Drop obsolete auth_type from ConnState.

diff --git a/src/acl/FilledChecklist.cc b/src/acl/FilledChecklist.cc
index 313715b5688514dc5e3c9e6ce465c8d9c6a1734c..72ec05750b18d4e4b4087e509d09915bae44d598 100644 (file)
--- a/src/acl/FilledChecklist.cc
+++ b/src/acl/FilledChecklist.cc
@@ -11,7 +11,7 @@ CBDATA_CLASS_INIT(ACLFilledChecklist);
 void
 ACLFilledChecklist::checkCallback(allow_t answer)
 {
-    debugs(28, 5, "ACLFilledChecklist::checkCallback: " << this << " answer=" << answer);
+    debugs(28, 5, HERE << this << " answer=" << answer);
 
     /* During reconfigure, we can end up not finishing call
      * sequences into the auth code */
@@ -20,10 +20,8 @@ ACLFilledChecklist::checkCallback(allow_t answer)
         /* the filled_checklist lock */
         auth_user_request = NULL;
         /* it might have been connection based */
-        /* BUG 2827: the connection may also not exist. ie fast ACL tests vs client disconnection. */
         if (conn()) {
             conn()->auth_user_request = NULL;
-            conn()->auth_type = AUTH_BROKEN;
         }
     }
 

diff --git a/src/auth/AclProxyAuth.cc b/src/auth/AclProxyAuth.cc
index 0717556287c243235e0ec3594793c1c204e4565f..a0a16b9cad3666f47c699e5c5f8812c437dd664c 100644 (file)
--- a/src/auth/AclProxyAuth.cc
+++ b/src/auth/AclProxyAuth.cc
@@ -165,7 +165,6 @@ ProxyAuthLookup::LookupDone(void *data, char *result)
 
         if (checklist->conn() != NULL) {
             checklist->conn()->auth_user_request = NULL;
-            checklist->conn()->auth_type = AUTH_BROKEN;
         }
     }
 

diff --git a/src/auth/UserRequest.cc b/src/auth/UserRequest.cc
index 16e6d43d63aa15f67e7bb10e3b84d3cf13826ecb..cf431432276cefb8fac070d16693bb6f065acfed 100644 (file)
--- a/src/auth/UserRequest.cc
+++ b/src/auth/UserRequest.cc
@@ -299,14 +299,15 @@ AuthUserRequest::authenticate(AuthUserRequest::Pointer * auth_user_request, http
      * connection when we recieve no authentication header.
      */
 
-    if (((proxy_auth == NULL) && (!authenticateUserAuthenticated(authTryGetUser(*auth_user_request,conn,request))))
-            || (conn != NULL  && conn->auth_type == AUTH_BROKEN)) {
+    /* a) can we find other credentials to use? and b) are they logged in already? */
+    if (proxy_auth == NULL && !authenticateUserAuthenticated(authTryGetUser(*auth_user_request,conn,request))) {
         /* no header or authentication failed/got corrupted - restart */
-        debugs(29, 4, "authenticateAuthenticate: broken auth or no proxy_auth header. Requesting auth header.");
+        debugs(29, 4, HERE << "No Proxy-Auth header and no working alternative. Requesting auth header.");
+
         /* something wrong with the AUTH credentials. Force a new attempt */
 
+        /* connection auth we must reset on auth errors */
         if (conn != NULL) {
-            conn->auth_type = AUTH_UNKNOWN;
             conn->auth_user_request = NULL;
         }
 
@@ -323,49 +324,43 @@ AuthUserRequest::authenticate(AuthUserRequest::Pointer * auth_user_request, http
             authenticateUserAuthenticated(conn->auth_user_request) &&
             conn->auth_user_request->connLastHeader() != NULL &&
             strcmp(proxy_auth, conn->auth_user_request->connLastHeader())) {
-        debugs(29, 2, "authenticateAuthenticate: DUPLICATE AUTH - authentication header on already authenticated connection!. AU " <<
+        debugs(29, 2, "WARNING: DUPLICATE AUTH - authentication header on already authenticated connection!. AU " <<
                conn->auth_user_request << ", Current user '" <<
                conn->auth_user_request->username() << "' proxy_auth " <<
                proxy_auth);
 
-        /* remove this request struct - the link is already authed and it can't be to
-         * reauth.
-         */
+        /* remove this request struct - the link is already authed and it can't be to reauth. */
 
         /* This should _only_ ever occur on the first pass through
          * authenticateAuthenticate
          */
         assert(*auth_user_request == NULL);
         conn->auth_user_request = NULL;
-        /* Set the connection auth type */
-        conn->auth_type = AUTH_UNKNOWN;
     }
 
     /* we have a proxy auth header and as far as we know this connection has
      * not had bungled connection oriented authentication happen on it. */
-    debugs(29, 9, "authenticateAuthenticate: header " << (proxy_auth ? proxy_auth : "-") << ".");
+    debugs(29, 9, HERE << "header " << (proxy_auth ? proxy_auth : "-") << ".");
 
     if (*auth_user_request == NULL) {
-        debugs(29, 9, "authenticateAuthenticate: This is a new checklist test on FD:" << (conn != NULL ? conn->fd : -1)  );
+        debugs(29, 9, HERE << "This is a new checklist test on FD:" << (conn != NULL ? conn->fd : -1)  );
 
         if (proxy_auth && request->auth_user_request == NULL && conn != NULL && conn->auth_user_request != NULL) {
             AuthConfig * scheme = AuthConfig::Find(proxy_auth);
 
-            if (!conn->auth_user_request->user() || conn->auth_user_request->user()->config != scheme) {
-                debugs(29, 1, "authenticateAuthenticate: Unexpected change of authentication scheme from '" <<
+            if (conn->auth_user_request->user() == NULL || conn->auth_user_request->user()->config != scheme) {
+                debugs(29, 1, "WARNING: Unexpected change of authentication scheme from '" <<
                        conn->auth_user_request->user()->config->type() <<
                        "' to '" << proxy_auth << "' (client " <<
                        src_addr << ")");
 
                 conn->auth_user_request = NULL;
-                conn->auth_type = AUTH_UNKNOWN;
             }
         }
 
-        if ((!request->auth_user_request)
-                && (conn == NULL || conn->auth_type == AUTH_UNKNOWN)) {
+        if (request->auth_user_request == NULL && (conn == NULL || conn->auth_user_request == NULL)) {
             /* beginning of a new request check */
-            debugs(29, 4, "authenticateAuthenticate: no connection authentication type");
+            debugs(29, 4, HERE << "No connection authentication type");
 
             *auth_user_request = AuthConfig::CreateAuthUser(proxy_auth);
             if (*auth_user_request == NULL)
@@ -382,7 +377,6 @@ AuthUserRequest::authenticate(AuthUserRequest::Pointer * auth_user_request, http
                 return AUTH_ACL_CHALLENGE;
             }
 
-            /* the user_request comes prelocked for the caller to createAuthUser (us) */
         } else if (request->auth_user_request != NULL) {
             *auth_user_request = request->auth_user_request;
         } else {
@@ -391,10 +385,10 @@ AuthUserRequest::authenticate(AuthUserRequest::Pointer * auth_user_request, http
                 *auth_user_request = conn->auth_user_request;
             } else {
                 /* failed connection based authentication */
-                debugs(29, 4, "authenticateAuthenticate: Auth user request " <<
+                debugs(29, 4, HERE << "Auth user request " <<
                        *auth_user_request << " conn-auth user request " <<
                        conn->auth_user_request << " conn type " <<
-                       conn->auth_type << " authentication failed.");
+                       conn->auth_user_request->user()->auth_type << " authentication failed.");
 
                 *auth_user_request = NULL;
                 return AUTH_ACL_CHALLENGE;

diff --git a/src/auth/negotiate/negotiateUserRequest.cc b/src/auth/negotiate/negotiateUserRequest.cc
index 68a1a8d4ddc591c6cc35732575b8b360e7787084..a6a28e6c177722805aad103886aa12723b745240 100644 (file)
--- a/src/auth/negotiate/negotiateUserRequest.cc
+++ b/src/auth/negotiate/negotiateUserRequest.cc
@@ -234,7 +234,6 @@ AuthNegotiateUserRequest::authenticate(HttpRequest * aRequest, ConnStateData * c
         auth_state = AUTHENTICATE_STATE_INITIAL;
         safe_free(client_blob);
         client_blob=xstrdup(blob);
-        conn->auth_type = AUTH_NEGOTIATE;
         assert(conn->auth_user_request == NULL);
         conn->auth_user_request = this;
         request = aRequest;
@@ -245,7 +244,6 @@ AuthNegotiateUserRequest::authenticate(HttpRequest * aRequest, ConnStateData * c
         debugs(29, 1, HERE << "need to ask helper");
         break;
 
-
     case AUTHENTICATE_STATE_IN_PROGRESS:
         /* we should have received a blob from the client. Hand it off to
          * some helper */

diff --git a/src/auth/ntlm/ntlmUserRequest.cc b/src/auth/ntlm/ntlmUserRequest.cc
index 6f0e107fc181ac443920fc3d47f60f892838f7d7..e16e8af4c6edcefc4cfc1c768d746c87c22842fc 100644 (file)
--- a/src/auth/ntlm/ntlmUserRequest.cc
+++ b/src/auth/ntlm/ntlmUserRequest.cc
@@ -209,7 +209,6 @@ AuthNTLMUserRequest::authenticate(HttpRequest * aRequest, ConnStateData * conn,
         auth_state = AUTHENTICATE_STATE_INITIAL;
         safe_free(client_blob);
         client_blob=xstrdup(blob);
-        conn->auth_type = AUTH_NTLM;
         assert(conn->auth_user_request == NULL);
         conn->auth_user_request = this;
         request = aRequest;

diff --git a/src/client_side.h b/src/client_side.h
index bd4bd02d95d2953ae300d524b9321eff2484991e..32aafc9f67e6fa1d61720b598a9ebc4712c1a860 100644 (file)
--- a/src/client_side.h
+++ b/src/client_side.h
@@ -33,7 +33,6 @@
 #ifndef SQUID_CLIENTSIDE_H
 #define SQUID_CLIENTSIDE_H
 
-#include "auth/AuthType.h"
 #include "auth/UserRequest.h"
 #include "base/AsyncJob.h"
 #include "BodyPipe.h"
@@ -49,7 +48,6 @@ class ClientHttpRequest;
 class clientStreamNode;
 class ChunkedCodingParser;
 class HttpParser;
-// class AuthUserRequest::Pointer;
 
 template <class T>
 class Range;
@@ -172,13 +170,7 @@ public:
     int64_t bodySizeLeft();
 
     /**
-     * Is this connection based authentication? if so what type it
-     * is.
-     */
-    AuthType auth_type;
-
-    /**
-     * note this is ONLY connection based because NTLM is against HTTP spec.
+     * note this is ONLY connection based because NTLM and Negotiate is against HTTP spec.
      * the user details for connection based authentication
      */
     AuthUserRequest::Pointer auth_user_request;