From: serassio <>
Date: Wed, 14 Sep 2005 23:10:38 +0000 (+0000)
Subject: Bug #1327: NTLM authentication fails when low on filedescriptors or
X-Git-Tag: SQUID_3_0_PRE4~626
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=f5e45ad8cedf8a08b314f661fa137e552197f2ba;p=thirdparty%2Fsquid.git

Bug #1327: NTLM authentication fails when low on filedescriptors or
client side persistent connections disabled

Forward port of 2.5 patch.
---

diff --git a/src/auth/ntlm/auth_ntlm.cc b/src/auth/ntlm/auth_ntlm.cc
index 91d61d9c6c..bed1e82435 100644
--- a/src/auth/ntlm/auth_ntlm.cc
+++ b/src/auth/ntlm/auth_ntlm.cc
@@ -1,6 +1,6 @@
 
 /*
- * $Id: auth_ntlm.cc,v 1.47 2005/04/24 14:00:52 serassio Exp $
+ * $Id: auth_ntlm.cc,v 1.48 2005/09/14 17:10:39 serassio Exp $
  *
  * DEBUG: section 29    NTLM Authenticator
  * AUTHOR: Robert Collins
@@ -319,6 +319,9 @@ AuthNTLMConfig::fixHeader(auth_user_request_t *auth_user_request, HttpReply *rep
 {
     AuthNTLMUserRequest *ntlm_request;
 
+    if (!request->flags.proxy_keepalive)
+        return;
+
     if (authenticate) {
         /* New request, no user details */
 
@@ -353,6 +356,7 @@ AuthNTLMConfig::fixHeader(auth_user_request_t *auth_user_request, HttpReply *rep
                 /* pass the challenge to the client */
                 debug(29, 9) ("authenticateNTLMFixErrorHeader: Sending type:%d header: 'NTLM %s'\n", type, ntlm_request->authchallenge);
                 httpHeaderPutStrf(&rep->header, type, "NTLM %s", ntlm_request->authchallenge);
+                request->flags.must_keepalive = 1;
                 break;
 
             default:
diff --git a/src/client_side.cc b/src/client_side.cc
index 7583640308..1ef357d98e 100644
--- a/src/client_side.cc
+++ b/src/client_side.cc
@@ -1,6 +1,6 @@
 
 /*
- * $Id: client_side.cc,v 1.693 2005/09/12 22:26:39 wessels Exp $
+ * $Id: client_side.cc,v 1.694 2005/09/14 17:10:38 serassio Exp $
  *
  * DEBUG: section 33    Client-side Routines
  * AUTHOR: Duane Wessels
@@ -643,15 +643,11 @@ clientSetKeepaliveFlag(ClientHttpRequest * http)
     debug(33, 3) ("clientSetKeepaliveFlag: method = %s\n",
                   RequestMethodStr[request->method]);
 
-    if (!Config.onoff.client_pconns)
-        request->flags.proxy_keepalive = 0;
-    else {
-        HttpVersion http_ver(1,0);
-        /* we are HTTP/1.0, no matter what the client requests... */
+    HttpVersion http_ver(1,0);
+    /* we are HTTP/1.0, no matter what the client requests... */
 
-        if (httpMsgIsPersistent(http_ver, req_hdr))
-            request->flags.proxy_keepalive = 1;
-    }
+    if (httpMsgIsPersistent(http_ver, req_hdr))
+        request->flags.proxy_keepalive = 1;
 }
 
 static int
diff --git a/src/client_side_reply.cc b/src/client_side_reply.cc
index 84fcb1e6d5..80dcf11011 100644
--- a/src/client_side_reply.cc
+++ b/src/client_side_reply.cc
@@ -1,6 +1,6 @@
 
 /*
- * $Id: client_side_reply.cc,v 1.86 2005/09/09 17:31:33 wessels Exp $
+ * $Id: client_side_reply.cc,v 1.87 2005/09/14 17:10:38 serassio Exp $
  *
  * DEBUG: section 88    Client-side Reply Routines
  * AUTHOR: Robert Collins (Originally Duane Wessels in client_side.c)
@@ -1417,11 +1417,14 @@ clientReplyContext::buildReplyHeader()
         request->flags.proxy_keepalive = 0;
     }
 
-    if (fdUsageHigh()) {
+    if (fdUsageHigh()&& !request->flags.must_keepalive) {
         debug(88, 3) ("clientBuildReplyHeader: Not many unused FDs, can't keep-alive\n");
         request->flags.proxy_keepalive = 0;
     }
 
+    if (!Config.onoff.client_pconns && !request->flags.must_keepalive)
+        request->flags.proxy_keepalive = 0;
+
     /* Append VIA */
     {
         LOCAL_ARRAY(char, bbuf, MAX_URL + 32);
diff --git a/src/structs.h b/src/structs.h
index 990a479645..19c6490a02 100644
--- a/src/structs.h
+++ b/src/structs.h
@@ -1,6 +1,6 @@
 
 /*
- * $Id: structs.h,v 1.526 2005/09/03 13:46:46 serassio Exp $
+ * $Id: structs.h,v 1.527 2005/09/14 17:10:38 serassio Exp $
  *
  *
  * SQUID Web Proxy Cache          http://www.squid-cache.org/
@@ -1444,7 +1444,7 @@ struct _RemovalPurgeWalker
 
 struct request_flags
 {
-    request_flags():range(0),nocache(0),ims(0),auth(0),cachable(0),hierarchical(0),loopdetect(0),proxy_keepalive(0),proxying(0),refresh(0),redirected(0),need_validation(0),accelerated(0),transparent(0),internal(0),internalclient(0),body_sent(0),destinationIPLookedUp_(0)
+    request_flags():range(0),nocache(0),ims(0),auth(0),cachable(0),hierarchical(0),loopdetect(0),proxy_keepalive(0),proxying(0),refresh(0),redirected(0),need_validation(0),accelerated(0),transparent(0),internal(0),internalclient(0),body_sent(0),must_keepalive(0),destinationIPLookedUp_(0)
     {
 #if HTTP_VIOLATIONS
         nocache_hack = 0;
@@ -1507,6 +1507,9 @@ unsigned int internalclient:
 
 unsigned int body_sent:
     1;
+
+unsigned int must_keepalive:
+    1;
     bool resetTCP() const;
     void setResetTCP();
     void clearResetTCP();