From a1ce83aa3a99a295c432777f7ad3e1244a9f42e7 Mon Sep 17 00:00:00 2001 From: Amos Jeffries Date: Wed, 5 May 2010 00:33:30 +1200 Subject: [PATCH] Drop obsolete auth_type from ConnState. --- src/acl/FilledChecklist.cc | 4 +-- src/auth/AclProxyAuth.cc | 1 - src/auth/UserRequest.cc | 36 +++++++++------------- src/auth/negotiate/negotiateUserRequest.cc | 2 -- src/auth/ntlm/ntlmUserRequest.cc | 1 - src/client_side.h | 10 +----- 6 files changed, 17 insertions(+), 37 deletions(-) diff --git a/src/acl/FilledChecklist.cc b/src/acl/FilledChecklist.cc index 313715b568..72ec05750b 100644 --- a/src/acl/FilledChecklist.cc +++ b/src/acl/FilledChecklist.cc @@ -11,7 +11,7 @@ CBDATA_CLASS_INIT(ACLFilledChecklist); void ACLFilledChecklist::checkCallback(allow_t answer) { - debugs(28, 5, "ACLFilledChecklist::checkCallback: " << this << " answer=" << answer); + debugs(28, 5, HERE << this << " answer=" << answer); /* During reconfigure, we can end up not finishing call * sequences into the auth code */ @@ -20,10 +20,8 @@ ACLFilledChecklist::checkCallback(allow_t answer) /* the filled_checklist lock */ auth_user_request = NULL; /* it might have been connection based */ - /* BUG 2827: the connection may also not exist. ie fast ACL tests vs client disconnection. */ if (conn()) { conn()->auth_user_request = NULL; - conn()->auth_type = AUTH_BROKEN; } } diff --git a/src/auth/AclProxyAuth.cc b/src/auth/AclProxyAuth.cc index 0717556287..a0a16b9cad 100644 --- a/src/auth/AclProxyAuth.cc +++ b/src/auth/AclProxyAuth.cc @@ -165,7 +165,6 @@ ProxyAuthLookup::LookupDone(void *data, char *result) if (checklist->conn() != NULL) { checklist->conn()->auth_user_request = NULL; - checklist->conn()->auth_type = AUTH_BROKEN; } } diff --git a/src/auth/UserRequest.cc b/src/auth/UserRequest.cc index 16e6d43d63..cf43143227 100644 --- a/src/auth/UserRequest.cc +++ b/src/auth/UserRequest.cc @@ -299,14 +299,15 @@ AuthUserRequest::authenticate(AuthUserRequest::Pointer * auth_user_request, http * connection when we recieve no authentication header. */ - if (((proxy_auth == NULL) && (!authenticateUserAuthenticated(authTryGetUser(*auth_user_request,conn,request)))) - || (conn != NULL && conn->auth_type == AUTH_BROKEN)) { + /* a) can we find other credentials to use? and b) are they logged in already? */ + if (proxy_auth == NULL && !authenticateUserAuthenticated(authTryGetUser(*auth_user_request,conn,request))) { /* no header or authentication failed/got corrupted - restart */ - debugs(29, 4, "authenticateAuthenticate: broken auth or no proxy_auth header. Requesting auth header."); + debugs(29, 4, HERE << "No Proxy-Auth header and no working alternative. Requesting auth header."); + /* something wrong with the AUTH credentials. Force a new attempt */ + /* connection auth we must reset on auth errors */ if (conn != NULL) { - conn->auth_type = AUTH_UNKNOWN; conn->auth_user_request = NULL; } @@ -323,49 +324,43 @@ AuthUserRequest::authenticate(AuthUserRequest::Pointer * auth_user_request, http authenticateUserAuthenticated(conn->auth_user_request) && conn->auth_user_request->connLastHeader() != NULL && strcmp(proxy_auth, conn->auth_user_request->connLastHeader())) { - debugs(29, 2, "authenticateAuthenticate: DUPLICATE AUTH - authentication header on already authenticated connection!. AU " << + debugs(29, 2, "WARNING: DUPLICATE AUTH - authentication header on already authenticated connection!. AU " << conn->auth_user_request << ", Current user '" << conn->auth_user_request->username() << "' proxy_auth " << proxy_auth); - /* remove this request struct - the link is already authed and it can't be to - * reauth. - */ + /* remove this request struct - the link is already authed and it can't be to reauth. */ /* This should _only_ ever occur on the first pass through * authenticateAuthenticate */ assert(*auth_user_request == NULL); conn->auth_user_request = NULL; - /* Set the connection auth type */ - conn->auth_type = AUTH_UNKNOWN; } /* we have a proxy auth header and as far as we know this connection has * not had bungled connection oriented authentication happen on it. */ - debugs(29, 9, "authenticateAuthenticate: header " << (proxy_auth ? proxy_auth : "-") << "."); + debugs(29, 9, HERE << "header " << (proxy_auth ? proxy_auth : "-") << "."); if (*auth_user_request == NULL) { - debugs(29, 9, "authenticateAuthenticate: This is a new checklist test on FD:" << (conn != NULL ? conn->fd : -1) ); + debugs(29, 9, HERE << "This is a new checklist test on FD:" << (conn != NULL ? conn->fd : -1) ); if (proxy_auth && request->auth_user_request == NULL && conn != NULL && conn->auth_user_request != NULL) { AuthConfig * scheme = AuthConfig::Find(proxy_auth); - if (!conn->auth_user_request->user() || conn->auth_user_request->user()->config != scheme) { - debugs(29, 1, "authenticateAuthenticate: Unexpected change of authentication scheme from '" << + if (conn->auth_user_request->user() == NULL || conn->auth_user_request->user()->config != scheme) { + debugs(29, 1, "WARNING: Unexpected change of authentication scheme from '" << conn->auth_user_request->user()->config->type() << "' to '" << proxy_auth << "' (client " << src_addr << ")"); conn->auth_user_request = NULL; - conn->auth_type = AUTH_UNKNOWN; } } - if ((!request->auth_user_request) - && (conn == NULL || conn->auth_type == AUTH_UNKNOWN)) { + if (request->auth_user_request == NULL && (conn == NULL || conn->auth_user_request == NULL)) { /* beginning of a new request check */ - debugs(29, 4, "authenticateAuthenticate: no connection authentication type"); + debugs(29, 4, HERE << "No connection authentication type"); *auth_user_request = AuthConfig::CreateAuthUser(proxy_auth); if (*auth_user_request == NULL) @@ -382,7 +377,6 @@ AuthUserRequest::authenticate(AuthUserRequest::Pointer * auth_user_request, http return AUTH_ACL_CHALLENGE; } - /* the user_request comes prelocked for the caller to createAuthUser (us) */ } else if (request->auth_user_request != NULL) { *auth_user_request = request->auth_user_request; } else { @@ -391,10 +385,10 @@ AuthUserRequest::authenticate(AuthUserRequest::Pointer * auth_user_request, http *auth_user_request = conn->auth_user_request; } else { /* failed connection based authentication */ - debugs(29, 4, "authenticateAuthenticate: Auth user request " << + debugs(29, 4, HERE << "Auth user request " << *auth_user_request << " conn-auth user request " << conn->auth_user_request << " conn type " << - conn->auth_type << " authentication failed."); + conn->auth_user_request->user()->auth_type << " authentication failed."); *auth_user_request = NULL; return AUTH_ACL_CHALLENGE; diff --git a/src/auth/negotiate/negotiateUserRequest.cc b/src/auth/negotiate/negotiateUserRequest.cc index 68a1a8d4dd..a6a28e6c17 100644 --- a/src/auth/negotiate/negotiateUserRequest.cc +++ b/src/auth/negotiate/negotiateUserRequest.cc @@ -234,7 +234,6 @@ AuthNegotiateUserRequest::authenticate(HttpRequest * aRequest, ConnStateData * c auth_state = AUTHENTICATE_STATE_INITIAL; safe_free(client_blob); client_blob=xstrdup(blob); - conn->auth_type = AUTH_NEGOTIATE; assert(conn->auth_user_request == NULL); conn->auth_user_request = this; request = aRequest; @@ -245,7 +244,6 @@ AuthNegotiateUserRequest::authenticate(HttpRequest * aRequest, ConnStateData * c debugs(29, 1, HERE << "need to ask helper"); break; - case AUTHENTICATE_STATE_IN_PROGRESS: /* we should have received a blob from the client. Hand it off to * some helper */ diff --git a/src/auth/ntlm/ntlmUserRequest.cc b/src/auth/ntlm/ntlmUserRequest.cc index 6f0e107fc1..e16e8af4c6 100644 --- a/src/auth/ntlm/ntlmUserRequest.cc +++ b/src/auth/ntlm/ntlmUserRequest.cc @@ -209,7 +209,6 @@ AuthNTLMUserRequest::authenticate(HttpRequest * aRequest, ConnStateData * conn, auth_state = AUTHENTICATE_STATE_INITIAL; safe_free(client_blob); client_blob=xstrdup(blob); - conn->auth_type = AUTH_NTLM; assert(conn->auth_user_request == NULL); conn->auth_user_request = this; request = aRequest; diff --git a/src/client_side.h b/src/client_side.h index bd4bd02d95..32aafc9f67 100644 --- a/src/client_side.h +++ b/src/client_side.h @@ -33,7 +33,6 @@ #ifndef SQUID_CLIENTSIDE_H #define SQUID_CLIENTSIDE_H -#include "auth/AuthType.h" #include "auth/UserRequest.h" #include "base/AsyncJob.h" #include "BodyPipe.h" @@ -49,7 +48,6 @@ class ClientHttpRequest; class clientStreamNode; class ChunkedCodingParser; class HttpParser; -// class AuthUserRequest::Pointer; template class Range; @@ -172,13 +170,7 @@ public: int64_t bodySizeLeft(); /** - * Is this connection based authentication? if so what type it - * is. - */ - AuthType auth_type; - - /** - * note this is ONLY connection based because NTLM is against HTTP spec. + * note this is ONLY connection based because NTLM and Negotiate is against HTTP spec. * the user details for connection based authentication */ AuthUserRequest::Pointer auth_user_request; -- 2.47.3