Hi Robert,
I am looking into fixing some of the rough edges of Digest
authentication (see Bug #630 for details) and as part of this I had
to make a small modification in the auth framework to be able to
indicate stale digest nonce.
My question to you is if there is any ill effects from doing this:
in authenticateAuthenticated()
switch (authenticateDirection(*auth_user_request)) {
case 1:
+ if (!request->auth_user_request) {
+ /* lock the user for the request structure link */
+ authenticateAuthUserRequestLock(*auth_user_request);
+ request->auth_user_request = *auth_user_request;
+ }
+ /* fallthrough to -2 */
case -2:
/* this ACL check is finished. Unlock. */
authenticateAuthUserRequestUnlock(*auth_user_request);
The purpose of this is to have the auth_user_request sent to the
header fixup when the authentication scheme indicated a new challenge
has to be sent.
From what I can tell this should not affect NTLM authentication as it
should en up as the same as conn->auth_user_request and probably is
what is expected, but the exact details of this relation is a bit
unclear to me and without a test environment available I cannot
verify.
Basic auth does not use the auth_user_request in header fixup and
should not notice at all.
-- Donations welcome if you consider my Free Squid support helpful. https://www.paypal.com/xclick/business=hno%40squid-cache.org If you need commercial Squid support or cost effective Squid or firewall appliances please refer to MARA Systems AB, Sweden http://www.marasystems.com/, info@marasystems.comReceived on Sun May 18 2003 - 12:12:14 MDT
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:19:56 MST