]>
Commit | Line | Data |
---|---|---|
1 | Index: squid/src/auth/ntlm/auth_ntlm.c | |
2 | diff -c squid/src/auth/ntlm/auth_ntlm.c:1.17.2.12 squid/src/auth/ntlm/auth_ntlm.c:1.17.2.13 | |
3 | *** squid/src/auth/ntlm/auth_ntlm.c:1.17.2.12 Sat Apr 17 19:29:52 2004 | |
4 | --- squid/src/auth/ntlm/auth_ntlm.c Sat Jul 17 10:05:53 2004 | |
5 | *************** | |
6 | *** 87,95 **** | |
7 | static MemPool *ntlm_helper_state_pool = NULL; | |
8 | static MemPool *ntlm_user_pool = NULL; | |
9 | static MemPool *ntlm_request_pool = NULL; | |
10 | static auth_ntlm_config *ntlmConfig = NULL; | |
11 | ||
12 | ! static hash_table *proxy_auth_cache = NULL; | |
13 | ||
14 | /* | |
15 | * | |
16 | --- 87,96 ---- | |
17 | static MemPool *ntlm_helper_state_pool = NULL; | |
18 | static MemPool *ntlm_user_pool = NULL; | |
19 | static MemPool *ntlm_request_pool = NULL; | |
20 | + static MemPool *ntlm_challenge_pool = NULL; | |
21 | static auth_ntlm_config *ntlmConfig = NULL; | |
22 | ||
23 | ! static hash_table *ntlm_challenge_cache = NULL; | |
24 | ||
25 | /* | |
26 | * | |
27 | *************** | |
28 | *** 249,257 **** | |
29 | if (ntlmauthenticators == NULL) | |
30 | ntlmauthenticators = helperStatefulCreate("ntlmauthenticator"); | |
31 | if (ntlmConfig->challengeuses) { | |
32 | ! if (!proxy_auth_cache) | |
33 | ! proxy_auth_cache = hash_create((HASHCMP *) strcmp, 7921, hash_string); | |
34 | ! assert(proxy_auth_cache); | |
35 | } | |
36 | ntlmauthenticators->cmdline = ntlmConfig->authenticate; | |
37 | ntlmauthenticators->n_to_start = ntlmConfig->authenticateChildren; | |
38 | --- 250,259 ---- | |
39 | if (ntlmauthenticators == NULL) | |
40 | ntlmauthenticators = helperStatefulCreate("ntlmauthenticator"); | |
41 | if (ntlmConfig->challengeuses) { | |
42 | ! if (!ntlm_challenge_cache) | |
43 | ! ntlm_challenge_cache = hash_create((HASHCMP *) strcmp, 7921, hash_string); | |
44 | ! if (!ntlm_challenge_pool) | |
45 | ! ntlm_challenge_pool = memPoolCreate("NTLM Challenge Cache", sizeof(ntlm_challenge_hash_pointer)); | |
46 | } | |
47 | ntlmauthenticators->cmdline = ntlmConfig->authenticate; | |
48 | ntlmauthenticators->n_to_start = ntlmConfig->authenticateChildren; | |
49 | *************** | |
50 | *** 393,420 **** | |
51 | auth_user_request->scheme_data = NULL; | |
52 | } | |
53 | ||
54 | static void | |
55 | authenticateNTLMFreeUser(auth_user_t * auth_user) | |
56 | { | |
57 | - dlink_node *link, *tmplink; | |
58 | ntlm_user_t *ntlm_user = auth_user->scheme_data; | |
59 | - auth_user_hash_pointer *proxy_auth_hash; | |
60 | ||
61 | debug(29, 5) ("authenticateNTLMFreeUser: Clearing NTLM scheme data\n"); | |
62 | if (ntlm_user->username) | |
63 | xfree(ntlm_user->username); | |
64 | /* were they linked in by one or more proxy-authenticate headers */ | |
65 | ! link = ntlm_user->proxy_auth_list.head; | |
66 | ! while (link) { | |
67 | ! debug(29, 9) ("authenticateFreeProxyAuthUser: removing proxy_auth hash entry '%p'\n", link->data); | |
68 | ! proxy_auth_hash = link->data; | |
69 | ! tmplink = link; | |
70 | ! link = link->next; | |
71 | ! dlinkDelete(tmplink, &ntlm_user->proxy_auth_list); | |
72 | ! hash_remove_link(proxy_auth_cache, (hash_link *) proxy_auth_hash); | |
73 | ! /* free the key (usually the proxy_auth header) */ | |
74 | ! xfree(proxy_auth_hash->key); | |
75 | ! memFree(proxy_auth_hash, MEM_AUTH_USER_HASH); | |
76 | } | |
77 | memPoolFree(ntlm_user_pool, ntlm_user); | |
78 | auth_user->scheme_data = NULL; | |
79 | --- 395,413 ---- | |
80 | auth_user_request->scheme_data = NULL; | |
81 | } | |
82 | ||
83 | + static void authenticateNTLMChallengeCacheRemoveLink(ntlm_challenge_hash_pointer * challenge_hash); | |
84 | + | |
85 | static void | |
86 | authenticateNTLMFreeUser(auth_user_t * auth_user) | |
87 | { | |
88 | ntlm_user_t *ntlm_user = auth_user->scheme_data; | |
89 | ||
90 | debug(29, 5) ("authenticateNTLMFreeUser: Clearing NTLM scheme data\n"); | |
91 | if (ntlm_user->username) | |
92 | xfree(ntlm_user->username); | |
93 | /* were they linked in by one or more proxy-authenticate headers */ | |
94 | ! while (ntlm_user->challenge_list.head) { | |
95 | ! authenticateNTLMChallengeCacheRemoveLink(ntlm_user->challenge_list.head->data); | |
96 | } | |
97 | memPoolFree(ntlm_user_pool, ntlm_user); | |
98 | auth_user->scheme_data = NULL; | |
99 | *************** | |
100 | *** 792,797 **** | |
101 | --- 785,793 ---- | |
102 | statedata->renewed = 0; | |
103 | xfree(statedata->challenge); | |
104 | statedata->challenge = NULL; | |
105 | + while (statedata->user_list.head) { | |
106 | + authenticateNTLMChallengeCacheRemoveLink(statedata->user_list.head->data); | |
107 | + } | |
108 | } | |
109 | } | |
110 | ||
111 | *************** | |
112 | *** 880,903 **** | |
113 | * Check for this and if found ignore the new link | |
114 | */ | |
115 | static void | |
116 | ! authenticateProxyAuthCacheAddLink(const char *key, auth_user_t * auth_user) | |
117 | { | |
118 | ! auth_user_hash_pointer *proxy_auth_hash; | |
119 | ! dlink_node *node; | |
120 | ntlm_user_t *ntlm_user; | |
121 | ntlm_user = auth_user->scheme_data; | |
122 | - node = ntlm_user->proxy_auth_list.head; | |
123 | /* prevent duplicates */ | |
124 | ! while (node) { | |
125 | ! if (!strcmp(key, ((auth_user_hash_pointer *) node->data)->key)) | |
126 | ! return; | |
127 | ! node = node->next; | |
128 | ! } | |
129 | ! proxy_auth_hash = memAllocate(MEM_AUTH_USER_HASH); | |
130 | ! proxy_auth_hash->key = xstrdup(key); | |
131 | ! proxy_auth_hash->auth_user = auth_user; | |
132 | ! dlinkAddTail(proxy_auth_hash, &proxy_auth_hash->link, &ntlm_user->proxy_auth_list); | |
133 | ! hash_join(proxy_auth_cache, (hash_link *) proxy_auth_hash); | |
134 | } | |
135 | ||
136 | ||
137 | --- 876,909 ---- | |
138 | * Check for this and if found ignore the new link | |
139 | */ | |
140 | static void | |
141 | ! authenticateNTLMChallengeCacheAddLink(const char *key, auth_user_t * auth_user, helper_stateful_server * auth_server) | |
142 | { | |
143 | ! ntlm_challenge_hash_pointer *challenge_hash; | |
144 | ntlm_user_t *ntlm_user; | |
145 | + ntlm_helper_state_t *helperstate = helperStatefulServerGetData(auth_server); | |
146 | ntlm_user = auth_user->scheme_data; | |
147 | /* prevent duplicates */ | |
148 | ! if (hash_lookup(ntlm_challenge_cache, key)) | |
149 | ! return; | |
150 | ! challenge_hash = memPoolAlloc(ntlm_challenge_pool); | |
151 | ! challenge_hash->key = xstrdup(key); | |
152 | ! challenge_hash->user.auth_user = auth_user; | |
153 | ! dlinkAddTail(challenge_hash, &challenge_hash->user.link, &ntlm_user->challenge_list); | |
154 | ! challenge_hash->challenge.authserver = auth_server; | |
155 | ! dlinkAddTail(challenge_hash, &challenge_hash->challenge.link, &helperstate->user_list); | |
156 | ! hash_join(ntlm_challenge_cache, (hash_link *) challenge_hash); | |
157 | ! } | |
158 | ! | |
159 | ! static void | |
160 | ! authenticateNTLMChallengeCacheRemoveLink(ntlm_challenge_hash_pointer * challenge_hash) | |
161 | ! { | |
162 | ! ntlm_user_t *ntlm_user = challenge_hash->user.auth_user->scheme_data; | |
163 | ! ntlm_helper_state_t *helperstate = helperStatefulServerGetData(challenge_hash->challenge.authserver); | |
164 | ! hash_remove_link(ntlm_challenge_cache, (hash_link *) challenge_hash); | |
165 | ! dlinkDelete(&challenge_hash->user.link, &ntlm_user->challenge_list); | |
166 | ! dlinkDelete(&challenge_hash->challenge.link, &helperstate->user_list); | |
167 | ! xfree(challenge_hash->key); | |
168 | ! memPoolFree(ntlm_challenge_pool, challenge_hash); | |
169 | } | |
170 | ||
171 | ||
172 | *************** | |
173 | *** 915,921 **** | |
174 | authenticateNTLMAuthenticateUser(auth_user_request_t * auth_user_request, request_t * request, ConnStateData * conn, http_hdr_type type) | |
175 | { | |
176 | const char *proxy_auth; | |
177 | ! auth_user_hash_pointer *usernamehash, *proxy_auth_hash = NULL; | |
178 | auth_user_t *auth_user; | |
179 | ntlm_request_t *ntlm_request; | |
180 | ntlm_user_t *ntlm_user; | |
181 | --- 921,928 ---- | |
182 | authenticateNTLMAuthenticateUser(auth_user_request_t * auth_user_request, request_t * request, ConnStateData * conn, http_hdr_type type) | |
183 | { | |
184 | const char *proxy_auth; | |
185 | ! auth_user_hash_pointer *usernamehash; | |
186 | ! ntlm_challenge_hash_pointer *challenge_hash = NULL; | |
187 | auth_user_t *auth_user; | |
188 | ntlm_request_t *ntlm_request; | |
189 | ntlm_user_t *ntlm_user; | |
190 | *************** | |
191 | *** 982,990 **** | |
192 | ntlm_request->authchallenge); | |
193 | /* see if we already know this user's authenticate */ | |
194 | debug(29, 9) ("aclMatchProxyAuth: cache lookup with key '%s'\n", ntlmhash); | |
195 | ! assert(proxy_auth_cache != NULL); | |
196 | ! proxy_auth_hash = hash_lookup(proxy_auth_cache, ntlmhash); | |
197 | ! if (!proxy_auth_hash) { /* not in the hash table */ | |
198 | debug(29, 4) ("authenticateNTLMAuthenticateUser: proxy-auth cache miss.\n"); | |
199 | ntlm_request->auth_state = AUTHENTICATE_STATE_RESPONSE; | |
200 | /* verify with the ntlm helper */ | |
201 | --- 989,997 ---- | |
202 | ntlm_request->authchallenge); | |
203 | /* see if we already know this user's authenticate */ | |
204 | debug(29, 9) ("aclMatchProxyAuth: cache lookup with key '%s'\n", ntlmhash); | |
205 | ! assert(ntlm_challenge_cache != NULL); | |
206 | ! challenge_hash = hash_lookup(ntlm_challenge_cache, ntlmhash); | |
207 | ! if (!challenge_hash) { /* not in the hash table */ | |
208 | debug(29, 4) ("authenticateNTLMAuthenticateUser: proxy-auth cache miss.\n"); | |
209 | ntlm_request->auth_state = AUTHENTICATE_STATE_RESPONSE; | |
210 | /* verify with the ntlm helper */ | |
211 | *************** | |
212 | *** 993,1000 **** | |
213 | /* throw away the temporary entry */ | |
214 | ntlm_request->authserver_deferred = 0; | |
215 | authenticateNTLMReleaseServer(ntlm_request); | |
216 | ! authenticateAuthUserMerge(auth_user, proxy_auth_hash->auth_user); | |
217 | ! auth_user = proxy_auth_hash->auth_user; | |
218 | auth_user_request->auth_user = auth_user; | |
219 | ntlm_request->auth_state = AUTHENTICATE_STATE_DONE; | |
220 | /* we found one */ | |
221 | --- 1000,1007 ---- | |
222 | /* throw away the temporary entry */ | |
223 | ntlm_request->authserver_deferred = 0; | |
224 | authenticateNTLMReleaseServer(ntlm_request); | |
225 | ! authenticateAuthUserMerge(auth_user, challenge_hash->user.auth_user); | |
226 | ! auth_user = challenge_hash->user.auth_user; | |
227 | auth_user_request->auth_user = auth_user; | |
228 | ntlm_request->auth_state = AUTHENTICATE_STATE_DONE; | |
229 | /* we found one */ | |
230 | *************** | |
231 | *** 1026,1035 **** | |
232 | usernamehash = usernamehash->next; | |
233 | } | |
234 | if (usernamehash) { | |
235 | - /* | |
236 | - * add another link from the new proxy_auth to the | |
237 | - * auth_user structure and update the information */ | |
238 | - assert(proxy_auth_hash == NULL); | |
239 | /* we can't seamlessly recheck the username due to the | |
240 | * challenge nature of the protocol. Just free the | |
241 | * temporary auth_user */ | |
242 | --- 1033,1038 ---- | |
243 | *************** | |
244 | *** 1045,1051 **** | |
245 | snprintf(ntlmhash, sizeof(ntlmhash) - 1, "%s%s", | |
246 | ntlm_request->ntlmauthenticate, | |
247 | ntlm_request->authchallenge); | |
248 | ! authenticateProxyAuthCacheAddLink(ntlmhash, auth_user); | |
249 | } | |
250 | /* set these to now because this is either a new login from an | |
251 | * existing user or a new user */ | |
252 | --- 1048,1054 ---- | |
253 | snprintf(ntlmhash, sizeof(ntlmhash) - 1, "%s%s", | |
254 | ntlm_request->ntlmauthenticate, | |
255 | ntlm_request->authchallenge); | |
256 | ! authenticateNTLMChallengeCacheAddLink(ntlmhash, auth_user, ntlm_request->authserver); | |
257 | } | |
258 | /* set these to now because this is either a new login from an | |
259 | * existing user or a new user */ | |
260 | Index: squid/src/auth/ntlm/auth_ntlm.h | |
261 | diff -c squid/src/auth/ntlm/auth_ntlm.h:1.7.2.1 squid/src/auth/ntlm/auth_ntlm.h:1.7.2.2 | |
262 | *** squid/src/auth/ntlm/auth_ntlm.h:1.7.2.1 Wed Feb 4 10:42:36 2004 | |
263 | --- squid/src/auth/ntlm/auth_ntlm.h Sat Jul 17 10:05:53 2004 | |
264 | *************** | |
265 | *** 27,35 **** | |
266 | struct _ntlm_user { | |
267 | /* what username did this connection get? */ | |
268 | char *username; | |
269 | ! dlink_list proxy_auth_list; | |
270 | }; | |
271 | ||
272 | struct _ntlm_request { | |
273 | /* what negotiate string did the client use? */ | |
274 | char *ntlmnegotiate; | |
275 | --- 27,50 ---- | |
276 | struct _ntlm_user { | |
277 | /* what username did this connection get? */ | |
278 | char *username; | |
279 | ! dlink_list challenge_list; | |
280 | }; | |
281 | ||
282 | + struct _ntlm_challenge_hash_pointer { | |
283 | + /* first two items must be same as hash_link */ | |
284 | + char *key; | |
285 | + auth_user_hash_pointer *next; | |
286 | + struct { | |
287 | + auth_user_t *auth_user; | |
288 | + dlink_node link; /* other hash entries that point to the same auth_user */ | |
289 | + } user; | |
290 | + struct { | |
291 | + helper_stateful_server *authserver; | |
292 | + dlink_node link; /* other hash entries that point to the same challenge */ | |
293 | + } challenge; | |
294 | + }; | |
295 | + | |
296 | + | |
297 | struct _ntlm_request { | |
298 | /* what negotiate string did the client use? */ | |
299 | char *ntlmnegotiate; | |
300 | *************** | |
301 | *** 52,57 **** | |
302 | --- 67,73 ---- | |
303 | int starve; /* 0= normal operation. 1=don't hand out any more challenges */ | |
304 | int challengeuses; /* the number of times this challenge has been issued */ | |
305 | time_t renewed; | |
306 | + dlink_list user_list; /* ntlm_challenge_hash_pointer list referring to this challenge */ | |
307 | }; | |
308 | ||
309 | /* configuration runtime data */ | |
310 | *************** | |
311 | *** 67,72 **** | |
312 | --- 83,89 ---- | |
313 | typedef struct _ntlm_request ntlm_request_t; | |
314 | typedef struct _ntlm_helper_state_t ntlm_helper_state_t; | |
315 | typedef struct _auth_ntlm_config auth_ntlm_config; | |
316 | + typedef struct _ntlm_challenge_hash_pointer ntlm_challenge_hash_pointer; | |
317 | ||
318 | extern MemPool *ntlm_helper_state_pool; | |
319 | extern MemPool *ntlm_user_pool; |