From: Amos Jeffries Date: Tue, 20 Dec 2016 12:37:56 +0000 (+1300) Subject: De-duplicate shared auth parameters keep_alive and utf8 X-Git-Tag: M-staged-PR71~333^2~2 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=b2b09838674dab260d6727026697da81afee70b4;p=thirdparty%2Fsquid.git De-duplicate shared auth parameters keep_alive and utf8 --- diff --git a/src/auth/SchemeConfig.cc b/src/auth/SchemeConfig.cc index 0b7d933af1..a1b477b8d1 100644 --- a/src/auth/SchemeConfig.cc +++ b/src/auth/SchemeConfig.cc @@ -126,6 +126,10 @@ Auth::SchemeConfig::parse(Auth::SchemeConfig * scheme, int, char *param_str) debugs(29, DBG_CRITICAL, "FATAL: Unexpected argument '" << t << "' after request_format specification"); self_destruct(); } + } else if (strcmp(param_str, "keep_alive") == 0) { + parse_onoff(&keep_alive); + } else if (strcmp(param_str, "utf8") == 0) { + parse_onoff(&utf8); } else { debugs(29, DBG_CRITICAL, "Unrecognised " << scheme->type() << " auth scheme parameter '" << param_str << "'"); } @@ -137,23 +141,31 @@ Auth::SchemeConfig::dump(StoreEntry *entry, const char *name, Auth::SchemeConfig if (!authenticateProgram) return false; // not configured + const char *type = scheme->type(); + wordlist *list = authenticateProgram; - storeAppendPrintf(entry, "%s %s", name, scheme->type()); + storeAppendPrintf(entry, "%s %s", name, type); while (list != NULL) { storeAppendPrintf(entry, " %s", list->key); list = list->next; } storeAppendPrintf(entry, "\n"); - storeAppendPrintf(entry, "%s %s realm " SQUIDSBUFPH "\n", name, scheme->type(), SQUIDSBUFPRINT(realm)); + storeAppendPrintf(entry, "%s %s realm " SQUIDSBUFPH "\n", name, type, SQUIDSBUFPRINT(realm)); storeAppendPrintf(entry, "%s %s children %d startup=%d idle=%d concurrency=%d\n", - name, scheme->type(), + name, type, authenticateChildren.n_max, authenticateChildren.n_startup, authenticateChildren.n_idle, authenticateChildren.concurrency); - if (keyExtrasLine.size() > 0) - storeAppendPrintf(entry, "%s %s key_extras \"%s\"\n", name, scheme->type(), keyExtrasLine.termedBuf()); + if (keyExtrasLine.size() > 0) // default is none + storeAppendPrintf(entry, "%s %s key_extras \"%s\"\n", name, type, keyExtrasLine.termedBuf()); + + if (!keep_alive) // default is on + storeAppendPrintf(entry, "%s %s keep_alive off\n", name, type); + + if (utf8) // default is off + storeAppendPrintf(entry, "%s %s utf8 on\n", name, type); return true; } diff --git a/src/auth/SchemeConfig.h b/src/auth/SchemeConfig.h index d8c56b5e0f..1953d2c7af 100644 --- a/src/auth/SchemeConfig.h +++ b/src/auth/SchemeConfig.h @@ -53,7 +53,7 @@ public: /// Call this method if you need a guarantee that all auth schemes has been /// already configured. static SchemeConfig *GetParsed(const char *proxy_auth); - SchemeConfig() : authenticateChildren(20), authenticateProgram(NULL), keyExtras(NULL) {} + SchemeConfig() : authenticateChildren(20) {} virtual ~SchemeConfig() {} @@ -126,9 +126,11 @@ public: public: Helper::ChildConfig authenticateChildren; - wordlist *authenticateProgram; ///< Helper program to run, includes all parameters + wordlist *authenticateProgram = nullptr; ///< Helper program to run, includes all parameters String keyExtrasLine; ///< The format of the request to the auth helper - Format::Format *keyExtras; ///< The compiled request format + Format::Format *keyExtras = nullptr; ///< The compiled request format + int keep_alive = 1; ///< whether to close the connection on auth challenges. default: on + int utf8 = 0; ///< wheter to accept UTF-8 characterset instead of ASCII. default: off protected: /// RFC 7235 section 2.2 - Protection Space (Realm) diff --git a/src/auth/basic/Config.cc b/src/auth/basic/Config.cc index 4237b6e3ef..e251876072 100644 --- a/src/auth/basic/Config.cc +++ b/src/auth/basic/Config.cc @@ -119,14 +119,12 @@ Auth::Basic::Config::dump(StoreEntry * entry, const char *name, Auth::SchemeConf storeAppendPrintf(entry, "%s basic credentialsttl %d seconds\n", name, (int) credentialsTTL); storeAppendPrintf(entry, "%s basic casesensitive %s\n", name, casesensitive ? "on" : "off"); - storeAppendPrintf(entry, "%s basic utf8 %s\n", name, utf8 ? "on" : "off"); return true; } Auth::Basic::Config::Config() : credentialsTTL( 2*60*60 ), - casesensitive(0), - utf8(0) + casesensitive(0) { static const SBuf defaultRealm("Squid proxy-caching web server"); realm = defaultRealm; @@ -139,8 +137,6 @@ Auth::Basic::Config::parse(Auth::SchemeConfig * scheme, int n_configured, char * parse_time_t(&credentialsTTL); } else if (strcmp(param_str, "casesensitive") == 0) { parse_onoff(&casesensitive); - } else if (strcmp(param_str, "utf8") == 0) { - parse_onoff(&utf8); } else Auth::SchemeConfig::parse(scheme, n_configured, param_str); } diff --git a/src/auth/basic/Config.h b/src/auth/basic/Config.h index f9f38cf9be..6e448e25fe 100644 --- a/src/auth/basic/Config.h +++ b/src/auth/basic/Config.h @@ -42,7 +42,6 @@ public: public: time_t credentialsTTL; int casesensitive; - int utf8; private: char * decodeCleartext(const char *httpAuthHeader); diff --git a/src/auth/digest/Config.cc b/src/auth/digest/Config.cc index 0d7e760137..becd2a7470 100644 --- a/src/auth/digest/Config.cc +++ b/src/auth/digest/Config.cc @@ -487,7 +487,6 @@ Auth::Digest::Config::dump(StoreEntry * entry, const char *name, Auth::SchemeCon name, "digest", noncemaxuses, name, "digest", (int) noncemaxduration, name, "digest", (int) nonceGCInterval); - storeAppendPrintf(entry, "%s digest utf8 %s\n", name, utf8 ? "on" : "off"); return true; } @@ -600,8 +599,7 @@ Auth::Digest::Config::Config() : noncemaxuses(50), NonceStrictness(0), CheckNonceCount(1), - PostWorkaround(0), - utf8(0) + PostWorkaround(0) {} void @@ -619,8 +617,6 @@ Auth::Digest::Config::parse(Auth::SchemeConfig * scheme, int n_configured, char parse_onoff(&CheckNonceCount); } else if (strcmp(param_str, "post_workaround") == 0) { parse_onoff(&PostWorkaround); - } else if (strcmp(param_str, "utf8") == 0) { - parse_onoff(&utf8); } else Auth::SchemeConfig::parse(scheme, n_configured, param_str); } diff --git a/src/auth/digest/Config.h b/src/auth/digest/Config.h index 860a420e75..501fea4ece 100644 --- a/src/auth/digest/Config.h +++ b/src/auth/digest/Config.h @@ -94,7 +94,6 @@ public: int NonceStrictness; int CheckNonceCount; int PostWorkaround; - int utf8; }; } // namespace Digest diff --git a/src/auth/negotiate/Config.cc b/src/auth/negotiate/Config.cc index 9cf85f1165..90329b88c0 100644 --- a/src/auth/negotiate/Config.cc +++ b/src/auth/negotiate/Config.cc @@ -73,28 +73,6 @@ Auth::Negotiate::Config::done() debugs(29, DBG_IMPORTANT, "Reconfigure: Negotiate authentication configuration cleared."); } -bool -Auth::Negotiate::Config::dump(StoreEntry * entry, const char *name, Auth::SchemeConfig * scheme) const -{ - if (!Auth::SchemeConfig::dump(entry, name, scheme)) - return false; - - storeAppendPrintf(entry, "%s negotiate keep_alive %s\n", name, keep_alive ? "on" : "off"); - return true; -} - -Auth::Negotiate::Config::Config() : keep_alive(1) -{ } - -void -Auth::Negotiate::Config::parse(Auth::SchemeConfig * scheme, int n_configured, char *param_str) -{ - if (strcmp(param_str, "keep_alive") == 0) { - parse_onoff(&keep_alive); - } else - Auth::SchemeConfig::parse(scheme, n_configured, param_str); -} - const char * Auth::Negotiate::Config::type() const { diff --git a/src/auth/negotiate/Config.h b/src/auth/negotiate/Config.h index bdeeee67ef..67453c3dc6 100644 --- a/src/auth/negotiate/Config.h +++ b/src/auth/negotiate/Config.h @@ -25,21 +25,15 @@ namespace Negotiate class Config : public Auth::SchemeConfig { public: - Config(); virtual bool active() const; virtual bool configured() const; virtual Auth::UserRequest::Pointer decode(char const *proxy_auth, const char *requestRealm); virtual void done(); virtual void rotateHelpers(); - virtual bool dump(StoreEntry *, const char *, Auth::SchemeConfig *) const; virtual void fixHeader(Auth::UserRequest::Pointer, HttpReply *, Http::HdrType, HttpRequest *); virtual void init(Auth::SchemeConfig *); - virtual void parse(Auth::SchemeConfig *, int, char *); virtual void registerWithCacheManager(void); virtual const char * type() const; - -public: - int keep_alive; }; } // namespace Negotiate diff --git a/src/auth/ntlm/Config.cc b/src/auth/ntlm/Config.cc index 1bbf49d051..2661fa649d 100644 --- a/src/auth/ntlm/Config.cc +++ b/src/auth/ntlm/Config.cc @@ -74,28 +74,6 @@ Auth::Ntlm::Config::done() debugs(29, DBG_IMPORTANT, "Reconfigure: NTLM authentication configuration cleared."); } -bool -Auth::Ntlm::Config::dump(StoreEntry * entry, const char *name, Auth::SchemeConfig * scheme) const -{ - if (!Auth::SchemeConfig::dump(entry, name, scheme)) - return false; - - storeAppendPrintf(entry, "%s ntlm keep_alive %s\n", name, keep_alive ? "on" : "off"); - return true; -} - -Auth::Ntlm::Config::Config() : keep_alive(1) -{ } - -void -Auth::Ntlm::Config::parse(Auth::SchemeConfig * scheme, int n_configured, char *param_str) -{ - if (strcmp(param_str, "keep_alive") == 0) { - parse_onoff(&keep_alive); - } else - Auth::SchemeConfig::parse(scheme, n_configured, param_str); -} - const char * Auth::Ntlm::Config::type() const { diff --git a/src/auth/ntlm/Config.h b/src/auth/ntlm/Config.h index 02b6ed0dea..4fa88e2bec 100644 --- a/src/auth/ntlm/Config.h +++ b/src/auth/ntlm/Config.h @@ -28,21 +28,15 @@ namespace Ntlm class Config : public Auth::SchemeConfig { public: - Config(); virtual bool active() const; virtual bool configured() const; virtual Auth::UserRequest::Pointer decode(char const *proxy_auth, const char *requestRealm); virtual void done(); virtual void rotateHelpers(); - virtual bool dump(StoreEntry *, const char *, Auth::SchemeConfig *) const; virtual void fixHeader(Auth::UserRequest::Pointer, HttpReply *, Http::HdrType, HttpRequest *); virtual void init(Auth::SchemeConfig *); - virtual void parse(Auth::SchemeConfig *, int, char *); virtual void registerWithCacheManager(void); virtual const char * type() const; - -public: - int keep_alive; }; } // namespace Ntlm diff --git a/src/cf.data.pre b/src/cf.data.pre index bc93ec2102..029991ffa9 100644 --- a/src/cf.data.pre +++ b/src/cf.data.pre @@ -617,9 +617,14 @@ DOC_START NOTE: NTLM and Negotiate schemes do not support concurrency in the Squid code module even though some helpers can. + "keep_alive" on|off + If you experience problems with PUT/POST requests when using + the NTLM or Negotiate schemes then you can try setting this + to off. This will cause Squid to forcibly close the connection + on the initial request where the browser asks which schemes + are supported by the proxy. -IF HAVE_AUTH_MODULE_BASIC - === Basic authentication parameters === + For Basic and Digest this parameter is ignored. "utf8" on|off HTTP uses iso-latin-1 as character set, while some @@ -627,6 +632,11 @@ IF HAVE_AUTH_MODULE_BASIC set to on Squid will translate the HTTP iso-latin-1 charset to UTF-8 before sending the username and password to the helper. + For NTLM and Negotiate this parameter is ignored. + +IF HAVE_AUTH_MODULE_BASIC + === Basic authentication parameters === + "credentialsttl" timetolive Specifies how long squid assumes an externally validated username:password pair is valid for - in other words how @@ -650,12 +660,6 @@ ENDIF IF HAVE_AUTH_MODULE_DIGEST === Digest authentication parameters === - "utf8" on|off - HTTP uses iso-latin-1 as character set, while some - authentication backends such as LDAP expects UTF-8. If this is - set to on Squid will translate the HTTP iso-latin-1 charset to - UTF-8 before sending the username and password to the helper. - "nonce_garbage_interval" timeinterval Specifies the interval that nonces that have been issued to client_agent's are checked for validity. @@ -685,27 +689,6 @@ IF HAVE_AUTH_MODULE_DIGEST incorrect request digest in POST requests when reusing the same nonce as acquired earlier on a GET request. -ENDIF -IF HAVE_AUTH_MODULE_NEGOTIATE - === Negotiate authentication parameters === - - "keep_alive" on|off - If you experience problems with PUT/POST requests when using - the this authentication scheme then you can try setting this - to off. This will cause Squid to forcibly close the connection - on the initial request where the browser asks which schemes - are supported by the proxy. - -ENDIF -IF HAVE_AUTH_MODULE_NTLM - === NTLM authentication parameters === - - "keep_alive" on|off - If you experience problems with PUT/POST requests when using - the this authentication scheme then you can try setting this - to off. This will cause Squid to forcibly close the connection - on the initial request where the browser asks which schemes - are supported by the proxy. ENDIF === Example Configuration === @@ -716,7 +699,6 @@ ENDIF #auth_param negotiate program #auth_param negotiate children 20 startup=0 idle=1 -#auth_param negotiate keep_alive on # #auth_param digest program #auth_param digest children 20 startup=0 idle=1 @@ -727,11 +709,9 @@ ENDIF # #auth_param ntlm program #auth_param ntlm children 20 startup=0 idle=1 -#auth_param ntlm keep_alive on # #auth_param basic program #auth_param basic children 5 startup=5 idle=1 -#auth_param basic realm Squid proxy-caching web server #auth_param basic credentialsttl 2 hours DOC_END