ - auth_user_request->auth_user->ipaddr.s_addr = request_src_addr.s_addr; - debug(29, 1) ("aclMatchProxyAuth: user '%s' has changed IP address (%s, %s)\n ", username, ip1, ip2); - } - safe_free(ip1); - safe_free(ip2); - /* and deny access */ - return 0; - } -} diff --git a/src/cf.data.pre b/src/cf.data.pre index 22e7844c22..36d1cccefa 100644 --- a/src/cf.data.pre +++ b/src/cf.data.pre @@ -1,6 +1,6 @@ # -# $Id: cf.data.pre,v 1.222 2001/07/28 09:21:31 hno Exp $ +# $Id: cf.data.pre,v 1.223 2001/08/03 15:13:03 adrian Exp $ # # # SQUID Web Proxy Cache http://www.squid-cache.org/ @@ -1403,18 +1403,7 @@ DOC_START the user to redial without hassle. If all your users are stationary then higher values may be used. - See also authenticate_ip_ttl_is_strict -DOC_END - -NAME: authenticate_ip_ttl_is_strict -TYPE: onoff -LOC: Config.onoff.authenticateIpTTLStrict -DEFAULT: on -DOC_START - This option makes authenticate_ip_ttl a bit stricter. With this - enabled authenticate_ip_ttl will deny all access from other IP - addresses until the TTL has expired, and the IP address "owning" - the userid will not be forced to reauthenticate. + See also the acl max_user_ip. DOC_END COMMENT_START @@ -1898,6 +1887,15 @@ DOC_START # This will be matched when the client's IP address has # more than HTTP connections established. + acl aclname max_user_ip + # This will be matched when the user attempts to log in from more + # than different ip address's. The authenticate_ip_ttl + # parameter controls the timeout on the ip entries. + # NOTE: in acceleration mode, clients may appear to come from + # multiple address's if they are going through proxy farms, + # so a limit of 1 may cause user problems. + + acl aclname req_mime_type mime-type1 ... # regex match agains the mime type of the request generated # by the client. Can be used to detect file upload or some diff --git a/src/client_side.cc b/src/client_side.cc index b9b87971c6..038e1f9d9e 100644 --- a/src/client_side.cc +++ b/src/client_side.cc @@ -1,6 +1,6 @@ /* - * $Id: client_side.cc,v 1.541 2001/07/28 09:21:31 hno Exp $ + * $Id: client_side.cc,v 1.542 2001/08/03 15:13:03 adrian Exp $ * * DEBUG: section 33 Client-side Routines * AUTHOR: Duane Wessels @@ -204,7 +204,7 @@ clientCreateStoreEntry(clientHttpRequest * h, method_t m, request_flags flags) e = storeCreateEntry(h->uri, h->log_uri, flags, m); h->sc = storeClientListAdd(e, h); #if DELAY_POOLS - delaySetStoreClient(h->sc, delayClient(h->request)); + delaySetStoreClient(h->sc, delayClient(h)); #endif storeClientCopy(h->sc, e, 0, 0, CLIENT_SOCK_SZ, memAllocate(MEM_CLIENT_SOCK_BUF), clientSendMoreData, h); @@ -385,7 +385,7 @@ clientProcessExpired(void *data) http->sc = storeClientListAdd(entry, http); #if DELAY_POOLS /* delay_id is already set on original store client */ - delaySetStoreClient(http->sc, delayClient(http->request)); + delaySetStoreClient(http->sc, delayClient(http)); #endif http->request->lastmod = http->old_entry->lastmod; debug(33, 5) ("clientProcessExpired: lastmod %d\n", (int) entry->lastmod); @@ -1760,7 +1760,7 @@ clientPackMoreRanges(clientHttpRequest * http, const char *buf, ssize_t size, Me } static int -clientReplyBodyTooLarge(HttpReply *rep, int clen) +clientReplyBodyTooLarge(HttpReply * rep, int clen) { if (0 == rep->maxBodySize) return 0; /* disabled */ @@ -1870,16 +1870,16 @@ clientSendMoreData(void *data, char *buf, ssize_t size) int rv; httpReplyBodyBuildSize(http->request, rep, &Config.ReplyBodySize); if (clientReplyBodyTooLarge(rep, rep->content_length)) { - ErrorState *err = errorCon(ERR_TOO_BIG, HTTP_FORBIDDEN); - err->request = requestLink(http->request); - storeUnregister(http->sc, http->entry, http); - http->sc = NULL; - storeUnlockObject(http->entry); - http->entry = clientCreateStoreEntry(http, http->request->method, + ErrorState *err = errorCon(ERR_TOO_BIG, HTTP_FORBIDDEN); + err->request = requestLink(http->request); + storeUnregister(http->sc, http->entry, http); + http->sc = NULL; + storeUnlockObject(http->entry); + http->entry = clientCreateStoreEntry(http, http->request->method, null_request_flags); - errorAppendEntry(http->entry, err); - httpReplyDestroy(rep); - return; + errorAppendEntry(http->entry, err); + httpReplyDestroy(rep); + return; } body_size = size - rep->hdr_sz; assert(body_size >= 0); @@ -2305,7 +2305,7 @@ clientProcessRequest(clientHttpRequest * http) http->entry->mem_obj->method = r->method; http->sc = storeClientListAdd(http->entry, http); #if DELAY_POOLS - delaySetStoreClient(http->sc, delayClient(r)); + delaySetStoreClient(http->sc, delayClient(http)); #endif storeClientCopy(http->sc, http->entry, http->out.offset, @@ -2715,7 +2715,7 @@ clientReadRequest(int fd, void *data) conn->in.buf = xrealloc(conn->in.buf, conn->in.size); /* XXX account conn->in.buf */ debug(33, 2) ("growing request buffer: offset=%ld size=%ld\n", - (long) conn->in.offset, (long) conn->in.size); + (long) conn->in.offset, (long) conn->in.size); len = conn->in.size - conn->in.offset - 1; } statCounter.syscalls.sock.reads++; diff --git a/src/enums.h b/src/enums.h index 14fdf350b4..2478c3bcd2 100644 --- a/src/enums.h +++ b/src/enums.h @@ -1,6 +1,6 @@ /* - * $Id: enums.h,v 1.193 2001/04/20 21:34:39 hno Exp $ + * $Id: enums.h,v 1.194 2001/08/03 15:13:04 adrian Exp $ * * * SQUID Web Proxy Cache http://www.squid-cache.org/ @@ -129,6 +129,7 @@ typedef enum { ACL_MAXCONN, ACL_REQ_MIME_TYPE, ACL_REP_MIME_TYPE, + ACL_MAX_USER_IP, ACL_ENUM_MAX } squid_acl; @@ -505,6 +506,13 @@ typedef enum { ACCESS_REQ_PROXY_AUTH } allow_t; +typedef enum { + AUTH_ACL_CHALLENGE = -2, + AUTH_ACL_HELPER = -1, + AUTH_ACL_CANNOT_AUTHENTICATE = 0, + AUTH_AUTHENTICATED = 1, +} auth_acl_t; + typedef enum { AUTH_UNKNOWN, /* default */ AUTH_BASIC, diff --git a/src/helper.cc b/src/helper.cc index a3d6e22899..1997761e3f 100644 --- a/src/helper.cc +++ b/src/helper.cc @@ -1,6 +1,6 @@ /* - * $Id: helper.cc,v 1.28 2001/05/21 04:50:57 hno Exp $ + * $Id: helper.cc,v 1.29 2001/08/03 15:13:04 adrian Exp $ * * DEBUG: section 29 Helper process maintenance * AUTHOR: Harvest Derived? @@ -183,6 +183,10 @@ helperStatefulOpenServers(statefulhelper * hlp) srv->flags.alive = 1; srv->flags.reserved = S_HELPER_FREE; srv->deferred_requests = 0; + srv->stats.deferbyfunc = 0; + srv->stats.deferbycb = 0; + srv->stats.submits = 0; + srv->stats.releases = 0; srv->index = k; srv->rfd = rfd; srv->wfd = wfd; @@ -260,8 +264,19 @@ helperStatefulSubmit(statefulhelper * hlp, const char *buf, HLPSCB * callback, v cbdataLock(r->data); if ((buf != NULL) && lastserver) { debug(29, 5) ("StatefulSubmit with lastserver %d\n", lastserver); - if (lastserver->flags.reserved != S_HELPER_RESERVED) + /* the queue doesn't count for this assert because queued requests + * have already gone through here and been tested. + * It's legal to have deferred_requests == 0 and queue entries + * and status of S_HELPEER_DEFERRED. + * BUT: It's not legal to submit a new request w/lastserver in + * that state. + */ + assert(!(lastserver->deferred_requests == 0 && + lastserver->flags.reserved == S_HELPER_DEFERRED)); + if (lastserver->flags.reserved != S_HELPER_RESERVED) { + lastserver->stats.submits++; lastserver->deferred_requests--; + } if (!(lastserver->request)) { debug(29, 5) ("StatefulSubmit dispatching\n"); helperStatefulDispatch(lastserver, r); @@ -314,8 +329,20 @@ helperStatefulDefer(statefulhelper * hlp) debug(29, 1) ("helperStatefulDefer: None available.\n"); return NULL; } + /* consistency check: + * when the deferred count is 0, + * submits + releases == deferbyfunc + deferbycb + * Or in english, when there are no deferred requests, the amount + * we have submitted to the queue or cancelled must equal the amount + * we have said we wanted to be able to submit or cancel + */ + if (rv->deferred_requests == 0) + assert(rv->stats.submits + rv->stats.releases == + rv->stats.deferbyfunc + rv->stats.deferbycb); + rv->flags.reserved = S_HELPER_DEFERRED; rv->deferred_requests++; + rv->stats.deferbyfunc++; return rv; } @@ -337,7 +364,6 @@ helperStatefulReset(helper_stateful_server * srv) helperStatefulRequestFree(r); srv->request = NULL; } - debug(29, 1) ("helperStatefulReset reset helper %s #%d\n", hlp->id_name, srv->index + 1); srv->flags.busy = 0; if (srv->queue.head) { srv->flags.reserved = S_HELPER_DEFERRED; @@ -354,8 +380,11 @@ void helperStatefulReleaseServer(helper_stateful_server * srv) /*decrease the number of 'waiting' clients that set the helper to be DEFERRED */ { - if (srv->deferred_requests > 0) + srv->stats.releases++; + if (srv->flags.reserved == S_HELPER_DEFERRED) { + assert(srv->deferred_requests); srv->deferred_requests--; + } if (!(srv->deferred_requests) && (srv->flags.reserved == S_HELPER_DEFERRED) && !(srv->queue.head)) { srv->flags.reserved = S_HELPER_FREE; if ((srv->parent->OnEmptyQueue != NULL) && (srv->data)) @@ -747,7 +776,7 @@ helperStatefulHandleRead(int fd, void *data) fatal("helperStatefulHandleRead: either a non-state aware callback was give to the stateful helper routines, or an uninitialised callback response was recieved.\n"); break; case S_HELPER_RELEASE: /* helper finished with */ - if (!srv->queue.head) { + if (!srv->deferred_requests && !srv->queue.head) { srv->flags.reserved = S_HELPER_FREE; if ((srv->parent->OnEmptyQueue != NULL) && (srv->data)) srv->parent->OnEmptyQueue(srv->data); @@ -759,6 +788,7 @@ helperStatefulHandleRead(int fd, void *data) break; case S_HELPER_RESERVE: /* 'pin' this helper for the caller */ if (!srv->queue.head) { + assert(srv->deferred_requests == 0); srv->flags.reserved = S_HELPER_RESERVED; debug(29, 5) ("StatefulHandleRead: reserving %s #%d\n", hlp->id_name, srv->index + 1); } else { @@ -771,6 +801,7 @@ helperStatefulHandleRead(int fd, void *data) */ srv->flags.reserved = S_HELPER_DEFERRED; srv->deferred_requests++; + srv->stats.deferbycb++; debug(29, 5) ("StatefulHandleRead: reserving %s #%d for deferred requests.\n", hlp->id_name, srv->index + 1); break; default: diff --git a/src/protos.h b/src/protos.h index dba403d0d5..07521d7549 100644 --- a/src/protos.h +++ b/src/protos.h @@ -1,6 +1,6 @@ /* - * $Id: protos.h,v 1.408 2001/07/28 09:21:32 hno Exp $ + * $Id: protos.h,v 1.409 2001/08/03 15:13:04 adrian Exp $ * * * SQUID Web Proxy Cache http://www.squid-cache.org/ @@ -738,7 +738,7 @@ extern void authenticateShutdown(void); extern void authenticateFixHeader(HttpReply *, auth_user_request_t *, request_t *, int, int); extern void authenticateAddTrailer(HttpReply *, auth_user_request_t *, request_t *, int); extern auth_user_request_t *authenticateGetAuthUser(const char *proxy_auth); -extern void authenticateAuthenticateUser(auth_user_request_t *, request_t *, ConnStateData *, http_hdr_type); +extern auth_acl_t authenticateAuthenticate(auth_user_request_t **, http_hdr_type, request_t *, ConnStateData *, struct in_addr); extern void authenticateAuthUserUnlock(auth_user_t * auth_user); extern void authenticateAuthUserLock(auth_user_t * auth_user); extern void authenticateAuthUserRequestUnlock(auth_user_request_t *); @@ -746,6 +746,9 @@ extern void authenticateAuthUserRequestLock(auth_user_request_t *); extern char *authenticateAuthUserRequestMessage(auth_user_request_t *); extern int authenticateAuthUserInuse(auth_user_t * auth_user); extern void authenticateAuthUserRequestSetIp(auth_user_request_t *, struct in_addr); +extern void authenticateAuthUserRequestRemoveIp(auth_user_request_t *, struct in_addr); +extern void authenticateAuthUserRequestClearIp(auth_user_request_t *); +extern size_t authenticateAuthUserRequestIPCount(auth_user_request_t *); extern int authenticateDirection(auth_user_request_t *); extern FREE authenticateFreeProxyAuthUser; extern void authenticateFreeProxyAuthUserACLResults(void *data); diff --git a/src/structs.h b/src/structs.h index 82c1193b2a..02746ad5c0 100644 --- a/src/structs.h +++ b/src/structs.h @@ -1,6 +1,6 @@ /* - * $Id: structs.h,v 1.395 2001/07/28 09:21:32 hno Exp $ + * $Id: structs.h,v 1.396 2001/08/03 15:13:04 adrian Exp $ * * * SQUID Web Proxy Cache http://www.squid-cache.org/ @@ -53,6 +53,12 @@ struct _acl_user_data { } flags; }; +struct _acl_user_ip_data { + size_t max; + struct { + unsigned int strict:1; + } flags; +}; struct _acl_ip_data { struct in_addr addr1; /* if addr2 non-zero then its a range */ @@ -87,6 +93,13 @@ struct _auth_user_hash_pointer { dlink_node link; /* other hash entries that point to the same auth_user */ }; +struct _auth_user_ip_t { + dlink_node node; + /* IP addr this user authenticated from */ + struct in_addr ipaddr; + time_t ip_expiretime; +}; + struct _auth_user_t { /* extra fields for proxy_auth */ /* this determines what scheme owns the user data. */ @@ -98,13 +111,12 @@ struct _auth_user_t { /* we may have many proxy-authenticate strings that decode to the same user */ dlink_list proxy_auth_list; dlink_list proxy_match_cache; + dlink_list ip_list; + size_t ipcount; struct { unsigned int credentials_ok:2; /*0=unchecked,1=ok,2=failed */ } flags; long expiretime; - /* IP addr this user authenticated from */ - struct in_addr ipaddr; - time_t ip_expiretime; /* how many references are outstanding to this instance */ size_t references; /* the auth scheme has it's own private data area */ @@ -146,6 +158,7 @@ struct _authscheme_entry { AUTHSFREECONFIG *freeconfig; AUTHSUSERNAME *authUserUsername; AUTHSONCLOSEC *oncloseconnection; /*optional */ + AUTHSCONNLASTHEADER *authConnLastHeader; AUTHSDECODE *decodeauth; AUTHSDIRECTION *getdirection; AUTHSPARSE *parse; @@ -553,7 +566,6 @@ struct _SquidConfig { int digest_generation; #endif int log_ip_on_direct; - int authenticateIpTTLStrict; int ie_refresh; int vary_ignore_expire; int pipeline_prefetch; @@ -2039,6 +2051,10 @@ struct _helper_stateful_server { } flags; struct { int uses; + int submits; + int releases; + int deferbyfunc; + int deferbycb; } stats; size_t deferred_requests; /* current number of deferred requests */ void *data; /* State data used by the calling routines */ diff --git a/src/typedefs.h b/src/typedefs.h index 6a92f7cf69..433051c57e 100644 --- a/src/typedefs.h +++ b/src/typedefs.h @@ -1,6 +1,6 @@ /* - * $Id: typedefs.h,v 1.129 2001/07/28 09:21:32 hno Exp $ + * $Id: typedefs.h,v 1.130 2001/08/03 15:13:04 adrian Exp $ * * * SQUID Web Proxy Cache http://www.squid-cache.org/ @@ -64,10 +64,12 @@ typedef struct _acl_deny_info_list acl_deny_info_list; typedef struct _auth_user_t auth_user_t; typedef struct _auth_user_request_t auth_user_request_t; typedef struct _auth_user_hash_pointer auth_user_hash_pointer; +typedef struct _auth_user_ip_t auth_user_ip_t; typedef struct _acl_proxy_auth_match_cache acl_proxy_auth_match_cache; typedef struct _authscheme_entry authscheme_entry_t; typedef struct _authScheme authScheme; typedef struct _acl_user_data acl_user_data; +typedef struct _acl_user_ip_data acl_user_ip_data; typedef struct _acl_arp_data acl_arp_data; typedef struct _acl acl; typedef struct _acl_snmp_comm acl_snmp_comm; @@ -313,6 +315,7 @@ typedef void AUTHSSETUP(authscheme_entry_t *); typedef void AUTHSSHUTDOWN(void); typedef void AUTHSSTART(auth_user_request_t *, RH *, void *); typedef void AUTHSSTATS(StoreEntry *); +typedef const char *AUTHSCONNLASTHEADER(auth_user_request_t *); /* append/vprintf's for Packer */ typedef void (*append_f) (void *, const char *buf, int size);