Patch file generated Mon May 21 08:24:12 2001 from CVS branch auth_rewrite CVS repository: rbcollins@cvs.squid.sourceforge.net:/cvsroot/squid CVS module: squid Index: squid/src/authenticate.c diff -u squid/src/authenticate.c:1.13 squid/src/authenticate.c:1.1.1.3.12.17.2.41 --- squid/src/authenticate.c:1.13 Fri Mar 9 16:58:00 2001 +++ squid/src/authenticate.c Sun May 20 15:06:49 2001 @@ -155,12 +155,17 @@ debug(29, 4) ("authenticateValidateUser: Auth_user '%p' is broken for it's scheme.\n", auth_user_request->auth_user); return 0; } + if (!auth_user_request->auth_user->scheme_data) { + debug(29, 4) ("authenticateValidateUser: auth_user '%p' has no scheme data\n", auth_user_request->auth_user); + return 0; + } + /* any other sanity checks that we need in the future */ /* Thus should a module call to something like authValidate */ /* finally return ok */ - debug(29, 4) ("authenticateValidateUser: Validated Auth_user request '%p'.\n", auth_user_request); + debug(29, 5) ("authenticateValidateUser: Validated Auth_user request '%p'.\n", auth_user_request); return 1; } @@ -382,7 +414,7 @@ } void -authenticateFixHeader(HttpReply * rep, auth_user_request_t * auth_user_request, request_t * request, int accelerated) +authenticateFixHeader(HttpReply * rep, auth_user_request_t * auth_user_request, request_t * request, int accelerated, int internal) /* send the auth types we are configured to support (and have compiled in!) */ { /* auth_type_t auth_type=err->auth_type; @@ -406,8 +438,8 @@ break; } debug(29, 9) ("authenticateFixHeader: headertype:%d authuser:%p\n", type, auth_user_request); - if ((rep->sline.status == HTTP_PROXY_AUTHENTICATION_REQUIRED) - || (rep->sline.status == HTTP_UNAUTHORIZED)) + if (((rep->sline.status == HTTP_PROXY_AUTHENTICATION_REQUIRED) + || (rep->sline.status == HTTP_UNAUTHORIZED)) && internal) /* this is a authenticate-needed response */ { if ((auth_user_request != NULL) && (auth_user_request->auth_user->auth_module > 0)) @@ -426,6 +458,9 @@ } } } + /* allow protocol specific headers to be _added_ to the existing response - ie + * digest auth + */ if ((auth_user_request != NULL) && (auth_user_request->auth_user->auth_module > 0) && (authscheme_list[auth_user_request->auth_user->auth_module - 1].AddHeader)) authscheme_list[auth_user_request->auth_user->auth_module - 1].AddHeader(auth_user_request, rep, accelerated); Index: squid/src/client_side.c diff -u squid/src/client_side.c:1.28 squid/src/client_side.c:1.1.1.3.4.1.2.30.2.30 --- squid/src/client_side.c:1.28 Fri May 4 06:39:12 2001 +++ squid/src/client_side.c Sun May 20 15:06:49 2001 @@ -311,6 +323,7 @@ new_request->my_port = old_request->my_port; new_request->flags.redirected = 1; new_request->auth_user_request = old_request->auth_user_request; + authenticateAuthUserRequestLock(new_request->auth_user_request); if (old_request->body_connection) { new_request->body_connection = old_request->body_connection; old_request->body_connection = NULL; @@ -1342,7 +1355,7 @@ } /* Handle authentication headers */ if (request->auth_user_request) - authenticateFixHeader(rep, request->auth_user_request, request, http->flags.accel); + authenticateFixHeader(rep, request->auth_user_request, request, http->flags.accel, 0); /* Append X-Cache */ httpHeaderPutStrf(hdr, HDR_X_CACHE, "%s from %s", is_hit ? "HIT" : "MISS", getMyHostname()); Index: squid/src/errorpage.c diff -u squid/src/errorpage.c:1.12 squid/src/errorpage.c:1.1.1.3.10.9.2.14 --- squid/src/errorpage.c:1.12 Fri Apr 13 17:31:02 2001 +++ squid/src/errorpage.c Sun May 20 15:06:50 2001 @@ -282,7 +282,7 @@ * depends on authenticate behaviour: all schemes to date send no extra data * on 407/401 responses, and do not check the accel state on 401/407 responses */ - authenticateFixHeader(rep, err->auth_user_request, err->request, 0); + authenticateFixHeader(rep, err->auth_user_request, err->request, 0, 1); httpReplySwapOut(rep, entry); httpReplyAbsorb(mem->reply, rep); EBIT_CLR(entry->flags, ENTRY_FWD_HDR_WAIT); Index: squid/src/helper.c diff -u squid/src/helper.c:1.10 squid/src/helper.c:1.1.1.3.12.13.2.15 --- squid/src/helper.c:1.10 Fri Apr 13 17:31:02 2001 +++ squid/src/helper.c Sun May 20 15:06:50 2001 @@ -235,6 +235,9 @@ debug(29, 9) ("helperSubmit: %s\n", buf); } +/* lastserver = "server last used as part of a deferred or reserved + * request sequence" + */ void helperStatefulSubmit(statefulhelper * hlp, const char *buf, HLPSCB * callback, void *data, helper_stateful_server * lastserver) { @@ -247,10 +250,13 @@ } r->callback = callback; r->data = data; - if (buf != NULL) + if (buf != NULL) { r->buf = xstrdup(buf); - else + r->placeholder = 0; + } else { + r->buf = NULL; r->placeholder = 1; + } cbdataLock(r->data); if ((buf != NULL) && lastserver) { debug(29, 5) ("StatefulSubmit with lastserver %d\n", lastserver); @@ -987,24 +993,22 @@ debug(29, 9) ("helperStatefulDispatch busying helper %s #%d\n", hlp->id_name, srv->index + 1); if (r->placeholder == 1) { /* a callback is needed before this request can _use_ a helper. */ - if (cbdataValid(r->data)) { - /* we don't care about releasing/deferring this helper. The request NEVER - * gets to the helper. So we throw away the return code */ - r->callback(r->data, srv, NULL); - /* throw away the placeholder */ - helperStatefulRequestFree(r); - /* and push the queue. Note that the callback may have call submit again - - * which is why we test for the request*/ - if (srv->request == NULL) { - if (srv->flags.shutdown) { - comm_close(srv->wfd); - srv->wfd = -1; - } else { - if (srv->queue.head) - helperStatefulServerKickQueue(srv); - else - helperStatefulKickQueue(hlp); - } + /* we don't care about releasing/deferring this helper. The request NEVER + * gets to the helper. So we throw away the return code */ + r->callback(r->data, srv, NULL); + /* throw away the placeholder */ + helperStatefulRequestFree(r); + /* and push the queue. Note that the callback may have submitted a new + * request to the helper which is why we test for the request*/ + if (srv->request == NULL) { + if (srv->flags.shutdown) { + comm_close(srv->wfd); + srv->wfd = -1; + } else { + if (srv->queue.head) + helperStatefulServerKickQueue(srv); + else + helperStatefulKickQueue(hlp); } } return; Index: squid/src/protos.h diff -u squid/src/protos.h:1.27 squid/src/protos.h:1.1.1.3.12.17.2.32 --- squid/src/protos.h:1.27 Tue May 8 08:27:00 2001 +++ squid/src/protos.h Sun May 20 15:06:50 2001 @@ -734,7 +734,7 @@ extern void authenticateSchemeInit(void); extern void authenticateInit(authConfig *); extern void authenticateShutdown(void); -extern void authenticateFixHeader(HttpReply *, auth_user_request_t *, request_t *, int); +extern void authenticateFixHeader(HttpReply *, auth_user_request_t *, request_t *, int, int); extern void authenticateAddTrailer(HttpReply *, auth_user_request_t *, request_t *, int); extern auth_user_request_t *authenticateGetAuthUser(const char *proxy_auth); extern void authenticateAuthenticateUser(auth_user_request_t *, request_t *, ConnStateData *, http_hdr_type); Index: squid/src/auth/basic/helpers/multi-domain-NTLM/README.txt diff -u squid/src/auth/basic/helpers/multi-domain-NTLM/README.txt:1.2 squid/src/auth/basic/helpers/multi-domain-NTLM/README.txt:1.1.2.2 --- squid/src/auth/basic/helpers/multi-domain-NTLM/README.txt:1.2 Sun Jan 7 16:02:38 2001 +++ squid/src/auth/basic/helpers/multi-domain-NTLM/README.txt Sun May 20 15:24:48 2001 @@ -1,5 +1,5 @@ -From: "Chemolli Francesco (USI)" +From: "Francesco Chemolli" Subject: Multiple NT domains authenticator Date: Fri, 7 Jul 2000 15:37:32 +0200 Index: squid/src/auth/basic/helpers/multi-domain-NTLM/smb_auth.pl diff -u squid/src/auth/basic/helpers/multi-domain-NTLM/smb_auth.pl:1.2 squid/src/auth/basic/helpers/multi-domain-NTLM/smb_auth.pl:1.1.2.3 --- squid/src/auth/basic/helpers/multi-domain-NTLM/smb_auth.pl:1.2 Sun Jan 7 16:02:38 2001 +++ squid/src/auth/basic/helpers/multi-domain-NTLM/smb_auth.pl Sun May 20 15:24:48 2001 @@ -1,7 +1,8 @@ #!/usr/bin/perl +# $Id$ #if you define this, debugging output will be printed to STDERR. -$debug=1; +#$debug=1; #to force using some DC for some domains, fill in this hash. #the key is a regexp matched against the domain name @@ -10,13 +11,12 @@ #i.e.: # %controllers = ( "domain" => ["pdc","bdc"]); -#%controllers = ( ".*" => ["tlc5",undef]); +#%controllers = ( ".*" => ["pdcname","bdcname"]); #define this if you wish to use a WINS server. If undefined, broadcast # will be attempted. -$wins_server="c0wins"; +#$wins_server="winsservername"; - # Some servers (at least mine) really really want to be called by address. # If this variable is defined, we'll ask nmblookup to do a reverse DNS on the # DC addresses. It might fail though, for instance because you have a crappy @@ -36,6 +36,7 @@ # %pdc used to cache the domain -> pdc_ip values. IT NEVER EXPIRES! +$|=1; while (<>) { if (! m;([^\\]+)(\\|/)(\S+)\s(.*); ) { #parse the line print "ERR\n"; Index: squid/src/auth/ntlm/auth_ntlm.c diff -u squid/src/auth/ntlm/auth_ntlm.c:1.9 squid/src/auth/ntlm/auth_ntlm.c:1.1.2.41 --- squid/src/auth/ntlm/auth_ntlm.c:1.9 Fri Mar 9 16:58:00 2001 +++ squid/src/auth/ntlm/auth_ntlm.c Sun May 20 15:24:48 2001 @@ -180,6 +180,16 @@ } else { debug(28, 0) ("unrecognised ntlm auth scheme parameter '%s'\n", param_str); } + /* disable client side request pipelining. There is a race with NTLM when the client + * sends a second request on an NTLM connection before the authenticate challenge is + * sent. + * With this patch, the client may fail to authenticate, but squid's state will be + * preserved. + * Caveats: this should be a post-parse test, but that can wait for the modular + * parser to be integrated. + */ + if (ntlmConfig->authenticate) + Config.onoff.pipeline_prefetch=0; }